Developing a Risk Based Approach for DNFBPs on AML/CFT - PowerPoint PPT Presentation

Loading...

PPT – Developing a Risk Based Approach for DNFBPs on AML/CFT PowerPoint presentation | free to download - id: 851d1d-MGE4Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Developing a Risk Based Approach for DNFBPs on AML/CFT

Description:

Monitoring Assessment of a control system s performance over time Combination of on-going and separate evaluation Management and supervisory activities. – PowerPoint PPT presentation

Number of Views:182
Avg rating:3.0/5.0
Slides: 98
Provided by: fisa154
Learn more at: http://scuml.org
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Developing a Risk Based Approach for DNFBPs on AML/CFT


1
Developing a Risk Based Approach for DNFBPs on
AML/CFT
  • The Special Control Unit Against Money Laundering
    (SCUML) Seminar on Strategic Partnership Between
    SCUML and DNFBPs for Effective Implementation of
    AML/CFT Regime in Nigeria Held at EFCC
    Conference Hall, Lagos

Presented by Pattison Boleigha
2.30pm to 3.30pm February 2012
2
Outline
  • Background
  • AML Risk Management Process
  • Requisites of Risk Based AML
  • Fundamental Elements In a Risk-Based AML
  • Purpose of adopting RBA
  • Benefits of Risk-Based AML
  • Risk Modeling/Risk Categories
  • Leveraging on Risk Based AML
  • COMPLIANCE RISK MANAGEMENT
  • RISK MANAGEMENT MODEL
  • Conclusion

3
Definition of Acronyms
  • AML Anti Money Laundering
  • CFT Countering Financing of Terrorism
  • FIs Financial Institutions
  • ML Money Laundering
  • TF Terrorist Financing
  • DNFI Designated Non-Financial Institutions
  • KYC Know Your Customer
  • KYCB Know Your Customers Business
  • KYE Know Your Employee
  • CDD Customer Due Diligence
  • EFCC Economic and Financial Crimes Commission
  • NFIU Nigerian Financial Intelligence Unit
  • SCMUL Special Commission for Monitoring
  • FATF Financial Action Task Force
  • CTR Currency Transaction Reports
  • STR Suspicious Transaction Report
  • EDD Enhanced Due Diligence
  • DNFBPs Designated Non-Financial Businesses and
    Professions
  • SROs Self-Regulatory Organisations

4
Background
  • After the 2007 general guidance on Risk Based
    AML/CFT, in October 2008, the FATF came up with
    another set of Guidance on RBA on DNFBPs like
    Accountants, Casinos , etc.
  • The guidance for the DNFBPs followed the
    principles of the risk-based approach already
    established by FATF, and highlighted risk factors
    specific to the DNFBPs, as well as suggest
    mitigation strategies that fit with the
    particular activities and businesses of the
    DNFBPs.
  • The purpose of this guidance was to
  • Support the development of a common understanding
    of what the risk-based approach involves.
  • Outline the high-level principles involved in
    applying the risk-based approach.
  • Indicate good practice in the design and
    implementation of an effective risk-based
    approach.
  • However it should be noted that applying a
    risk-based approach is not mandatory. A properly
    applied risk-based approach does not necessarily
    mean a reduced burden, although it should result
    in a more cost effective use of resources.

5
Objective of the RBA
  • The strategies to manage and mitigate the
    identified money laundering and terrorist
    financing activities are typically aimed at
    preventing the activity from occurring through a
    mixture of
  • deterrence (e.g. appropriate CDD measures),
  • detection (e.g. monitoring and suspicious
    transaction reporting),
  • and record-keeping (e.g. to facilitate
    investigations).
  • Proportionate procedures should be designed based
    on assessed risk
  • Higher risk areas - enhanced procedures
  • enhanced customer due diligence checks and
  • enhanced transaction monitoring.
  • Lower risk areas simplified or reduced controls
    may be applied.
  • There are no universally accepted methodologies
    that prescribe the nature and extent of a
    risk-based approach.
  • An effective risk-based approach will allow
    accountants to exercise reasonable business and
    professional judgement with respect to clients.
  • Regardless of the strength and effectiveness of
    AML/CFT controls, criminals will continue to
    attempt to move illicit funds undetected and
    will, from time to time, succeed.

6
The Steps Involved In A Basic Risk-based Approach
  • Identify the money laundering and terrorist
    financing risks that apply to a firm
  • Then assess the risks presented by the firms
    particular
  • Customers
  • Products
  • Geographical areas of operation
  • Firms then need to design and introduce controls
    to manage and reduce these risks.
  • These controls must then be monitored and
    improved where necessary
  • Firms must keep a record of what they have done
    and why they did it.

7
Key Elements For Success
  • DNFBPs, designated competent authorities and SROs
    should have access to sufficiently detailed,
    reliable and actionable information about the
    threats, and how to implement a risk-based
    approach.
  • There must be emphasis on cooperative
    arrangements among the policy makers, law
    enforcement, regulators, and the private sector.
  • Authorities should publicly recognise that the
    risk-based approach will not eradicate all
    elements of risk.
  • Authorities have a responsibility to establish an
    atmosphere in which DNFBPs need not be afraid of
    regulatory sanctions where they have acted
    responsibly and implemented adequate internal
    systems and controls.
  • Regulators and SROs supervisory staff must be
    well-trained in the risk-based approach, both as
    applied by supervisors/SRO and by the
    accountants.

8
Requisites of Risk-Based AML
  • The Risk-Based Anti-Money Laundering (AML)
    compliance program should be designed
    commensurate with its unique risk profile.
  • The risk profile should take cognizance of the
    inherent risks in the products and services it
    offers, the customers it serves, and the
    geographic locations it operates in.
  • It should be a logical process that identifies,
    monitors and manages risks to the businesses that
    could be used for money laundering.
  • The risk-based AML should leverage on a robust
    automated IT solution that can perform data
    analysis, detection, and advanced data mining to
    generate alert detection scenarios.

