Sound Credit Risk Experience Sharing Vietnam Fsa And Bank
Risk Based Approach Bachir El Nakib July 2009 [Compatibility Mode]
1. Building Ri k P fil
B ildi Risk Profile
Bashir A. El-Nakib, CAMS, ACFE, CFAP
Managing Partner/CEO
Compliance ALert July 09, 2009 1
2. THE ONLY ISSUE?
COMPLIANCE & REGULATORY RISK
The problem is KYC - CUSTOMERS
- CORRESPONDENTS
KNOW YOUR - EMPLOYEES
- SHAREHOLDERS
7/8/2009 Risk Based Approach 2
3. Outline
Introduction/Overview
Background
Developing a Risk Based Approach
AML Program Elements
Embargoes & Sanctions
Identifying Risk
Risk Types & Characteristics
Red Flags
Issues/Challenges
Summary
Open Discussion
7/8/2009 Risk Based Approach 3
4. Definitions
Money Laundering
Money Laundering is the process by which criminals attempt to conceal the
true origin and ownership of the proceeds of criminal activities.
Terrorist Financing
An offence by any means, directly or indirectly, unlawfully and willfully,
which provides or collects funds with the intention that they should be used
or in the knowledge that they are to be used, in full or in part, in order to
carry out an act intended to cause death or serious bodily injury to a
civilian, or t any other person not t ki an active part i th h tiliti i a
i ili to th t taking ti t in the hostilities in
situation of armed conflict, when the purpose of such act, by its nature or
context, is to intimidate a population, or to compel a government or an
international organization to do or to abstain from doing any act.
Source: United Nations 1999 International Convention for the Suppression of the Financing of Terrorism
7/8/2009 Risk Based Approach 4
5. Regulatory Concerns
• C
Certain types of transactions have come under intense
f
regulatory and law enforcement scrutiny, especially in the US.
– Transactions involving shell companies.
– The potential for abuse of cover p y
p payments to launder
funds or to avoid SIC/UN/BOE/OFAC regulations.
7/8/2009 Risk Based Approach 5
6. Development of Local Standards
Banks AML Due Guidelines on Measures Against
Diligence
Money Laundering
Law 318
• Required financial entities to design their own detailed Policy
Manual to suit the nature of their particular environment in
which they operated
hi h th t d
BDL Basic Circulars 83 • Permitted compliance based on commercial considerations
Standard
M L Procedures Standards
Interim Circular Risk based approach to Know Your Customer (KYC)
Banks Project to rectify existing higher risk accounts
20, 35, 136, 190 Enhanced procedures to identify and monitor special risk
cases
Compulsory Procedures Guidelines
Announcement (4) Know Your Customer (KYC) for Transit subjects
• Roll-out
R ll t over old customers f KYC i l
ld t for implementation
t ti
7/8/2009 6
7. Compliance Process
p
4 Ph
Phases
Risk identification
Risk assessment
Risk Monitoring
s o to g
Risk Reporting
7/8/2009 Risk Based Approach 7
7
8. Proposed Enhanced Due Diligence for High-Risk FFIs
• Would apply to offshore banks and FIs in non-compliant jurisdictions.
– Enhanced Due Diligence (EDD):
• Obtain documentation of the FFI’s AML program.
• Monitor activity in the correspondent’s accounts for risks posed by
the client’s customers not subject to EDD.
• Identify nested correspondents and assess associated risks
risks.
• Identify FFI ownership for non-publicly traded institutions.
7/8/2009 Risk Based Approach 8
9. Risk Based Approach to KYC
2a. Borrowing
Customers 3. Risk
Level 1 Risk
Manage as
Existing KYC Assessment
Process
e
1. Accept or (BCA)
Reject business?
3. Impose Basic
•Profitability
KYC only
•Suitability
Suitability
•Reputation Risk Accept
•Sanctions
•Suspect blacklists
2b. Non-Borrowing
Customers risk
profiled using agreed
and easy to
implement filters.
evel 3 Risk
k
Manage as
3. Separate out
3b. Impose Level 3
Enhanced KYC customers
Le
M
using agreed
i d
filters.
