Risk Based Approach Bachir El Nakib July 2009 [Compatibility Mode]

Building Ri k P fil
B ildi Risk Profile

Bashir A. El-Nakib, CAMS, ACFE, CFAP
Managing Partner/CEO

Compliance ALert July 09, 2009 1

THE ONLY ISSUE?
COMPLIANCE & REGULATORY RISK

The problem is KYC - CUSTOMERS
- CORRESPONDENTS
KNOW YOUR - EMPLOYEES
- SHAREHOLDERS

7/8/2009 Risk Based Approach 2

Outline

Introduction/Overview
Background
Developing a Risk Based Approach
AML Program Elements
Embargoes & Sanctions
Identifying Risk
Risk Types & Characteristics
Red Flags
Issues/Challenges
Summary
Open Discussion


Definitions

Money Laundering
Money Laundering is the process by which criminals attempt to conceal the
true origin and ownership of the proceeds of criminal activities.

Terrorist Financing
An offence by any means, directly or indirectly, unlawfully and willfully,
which provides or collects funds with the intention that they should be used
or in the knowledge that they are to be used, in full or in part, in order to
carry out an act intended to cause death or serious bodily injury to a
civilian, or t any other person not t ki an active part i th h tiliti i a
i ili to th t taking ti t in the hostilities in
situation of armed conflict, when the purpose of such act, by its nature or
context, is to intimidate a population, or to compel a government or an
international organization to do or to abstain from doing any act.

Source: United Nations 1999 International Convention for the Suppression of the Financing of Terrorism

Regulatory Concerns
• C
Certain types of transactions have come under intense
f
regulatory and law enforcement scrutiny, especially in the US.

– Transactions involving shell companies.

– The potential for abuse of cover p y
p payments to launder
funds or to avoid SIC/UN/BOE/OFAC regulations.


Development of Local Standards
Banks AML Due Guidelines on Measures Against
Diligence
Money Laundering
Law 318
• Required financial entities to design their own detailed Policy
Manual to suit the nature of their particular environment in
which they operated
hi h th t d
BDL Basic Circulars 83 • Permitted compliance based on commercial considerations
Standard
M L Procedures Standards

Interim Circular Risk based approach to Know Your Customer (KYC)
Banks Project to rectify existing higher risk accounts
20, 35, 136, 190 Enhanced procedures to identify and monitor special risk
cases
Compulsory Procedures Guidelines

Announcement (4) Know Your Customer (KYC) for Transit subjects
• Roll-out
R ll t over old customers f KYC i l
ld t for implementation
t ti
7/8/2009 6

Compliance Process
p

4 Ph
Phases

Risk identification

Risk assessment

Risk Monitoring
s o to g

Risk Reporting
7

Proposed Enhanced Due Diligence for High-Risk FFIs

• Would apply to offshore banks and FIs in non-compliant jurisdictions.
– Enhanced Due Diligence (EDD):
• Obtain documentation of the FFI’s AML program.
• Monitor activity in the correspondent’s accounts for risks posed by
the client’s customers not subject to EDD.
• Identify nested correspondents and assess associated risks
risks.
• Identify FFI ownership for non-publicly traded institutions.


Risk Based Approach to KYC
2a. Borrowing
Customers 3. Risk

Level 1 Risk
Manage as
Existing KYC Assessment
Process

e
1. Accept or (BCA)
Reject business?
3. Impose Basic
•Profitability
KYC only
•Suitability
Suitability
•Reputation Risk Accept
•Sanctions
•Suspect blacklists

2b. Non-Borrowing
Customers risk
profiled using agreed
and easy to
implement filters.

evel 3 Risk
k
Manage as
3. Separate out
3b. Impose Level 3
Enhanced KYC customers

Le
M
using agreed
i d
filters.
7/8/2009 9

Risk Based Approach to KYC
pp
Level 3 risk Level 2 Level 1
Risk Risk

Enhanced KYC
Monitoring to identify
-Basic KYC Plus account activity which
Account requires account to be Basic KYC
Opening -Nature of business
reclassified as Level (3)
-Evidence of Identity
-Origin of funds
Monitoring of transactions
against customer profile -Evidence of address
-Purpose of account
every 12 months.
th
-Type & level of activity

6 Monthly Review
-Monitoring of transactions against
Ongoing
g g Monitor Account Activity which
customer profile requires account to be classified as
Account Level (2) or (3)
-KYC Relationship review
Management approved by Senior management

7/8/2009 10

Recent Enforcement Actions
• Non-compliance penalties continue to rise.