9
Steps in a Risk-Based AML
  • The first step is to conduct a risk assessment,
    which involves thoroughly evaluating a companys
    products and services customers base delivery
    channels and geographical profiles and
    determining what the vulnerable areas are.
  • Once these areas have been properly defined, the
    business needs to create and apply policies and
    procedures to deal with them. the second step.
  • The third step involves risk monitoring, which
    varies depending on the size and type of business
    concerned, but the key is having systems in place
    that will recognize potential threats in relation
    to activity. E.G. An organization may utilize a
    software solution to monitor activity and
    transactions.
  • Finally, the entire process needs to retain the
    ability to continually evaluate its own
    effectiveness the fourth step. It must be
    flexible enough to adapt to continually changing
    circumstances, and it must also make sure that it
    is being applied appropriately.

10
Fundamental Elements in a Risk-Based AML Approach
  • Legal Organizational Structure of the
    institution Large organizations with different
    markets, subsidiaries, functional areas, or
    business lines present higher levels of AML risk.
  • Geographies Operating Markets The level of
    risk may be heightened as geography and market
    area expands. Additionally, the institution
    should evaluate the impact of expanding its
    business lines to accepting transactions and
    accounts from areas designated as High Risk Money
    Laundering and Related Financial Crimes Areas,
    HIFCAs, requiring scrutiny.
  • Regulatory Framework Consideration of applicable
    laws in areas of operation. Lack of regulatory
    framework or scrutiny may be indicative of
    heightened risk level for transactions or
    beneficiaries in those markets.

11
Fundamentals Elements in a Risk-Based AML
Approach (contd)
  • Counterparties Enterprise risk profiling in
    relation to business with counterparties. An
    institution can unwittingly accept assume a level
    of risk through its counterparties that it would
    not willingly assume if the customer relationship
    was direct. Compliance expectations from
    counterparties must be known. It is therefore
    incumbent for each institution toKnow Your
    Counterparty
  • Customer Base Characteristics Review of
    associated risks emanating from compliance with
    KYC or KYCB requirements to determine areas for
    enhanced due-diligence (EDD) in relation to the
    following
  • Retail/Individual Clients
  • Institutional/Corporate Clients
  • Domestic Foreign Correspondent DNFBP
    Relationships
  • Linked Relationships
  • Risk Weighting Alert Prioritization.

12
Fundamental Elements in a Risk-Based AML Approach
(Contd)
  • Customer Correspondent Bank Validation/
    Categorization
  • KYC High-Risk Profiling and Transactional-risk
    scoring
  • Peer group benchmarking
  • Service-level profiling
  • Scope of Customer Relationships/Client Account
    Behaviour Benchmarking
  • Determination of breadth and depth of customer
    relationships.
  • Exceeds historical benchmarks above thresholds.
  • Identification of typical behavior/suspected
    terrorist financing schemes.
  • Any indication of suspicious transaction of
    logical entities.
  • Fraud

13
Purpose of adopting risk-based approach (RBA)
  • Measures to prevent money laundering and
    terrorist financing in line with risks
    identified.
  • Risk management process
  • Identification and addressing of high risk areas
  • Reasonable business judgment
  • Efficient and effective allocation of resources
  • Flexible efforts to fight money laundering and
    terrorist financing
  • Increased focus on high risk activities
  • Better adaptability to money laundering and
    terrorist financing methods

14
Challenges Of Adopting RBA
  • Money laundering vs. terrorist financing
    applicability
  • Resources and expertise requirement
  • Inadequate resources devoted to compliance
  • Diversity of practice among financial
    institutions
  • Identifying appropriate information to conduct a
    sound risk analysis
  • Addressing short term transitional costs
  • Greater need for more expert staff capable of
    making sound judgments.
  • Developing appropriate regulatory response to
    potential diversity of practice.

15
Limitations To Adopting RBA
  • Rule-based requirements (freezing of assets, STR,
    CTR)
  • Verification of customer identity
  • Non-applicability of simplified measures to all
    CDD
  • Due diligence requirements appropriate to each
    customer
  • Degree of monitoring in accordance with perceived
    risk
  • Measures and controls for higher risk situations
  • Wilful Blindness
  • Beneficial Ownership
  • Tipping Off

16
Potential Benefits of Risk-Based AML Approach
  • The risk-based AML Approach provides value to the
    organization and the cornerstone of an effective
    compliance programme.
  • Allows management to see things as they really
    are, and make risk-appropriate decisions based on
    measurable data and intelligence.
  • Serves as a basis for management decisions to
    allocate resources for compliance and internal
    control to manage the institution's unique risks
    (Compliance, Regulatory Strategic) and minimize
    the incidence of regulatory infractions and
    penalties.
  • Facilitates a comprehensive AML governance and
    oversight capability, thereby demonstrating a
    corporate-wide culture to deter money laundering.
  • Sets the stage for on-going AML risk management,
    which adapts to changes in regulations, products,
    and organizational structure.

17
Leveraging on Risk-Based AML Approach
  • Institutions must leverage on risk-based AML
    approach by adopting a comprehensive programme
    administration over the following
  • Compliance Programme Effectiveness of current
    management policies and compliance procedures
  • Reporting
  • SAR/CTR Reporting.
  • Case Generation Management
  • Audit Trail Record Retention
  • Training Programme to ensure sustenance of
    compliance efforts
  • Self Assessment Programme Assessment of current
    process to through programme testing to design
    appropriate enhancements to the existing process
    or develop and entirely new, custom process.