7/8/2009 9
10. Risk Based Approach to KYC
pp
Level 3 risk Level 2 Level 1
Risk Risk
Enhanced KYC
Monitoring to identify
-Basic KYC Plus account activity which
Account requires account to be Basic KYC
Opening -Nature of business
reclassified as Level (3)
-Evidence of Identity
-Origin of funds
Monitoring of transactions
against customer profile -Evidence of address
-Purpose of account
every 12 months.
th
-Type & level of activity
6 Monthly Review
-Monitoring of transactions against
Ongoing
g g Monitor Account Activity which
customer profile requires account to be classified as
Account Level (2) or (3)
-KYC Relationship review
Management approved by Senior management
7/8/2009 10
11. Recent Enforcement Actions
• Non-compliance penalties continue to rise.
– UBS Bank - $100 Million (May 2004)
– Riggs Bank - $ 25 million (May 2004)
– AmSouth - $ 50 Million (October 2004)
– Riggs Bank - $ 41 Million (Jan 2005)
– Arab Bank - $ 24 Million (August 2005)
– Bank of New York - $ 38 Million (Nov 2005)
– ABN AMRO - $ 80 Million (December 2005)
– AMEX - $65 Million (August 2007)
– Lloyds TSB - $130 Million (October 2007)
– Bank of Cyprus - $162 Million (October 2007)
– Lloyds TSB Bank - $350 Million (10 Jan 2009)
7/8/2009 Risk Based Approach 11
12. Compliance Guidance Needed
• Large fines have led to some unintended consequences.
- Fi
Fines have led to a flood of defensive SAR filings. I th 12 months
h l dt fl d f d f i fili In the th
following the Amsouth and Riggs fines, filings jumped by 40%.
- KYC requirements and the high p
q g price of a compliance mistake have
p
made it very difficult for even the most diligent money transmitter to find
banking services. (The guidelines published last year may help.)
• Increasing tendency to “criminalize” AML errors
criminalize
- Lapses are unavoidable for any large bank with significant transaction
volume or a large client base.
- Does it make sense to impose penalties – sometimes large penalties –
on banks with strong compliance regimes that have an AML lapse?
7/8/2009 Risk Based Approach 12
13. Business Challenges
g
• Financial Institutions • Regulatory • Technology
Need more effective
compliance Increasing compliance IT compliance spend =
Re-use
Re use regulation globally - $34Bn (5% AML*)
AML )
investments- FATF Annual spending
integrate with fraud Increasing pressure expected to continue to
and financial crime from regulators o FIs
o egu ato s on s increase
increase*
detection AML requirements now Technology is NOT the
extend to securities, big cost!
Technical insurance, real estate Investigations are 64%
g
integration vs industries and casinos of costs**
organisational as well as banks Industry vendor
integration Regulatory compliance consolidation
is primary driver of AML * Tower Group
investments
** Celent
7/8/2009 Risk Based Approach 13
14. Why s ou d I care about these Requirements?
y should ca e t ese equ e e ts
• Money Launderers and Terrorists seek out vulnerable banks
• The Regulator will fine the bank heavily
– Ignorance is no defense!
• OFAC can and will seize customers funds
– Banco Delta Asia Ltd. Macau
• US, European and other banks won’t Correspond with you
– Strict Due Diligence
– Correspondent Bank Certifications
– Demand due diligence (KYCC)
• The cost of a Fine is insignificant, compared to the internal cost and
f f
loss of business.
– Restructuring, new procedures, new systems, training
– Loss of reputation
– Loss of shareholder value
7/8/2009 Risk Based Approach 14
15. What are sanctions:
• Definition:
Sanctions are punitive or coercive measures against a state or its
nationals failing to comply with.
• Types of sanctions:
Multilateral sanctions (e.g. UN Country or regime sanctions (eg
sanctions) Taliban, Congo DRP, Sudan, Syria,
Iran)
Bilateral sanctions (e.g. US sanctions List-based sanctions (eg against
against Cuba) known terrorists)
• All UN member states, are obliged to implement UN Security Council
sanctions domestically.
• Financial Institutions must comply with sanctions in all jurisdictions
within which they operate.
7/8/2009 Embargoes & Sanctions 15
May 13, 2008
16. Managing Sanctions
• Off the shelf
Off-the-shelf shelf filtering software is available
• Can check incoming and outgoing payments and any other
transaction or customer information entered onto systems.
• However,
However judgment is required:
– Names may not be a complete match
– May get a country match but the transaction is not sanctioned.
