Respond to new ALM obligations
Identify the key compliance changes for scope, subjects and operations
Facilitate the design and execution of compliance checks on payment methods and the use of virtual currencies
Evaluate gaps in processes to update controls and procedures
Consider the impact on corporate criminal liability using the new ISOs 37301 and 37002
Register virtual asset service providers
Assess new compliance and operational risks
Identify scenarios of risks and vulnerabilities on new crime typologies
Prevent risks of anonymous transfers and the use of prepaid cards
Manage risks on high value operations and art trade
Integrate risks to know your customer and money laundering
Detect and report suspected operations
Compare control practices regarding new requirements
Update the decision matrices on alerts
Adjust customer due diligence process
Implement the use of the lists of politically exposed persons
Report discrepancies with the public register of effective owners
Implementation of new technologies
Evaluate the prerequisites regarding quality of data and capabilities for compliance solutions
Evaluate solutions to automate and digitize processes related to robotics
Use machine learning applications for reporting suspicious transactions
Recommend practices for implementing analytics solutions on text and data
Risk Beyond Acquiring: Merchant Risk Across FinTechGeo Coelho
In our Vendor Spotlight at MAC 2016, Jose Caldera, IdentityMind VP of Marketing & Product, presented a collection of use cases and examples of how IdentityMind clients are applying our platform for merchant risk, fraud prevention, anti-money laundering, and terrorist financing prevention.
The session provided a great introduction to the benefits of our platform, and we've provided a synopsis of it here for those who missed the session, or were curious for more information.
A "back to basics" presentation of the fundamental anti-money laundering laws, including the Anti-Money Laundering Act of 2020 and the Bank Secrecy Act.
Basics of Anti-Money Laundering : A Really Quick Primer
What is Money Laundering?
The act of concealing or disguising (laundering) of funds obtained through illegal activity
so that they appear to have been generated through legal, legitimate sources.
How is it Carried Out?
Shell companies, intermediaries and money transmitters usually transfer these funds around the world Banks and other financial institutions are the chosen medium for laundering these illegal funds
AML Regulations:
The Bank Secrecy Act is the most important Anti-Money Laundering (AML) regulation
The BSA requires financial institutions to:
Keep records of cash purchases of negotiable instruments
File reports of cash transactions exceeding $10,000 (daily aggregate amount)
Report suspicious activity that might signify money laundering, tax evasion, or other criminal activities
Implement a written, board-approved compliance monitoring program
The USA Patriot Act
Expands AML requirements to all financial institutions
Augments existing BSA framework
AML Best Practices:
In order to combat money laundering, banks should implement the following best practices:
Customer Identification Program (CIP)
Customer Due Diligence (CDD) Program
Bank Secrecy Act/Anti-Money Laundering Risk Assessment
Identification and Reporting of Suspicious Activity
Want to learn more about anti-money laundering process and best practices? ComplianceOnline webinars and seminars are a great training resource. Check out the following links:
http://www.complianceonline.com/anti-money-laundering-aml-compliance-program-seminar-training-80114SEM-prdsm?channel=amlppt
http://www.complianceonline.com/bsa-aml-ofac-risk-assessments-regulatory-requirements-seminar-training-80181SEM-prdsm?channel=ppt
http://www.complianceonline.com/bsa-aml-compliance-reporting-requirements-webinar-training-703352-prdw?channel=amlppt
http://www.complianceonline.com/bsa-aml-compliance-checklists-webinar-training-703178-prdw?channel=amlppt
http://www.complianceonline.com/bsa-aml-ofac-risk-assessments-and-evaluation-compliance-program-webinar-training-703493-prdw?channel=amlppt
http://www.complianceonline.com/best-practices-for-developing-risk-models-for-aml-bsa-monitoring-webinar-training-703628-prdw?channel=amlppt
Risk Beyond Acquiring: Merchant Risk Across FinTechGeo Coelho
In our Vendor Spotlight at MAC 2016, Jose Caldera, IdentityMind VP of Marketing & Product, presented a collection of use cases and examples of how IdentityMind clients are applying our platform for merchant risk, fraud prevention, anti-money laundering, and terrorist financing prevention.
The session provided a great introduction to the benefits of our platform, and we've provided a synopsis of it here for those who missed the session, or were curious for more information.
A "back to basics" presentation of the fundamental anti-money laundering laws, including the Anti-Money Laundering Act of 2020 and the Bank Secrecy Act.
Basics of Anti-Money Laundering : A Really Quick Primer
What is Money Laundering?
The act of concealing or disguising (laundering) of funds obtained through illegal activity
so that they appear to have been generated through legal, legitimate sources.
How is it Carried Out?
Shell companies, intermediaries and money transmitters usually transfer these funds around the world Banks and other financial institutions are the chosen medium for laundering these illegal funds
AML Regulations:
The Bank Secrecy Act is the most important Anti-Money Laundering (AML) regulation
The BSA requires financial institutions to:
Keep records of cash purchases of negotiable instruments
File reports of cash transactions exceeding $10,000 (daily aggregate amount)
Report suspicious activity that might signify money laundering, tax evasion, or other criminal activities
Implement a written, board-approved compliance monitoring program
The USA Patriot Act
Expands AML requirements to all financial institutions
Augments existing BSA framework
AML Best Practices:
In order to combat money laundering, banks should implement the following best practices:
Customer Identification Program (CIP)
Customer Due Diligence (CDD) Program
Bank Secrecy Act/Anti-Money Laundering Risk Assessment
Identification and Reporting of Suspicious Activity
Want to learn more about anti-money laundering process and best practices? ComplianceOnline webinars and seminars are a great training resource. Check out the following links:
http://www.complianceonline.com/anti-money-laundering-aml-compliance-program-seminar-training-80114SEM-prdsm?channel=amlppt
http://www.complianceonline.com/bsa-aml-ofac-risk-assessments-regulatory-requirements-seminar-training-80181SEM-prdsm?channel=ppt
http://www.complianceonline.com/bsa-aml-compliance-reporting-requirements-webinar-training-703352-prdw?channel=amlppt
http://www.complianceonline.com/bsa-aml-compliance-checklists-webinar-training-703178-prdw?channel=amlppt
http://www.complianceonline.com/bsa-aml-ofac-risk-assessments-and-evaluation-compliance-program-webinar-training-703493-prdw?channel=amlppt
http://www.complianceonline.com/best-practices-for-developing-risk-models-for-aml-bsa-monitoring-webinar-training-703628-prdw?channel=amlppt
1CYBER CRIMEChapter 5Objectives· Understand the differen.docxjesusamckone
1
CYBER CRIME
Chapter 5
Objectives
· Understand the difference between identity theft and identity fraud
· Explore the five types of identity theft/fraud
· Discuss the virtual and Internet methods in which computer criminals steal identities
· Develop a knowledge of the crimes committed due to identity theft
Details
I. Identity Theft: Illegal use or transfer of an individual’s personal identification
information.
Identity Fraud: Illegal activities based on the fraudulent use of identifying information of a real or fictitious person.
· Creation of fictitious identity by using a “breeder” document(fictitious or stolen identifiers)
· Used by criminals to create additional lines of credit and separate bank accounts
· Used by terrorists to conceal their own identity, hide from authorities or gain access to sensitive information
Types of Identity Theft/Fraud
· Assumption of Identity: individual assumes the identity of their victim, including all aspects of the victim’s lives
· Rarest form of identity theft/fraud
· Theft for Employment or Border Entry: Fraudulent use of stolen or fictitious personal information to obtain employment or gain entry into US
· Alien Registration Cards
· Nonimmigrant Visas
· Passports and Citizenship Documents
· Border Crossing Cards
· Virtual Identity Theft/Fraud: Use of personal, professional, or other dimensions of identity toward creating a fraudulent virtual personality
· On-line dating
· Role playing
· Accessing deviant sites or locations containing questionable content
· Extra Marital Affairs
· Use for harassment or stalking
· Criminals may use to deceive others to reveal personal information or solicit a criminal act
· Credit Identity Theft/Fraud: Use of stolen personal and financial information to facilitate the creation of fraudulent accounts. It requires the affirmative act of securing additional credit.
· Criminals use to create additional sources of revenue through the establishment of multiple accounts
· FTC (2011) reported 60% of all identity theft victims stated their personal information was used to open new accounts, transfer funds, or commit tax/wage related fraud
II. Scope and Victimology
· Developing crime statistics for Identity Theft/Fraud has been difficult
· Lack of reporting by the public
· Lack of reporting by police to federal agencies
· Jurisdictional discrepancies in crime measurement
· Selective enforcement based on community standards and department resources
· First comprehensive study conducted by Government Accounting Office (2002)
· Identity Theft was dramatically increasing
· Calls to the Identity Theft Clearinghouse increased over 500% in two years
· Losses incurred by MasterCard and Visa increased by 43%
· No significant loss of consumer confidence as online shopping increased
· Number-one consumer complaint to the Federal Trade Commission (FTC)
· FTC Study (2004): 15 million Americans victimized in 2003.
· Total annual cost to individu.
1CYBER CRIMEChapter 5Objectives· Understand the differen.docxherminaprocter
1
CYBER CRIME
Chapter 5
Objectives
· Understand the difference between identity theft and identity fraud
· Explore the five types of identity theft/fraud
· Discuss the virtual and Internet methods in which computer criminals steal identities
· Develop a knowledge of the crimes committed due to identity theft
Details
I. Identity Theft: Illegal use or transfer of an individual’s personal identification
information.
Identity Fraud: Illegal activities based on the fraudulent use of identifying information of a real or fictitious person.
· Creation of fictitious identity by using a “breeder” document(fictitious or stolen identifiers)
· Used by criminals to create additional lines of credit and separate bank accounts
· Used by terrorists to conceal their own identity, hide from authorities or gain access to sensitive information
Types of Identity Theft/Fraud
· Assumption of Identity: individual assumes the identity of their victim, including all aspects of the victim’s lives
· Rarest form of identity theft/fraud
· Theft for Employment or Border Entry: Fraudulent use of stolen or fictitious personal information to obtain employment or gain entry into US
· Alien Registration Cards
· Nonimmigrant Visas
· Passports and Citizenship Documents
· Border Crossing Cards
· Virtual Identity Theft/Fraud: Use of personal, professional, or other dimensions of identity toward creating a fraudulent virtual personality
· On-line dating
· Role playing
· Accessing deviant sites or locations containing questionable content
· Extra Marital Affairs
· Use for harassment or stalking
· Criminals may use to deceive others to reveal personal information or solicit a criminal act
· Credit Identity Theft/Fraud: Use of stolen personal and financial information to facilitate the creation of fraudulent accounts. It requires the affirmative act of securing additional credit.