18
Leveraging on Risk-Based AML Approach (Contd)
  • Leveraging on risk-based AML approach for
    business advantage through adopting of an AML
    Solution that can perform the following
  • Generation of Alerts on set compliance
    parameters.
  • Data mining, advanced analysis detection
  • Extraction of Exception Reports for SAR/CTR
    Reporting
  • Risk scoring and prioritization of Alerts in
    support of workflow and case management
  • Flexibility to accommodate sophisticated business
    rules that can analyse customers transactional
    behaviour in comparison to normalized activity
    and known money laundering techniques in batch
    and real time.
  • Flexibility to accommodate KYC-based Models that
    can learn about customers and their KYC behaviour
  • Accurate and timely SARs/CTRs filing support
    within regulator-prescribed windows.
  • Adaptability to new and changing regulatory
    requirements and rapid deployment of new
    detection capability.

19
Key Findings of Money Laundering Threat
Assessment
  • One of the key challenges for DNFBPs is
    developing a risk profile of the customer base so
    that enhanced due diligence standards can be
    applied to high risk relationships both of
    account opening and throughout the course of such
    relationship
  • Risk categories include product types, geographic
    location and types of business
  • (what this means is that some customers because
    of the business they are involved in, where they
    live or the type of product they utilize, pose a
    higher risk for money laundering activities)

20
Compliance vs. Risk Management
  • Compliance is the management of regulatory risk.
  • AML/CFT compliance is meeting all obligations
    mandated under the AML/CFT laws and regulations.
  • Risk is the probability of the occurrence of an
    event and its consequences

21
BUSINESS RISK VS REGULATORY RISK
  • Business Risk is the risk that the DNFBP may be
    used for ML/TF
  • Regulatory Risk is associated with not meeting
    obligations under the AML/CFT laws

22
BUSINESS RISKS
  • Customer Risk
  • Products Risk
  • Service Risk
  • Business Practice Risk
  • Delivery Channel Risk
  • Location Risk
  • Jurisdiction/Geography Risk

23
REGULATORY RISKS
  • Non STR Reporting
  • Non Conduct of CDD/EDD
  • No AML/CFT program
  • No training
  • No Independent Compliance Testing
  • Non CTR filing
  • Non Mandatory Reports filling
  • No Management Arrangement

24
COMPLIANCE
  • Compliance is about meeting obligation that may
    have a mandatory component
  • All compliance risks must be dealt with
  • Compliance identifies all the obligations an
    organisation has

25
A QUESTION OF RISK
  • A supervised entity is challenged to define its
    risk appetite in the context of AML/CFT and
    develop strategies to effectively manage the risk
    inherent in the business it conducts.
  • It is therefore expected that institutions will
    be able to demonstrate that they understand the
    risk they take on and that they have devised
    internal mechanisms and controls to mange that
    risk.

26
National Risk Assessment Factors that influence
ML/TF Risk
  • Political environment.
  • Legal environment.
  • A countrys economic structure.
  • Cultural factors, and the nature of civil
    society.
  • Sources, location and concentration of criminal
    activity.
  • Size and composition of the financial services
    industry.
  • Ownership structure of financial institutions and
    DNFBPs businesses.
  • Size and nature of the activity carried out by
    DNFBPs, including accountants.
  • Corporate governance arrangements in relation to
    financial institutions, DNFBPs, including
    accountants, and the wider economy.
  • The nature of payment systems and the prevalence
    of cash-based transactions.

27
National Risk Assessment Factors that influence
ML/TF Risk
  • Geographical spread of the financial industrys
    and DNFBPs operations and customers/clients.
  • Types of products and services offered by
    financial institutions and accountants.
  • Types of customers/clients serviced by financial
    institutions and accountants.
  • Types of predicate offences.
  • Amounts of illicit money generated domestically.
  • Amounts of illicit money generated abroad and
    laundered domestically.
  • Main channels or instruments used for laundering
    or financing terrorism.
  • Sectors of the legal economy affected.
  • Underground/informal areas in the economy.

28
Risk Definition
  • Risk is the level of exposure opportunity,
    threat and uncertainty that a DNFBP must
    identify, measure, understand and effectively
    manage, as it executes its strategies to achieve
    its business objectives and create value.
  • Simply defined, risk is the likelihood that the
    outcome of events will vary from our
    expectations.
  • For example
  • a borrowing customer or trading counterparty may
    fail to meet its repayment/settlement obligations
    to the DNFBP as and when due (Credit Risk)
  • unforeseen movements in interest rates, foreign
    exchange rates or equity prices may have major
    effects on the value of the DNFBPs trading
    portfolio (Market Risk)
  • the DNFBP may suffer losses due to frauds,
    systems failures or weaknesses in operational
    controls (Operational Risk)
  • or due to litigation and/or violations of
    provisions of Laws and Statutes (Compliance and
    Legal Risk)
  • Or the DNFBP may suffer bad press (Reputation
    Risk).
  • A new competitor enters the market to take market
    share
  • (Strategic Risk)

29
The Risk Management Framework
  • The primary role of Risk Management is to
    minimize the divergence between expectations and
    outcomes, thus ensuring the realization of more
    predictable results.
  • This can only be achieved through a robust
    framework and clearly defined and transparent
    processes for
  • the identification of all factors that may lead
    to the said divergences (Risk Identification)
  • estimation of the likelihood of their occurrence
    and the extent or severity of their impact in the
    event of occurrence
    (Risk Assessment/Measurement)
  • design of effective controls to minimize both the
    likelihood and the impact of risk events (Risk
    Control)
  • establishment of procedures to ensure that these
    controls are effective and are being complied
    with (Risk Monitoring)
  • regular reporting of risk events and controls
    (Risk Reporting)
  • and provision of sufficient capital to absorb the
    adverse impact of expected and unexpected losses.
  •  