• Must have a process for assessing and then declining or approving
transactions with full audit trail.
• Staff must have targeted training depending upon factors such as:
g g p g p
– Nationality
– Type of business (eg domestic, global trade, international payments etc)
– Decision making capacity
capacity.
7/8/2009 Embargoes & Sanctions 16
May 13, 2008
17. Compliance Costs Increase – KYC AML, OFAC
KYC, AML
Compliance is expensive. Non-compliance is very expensive.
• Technology costs – the bar keeps moving
• Then
Th Now
N
• OFAC Scan repair items Scan all items
• KYC/AML Recordkeeping and Money Laundering
Travel Rules Pattern Recognition
• Cost of non-compliance
- Enforcement actions
- Prosecutions
- Reputational damage
7/8/2009 Embargoes & Sanctions 17
May 13, 2008
18. Compliance Requirements Increase
Section 312 of the USA PATRIOT Act increases costs and risks.
• Requires due diligence risk assessment for Foreign Financial Institutions
(FFIs)
- Nature of the FFI’s business & the markets its serves
- Nature of the correspondent account, including account purpose, types of
services provided and anticipated account activity
provided, activity.
- Nature and duration of of bank’s relationship with the FFI – and affiliates.
- FFI’s home supervisory regime.
- Info known or reasonably available regarding the FFI’s AML record.
• New FFI due diligence rules are effective:
- July 5 2006 for new account openings.
5, openings
- October 2, 2006 for existing accounts.
7/8/2009 Embargoes & Sanctions 18
May 13, 2008
19. Watch list Filtering
g
• Scanning of customer records & transactions against
– Government sanction lists – OFAC, BOE, UNO etc
, ,
– High risk individuals- terrorists, organized crime, fraudsters etc
– Exposed individuals – PEPs, public figures, high profile
– 3rd party database providers – World Compliance, Thomson, Bridger, World-Check,
Dow Jones-Factiva, C
D J F ti Complinet, L i N i etc.,
li t Lexis-Nexis, t
• Key Issues
– Character Variations
– Phonetic Variations
– Transliterations & cultural differences
• Using intelligent name matching algorithms with :
– Normalization of names – capitals, abbreviations, spaces, punctuation
– Reference libraries – common short names, cultural inputs
– Reduction to simplified representation – phonetics soundex
phonetics,
– Indexing – decision tree
– Similarity assessment – string equality, sub-sets, edit distance
7/8/2009 Embargoes & Sanctions 19
May 13, 2008
20. What is it Regulators are looking for banks to do?
• All accounts risk ranked systematically
• All transactions risk ranked systematically
• All transactions and all customer activity profiled to determine “usual and normal”
behavior
• Peer groups used to find unusual behaviour in similar accounts
• How is previously unknown behavior detected and alerted
• Profiles to be dynamically created and adapted
• Rules must be dynamically created, adapted and implemented
• The Regulators want banks to actively find money laundering!
• Regulators are becoming more IT aware, than ever before!
7/8/2009 Risk Based Approach 20
21. Why a Risk Based Approach?
Regulatory Guidance Characteristics
FATF Money Laundering Typologies Takes into consideration multiple risk factors
3rd EU Directive, Basel CDD paper, and Wolfsberg including customer/business type, geography,
product/delivery channels, and transaction type
Principles paper
U.S. Comptroller’s Handbook Establishes levels perceived risk for which
proportional controls may be devised
FSA & Other Regulatory Directives
Egmont Group Efficient and cost effective approach to AML Program
MiFiD management:
Benefits
Risk management framework accepted by regulators
More effective and efficient processes
Industry leading practices
7/8/2009 Risk Based Approach 21
22. Components of a Risk Based Approach
Risk Indicators Mitigating Controls
g g
Customer/Business Type AML Governance Structure
AML Policies & Procedures
Geography
Training/Communications &
g
Product/Delivery Channels Awareness
Independent Testing
Transaction Type
AML
Risk Based
Approach
Regulatory Environment
Increased regulatory expectations
New regulations
7/8/2009 Risk Based Approach 22
23. The Situation
• High risk individuals, companies and organisations are targeting
financial organisations and the countries within which they operate.