– UBS Bank - $100 Million (May 2004)
– Riggs Bank - $ 25 million (May 2004)
– AmSouth - $ 50 Million (October 2004)
– Riggs Bank - $ 41 Million (Jan 2005)
– Arab Bank - $ 24 Million (August 2005)
– Bank of New York - $ 38 Million (Nov 2005)
– ABN AMRO - $ 80 Million (December 2005)
– AMEX - $65 Million (August 2007)
– Lloyds TSB - $130 Million (October 2007)
– Bank of Cyprus - $162 Million (October 2007)
– Lloyds TSB Bank - $350 Million (10 Jan 2009)


Compliance Guidance Needed
• Large fines have led to some unintended consequences.
- Fi
Fines have led to a flood of defensive SAR filings. I th 12 months
h l dt fl d f d f i fili In the th
following the Amsouth and Riggs fines, filings jumped by 40%.
- KYC requirements and the high p
q g price of a compliance mistake have
p
made it very difficult for even the most diligent money transmitter to find
banking services. (The guidelines published last year may help.)
• Increasing tendency to “criminalize” AML errors
criminalize
- Lapses are unavoidable for any large bank with significant transaction
volume or a large client base.
- Does it make sense to impose penalties – sometimes large penalties –
on banks with strong compliance regimes that have an AML lapse?


Business Challenges
g
• Financial Institutions • Regulatory • Technology
Need more effective
compliance Increasing compliance IT compliance spend =
Re-use
Re use regulation globally - $34Bn (5% AML*)
AML )
investments- FATF Annual spending
integrate with fraud Increasing pressure expected to continue to
and financial crime from regulators o FIs
o egu ato s on s increase
increase*
detection AML requirements now Technology is NOT the
extend to securities, big cost!
Technical insurance, real estate Investigations are 64%
g
integration vs industries and casinos of costs**
organisational as well as banks Industry vendor
integration Regulatory compliance consolidation
is primary driver of AML * Tower Group
investments
** Celent


Why s ou d I care about these Requirements?
y should ca e t ese equ e e ts
• Money Launderers and Terrorists seek out vulnerable banks
• The Regulator will fine the bank heavily
– Ignorance is no defense!
• OFAC can and will seize customers funds
– Banco Delta Asia Ltd. Macau
• US, European and other banks won’t Correspond with you
– Strict Due Diligence
– Correspondent Bank Certifications
– Demand due diligence (KYCC)
• The cost of a Fine is insignificant, compared to the internal cost and
f f
loss of business.
– Restructuring, new procedures, new systems, training
– Loss of reputation
– Loss of shareholder value


What are sanctions:
• Definition:
Sanctions are punitive or coercive measures against a state or its
nationals failing to comply with.
• Types of sanctions:
Multilateral sanctions (e.g. UN Country or regime sanctions (eg
sanctions) Taliban, Congo DRP, Sudan, Syria,
Iran)
Bilateral sanctions (e.g. US sanctions List-based sanctions (eg against
against Cuba) known terrorists)

• All UN member states, are obliged to implement UN Security Council
sanctions domestically.
• Financial Institutions must comply with sanctions in all jurisdictions
within which they operate.