30
Risks Associated with Money Laundering
  • Reputational risk is the potential that adverse
    publicity regarding a businesses practices and
    associations, whether accurate or not, will cause
    a loss of public confidence in the integrity of
    the institution.
  • Borrowers, depositors, and investors might stop
    doing business with the institution because of a
    money laundering scandal involving the
    institution.
  • Operational risk is the potential for loss
    resulting from inadequate or failed internal
    processes, people, systems and external events
  • DNFIs that rely on the proceeds of crime have
    additional challenges in adequately managing
    their assets, liabilities and operations.
  • Increased borrowing or funding costs can also be
    included in such losses.
  • Legal risk is the potential for lawsuits, adverse
    judgments, unenforceable contracts, fines and
    penalties generating losses, increased expenses
    for an institution, or even closure of such an
    institution.
  • Concentration risk is the potential for loss
    resulting from too much credit or loan exposure
    to one borrower.
  • Lack of knowledge about a particular customer or
    who is behind the customer, or what the
    customers relationship is to other borrowers,
    can place a DNFBP at risk in this regard.
  • This is particularly a concern where there are
    related counter-parties, connected borrowers, and
    a common source of income or assets for
    repayment.

31
Risk Management Process Overview
Communicate Consult
Establish Context Internal context External
context Stakeholders criteria Define structure
Identify Risks What can happen? How and
why? When and where?
Analyse Risks Review controls Determine likelihoo
d consequence Hence risk level
Evaluate Risks Compare against criteria Rank
risks set priorities Treatment?
Treat Risks Identify options Select the best
responses. Develop risk treatment
plans. Implement Assess residual risk
Monitor Review
Risk Assessment
32
Risk Management Model
32
32
33
Organizational Risk Environment
34
RISK MANAGEMENT MODEL
  • NB

RISK MITIGATION IMPLEMENTATION OF CONTROL (RISK
TREATMENT
RISK REVIEW
  • Manage the Business Risks
  • Apply risk management and mitigation strategies
  • Implement policies and procedures
  • Manage the Regulatory Risks
  • Deploy system

35
RISK MANAGEMENT WORKSHEET
RISK GROUP CUSTOMERS CUSTOMERS CUSTOMERS
HIGH RISK LIKELIHOOD IMPACT RISK SCORE TREATMENT/ACTION
PeP        
Customers in cash generating business        
Customers who is an unregistered charity      
36
Level of Risk (Heat Wave)
37
RISK TOLERANCE
  • In addition to defining the risks appetite you
    can also define a level of variation to how you
    manage the risk. This is called risk tolerance.
    It provides some operational flexibility while
    still adhering to the Risk framework the DNFBP
    has developed.
  • The DNFBP has decided for example that generally
    the risk is unacceptable to accept inflow from
    IRAN.
  • However, it has some risk tolerance. In this case
    the business will permit transaction provided it
    is a DNFBP-to-DNFBP transaction.
  • The customer provides identification using
    International Passport only and the verification
    is carried out, the transaction is approved by a
    Senior Manager . As such the DNFBP understands
    and accepts the consequences of a ML/TF risk
    being realised

38
RISK TREATMENT
  • Risk Treatment steps include
  • Setting transaction limits for higher risk
    products
  • Having a management approval process for high
    risk products
  • Having a process to place customers in different
    risk categories and apply different
    identification and verification methods
  • Not accepting customers who represent
    unregistered NGOs, NPOs, Charities, Hawala etc
    and those who wish to transact with a high-risk
    country

39
RISK IDENTIFICATION Customer/Client
  • NATURAL PERSONS
  • Citizenship
  • Place of birth
  • Residence
  • Employment
  • Source of funds
  • Source of wealth
  • Purpose of account
  • History/ Internet search results
  • Type of product being purchased

40
RISK IDENTIFICATION -Customer
  • LEGAL PERSONS
  • Place of incorporation
  • Type of business
  • Level of regulation
  • Assets
  • Private or public
  • Local presence
  • Audited financial statement

41
RISK IDENTIFICATION -customer
  • Customer Business
  • Nature of Activity/Business i.e. AML/TF prone or
    not
  • Category of Customer i.e. PEP, FEP, Non F/F
  • Type of Customer (Private/Retail)
  • Ownership Structure
  • Size of Business
  • Family Tree/Subsidiaries/Affiliation
  • Level of KYC available
  • Level of monitoring available
  • Lifestyle/mannerism
  • Layering/Integration risks

42
EXAMPLES OF HIGH RISK CUSTOMER
  • Politically Exposed Persons (PEPs)
  • Financially Exposed Persons (FEPs)
  • Non-resident customers
  • Safe custody/safety deposit boxes
  • Existing customers changing to a new and
    different business
  • Off-shore customers
  • Account opened by intermediaries (Lawyers,
    Accountants)
  • Significant/unexplained distance between customer
    location and DNFBP
  • Movement of accounts to different DNFBP in
    different locations
  • Difficulty in identifying Beneficial Owner.
  • Cash intensive businesses MSB, CASINO, BDC etc
  • The use of intermediaries that are not supervised
  • Minors
  • Disabled customers
  • Trust, Nominee and Fiduciary clients
  • Partnerships

43
EXAMPLES OF HIGH RISK CUSTOMER
  • Partnerships
  • Non Governmental Organisations (NGOs)
  • Private DNFBP-anonymous clients
  • Joint Accounts
  • Numbered accounts
  • Nominee shareholders or shares in bearer form
  • Use of cash cards mobile phones, internet
  • Use of Corporate Vehicles
  • Introduced Business
  • Non-Face-to-Face Customers
  • Correspondent DNFBP relationships
  • Client Accounts Opened By Professional
    Intermediaries
  • Real estate brokers/agents
  • Non-Bank financial institutions
  • Government account

44
RISK IDENTIFICATION (PRODUCT RISK)
  • Any product that allows a customer to readily
    convert cash into monetary instruments is High
    risk
  • Any product or service that allows a Customer to
    readily move value from one jurisdiction to
    another and which conceals the source of fund is
    high risk
  • If not consistent with customer type/business
    nature then it is high risk
  • If it makes no economic sense considering the
    nature of customer/business it is high risk.

