RISK BASED APPROACH
P i e r r e S i m o n ,M a n a g i n g D i r e c t o r S i m o n L e ga l & C o m p l i a n c e
ACOA SeminarAugust 22, 2012
I. AML Compliance: Elements of successII. Assessment of Risk
- Four Measures- Analysis
III. Due Diligence and Monitoring Controls- Customer Risk Rati ng- Risk Rati ng Methodology- What can Financials Insti tuti ons Do?
IV. Customer Risk Rati ng Model- Customers with a Pre-defi ned Risk Rati ng- All Other Customers
Copyright © 2012 Simon Legal & Compliance. All rights reserved.
TOPICS
2
I.AML COMPLIANCE
Financial Insti tuti ons need to address several aspects of AML tomiti gate regulatory and reputati onal risks
4
AML COMPLIANCE: ELEMENTS OF SUCCESS
Risk Based ApproachAnd Customer Risk
Rating
Written AML PoliciesAnd Procedures
Know Your Customer
And CustomerIdentification
Program
Transaction Monitoring
and SuspiciousActivity Reporting
Organization andGovernanceStructures
AML ComplianceProgram Assessment
And Gap Analysis
AML Training
Copyright © 2012 Simon Legal & Compliance. All rights reserved.
II.ASSESSMENT OF RISK
Insti tuti ons typical ly identi fy, measure and consider four main r isk measures when assessing the quanti ty of AML r isk.
6
ASSESSMENT OF RISK: FOUR MEASURES
Customers Geographies
ServicesProducts
Copyright © 2012 Simon Legal & Compliance. All rights reserved.
7
ASSESSMENT OF RISK: FOUR MEASURES
• International Wires• Internet Banking• High Cash Users
• Private Banking• International Correspondent
Banking• Offshore International
Activity• Account data• Transaction data
• Economic Sanctions• Non-NCCT• Country Watch List
• STR (Suspicious Transactions Report)
• PEP (Politically Exposed Person)
• Industry / Occupation• Nationality• Account Maturity
Customers Geographies
ServicesProducts
Copyright © 2012 Simon Legal & Compliance. All rights reserved.
A wel l -developed r isk assessment can enable a fi nancial insti tuti on to assess and apply appropriate controls to miti gate the r isks. Below is an approach for conducti ng an AML r isk assessment.
8
ASSESSMENT OF RISK: ANALYSIS
Analyze Existing
Risk Rating
Methodology
•Understand the current risk rating model and supporting methodology•Analyze the risk factor categories (e.g., products/services, customers, distribution channels, and geographic locations), as well as individual indicators and their relative weights to assess the logic, consistency and other properties
Interview
Personnel
•Interviews key personnel within appropriate business units to gain an understanding of the inherent AML risks, current controls and the management/reporting structure in place designed to mitigate these risks
Develop New RiskAssessm
entMethodo
logy
•Create a methodology which considers the inherent risks associated with the line of business and the controls in place to mitigate these risks
•Apply additional mitigating controls to the inherent AML risks in order to arrive at the residual AML risks for each of the Business Units, as well as the Bank as a whole
Report Findings
and DevelopRecommendation
s
•Generate and interpret results of risk assessment, document findings and proposed recommendations, and outline next steps
•Implement the enhanced risk rating methodology•Use the risk assessment to drive policy, procedures, controls, testing and auditing
Copyright © 2012 Simon Legal & Compliance. All rights reserved.
III.DUE DILIGENCE AND
MONITORING CONTROLS
P r im a r y p u r p o se : to id e nti f y t h e p o p u lati o n o f h ig h e r r i sk c u sto me rs a n d to fu r t h e r d e s ig n / m o d i f y ex i sti n g d u e d i l i ge n c e p ro c e sse s , m o n i to r in g p ro c e d u re s a n d b u s in e ss p ro c e ss fl ows to a d d re ss t h e r i sk a sso c iate d wi t h t h e c u sto m e rs o f d iff e re nt r i sk leve l s :
E n h a n c e d Du e D i l i ge n c e : – Va r y in g E DD p ro c e d u re s/sta n d a rd s to b e a p p l ie d to c u sto m e rs o f d iff e re nt r i sk l eve l s
E n h a n c e d Tra n sa c ti o n M o n i to r in g : – L eve ra g in g r i sk ra n k in g in m o n i to r in g o f c u sto m e r a c ti v iti e s h e lps d eve lo p a n eff e c ti ve t ra n sa c ti o n mo n i to r in g a s we l l a s ST R fi l in g p ro g ra m • Ad ju ste d mo n i to r in g t h re sh o ld s • A low r i sk c l ie nt wo u ld b e p e r m itt e d to d ev iate mo re f ro m i t s ra n ge o f n o r m a l/ex p e c te d a c ti v i t y t h a n wo u ld a h ig h r i sk c l ie nt
M o d ifi e d B u s in e ss P ro c e ss F lows: – Va r y in g leve l s o f n ew a c co u nt o p e n in g p ro c e d u re s d e p e n d e nt u p o n in iti a l r i sk a sse ssm e nt o f c l ie nt – S t re n gt h e n e d a p p rova l /s ig n o ff re q u i re m e nt s fo r n ew a c co u nt s o p e n e d fo r h ig h r i sk c u sto m e rs – I n c re a se d KYC ve r ifi cati o n re q u i re me nt s fo r h ig h r i sk c u sto m e rs
DUE DILIGENCE CONTROLS: CUSTOMER RISK RATING
10Copyright © 2012 Simon Legal & Compliance. All rights reserved.
