Warren Dickins, GE Capital International - Case Study: Dealing with the challenges of AML/CTF for an institution with a global footprint

Anti-Money Laundering Summit Sydney

11th September 2014

Warren DickinsFinancial Crime Officer – GE Capital International

Setting Policies to satisfy multiple parties

2

Warren Dickins| September 2014

What is a policy?


A policy is not just a book on a shelf.

It’s your approach to consistently managing a risk or event

type.

Building a policy


Don’t write the policy document

until you’ve built the foundations.

Building a policy


Building a policy – key decisions upfront


+ What audience does the policy cover?

* Who is captured?

* Who is exempt – why?

+ What is the purpose of the policy?

* Legal requirement or drive consistency?

* What happens if you don’t have it?

+ What is your approach?

* Assess each topic to decide if its needed.

* Prescriptive or risk based?

Setting a policy that works

+ Simple is best* Don’t add to the complexity

+ Make it easy to understand (critical)* Avoid clutter – use supporting docs.* Where does the policy fit in?* Are there Guidelines / Standards as well?

+ Make it realistic – can it be achieved?* Prepared for exceptions?* Implementation period?

+

7



+ Impact on stakeholders* Do you know?* Do you care?

+ Keep it generic enough to operationalise* E.g. Transaction Monitoring (Manual or Automated)?* Record keeping (as per local law or set a number)?* Training – centrally produced or local?

+ Let the business work in its jurisdiction* Rigidity may cost sales.* Governance of issues.

8



Set a policy ‘risk’ appetite!

Inform the Board / Senior Management upfront.

Explain likely issues / inconsistencies.

Get their input /acceptance for flexibility (or not!).

Provide examples of what are likely to be gaps.

Understand the desire for central or distributed control.

Is there any appetite at all?

This will be critical for more multi-jurisdiction businesses

Policy Risk Appetite

+ Risk Appetite- What is “must have”- What is “nice to have”- Are you prepared to compromise?- Are you prepared to get out?

+ What do you want?- Compliance with local laws?- Compliance with FATF Standards?- Compliance to the high water mark?- Consistency?

10


Working with overseas group members to overcome cross border challenges

11


The complexity of multi-jurisdictional business


The complexity of multi-jurisdictional business


Everybody believes they are different


Cross border challenges

+ Basic challenges- time zones- languages- different laws- cultural

15



+ Regulatory- Who are you trying to satisfy? - Does the home Regulator have higher standards?- Does the home Regulator fall short of FATF?- Are some of your jurisdictions short of FATF?

+ Political- Are you based in conflicting locations?- Sanctions from one office against another?- Refusal of one location to work with another?

16



+ Global visibility- What does the home Regulator expect you to see?- Can you see it all / Do you need to?- Metrics / Issues reporting

+ Privacy / Data Protection- COEs – cross jurisdictional processes- Shared systems- Barriers to sharing?- Local laws vs desired state

- What is your policy risk appetite?

17


Deal with complexity piece by piece

18


Deal with complexity piece by piece

19



+ Simple is best* Don’t add to the complexity

+ Consider Customer ID* Do you want name / address / dob / Govt ID / other?* Do you want Directors / CEO / Board members?* Do you dictate how it must be collected?* Where is it stored?

+ Customer reviews* Periodic – how often?* Event based?

20



+ UBOs* 25% / 10% (Is it possible?) * Will you force it? (or allow thresholds?)

+ Watchlist screening* Standard lists plus options?* Timing of screening / Adverse media?* What about push back?

+ PEPs* Domestic & International?

* Material PEPs or all?

21


Back to Risk Appetite

+ What is must have?

+ What is nice to have?

+ What is your expectation?- Compliance with local laws?- Compliance with FATF Standards?- Compliance to the high water mark?

Decide at the right level – before writing policy.

22


Influencing partners to adopt your standards without direct control

23


Control of your business

> Do you own 100% of your businesses?

> What about Joint Ventures- majority owned and controlled- equal control / shared model- minority

> What about 3rd parties acting on your behalf?

24


The view your overseas offices wants you to have.


The view according to your home Regulator.

26


Regulator view - control

> What does the Regulator think you control?

> What percentage gives you control?100%? 51%? 49%? 25%?

> What about a sub-JV?

> Does it depend on the jurisdiction or JV partner?

> Do you negotiate? RISK APPETITE AGAIN

27


Consider those you own / control

> “Must comply with global policy” right?

> Your standards impact their business. Ignore or accept local differences – thresholds / exemptions;

> If you don’t compromise they may not be able to comply. Will they tell you that? “Better a friendly denial than unwilling compliance.”

> Relationship is key. Develop / educate / support.

28


Non control - Different strategies apply.What does your risk appetite say?

3rd parties

Must comply with

contract – but its

your obligation.

Are they a cultural

fit?

What is their

incentive?

Joint control

Is it equal in all

regards or front

office / back

office?

Does the

agreement say

they will follow

your Standard?

Trust in the other

partner?

Influence

Minority – no real

control.

Inform them of

your standard.

Negotiate piece by

piece.

Educate them /

staff rotations.

Sub- JVs

What visibility do

you have?

What visibility does

your JV partner

have – can you

rely on them?

May lack control

but aim for MI.

Educate them /

staff rotations.

29


Control of your business

> Back to appetite again

> Do you advise Regulator what you can/cant do?

> Do you sell out of the business?

> These are not decisions to be made at low level

30


Recap

Policy is more than a book

• Collect material then build

• Action upfront may avoid

exemptions

Cross border

• Are you global or local?

• Do you embrace the difference?

Risk Appetite

• Know where you stand

• It’s wider than financial crime

Influence

Accept

Or remove

31


Presenter – Warren DickinsEmail [email protected] 0414 107 653

mailto:[email protected]

Business

Warren Dickins, GE Capital International - Case Study: Dealing with the challenges of AML/CTF for an institution with a global footprint