• Their very existence depends on their ability to enter your
organisation or country undetected. What are the risks:
•R l t
Regulatory risk
ik
• Reputational risk
• Business risk
• Shareholder risk
• Job risk
k
7/8/2009 Risk Based Approach 23
24. AML Process Elements
Policy, strategy,
resource allocation
Program evaluation
& continuous
improvement Communications,,
awareness
Technology & training
Risk and
Compliance
p
AML Office Officers
Branch
AML Officers
Corporate Partners
Investigations & Account opening,
Suspicious customer identification
Activity
y & risk assessment
s assess e t
Reporting
Financial intelligence,
monitoring,
analysis,
trending & Enhanced
Due Diligence
7/8/2009 Risk Based Approach 24
25. LOB Risk Assessment
Determine
Develop and
Evaluate inherent Assess controls residual risk/
implement action
risks establish
plans
thresholds
Evaluate Assess Determine Develop
Monitor and Maintain and
enhance controls retain records
Monitor Maintain
7/8/2009 Risk Based Approach 25
26. Anti-Money Laundering High Risk Characteristics
High Risk Characteristics
Customer/Business Types Geography Product/Delivery Channel Transaction Types
• Politically Exposed Persons • Sanctioned List • Mobile to mobile • Off-shore
Countries
• Non Resident Aliens • Private Banking, Trust, • Foreign wire transfers,
• Transaction activity with Commercial, Retail where it money instruments and
• Money service businesses high risk countries (e.g. involves high net worth cash
(e.g. check cashing, wire 311 USA Patriot Act and individuals and their
transmitter) FATF) corporate interests with • Use of “Omnibus” and
personal and discrete “Concentration Accounts”
Concentration Accounts
• Gaming and betting service
• Internet Delivery • E-Bill Payment
• Real estate brokers • Nominee Account
• Correspondent Bank
• Jewelry businesses Clearing
• Travel agencies • Prepaid stored valued card
• Car, boat, aircraft, and farm
equipment dealerships
• Payable through accounts
y g
• Charitable organizations
• Law, accounting, and
medical firms
• Pawn brokers
• Phone or debit card
businesses
• Off-shore Trusts
7/8/2009 Risk Based Approach 26
27. Risk-based Approach and the KYC Process
Risk-Scoring
s Sco g
• Simplified Due Diligence?
• Enhanced Due Diligence?
7/8/2009 Risk Based Approach 27
28. Risk-based
Risk based Approach and the KYC Process
– How do we perform risk assessment?
– Do we have the right tools to do the job?
– How does the risk assessment program define and
score the risks of products? Customers? And
jurisdictions?
– How do we develop risk based matrices? With or
without the help of outside vendors?
7/8/2009 Risk Based Approach 28
29. Risk-based
Risk based Approach and the KYC Process
Simplified or Enhanced Due Diligence?
Simplified CDD
p Level 1 - Tick-box / Red-Flag Check
g
Limited CDD Level 2 - Public Record Research
Standard CDD Level 3 - Public Record Research
Limited Source Enquiries
Enhanced CDD Level 4 - In depth Public Record
In-depth
Research & Enquiries
Specific issues
The Risk-based approach requires a levelled approach to CDD
7/8/2009 Risk Based Approach 29
30. Risk-Based
Risk Based Approach Matrix
• B ildi an RBA matrix i a collaborative effort
Building t i is ll b ti ff t
between:
– The Compliance Unit
– The Economic Center
– The Business Units
– The Management Information Services (MIS)
Department
– IT Division
– Others….
7/8/2009 Risk Based Approach 30
31. Main RBA Factors
Customer Risk Country Risk
Sector Risk Product Risk
7/8/2009 Risk Based Approach 31
32. RBA Elements
Customer Risk Country Risk
•Overall background and reputation •Political stability
•Business interests and practices Mgt
Business practices-Mgt •Legal status
Legal
•Business associates and •Economic situation
networks/ Business Link •Standing of the financial services
•Political Affiliations (PEPs) industry
•Beneficial ownership and control •Exposure to organised crime and
•Source of funds
Source Money laundering
•Corruption
Sector Ri k
S t Risk Product Ri k
P d t Risk
•Weapons and Metal trading •Private Banking
•Precious metals •Correspondent Banking
•Art •Structured Finance
•Real Estate •Commodities
•Exchange Dealership
7/8/2009 Risk Based Approach 32
33. RBA Matrix
• An RBA Matrix is built to:
– Assess Risks
– Capture identified risks
– Estimate their probability of occurrence and
impact
– R k th risks b
Rank the i k based on th above
d the b
information.
