Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Latest Trends in Financial Crime Prevention
Breakfast Briefing
21st March 2016
© CCL Limited 2014 © 2016 CCL Academy Limited
Agenda
Introduction – Nigel Sydenham
Recent Trends in Financial Crime – Dr Bill Peace
The Role of Effective Financial intelligence In Recognising and
Deterring Extremism - Grahame White
The Cybersecurity and Cybercrime Threat Landscape – Colin
Wetherill
Effective Third-Party Due Diligence for Financial Services -
Mark Dunn
Q&A
© CCL Limited 2014 © 2016 CCL Academy Limited
Recent Trends in Financial Crime
Dr Bill Peace
© CCL Limited 2014 © 2016 CCL Academy Limited
Trafficking: the criminal market in people
Human Trafficking • Victims coerced or duped into activity that binds them to criminal
enterprises or individuals; no meaningful consent is given• Trafficking for sex industry; workers for slave labour (domestic,
industrial, commercial, agriculture)• Criminals profit by exploiting victims’ labour• Victims bullied, blackmailed, physically abused; kept in a dependent
state, deprived of money, documents, and outside contact• Often involves exploitation of minors and vulnerable adults
Smuggling of Migrants• Facilitating transport or sustaining illegal residence • Migrants give consent and pay for the service, although they may
suffer harm in the process despite their consent• A worldwide phenomenon, affects most countries and especially
those seen as attractive destinations for economic migrant labour
“We are extremely preoccupied about the increasing and unprecedented global flow of
refugees, internally displaced persons, and migrants…We call upon all nations to tackle the
causes of these crises that have such tragic consequences for so many people” (G7 Declaration – Schloss Elmau Germany 2015)
© CCL Limited 2014 © 2016 CCL Academy Limited
Trafficking Routes...$150bn of criminal profits p.a
© CCL Limited 2014 © 2016 CCL Academy Limited
Trafficking: assessment, policy, regulation enforcement and research
© CCL Limited 2014 © 2016 CCL Academy Limited
The Role of Effective Financial Intelligence in Recognising and Deterring Extremism
Grahame White
© CCL Limited 2014 © 2016 CCL Academy Limited
For further details of training relating to Counter-Terrorist Financing
(CTF), including The CTF Intelligence Simulation, developed and
presented by Grahame White, please contact CCL Academy:
w: www.cclacademy.co.uk
© CCL Limited 2014 © 2016 CCL Academy Limited
The Cybersecurity and Cybercrime Threat Landscape
Colin WetherillCITI
© CCL Limited 2014 © 2016 CCL Academy Limited
The Threats Facing Large and Medium-Sized Organisations
The likelihood of
success
RISK
The hard and soft costs
Impact
The nature and
frequency of potentially
adverse eventsThreat
Vulnerability
© CCL Limited 2014 © 2016 CCL Academy Limited
Some Recent Attacks and Conspiracies
© CCL Limited 2014 © 2016 CCL Academy Limited
Some Key Threats
and Trends
Business
Executive
Compromise
Data
Breaches
Banking
Malware
Phishing
and
Spear
Phishing
The Growing Sophistication
and Automation of Attacks
© CCL Limited 2014 © 2016 CCL Academy Limited
Cashing-Out
Where Cybersecurity, Cybercrime and AML
Converge
© CCL Limited 2014 © 2016 CCL Academy Limited
Cash-Out Schemes
© CCL Limited 2014 © 2016 CCL Academy Limited
Fusion
Partnering and Collaborating to Prevent,
Detect and Respond
Anti-Bribery & Corruption
Third-Party Due DiligenceFocus on financial servicesMarch, 2016
Mark DunnSegment Leader
Entity Due Diligence & Monitoring
LexisNexis Business Insight Solutions
Introduction
Global enforcement trends
Focus on financial services
Lessons learned: Examples of enforcement, investigations and guidance
Third-party due diligence: Process and risk assessment
Towards a consistent third-party due diligence process
Summary
Agenda
17
17
Anti-Bribery & CorruptionGlobal enforcement trends
1818
BNY Mellon to Pay $14.8 Million to Settle Anti-Bribery CaseBloomberg, August 18, 2015
Goodyear agrees to $16M bribery settlementUSA Today, February 24, 2015
IAP Pays $7.1 Million to Settle FCPA ProbeThe Wall Street Journal, June 15, 2015
Louis Berger International pays $17.1 million to settle bribery chargesSupply Management, July 23, 2015
19
Third-party due diligence
Enforcement and reputational risk
“The fine must be substantial enough to have a real
economic impact which will bring home to both
management and shareholders the need to operate within
the law. Whether the fine will have the effect of putting
the offender out of business will be relevant; in some bad
cases this may be an acceptable consequence.”Fraud, Bribery and Money Laundering Offences Definitive Guideline
(UK Sentencing Council)
SEC fines Bristol-Myers Squibb $14 million for allegedly bribing Chinese doctorsMarketWatch, October 5, 2015
BHP Billiton hit with $US25m fine over corruption allegationsABC News, May 20, 2015
“One of the most effective ways to combat corporate
misconduct is by seeking accountability from the
individuals who perpetrated the wrongdoing.”Memorandum: Sally Quillian Yates, Deputy Attorney General (US DoJ)
20
2015 US FCPA corporate actions
• BHP Billiton ($25M)
• Bristol-Myers Squibb ($14M)
• FLIR ($9.5M)