7/8/2009 Embargoes & Sanctions 15
May 13, 2008

Managing Sanctions
• Off the shelf
Off-the-shelf shelf filtering software is available
• Can check incoming and outgoing payments and any other
transaction or customer information entered onto systems.
• However,
However judgment is required:
– Names may not be a complete match
– May get a country match but the transaction is not sanctioned.
• Must have a process for assessing and then declining or approving
transactions with full audit trail.
• Staff must have targeted training depending upon factors such as:
g g p g p
– Nationality
– Type of business (eg domestic, global trade, international payments etc)
– Decision making capacity
capacity.

May 13, 2008

Compliance Costs Increase – KYC AML, OFAC
KYC, AML
Compliance is expensive. Non-compliance is very expensive.

• Technology costs – the bar keeps moving
• Then
Th Now
N
• OFAC Scan repair items Scan all items
• KYC/AML Recordkeeping and Money Laundering
Travel Rules Pattern Recognition
• Cost of non-compliance
- Enforcement actions
- Prosecutions
- Reputational damage

May 13, 2008

Compliance Requirements Increase

Section 312 of the USA PATRIOT Act increases costs and risks.

• Requires due diligence risk assessment for Foreign Financial Institutions
(FFIs)
- Nature of the FFI’s business & the markets its serves
- Nature of the correspondent account, including account purpose, types of
services provided and anticipated account activity
provided, activity.
- Nature and duration of of bank’s relationship with the FFI – and affiliates.
- FFI’s home supervisory regime.
- Info known or reasonably available regarding the FFI’s AML record.
• New FFI due diligence rules are effective:
- July 5 2006 for new account openings.
5, openings
- October 2, 2006 for existing accounts.

May 13, 2008

Watch list Filtering
g
• Scanning of customer records & transactions against
– Government sanction lists – OFAC, BOE, UNO etc
, ,
– High risk individuals- terrorists, organized crime, fraudsters etc
– Exposed individuals – PEPs, public figures, high profile
– 3rd party database providers – World Compliance, Thomson, Bridger, World-Check,
Dow Jones-Factiva, C
D J F ti Complinet, L i N i etc.,
li t Lexis-Nexis, t

• Key Issues
– Character Variations
– Phonetic Variations
– Transliterations & cultural differences

• Using intelligent name matching algorithms with :
– Normalization of names – capitals, abbreviations, spaces, punctuation
– Reference libraries – common short names, cultural inputs
– Reduction to simplified representation – phonetics soundex
phonetics,
– Indexing – decision tree
– Similarity assessment – string equality, sub-sets, edit distance

May 13, 2008

What is it Regulators are looking for banks to do?
• All accounts risk ranked systematically
• All transactions risk ranked systematically
• All transactions and all customer activity profiled to determine “usual and normal”
behavior
• Peer groups used to find unusual behaviour in similar accounts
• How is previously unknown behavior detected and alerted
• Profiles to be dynamically created and adapted
• Rules must be dynamically created, adapted and implemented
• The Regulators want banks to actively find money laundering!
• Regulators are becoming more IT aware, than ever before!


Why a Risk Based Approach?

Regulatory Guidance Characteristics
FATF Money Laundering Typologies Takes into consideration multiple risk factors
3rd EU Directive, Basel CDD paper, and Wolfsberg including customer/business type, geography,
product/delivery channels, and transaction type
Principles paper
U.S. Comptroller’s Handbook Establishes levels perceived risk for which
proportional controls may be devised
FSA & Other Regulatory Directives
Egmont Group Efficient and cost effective approach to AML Program
MiFiD management:

Benefits
Risk management framework accepted by regulators
More effective and efficient processes
Industry leading practices

Components of a Risk Based Approach

Risk Indicators Mitigating Controls
g g

Customer/Business Type AML Governance Structure
AML Policies & Procedures
Geography
Training/Communications &
g
Product/Delivery Channels Awareness
Independent Testing
Transaction Type
AML
Risk Based
Approach

Regulatory Environment
Increased regulatory expectations
New regulations

The Situation

• High risk individuals, companies and organisations are targeting
financial organisations and the countries within which they operate.
• Their very existence depends on their ability to enter your
organisation or country undetected. What are the risks:
•R l t
Regulatory risk
ik
• Reputational risk
• Business risk
• Shareholder risk
• Job risk

k


AML Process Elements

Policy, strategy,
resource allocation

Program evaluation
& continuous
improvement Communications,,
awareness
Technology & training

