View
236
Download
0
Category
Tags:
Preview:
DESCRIPTION
Slides for CFCS prep deck 2-2814
Citation preview
Part 3: Asset Recovery
Tax Evasion and EnforcementFinancial Crime Investigations
FraudCompliance Programs and Controls
CFCS Examination Preparation SeriesFebruary 28, 2014
Presented ByCharles Intriago
Brian Kindle
Brian KindleExecutive Director
Association of Certified Financial Crime SpecialistsMiami
Charles A. IntriagoPresident and Founder
Association of Certified Financial Crime SpecialistsMiami
Asset Recovery
CFCS Examination Preparation SeriesFebruary 26, 2014
5
Asset forfeiture
• Criminal forfeiture- against the defendant or person
• Civil forfeiture- in rem’ - against property - proceeds, instrumentality of crime
• Substitute assets
6
Asset forfeiture
7
International Assistance
• Freezing Orders - Mareva injunctions
• Pure Bill of Discovery - Norwich Pharmacal
• Production Order - Bankers Trust Orders
• Stand and Deliver - Anton Piller Orders
• Lis pendens
• Letters rogatory
8
International Assistance
Mutual Legal Assistance Treaties (MLATs)
• Taking testimony of persons• Providing documents, records and evidence• Service of documents• Locating or identifying persons• Executing requests for search and seizure• Identifying, seizing and tracing proceeds of crime
9
International Assistance
• Foreign ministries, nation's chief legal officer
• Embassies – yours and theirs
• “Back channel" assistance, for location of witnesses, authentication of records
• Direction to useful public sources to uncover true beneficial owner
10
Enforcement of Judgments
• Uniform Foreign Money Judgments Recognition Act
• Domestic judgments often are enforced in
other countries based on "comity"
Third Party Targets
• Third parties can be valuable, if difficult, targets for asset recovery operations
Possible third party targets• Banks • Broker-dealers, investment advisers, etc. • Company directors • Employees• Lawyers • Auditors and certified public accountants
Key Lessons
• Understand viable targets for asset recovery options
• Understand information sources, including open sources like corporate registries
• Many asset recovery operations have cross-border component – recognizing international tools is essential
Review Question
• You are employed as part of an asset recovery team seeking to recover funds from a corrupt government official indicted for bribery and embezzlement in Canada. You have identified financial accounts and properties the official held in several common-law countries, including Australia and the UK.
You are concerned that the official may attempt to transfer funds out of his accounts or dispose of properties while legal proceedings against him are still underway. What is one legal tool you could use to prevent the official from transferring these assets?
Review Question
A. Letters rogatory
B. Anton Pillar order
C. Mareva injuction
D. Production order
Tax Evasion and Enforcement
CFCS Examination Preparation SeriesFebruary 28, 2014
16
Overview and Definition
• Conduct designed to intentionally and illicitly avoid paying tax liabilities
• Often a thin line between tax evasion and legal “tax avoidance”
• Evasion is a financial crime itself and a common element of all other financial crimes
Convergence of Tax & Money Laundering Enforcement
• Global trend toward criminalization of tax compliance, enforcement will continue
• Convergence with other areas of law -- criminal law, money laundering, asset forfeiture, international evidence gathering
17
Convergence of Tax & Money Laundering Enforcement
18
• In February 2012, FATF issued revised recommendations on anti-money laundering
• For first time, tax offenses expressly listed as predicate for money laundering crimes
19
Tax Shelters
• Mechanism by which taxpayer may protect assets or income from taxation, or delay tax application
• Investments in pension plans and real estate are common examples, many shelters are completely legal
• Shelters can be deemed abusive by tax authorities when designed solely for avoiding or evading taxes
20
Tax or Secrecy Havens
• Jurisdictions that provide secrecy or other means of protecting assets from taxation• Individuals, corporations, other entities can shift
assets to havens through physical relocation, subsidiaries, shell corporations• Havens have been subject to increasing global
pressure
21
Characteristics of Tax or Secrecy Havens
• No or nominal taxes• Lack of effective exchange of tax information• Lack of transparency in the operation of legislative,
legal or administrative processes• Anonymous company formation• Negotiated tax rates• Inconsistent application of tax laws• Little or no regulatory oversight