· Criminals use to create additional sources of revenue through the establishment of multiple accounts
· FTC (2011) reported 60% of all identity theft victims stated their personal information was used to open new accounts, transfer funds, or commit tax/wage related fraud
II. Scope and Victimology
· Developing crime statistics for Identity Theft/Fraud has been difficult
· Lack of reporting by the public
· Lack of reporting by police to federal agencies
· Jurisdictional discrepancies in crime measurement
· Selective enforcement based on community standards and department resources
· First comprehensive study conducted by Government Accounting Office (2002)
· Identity Theft was dramatically increasing
· Calls to the Identity Theft Clearinghouse increased over 500% in two years
· Losses incurred by MasterCard and Visa increased by 43%
· No significant loss of consumer confidence as online shopping increased
· Number-one consumer complaint to the Federal Trade Commission (FTC)
· FTC Study (2004): 15 million Americans victimized in 2003.
· Total annual cost to individu.
How the UK's #1 Mobile Network Enhanced Its Approval Rate by 10%, with Zero F...Vesta Corporation
As digital payments continue to increase in popularity, businesses across the globe are looking for ways to increase approvals of these transactions while preventing fraud and delivering a seamless payment experience for their customers.
EE, the largest mobile network in the UK, understands how difficult it is to strike the perfect balance between these three key pillars of e-commerce, so they selected Vesta to manage their card-not-present top-up services. Thanks to Vesta's advanced approval enhancement and fraud prevention technology, EE increased its card not present approval rate by over 10% with zero fraud liability.
Vesta also worked within the 3D Secure Framework with 2-Factor Authentication to deploy a proprietary orchestration layer that reduced 3D Secure challenges by 30% while ensuring a frictionless payment experience for EE's customers.
Explore our students' project on detecting credit card fraud using advanced analytics techniques. This project utilizes machine learning algorithms to analyze transaction data and identify fraudulent patterns, offering valuable insights for financial institutions. Gain insights into fraud detection strategies and the impact of technology on financial security. To learn more, do check out https://bostoninstituteofanalytics.org/data-science-and-artificial-intelligence/.
What is Social KYC?
We generate large amounts of data about ourselves online every single day. All of this activity, when analysed as a whole, builds up a very deep and unique digital footprint — something that’s exceedingly difficult for someone to steal or fake convincingly.
Social KYC harnesses this data and uses it to establish a person’s identity — on a consent driven basis, of course. Using algorithms to analyse and corroborate various data attributes across multiple online accounts it is possible to quickly establish the likelihood of a person being:
- real
- who they claim to be (including various demographic data related thereto)
- a legitimate potential user (rather than a fraudster trying to access your platform with malicious intent)
We’re all used to Single Sign On – using an existing social media account to sign up to a new service — and Social KYC is an extension of this. As all you’re doing is asking a user to log in to a variety of their online accounts to prove who they are, it makes for a far more fluid sign up experience which in turn will encourage more users onto your platform.
Abu Dhabi - 5th Annual Financial Crimes ConferenceJuan Llanos
This pioneering seminar attempted to elucidate the rise, purpose, operational intricacies, societal benefits and multiple risks of Bitcoin and the emerging breed of alternative digital currencies. For the first time in history, Bitcoin allows individual consumers to make payments and move funds securely, completely outside of the traditional financial system. In recent months, there has been a lot of hype about the risk of virtual currencies, but not much explanation about how they work and what the real risks and also societal benefits are. In this session, regulators, executives and risk managers had the opportunity to learn how Bitcoin and other digital currencies work, what the true risks are and what can be done to both manage the risks and exploit the opportunities.
Anyone conducting online transactions runs a risk of being defrauded. This article outlines specific things you can look out for and steps you can take to minimize that risk.
B12: AMLO | FinTech Situation in Thailand and Offshore and Money Laundering R...Kullarat Phongsathaporn
"AMLO Seminar and Workshop regarding new types of financial transactions: FinTech and Financial Inclusion" by AMLO, Panelist for "FinTech Situation in Thailand and Offshore and Money Laundering Risks" (4 Jul 2019)
This is from the Atlanta eCommerce Summit June 3-4, 2009 where Markus Kroeger Managing Director of MoneyBookers shared strategies to protect against fraud and payment risk online. Find out more about eCommerce Merchants at http://www.ecmta.org
Overview of the potential risks and challenges associated with the development and deployment of AI systems, as well as the recommended controls and best practices to mitigate them. The presentation covers the following topics:
Design risks: These are the risks related to the design and specification of the AI system, such as lack of clarity, alignment, or validation of the objectives, assumptions, or constraints of the system. Some of the factors that contribute to these risks are:
Inadequate or ambiguous problem definition
Unrealistic or conflicting expectations or requirements
Insufficient or inappropriate testing or evaluation methods
Lack of transparency or explainability of the system’s logic or behavior
Some of the recommended controls for these risks are:
Define the problem and the scope of the system clearly and explicitly
Involve relevant stakeholders and experts in the design process
Use appropriate methods and metrics to test and evaluate the system’s performance and robustness
Document and communicate the system’s objectives, assumptions, limitations, and uncertainties
Provide mechanisms to explain or justify the system’s outputs or decisions
Data risks: These are the risks related to the data used to train, test, or operate the AI system, such as data quality, availability, security, or privacy issues. Some of the factors that contribute to these risks are:
Incomplete, inaccurate, or outdated data
Biased, unrepresentative, or irrelevant data
Unauthorized access, modification, or disclosure of data
Violation of data protection laws or ethical principles
Some of the recommended controls for these risks are:
Collect, store, and manage data in a secure and compliant manner
Ensure data quality, validity, and reliability through data cleaning, verification, and auditing
Ensure data diversity, representativeness, and relevance through data sampling, augmentation, and analysis
Protect data privacy and confidentiality through data anonymization, encryption, or aggregation
Respect data rights and consent of data subjects and providers
Operation risks: These are the risks related to the operation and maintenance of the AI system, such as system failure, malfunction, or misuse. Some of the factors that contribute to these risks are:
Hardware or software errors or defects
Environmental or contextual changes or uncertainties
Adversarial or malicious attacks or manipulations
Unintended or harmful consequences or impacts
Some of the recommended controls for these risks are:
Monitor and update the system regularly and proactively
Adapt and calibrate the system to changing or uncertain conditions or scenarios
Detect and prevent potential threats or vulnerabilities
Asociacion Profesionistas de Compliance - Initiatives to Reduce the Cost of C...Hernan Huwyler, MBA CPA
Prof. Hernan Huwyler's slideshare discusses in detail five key actions that organizations can take to reduce compliance costs. These actions are designed to help organizations increase their compliance efficiency, reduce compliance risks, and lower compliance costs.
The first action proposed by Prof. Hernan Huwyler is to designate local managers as compliance representatives in business units. This helps to amplify control while reducing the compliance function's structure. By designating local managers as compliance representatives, organizations can have a more effective compliance structure with fewer resources. Local managers can act as compliance ambassadors and help ensure that the organization's compliance policies and procedures are followed in their business units.
The second action proposed is to quantify compliance risks and price potential claims, compensations, fraud, and revenue losses due to noncompliance. By quantifying compliance risks, organizations can better understand the potential costs of non-compliance and allocate resources accordingly. This can also help organizations prioritize their compliance efforts and ensure that they are focusing on the most significant compliance risks.
The third action is to assign the testing of compliance controls to process owners and outsourcing service providers. This helps to distribute the responsibility for compliance testing and can reduce the workload of the compliance function. By assigning compliance testing to process owners, organizations can ensure that compliance controls are tested regularly, and issues are identified and addressed promptly.
The fourth action proposed is to embed efficient controls in clearly articulated procedures. By embedding controls in procedures, organizations can ensure that compliance requirements are met consistently and effectively. Efficient controls can help organizations streamline compliance processes and reduce compliance costs.
Finally, the fifth action is to add requirements for compliance skills when recruiting legal and financial managers in business units. This helps to ensure that compliance is a consideration when recruiting new managers. By ensuring that managers have the necessary compliance skills, organizations can better integrate compliance into their business operations and reduce the risk of non-compliance.
In addition to these five actions, the slideshare also suggests other recommendations, such as delegating compliance consultations, audits, and due diligence, benchmarking the scope of risk assessments, and implementing policies to simplify wording and articulation of procedures. Additionally, the slideshare recommends coordinating actions with business units to assess, implement, measure, and reward cost reduction initiatives. By following these recommendations, organizations can reduce their compliance costs while maintaining effective compliance programs.
More Related Content
Similar to Cyber Laundering and the AML Directives
1CYBER CRIMEChapter 5Objectives· Understand the differen.docxjesusamckone
1
CYBER CRIME
Chapter 5
Objectives
· Understand the difference between identity theft and identity fraud
· Explore the five types of identity theft/fraud
· Discuss the virtual and Internet methods in which computer criminals steal identities
· Develop a knowledge of the crimes committed due to identity theft
Details
I. Identity Theft: Illegal use or transfer of an individual’s personal identification
information.
Identity Fraud: Illegal activities based on the fraudulent use of identifying information of a real or fictitious person.
· Creation of fictitious identity by using a “breeder” document(fictitious or stolen identifiers)
· Used by criminals to create additional lines of credit and separate bank accounts
· Used by terrorists to conceal their own identity, hide from authorities or gain access to sensitive information
Types of Identity Theft/Fraud
· Assumption of Identity: individual assumes the identity of their victim, including all aspects of the victim’s lives
· Rarest form of identity theft/fraud
· Theft for Employment or Border Entry: Fraudulent use of stolen or fictitious personal information to obtain employment or gain entry into US
· Alien Registration Cards
· Nonimmigrant Visas
· Passports and Citizenship Documents
· Border Crossing Cards
· Virtual Identity Theft/Fraud: Use of personal, professional, or other dimensions of identity toward creating a fraudulent virtual personality
· On-line dating
· Role playing
· Accessing deviant sites or locations containing questionable content
· Extra Marital Affairs
· Use for harassment or stalking
· Criminals may use to deceive others to reveal personal information or solicit a criminal act
· Credit Identity Theft/Fraud: Use of stolen personal and financial information to facilitate the creation of fraudulent accounts. It requires the affirmative act of securing additional credit.