Risk and
Compliance
p
AML Office Officers
Branch
AML Officers

Corporate Partners

Investigations & Account opening,
Suspicious customer identification
Activity
y & risk assessment
s assess e t
Reporting

Financial intelligence,
monitoring,
analysis,
trending & Enhanced
Due Diligence


LOB Risk Assessment

Determine
Develop and
Evaluate inherent Assess controls residual risk/
implement action
risks establish
plans
thresholds

Evaluate Assess Determine Develop

Monitor and Maintain and
enhance controls retain records

Monitor Maintain


Anti-Money Laundering High Risk Characteristics
High Risk Characteristics

Customer/Business Types Geography Product/Delivery Channel Transaction Types

• Politically Exposed Persons • Sanctioned List • Mobile to mobile • Off-shore
Countries
• Non Resident Aliens • Private Banking, Trust, • Foreign wire transfers,
• Transaction activity with Commercial, Retail where it money instruments and
• Money service businesses high risk countries (e.g. involves high net worth cash
(e.g. check cashing, wire 311 USA Patriot Act and individuals and their
transmitter) FATF) corporate interests with • Use of “Omnibus” and
personal and discrete “Concentration Accounts”
Concentration Accounts
• Gaming and betting service
• Internet Delivery • E-Bill Payment
• Real estate brokers • Nominee Account
• Correspondent Bank
• Jewelry businesses Clearing

• Travel agencies • Prepaid stored valued card

• Car, boat, aircraft, and farm
equipment dealerships
• Payable through accounts
y g
• Charitable organizations

• Law, accounting, and
medical firms

• Pawn brokers

• Phone or debit card
businesses

• Off-shore Trusts


Risk-based Approach and the KYC Process

Risk-Scoring
s Sco g

• Simplified Due Diligence?
• Enhanced Due Diligence?


Risk-based
Risk based Approach and the KYC Process

– How do we perform risk assessment?
– Do we have the right tools to do the job?
– How does the risk assessment program define and
score the risks of products? Customers? And
jurisdictions?
– How do we develop risk based matrices? With or
without the help of outside vendors?


Risk-based
Risk based Approach and the KYC Process

Simplified or Enhanced Due Diligence?

Simplified CDD
p Level 1 - Tick-box / Red-Flag Check
g

Limited CDD Level 2 - Public Record Research

Standard CDD Level 3 - Public Record Research
Limited Source Enquiries

Enhanced CDD Level 4 - In depth Public Record
In-depth
Research & Enquiries
Specific issues

The Risk-based approach requires a levelled approach to CDD


Risk-Based
Risk Based Approach Matrix
• B ildi an RBA matrix i a collaborative effort
Building t i is ll b ti ff t
between:
– The Compliance Unit
– The Economic Center
– The Business Units
– The Management Information Services (MIS)
Department
– IT Division
– Others….


Main RBA Factors

Customer Risk Country Risk

Sector Risk Product Risk


RBA Elements
•Overall background and reputation •Political stability
•Business interests and practices Mgt
Business practices-Mgt •Legal status
Legal
•Business associates and •Economic situation
networks/ Business Link •Standing of the financial services
•Political Affiliations (PEPs) industry
•Beneficial ownership and control •Exposure to organised crime and
•Source of funds
Source Money laundering
•Corruption

Sector Ri k
S t Risk Product Ri k
P d t Risk
•Weapons and Metal trading •Private Banking
•Precious metals •Correspondent Banking
•Art •Structured Finance
•Real Estate •Commodities
•Exchange Dealership

RBA Matrix
• An RBA Matrix is built to:
– Assess Risks
– Capture identified risks
– Estimate their probability of occurrence and
impact
– R k th risks b
Rank the i k based on th above
d the b
information.