• Goodyear Tire & Rubber Co. ($16.2M)
• Hitachi ($19M)
• Hyperdynamics Corp. ($75K)
• IAP Worldwide Services ($7.1M)
• ICBC Standard Bank ($4.2M)
• Louis Berger International Inc. ($17.1M)
• Mead Johnson Nutrition ($12M)
• PBSJ Corporation ($3.4M)
• The Bank of New York Mellon ($14.8M)
Alleged pending US FCPA actions by sector
January 2016 Corporate Investigations List FCPA Blog
FCPA Blog
Anti-Bribery & Corruption: Third-party due diligence
US enforcement trends
US Enforcement Actions Concerning Bribery of Domestic and Foreign Officials by Industry (1977-2015)
Global Enforcement Report 2015TRACE International
21
Third-party due diligence
Regulators’ Expectations
AUSTRALIA
“The body corporate proves that it exercised
due diligence to prevent the conduct, or the
authorisation or permission. ”Extract from Criminal Code Act 1995 (ComLaw)
BRAZIL
“To decrease the chances that the company may become involved in cases
of corruption or fraud in tenders and contracts, depending on the actions of
third parties, it is important to adopt appropriate checks for contracting
and supervising suppliers, service providers, intermediaries and associates,
among others, primarily in situations of high risk to integrity” Extract from Brazil Clean Company Act Integrity Program Guidelines for Private Companies
(Merrill Brink translation)
SWEDEN
“Companies shall have knowledge of, and when
needed, perform a due diligence review and verify the
integrity of agents and other cooperation partners
before agreements are executed or other forms of
cooperation commenced.”Extract from Code of Business Conduct
(The Swedish Anti-Corruption Institute)
SWITZERLAND
“Particular due diligence has to be applied for the
selection and assignment of local agents.”Extract from Preventing corruption – Information for Swiss
businesses operating abroad (State Secretariat for Economic
Affairs (SECO))
22
Anti-Bribery & Corruption: Third-party due diligence
Non-US enforcement trends
Total Enforcement Actions Concerning Bribery of Domestic and Foreign Officials by Industry(Excluding the United States) (1977-2015)
Global Enforcement Report 2015TRACE International
23
Real GDP GrowthIMF Data Mapper (October 2015)
Transparency InternationalCorruption Perceptions Index (January 2016)
Markets that offer greatest opportunities often perceived as highest risk
High growth
Perceived as high risk
23
Third-party due diligence
Company’s expectations
Key Due Diligence drivers
• Regulatory
Demonstrate robust compliance with national and global
standards on anti-money laundering, anti-Bribery &
corruption and sanctions etc..
• Financial
Mitigate the risks of financial penalties, debarment and loss of
business
• Reputational
Protect brand reputation and demonstrate adherence to
ethical codes and standards
• Strategic
Ensure ongoing business process efficiency and support
effective execution of business strategy to sustain competitive
edge
Third-Party Due DiligenceFocus on financial services
US
2424
“Businesses may reduce the FCPA risks
associated with third-party agents by
implementing an effective compliance
program , which includes due diligence
of any prospective foreign agents ”A Resource Guide to the U.S. Foreign Corrupt
Practices Act (US DoJ, SEC)
“Comprehensive due diligence demonstrates a
genuine commitment to uncovering and
preventing FCPA violations.”A Resource Guide to the U.S. Foreign Corrupt Practices Act
(US DoJ, SEC)
25
Anti-Bribery & Corruption: Third-party due diligence
US Market Expectations
“Properly documented risk-based due diligence
pertaining to the hiring and appropriate and regular
oversight of agents and business partners”Extract from US FCPA Deferred Prosecution Agreements and
Probation Orders (US DoJ)
“Financial institutions are encouraged to develop and maintain
"enhanced scrutiny" practices and procedures designed to
detect and deter transactions that may involve the proceeds of
official corruption by senior foreign political figures, their
immediate family, or their close associates. These practices and
procedures should be viewed as an application of institutions'
due diligence and anti-money laundering policies”Guidance on Enhanced Scrutiny for Transactions That May Involve the Proceeds
of Foreign Official Corruption (US Department of Treasury et al)
“Due Diligence and Third-Party Selection: A bank should conduct
due diligence on all potential third parties before selecting and
entering into contracts or relationships.“Extracts from Third-Party Relationships: Risk Management Guidance
(US Office of the Comptroller of the Currency)
26
Anti-Bribery & Corruption: Third-party due diligence
US Market Expectations: Office of the Comptroller of Currency
Due Diligence and Third-Party SelectionThe degree of due diligence should be commensurate with the level of risk and complexity of the third-party relationship. More extensive due
diligence is necessary when a third-party relationship involves critical activities. On-site visits may be useful to understand fully the third party’s
operations and capacity. If the bank uncovers information that warrants additional scrutiny, it should broaden the scope or assessment methods of the
due diligence as needed.