· Criminals use to create additional sources of revenue through the establishment of multiple accounts
· FTC (2011) reported 60% of all identity theft victims stated their personal information was used to open new accounts, transfer funds, or commit tax/wage related fraud
II. Scope and Victimology
· Developing crime statistics for Identity Theft/Fraud has been difficult
· Lack of reporting by the public
· Lack of reporting by police to federal agencies
· Jurisdictional discrepancies in crime measurement
· Selective enforcement based on community standards and department resources
· First comprehensive study conducted by Government Accounting Office (2002)
· Identity Theft was dramatically increasing
· Calls to the Identity Theft Clearinghouse increased over 500% in two years
· Losses incurred by MasterCard and Visa increased by 43%
· No significant loss of consumer confidence as online shopping increased
· Number-one consumer complaint to the Federal Trade Commission (FTC)
· FTC Study (2004): 15 million Americans victimized in 2003.
· Total annual cost to individu.
1CYBER CRIMEChapter 5Objectives· Understand the differen.docxherminaprocter
1
CYBER CRIME
Chapter 5
Objectives
· Understand the difference between identity theft and identity fraud
· Explore the five types of identity theft/fraud
· Discuss the virtual and Internet methods in which computer criminals steal identities
· Develop a knowledge of the crimes committed due to identity theft
Details
I. Identity Theft: Illegal use or transfer of an individual’s personal identification
information.
Identity Fraud: Illegal activities based on the fraudulent use of identifying information of a real or fictitious person.
· Creation of fictitious identity by using a “breeder” document(fictitious or stolen identifiers)
· Used by criminals to create additional lines of credit and separate bank accounts
· Used by terrorists to conceal their own identity, hide from authorities or gain access to sensitive information
Types of Identity Theft/Fraud
· Assumption of Identity: individual assumes the identity of their victim, including all aspects of the victim’s lives
· Rarest form of identity theft/fraud
· Theft for Employment or Border Entry: Fraudulent use of stolen or fictitious personal information to obtain employment or gain entry into US
· Alien Registration Cards
· Nonimmigrant Visas
· Passports and Citizenship Documents
· Border Crossing Cards
· Virtual Identity Theft/Fraud: Use of personal, professional, or other dimensions of identity toward creating a fraudulent virtual personality
· On-line dating
· Role playing
· Accessing deviant sites or locations containing questionable content
· Extra Marital Affairs
· Use for harassment or stalking
· Criminals may use to deceive others to reveal personal information or solicit a criminal act
· Credit Identity Theft/Fraud: Use of stolen personal and financial information to facilitate the creation of fraudulent accounts. It requires the affirmative act of securing additional credit.
· Criminals use to create additional sources of revenue through the establishment of multiple accounts
· FTC (2011) reported 60% of all identity theft victims stated their personal information was used to open new accounts, transfer funds, or commit tax/wage related fraud
II. Scope and Victimology
· Developing crime statistics for Identity Theft/Fraud has been difficult
· Lack of reporting by the public
· Lack of reporting by police to federal agencies
· Jurisdictional discrepancies in crime measurement
· Selective enforcement based on community standards and department resources
· First comprehensive study conducted by Government Accounting Office (2002)
· Identity Theft was dramatically increasing
· Calls to the Identity Theft Clearinghouse increased over 500% in two years
· Losses incurred by MasterCard and Visa increased by 43%
· No significant loss of consumer confidence as online shopping increased
· Number-one consumer complaint to the Federal Trade Commission (FTC)
· FTC Study (2004): 15 million Americans victimized in 2003.
· Total annual cost to individu.
How the UK's #1 Mobile Network Enhanced Its Approval Rate by 10%, with Zero F...Vesta Corporation
As digital payments continue to increase in popularity, businesses across the globe are looking for ways to increase approvals of these transactions while preventing fraud and delivering a seamless payment experience for their customers.
EE, the largest mobile network in the UK, understands how difficult it is to strike the perfect balance between these three key pillars of e-commerce, so they selected Vesta to manage their card-not-present top-up services. Thanks to Vesta's advanced approval enhancement and fraud prevention technology, EE increased its card not present approval rate by over 10% with zero fraud liability.
Vesta also worked within the 3D Secure Framework with 2-Factor Authentication to deploy a proprietary orchestration layer that reduced 3D Secure challenges by 30% while ensuring a frictionless payment experience for EE's customers.
Explore our students' project on detecting credit card fraud using advanced analytics techniques. This project utilizes machine learning algorithms to analyze transaction data and identify fraudulent patterns, offering valuable insights for financial institutions. Gain insights into fraud detection strategies and the impact of technology on financial security. To learn more, do check out https://bostoninstituteofanalytics.org/data-science-and-artificial-intelligence/.
What is Social KYC?
We generate large amounts of data about ourselves online every single day. All of this activity, when analysed as a whole, builds up a very deep and unique digital footprint — something that’s exceedingly difficult for someone to steal or fake convincingly.
Social KYC harnesses this data and uses it to establish a person’s identity — on a consent driven basis, of course. Using algorithms to analyse and corroborate various data attributes across multiple online accounts it is possible to quickly establish the likelihood of a person being:
- real
- who they claim to be (including various demographic data related thereto)
- a legitimate potential user (rather than a fraudster trying to access your platform with malicious intent)
We’re all used to Single Sign On – using an existing social media account to sign up to a new service — and Social KYC is an extension of this. As all you’re doing is asking a user to log in to a variety of their online accounts to prove who they are, it makes for a far more fluid sign up experience which in turn will encourage more users onto your platform.
Abu Dhabi - 5th Annual Financial Crimes ConferenceJuan Llanos
This pioneering seminar attempted to elucidate the rise, purpose, operational intricacies, societal benefits and multiple risks of Bitcoin and the emerging breed of alternative digital currencies. For the first time in history, Bitcoin allows individual consumers to make payments and move funds securely, completely outside of the traditional financial system. In recent months, there has been a lot of hype about the risk of virtual currencies, but not much explanation about how they work and what the real risks and also societal benefits are. In this session, regulators, executives and risk managers had the opportunity to learn how Bitcoin and other digital currencies work, what the true risks are and what can be done to both manage the risks and exploit the opportunities.
Anyone conducting online transactions runs a risk of being defrauded. This article outlines specific things you can look out for and steps you can take to minimize that risk.
B12: AMLO | FinTech Situation in Thailand and Offshore and Money Laundering R...Kullarat Phongsathaporn
"AMLO Seminar and Workshop regarding new types of financial transactions: FinTech and Financial Inclusion" by AMLO, Panelist for "FinTech Situation in Thailand and Offshore and Money Laundering Risks" (4 Jul 2019)
This is from the Atlanta eCommerce Summit June 3-4, 2009 where Markus Kroeger Managing Director of MoneyBookers shared strategies to protect against fraud and payment risk online. Find out more about eCommerce Merchants at http://www.ecmta.org
Similar to Cyber Laundering and the AML Directives (20)
Overview of the potential risks and challenges associated with the development and deployment of AI systems, as well as the recommended controls and best practices to mitigate them. The presentation covers the following topics:
Design risks: These are the risks related to the design and specification of the AI system, such as lack of clarity, alignment, or validation of the objectives, assumptions, or constraints of the system. Some of the factors that contribute to these risks are:
Inadequate or ambiguous problem definition
Unrealistic or conflicting expectations or requirements
Insufficient or inappropriate testing or evaluation methods
Lack of transparency or explainability of the system’s logic or behavior
Some of the recommended controls for these risks are:
Define the problem and the scope of the system clearly and explicitly
Involve relevant stakeholders and experts in the design process
Use appropriate methods and metrics to test and evaluate the system’s performance and robustness
Document and communicate the system’s objectives, assumptions, limitations, and uncertainties
Provide mechanisms to explain or justify the system’s outputs or decisions
Data risks: These are the risks related to the data used to train, test, or operate the AI system, such as data quality, availability, security, or privacy issues. Some of the factors that contribute to these risks are:
Incomplete, inaccurate, or outdated data
Biased, unrepresentative, or irrelevant data
Unauthorized access, modification, or disclosure of data
Violation of data protection laws or ethical principles
Some of the recommended controls for these risks are:
Collect, store, and manage data in a secure and compliant manner
Ensure data quality, validity, and reliability through data cleaning, verification, and auditing
Ensure data diversity, representativeness, and relevance through data sampling, augmentation, and analysis
Protect data privacy and confidentiality through data anonymization, encryption, or aggregation
Respect data rights and consent of data subjects and providers
Operation risks: These are the risks related to the operation and maintenance of the AI system, such as system failure, malfunction, or misuse. Some of the factors that contribute to these risks are:
Hardware or software errors or defects
Environmental or contextual changes or uncertainties
Adversarial or malicious attacks or manipulations
Unintended or harmful consequences or impacts
Some of the recommended controls for these risks are:
Monitor and update the system regularly and proactively
Adapt and calibrate the system to changing or uncertain conditions or scenarios
Detect and prevent potential threats or vulnerabilities
Asociacion Profesionistas de Compliance - Initiatives to Reduce the Cost of C...Hernan Huwyler, MBA CPA
Prof. Hernan Huwyler's slideshare discusses in detail five key actions that organizations can take to reduce compliance costs. These actions are designed to help organizations increase their compliance efficiency, reduce compliance risks, and lower compliance costs.
The first action proposed by Prof. Hernan Huwyler is to designate local managers as compliance representatives in business units. This helps to amplify control while reducing the compliance function's structure. By designating local managers as compliance representatives, organizations can have a more effective compliance structure with fewer resources. Local managers can act as compliance ambassadors and help ensure that the organization's compliance policies and procedures are followed in their business units.
