Risk based approach

RISK BASED APPROACH
Pierre Simon,
Managing Director
Simon Legal &
Compliance
ACOA Seminar
August 22, 2012

I. AML Compliance: Elements of success
II. Assessment of Risk
- Four Measures
- Analysis
III. Due Diligence and Monitoring Controls
- Customer Risk Rating
- Risk Rating Methodology
- What can Financials Institutions Do?
IV. Customer Risk Rating Model
- Customers with a Pre-defined Risk Rating
- All Other Customers
Copyright © 2012 Simon Legal & Compliance. All rights reserved.
TOPICS
2

Financial Institutions need to address several aspects of AML to
mitigate regulatory and reputational risks
4
AML COMPLIANCE: ELEMENTS OF SUCCESS

Institutions typically identify, measure and consider four main risk measures
when assessing the quantity of AML risk.
6
ASSESSMENT OF RISK: FOUR MEASURES

7
ASSESSMENT OF RISK: FOUR MEASURES

A well-developed risk assessment can enable a financial institution to assess and
apply appropriate controls to mitigate the risks. Below is an approach for
conducting an AML risk assessment.
8
ASSESSMENT OF RISK: ANALYSIS

III.
DUE DILIGENCE AND
MONITORING CONTROLS

Primary purpose: to identify the population of higher risk customers and to further
design/modify existing due diligence processes, monitoring procedures and business
process flows to address the risk associated with the customers of different risk levels :
 Enhanced Due Diligence:
– Varying EDD procedures/standards to be applied to customers of different risk
levels
 Enhanced Transaction Monitoring:
– Leveraging risk ranking in monitoring of customer activities helps develop an
effective transaction monitoring as well as STR filing program
• Adjusted monitoring thresholds
• A low risk client would be permitted to deviate more from its range of
normal/expected activity than would a high risk client
 Modified Business Process Flows:
– Varying levels of new account opening procedures dependent upon initial risk
assessment of client
– Strengthened approval/signoff requirements for new accounts opened for high risk
customers
– Increased KYC verification requirements for high risk customers
DUE DILIGENCE CONTROLS: CUSTOMER RISK
RATING
10

In the optimal theoretical setting, all relevant KYC and transactional information
would be available and utilized during the risk rating process. Under this
assumption of a perfect information set, the following indicators would be
considered to identify risk in each category:
1. Customer Demographic Risk - evaluate demographic attributes to indicate higher
AML risk.
2. Product/Transaction Risk – Banking products and transaction types vary
significantly in the level of AML risk they represent. Categorizing the products and
services offered helps identify those that posing higher AML risk.
3. Geographic Risk – Geographic risk is captured primarily at the country level when
transactions originate or terminate in countries that have been linked to certain
types of money laundering/terrorist financing behavior. As part of risk rating,
evaluate AML risk of customers based on associated jurisdictions.
DUE DILIGENCE CONTROLS: RISK RATING
METHODOLOGY
11

1. Customer Demographic Risk - evaluate demographic attributes to indicate higher AML risk
METHODOLOGY
12
Risk Indicator Example
Higher Risk
Customer Types
• Higher Risk Industries - foreign financial institutions; non-bank financial institutions (MSBs,
casinos, brokers/dealers in securities, and dealers in precious metals, stones or jewels); off-shore
corporations; deposit brokers; cash intensive businesses (convenience stores, restaurants, retail
stores, liquor stores, cigarette distributors, privately-owned ATMs, vending machine operators,
and parking garages), non-governmental organizations & charities; asset management
• Higher Risk Occupations - student, unemployed, professional service providers (attorneys,
accountants, doctors, real estate brokers)
• PEPs (Politically Exposed Persons) and senior foreign political figures
• Foreign individuals
Customer’s
Investigative
History
• STR Suspect
• Judicial Foreclosures
• Court Rulings
Account Maturity • Client relationship < 1 year