The bank should consider the following during due diligence:
• Strategies and Goals
• Legal and Regulatory Compliance
• Financial Condition
• Business Experience and Reputation
• Fee Structure and Incentives
• Qualifications, Backgrounds, and Reputations of Company Principals
• Risk Management
• Information Security
• Management of Information Systems
• Resilience
• Incident-Reporting and Management Programs
• Physical Security
• Human Resource Management
• Reliance on Subcontractors
• Insurance Coverage
• Conflicting Contractual Arrangements With Other Parties
Extracts from US Office of the Comptroller of the Currency (OCC): Third-Party Relationships: Risk Management Guidance
“A bank should conduct due diligence on all potential third parties before selecting and entering into
contracts or relationships. A bank should not rely solely on experience with or prior knowledge of the third
party as a proxy for an objective, in-depth assessment of the third party’s ability to perform the activity in
compliance with all applicable laws and regulations and in a safe and sound manner.”
SEC Charges Germany-Based Allianz SE with FCPA Violations
The Securities and Exchange Commission today charged Germany-based insurance and asset management company Allianz SE with
violating the books and records and internal controls provisions of the Foreign Corrupt Practices Act (FCPA) for improper payments to
government officials in Indonesia during a seven-year period.
The SEC’s investigation uncovered 295 insurance contracts on large government projects that were obtained or retained by improper
payments of $650,626 by Allianz’s subsidiary in Indonesia to employees of state-owned entities. Allianz made more than $5.3 million in
profits as a result of the improper payments.
“Allianz’s subsidiary created an 'off-the-books' account that served as a slush fund for bribe payments to foreign officials to win
insurance contracts worth several million dollars,” said Kara Brockmeyer, Chief of the SEC Enforcement Division’s FCPA Unit.
Extracts from SEC Press Release December 17, 2012
Outcome• Without admitting or denying the findings, Allianz agreed to cease and desist from further violations and pay disgorgement of
$5,315,649, prejudgment interest of $1,765,125, and a penalty of $5,315,649 for a total of $12,396,423
• Allianz took various remedial measures, including employment action against several individuals who were involved in the conduct
or failed to stop the conduct.
• Issued new or enhanced FCPA compliance and internal accounting control policies and procedures, including mandating strict
scrutiny of payments to third party intermediaries.
• Updated the anti-corruption clause in its third-party contracts to specifically refer to the FCPA.
• Provided enhanced FCPA compliance training to its employees and improved its current global anti-corruption compliance program
Extracts from SEC Order and SEC Press Release December 17, 2012
27
Anti-Bribery & Corruption: Third-party due diligence
US Foreign Corrupt Practices Act: Books and records and internal controls
SEC Charges BNY Mellon With FCPA ViolationsWashington D.C., Aug. 18, 2015 — The Securities and Exchange Commission today announced that BNY Mellon has agreed to pay $14.8
million to settle charges that it violated the Foreign Corrupt Practices Act (FCPA) by providing valuable student internships to family
members of foreign government officials affiliated with a Middle Eastern sovereign wealth fund...
“Financial services providers face unique corruption risks when seeking to win business in international markets, and we will continue to
scrutinize industries that have not been vigilant about complying with the FCPA,” said Kara Brockmeyer, Chief of the SEC Enforcement
Division’s FCPA Unit.
Extracts from SEC Press Release August 18, 2015
2828
Anti-Bribery & Corruption: Third-party due diligence
US Foreign Corrupt Practices Act: Sovereign wealth funds
Sovereign Wealth Funds Asset MapSovereign Wealth Fund Institute (April 2015) Oil & Gas Non-Oil & Gas
Transparency InternationalCorruption Perceptions Index (January 2016)
Perceived as high risk
Many countries that attract the greatest investment often perceived as highest risk
“We have conducted a recent sweep in the financial services industry that will yield a number of important cases”
Andrew Ceresney, Director, Division of Enforcement, SEC (March, 2015)
Third-Party Due DiligenceFocus on financial services
UK
2929
30
“Most firms failed to demonstrate
adequate systems and controls for
assessing bribery and corruption risks in
relation to dealing with and monitoring
third party relationships, such as
relationships with agents or introducers.”Thematic Review (UK Financial Conduct Authority,)
Anti-Bribery & Corruption: Third-party due diligence
UK Market Expectations
“The commercial organisation applies due diligence
procedures, taking a proportionate and risk based approach, in
respect of persons who perform or will perform services for or
on behalf of the organisation, in order to mitigate identified
bribery risks.” Extract from Bribery Act 2010 Guidance (UK Ministry of Justice)
“Reasonable procedures for undertaking due diligence on
potential projects, acquisitions, business partners, agents,
representatives, distributors, sub-contractors and suppliers”Extract from Deferred Prosecution Agreements Code of Practice
(UK Serious Fraud Office, Crown Prosecution Service)
“There was a general failure to implement a risk-based approach to anti-bribery and corruption
and very weak due diligence and monitoring of third-party relationships and payments.”Extract from Financial Crime: a guide for firms
(UK Financial Conduct Authority)
“Before entering into any formal relationship, sufficient and
appropriate risk-based due diligence should be undertaken ”
Extract from Anti-Bribery and Corruption Guidance 2014
(British Bankers Association)
31
Anti-Bribery & Corruption: Third-party due diligence
UK Market Expectations: Financial Conduct Authority
Anti-bribery and corruption
Corruption and bribery are criminal offences under current UK legislation and the Bribery Act 2010, which came into
force on 1 July 2011. Authorised firms have additional, regulatory, obligations to put in place and maintain policies
and processes to prevent corruption and bribery and to conduct their business with integrity. These are set out in
SYSC 3.2.6R/SYSC 6.1.1R and Principle 1 of our Principles for Businesses (PRIN 2.1.1R).