The second action proposed is to quantify compliance risks and price potential claims, compensations, fraud, and revenue losses due to noncompliance. By quantifying compliance risks, organizations can better understand the potential costs of non-compliance and allocate resources accordingly. This can also help organizations prioritize their compliance efforts and ensure that they are focusing on the most significant compliance risks.
The third action is to assign the testing of compliance controls to process owners and outsourcing service providers. This helps to distribute the responsibility for compliance testing and can reduce the workload of the compliance function. By assigning compliance testing to process owners, organizations can ensure that compliance controls are tested regularly, and issues are identified and addressed promptly.
The fourth action proposed is to embed efficient controls in clearly articulated procedures. By embedding controls in procedures, organizations can ensure that compliance requirements are met consistently and effectively. Efficient controls can help organizations streamline compliance processes and reduce compliance costs.
Finally, the fifth action is to add requirements for compliance skills when recruiting legal and financial managers in business units. This helps to ensure that compliance is a consideration when recruiting new managers. By ensuring that managers have the necessary compliance skills, organizations can better integrate compliance into their business operations and reduce the risk of non-compliance.
In addition to these five actions, the slideshare also suggests other recommendations, such as delegating compliance consultations, audits, and due diligence, benchmarking the scope of risk assessments, and implementing policies to simplify wording and articulation of procedures. Additionally, the slideshare recommends coordinating actions with business units to assess, implement, measure, and reward cost reduction initiatives. By following these recommendations, organizations can reduce their compliance costs while maintaining effective compliance programs.
This Slideshare presentation by Professor Hernan Huwyler discusses a model to quantify compliance, legal, and contractual risks. It highlights the importance of understanding the impact of uncertainty on objectives and identifies mandatory and voluntary compliance objectives. The presentation discusses different techniques to quantify risks, such as heatmaps, risk matrices, common malpractice, scores, and escalation matrices, and the problems with these techniques, such as biases, incomplete data, and aggregation issues. The presentation proposes a compliance risk modeling approach, which involves understanding the distribution of events, consequences, impact, causes, and frequency of risks. It suggests using different probability distributions, such as log-normal, Pareto, normal, Poisson, Bernoulli, and triangular, to model risks. The presentation also discusses the chain of events that can lead to different types of losses, including penalties, compensations, fines, sanctions, legal and remediation costs, loss of customers, marketing depreciation, loss of licenses, and stock price. It explains different techniques to model losses, such as graphs, decision trees, Monte Carlo simulations, and calibrated estimates. Finally, the presentation highlights the importance of using different sources of risk data, including internal and external data, paid compensations, fines, and credits, fraud losses, legal fees, and complaints, and industry studies, enforcement trackers, and case analysis. It also provides examples of business cases related to compliance objectives and contractual clauses that set penalties for non-compliance. The presentation concludes with a demo of the proposed model to quantify compliance, legal, and contractual risks.
The summary is about an upcoming Safety Roundtable event on the topic of "Ditch your heat maps" presented by Professor Hernan Huwyler, MBA CPA. The event aims to help attendees transform their approach to safety risk management by moving away from subjective measures such as colours, adjectives, and heat maps, and instead focusing on a data-driven model to quantify and manage operational risks.
The event emphasizes the importance of using data and financial information to inform decision making in order to minimize biases and justify investments. Attendees will gain insights on a quantitative model that will help them measure, visualize, and manage operational risks, as well as tips to reduce risk, enhance insurance and protection, and control investment.
The event is relevant to anyone interested in risk management, insurance, and safety, and aligns with ISO 31000, the international standard for risk management. The event includes a Q&A session at the end, providing attendees with the opportunity to ask questions and share their perspectives.
Overall, the Safety Roundtable event promises to be a valuable opportunity to learn from Professor Hernan Huwyler's insights, network with other professionals interested in risk management, and gain practical knowledge on how to improve safety risk management practices using a data-driven approach.
Obtaining resources, planning actions, and budgeting are essential for any organization's successful compliance management. Compliance management is the practice of ensuring that a company adheres to regulatory requirements and internal policies. This summary will explore key considerations for planning compliance initiatives, evaluating regulatory requirements, stakeholder needs, and developing a timeline of activities. It will also cover how to detect corruption and fraud schemes, control representation expenses, and prevent over-invoicing. Finally, we will discuss fraud impact and controls and how to demonstrate the return on investment in compliance.
To begin with, it is crucial to obtain resources to initiate compliance management. The compliance team should have adequate resources to ensure that the organization is compliant with regulatory requirements. The resources should include trained personnel, financial resources, software, and hardware, among others. After obtaining resources, the next step is planning actions and budgeting. Planning should involve various stakeholders and departmental heads to ensure that all areas of the organization are covered. Planning actions and budgeting should include developing a compliance plan, identifying potential compliance risks, and developing mitigation strategies.
While planning compliance initiatives, it is essential to evaluate the regulatory horizon, stakeholder needs, open items, and new strategies. The regulatory horizon involves understanding the regulatory landscape, identifying new regulations, and monitoring the existing ones. Stakeholder needs involve understanding the needs of all stakeholders, including shareholders, customers, and employees. Open items are compliance issues that are unresolved, and new strategies are measures that an organization intends to take to comply with regulations.
Developing a timeline of activities to address certifications and audit needs is critical. A timeline helps to ensure that an organization is compliant with regulations within the stipulated timeline. The timeline should involve developing a compliance plan, identifying potential compliance risks, and developing mitigation strategies. It should also include training employees on compliance, conducting regular internal audits, and reviewing the compliance plan to ensure that it is up to date.
Demonstrating the return on investment in compliance is essential. A return on investment (ROI) helps to justify the resources that an organization invests in compliance. Demonstrating ROI involves identifying the costs of compliance management, such as personnel, software, and hardware costs. It also involves identifying the benefits of compliance management, such as reducing the risk of regulatory fines and reputation damage.
Compliance risk is the risk of failing to comply with laws, regulations, standards, and guidelines that organizations are subject to. Noncompliance risks can lead to legal, financial, and reputational consequences. Compliance officers play a critical role in identifying, assessing, and managing compliance risks. Compliance risks can also present opportunities for organizations to improve their practices, enhance their reputation, and gain a competitive advantage.
ISO 37301 is a standard that provides guidance on compliance management systems. The standard defines compliance risk as the risk of noncompliance with laws, regulations, and other requirements that an organization is obligated to comply with. Compliance risks can arise from internal and external factors, such as changes in laws and regulations, new business operations, third-party relationships, and cultural differences. ISO 37301 emphasizes the importance of managing compliance risks through a systematic and proactive approach that includes risk assessment, risk treatment, monitoring, and review.
Compliance officers serve as trusted advisors to senior management and provide guidance and support in compliance planning and decision-making. Compliance officers need to have a deep understanding of the organization's operations, risks, and culture to identify and manage compliance risks effectively. Compliance officers should also have strong communication and interpersonal skills to build relationships with stakeholders, including senior management, employees, regulators, and other external parties.
The level of compliance risk varies depending on the nature, complexity, and scale of an organization's operations. Compliance risks can be classified into three levels: low, medium, and high. Low-risk compliance activities are routine and have little impact on the organization's operations or reputation. Medium-risk compliance activities are more complex and involve higher stakes, such as regulatory compliance, data privacy, and anti-corruption. High-risk compliance activities involve significant legal, financial, and reputational consequences, such as anti-money laundering, anti-bribery, and sanctions compliance.
Compliance risks can also present opportunities for organizations to improve their practices, enhance their reputation, and gain a competitive advantage. For example, a company that implements strong data privacy practices can enhance customer trust and loyalty. A company that complies with anti-corruption laws can reduce legal and reputational risks and attract socially responsible investors. Compliance officers should work with senior management to identify and leverage compliance risks as opportunities to create value for the organization.
Compliance risk, noncompliance, ISO 37301, compliance officer, trusted advisor, risk level, opportunities, regulatory risks, obligations, ethical risks, inherent risks, residual risks, risk-taking, tolerance, control level, sustainability
Support Ukraine from compliance 🇺🇦 Join our free special webinar to get practical tips on how to
- adjust due diligence to address new global sanctions, export controls, and trade restrictions
- identify third parties, beneficial owners, shell companies, and assets related to Russia and Belarus
- activate exit plans and force major clauses
- address changes in the expectations of stakeholders to cancel operations, payments, financing, investing, and partnerships
- apply measures to support affected employees and the Ukrainian people
- prepare for possible Russian cyber and commercial attacks
👉 Enroll the webinar for free https://lnkd.in/gJR27Dci
#compliance #export #russianthreat #ukraine #complianceofficer #riskmanagement #sanctions #UkrainiansWillResist #business #investment #corporateresponsibility #businessethics #HR #people #investing #payments #payments #cyber #webinar
Minimising Privacy Risk from A Global DPO Perspective https://www.copenhagencompliance.com/2021/dpoday/agenda.htmlDPO, CISO, Controller or Processor? – (And the Risk Of Mixing Roles)
Minimising the Aggregate Privacy Risk Vs Contract Sharing
Using A Data Processor Modular DPIA And Data Flow
Leveraging Binding Corporate Rules as Data Processor
Prof. Hernan Huwyler, CPA, MBA
Master in Sustainability Leadership Sustainability Risks Prof Hernan HuwylerHernan Huwyler, MBA CPA
Course on sustainability risk management for the Master in Sustainability and Corporate Social Responsibility Leadership at the Universidad Complutense de Madrid. I will provide the students with tips, tools, and models to assess and manage operational, compliance, integrity, governance, solvency, profitability environmental, climate change, and supply chain risks as part of a sustainability and social responsibility program.
