Streamlining Your AML, OFAC & FCPA Compliance ProgramsLeveraging Existing Resources to Increase

Efficiency and Reduce Costs While Ensuring Compliance

Brian C. Loutrel, Vice President, Chief Privacy Officer, New York Life Insurance Co.Cari N. Stinebower. Crowell & Moring, LLPNoreen M. Fierro. Vice President, Corporate Counsel, Prudential Financial

2

Agenda

Alphabet Soup AML, OFAC & FCPA- Offense of one could be

offense of all Leveraging the similarities/acknowledging the

differences The value (or not) of Benchmarking

When structural differences make all the difference When to consider “outsourcing”

Appropriateness of function Ability to actively oversee outsourced work “Internal” vs. “External” “outsourcing”

3

Agenda Leverage, Leverage, Leverage

How to rely on information from other departments to streamline your own processes

International Privacy laws- their impact on multi-nationals and how they influence outsourcing decisions

Specific FCPA Risks for insurers and reinsurers

4

Offense of One could be Offense of All

Basic controls may not be sufficient Benefits to sharing information/developing

complimentary processes Consider this:

Your company is attempting to expand its insurance business in Mexico

Many government approvals are required before a license to sell insurance is granted

Your company has hired a local law firm to assist in procuring the necessary approvals - an engagement letter is executed outlining the law firm’s fees

The Senior Vice President in charge of opening the Mexico operations approves a payment to the law firm that includes not only billable attorney time but some “miscellaneous” charges

Your company wires the fees to the identified bank account in the name of the law firm

5

Offense of one Could be offense of all

You find out after the fact that some of the “miscellaneous fees” included in the law firm’s invoice were to cover “payments” made to local government officials in an effort to procure the necessary licenses to sell insurance

You also determine that one of the local government officials receiving the payments is on the SDN for alleged ties to drug trafficking

PLACEMENT OF FUNDS

LAYERING OF FUNDS

INTEGRATION

Payment sent to Law Firm

Payment placed in Law Firm’s bank account

Funds distributed from Law firm’s bank account to government official for deposit or use elsewhere, integrating them into the financial system

6

MONEY LAUNDERING CONCERNS- Beyond PATRIOT Act applicability18 USC § 1956, et al

7

OFAC ISSUES- Money is sent to SDN

Could have/should have known?

FCPA ISSUES-

Bribe?Books and Records Violations?

Where were the controls?

8

Consider Overlapping Touchpoints-Leverage Existing Processes

Law Department Terms of law firm engagement

▪ Backup documentation for expenses

Lawyer review of invoice Identification of red flags

Internal Approval Processes Are managers being trained to ask the right questions before approving

invoices? More than monetary approval authority

Accounts Payable Necessary documentary backup Copy of law firm engagement or access to ask questions regarding

appropriateness of fees General AML/OFAC/FCPA Compliance program may not

have identified these issues Payment to law firm not likely to hit AML surveillance reports OFAC issue not transparent FCPA issue not immediately transparent

9

To Benchmark or Not?

Generalities can sometimes be misleading

Risk assess differences Resource differences Operational differences Jurisdictional Exposure differences Speak to people who are in charge of process Do not rely on information learned through

basic business channels When it really can be helpful

Learning from others experiences

10

When to Consider “Outsourcing”

Confirm executive support Critical for success of process and your

ability to insure appropriate oversight Consider current processes

Are there functions that naturally lend themselves to outsourcing?▪ OFAC screening▪ Initial CIP vetting

Internal vs. External- Does “outsourcing” have to automatically imply hiring an unrelated third party?

11

When to Consider “Outsourcing”

Build business case Conduct cost-benefit analysis Proper utilization of current resources

Outsourcing does not have to mean “downsizing”

Consider regulatory risk/expectations FINRA 3190 requirements

Value of Benchmarking- Leverage lessons learned from colleagues

12

Leverage, Leverage, Leverage Look for redundancies

Review processes ▪ Are there multiple touch points reviewing the same

data?▪ Could one touch point review the data for multiple purposes?

Sometimes less is more Insure consistency in approach Integrity of data/consistent view of issue or

vendor Maintaining active oversight

Third party vs. other internal departments or divisions

13

Effective Controls vs. Audits

Acknowledge the difference Purposes are usually very distinct Consider what those differences are and/or

look for overlap with general compliance controls

If overlap is identified, consider ways to redirect control or audit resources to enhance overall control/testing environment

Look to develop a complimentary overall program Context is key

14

Privacy-Navigating the ins and outs of different laws when attempting to streamline your compliance program Considerations when outsourcing

Location of data storage Cross-border sharing of information Local law implications/limitations

Security of Data Encryption Vendor commitment Inside/outside firewall solutions

15

Looking for Efficiencies- How to Get Started

Review the basic elements of each program Policy/Procedures

Risk Assessments Frequency/focus

▪ FCPA/OFAC/AML risk profiles while similar are not always equally weighted

Macro level and micro level▪ Business Unit process ▪ Hiring – employees, vendors▪ Use of third parties▪ Role of third parties▪ Payment/Approval processes

FOLLOW THE MONEY

16

Looking for Efficiencies- How to Get Started

Current Screening Processes(OFAC/PEP/Sanctioned Countries/Sanctioned Governments) What information is screened?

▪ Customer/Vendor/Accounts Payable Do you get enough information to adequately

screen?▪ Screening for those owned or controlled by the above

Compliance Testing Training

Avoid the siloed approach Audit Function/Periodic Review

17

Specific Risks for Insurers and Reinsurers

Foreign Agents: Must perform thorough background checks and examine qualifications; be cautious of an agent’s efforts to use front companies to make improper payments

Guarantees: An agent’s refusal to sign a contract confirming that no improper payments were or will be made should prompt close scrutiny

Middlemen: Be wary of any situation where multiple middlemen seem to be performing the same task

Government Relationships: Carefully examine agents who have held government positions or have an ongoing relationship with a government official. Employing an agent solely because of his/her connection to the government risks running afoul of the FCPA

Third Parties: The payment of an agent’s fees to a foreign bank account or to an entity other than the agent is a warning sign of possible FCPA problems

18

Specific Risks for Insurers and Reinsurers

High Risk Country: Take extra care in countries where the standard costs of doing business are perceived to include bribes, pay-offs, and “gifts” to officials

Business: Certain industries present historically higher risks of FCPA violations; note, however, that the DOJ and SEC have increasingly targeted a variety of industries

Commissions: Unreasonably high commissions increase the probability that money will be diverted to pay government officials

Cash Payments: One of the most obvious FCPA warning signs is the transfer of large amounts of cash

Bonuses, Reimbursements, and other Payments: Large bonus payments or reimbursements for unusually high entertainment, advertising, or other administrative expenses may be used as a device to mask illegal payments

19

Specific Risks for Insurers and Reinsurers

Payroll Fraud: The presence on a company’s payroll of persons who are relatives or associates of foreign government officials raises serious FCPA compliance concerns

Secrecy: Be wary of any situation in which a potential agent seems reluctant to fully explain the nature of the proposed activity or to provide clear answers to routine questions

Research: Publicly reported cases of bribery and public corruption should prompt careful review of the company’s operations in that country

Competitor Violations: If the company learns of competitor violations, it should conduct a careful investigation of its operations; in a difficult competitive environment, employees may learn of a competitor’s tactics and be tempted to follow suit