What is the FCA’s role?
The FCA does not enforce the Bribery Act 2010. Our regulatory powers apply where authorised firms fail adequately
to address corruption and bribery risk, including where these risks arise in relation to third parties acting on behalf of
the firm. We do not need to obtain evidence of corrupt conduct to take regulatory action against a firm.
What should firms do?
Firms must assess the risks of becoming involved in, or facilitating, corruption and bribery. Firms must also take
reasonable steps to prevent those risks crystallising. Reasonable steps are likely to include an anti-corruption policy,
senior management oversight, staff training and, where applicable, due diligence on third parties acting on behalf of
the firm.
Extract from: UK Financial Conduct Authority: Anti-bribery and corruption
“A firm must take reasonable care to establish and maintain effective systems and controls for compliance
with applicable requirements and standards under the regulatory system and for countering the risk that
the firm might be used to further financial crime.”Financial Conduct Authority Handbook
32
FSA fines Willis Limited £6.895 million for anti-bribery and corruption systems and controls failingsBetween January 2005 and December 2009, Willis Limited made payments to overseas third parties who assisted it in winning and retaining
business from overseas clients, particularly in high risk jurisdictions. These payments totaled £27 million. The FSA investigation found that, up
until August 2008, Willis Limited failed to:
• ensure that it established and recorded an adequate commercial rationale to support its payments to overseas third parties;
• ensure that adequate due diligence was carried out on overseas third parties to evaluate the risk involved in doing business with them; and
• adequately review its relationships on a regular basis to confirm whether it was still necessary and appropriate for Willis Limited to
continue with the relationship.
Extracts from UK Financial Services Authority Press Release
July 21, 2011
Primary issues regarding third-party due diligence systems & controls• Due diligence checks not mandatory
• Inconsistent due diligence processes
• Due diligence findings not documented
• Compliance team not alerted to termination of a high risk account relationship
• No requirement under firm’s policies to conduct ongoing review of overseas third-party relationships
“Willis Limited failed to ensure that appropriate due diligence was carried out to address the risks that doing business
with the Overseas Third Party would result in corrupt payments.”
For full details consult UK Financial Services Authority Final Notice
32
Anti-Bribery & Corruption: Third-party due diligence
UK Anti-bribery and corruption systems & controls failings
Due diligence on third-party relationships
Examples of good practice Examples of poor practice
Establishing and documenting policies with a clear definition of a ‘third
party’ and the due diligence required when establishing and reviewing
third-party relationships.
Failing to carry out or document due diligence on third-party
relationships.
More robust due diligence on third parties which pose the greatest risk
of bribery and corruption, including a detailed understanding of the
business case for using them.
Relying heavily on the informal ‘market view’ of the integrity of third
parties as due diligence.
Having a clear understanding of the roles clients, reinsurers, solicitors
and loss adjusters play in transactions to ensure they are not carrying
out higher-risk activities.
Relying on the fact that third-party relationships are longstanding
when no due diligence has ever been carried out.
Taking reasonable steps to verify the information provided by third
parties during the due diligence process. Using third-party forms which
ask relevant questions and clearly state which fields are mandatory.
Carrying out only very basic identity checks as due diligence on higher-
risk third parties.
Having third-party account opening forms reviewed and approved by
compliance, risk or committees involving these areas.
Asking third parties to fill in account opening forms which are not
relevant to them (e.g. individuals filling in forms aimed at corporate
entities).
Using commercially available intelligence tools, databases and/or other
research techniques such as Internet search engines to check third-
party declarations about connections to public officials, clients or the
assured.
Accepting vague explanations of the business case for using third
parties.