2. Product/Transaction Risk – Banking products and transaction types vary significantly in the
level of AML risk they represent. Categorizing the products and services offered helps identify
those that posing higher AML risk.
METHODOLOGY
13
Transaction Types • International Wire Transfers - Customers that exceed the 90th percentile of number
and/or aggregate florin or dollar value of international wire transactions within their peer group
(e.g., individual, small business, and large business accounts)
• High Cash Users - Customers that exceed the 90th percentile of number and/or aggregate
florin or dollar value of cash transactions within their peer group (e.g., individual, small
business, and large business accounts). Alternatively, can be based on the number of
currency reports filed
• Other higher-risk transaction types including internet banking, transactions in which the
primary beneficiary or counterparty is undisclosed, transactions involving large amounts of
monetary instruments, and certain types of electronic transactions. All present risk due to the
anonymity they provide
Product Types • Large number of different product types held by a customer. Allows for movement of
funds and complex transactional patterns
• Private Banking – can pose higher AML risk because of the variety, complexity,
geographic scope, and high florin or dollar value of many transactions typically taking place
through these accounts under especially high privacy and confidentiality circumstances;
also, greater customer service can increase risk
• Other higher-risk banking functions incl. offshore international activity, deposit-taking
facilities, pouch activity (as opposed to domestic courier), and international correspondent
banking

3. Geographic Risk – Geographic risk is captured primarily at the country level when transactions
originate or terminate in countries that have been linked to certain types of money
laundering /terrorist financing behavior. As part of risk rating, evaluate AML risk of customers
based on associated jurisdictions .
* High risk jurisdictions can include jurisdictions on the following lists:
– Sanction Listed Countries (e.g., EU, UN, OFAC)
– FATF Non-cooperative Countries and Territories
– Countries at Risk of Sponsoring Terrorism or Financing Terrorism
– Offshore Financial Centers
METHODOLOGY
14
High Risk
Jurisdictions *
• Customer’s location – customers located in high-risk jurisdictions pose a higher AML
risk
• Customers engaging in a significant level of transactions to/from high risk jurisdictions

 Comprehensive enterprise-wide account monitoring systems enable the bank
to detect unusual and potentially suspicious activity that may indicate the
need for additional internal money laundering investigations. Alerts may
include tax avoidance schemes.
 Alerts on transaction patterns or events that exceed statistical thresholds
within pre-defined scenarios. The systems typically utilize temporal analysis to
evaluate transactions over multiple dimensions of time.
 High risk customer surveillance groups may be identified, sourced, and
monitored in parallel with the transaction monitoring system.
 Alerts generated by the systems are typically clustered with other intelligence
data and reviewed by a bank’s Financial Intelligence Unit (“FIU”) or MOT-
coordinator. The mission is to bring a focused and proactive approach to the
operational aspects of financial crimes deterrence, detection, and reporting.
The result can be an enterprise view of risk from across the organization.
MONITORING CONTROLS: WHAT CAN
FINANCIAL INSTITUTIONS DO?
15

 Optimize transaction monitoring program.
 Develop a high risk customer surveillance program.
 Aspects of tax evasion can potentially be detected by modifying triggers
within the Aruban bank’s wire structuring scenario. Most people typically
associate structuring with cash deposits; however, this logic is commonly
modified to apply to wire transfer activity in high risk customer populations,
such as for private banking clients. Intelligence data should flow from across
the organization potentially resulting in a STR.
MONITORING CONTROLS: WHAT CAN
FINANCIAL INSTITUTIONS DO?
16

IV.
CUSTOMER RISK RATING
MODEL

Our customer risk model is based on:
 Customers with a predefined low or high risk rating
 A risk rating (low, medium or high) for all other customers based
on jurisdiction, industry & sector and nature of company (entity
type).
 Potential adjustment of the risk rating (at least one level up) or
rejection of the customer based on material adverse
information.
CUSTOMER RISK RATING MODEL
18

The model is shown in the table below and explained in the next
sheets.
CUSTOMER RISK RATING MODEL
19
Adjustment for
material adverse
information
Predefined risk rating:
Low
or
High
Risk rating based on:
- Jurisdiction
- Industry and sector
- Nature of company
(entity type)

CUSTOMER RISK RATING MODEL: CUSTOMERS
WITH A PREDEFINED RISK RATING
20
There are certain types of (prospective) customers who from a customer
integrity perspective represent a lower inherent risk or higher inherent
risk. Pre-defined and high risk customers are set forth below:
The following customer types automatically qualify as low risk:
 A supervised financial institution in a low risk jurisdiction.
 A publicly traded company in a low risk jurisdiction which is listed on a
recognized exchange. This includes all direct and indirect wholly-
owned subsidiaries of such a publicly traded company, provided that
such a subsidiary is located in a low risk jurisdiction.
 A supervised agent or intermediary in a low risk jurisdiction.
 Government departments, agencies or local authorities in a low risk
jurisdiction.