45
EXAMPLE OF HIGH RISK PRODUCTS
  • One-off transaction products/services
  • Private bank facilities
  • Non-customer wire transfers
  • Complexity of transaction
  • No apparent economic justification
  • E-banking, Mobile banking, Electronic Funds
    Transfer
  • Travellers cheque, Money Order, Cashier Cheque,
    Value Card.
  • Correspondent bank services
  • International private DNFBP services
  • DNFBP note and precious metal trading and
    delivery
  • Services that enable anonymity or can readily
    cross international borders e.g online Banking

46
RISK IDENTIFICATION (GEOGRAPHY)
  • Reputation
  • Political Stability
  • Level of corruption
  • Hard Drug Production
  • Hard Drug Transit
  • Secrecy Jurisdictions/Tax Havens
  • OFAC listed countries
  • Domestic Factors
  • High crime rate
  • Smuggling activities
  • Affinity (4-1-9)
  • Border Towns
  • Black Spots

47
EXAMPLES OF HIGH RISK LOCATION
  • Customers subject to UN sanctions, embargoes etc
  • Countries identified as lacking AML/CFT regime by
    FATF
  • Countries identified as providing funds/support
    for Terrorism/Terrorist activities
  • Countries identified as having significant level
    of corruption or criminal activity
  • Drug producing countries

48
FG TERRORISM WATCH LIST SEP. 2011
  • Somalia
  • Pakistan
  • Yemen
  • Sudan
  • Niger
  • Chad
  • Mauritania

49
RISK ANALYSIS MEASUREMENT
  • Attaching weight to identified risk criteria
  • FATF proposed
  • Assessment to be done at inception of
    relationship
  • Assessment to be done during the relationship
  • Based on Circumstance (e.g information received
    from competent authority)

50
AML/CFT Risk Assessment
51
(No Transcript)
52
A Model of Risk
THREAT
PROTECTION
ASSETS
53
Total Cost Approach
Total Risk-Related Costs
COST
Cost of Controls
Cost of Losses
LEVEL OF CONTROL
54
Another View
Event Severity
Event Frequency
Vulnerability
Threat
Impact on Assets
55
The COSO Control Framework
  • The COSO definition is a generally accepted
    framework for internal control evaluation.
  • All five pillars must be in place for internal
    control to be effective.
  • Monitoring
  • Assessment of a control
  • systems performance over time
  • Combination of on-going and
  • separate evaluation
  • Management and supervisory
  • activities.
  • Internal audit activities
  • Control Activities
  • Policies/procedures that ensure
  • management directives are carried out
  • Range of activities including approvals,
  • authorizations, verifications,
  • recommendations, performance
  • reviews, asset security and
  • segregation of duties
  • Control Environment
  • Sets tone of organisation
  • Influencing control consciousness
  • of its people
  • Factors include integrity,
  • ethical values, competence,
  • authority, responsibility.
  • Foundation for all other pillars of control
  • Information Communciation
  • Pertinent information identified,
  • captured and communicated
  • in a timely manner
  • Access to internally generated
  • information
  • Flow of information that allows for
  • successful on responsibilities to summary
  • of findings for management action
  • Risk Assessment
  • Risk assessment is the identification
  • and analysis of relevant risks to
  • achieving the entitys objectives.
  • This forms the basis for
  • determining control activities

56
Risk Management in Corporate Governance
Executive Decisions
Regulators
Review
Plan
External Reporting
Business Goals Objectives Expectations Business
Performance Risk Appetite Risk Assessment Regulati
ons Compliance
Business Plans Business Objectives Business
Strategy Internal Control Process Control
Objectives Policy and Standards
Shareholders
Board and Executive
Internal Reporting
Internal Communications
Line Management Staff
Measure
Implement
Key Performance Indicators Risk Monitoring Key
Risk Indicators Sensitivity Stress
Testing Scenario modelling
Business Processes Business Operations Business
Systems People Management Internal Controls Risk
Mitigation
Internal Auditors
Independent Audit
External Auditors
Monitoring
57
Compliance Culture
  • Embedding a compliance culture into the overall
    institutional culture is key to an effective AML
    program.
  • Staff at the business lines will quite
    legitimately argue that they are overwhelmed by
    other priorities.
  • Sometimes, the culture of immediate, short-term
    profit overwhelms the culture of compliance with
    money laundering laws and regulations.
  • It is dangerous when compliance staff is ignored,
    viewed as not relevant, or operating too distant
    from the business units.
  • It is critical that firms establish a strong
    culture of compliance that guides and reinforces
    employees as they make decisions and choices each
    day.
  • Raising awareness, to the point where everyone in
    the organization feels compelled to deter and
    detect money laundering, is vital.

58
Board Senior Managements Role
  • Ultimate responsibility for the AML compliance
    program rests with the board of directors.
  • Members must openly voice their commitment to the
    program, ensure that their commitment flows
    through all service areas and lines of business
    and be willing to report results to shareholders,
    if necessary.
  • The boards role in AML compliance consists of
    oversight.
  • That means board members are not expected to
    become money laundering experts themselves, nor
    are they responsible for day-today program
    management.
  • The boards job is to formally approve an
    institutions AML Compliance program and then
    make sure the program is adequately implemented
    and maintained by staff.
  • The boards oversight role also extends to the
    supervisors examination process.

59
Senior Managament Commitment to Compliance
  • Senior management must show its commitment to
    compliance by
  • Establishing a strong compliance plan that is
    fully implemented and approved by the board of
    directors
  • Insisting that it be kept informed of compliance
    efforts, audit reports and any compliance
    failures, with corrective measures instituted
  • Including regulation compliance within the job
    description and job performance evaluation of
    institution personnel and
  • Conditioning employment on regulation compliance.