Extract: Financial crime: a guide for firms Part 2: Financial crime thematic reviews
April 2015 (UK Financial Conduct Authority)
33
Anti-Bribery & Corruption: Third-party due diligence
UK Market Expectations: UK Financial Conduct Authority
Due diligence on third-party relationships (Continued)
Examples of good practice Examples of poor practice
Routinely informing all parties involved in the insurance transaction
about the involvement of third parties being paid commission.
Approvers of third-party relationships working within the broking
department or being too close to it to provide adequate
challenge.
Ensuring current third-party due diligence standards are appropriate
when business is acquired that is higher risk than existing business.
Accepting instructions from third parties to pay commission to other
individuals or entities which have not been subject to due diligence.
Considering the level of bribery and corruption risk posed by a third
party when agreeing the level of commission.
Assuming that third-party relationships acquired from other firms have
been subject to adequate due diligence.
Setting commission limits or guidelines which take into account risk
factors related to the role of the third party, the country involved and
the class of business.
Paying high levels of commission to third parties used to obtain or
retain higher risk business, especially if their only role is to
introduce the business.
Paying commission to third parties on a one-off fee basis where their
role is pure introduction.
Receiving bank details from third parties via informal channels such as
email, particularly if email addresses are from webmail (e.g. Hotmail)
accounts or do not appear to be obviously connected to the third
party.
Taking reasonable steps to ensure that bank accounts used by third
parties to receive payments are, in fact, controlled by the third party
for which the payment is meant. For example, broker firms might wish
to see the third party’s bank statement or have the third party write
them a low value cheque.
Leaving redundant third-party accounts ‘live’ on the accounting
systems because third-party relationships have not been regularly
reviewed.
Extract: Financial crime: a guide for firms Part 2: Financial crime thematic reviews
April 2015 (UK Financial Conduct Authority)
34
Anti-Bribery & Corruption: Third-party due diligence
UK Market Expectations: UK Financial Conduct Authority
Due diligence on third-party relationships (Continued)
Examples of good practice Examples of poor practice
Higher or extra levels of approval for high risk third-party relationships. Being unable to produce a list of approved third parties, associated due
diligence and details of payments made to them.
Regularly reviewing third-party relationships to identify the nature and
risk profile of third-party relationships.
Maintaining accurate central records of approved third parties, the due
diligence conducted on the relationship and evidence of periodic
reviews.
Extract: Financial crime: a guide for firms Part 2: Financial crime thematic reviews
April 2015 (UK Financial Conduct Authority)
35
Anti-Bribery & Corruption: Third-party due diligence
UK Market Expectations: UK Financial Conduct Authority
UK financial services anti-bribery & corruption guidance includes:
UK Financial Conduct Authority
Financial Crime: a guide for firms
http://fshandbook.info/FS/html/FCA/FC/link/PDF
UK Ministry of Justice
Official Bribery Act 2010 guidance
http://www.justice.gov.uk/guidance/making-and-reviewing-the-law/bribery.htm
British Bankers Association
Anti-Bribery and Corruption Guidance 2014
https://www.bba.org.uk/policy/financial-crime/anti-bribery-and-corruption/anti-bribery-and-corruption-guidance/
36
Anti-Bribery & Corruption: Third-party due diligence
UK Serious Fraud Office Deferred Prosecution Agreement: Standard Bank
SFO agrees first UK DPA with Standard BankThe suspended charge related to a US$6 million payment by a former sister company of Standard Bank, Stanbic Bank Tanzania, in March
2013 to a local partner in Tanzania, Enterprise Growth Market Advisors (EGMA). The SFO alleges that the payment was intended to induce
members of the Government of Tanzania, to show favour to Stanbic Tanzania and Standard Bank's proposal for a US$600 million private
placement to be carried out on behalf of the Government of Tanzania. The placement generated transaction fees of US$8.4 million, shared
by Stanbic Tanzania and Standard Bank.
On 18 April 2013, Standard Bank's solicitors Jones Day reported the matter to the Serious and Organised Crime Agency and on 24 April to
the SFO. It also instructed Jones Day to begin an investigation and to disclose its findings to the SFO. The resulting report was sent to the SFO
on 21 July 2014.
Extracts from UK Serious Fraud Office Press Release
November 30, 2015
Outcome• Pay financial orders of US$25.2 million and will be required to pay the Government of Tanzania a further US$7 million in compensation
• Bank has also agreed to pay the SFO's reasonable costs of £330,000 in relation to the investigation and subsequent resolution of the
DPA.
• In addition to the financial penalty that has been imposed, Standard Bank has agreed to continue to cooperate fully with the SFO and to
be subject to an independent review of its existing anti-bribery and corruption controls, policies and procedures regarding compliance
with the Bribery Act 2010 and other applicable anti-corruption laws. It is required to implement recommendations of the independent
reviewer (Price Waterhouse Coopers LLP)
• The charge against Standard Bank has been suspended for three years, after which, subject to the bank's compliance with the terms of
the DPA, the SFO will discontinue the proceedings.
“KYC checks do not appear to have been conducted in the same level of detail as would have been the case
had Standard Bank conducted its own KYC and/or due diligence on EGMA.”