I am invited to speak at the Iberoamerican Compliance Conference hosted by the Universidad Complutense de Madrid (Argentina + web, Jun 29/Jun 1, Spanish). I will deliver a master class on quantitative vs. qualitative assessments of compliance risks. It will be exciting to meet great compliance colleagues and friends as Zulma Escalante, Eduardo Navarro Villaverde, Javier Puyol Montero, Silvina Bacigalupo, Daiana C., Carlos J. Díaz Navarrete, Félix Pablo Crous, Lic. Graciela Garay, Macarena Retamosa, Miguel Soler Ruiz-Boada, Nieves Cifuentes Valero, Sebastian Daniel Barletta, virginia olivieri and other fellows.
https://lnkd.in/e_qfztj
Register https://lnkd.in/e-iAMgM
#compliance #riskmanagement #ECI2021 #ECIArgentina2021 #UCM
ARENA - Prof Hernan Huwyler - Debate Is Machine Learning Mature Enough?Hernan Huwyler, MBA CPA
I am excited to discuss how organizations need to be prepared before implementing machine learning with Jason Maude at the Machine Learning in Financial Services event hosted by Arena International Events Group (June 30, online). We will provide recommendations to develop the conditions to successfully implement artificial intelligence projects. Thanks to Rebecca Mayoh for the event coordination.
Join here https://lnkd.in/ec6qP4A
#machinelearning #compliance
I am writing an article on the most common challenges to comply with the #ISO37301 for the IE Law School. What are the elements of your compliance management system that you plan to improve?
#compliance
I enjoyed presenting on effective controls for software development with Matthew Crabbe and QA Financial. I am pushing the concept of "cyber compliance" to define internal and external requirements for IT assets such as software, data, hardware, services, contracts, and licenses. Cyber compliance is rapidly expanding from licenses, privacy and contracts with IT vendors to outsourcing, software development and business continuity of essential services providers, cloud in particular.
#riskmanagement #compliance #itcontrol #CISO #cybersecurity
My classes on IT risk management. Recommendations do you expect to cover in a course on IT risk management and governance?
#riskmanagement #risk #governance #cybersecurity #security #informationsecurity #ciso #ITgovernance #ITRIsk #cyberrisk
Stronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwylerHernan Huwyler, MBA CPA
I am honored and humbled to have been given the opportunity to discuss practices to address cyber risks at the 2021 STRONGER conference hosted by CyberSaint Security (Sep 28, online). I will discuss the building blocks to quantify and communicate risks to protect IT assets, processes, and services. Thanks to Ethan Bresnahan for the flawless preparation of the event.
You are welcome to register here https://lnkd.in/eitKYDsX
#cybersecurity #security #datasecurity #infosec #riskmanagement #ciso #stronger2021
Learn how to design, implement. operate and certify a compliance program under the new ISO 37301. Join the IE Law School professors, Alvaro Arjona l Ph.D, Jesica Hita Ruiz, Fabio G. Pérez-Bryan and me, to get a toolbox with facilitators, guidance, reference policies, checklist and other practical references.
8 modules - 12 hours - Sept 27th and 28th - Online
- Requirements, terms scope, elements and certification and consultancy market
- Practical impact. main changes, benchmark, and introduced components
- Adequacy for criminal law compliance in Spain (UNE 19601) and in LatAm
- Processes from risk analysis to reporting and evaluation
- Implementation of requirements
- Recommendations and facilitators for implementation.
- Roadmap with evidence to certify
- Documentation review program for implementation assurance
- Methodology for testing compliance controls and documentation reviews
Thanks to Sibel Abdulovska, Paula Abascal Gutierrez-Colomer and Maria Serrano for the flawless coordination of the course.
Lean more: https://lnkd.in/gezyzmgn
#ISO37301 #CCO #compliance #audit #certification #ISO37002
It was a pleasure to moderate a workshop to assess cyber security risks hosted by Strategy Insights. We discussed options and practices to quantify confidentiality, integrity, and availability risks with delegates of the big players in the pharma, banking, retailing, and service sectors in the Nordics.
Thanks to Anna Rose Poyntz, Finlay Wilson, and Edgar Baier for the event coordination.
Round tables https://lnkd.in/e_m5eTW5
#cybersecurity #compliance #strategy #banking #ciso #riskmanagement
More than 121 governance specialists joined Copenhagen Compliance, GRC and GDPR Solutions to discuss how boards are addressing innovation and transformation challenges. I provided tips for board members to effectively deal with digital transformation.
Thanks to Kersi Porbunderwala and Olga Maitland for the coordination of the event.
Join the next event on corporate culture https://lnkd.in/eMg4anP3
#digitaltransformation #innovation #transformation #leadership #CorpGov #corporategovernance
Premium MEAN Stack Development Solutions for Modern BusinessesSynapseIndia
Stay ahead of the curve with our premium MEAN Stack Development Solutions. Our expert developers utilize MongoDB, Express.js, AngularJS, and Node.js to create modern and responsive web applications. Trust us for cutting-edge solutions that drive your business growth and success.
Know more: https://www.synapseindia.com/technology/mean-stack-development-company.html
What are the main advantages of using HR recruiter services.pdfHumanResourceDimensi1
HR recruiter services offer top talents to companies according to their specific needs. They handle all recruitment tasks from job posting to onboarding and help companies concentrate on their business growth. With their expertise and years of experience, they streamline the hiring process and save time and resources for the company.
Improving profitability for small businessBen Wann
In this comprehensive presentation, we will explore strategies and practical tips for enhancing profitability in small businesses. Tailored to meet the unique challenges faced by small enterprises, this session covers various aspects that directly impact the bottom line. Attendees will learn how to optimize operational efficiency, manage expenses, and increase revenue through innovative marketing and customer engagement techniques.
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...BBPMedia1
Marvin neemt je in deze presentatie mee in de voordelen van non-endemic advertising op retail media netwerken. Hij brengt ook de uitdagingen in beeld die de markt op dit moment heeft op het gebied van retail media voor niet-leveranciers.
Retail media wordt gezien als het nieuwe advertising-medium en ook mediabureaus richten massaal retail media-afdelingen op. Merken die niet in de betreffende winkel liggen staan ook nog niet in de rij om op de retail media netwerken te adverteren. Marvin belicht de uitdagingen die er zijn om echt aansluiting te vinden op die markt van non-endemic advertising.
Falcon stands out as a top-tier P2P Invoice Discounting platform in India, bridging esteemed blue-chip companies and eager investors. Our goal is to transform the investment landscape in India by establishing a comprehensive destination for borrowers and investors with diverse profiles and needs, all while minimizing risk. What sets Falcon apart is the elimination of intermediaries such as commercial banks and depository institutions, allowing investors to enjoy higher yields.
Putting the SPARK into Virtual Training.pptxCynthia Clay
This 60-minute webinar, sponsored by Adobe, was delivered for the Training Mag Network. It explored the five elements of SPARK: Storytelling, Purpose, Action, Relationships, and Kudos. Knowing how to tell a well-structured story is key to building long-term memory. Stating a clear purpose that doesn't take away from the discovery learning process is critical. Ensuring that people move from theory to practical application is imperative. Creating strong social learning is the key to commitment and engagement. Validating and affirming participants' comments is the way to create a positive learning environment.
Buy Verified PayPal Account | Buy Google 5 Star Reviewsusawebmarket
Buy Verified PayPal Account
Looking to buy verified PayPal accounts? Discover 7 expert tips for safely purchasing a verified PayPal account in 2024. Ensure security and reliability for your transactions.
PayPal Services Features-
🟢 Email Access
🟢 Bank Added
🟢 Card Verified
🟢 Full SSN Provided
🟢 Phone Number Access
🟢 Driving License Copy
🟢 Fasted Delivery
Client Satisfaction is Our First priority. Our services is very appropriate to buy. We assume that the first-rate way to purchase our offerings is to order on the website. If you have any worry in our cooperation usually You can order us on Skype or Telegram.
24/7 Hours Reply/Please Contact
usawebmarketEmail: support@usawebmarket.com
Skype: usawebmarket
Telegram: @usawebmarket
WhatsApp: +1(218) 203-5951
USA WEB MARKET is the Best Verified PayPal, Payoneer, Cash App, Skrill, Neteller, Stripe Account and SEO, SMM Service provider.100%Satisfection granted.100% replacement Granted.
Cracking the Workplace Discipline Code Main.pptxWorkforce Group
Cultivating and maintaining discipline within teams is a critical differentiator for successful organisations.
Forward-thinking leaders and business managers understand the impact that discipline has on organisational success. A disciplined workforce operates with clarity, focus, and a shared understanding of expectations, ultimately driving better results, optimising productivity, and facilitating seamless collaboration.
Although discipline is not a one-size-fits-all approach, it can help create a work environment that encourages personal growth and accountability rather than solely relying on punitive measures.
In this deck, you will learn the significance of workplace discipline for organisational success. You’ll also learn
• Four (4) workplace discipline methods you should consider
• The best and most practical approach to implementing workplace discipline.
• Three (3) key tips to maintain a disciplined workplace.
Discover the innovative and creative projects that highlight my journey throu...dylandmeas
Discover the innovative and creative projects that highlight my journey through Full Sail University. Below, you’ll find a collection of my work showcasing my skills and expertise in digital marketing, event planning, and media production.
Attending a job Interview for B1 and B2 Englsih learnersErika906060
It is a sample of an interview for a business english class for pre-intermediate and intermediate english students with emphasis on the speking ability.
Memorandum Of Association Constitution of Company.pptseri bangash
www.seribangash.com
A Memorandum of Association (MOA) is a legal document that outlines the fundamental principles and objectives upon which a company operates. It serves as the company's charter or constitution and defines the scope of its activities. Here's a detailed note on the MOA:
Contents of Memorandum of Association:
Name Clause: This clause states the name of the company, which should end with words like "Limited" or "Ltd." for a public limited company and "Private Limited" or "Pvt. Ltd." for a private limited company.
https://seribangash.com/article-of-association-is-legal-doc-of-company/
Registered Office Clause: It specifies the location where the company's registered office is situated. This office is where all official communications and notices are sent.
Objective Clause: This clause delineates the main objectives for which the company is formed. It's important to define these objectives clearly, as the company cannot undertake activities beyond those mentioned in this clause.
www.seribangash.com
Liability Clause: It outlines the extent of liability of the company's members. In the case of companies limited by shares, the liability of members is limited to the amount unpaid on their shares. For companies limited by guarantee, members' liability is limited to the amount they undertake to contribute if the company is wound up.
https://seribangash.com/promotors-is-person-conceived-formation-company/
Capital Clause: This clause specifies the authorized capital of the company, i.e., the maximum amount of share capital the company is authorized to issue. It also mentions the division of this capital into shares and their respective nominal value.