22
Characteristics of Tax or Secrecy Havens
• No requirement for physical presence, allowing for shell corporations
• Self promotion as offshore financial center
• Examples of tax or secrecy havens• Seychelles• Panama• US states of Delaware, Nevada
23
Methods of Tax Evasion and Tax Fraud
• Income tax evasion can be straightforward as under-reporting income, overstating deductions, or not declaring offshore accounts
• Can be extraordinarily complex, involving offshore accounts and layers of corporate entities
• Tax codes of many jurisdictions are complicated, proving tax evasion requires willful intent to defraud
24
Methods of Tax Evasion and Tax Fraud
• Smuggling and evasion of customs duties• Employment tax fraud• Falsified worker status• Pyramiding• Third-party withholding• Cash payments
• Evasion of value added tax (VAT)• “Missing trader” fraud, carousel fraud
25
Red Flags of Tax Evasion
• Failing to follow advice of accountant, attorney or preparer
• Failing to inform a tax professional of relevant facts • Evidence from employees about irregular tax withholding,
suspicious business practices• Missing or altered books and records• Transfer of assets to an offshore location or secrecy haven• Tax and related documents appear to be backdated• Use of many tax numbers by single person or entity• Submission of suspicious wage and other statements
• March 2010 – FATCA signed into US law• February 2012 – Temporary IRS Regulations Issued• Numerous IRS Notices Since • January 17, 2013 – Final IRS Regulations Issued• Key Effective Date – July 1,2014
FATCA
• Essentially enlists ‘Foreign Financial Institutions (FFIs)’ to act as extension of IRS enforcement network• Identifying US Taxpayers holding financial accounts or
investments in their institutions
• Reporting financial assets, US source income annually to IRS
• Withholding 30%, on behalf of the IRS, on certain payments coming from US for noncompliant accounts, institutions
• Reporting, withholding on accounts and payments to other FFIs that do not comply with FATCA
FATCA Overview
28
Intergovernmental Agreements
Model I and Model II Agreements
• Model I requires FFIs to report information on US accountholders to their tax authorities, which collect and deliver it to IRS
• Model II requires FFIs to report information on US accountholders directly to the IRS.
• IGAs will require some countries to change their tax, privacy laws
• Some IGAs require reciprocal reporting – US institutions must report accountholders to tax authorities of signatory nations
29
FATCA Gaining Momentum
• 70 countries reportedly in talks with US Treasury
• FATCA Partners now include 19 countries ( including
major economies like UK, Mexico, Denmark,
Germany, Ireland, Italy, Switzerland, Spain,
Switzerland, Norway; many smaller jurisdictions)
• Tax transparency now a worldwide initiative
• Participation ‘not an option’
30
G20 and Bank Information Exchange
31
OECD Automatic Exchange Standard
32
Key Lessons
• Understand structures used to evade taxes,
especially offshore legal entities
• Understand common types of tax fraud
schemes, including those involving VAT
• Recognize how FATCA works and how it is
laying groundwork for international tax
enforcement regime
33
Practice Question
Your bank holds a business account for a local tax preparation service.
What would MOST likely trigger further investigation by the compliance department in the bank?
A. Numerous deposits of tax refund checks in the names of different individuals but with common addresses
B. Multiple deposits of checks in the same amount written by different tax service customers
C. Variances in the frequency of transactions depending on the calendar cycleD. A request by the customer to have payments made to the Tax Office
through a certified check process
34
Practice Question
• Answer A is the correct answer due to the fact that this is a classic red flag for tax fraud. Multiple tax refund checks for different individuals going to the same address should set off warning alarms in nearly every jurisdiction.
• Answer B is incorrect because this perfectly fits the customer’s profile. The deposit of checks from different tax service customers is what you would expect as each customer paid their bill for the service. You would also expect many of them to be in the same amount for a typical tax preparation service since the fee for tax preparation would be the same for many customers.
35
Practice Question
• Answer C is incorrect because, once again, this fits the customer profile. You would expect variances depending on the calendar cycle as this is largely a seasonal business based on tax reporting deadlines.