In the opti mal theoreti cal setti ng, a l l relevant KYC and transacti onal informati on would be avai lable and uti l ized during the r isk rati ng process. Under this assumpti on of a perfect informati on set , the fol lowing indicators would be considered to identi fy r isk in each category:
1. Customer Demographic Risk - eva luate demographic att r ibutes to ind icate h igher AML r i sk .
2. Product/Transacti on Risk – Bank ing products and t ransacti on types vary s ign ifi cant ly in the leve l o f AML r i sk they represent . Categor i z ing the products and ser v ices off ered he lps identi fy those that pos ing h igher AML r i sk .
3. Geographic Risk – Geographic r i sk i s captured pr imar i ly at the country leve l when t ransacti ons or ig inate or terminate in countr ies that have been l inked to cer ta in types of money launder ing /terror i st fi nanc ing behav ior. As part o f r i sk rati ng , eva luate AML r i sk o f customers based on assoc iated jur i sd icti ons .
DUE DILIGENCE CONTROLS: RISK RATING METHODOLOGY
11Copyright © 2012 Simon Legal & Compliance. All rights reserved.
1. Customer Demographic R i sk - e v a l u a te d e m o g ra p h i c a tt r i b u te s t o i n d i ca te h i g h e r A M L r i s k
DUE DILIGENCE CONTROLS: RISK RATING METHODOLOGY
12
Risk Indicator Example
Higher RiskCustomer Types
• Higher Risk Industries - foreign financial institutions; non-bank financial institutions (MSBs, casinos, brokers/dealers in securities, and dealers in precious metals, stones or jewels); off-shore corporations; deposit brokers; cash intensive businesses (convenience stores, restaurants, retail stores, liquor stores, cigarette distributors, privately-owned ATMs, vending machine operators, and parking garages), non-governmental organizations & charities; asset management• Higher Risk Occupations - student, unemployed, professional service providers (attorneys, accountants, doctors, real estate brokers)• PEPs (Politically Exposed Persons) and senior foreign political figures• Foreign individuals
Customer’sInvestigativeHistory
• STR Suspect• Judicial Foreclosures • Court Rulings
Account Maturity • Client relationship < 1 year
Copyright © 2012 Simon Legal & Compliance. All rights reserved.
2. Product/Transacti on R isk – B a n k i n g p ro d u c t s a n d t ra n s a c ti o n t y p e s va r y s i g n i fi ca n t l y i n t h e l e ve l o f A M L r i s k t h e y r e p r e s e n t . C a te go r i z i n g t h e p ro d u c t s a n d s e r v i c e s o ff e r e d h e l p s i d e n ti f y t h o s e t h a t p o s i n g h i g h e r A M L r i s k .
DUE DILIGENCE CONTROLS: RISK RATING METHODOLOGY
13
Risk Indicator Example
Transaction Types • International Wire Transfers - Customers that exceed the 90th percentile of numberand/or aggregate florin or dollar value of international wire transactions within their peer group(e.g., individual, small business, and large business accounts)• High Cash Users - Customers that exceed the 90th percentile of number and/or aggregate florin or dollar value of cash transactions within their peer group (e.g., individual, smallbusiness, and large business accounts). Alternatively, can be based on the number ofcurrency reports filed• Other higher-risk transaction types including internet banking, transactions in which the primary beneficiary or counterparty is undisclosed, transactions involving large amounts of monetary instruments, and certain types of electronic transactions. All present risk due to the anonymity they provide
Product Types • Large number of different product types held by a customer. Allows for movement offunds and complex transactional patterns• Private Banking – can pose higher AML risk because of the variety, complexity,geographic scope, and high florin or dollar value of many transactions typically taking placethrough these accounts under especially high privacy and confidentiality circumstances;also, greater customer service can increase risk• Other higher-risk banking functions incl. offshore international activity, deposit-takingfacilities, pouch activity (as opposed to domestic courier), and international correspondent banking
Copyright © 2012 Simon Legal & Compliance. All rights reserved.