60
Compliance Officer's Role
  • One of the compliance officers tasks is to
    obtain endorsement of the anti-money laundering
    program from senior management.
  • The compliance officer must explain the roles and
    responsibilities of the board of directors and
    senior management, and how reputational risk can
    hurt the firm.
  • The Compliance officer is also required to
    disseminate AML information across the
    organisation.

61
GOOD COMPLIANCE CONTROLS WHEN TO BE FLEXIBLE
  • Strike the right balance, with a full
    appreciation of the environment and risks.
  • Identify the risks, but do not be blinded by
    them.
  • Having said.
  • May be better to over control, as louse controls
    are ultimately costlier in the long run.

62
An Integrated Approach to Governance, Ethics,
Compliance and Controls
Functional Roles
Ethics Compliance Responsibilities
Market,Regulator StakeholderExpectations
Board of Directors Oversight Monitoring
Governance
Audit Assurance Risk Management
Senior Management Objectives Tone at the Top
Functional Unit Management
Drive Implementation
Ethics Compliance Risk Management
Establish Tools, Monitor Results
Compliance Facilitator
Workforce Third Parties
Self-Monitor Comply
63
ML/CFT Risk Mitigation
  • The information about a customer obtained at the
    time of the establishment of a relationship or
    the opening of an account constitutes a customer
    profile.
  • DNFBI businesses shall have policies and
    procedures for updating customer profiles and
    for confirming information provided by customers,
    commensurate with the assessment of the money
    laundering risks posed by the customers expected
    use of products and services
  • The customers source of funds
  • The customers source of income and assets
  • The nature and extent of the customers expected
    use of its products and services (i.e. a
    transaction profile) or the customers investment
    objectives.

64
MITIGANTS CONTROL
  • INTERNAL CONTROL FRAMEWORK
  • Identify and measure risk
  • Policies, procedures, systems and controls
  • periodic risk based audit
  • Corrective measures to strengthen compliance
  • Training to meet identified gaps

65
MITIGANTS CONTROL
  • CDD/KYC
  • STR
  • Monitoring
  • Training and Awareness
  • Risk Based internal control

66
MITIGANTS CONTROL -CDD/KYC
  • Involves
  • Identification and verification of customer
  • Identification and verification of Beneficial
    Owners
  • Understand nature and level customers business
  • Ultimately you should be able to determine that
    customer is who he says he is.
  • Also RBA adopted will enable the decision to
    lower CDD in respect of a customer.

67
Know Your Customer
  • The most important means by which DNFBPs can
    avoid criminal exposure to a customer who use
    DNFBPs resources for illicit purposes is to have
    a clear and concise understanding of their
    practice.
  • DNFBPs should know their customers at a minimum.
  • How can we Meet these Requirements?
  • Know Your Customer
  • Risk-based approach to KYC
  • Enhanced KYC identification if appropriate
  • Countries considered to be non-cooperative.
  • Need to establish beneficial ownership
  • Source of funds both initially and on-going
  • A regulatory chore? Or
  • Commercial Common Sense
  • Identification of location of business of
    customers (FATF).
  • Similar process BUT different forms for different
    entities.

68
Customer Identification
  • DNFBPs shall have policies and procedures to
    obtain
  • sufficient
  • reliable
  • significant
  • Information to determine the identity of all its
    customers
  • individual,
  • corporate and
  • other legal entities.

69
Establish Transaction Profile
  • A Transaction Profile is a snap shot or picture
    of the anticipated financial behaviour of a
    customer and the type of transaction he/she is
    expected to do with us.
  • This behaviour forms a baseline from which we can
    evaluate whether or not future account activity
    is consistent with the clients anticipated
    financial activity.
  • How DNFBPs can Meet these Requirements?
  • KYC forms should have the space where
    relationship manager is required to provide the
    information about
  • Transactions customer may do through DNFBPs.
  • Expected volumes of transaction
  • Type of products
  • Type of facilities he/she will enjoy

70
Classification Of Clients/Customers Accounts
  • Determine which accounts need to be monitored on
    an on-
  • going basis. Accounts should be divided into two
    categories
  • Plain Vanilla Accounts
  • This is the low risk category account and that
    perform in the anticipated manner and NEED not be
    scrutinized on an on-going basis.
  • High Risk Accounts
  • This require additional due diligence and on
    going periodic monitoring. Following basic Risk
    Category should be used to analyse your
    customers
  • - High Risk Geographies
  • - High Risk Business
  • - High Risk Products

71
Classification Of Account (Contd)
  • All accounts should be reviewed annually to
    re-assess their
  • risk activities i.e. classify from High Risk to
    Low Risk or vice
  • versa.
  • Circumstances other than account activity that
    may cause to
  • shift a low risk account to High risk account
  • Adverse stories in the media about a company or
    its principals (Print, Radio, T.V.)
  • Negative reputational rumours in the financial or
    special community.
  • Suspicious or unusual transactions.

72
Enhanced Due Diligence/Know Your Customer
  • Information that outlines additional information
    about the customer
  • Description of lines of business
  • Business activity and market share
  • Main customer bases
  • Assessment of Anti-Money Laundering Controls
  • Expected service requirements
  • Anticipated Transaction Activity
  • Supporting documentation of facts

73
Enhanced Due Diligence (EDD)
  • \What is EDD?
  • Risk Assessment
  • Know Your Correspondent DNFBP (KYCB)
  • Understand
  • Use of products and services
  • Transaction activity Monitoring
  • Reporting of suspicious activity
  • Training
  • Documentation confirming that the entity is duly
    Licensed in the jurisdiction and authorized to
    operate abroad.
  • Details of the financial institutions/corporation
    s ownership and its market reputation