• Answer D is incorrect because there is no indication of tax fraud in this response. The customer is making payments to his jurisdiction’s tax authorities using a certified check, which is simply a check for which a bank has confirmed sufficient funds exist to cover the amount of the check. This is not a viable means to commit tax fraud, and would more likely indicate no fraud is taking place.
Financial Crime Investigations
CFCS Examination Preparation SeriesFebruary 28, 2014
37
Legal Underpinnings
• Common law systems• Rely on case law, precedent• Legal remedies not in statutes are available• Examples – UK, US, Canada, India, Australia
• Civil law systems• Written laws determine rights, remedies and actions• Examples – Latin America, Continental Europe, Japan
• Helps evaluate ground rules of place where investigation and possible litigation is conducted, costs, likelihood of success
38
Public vs. Private Investigations
• Public investigation by law enforcement agency, grand jury, regulatory body• Deploys all powers, authority of government
• Private investigations by civilians without government powers• Can obtain powerful tools from courts, equitable
remedies, bankruptcy and insolvency laws
39
Investigative Tools and Techniques
• Compulsory power to obtain documents and testimony• Telephone, electronic wire intercepts by government
agencies• Search warrants• Mutual Legal Assistance Treaties (MLATs) and less
formal mutual assistance• Undercover operations• Physical surveillance• Whistleblowers, anonymous tips, informants
40
Open-Source Intelligence
• Publically available information, often online• Many sources, often free and easily discoverable• Online searching and web content• Media outlets and news sources• Public records• Geospatial open source• Professional conferences, live events• Observation and reporting
• Investigation should usually start with exhaustive OSINT before moving to more time-consuming methods
41
Online Open-Source Tools
• Online information increasingly critical in financial crime investigations• Advanced web searching• Searching social networks, blogs• Utilizing free and paid online databases• “Deep web” sources• Reverse image searches• Archived web sites
• Financial criminal use online tools, investigator should take steps to remain secure and anonymous online
42
Interviewing Techniques
• Usually best to begin interviews with persons farthest removed from suspected crime
• Differences between interrogation and interview. In interview, investigator should establish rapport with witness and seek detailed responses.
• Look for knowledge of event, persons or entities involved, physical and intangible evidence
• Plan all elements of interview: location, objectives, needs of the witness
43
Intelligence vs. Evidence
• Intelligence furthers investigation but is not generally admissible in court
• Photos posted online• Information in a news article• Hearsay statements
• Evidence must meet legal rules of admissibility, be material and prove or disprove some relevant matter
• Commercial records obtained by subpoena• Statements made freely to law enforcement agent• Facts observed by enforcement agent conducting lawful
surveillance
44
Investigations Across National Borders
• Many financial crime investigation require assistance from other nations and jurisdictions
• When requesting assistance from another nation for, consider:• Its legal and statutory requirements • How to assure that the information will be admissible as evidence• Will investigative subject be notified of request for assistance? Are
you legally compelled to inform the subject?• Level of probable cause needed to authorize investigative
techniques and enforce court orders
45
Tips and Whistleblowers
• Common trigger of financial crime investigations
• Encouraged by laws authorizing rewards, protections
• Can come from any level of organization up to board of directors
• Wise to maintain skepticism in contact with whistleblowers, who may have their own profit, revenge motives
46
Investigating Employees• Some companies have rules on employee cooperation in
internal investigations, but they must not conflict with laws
• Employee usually has no legal obligation to agree to an interview
• Employer may usually provide employee e-mail, phone logs and computer usage without employee permission, knowledge
• Investigator should consult lawyer on whether it is legal, advisable to obtain employee records without consent
47
Court Orders
• Search warrants • Granted by judge to government agencies, • Specify time, place and items to search• Failure to follow terms may render evidence useless
• Subpoena• Compels a person or entity to produce records, items or
testimony at a place and time• Considerable variation on process among countries
• Preservation orders or litigation holds• Prevent electronic evidence from being deleted or altered
48
Beneficial Owners
• Typically refers to person who maintains ultimate control over funds, assets, legal entities or financial accounts
• Includes individuals who own or control, directly or indirectly, greater than a certain percentage of a legal entity