7/8/2009 Risk Based Approach 33
34. • These variables may increase or decrease the risk
posed by a particular customer or transaction, for
example:
– The level of regulation or governance regime to which a
customer is subject (A customer is located in a high
subject.
regulated jurisdiction poses less risk than a customer
located in a low risk jurisdiction)
– Type of the entity: publicly owned entities pose less risk
than private entities
– The use of intermediate = Anonymity
7/8/2009 Risk Based Approach 34
35. High risk products and services
Examples
The following examples are sample of high risk products
that are vulnerable to ML & TF:
– Facilitate a higher degree of anonymity
– Involve the handling of high volume of currency.
g g y
– Rapid transactions speed
– Wide geographic availability
7/8/2009 Risk Based Approach 35
36. High risk products and services
Examples
• Wire transfers:
• Correspondent Banking: (
p g (Factors to consider)
)
– Account purpose
– Location of the respondent bank
p
– Nature of the banking license
– The respondent money laundering detection and
p y g
prevention controls
– The respondent bank regulation and supervision in
its country
7/8/2009 Risk Based Approach 36
38. Red Flags
Sudden and inconsistent change in account activity or a concerning
pattern
A business account had sudden excessive cash activity inconsistent with past
behavior. No checks were made to suppliers or received from customers; the
company is not know by local competitors. The business address is a
p y y p
residential apartment and the phone number on file communicates with a fax
machine.
Frequent foreign wires to/from higher risk countries
A charitable organization had hundreds of thousands of dollars coming into
their account via settlement of credit card transactions. Wires were sent to
individuals and entities in high risk countries; foreign counter p
g ; g parties were
limited and could not be traced or identified. The purpose of the charity could
not be identified and it was determined that the organization was operated out
of a residential apartment.
7/8/2009 Risk Based Approach 38
39. Red Flags
Absence of cash with a cash intensive business account
A business customer that operates a restaurant/grill receives only deposited
checks into its account. Deposits consisted of checks from different
businesses/individuals payable to different parties.
Following the deposits were ACH debit transfers to another bank. There were
no cash deposits made into account, which is inconsistent with the type of
business.
7/8/2009 Risk Based Approach 39
40. Case Study - Background
An offshore financial institution incorporated in Bermuda is looking to
provide a structured finance loan to a group of investors.
The country into which the funds will flow and in which the project will be
carried out are th I
i d t the Ivory Coast and Middle Eastern countries.
C t d Middl E t ti
The sector in which the transaction is due to take place is the construction
sector and therefore inherently a high money laundering risk.
y g y g
It is unclear whether the directors and shareholders of the company are the
beneficial owners.
Rumours have been identified in the public record suggesting that the two
businessmen and the company are linked to a PEP and that the foreign
bank involved in the transaction is a pocket bank of the same PEP.
7/8/2009 Risk Based Approach 40
41. Case Study - Background
The transactional structure presented by the customer is
very complex and the reasoning behind the complexity
and non-transparency is unclear
non transparency unclear.
A number of companies within the structure have not yet
been incorporated and are “work-in progress”.
7/8/2009 Risk Based Approach 41
42. Case Study – Results of Risk-Scoring
Customer Risk Country Risk
•Overall b k
O ll background and
d d •Known of weak AML rules
K f k l
reputation •Known of terrorist financing,
•Business interests and practices
Business Smuggling & other money
•Business associates and laundering activities
networks
•Political Affiliations (PEPs)
•Beneficial ownership and control
•Source of funds
S ff d
Sector Risk Product Risk
•Real Estate •Structured Finance
•Complex transaction
7/8/2009 Risk Based Approach 42
43. Case Study - Approach
The scope of research should be divided into two phases:
Phase I - involve public record research into all parties (individuals
and companies) involved. This also included an overview of the
business networks and associations of the businesses and the
individuals.