Association Clause: It simply states that the subscribers wish to form a company and agree to become members of it, in accordance with the terms of the MOA.
Importance of Memorandum of Association:
Legal Requirement: The MOA is a legal requirement for the formation of a company. It must be filed with the Registrar of Companies during the incorporation process.
Constitutional Document: It serves as the company's constitutional document, defining its scope, powers, and limitations.
Protection of Members: It protects the interests of the company's members by clearly defining the objectives and limiting their liability.
External Communication: It provides clarity to external parties, such as investors, creditors, and regulatory authorities, regarding the company's objectives and powers.
https://seribangash.com/difference-public-and-private-company-law/
Binding Authority: The company and its members are bound by the provisions of the MOA. Any action taken beyond its scope may be considered ultra vires (beyond the powers) of the company and therefore void.
Amendment of MOA:
While the MOA lays down the company's fundamental principles, it is not entirely immutable. It can be amended, but only under specific circumstances and in compliance with legal procedures. Amendments typically require shareholder
2. REQUIREMENTS
Introduction to cyber
money laudering and tips
for compliance
4
| MODULES
1
3
RISKS
Assessment of new AML
compliance risks
REPORTING
Detection and management
of suspicious transactions
2
CONTROLS
Practical controls to
comply with the 5th EU
directive on AML
5
TECHNOLOGY
The assessment and
implementation of new
solutions for cyber
laudenring
3. Prof. Hernan Huwyler, MBA CPA
IT and Compliance Risk Manager
Module 1
COMPLIANCE
REQUIREMENTS IN
PRACTICE
4. Identify scope changes
The development of Internet applications created new
methods to move illicit funds...
• rapidly,
• internationally,
• discreetly,
• with low transaction costs and
• safely
... with a mere click of a mouse
Cyber-laundering = Speed * Distance * Anonymity
5. Identify scope changes
The deep web ensures anonymity by preventing
content indexing
The Internet allows hiding illicit fund origins and avoids
physically moving banknotes at the time of placement
Regulations and enforcement agencies are behind new
developments
Banks are not fully covering new cyber-laundering
developments to update alarms of suspicious
operations
6. Identify scope changes
Internet facilitates the all money laundering stages
Placement > Introduction of illegal money in institutions
• No face-to-face contact and weak identity verifications
• Deposits in unregulated institutions and payment
intermediaries
• Anonymous operations (eg. eCash, virtual currencies)
• IPs hiding and privacy limitations by the GDPR
• It is often an unnecessary stage because money illicit is
already in virtual form (eg. ransomware payments)
• Easy to create virtual "mules"
7. Identify scope changes
Internet facilitates the all money laundering stages
Stratification > Disguise illegal origins
• Easiness to move funds via eBanking and unregulated
intermediaries
• Low costs to acquire virtual assets
• Speed to move funds while centralizing multiple online
users
• Easiness to change jurisdictions
• Numerous unregulated sectors (e.g. online casinos)
8. Identify scope changes
Internet facilitates the all money laundering stages
Integration > Re-entry of funds as legitimate
• Easiness to create fake eCommerce businesses
• Inability to demonstrate the effective provision of virtual
services
• Difficulties in valuating virtual assets
• Use of accounts in foreign eBanks
9. Study case
3D game based on a virtual world created in 2003,
allowing users to
• negotiate virtual properties valued in "Linder dollars”
that can be converted into real money via PayPal
• exchange virtual items (property, jewels, and
clothes) and services (gambling, sexual, and
banking) without enforcing intellectual property and
regulations
Required identity, tax and address validations for
virtual payments since 2019
10.
11.
12.
13. Study case
Let's discuss
• Money laundering risks
• Terrorism financing risks
• Illegal activity risks
• Risks related to the protection
of minors
• Impossibility to freeze assets of
subjects on OFAC listings and
sanctioned by the European
community
14. Amount in crypto coins from illicit sources
Fraud ponzi from
PlusToken coin
purse
Fraud ponzi from
Bitconnect
investments
COVID
17. Identify scope changes
New applications allow illicit funds to be immediately
moved. even between countries and unregulated
institutions and intermediaries, via
• eCommerce sales of bogus services and invoices
(commonly combining real and fraudulent services),
• bitcoins transfers,
• eBanking applications with low controls,
• custody account and trust transfers by advisors,
• gift card transfers,
• smart and prepaid cards transfers (eg. Santander
Smart that accumulate the balance on the chip without
the need to authorize movements),
18. Identify scope changes
• online payment applications (eg. PayPal, Zelle, and
Wise ),
• transfers via mobile phones platforms (e.g. Aple Pay
and Samsung Pay),
• online auctions and websites,
• bogus donations,
• fake loans with offshore companies,
• bets in virtual casinos and sports platforms and
• play to earn game applications
19. Illustrative example
A public official obtains a bribe of 10,000 euros in cash, then he
• creates a user with a false identity on eBay,
• simulates offering a "collectible photo“under "buy Item now“at
10 euros without shipping and purchase costs
• creates his real user on eBay
• immediately pretends to buy the "collectible photo" from the
false user
• then he resells "collectible photo" at 10,010 euros to the fake
user without completing any payment
The illicit fund has been justified to the public official as a gain from
reselling a "collectible photo" in eBay.
20. Common crimes facilitated by Internet
• Drug trafficking
• Tax evasion and fraud
• Financing of terrorism
• Corruption
• Computer crime (eg. fraud
and ransomware)
• Credit card fraud via
identity theft
• Fraud via phishing
• Pyramid scams (e.g. Ponzi
and investment fraud)
• Child pornography
• Extortion
21. Common crimes facilitated by Internet
If I had used internet to hide
my funds, I would have
ended up drinking
margaritas in the Caribbean
22. 5 AMLD scope changes
• Credit and financial entities such as payment services,
currency exchange, investment and insurance companies
• Legal, tax, financial, accounting advisers, notaries and
auditors, real estate agents
• Gambling providers, jewelers and dealers of gold,
diamonds and other high-value goods
• Companies that hold or transfer virtual assets
• Merchants that deal with art works
• Platforms and bitcoins wallets
comply with laundering prevention measures such as client
due diligence and reporting of suspicious operations
23. 5 AMLD scope changes
In the practice, the fifth AML directive involves updating
Anti-money laundering governance
• the operational risk assessments (especially on virtual
assets and cybercrime)
• the list of high-risk countries
• the staff training programs
• the report protocol to the Executive Service of the
Commission for the Prevention of Money Laundering and
Monetary Offenses (SEPBLAC)
24. 5 AMLD scope changes
In the practice, the fifth directive involves updating
Due diligence
• The policies and controls for customer identification and
acceptance and continuous monitoring against their profile
> decide to act to accept clients remotely during COVID
• The requirement of high-quality scanning of identification
documents
• the matching against sanction lists
• the protocol for requesting documentation of origin of funds
25. 5 AMLD scope changes
In the practice, the fifth directive involves updating
Systems operations
• blocking connections from IPs anonymous VPNs and TOR
• two-step validation of clients using mobile devices
• the customer access log to capture IPs with a 5 year
retention period
• the log of IPs of virtual wallets
• the limits for operations or accumulation of operations in
amount and number
• the alerts covering new risks and requirements
• the compliance audit plans
26. Study case
Payment service in virtual currencies
• Transfers only with name, email and date of birth
• Purchase of virtual money (“Liberty Reserve euros / dollars”)
indirectly funded by credit cards or bank wires by third party payment
companies ("exchangers”) in Russia, Malaysia and Nigeria
• Achieved 1 M clients without identity verification, especially in forex
brokers and trading companies eCommerce, 30% in the US
• 1% expenses on transfers of 300M USD per month
• Registered in Costa Rica
• Employees signed confidentiality clauses for 13 years
• A group of hackers asked for 50,000 USD from a cyber provider
security via Liberty Book
28. Study case
Let's discuss
• Regulations to consider
• Crimes to be investigated by
prosecutors
• Cooperation between
jurisdictions
• Extension of tunlawful
association to CIOs, CTOs and
other directors
29. Study case
• Closed in 2013 by the United
States justice
• Charges to its 2 founders and 7
directors for facilitating money
laundering and unlicensed
operation abroad by the US
Patriot Act
• Manhattan US Attorney Announces Charges Against
Liberty Reserve, One Of World's Largest Digital
Currency Companies, And Seven Of Its Principals And
Employees For Allegedly Running A $ 6 Billion Money
Laundering Scheme | USAO-SDNY | Department of
Justice
30. Prof. Hernan Huwyler, MBA CPA
IT and Compliance Risk Manager
Module 2
TIPS FOR CYBER
LAUNDERING
CONTROLS
31. Controls on new payment methods and use of
virtual currencies
Understand the technology and possible cyber laundering schemes
• Identify online platforms in which identities are not fully validated
• Identify schemes from countries with weak anti-money laundering
regulations
• Identify platforms with anonymous operations (eg. allowing proxies,
anti-tracking software and VPNs)
• Identify payments without limits for transfers or amount of
operations or recharges
• Identify the platforms allowing payments without having an
associated bank account (eg. PayPal,wallets and smart cards)
32. Common controls against cyber laundering
Front-end controls
• Strengthen customer due diligence
• Validate the associated bank account with a 1 cent debit and credit
• Validate access in two steps, strong passwords and avoid
simultaneous logons
• Restrict operations by their geolocations
• Train to identify red flags on customer behaviors
Back-end controls
• Monitor operations for abnormal usage patterns
• Identify addresses IPs
• Mine operations and logos with better metadata
• Report of suspicious operations of >10k EUR in virtual currencies
33. Common controls against cyber laundering
Service providers controls
• Identify internet users and record their activity history by the internet
providers
• Keep records for judicial and criminal investigations
These controls are easily bypassed by the use of
• "hot spots” in hotels and cybercafes
• software and hardware to anonymize the addresses of IPs
• data encryption applications
• unprotected servers from legitimate users that were compromised
34. Common controls against cyber laundering
The cyber laundering requires updating controls and procedures
• Detect operations with risks of cyber laundering > transfers using
paypal, anonymous or opaque operations, transfers with erroneous
or missing data, intermediaries, IP of a risk country or VPN
• Segment customers with higher risks > products related to eCash,
without physical contact, linked to tax havens, without electronic
signature, and lack of customer response
• Monitor transactions with cyber laundering risks
• Analyze deviations with current legislation by country
35. Tool> Activity Threat Matrix criminal
Impact high
Impact under
Evasion
Corruption
Fraud
Identity theft
Financing of terrorism
Cybercrime
Human trafficking Bets
Operations per month
36. Tool> Activity Threat Matrix criminal
by criminal offense
Impact high
Impact under
Operations per month
Phishing
Abuse of customer
accounts
Onine banking
Conversion of cryptos
Remittances
37. ISOs 37301 and 37002
New ISOs In the compliance management systems and whistleblowing
allow addressing corporate criminal liability triggered by cyber laundering
• Art 31 bis of the Spanish Criminal Code extends the corporate
responsibility to money laundering (art 301)
• The Organic Law 6/2021 aggravates money laundering crime in the
exercise of business activity by credit institutions, insurers, investors,
fund managers, entities dealing with electronic money, payments
including currency virtual, money exchangers, auditors and lawyers,
casinos, art and metals traders, others entities
The ISOs integrate anti-laundering controls into a management system
to reinforce the ethics and compliance program
Certifying the ISO 37301 improves the credibility
43. Register virtual asset service providers
Virtual asset service providers cover crypto-currencies platforms and
wallets
Their services are related to the
• offer an exchange between virtual assets and fiat currencies,
• exchange different forms of virtual assets,
• transfer virtual assets (eg. move a virtual asset from one address or
account to another)
• offer the custody in wallet services
• provide financial services related to the offering of an issuer or the
sale of a virtual asset
44. To comply with the 5th directive, virtual asset service providers in Europe
must register with central banks since 2021
• When registering, they must demonstrate that
• the risks of laundering have been evaluated in all its business model and
applicable legal requirements
• the compliance policies and support procedures are effective in
addressing risks
• there are effective due diligence controls on clients
• suspicious transactions are continuously monitored
• documentation of controls is retained for 5 years
• the staff is annually trained on AML controls
• Fines of 10M EUR or 10% of sales by default of registration
Register virtual asset service providers
45. Prof. Hernan Huwyler, MBA CPA
IT and Compliance Risk Manager
Module 3
ASSESSMENT OF NEW
AML COMPLIANCE
RISKS
46. A special commission of the FATF has identified 3 risk scenarios from
cyber-laudering
• Internet is used as a distribution channel for financial instruments,
cards, and electronic wallets.