• These variables may increase or decrease the risk
posed by a particular customer or transaction, for
example:
– The level of regulation or governance regime to which a
customer is subject (A customer is located in a high
subject.
regulated jurisdiction poses less risk than a customer
located in a low risk jurisdiction)

– Type of the entity: publicly owned entities pose less risk
than private entities

– The use of intermediate = Anonymity


High risk products and services
Examples

The following examples are sample of high risk products
that are vulnerable to ML & TF:
– Facilitate a higher degree of anonymity

– Involve the handling of high volume of currency.
g g y

– Rapid transactions speed

– Wide geographic availability


High risk products and services
Examples
• Wire transfers:
• Correspondent Banking: (
p g (Factors to consider)
)
– Account purpose
– Location of the respondent bank
p
– Nature of the banking license
– The respondent money laundering detection and
p y g
prevention controls
– The respondent bank regulation and supervision in
its country


Break Time


Red Flags

Sudden and inconsistent change in account activity or a concerning
pattern
A business account had sudden excessive cash activity inconsistent with past
behavior. No checks were made to suppliers or received from customers; the
company is not know by local competitors. The business address is a
p y y p
residential apartment and the phone number on file communicates with a fax
machine.

Frequent foreign wires to/from higher risk countries
A charitable organization had hundreds of thousands of dollars coming into
their account via settlement of credit card transactions. Wires were sent to
individuals and entities in high risk countries; foreign counter p
g ; g parties were
limited and could not be traced or identified. The purpose of the charity could
not be identified and it was determined that the organization was operated out
of a residential apartment.


Red Flags

Absence of cash with a cash intensive business account
A business customer that operates a restaurant/grill receives only deposited
checks into its account. Deposits consisted of checks from different
businesses/individuals payable to different parties.

Following the deposits were ACH debit transfers to another bank. There were
no cash deposits made into account, which is inconsistent with the type of
business.


Case Study - Background

An offshore financial institution incorporated in Bermuda is looking to
provide a structured finance loan to a group of investors.

The country into which the funds will flow and in which the project will be
carried out are th I
i d t the Ivory Coast and Middle Eastern countries.
C t d Middl E t ti

The sector in which the transaction is due to take place is the construction
sector and therefore inherently a high money laundering risk.
y g y g

It is unclear whether the directors and shareholders of the company are the
beneficial owners.

Rumours have been identified in the public record suggesting that the two
businessmen and the company are linked to a PEP and that the foreign
bank involved in the transaction is a pocket bank of the same PEP.


Case Study - Background

The transactional structure presented by the customer is
very complex and the reasoning behind the complexity
and non-transparency is unclear
non transparency unclear.

A number of companies within the structure have not yet
been incorporated and are “work-in progress”.


Case Study – Results of Risk-Scoring


•Overall b k
O ll background and
d d •Known of weak AML rules
K f k l
reputation •Known of terrorist financing,
•Business interests and practices
Business Smuggling & other money
•Business associates and laundering activities
networks
•Political Affiliations (PEPs)
•Beneficial ownership and control
•Source of funds
S ff d

Sector Risk Product Risk

•Real Estate •Structured Finance
•Complex transaction


Case Study - Approach

The scope of research should be divided into two phases:

Phase I - involve public record research into all parties (individuals
and companies) involved. This also included an overview of the
business networks and associations of the businesses and the
individuals.

Phase II - given the low profile of the individuals that could be
available in public records, a series of discreet enquiries within the
local business communities in which the individuals are active
should be undertaken in order to ascertain their overall business
reputation and to ascertain whether there is indeed any
substance to the allegations of their business being a front-
operation for a PEP.
i f PEP


Case Study – Results of Risk Scoring
Risk-Scoring

Enhanced CDD – Level 4

Simplified CDD
p Level 1 - Tick-box / Red-Flag Check
g

Limited CDD Level 2 - Public Record Research

Standard CDD Level 3 - Public Record Research
Limited Source Enquiries

Enhanced CDD Level 4 - In depth Public Record
In-depth
Research & Enquiries
Specific issues