Phase II - given the low profile of the individuals that could be
available in public records, a series of discreet enquiries within the
local business communities in which the individuals are active
should be undertaken in order to ascertain their overall business
reputation and to ascertain whether there is indeed any
substance to the allegations of their business being a front-
operation for a PEP.
i f PEP
7/8/2009 Risk Based Approach 43
44. Case Study – Results of Risk Scoring
Risk-Scoring
Enhanced CDD – Level 4
Simplified CDD
p Level 1 - Tick-box / Red-Flag Check
g
Limited CDD Level 2 - Public Record Research
Standard CDD Level 3 - Public Record Research
Limited Source Enquiries
Enhanced CDD Level 4 - In depth Public Record
In-depth
Research & Enquiries
Specific issues
The Risk-based approach requires a levelled approach to CDD
7/8/2009 Risk Based Approach 44
45. Customer Risk Matrix
Products/Services Used
Customer Type Deposit Unsecured Wire Transfer Private Trust Services
Account Loan/Credit Banking
Cards
PEP Moderate Moderate High Highest Highest
High Net Worth Moderate Moderate High Highest Highest
High Risk Nationality Moderate Moderate High High High
High Risk Industry Moderate Moderate Moderate Moderate Moderate
Cash Intensive Normal Moderate High Moderate Moderate
Business
Salaried Employee Normal Normal Normal Normal Normal
Independent Moderate Normal Normal Normal Normal
Consultant/Indiv
idual
Entrepreneur
Unemployed Moderate Moderate Moderate Moderate Moderate
Charity Moderate High High High High
Compliance ALert July 09, 2009 45
46. Account Opening Policies
Customer Risk Rating Applicable Policies
Normal
N l
•Presentation of valid original identity documents
•Establish purpose of account
•Establish source of funds
•Retain copies
•Check against UN and other watch lists
Moderate
•Above plus …
•Send registered letter to customer at provided address. Retain signed return
receipt.
High
•Above plus …
Above
•Independent verification of account opening documents
•Verification of source of funds
•Interview with bank officer
•Visit by bank officer to customer home/business
Visit
•Approval from branch manager
•Updating of account information/documents every twelve months
Highest
g
•Above plus …
Ab l
•Updating of account documents every six months
Compliance ALert •Approval from CEO 2009
July 09, 46
47. Transaction Type Risk Matrix
Customer Offshore Wire Transfer Cash deposit under Large Forex Early Loan
Risk Rating Wire to High Risk threshold/structuring Cash Repayment
Transfer Jurisdiction transactions Deposit
Normal Standard Standard Standard Enhanced Standard Standard
Moderate Enhanced Enhanced Enhanced Enhanced Enhanced Enhanced
High Severe Severe Enhanced Enhanced Enhanced Enhanced
Highest Severe Severe Severe Enhanced Enhanced Enhanced
Compliance ALert July 09, 2009 47
48. Transaction Execution/Monitoring Policy
Transaction Risk Rating Applicable Policies
Standard
•Teller/staff monitoring
•Automated system monitoring
Enhanced
•Customer explanation for transaction
•Compliance Officer Approval for execution
Severe
•CEO Approval for execution
Compliance ALert July 09, 2009 48
49. Continuous Control Monitoring
Business Process Areas Specific Compliance
p p
Daily AML & Compliance
Customer Profile Monitoring
Transactions
Currency
Customer Statistics
Cash (In-Out) Transaction
Performance
Reporting Analysis
Analysis of data
Inward Swift Transaction collected
Suspicious Activity
Activities
Outward Swift Reporting Analysis
Building
Unusual Scenarios
Bank Drafts Terrorist Reporting
Behavior
Analysis
Pattern
Clearing Matching
KYC Analysis
Transfer Trend Analysis
A/C to A/C
Compliance ALert July 09, 2009 49
50. Case Study – The Brief
Aware of the provision of guidelines in terms of the documentation &
verification required in order for the Bank to be compliant with the
money laundering legislation the Bank is subject to.
Based on the guidelines the issues which needed to be addressed
should b d fi d
h ld be defined.
Based on the issues defined research and enquiries in all the
relevant jurisdictions should be undertaken
undertaken.
7/8/2009 Risk Based Approach 50
51. Case Study – Expected Outcome
On the basis of the enhanced CDD that should be undertaken the Bank
undertaken,
could cross-reference the information provided by the customer to verify
the claims made by the customer independently
Could
C ld confirm th id tit of the beneficial owner and d t
fi the identity f th b fi i l d determine th
i the
reasoning behind the complex transactional structure
The Bank would be in a position to disprove any rumours which had been
p p y
voiced about links and front operations for a PEP
The exercise provides a complete and comprehensive documentation
trail and supporting case within the scope of the CDD process
The exercise enables the Bank to decide on the level of ongoing
monitoring, given the risks are classified as high.