• Recognizes that person in whose name an entity is formed, asset is held, or account is opened is not necessarily the person who truly controls them
• Determining beneficial owners is critical in KYC, due diligence, investigations, AML and anti-corruption, and more, as it is key to true source, origin and control of funds
49
Corporate Registries
• Collect and store information pertaining to corporations and other legal entities created within a given jurisdiction
• Typically maintained by a government agency or department
• May be a single registry for an entire nation, or multiple registries for different states, regions or cities, depending on jurisdiction
• Serve several purposes:• Record creation or incorporation of new legal entity• Collect required information on legal entities• Make some or all collected information publicly available
50
Corporate Registries
•The following information is usually available from corporate registries: •The name and type of the legal entity•Date of the company formation, and date when the company was dissolved
if no longer in existence•Articles of incorporation and other company formation documents•A physical address of the corporation, or address of formation agent•Name and address of a registered agent for the company
•Some jurisdictions will provide: •Names and addresses of the legal entity’s directors or officers•Names and addresses of the shareholders, members or other legal owners
of the legal entity
•Beneficial owner of legal entity is very rarely available
51
Corporate Registries
• Many jurisdictions offer access to registries through websites. Some international bodies also maintain sites that allow direct or indirect access to registry information:
• International Association of Commercial Administrators (IACA) http://www.iaca.org/
• Corporate Registers Forum (CRF) http://www.corporateregistersforum.org • European Business Register (EBR) http://www.ebr.org/section/4/index.html • European Commerce Registers’ Forum http://www.ecrforum.org/ • Association of Registrars of Latin America and the Caribbean (ASORLAC)
http://www.asorlac.org/ingles/portal/default.aspx
52
Types of Financial Institution Records• Critical source to “follow the money” in financial crime
investigations, often need court order to obtain
Examples
• Deposit tickets • Deposited checks• Checks drawn • Debit memos • Credit memos • Outgoing wire transfer orders • Incoming wire transfers
• Cashier’s checks sold • Foreign currency sold • Signature cards • Monthly statements • Cancelled checks• Cashier’s checks • Money orders sold
53
Summarizing Financial Institution Records
• Investigator should prepare summaries of information in documents from an institution, including:
• Deposits and withdrawals• Checks written on the account• Wire transfers into or out of the account• Fluctuations in account balances
• Obtain all documents related to account opening and customer onboarding: application, customer ID, signature card, due diligence and Know Your Customer records
54
What Financial Institution Records Show
• Some leads that a financial account analysis can provide: • Names of persons, entities that received funds• Names of persons, entities that deposited money • Sources, amounts of income or revenue• Cash withdrawals and purchase of cashier’s checks• Activities of previously unknown businesses and ventures• Wire transfers to, from offshore havens, accounts, nominees• Previously unknown accounts• Liabilities, which lead to other financial statements• Asset acquisition, disposition
55
Other Financial and Commercial Records
Examples
• Commercial invoices• Cancelled checks• Receipts, related expense
documentation• Journal entries
• Statement of cash flows• Vendor and customer lists• Physical inventory• Reconciliation of
intercompany accounts
• Tax returns are also a valuable source of information if they can be obtained legally
56
Protecting the Evidence
• All records should be treated as possible evidence • Implement chain of custody from the start• Document chronology of handling of evidence• Where it was initially located, who got it, where it was
stored, who handled it • Obtain originals where possible
• Maintain records for their integrity• Assure that electronic evidence is not altered or unintentionally
overwritten
57
Key Lessons
• Recognize the types of documents and records that can be employed in financial crime investigations
• Understand the differences between evidence and intelligence, and the proper role of each
• Open source intelligence is highly valuable – be familiar with open sources, online and otherwise
Review Question
58
Securities King was a stock brokerage that collapsed after it was revealed to be running a Ponzi scheme. The scheme has left behind numerous defrauded investors and the brokerage is now being liquidated in bankruptcy court. You are an investigative professional who has been asked to look into a lawyer suspected of involvement in the Ponzi scheme. The lawyer is thought to have handled funds for Securities King through his firm’s account. There has been no prior investigation of the lawyer, and you currently have little information him or his firm.