The Risk-based approach requires a levelled approach to CDD


Customer Risk Matrix
Products/Services Used
Customer Type Deposit Unsecured Wire Transfer Private Trust Services
Account Loan/Credit Banking
Cards

PEP Moderate Moderate High Highest Highest

High Net Worth Moderate Moderate High Highest Highest

High Risk Nationality Moderate Moderate High High High

High Risk Industry Moderate Moderate Moderate Moderate Moderate

Cash Intensive Normal Moderate High Moderate Moderate
Business
Salaried Employee Normal Normal Normal Normal Normal

Independent Moderate Normal Normal Normal Normal
Consultant/Indiv
idual
Entrepreneur
Unemployed Moderate Moderate Moderate Moderate Moderate

Charity Moderate High High High High

Account Opening Policies
Customer Risk Rating Applicable Policies
Normal
N l
•Presentation of valid original identity documents
•Establish purpose of account
•Establish source of funds
•Retain copies
•Check against UN and other watch lists

Moderate
•Above plus …
•Send registered letter to customer at provided address. Retain signed return
receipt.

High
•Above plus …
Above
•Independent verification of account opening documents
•Verification of source of funds
•Interview with bank officer
•Visit by bank officer to customer home/business
Visit
•Approval from branch manager
•Updating of account information/documents every twelve months

Highest
g
•Above plus …
Ab l
•Updating of account documents every six months
Compliance ALert •Approval from CEO 2009
July 09, 46

Transaction Type Risk Matrix
Customer Offshore Wire Transfer Cash deposit under Large Forex Early Loan
Risk Rating Wire to High Risk threshold/structuring Cash Repayment
Transfer Jurisdiction transactions Deposit

Normal Standard Standard Standard Enhanced Standard Standard

Moderate Enhanced Enhanced Enhanced Enhanced Enhanced Enhanced

High Severe Severe Enhanced Enhanced Enhanced Enhanced

Highest Severe Severe Severe Enhanced Enhanced Enhanced


Transaction Execution/Monitoring Policy

Transaction Risk Rating Applicable Policies

Standard
•Teller/staff monitoring
•Automated system monitoring

Enhanced
•Customer explanation for transaction
•Compliance Officer Approval for execution

Severe
•CEO Approval for execution


Continuous Control Monitoring
Business Process Areas Specific Compliance
p p

Daily AML & Compliance
Customer Profile Monitoring
Transactions
Currency
Customer Statistics
Cash (In-Out) Transaction
Performance
Reporting Analysis
Analysis of data
Inward Swift Transaction collected
Suspicious Activity
Activities
Outward Swift Reporting Analysis
Building
Unusual Scenarios
Bank Drafts Terrorist Reporting
Behavior
Analysis
Pattern
Clearing Matching
KYC Analysis
Transfer Trend Analysis
A/C to A/C


Case Study – The Brief

Aware of the provision of guidelines in terms of the documentation &
verification required in order for the Bank to be compliant with the
money laundering legislation the Bank is subject to.

Based on the guidelines the issues which needed to be addressed
should b d fi d
h ld be defined.

Based on the issues defined research and enquiries in all the
relevant jurisdictions should be undertaken
undertaken.


Case Study – Expected Outcome

On the basis of the enhanced CDD that should be undertaken the Bank
undertaken,
could cross-reference the information provided by the customer to verify
the claims made by the customer independently

Could
C ld confirm th id tit of the beneficial owner and d t
fi the identity f th b fi i l d determine th
i the
reasoning behind the complex transactional structure

The Bank would be in a position to disprove any rumours which had been
p p y
voiced about links and front operations for a PEP

The exercise provides a complete and comprehensive documentation
trail and supporting case within the scope of the CDD process

The exercise enables the Bank to decide on the level of ongoing
monitoring, given the risks are classified as high.