• there is no face-to-face contact with the customer who buys a
financial instrument
• the payment method is an open network type and can be accessed in
a high number of jurisdictions
Identification of escenarios and vulnerabilities
47. These risk factors are increased by the following vulnerabilities
• Operations allow transactons from abroad
• Operations are carried out from jurisdictions with no or few
regulations and cpn shadow economies
• COVID19 has made effective controls harder to implement and
monitori
Identification of escenarios and vulnerabilities
48. Risk factors and vulnerabilities in the financial system
• Increased volume of remote and Internet operations
• Lack of understanding of Internet operations and online platforms
• Unregulated sectors such as virtual currencies and minerals
• Major cybercrime and cyber criminal groups
• Pressure to accept new bank clients to compensate the crisis
• New virtual assets such as the multiplication of virtual currencies (ex
Bitcoin, Ethereum, Cardano, Binance Coin, Tether, XRP, case
Dogecoin)
Identification of escenarios and vulnerabilities
49. How to prevent risks on transfers
The virtual payments cover
• On-line banking with effective identification of parts even by moving
• Prepaid cards from financial institutions or not with a very diversified
market and with degrees of anonymization
• Anonymous payments in virtual currencies
50. How to prevent risks on transfers
Risk reduction measures
• Update the new risk scenarios for anonymous payments and virtual
assets
• Adjust the due diligence and risk segmentation process
• Monitor movements from / to payment platforms
• Identify and report suspicious movements
• Train account officers on cyber laundering
• Online verification of ID with high quality photos (face, ID, and
signature)
51. Approaches to avoid risks
Selective
• Customer rejection
• Rejection of the corresponding bank
Of product
• Rejection of the market or of an entire
customer segment
Elements to avoid risks
Of business
• Strategy
• Prudence requirements
• Cost effectiveness
Of regulations
• 5th directive
• Uncertainty
• Penalties and legal costs
How to prevent risks on transfers
52. Evaluation
Assess inherent risk
• Identify factors
• Analyze impact and frequency
Evaluate the effectiveness of controls
• Apply internal audit data and self-
assessments
Calculate residual risk
Add risks versus tolerance
Planning
Scope of products
reached by cyber
bleaches
• Entities
• Units
• Countries
• Regions
Results
Action plan
• Develop a plan to
improve
insufficient
controls
• Report and
document
deviations
EWRA Enterprise-Wide Risk TOssessment
How to prevent risks on transfers
53. Vulnerabilities generated by virtual
currencies
Placement Stratification Integration
Anonymity of virtual
currencies
They can be used by
all bleaches and its
associates
No allow detect
mules and suspicious
movements
Allow anonymous
transfer for
purchases of various
assets, highly
accepted by
merchants
Real-time operations Allow transfer illegal
money immediately
between countries
Do not allow to stop
an operation after
detecting a suspicion
Allow funds to be
moved to financial
institutions
54. Discussion case Ezzocard
• Virtual and anonymous prepaid card from 5 to 1,000 dollars
• It is funded through a transfer application (Perfect Money)
denominated in dollars or bitcoins
• The identity of the payer is not revealed
• https://ezzocard.com/
• Possibility of selling the balances in virtual auctions
• Unable to obtain IP addresses from public sites
55. Risks in transfers
Expected flow
Bank
Commerce
Client
Traditional money
Smart or
prepaid card
Deposits
Extractions
Merchant
56. Risks in transfers
Fraudulent flow
Bank
Bpgus eCmmerce
Client
Illicit traditional
money
Smart or
prepaid card
Deposits
Extractions
Bleach
Launderer
57. Potential scenarios
• A drug dealer asks customers to pay by
recharging one or more smart cards
• A gun dealer requests payment with a high-
value smart card
• A tax evadore transfer undeclared money from
Spain to Andorra with smart cards
Risks in transfers
Potential risks
58. How to Manage Risks on High
Value Trades and Art Dealers
The fifth AML directive requests that art market dealers are registered in
their Central Bank if they have operations of more than 10,000 euros per
type of artwork
• Art and antique auction houses both physically and online
• Brokers, art consultants and designers
• Galleries
• Warehouses for works of art, including those near airports
59. How to Manage Risks on High
Value Trades and Art Dealers
The scope of artworks includes
• Paintings, drawings, carpets and photos
• Sculptures, ceramics and antiques
• Collections such as coins and stamps
• Old automobiles
60. How manage risks in art
The art market creates risks for money laundering due to
• Internationally easily movable and concealable items
• Volatile and high values, difficult to compare agaist fair price
• Opaque market with many private and anonymous operations
• Existence of intermediaries
• Difficult to demonstrate the uniqueness of works of art
• Unregulated sector
• Rental of works of art
• Payments to/from tax countries
• Jurisdictions with high corruption and tax evasion
61. How to manage art trade risks
Specific control measures are
• Identification and due diligence of buyer, seller and intermediary
• Crossing with tax returns
• Test the authenticity of the artwork
• Review of previous or reference prices
• Hold a physical sale or auction event
• Ensure the commercial objective and sense of purchase
• Validate the payment method
• Trace the origin and destination of related operations
• Verify the online sale with the transfer of property and rights
• Investigate and report suspicious transaction
• Money Laundering Policy at Trained Art Dealers
62. How to manage risks Commerce of art
Case study
• A digital artist, Mike Winkelmann, sold a work for € 61M
• The sale was through an auction at Christie's
• File ownership is proven by blockchain
• Collage with images created during 14 years
• Finally, it was formalized with a broadcast license
Let's discuss
• Money laundering risks
• Controls to be carried out by Christie's
to prevent the crime of facilitating money
laundering or omission of the suspicious
transaction report
63. Risks in operations outside the client's
profile
• Incoming funds from a platform without laundering regulations
• Very high frequency inbound transfers from multiple crypto wallets to
one account
• Linked crypto wallets that barely match customer profiles
• A single crypto wallet linked to multiple bank accounts and credit
cards> indication that a group of people are using the same wallet to
move funds
• Transactions just below notification thresholds
• Continuous, high-value transactions in a short period of time
• Quick transfer of deposits to unregulated jurisdictions
64. Operational integration at before opening products and their continuous
monitoring
• Limit operations in physical locations
• Request an ID card from anyone who pays with smart cards
• Simultaneous controls with subjects on sanctioned and exposed
police lists
Always document the action before each alarm
Risk integration of know your customer and
money laundering
65. Prof. Hernan Huwyler, MBA CPA
IT and Compliance Risk Manager
Module 4
REPORTING OF
SUSPICIOUS
TRANSACTIONS
66. Summary of subjects
• credit institutions
• financial institutions
• auditors, insolvency practitioners, external accountants and tax
advisors
• notaries and other independent legal professionals
• trust or company service providers
• estate agents, including when acting as intermediaries
• other persons trading goods in cash amounting to 10,000 euros or
more
• gambling services
• exchange services between virtual and fiat currencies
• custodian wallet providers
• art dealers in galleries and auction houses
67. Changes in the requirements of the 5th
European Directive
• Beneficial ownership should to be transparent and accessible
• Ownership of trusts should to be accessible by request
• Property records must be integrated at country level
• Use of anonymous prepaid cards is limited at € 150 for physical stores
and € 50 for online transactions
• New list of risk countries without access to records of beneficial
owners
• Cooperation between anti-money laundering agencies across EU
countries
68. Discussion case > Online gaming
• Online gambling and casinos are very popular for money laundering
• Lack of experience of supervisory authorities
• Money is usually converted into virtual chips or credits at the
beginning of the game, and then, the final balance is reconverted at
the end
• A common scheme involves arranging bets between participants and
staff of the gaming company
69. Discussion case > Online game
Let's discuss the controls to prevent cyber laundering in online gambling
• Identity accreditation problems in customer due diligence (key to avoid
the access of minors)
• Participants from the same IPs or from countries other than the
residence of the due diligence
• Relationship of user accounts between participants
• Gains or losses very different from statistical expectation
• Frequent winner and in a short period of time
• Changes in ownership (ex. winer ticket sales or winning bets)
• Prevention of changes in logs of the internal staff of the gaming
company
70. How to Update Alert Decision Matrices
The risks of cyber-laudering are calculated (and segmented) by
combining 3 charasterics
• Customer characteristics > natural or legal person, nationality,
residence, identification, contact with account agent, documentation not
provided, verified or independent
• Transaction characteristics > online connection mode, IP and
geolocation, links with high-risk countries, logic with the type of account,
previous failed attempts, anonymous counterparties, in cash
• Operation characteristics > volume and frequency of operations,
traceability, transfer movements between countries or accounts, lack of
documentation
71. How to Update Alert Decision Matrices
• Internal factors are also analyzed at the entity level
• Efficiency of compliance controls in audits
• Degree of integration and trust of the systems
• Anti-laundering personnel training
72. Example of a cyber laundering risk matrix for alerts
(simplified)
Criteria Risk factor Low High
Customer due diligence ID Known customer Y
Verified ID
Client new
Monitoring Known relationships Anonymous relationships
Transaction Geography Countries high risk
Value < € 7,000 > € 7,000
Method of pay Documentation verified,
regulated source
Cash, anonymous origin, eCash,
online, intermediaries
Operative Balances < € 8,000 > € 8,000
Frequency Low number High number, multiple sources
Service segment Physical On-line
73. How to Update Alert Decision Matrices
Case discussion for your organization (15 minutes for preparation)
Criteria Risk factor Low Medium High
Customer due
diligence
ID
Monitoring
Transaction Geography
Value
Method of pay
Operative Balances
Frequency
Service segment
74. The protocol to escalate alarms depends on the risk level
• Request explanation and documentation of the transaction >
evidence of origin of funds, reasonableness with the product, tax
information, verification of counterparties and intermediaries
• Review and update the client's due diligence> identity
documentation, physical presence
• Check logs of accesses > addresses of IPs, failed attempts, access
from multiple accounts
How to Update Alert Decision Matrices
75. How to Update Alert Decision Matrices
Segregate operational risks in virtual currencies
• Convertible into traditional money, negotiable for real payments
• Cryptos BTC Bitcoin, ETH Ether. XRPRipple, LTC Litecoin. ADA
Cardano
• Stable coins: USDT Tether
• Coins alternative (not mined): BCH Bitcoin Cash
• LD Linden dollars (Second life)
• Not convertible into money, they only pay within their
environment or platform or sold at auctions (secondary
market)
• Games multiplayers on-line: World of Warcraft Gold.