What would be the most appropriate first step to take in your investigation?
Review Question
59
A. Request that a bankruptcy court judge name you a
receiver of Securities King
B. Contact the lawyer to schedule an interview
C. Thoroughly research the lawyer and his firm online
and in public records
D. Conduct physical surveillance of the lawyer to
understand his movements
Review Question
60
Answer C is the correct answer. While all four responses may be appropriate at some point in the investigation, the question asks for the most appropriate first step.
As you currently have little information on the attorney, it would be inappropriate to approach a judge with a request to be named receiver. Likewise, conducting surveillance and interviewing the attorney are more time-consuming and potentially risky steps best left to later in the investigation, if conducted at all. Starting with thorough open-source research would be the investigative best practice.
Fraud Detection and Prevention
CFCS Examination Preparation SeriesFebruary 28, 2014
62
Overview and Definition
• Intentional misrepresentation, concealment or deception in pursuit of financial gain or to further a financial crime
• Recent fraud trends• Greater professionalization, smarter attacks• Increased “sharing” of fraud practices• More frauds perpetrated from offshore locations• Technical fraud or cybercrime combined with traditional skills• More collusion between merchants, fraudsters and organization
insiders
63
Understanding and recognizing types of fraud
• Ponzi schemes• Despite recent exposure, remain widespread type of fraud
• Some red flags • Investment returns “too good to be true”• Investment statements show growth or performance
contrary to market trends• Unusual or no fee structure• Lack of information or substance behind investment
• Securities fraud• Misrepresentation around a security, which can be
virtually any tradable asset or financial instrument• Inaccurate or misleading information to encourage
investment• Selling a security that is illegal or nonexistent• Insider trading
• Now facilitated by online communications, social networks, other tools
64
Understanding and recognizing types of fraud
• Common types of securities fraud include– Microcap or “penny stock” frauds, like pump and dump
schemes– Insider trading– Hidden terms and agreements– Fraud tied to falsified reporting or accounting
• In US alone, securities fraud estimated to total $10 – 40 billion annually
65
Understanding and recognizing types of fraud
• Fraud in loans and mortgages• Intentional, material misrepresentation or omission to
obtain loan or larger loan than lender typically grants• May also be perpetrated by lenders: loans with hidden or
predatory terms, unlicensed lenders
Common schemes
66
Understanding and recognizing types of fraud
• Income and employment fraud• Occupancy fraud• Appraisal fraud
• “Shot-gunning” fraud• Cash-back fraud• Foreclosure scams
• Credit and debit card fraud• Need not involve physical fraud; increasingly common to
steal numbers, personal information online• Tampering with card readers at ATM and other point-of-
sale locations through skimmers• Online theft of numbers through compromise of online
security or data breaches• Gathering personal information by sending fake
applications for cards to targets• Physical theft of card
68
Understanding and recognizing types of fraud
• Other types of fraud include:– Insurance– Health care– Government benefits
• Can be perpetrated by an entity against a customer or by customer against an entity
69
Understanding and recognizing types of fraud
• Fastest growing types of consumer fraud• A leading threat to accounts at banks and other
institutions• Common ways to steal identities • Social engineering• Creating fake online identities• Technological tools – skimmers, phishing, malware• Internal fraud and data theft
70
Identity Theft and Fraud
• Common signs indicating a stolen or compromised identity• Alerts and warnings from a credit reporting company• Suspicious documents, including forged or altered IDs• Inconsistent personal identifying information• New credit or debit card request immediately after
notification of change of address
• Identity theft furthers many other fraud schemes• Using stolen identities to obtain government benefits, tax refunds• Obtaining loans or mortgages with false identities• Opening accounts with stolen or false identities
71
Red Flags of Identity Theft
Preventing Fraud
72
• Similar measures as other compliance programs, but training, awareness are even more important in fraud prevention
• Starts with comprehensive fraud risk assessment• Create a team with necessary expertise• Identify organization’s universe of fraud risks
• Fraudulent financial reporting• Misappropriation of assets• Expenditures, liabilities for improper purpose• Revenue and assets obtained by fraud• Costs, expenses avoided by fraud• Financial misconduct by management
Preventing Fraud
73
• Assess likelihood of fraud schemes or scenarios• Assess materiality of risks: which schemes would
have greatest impact• Assess preexisting fraud controls, compare them
against risks• Consider how controls may be over-ridden or manipulated
by employees and others• Employee collusion is serious fraud risk
Key Lessons
74
• Preventing fraud is heavily reliant on awareness, training, and internal controls
• Financial crime professionals should be prepared to identify many types of fraud
• Fraud schemes are frequently linked – one element feeds into larger operation
Review Question
75
• Your institution has recently been dealing with a large number of identity theft cases, in which thieves have stolen sensitive customer data and used it to fraudulently apply for credit cards.