7/8/2009 Risk Based Approach 51
52. Enhanced Ri k A
E h d Risk Assessment M th d l
t Methodology
Conduct detailed analysis of each category
1 2 3 4 5
Assess Risk
Purpose of Activity in Nature of the Location Products and
Account Account business Services used
7/8/2009 Risk Based Approach 52
53. Compliance Customer’s Risk Rating
Customer/Account Information Risk Factor Review Risk Value
8. Account Debit Activity - Estimate monthly volume for all accts, please insure Volume/velocity consistent with nature of business 0
percentages total 100%
_____% cash Purchasing monetary instruments 1
_____% checks Foreign Swift transfers (repetitive) 1
_____% currency exchange Foreign Swift transfers (walk-in) 2
_____% ACH Foreign Swift transfers to high risk countries (NCCT list, 5
OFAC, SIC)
_____% purchase official checks, money orders, etc. Domestic Swift transfers 1
_____% domestic wire transfers New Customer - Compare anticipated debit volume with
other similar businesses in the area. Additional investigation
should be conducted to explain any unusual business
factors.
_____% foreign wire transfers: LIST COUNTRIES BELOW Existing Customer - Compare historical deposit volume and
velocity with other similar businesses in the area. Additional
investigation should be conducted to explain significant
discrepancies.
100%
TOTAL
RISK
Business/Commercial Customer Risk Weighting Score -23 to +4 = Low Risk (L)
NOTE: Compliance or Risk Management staff may modify the risk rate for a +5 to +14 = Moderate Risk (M)
customer based on confidential information such as filing of SAR, receipt of +15 to +29 = High Risk (H)
criminal subpoena, etc. +30 and > = Extreme (E) Management Approval Req'd
7/8/2009 Risk Based Approach 53
54. Compliance Customer’s Risk Rating
Customer/Account Information Risk Factor Review Risk Value
6. Nature of Business Services (be specific) Money service business (see MSB section on page 2) +15
NAICS Code for principal line of business:
Brokered deposit relationship 30
Cash intensive business (see Question 9 for list) 10
ATM owner/operator 10
Customer qualifies as Phase I exempt p
q p person -15
Customer is exempted as Phase II exempt person -5
7. Account Deposit Activity - Estimate monthly volume for all accts, Volume/velocity consistent with nature of 0
please insure percentages total 100%.
Total Deposits: $ ________________ business Purchasing monetary instruments 1
_____% cash Foreign swift transfers (repetitive only) 1
_____% checks Foreign swift transfers (repetitive and/or walk-in) 2
_____% currency exchange Foreign swift transfers to high risk countries (NCCT list, SIC, 5
OFAC)
_____% ACH Domestic Swift transfers 1
_____% purchase official checks, money orders, etc. New Customer - Compare anticipated deposit volume with other
similar businesses in the area. Additional investigation
should be conducted to explain any unusual business
factors.
_____% domestic wire transfers Existing Customer - Compare historical deposit volume and velocity
with other similar businesses in the area. Additional
investigation should be conducted to explain significant
discrepancies.
_____% foreign wire transfers: LIST COUNTRIES BELOW
----------- 100%
7/8/2009 Risk Based Approach 54
55. Compliance Customer’s Risk Rating
Customer/Account Information Risk Factor Review Risk Value
8. Account Debit Activity - Estimate monthly volume for all accts, please insure Volume/velocity consistent with nature of business 0
percentages total 100%
_____% cash
% Purchasing monetary instruments
g y 1
_____% checks Foreign Swift transfers (repetitive) 1
_____% currency exchange Foreign Swift transfers (walk-in) 2
_____% ACH Foreign Swift transfers to high risk countries (NCCT list, OFAC, 5
SIC)
_____% purchase official checks, money orders, etc. Domestic Swift transfers 1
_____% domestic wire transfers New Customer - Compare anticipated debit volume with other
similar businesses in the area. Additional investigation should be
conducted to explain any unusual business factors.
_____% foreign wire transfers: LIST COUNTRIES BELOW Existing Customer - Compare historical deposit volume and
velocity with other similar businesses in the area. Additional
investigation should be conducted to explain significant
discrepancies.