PED Project Entropy dollars
76. Controls to prevent cyber laundering by financial institutions includes
monitoring of movements on
• Online payments> PayPal
• Prepaid cards
• Bitcoin ATMs
• Prodents from services from remittances > Wise, CurrencyFair,
WorldRemit
How to Update Alert Decision Matrices
77. Due diligence of clients and on high-risk countries
The 5th directive requires strengthening customer due diligence in high-
risk countries as a core obligation
For clients in high-risk countries, changes in the enhanced due diligence
requires documentation to be revalidated by independent sources
• Affidavit of the origin of the funds
• Declaration of patrimony and its fiscal and accounting position
• Evidence of beneficial ownership of companies and trusts
• Controls over the reasonableness, nature and purpose of the products
• Match against lists of sanctioned and politically exposed people
78. Due diligence of clients and on high-risk countries
Enhanced due diligence changes should require the approval by higher-
level managers and closer monitoring of transactions to eventually report
suspicious transactions
Document difficulties in obtaining the due diligence information
79. High-risk third countries are revalued approximately every two years
according to a methodology that covers the anti-money laundering
framework.
1. Historic countries: Afghanistan, Iraq, Vanuatu, Pakistan, Syria,
Yemen, Uganda, Trinidad and Tobago, Iran, and North Korea
2. Countries added in 2020: Bahamas, Barbados, Botswana, Cambodia,
Ghana, Jamaica, Mauricio, Mongolia, Myanmar, Nicaragua, Panama
and Zimbabwe
3. Countries removed in 2020: Bosnia-Herzegovina, Ethiopia, Guyana,
Lao People's Democratic Republic, Sri Lanka and Tunisia
Due diligence of clients and on high-risk countries
81. Acceptance of Politically Exposed People
The 5th directive asks member countries and international organizations
to compile a list of politically exposed persons
The lists include PEPs nationals, internationals, members of their
families and close business and personal associates
The due due diligence of an PPE involves obtaining additional and independent
information on
• the nature of the relationship and the purpose of the product to be contracted
• the origin and effective ownership of the funds and assets
Perform a closer monitoring on the ongoing operations
For the PPEs removed from the list as former presidents, controls must
be maintained for as long as there is a risk of money laundering
82. Discrepancies with Registry Public of Beneficial
Owners
Due to
1. the different definitions of the term "beneficial owner",
2. the lack of data updating and
3. the data and file transfer issues
discrepancies are generated in the information compiled from the
national registers to the central one
The entities bound by the register obligation must control and report
material discrepancies in the information of the beneficial owners in the
registry of persons with significant control
Non-material discrepancies such as writing errors are not reported if they
do not affect the sense
83. Discrepancies with Registry Public of Beneficial
Owners
Material discrepancies include the lack of a beneficial owner, a non-
beneficial owner, incorrect nature of the control, and errors in the type of
subject such as outdated addresses, date of birth, nationality or place of
registration
Discrepancies are reported without delay or wait to complete a review of
all companies in a group
May require adding a new record or change data on a existing record
Example in UK https://www.smartsurvey.co.uk/s/report-a-discrepancy/
84. Prof. Hernan Huwyler, MBA CPA
IT and Compliance Risk Manager
Module 5
IMPLEMENTATION OF
NEW TECHNOLOGIES FOR
CYBER LAUNDERING
85. | Techological objectives for compliance
DATA QUALITY
Risk related to the lack of
quality and integrity of data
CENTRAL SOLUTION
Risks related to the selection
of poor techologies
86. How to evaluate the quality requirements of data
Inconsistencies in master data of clients and relationships create false
alarms and prevent suspicious reporting on transactional data
• Implement good governance and data ownership practices
• Integrate data from all solutions and data providers for due diligence
• Match operations and processes in all subsidiaries
• Audit and update customer and merchants master data
• Conduct compliance audits to review control evidence
• Set a log of data changes with preceding values
• Review the loading of data, manually or via interfaces
• Standardize the names, addresses, identification numbers fields
• Remove duplicate records
• Add data integrity validations in applications
87. How to evaluate capabilities of AML solutions
Solutions to ensure compliance with cyber laundering regulations are
constantly evolving in terms of technology and providers
The oommon capabilities to assess are the
• to manage due diligence investigations in the cloud
• to get a global view of data in different databases include all third
parties (data virtualization)
• to visualize data and relationships in dynamic reports (information
cubes)
88. How to evaluate capabilities of AML solutions
• to keep data integrated and updated
• to bi-directionally communicate with clients and other third parties
• to keep logs complete and secure
• to encrypt the data "at rest”and “in transit”
• to ensure an online availability performance
• to ensure the continuity of customer operations and payments
89. Single source of truth
Cloud-based
Savings in consolidating
management and compliance
funtionalities
| Key capabilities
Enable to perform
investigations while working-
from-anywhere
Escalability
Modules are implemented
with an Agile approach
90. Solutions for money laundering prevention and compliance involve
making decisions on high investments
• Innovate carefully by focusing on technologies, solutions and
suppliers with proven success stories and productivity improvements
• Ensure good governance and data quality before planning solutions
• Consider the transfers of personal data to third countries, especially
to the United States under the GDPR
• Evaluate the support of common cases and complex cases that need
manual evaluations
• Start by assessing business cases for product and customer
segments with highest laundering risks that will have the largest
impact on improving the risk profile
How to evaluate capabilities of AML solutions
91. Money laundering and robotics
The use of robotics in preventing money laundering requires selecting
and evaluating solutions to automate and digitize processes
• Standarize the preparation of cases for due diligence investigations
• Trigger use of bot processes after an alert has been generated
• Follow standarized controls and documentation compilation rules
• Segment operations from the standard (highly automatable) to the
complex (not automatable)
• Incorporate internal and external data (data supplier) for automation of
tasks
• Normalize data in unstructured databases
• Reconcile internal and external bases avoiding duplications
92. Machine Learning is the most effective technology to detect abnormal
patterns and focus investigation to address the complexity of cyber
laundering
• Reduce false positives of alarms
• Predict which alarms are investigated and then reported to prioritize
them at the time of their creation (triage)> Decide the level from
research necessary
• Update the risk profile of clients and intermediaries and immediately
adapt alarm generation patterns
• Detect changes in the behavior of customers and their movements
Cyber laundering and machine learning
93. • Identify relationships between clients and real owners
• Model which operations and clients must trigger alarms and risks
• Identify connections between various clients and their types of
operations
Allows the AML department to evolve from “moving papers” to become a
learning center
Cyber laundering and machine learning
94. Machine learning rules from
• Previous investigations and reports
• The type of transaction, customer, account and countries
• Information from data providers on laundering such as
• legal cases and investigations
• relationships with real owners
• sanctioned
• mentions on the Internet and the media
• PEPs
Machine learning It begins by implementing steps from the simplest and
highest-risk cases to later grow in complexity
Cyber laundering and machine learning
95. Case: sSolution for linking blockchain addresses
with service addresses
Ledger blockchain public Visualization app
Relationship between services like
wallets and potential illicit activities
96. Solutions using text and data analytics
Masive data flows within financial systems and their relational bases
require analytics to extract decision-making information
• Set a single holistic view of each client to compare against risk
thresholds (eg list all payments to different sources and accounts,
consolidate transfer receipts from various minor accounts)
• Investigate related parties
• Verify due diligence data
• Segment customer groups
• Detect changes in operations between periods
Data analytisc combines with machine learning and cloud applications