Enhanced Ri k A
E h d Risk Assessment M th d l
t Methodology
Conduct detailed analysis of each category

1 2 3 4 5

Assess Risk

Purpose of Activity in Nature of the Location Products and
Account Account business Services used


Compliance Customer’s Risk Rating
Customer/Account Information Risk Factor Review Risk Value

8. Account Debit Activity - Estimate monthly volume for all accts, please insure Volume/velocity consistent with nature of business 0
percentages total 100%

_____% cash Purchasing monetary instruments 1

_____% checks Foreign Swift transfers (repetitive) 1

_____% currency exchange Foreign Swift transfers (walk-in) 2

_____% ACH Foreign Swift transfers to high risk countries (NCCT list, 5
OFAC, SIC)

_____% purchase official checks, money orders, etc. Domestic Swift transfers 1

_____% domestic wire transfers New Customer - Compare anticipated debit volume with
other similar businesses in the area. Additional investigation
should be conducted to explain any unusual business
factors.

_____% foreign wire transfers: LIST COUNTRIES BELOW Existing Customer - Compare historical deposit volume and
velocity with other similar businesses in the area. Additional
investigation should be conducted to explain significant
discrepancies.

100%

TOTAL

RISK

Business/Commercial Customer Risk Weighting Score -23 to +4 = Low Risk (L)
NOTE: Compliance or Risk Management staff may modify the risk rate for a +5 to +14 = Moderate Risk (M)
customer based on confidential information such as filing of SAR, receipt of +15 to +29 = High Risk (H)
criminal subpoena, etc. +30 and > = Extreme (E) Management Approval Req'd



6. Nature of Business Services (be specific) Money service business (see MSB section on page 2) +15
NAICS Code for principal line of business:

Brokered deposit relationship 30

Cash intensive business (see Question 9 for list) 10

ATM owner/operator 10

Customer qualifies as Phase I exempt p
q p person -15

Customer is exempted as Phase II exempt person -5

7. Account Deposit Activity - Estimate monthly volume for all accts, Volume/velocity consistent with nature of 0
please insure percentages total 100%.

Total Deposits: $ ________________ business Purchasing monetary instruments 1

_____% cash Foreign swift transfers (repetitive only) 1

_____% checks Foreign swift transfers (repetitive and/or walk-in) 2

_____% currency exchange Foreign swift transfers to high risk countries (NCCT list, SIC, 5
OFAC)
_____% ACH Domestic Swift transfers 1

_____% purchase official checks, money orders, etc. New Customer - Compare anticipated deposit volume with other
similar businesses in the area. Additional investigation
should be conducted to explain any unusual business
factors.

_____% domestic wire transfers Existing Customer - Compare historical deposit volume and velocity
with other similar businesses in the area. Additional
discrepancies.

_____% foreign wire transfers: LIST COUNTRIES BELOW

----------- 100%



8. Account Debit Activity - Estimate monthly volume for all accts, please insure Volume/velocity consistent with nature of business 0
percentages total 100%

_____% cash
% Purchasing monetary instruments
g y 1

_____% checks Foreign Swift transfers (repetitive) 1

_____% currency exchange Foreign Swift transfers (walk-in) 2

_____% ACH Foreign Swift transfers to high risk countries (NCCT list, OFAC, 5
SIC)

_____% purchase official checks, money orders, etc. Domestic Swift transfers 1

_____% domestic wire transfers New Customer - Compare anticipated debit volume with other
similar businesses in the area. Additional investigation should be
conducted to explain any unusual business factors.

_____% foreign wire transfers: LIST COUNTRIES BELOW Existing Customer - Compare historical deposit volume and
velocity with other similar businesses in the area. Additional
discrepancies.