After an initial investigation, you suspect that an employee is participating in the identity theft scheme. What would be the most effective first step you could take to prevent further theft of customer information?
Review Question
76
A. Immediately notify customers whose data has been compromised
B. Restrict access to sensitive customer data, and monitor employee access on an ongoing basis
C. Impose strict alert thresholds in the automated monitoring system for all credit cards
D. Conduct a mandatory ethics seminar with all institution employees
Review Question
77
Answer B is the correct response. Like other review questions, all of these answers could be considered good responses to a data breach or theft.
However, only Answer B will actually serve to prevent further theft of data, which is the focus of the question.
Review Question
78
A mortgage administrator has been dealing with a buyer attempting to obtain a large mortgage on a home from your institution. According to the buyer, he is seeking to purchase the home as an investment property.
The buyer has been behaving erratically and has been difficult to contact at times. Concerned about a potential fraud, the administrator has asked you to examine the mortgage application and accompanying documents.
You note the following information. Which is the best indicator that the buyer may be committing mortgage fraud?
Review Question
79
A. A real estate agent from a nearby city is helping to broker the sale
B. The seller is not currently listed as the occupant of the property
C. The buyer currently has a large mortgage outstanding on his own property
D. The buyer has no previous history of obtaining mortgages from your institution
Review Question
80
Answer C is the correct answer. In the question, it describes the loan applicant as seeking the home as an investment property. However, the applicant has a large mortgage outstanding on his own property, raising questions about his finances and ability to purchase an investment property.
Answer B may also be considered a red flag by some. However, in the question it describes the buyer’s behavior as erratic and potentially suspicious. Since the buyer is already under suspicion, the red flag in Answer C should be given priority. Answers A and D are not indicative of any suspicious or fraudulent activity.
Compliance Programs
CFCS Examination Preparation SeriesFebruary 28, 2014
• Processes and controls to comply with laws, regulations, other requirements
• Regulatory structure becoming more complex, global
• Convergence moving toward unified “financial crimes risk management”
Overview of Compliance
Programs Within Compliance
• Governance– Analytics– Investigations– Intelligence– Customer Due Diligence– Compliance Audit/Quality Control
Governance
• Enterprise Risk Assessment• Gap Analyses• Creating/Reviewing/Delivering Training• Liaison to Regulators/Examiners and Internal
Audit• Liaison to External Consultants and Auditors
Investigations & Intelligence
• Investigations– Investigate unusual activity– Report on unusual activity– Investigate possible terrorist financing
• Intelligence– Analyze country risk– Analyze enterprise-wide financial crimes risk– Support foreign correspondent banking business
Analytics
• Tools for transaction monitoring• Analytics for enterprise-wide risk assessment• Analytics for customer risk rating• Tools for sanctions monitoring
Customer Onboarding
• Customer Due Diligence - “Know Your Customer”
• Customer Identification Program• Customer Monitoring/Periodic Review• Enhanced Due Diligence (High Risk)
Employee Onboarding
• “Know Your Employee”• Employee Monitoring• Employee “red flags”
• Size, structure, complexity and risks of organization are basis of compliance program