100%
TOTAL
RISK
Business/Commercial Customer Risk Weighting Score -23 to +4 = Low Risk (L)
NOTE: Compliance or Risk Management staff may modify the risk rate for a +5 to +14 = Moderate Risk (M)
customer based on confidential information such as filing of SAR, receipt of +15 to +29 = High Risk (H)
criminal subpoena, etc. +30 and > = Extreme (E) Management Approval Req'd
7/8/2009 Risk Based Approach 55
56. Enhanced Risk Assessment Methodology
Identify specific risks categories
Product and
Service Risk
Risk Response
Customer Impact Quantity of Response Quality of
Analysis Effectiveness Actions
Risk Risk (controls) Risk
Analysis
Geographi
c Risk
Identify Risk Assess Quantity of Risk Assess Quality of Risk Action Plans
Categories
7/8/2009 Risk Based Approach 56
57. Best Practices Framework
Corporate Governance
AML Risk Assessment Risk Profile
Investigations
& Reporting
Project Pl
Program Manage
ures
Risk-Based
Writte Procedu
lanning/Ex
Policies
Customer Customer Transactions
Due Diligence
en
ement
xecution
Single Customer
View Data
7/8/2009 Training/Self Testing
Risk Based Approach 57
Independent Audit
58. Case Study: The United Nations
A FAMILY-RUN BUSINESS
7/8/2009 Risk Based Approach 58
59. Case Study: The United Nations
Leo Mugabe Kofi Annan
Kojo Annan
Hani Yamani Kojo Amoo
• Son of Kofi Annan (Secretary General-UN) from first marriage
• Worked for SGS/Cotecna (given UN deal to enforce sanctions in Iraqi ports)
• Moved on to start own company, Sutton Investments
• Sutton part of consortium with Air Harbour Technologies & Leo Mugabe ( p
p g g (nephew of
Robert Mugabe, Pres of Zimbabwe)
• Air Harbour owned by Hani Yamani (son of Sheikh Yamani, Saudi Oil Min.)
p
• Consortium won bid valued in $100s of millions to build Zimbabwe airport
• Kojo Amoo-Gottfried, Ghana Ambassador to UN (nephew of Kofi)
7/8/2009 Risk Based Approach 59
60. Risk: Customer/Business Type
Identifying PEPs
How do you determine whether an account holder is a PEP?
• Seek information directly from the individual
• Review sources of income including past and present employment history
and references form professional associates
• Review public sources of information (i.e. databases, newspapers, etc.)
• CIAs online directory of “Chiefs of State and Cabinet Members of Foreign
Governments” http://www.odci.gov/cia/publications/chiefs/index.html
• Transparency International Corruption Perceptions Index
• Private vendors (i.e. world Compliance/ Regulatory DataCorp (RDC),
Factiva,
Factiva and WorldCompliance)
7/8/2009 Risk Based Approach 60
61. Risk: Customer/Business Type
Identifying PEPs (Cont )
(Cont.)
FATF Recommendations for PEPs:
Determine whether a customer is a PEP
Obtain senior management approval for establishing relationship
Establish source of wealth of funds
Conduct ongoing monitoring of relationship
7/8/2009 Risk Based Approach 61
62. Risk: Customer/Business Type
Examples of Black Lists
OFAC: Office of Foreign Assets & Control lists:
Specially Designated Nationals
p y g
Weapons of Mass Destruction
Blocked Countries
BIS:
S Bureau of Industry & Security - Issued by the United S
f S States
BOE: Bank of England
CSSF: Commission de Surveillance du Secteur Financier Luxembourg
Financier-Luxembourg
SECO: Secretariat d’Etat a l’economie – Switzerland
UN: United Nations: Al-Qaida & Taliban; Iraq; Liberia
Al Qaida
MAS: Monetary Authority of Singapore
EU: EU Regulations
g
FATF: Financial Action Task Force
Other: Vendor (i.e. SIDE-OFAC/World Check Lists) and internal Lists
7/8/2009 Risk Based Approach 62
63. Summary
– Risk-scoring defines the level of CDD required
– Beneficial Ownership and PEPs are key
– Advantages:
• Institutions can mitigate their own risk exposure through
the risk-based approach and risk exposure
risk based
• Risk-Scoring also enables institutions to develop
benchmarks and risk rating parameters
7/8/2009 Risk Based Approach 63