74
Questions DNFBPs Employees Must Ask
  • When dealing with your customers, ask yourself
    these questions
  • How well do I know this customer?
  • Does the transaction make sense considering the
    customer's profile?
  • Do I fully understand the transaction the
    customer wishes to complete?
  • Am I comfortable with this transaction?
  • Is this the usual method for conducting this type
    of business transaction?
  • If in doubt, there may be a possibility that your
    customer is using your institution to launder
    money

75
Eleven Red Flags Know Your Customer and
Transactions
  • Products inconsistent with customers business
  • Transaction structure unnecessarily complex
  • Payment of proceeds to unrelated third party
  • Locations or descriptions inconsistent with LC
  • Significantly amended letter of credit
  • Conducting business in high-risk jurisdictions
  • Shipping products through high-risk
    jurisdictions
  • Transaction in high-risk products
  • Misrepresentation of quantity type of
    products
  • Invoice inconsistent with Customs documents
  • Obvious over- or under-pricing of products

76
MITIGANTS CONTROL
  • SUSPICIOUS TRANSACTION REPORTING
  • Unjustified frequency
  • Unjustified complexities
  • Activities inconsistence with business profile
  • Activities that does not make economic sense
  • These reports can be developed into a robust
    database from which information can be shared by
    relevant authority and FIs thereby enhancing RBA
    to AML/CFT

77
MITIGANTS CONTROL
  • MONITORING OF TRANSACTION (Factors)
  • Size
  • AML/CFT risk,
  • Methodologies
  • Activity under scrutiny
  • Resources
  • IMPLEMENTATION FACTORS UNDER RBA
  • Threshold
  • Adequacy of systems and processes

78
Monitoring of DNFBPs Activities
  • In developing appropriate methods of monitoring,
    DNFBIs should consider
  • Current reports and management information
    generated for marketing/fraud prevention
    purposes. Could these records be adapted or used
    for AML/KYC purposes
  • Whether manual or computerised monitoring is
    suitable or practical.
  • May be carried out in a variety of ways, monitors
    must understand their responsibility in relation
    to AML learn to recognize the signs of crime.
  • Monitoring is either manual or software assisted
    and comprises analysis of transactions.
  • It is designed to seek the unusual and may be
    inter-jurisdictional e.g. monitoring FTs
    globally.
  • Data protection issues, client confidentiality
    and DNFBP secrecy legislation can make
    investigation problematic.

79
Periodic Monitoring/On-going Due Diligence
  • Once we have determined that a customer profile
    places it in the High Risk Category, we are
    required to monitor.
  • Review High risk accounts for value, movement
    into and out of the account and geographic
    locations from which and into which funds flow.
  • Review related accounts of principals or persons
    who have signature authority over the account.
  • Determine if the sum total of the DNFBP
    activities are consistent with what we know about
    the client.
  • Determine if a customer or business account has
    or uses additional business names or corporate
    entities.

80
  • PERIODIC MONITORING/ON-GOING DUE DILIGENCE
    (Contd)
  • How DNBFIs can Meet these Requirements?
  • Departmental Monitoring Self Testing
  • Following steps are to be taken to monitor the
    transactions movements in HIGH RISK ACCOUNTS.
  • - All High Risk Accounts to placed on on status
  • (Blocked Accounts).
  • - All transactions in these accounts will be
    entered in
  • the registers being maintained by each
    department/ branch.
  • - All departments will updated their checklist
    and
  • procedure to handle their products in
    this respect

81
  • Periodic Monitoring/On-going Due Diligence
    (Contd)
  • How DNBFIs can Meet these Requirements? (contd)
  • Departmental Monitoring Self Testing (contd)
  • All transactions over these accounts have to be
    approved by a Group Head and relationship manager
    before processing.
  • - Departmental registers to be reviewed by Unit
    Heads to ensure all transactions are
    being properly entered.
  • - List of these accounts will be circulated to
    all
  • concerned staff and are made available on
    desk tops.

82
  • Periodic Monitoring/On-going Due Diligence
    (Contd)
  • How DNFBPs can Meet these Requirements?
  • Independent Monitoring Testing
  • Control staff will review the movements in these
    account as under
  • - Daily report showing outward FCY transfers by
  • beneficiaries and remitters is being
    reviewed for High
  • Risk accounts.
  • - Human Decision Report showing all accounts on
  • status 5 is being reviewed for LCY/FCY
    transactions.
  • Daily reviews are monitored through Control
    proof charts.

83
MITIGANTS CONTROL
  • TRAINING AND AWARENESS
  • RBA is largely human related.
  • The need for training is key (recom. 15)
  • Training must
  • Be tailored to responsibility
  • Have appropriate detail
  • Be at appropriate frequency
  • Test to assess that knowledge meets information
    provided

84
MITIGANTS CONTROL
  • INTERNAL CONTROL
  • Risk Based Process must be imbedded within the
    internal control measures.
  • It must enhance staff compliance
  • Snr. Management must create culture of compliance

85
MITIGANTS CONTROL
  • FACTORS DETERMINING NATURE AND EXTENT OF AML/CFT
    CONTROLS
  • Nature, scale and complexity of DNFBPs business
  • Diversity of operation and geography
  • Customer, product and activity
  • Distribution channels
  • Risk level of operation
  • Volume of operation
  • Extent of direct dealing

86
  • High Risk Products
  • Any product which allows a customer to readily
    convert cash to a monetary instrument.
  • Any product or service which allows a customer to
    readily move value from one jurisdiction to
    another and which conceals the source of those
    funds.
  • Ask whether the products or services the client
    is asking for make sense given the nature of
    their account or business.

87
  • Reporting System
  • Know your customer program is to alert management
    to
  • unacceptable risks.
  • The purpose of the program is to review accounts
    that may ultimately harm the institution.
  • Once staff spots suspicious transaction either in
    the course of their normal duties or during
    on-going monitoring process, Management must be
    alerted.
  • Staff must also report to their Supervisors.
  • Supervisor should report to the Compliance
    Officers.
  • Compliance Officers and the and Senior Managers
    should then confer and determine if it is
    necessary to consult with
  • Legal Counsel so they can take appropriate
    action.