CUSTOMER RISK RATING MODEL: CUSTOMERS
WITH A PREDEFINED RISK RATING
21
The following customer types automatically qualify as high risk:
 A customer that has issued bearer shares.
Bearer shares pose a high risk because the ownership of these shares
may change without any registration or notification which makes it
difficult to identify the ultimate beneficial owner(s). In addition the
companies that issue bearer shares are frequently incorporated in high
risk jurisdictions. Therefore customers with bearer shares should be
classified as high risk.

For customers that do not qualify as pre-defined low risk as described in
previous sheet a risk score is calculated based on AML risk associated with the
following 3 main risk areas:
CUSTOMER RISK RATING MODEL: ALL
OTHER CUSTOMERS
CDD Risk Rating
3. Entity
Type
1. Country
Risk Rating
2.
Industries
and sectors
22

 Each category is rated low (L), medium (M) or high (H) according to how the
customers jurisdiction, entity type and industry and sector falls within a pre-
defined set of rules.
 Within the calculation model every category has the same weight. By simple
counting the times that the outcome is low, medium or high, the CDD risk
rating will be determined.
OTHER CUSTOMERS
23

The table below shows all possible combinations of category scores and the
corresponding CDD risk rating.
Example: Category jurisdiction is rated high, category industry and sector is rated low, category entity is
rated medium. So result is 1 high, 1 medium and 1 low. Based on the table above the conclusion is an initial
risk rating of medium.
OTHER CUSTOMERS
24
Factor risk rankings (Jurisdiction, Industry and Sector and
Entity Type): the number of occurrences over all 3
categories
Customer risk classification
HIGH MEDIUM LOW
3x - - High
3x 1x - High
3x - 1x High
1x 2x - High
1x - 2x Medium
1x 1x 1x Medium
- 2x 1x Medium
- 1x 2x Low
- - 3x Low

QUESTIONS
25

Pierre A. Simon
Managing Director, Anti -Money Laundering Consulting
Simon Legal & Complianc e
Phone: +31 (0)20 - 7 9 9 7955
pierre @si mon l e gal .nl
WTC H -Tower
Zuidplein 36
1077 XV Amsterda m
Pi er r e i s mana g in g di r e ct or at Si mo n L e gal & C o mp lian c e and h as l e d co m pl e x, glo b al AM L p roj e c t s a t va ri e ty o f
finan ci al in st it uti on s. Pr e viou sly , Pi e rr e se r ved a s S e n io r Du e D ili g en c e A d vi so r fo r a la r g e Du t ch b an k . Prio r t o
tha t, h e wa s a B u sin e ss Ana lyst AM L in th e Glob al D u e Dili g e n c e Mana g e m e nt g ro up o f a la r g e fina nc ial i nstit ut ion
where amongst others he helped set up a complet ely n ew CDD departmen t .
H e b e ga n hi s ca r e e r i n 1 9 9 7 at th e A ruba n Poli c e F or c e and no w ha s a p rof e ssi onal back g rou nd a s a p ol ic e of fi c e r ,
busin e ss analy st an d sen io r A ML co mp lian c e co nsul tan t f or o ve r 1 5 y e ar s. H e stu d i ed D ut ch La w at th e V U Un ive r si ty
A mst e rda m a nd ha s gai n ed mo st of hi s pro f e ssional e x p e ri en c e wi thin lar g e Eu ro pea n o r gani za tio ns such a s
Euro n e xt , Rabo bank , Euro cl e ar a nd Fo r ti s Ba nk’ s G lobal S e cu rit i e s an d Finan c in g Gr ou p and i s th e foun d er of Si mo n
L e gal & C o mp lian c e . Pi e rr e find s hi s ad de d va lu e e sp e cial ly in c hall e n g e s e n vol vin g p oli cy d e vel op m e nt &
impleme nta tio n s and project managem en t within financial institutions .
THANK YOU
26

Risk based approach

More Related Content

What's hot

Viewers also liked

Similar to Risk based approach

Recently uploaded

Risk based approach