Selected extracts. For full details consult UK Serious Fraud Office Press Release , Statement of Facts and Deferred Prosecution Agreement
Third-Party Due DiligenceIdentifying and Mitigating Risks
3737
Third-Party Due DiligenceProcess overview
3838
Arrow
1
Arrow 2
Arrow
3
• Risk assessment determines extent
of due diligence required
• Approach to due diligence covers
three stages:
1. Conduct health check
Update records on existing third-parties
2. Manage incoming checks
Conduct due diligence on new third-parties
3. Monitor third-parties
Conduct spot checks and periodic reviews
Third-Party
Due Diligence
Conduct
health check
Manage
incoming checks
Monitor
third-parties
Third-party due diligence
Process Overview
39
Third-Party Due DiligenceRisk Assessment
40
LexisNexis Proprietary & Confidential: For internal office use only 41
Country risk
An organisation should consider the countries in which it operates and assess the following types of factors:
• a specific country’s risk, based on perceived levels of corruption highlighted by country reports and corruption league tables published
by reputable organisations
• anti-bribery legislation and its implementation/enforcement in a specific country
• The organisation’s footprint in that country, including size, product and customer type/industry
Product and business opportunity
This might include an assessment of the bribery risks associated with:
• project finance, particularly where it involves the public sector, including real estate and construction
• mergers and acquisitions
• private equity, including extractive industries, pharmaceuticals and defence
• high-value projects or projects involving many contractors or intermediaries.
Business partnership risk
This might include an assessment of certain relationships perceived as higher risk, such as:
• route to market
• agents and third parties (particularly those located in higher risk jurisdictions who receive substantial remuneration)
• commission structures, e.g. considering whether commission percentages paid to introducers of new business are reasonable,
proportionate and transparent
• the use of intermediaries in transactions with foreign public officials
• consortia or joint venture partners
• syndicated lending arrangements
• politically exposed persons – where the proposed business relationship involves or is linked to a prominent public official.
Anti-Corruption Risk Assessment
Common External Risks
41
Source: UK British Bankers Association Anti-Bribery and Corruption Guidance 2014
LexisNexis Proprietary & Confidential: For internal office use only 42
Government and public official interactions
This might include an assessment of risks such as:
• interaction with public officials in government or government-owned entities i.e. is the public official acting in their formal capacity, or
as a client/representative of the bank
• the nature and extent of government interaction (e.g. central government, local government) by the organisation or other public
official interaction (e.g. quangos, quasi-government bodies including regulators, state owned enterprises including sovereign wealth
funds, international bodies)
• licences and permits
• public procurement
• public business, including bond and equity issuance and underwriting or debt syndication
• political lobbying.
The risk of missing data
Operational risks exist throughout the business and have the potential to impact on anti-bribery and corruption processes and controls, for
example:
• Due Diligence – ineffective processes result in risk information not being identified when undertaking reviews, leading to inaccurate
assessment of potential risk.
• Charitable Donations/Event Sponsorship – data is missing or incorrect leading to ineffective risk assessment
• Facilitation Payments/internal Reporting - escalation procedures are not followed leading to an increased risk of inadequate internal
controls.
Anti-Corruption Risk Assessment
Common External Risks
42
Source: UK British Bankers Association Anti-Bribery and Corruption Guidance 2014
LexisNexis Proprietary & Confidential: For internal office use only 43
Wider risks
The following list is not exhaustive, but wider risks include:
• charitable or political donations and sponsorship
• lobbying
• procurement and sourcing
• advisory and consulting activities
• payment (standing data, paying away to third parties)
• people/HR risks including: o existence and application of disciplinary policies
• remuneration structures and incentives
• ethics and conduct
• deficiencies in employee training, skills and knowledge
• gifts, entertainment and hospitality
• travel expenses
• nature of the organisation, i.e. size, structure and focus of the business.
What should be assessed will vary considerably between different types of organisations and activities. For example, wholesale banking is
likely to focus greater attentions towards certain types of activities e.g. syndicated lending, soft dollar arrangements, sovereign wealth
funds, M&A, real estate brokerage etc., whereas domestic based retail operations may be more concerned with introducing mortgage
brokers. Private wealth banks may focus in particular on risks associated with Political Exposed Persons.
Anti-Corruption Risk Assessment
Common External Risks
43
Source: UK British Bankers Association Anti-Bribery and Corruption Guidance 2014
Social
Communication
And
Training
EconomicKey global factors
driving proactive
enterprise risk
management
Technological
Legal
Political
Environmental
Reputational Financial
Regulatory Strategic
sanctions
embargos
policy
unrest
slowdown
levies
regime change
inflation
forex
ethics
anti-bribery
corruption
slavery
&
trafficking
intellectual
property
data
protection
security
contingency
scalability
stability
reliability
trust
culture
sustainability
waste
pollution
competition
CSR
financial
crime
Third-Party Due DiligenceProcess overview
4545
Verify
Communication
And
Training
Risk
AssessmentDue Diligence
High Level
Process
Audit
Monitor
Identify
Review
Third-party due diligence
Process Overview
46
Third-Party Due DiligenceWhat information do you need?