• Compliance program should include policies, procedures and controls
• Controls can be broadly divided into “preventive” and “detective”
Organizational Overview of Financial Crime Program
• Preventive controls include: • CIP and CDD programs• Appropriate training• Risk assessments, gap analysis• Providing line of business reporting, issue remediation• Senior management and board reporting• Liaison with audit, coordination of examinations
Organizational Overview of Financial Crime Program
• Detective controls include:
• Identifying suspicious activity through employee referrals or automated transaction monitoring, customer surveillance• Investigating identified unusual activities • Activity monitoring, predictive analytics• Monitoring employees, third parties• Screening, blocking, rejecting transactions and customers• Reporting • Exiting customer relationships • Compliance testing
Organizational overview of financial crime controls
Risk Assessment• Assessing risks allows understanding of vulnerability,
better resource allocation
• Should consider
• Types of distribution channels used by business unit• Complexity of unit’s business model• Degree of change in business• Size and type of growth in the business
Risk Assessment
Key elements include• Methodology to quantify level of risk
• Methodology to quantify adequacy of controls
• Assessment of risk of each line of business
• Enterprise-wide assessment to identify systemic risk not apparent in a line of business
Sanctions Compliance• Laws or regulations of certain nations prohibit
conducting transactions for certain national governments, entities and persons
• Sanctions are imposed by variety of enforcement agencies, international bodies• US Office of Foreign Assets Control• United Nations Security Council• European Union• Other international bodies
Sanctions Compliance• Some sanctions compliance best practices include:
• Development and implementation of policies, procedures and processes to ensure full compliance with all sanctions prohibitions
• Knowledge of different sanctions lists or orders institution organization is subject to
• Sanctions compliance risk assessment
Sanctions Compliance
• Leveraging screening, transaction monitoring to detect and prevent payments in violation of sanctions
• Training programs to all affected employees
• Testing and ongoing updating of lists, policies and procedures – sanctions regimes change constantly
97
AML CycleOrganizational Risk
Assessment Identify and rate risks across the organization and within lines of
business
Customer Identification Program
Collect and verify information on a customer to confirm their identity
and nature of relationship
Customer Profile and Risk Assessment
Establish expected activity and transactions; create an initial
customer risk rating
Automated Transaction Monitoring
Establish alert thresholds, rules and scenarios based on customer profile
and risk assessment
Customer ScreeningScreen customer against sanctions
and watch lists; establish criteria for ongoing screening of transactions
Investigation of Alerts and Incidents
Review any alerts generated on customer, file SARs or modify
customer relationship if necessary
Update and AuditCollect sampling on alert and
transaction data, reassess customer risk, renew KYC
information
High-Risk Customers
• Risk depends on product, geographic region. Examples:• Politically Exposed Persons (PEPs) and their associates• Casinos, securities brokers, dealers in precious metals, stones• Domestic, offshore shell companies• Casas de cambio, currency exchanges, money transmitters• Private investment companies (PIC) • International companies• Deposit brokers• Cash-intensive businesses• Foreign, domestic NGOS, charities• Gatekeepers - attorneys, accountants, etc.