100%

TOTAL

RISK

Business/Commercial Customer Risk Weighting Score -23 to +4 = Low Risk (L)
NOTE: Compliance or Risk Management staff may modify the risk rate for a +5 to +14 = Moderate Risk (M)
customer based on confidential information such as filing of SAR, receipt of +15 to +29 = High Risk (H)
criminal subpoena, etc. +30 and > = Extreme (E) Management Approval Req'd


Enhanced Risk Assessment Methodology

Identify specific risks categories

Product and
Service Risk

Risk Response
Customer Impact Quantity of Response Quality of
Analysis Effectiveness Actions
Risk Risk (controls) Risk
Analysis

Geographi
c Risk

Identify Risk Assess Quantity of Risk Assess Quality of Risk Action Plans
Categories


Best Practices Framework
Corporate Governance
AML Risk Assessment Risk Profile

Investigations
& Reporting

Project Pl
Program Manage
ures

Risk-Based
Writte Procedu

lanning/Ex
Policies

Customer Customer Transactions
Due Diligence
en

ement
xecution
Single Customer
View Data

7/8/2009 Training/Self Testing
Risk Based Approach 57
Independent Audit

Case Study: The United Nations

A FAMILY-RUN BUSINESS


Case Study: The United Nations

Leo Mugabe Kofi Annan

Kojo Annan
Hani Yamani Kojo Amoo
• Son of Kofi Annan (Secretary General-UN) from first marriage
• Worked for SGS/Cotecna (given UN deal to enforce sanctions in Iraqi ports)
• Moved on to start own company, Sutton Investments
• Sutton part of consortium with Air Harbour Technologies & Leo Mugabe ( p
p g g (nephew of
Robert Mugabe, Pres of Zimbabwe)
• Air Harbour owned by Hani Yamani (son of Sheikh Yamani, Saudi Oil Min.)
p
• Consortium won bid valued in $100s of millions to build Zimbabwe airport
• Kojo Amoo-Gottfried, Ghana Ambassador to UN (nephew of Kofi)

Risk: Customer/Business Type
Identifying PEPs

How do you determine whether an account holder is a PEP?

• Seek information directly from the individual

• Review sources of income including past and present employment history
and references form professional associates

• Review public sources of information (i.e. databases, newspapers, etc.)

• CIAs online directory of “Chiefs of State and Cabinet Members of Foreign
Governments” http://www.odci.gov/cia/publications/chiefs/index.html

• Transparency International Corruption Perceptions Index

• Private vendors (i.e. world Compliance/ Regulatory DataCorp (RDC),
Factiva,
Factiva and WorldCompliance)


Identifying PEPs (Cont )
(Cont.)

FATF Recommendations for PEPs:

Determine whether a customer is a PEP

Obtain senior management approval for establishing relationship

Establish source of wealth of funds

Conduct ongoing monitoring of relationship


Examples of Black Lists
OFAC: Office of Foreign Assets & Control lists:
Specially Designated Nationals
p y g
Weapons of Mass Destruction
Blocked Countries
BIS:
S Bureau of Industry & Security - Issued by the United S
f S States
BOE: Bank of England
CSSF: Commission de Surveillance du Secteur Financier Luxembourg
Financier-Luxembourg
SECO: Secretariat d’Etat a l’economie – Switzerland
UN: United Nations: Al-Qaida & Taliban; Iraq; Liberia
Al Qaida
MAS: Monetary Authority of Singapore
EU: EU Regulations
g
FATF: Financial Action Task Force
Other: Vendor (i.e. SIDE-OFAC/World Check Lists) and internal Lists


Summary
– Risk-scoring defines the level of CDD required

– Beneficial Ownership and PEPs are key

– Advantages:

• Institutions can mitigate their own risk exposure through
the risk-based approach and risk exposure
risk based

• Risk-Scoring also enables institutions to develop
benchmarks and risk rating parameters


For Additional clarifications, please call:
+961 1 787049
nakib.ba@calert.org

Bashir A. El-Nakib
CAMS, ACFE
CAMS ACFE, CFAP


Risk Based Approach Bachir El Nakib July 2009 [Compatibility Mode]

Recommended

Recommended

More Related Content

What's hot

What's hot (19)

Similar to Risk Based Approach Bachir El Nakib July 2009 [Compatibility Mode]

Similar to Risk Based Approach Bachir El Nakib July 2009 [Compatibility Mode] (20)

Risk Based Approach Bachir El Nakib July 2009 [Compatibility Mode]