47
To identify and verify Sources
The business partner’s full, legal name, registered address
and company number or equivalent
•Business partner questionnaire
•Checks of local company registers
Details of the business partner’s shareholdings and
shareholders, including wholly and partly owned
subsidiaries or parent companies
•Business partner questionnaire
•Checks of local company registers
A list of the business partner’s directors and officers, and
any other employees who will be carrying out services for
the organisation, including providing CVs, proof of
citizenship, relationships with any politically exposed
persons, references where appropriate and details of other
companies in which they are involved
•Business partner questionnaire
•Checks of local company registers
•Media searches
Details of other clients of the business partner, or parties
with whom they regularly do business (especially public
officials and government bodies), and how the business
was obtained
•Business partner questionnaire
•Media searches
•Checks with local business groups and
embassies
•Watchlists and PEP databases
Third-party due diligence
What type of checks are conducted?
Source: Extracts from Due diligence: know your business partners (Reed Smith): Serious
Economic Crime: A boardroom guide to prevention and compliance (UK Serious Fraud Office)48
Third-party due diligence
Meeting the beneficial ownership challenge
49
• Identifying and verifying the identity of beneficial owners to uncover potential government connections, regulatory
and other reputational risks is a key third-party due diligence requirement. However, few countries mandate the
collection and availability of beneficial ownership information:
• Ultimately, requiring the third-party to disclose details of beneficial ownership as a condition of doing business is
the primary way of only way of uncovering such data due to the lack of information in the public domain
“Pick any major corruption scandal in recent history – Petrobras, FIFA, Ukraine’s Viktor
Yanukovych – and you will find a secret company was used to pay a bribe, shift and hide stolen
money, or buy luxury real estate in places like London and New York.”(Transparency International)
Reviewing G20 promises on beneficial ownership (Transparency International)
G20 PRINCIPLE 4: ACCESS TO BENEFICIAL OWNERSHIP INFORMATION
To identify and verify Sources
Financial information, including accounts and annual
reports as well as details of any history of insolvency of the
business partner and any of its directors.
•Business partner questionnaire
•Checks of company registers
•Media searches
Details of any legal proceedings or regulatory investigations
involving the business partner or any of its key personnel,
with particular focus on matters involving allegations of
corruption.
•Business partner questionnaire.
•Litigation records.
•Media searches
The precise nature of the intended relationship with the
business partner, what services it intends to provide, how
and by whom these services will be provided, and how it is
going to calculate what remuneration it receives for doing
so.
•Business partner questionnaire
•Contract documentation
What, if any, anti-bribery and corruption policies and
procedures the business partner has in place, and what
due diligence it carries out on third parties with which it
does business.
•Business partner questionnaire
Third-party due diligence
What type of checks are conducted?
Source: Extracts from Due diligence: know your business partners (Reed Smith): Serious
Economic Crime: A boardroom guide to prevention and compliance (UK Serious Fraud Office)50
Third-Party Due DiligenceInformation resources
51
Risk
Assessment
Due Diligence Resources
Low
High
High
Individual
Subscription
Services
Aggregated
Subscription
Services
Outsourced
Risk Advisors
52
Third-party due diligence
Aligning information resources to risk assessment
Benefits
• Free content
• Global coverage
• Easy to access
• Prerequisite for due diligence and screening / complements other research
Things to consider:
• Archival data increasingly requires subscription
• EU ‘Right to be forgotten’ legislation means potential risks maybe less evident
• Difficult to achieve consistency as data sources change daily
• Difficult to audit as source data sometimes hard to verify
• Lack of security (IP tracing)
• Limited support or guarantees
Due diligence resources
53
Individual Subscription Services
Benefits:
• Enables selected content to be purchased to meet specific requirement (i.e. country company data)
• Content maintained, up to date and accurate
• Access secure
Things to consider:
• Additional subscription services may be required over time to cover changing business requirements
• Requires users to learn different search interfaces which impacts consistent process and time efficiency
• Requires users to combine multiple search results into standard reports
• Requires company to maintain multiple contracts with information providers
Due diligence resources
54
Aggregated Subscription Services
Benefits:
• Consolidates all key data via single service for consistent process
• Single interface also helps users speed up due diligence process
• Content maintained, up to date and accurate
• Access secure
• Single contract easier to manage
Things to consider:
• Ensure content required is in line with risk-based approach (e.g. Country coverage, depth of content)
• Availability of local language content and interfaces
Due diligence resources
55
Outsourced Risk Advisors
Benefits:
• Due diligence done for you
• Able to conduct investigations on the ground particularly in high risk markets
• Secure and trusted
Things to consider:
• High costs for basic due diligence research reports
• Impractical for high volumes of simplified due diligence
• Time lag in receiving information
• Reports received may need further validation after review
Due diligence resources
56
Third-Party Due DiligenceTowards a consistent due diligence process
57
58
5858
Sanctions
Lists
Regulatory
Watch lists
Politically
Exposed
Persons list
Identity
documents
ABC Policy
&
Procedures
Identity
verification
Negative
News
Legal
Cases
Web
search
US Public
Records
Customer
Internal List
Incorporation
DocumentsBeneficial
Ownership
Group
Structure
Company
verification
Beneficial
ownershipGroup
structure
PEPs and
Watch lists
Company
Data
OUTSOURCE DUE DILIGENCE TO RISK CONSULTANCY
For specialist local market investigations and surveillance
1. Input name into workflow, case management and audit
2. Identify
Request identification
data collected from
client or third party
3. Check watch lists
Batch search global
sanctions, regulatory,
enforcement and PEP lists
4. Risk assessment
Set criteria determines risk of engaging with client or third-party and extent of due diligence and monitoring applied
5. Simplified due diligence
Basic checks applied if low
risk entity
6. Enhanced due diligence
More in depth checks
applied if high risk entity
ESCALATE Y/N?