High-Risk Products
• Examples:• Prepaid, payroll cards• “Payable upon proper identification” (PUPID)
transactions• Money remittances• Online banking• Private banking• Trust and asset management services• Monetary instruments
High-Risk Products• Other examples :• Foreign correspondent accounts: bulk currency shipments,
pouch activity, and payable through accounts (PTA) • Trade finance • Services to third party payment processors or senders• Foreign exchange• Special use or concentration accounts • Loans secured by cash collateral and marketable securities • Non-deposit account services, such as non-deposit
investment products and insurance
High-Risk Jurisdictions, Geographic Areas
• Understanding specific money laundering, terrorist financing, corruption, fraud risks of jurisdictions is essential for compliance
• Organization should establish methodology that may include
• Sanctions, terrorist financing lists – OFAC, EU, UN• Jurisdiction's overall reputation – Corruption Perceptions
Index, reports by state departments• Jurisdiction’s adoption of FATF, other international
standards• Regional risk inside a particular jurisdiction
Customer Onboarding and Monitoring
Account opening procedures
Best practices include: • Gathering, verifying, authenticating customer ID materials
through paper documents, electronic verification• Clarifying services customer requests• Screening against sanctions lists, watch lists, PEP lists• Documenting normal, expected activity, including occupation
and business • Documenting relationship with institution or organization,
including all lines of business, subsidiaries
Customer Identification Program (CIP)
• Usually required by jurisdiction’s laws, regulators
• ID information must be collected at account opening, verified within reasonable time after opening
• Verify identity prior to large currency transactions, purchasing certain financial instruments, or ordering wire transfers
• May require identification of beneficial owners in some jurisdictions, particularly legal entities
Enhanced Due Diligence
• For high-risk services, customers, jurisdictions
• Examples include: • Identifying and verifying beneficial owners • Additional investigation of source of funds• Verification of customer, business information through
third-party sources • Augmented transaction monitoring• Thresholds on transactions• Senior management approval of customer relationships,
certain transactions
Employee Onboarding and Monitoring
Best practices for effective “know your employee,” onboarding:
• Assessment begins during interview process• Background screening, especially for criminal history• References and employment history
• Gathering and verifying employee identification materials • Screening employee against sanctions, watch, PEP lists
Employee Onboarding and Monitoring
Best practices for effective “know your employee,” onboarding:
• Providing new employees with organization's written ethics policy, code of conduct
• Appropriate training for position, including regulations and web-based or classroom training with appropriate scenarios
• “Hotline“ for anonymous reporting, direct reporting to compliance that does not go through business lines
Employee Onboarding and Monitoring
Best practices for ongoing employee monitoring:
• Regularly scheduled background screening• Automated exception reports, review of log files• Regular reviews and updates on the company’s ethics
policies and ethical compliance culture• Regular communication reinforcing standards• Ongoing employee training • Selective review of email, electronic communications
for high-risk employees
Transaction Monitoring
• Automated system, either proprietary application or vendor-provided, for ongoing transaction, customer and entity data
• Detection typically accomplished through implementation of financial crime scenarios in two broad categories:
• Rules-based scenarios - identify patterns of behavior related to known financial crime typologies or red flags• Statistical profiling scenarios - identify unusual activity by
modeling typical or expected activity profiles for a specific customer or type of customer and identifying outliers
Transaction Monitoring
• More advanced systems incorporate hybrid of rules-based, statistical approaches
• Transaction monitoring can also incorporate third-party data sources
• As transaction and data volumes grow, analytics becoming increasingly important
• Automatic monitoring no substitute for experienced human supervision, direction
Key Lessons
• Customer due diligence, profiling and risk assessment are key to effective compliance programs
• Essential to establish expected customer behavior, transactions to detect suspicious activity
• Compliance programs are cyclical and ongoing – each step feeds into the next
Practice Question
• A small regional bank recently started using a new transaction monitoring tool that utilizes custom scenarios to identify activity defined by the Financial Crimes Compliance team. There are five scenarios that are live in production. The Analytics team in Financial Crime Compliance Unit researched scenarios and is ready recommend possible changes to the scenarios to management. Which scenario(s) should the Analytics team recommend making changes to first?
Practice Question
A. Scenario A that generated 100 alerts in the past 3 months and 50% of those were deemed suspicious and suspicious transaction reports were filed.
B. Scenario B that generated 180 alerts with a 95% false positive rate.
C. Scenario C that generated no alerts and there appears to be a problem with the data mapping.
D. Scenarios D and E that were put into production in the last 30 days to address a matter requiring attention from a regulator.
Practice Question
Answer A is incorrect and appears to be a well performing scenario. It is generating alerts and the percentage deemed suspicious is reasonable.
Answer B is incorrect because while false positive rate is far too high, it is generating alerts and some are deemed suspicious. The false positive rate is an issue that must be addressed, but this scenario is not the one that needs to be addressed first. There will often be scenarios on the live exam that require picking the best answer. In this case, this is not the best answer.
Practice Question
Answer C is correct as it is clearly a broken scenario since no alert was generated. That there appears to be a problem with the data mapping reinforces the conclusion that this scenario must be addressed first.
Answer D is incorrect as there is no evidence the scenarios are not performing as expected.
Your Questions
Thank you for attending
Recommended