88
  • Reporting System (Contd)
  • How DNFBPs can Meet these Requirements?
  • All suspicious activities or any other
    information e.g. adverse stories, negative
    reputational rumours of our customers should be
    reported to relationship managers group heads,
    Compliance Officers, who then confer and
    determine the actions to be taken.
  • All transactions to be reported to relationship
    managers and group heads for their sign-offs.

89
What A DNBFI Should Look Out For
  • Beware Of Activity Not Consistent With The
    Customers Business
  • Beware Of Attempts To Avoid Reporting Or
    Record-keeping Requirements
  • Beware Of Certain Funds Transfer Activities
  • Beware Of A Customer Who Provides Insufficient Or
    Suspicious Information
  • Beware Of Changes In DNFBP Transactions
  • Beware Of Transactions With Politically Exposed
    Persons
  • Business Transactions Involving Suspect/
    Blacklisted
  • Transactions Through Real Estate Investments.
  • Beware Of Secured And Unsecured Loan Transactions
  • Beware Of Transactions With Non-financial And
    Specialised Institutions
  • Beware Of Some Investment Activities
  • Beware Of Some International Trade Finance
    Activities
  • Beware Of A Certain DNFBP Employees
  • Beware Of Certain Shareholders

90
  • What You Should Do If You Decide To Carry Out A
  • Suspicious Transaction.
  • Seek information from the customer as to the
    origin and the destination of the funds, the aim
    of the transaction and the identity of the
    beneficiary.
  • Draw up a written report as quickly as possible.
  • Ensure that the DNFBP is not exposed to risk, in
    the carriage of the transaction.
  • Take appropriate action to prevent the laundering
    of the proceeds of a crime or an illegal act.
    Like
  • Termination of the account
  • Reducing services offered
  • Additional monitoring
  • Filing a criminal referral with Local Law
    Enforcement Agency.
  • Send the report timely to regulatory authorities.

91
Approval Controls Over High Risk (HRA)
Transactions (PEPs, NGOs BDCs and Dom a/cs)
  • All accounts designated as HRA will be opened
    only on the approval in writing of the Managing
    Director (MD) or his/her deputy.
  • All HRA credit facilities, irrespective of
    amount, will be signed off by the MD or his
    deputy.
  • All transactions on a HRA up to a certain
    amount (deposit and withdrawal) must be approved
    in writing by the Managing Director or his
    deputy. The transactions would include but are
    not limited to, cash deposits, cheque deposits,
    investments etc.
  • All HRA shall be flagged on the DNFBP software
    on a special status such that the status appears
    whenever enquiries or transactions are done on
    them.
  • A weekly report on all HRA related transactions
    should be sent to the MD and copied to the DMD
    and the Chief Compliance Officer (CCO). In other
    words all HRA accounts will be flagged and
    monitored weekly.
  • On a semi-annual basis, all HRA will be
    reviewed by Internal Control Unit to ensure that
    all the aforesaid processes and procedures are
    being followed in the management of these
    accounts. Deviations shall be reported to the MD
    and copied to the DMD and CCO. These reviews
    would be in addition to the routine quarterly
    audits.

92
Advice to DNFBP Operators
  • Front lines of a battle
  • Dont get complacent
  • Be aware of new trends
  • Identify how these new convenience tools can add
    to your risk
  • Combat by arming yourself with knowledge
  • Think about things differently
  • Learn to think like a money launderer
  • Risk Information Analytics Group

93
Conclusion
  • Ultimately, RBA should not prohibit FIs from
    transacting business with customers but enable it
    to effectively manage ML/CFT risks
  • Risk-based AML Approach facilitates
    identification of high risk situations (high risk
    transactions, customers FePs, PePs, Non-Face-to
    Face etc. and carry out enhanced due diligence
    when necessary.
  • In the current context of globalization, the
    risk-based approach to AML initiatives must be
    designed to meet requirements that would counter
    emerging methods and techniques of money
    laundering activities in the context of each
    institution's particular risk profile.
  • Non-DNFBP money laundering techniques,
    corporate money laundering, and the new payment
    technologies and e-products should be given
    particular attention.
  • Risk-Based approach to AML initiatives must
    extend to the cataloging of laundering typologies
    found in other regions of the world Asia, Latin
    America and Central Eastern Europe.

94
Questions Issues
95
References and Further Reading
  • http//www.fdic.gov/news/news/financial/2005/fil24
    05a.html
  • 15 http//www.occ.treas.gov/ftp/eas/ea2005-101
  • 16 http//www.fincen.gov/foster
  • 17 http//www.fsa.gov.uk/Pages/Library/Communicati
    on/PR/2005/117.shtml
  • 18 http//www.fincen.gov/abnamro.html
  • The World Bank Capacity Enhancement Program on
    Anti-Money Laundering and Combating Financing
    of Terrorism
  • Study Guide for the CAMS Certification
    Examination (ACAMS)
  • www.,acams.org
  • www.fatf.org
  • Debra.geister_at_lexisnexis.com
  • John S. Zdanowicz, Ph.D. Florida International
    Bankers AssociationProfessor of Finance Florida
    International University john.zdanowicz_at_fiu.edu
    President International Trade Alert,
    Inc.johnz_at_internationaltradealert.com
  • www. internationaltradealert.com

96
Thank You
97
My Contact Details
Pattison Boleigha Bsc, MBA, FCA, ACIT, HCIB,
CAMS, CGEIT Chief Compliance Officer Access DNFBP
plc 234-8022924308, 234-012712014 boleighap_at_acce
ssDNFBPplc.com boleighap_at_gmail.com
About PowerShow.com