7. Outsourced due diligence
More specialist checks
applied if high risk entity
ESCALATE Y/N?
8. Ongoing monitoring
Automated batch checks
against watch lists and
negative news. Periodic
refresh of full due diligence
Negative
NewsSanctions
Lists
Regulatory
Watch lists
Customer
Internal List
Politically
Exposed
Persons list
Negative
News
58
Third-party due diligence
Typical ABC due diligence process
1. Set clear requirements and objectives for role of ABC technology aligned to risk-based approach and to
help manage expectations/define return on investment
2. Try before you buy (trial/test/compare/benchmark/complement other resources)
3. In it for the long haul. Prepare for change (scaleable, flexible tech/integration and pricing / add-ons)
4. Integration/customisation options to use in-house labels, descriptors, user roles, admin levels,
escalation, negative media keywords etc..
5. Consider level of IT commitment (i.e. You host, vendor host?)
6. Consider local language availability (interfaces, content, translation tools etc..)
7. Sufficient training and support (hours, training options etc.)
8. Generate management intelligence/audit data to help track and demonstrate ROI/comply
9. Build in regular reviews with business: to ensure technology remains aligned to changing business and
regulatory requirements / risk based approach
10. Build in regular reviews with vendor (to do same as above) and keep up awareness of new
features/content
59
Third-party due diligence
ABC technology checklist
Regulatory
• Helps demonstrate robust AML, ABC and sanctions complianceand adherence to associated industry standards & best practice
• Helps implementation and ongoing maintenance of a consistentrisk-based approach scaled to company size
• Enables indication of clear risk flags and maintenance of comprehensive audit trail
• Enables more discipline and control to be implemented throughhard coded role profiles, permission settings, incident escalationand approvals to support ‘four eyes’ check
60
Towards a consistent process
Benefits of consolidating key due diligence tasks
Reputational
• Helps protect hard earned brand and business reputationsthrough comprehensive and consistent due diligence processto mitigate AML, ABC and other risks
• Helps business maintain strong ethical standards and adhere tocodes of conduct
• Helps demonstrate and promote robust processes and controlsto customers and business partners
61
Towards a consistent process
Benefits of consolidating key due diligence tasks
Business
• Effective and consistent due diligence process improvesspeed of execution and competitive edge in key high riskdeveloping markets
• Efficient and streamlined onboarding experience enhancesboth external and internal customer and other third-partyservice levels
• Helps Compliance and associated teams reinforce benefitsand emphasise positive contribution to business successthrough improved service levels and provision of moreeffective management intelligence to support Boardengagement
62
Towards a consistent process
Benefits of consolidating key due diligence tasks
Financial
• Helps mitigate regulatory fines, financial penalties and contractdebarment
• Prompts regular review and audit of due diligence researchresources to address content overlap and cost duplicationthereby reducing cost of sale etc.
• Consistent process enables business to easier test andbenchmark cost efficiencies and other associated benefits
63
Towards a consistent process
Benefits of consolidating key due diligence tasks
Summary
65
Need more information?
020 7400 2809
LexisNexis Business Insight Solutions UK
www.bis.lexisnexis.co.uk/blog
Segment Leader , Entity Due DiligenceLexisNexis Business Insight Solutions
Mark Dunn is the Segment Leader for Entity Due
Diligence & Monitoring at LexisNexis. He is
responsible for product management and development
of the LexisNexis Business Insight Solutions due
diligence applications. He is the spokesman on anti-
money laundering, anti-bribery & corruption and
sanctions compliance. He is also responsible for
helping to shape the LexisNexis Risk and Compliance
strategy and business development. Mr. Dunn is a
regular speaker at industry events and has written
extensively for industry journals.
Presenter Biography
For further information, please contact us on: t +971 4 323 0800 e [email protected] www.cclacademy.com
Thank you for attendingClick to edit Master title style
w: http://bis.lexisnexis.co.uk/
w: www.cclacademy.co.uk
Thank you for attending