3. Geographic R i sk – G e o g ra p h i c r i s k i s ca p t u r e d p r i m a r i l y a t t h e co u n t r y l e ve l w h e n t ra n s a c ti o n s o r i g i n a te o r te r m i n a te i n co u n t r i e s t h a t h av e b e e n l i n ke d t o c e r ta i n t y p e s o f m o n e y l a u n d e r i n g / te r ro r i s t fi n a n c i n g b e h av i o r. A s p a r t o f r i s k ra ti n g , e va l u a te A M L r i s k o f c u s t o m e rs b a s e d o n a s s o c i a te d j u r i s d i c ti o n s .
* H igh r i sk jur i sd icti ons can inc lude jur i sd icti ons on the fo l lowing l i sts : – S a n c ti o n L i s te d C o u n t r i e s ( e . g . , E U , U N , O FA C ) – FAT F N o n - co o p e ra ti ve C o u n t r i e s a n d Te r r i t o r i e s – C o u n t r i e s a t R i s k o f S p o n s o r i n g Te r ro r i s m o r F i n a n c i n g Te r ro r i s m – O ff s h o r e F i n a n c i a l C e n te rs
DUE DILIGENCE CONTROLS: RISK RATING METHODOLOGY
14
Risk Indicator Example
High RiskJurisdictions *
• Customer’s location – customers located in high-risk jurisdictions pose a higher AMLrisk• Customers engaging in a significant level of transactions to/from high risk jurisdictions
Copyright © 2012 Simon Legal & Compliance. All rights reserved.
Comprehensive enterprise-wide account monitoring systems enable the bank to detect unusual and potenti al ly suspicious acti vity that may indicate the need for additi onal internal money laundering investi gati ons. Alerts may include tax avoidance schemes.
Alerts on transacti on patt erns or events that exceed stati sti cal thresholds within pre-defi ned scenarios. The systems typical ly uti l ize temporal analysis to evaluate transacti ons over multi ple dimensions of ti me.
High r isk customer survei l lance groups may be identi fi ed, sourced, and monitored in paral lel with the transacti on monitoring system.
Alerts generated by the systems are typical ly c lustered with other intel l igence data and reviewed by a bank’s Financial Intel l igence Unit (“FIU”) or MOT-coordinator. The mission is to bring a focused and proacti ve approach to the operati onal aspects of fi nancial cr imes deterrence, detecti on, and reporti ng. The result can be an enterprise view of r isk from across the organizati on.
MONITORING CONTROLS: WHAT CAN FINANCIAL INSTITUTIONS DO?
15Copyright © 2012 Simon Legal & Compliance. All rights reserved.
Opti mize transacti on monitoring program. Develop a high r isk customer survei l lance program. Aspects of tax evasion can potenti al ly be detected by modifying tr iggers
within the Aruban bank’s wire structuring scenario. Most people typical ly associate structuring with cash deposits; however, this logic is commonly modifi ed to apply to wire transfer acti vity in high r isk customer populati ons, such as for private banking c l ients. Intel l igence data should fl ow from across the organizati on potenti al ly resulti ng in a STR.
MONITORING CONTROLS: WHAT CAN FINANCIAL INSTITUTIONS DO?
16Copyright © 2012 Simon Legal & Compliance. All rights reserved.
IV.CUSTOMER RISK RATING
MODEL
Our customer risk model is based on:
Customers with a predefi ned low or high risk rati ng A risk rati ng (low, medium or high) for all other customers based
on jurisdicti on, industry & sector and nature of company (enti ty type).
Potenti al adjustment of the risk rati ng (at least one level up) or rejecti on of the customer based on material adverse informati on.
CUSTOMER RISK RATING MODEL
18Copyright © 2012 Simon Legal & Compliance. All rights reserved.
The model is shown in the table below and explained in the next sheets.
CUSTOMER RISK RATING MODEL
19
Adjustment for material adverse
information
Predefined risk rating: Low or High
Risk rating based on:- Jurisdiction- Industry and sector- Nature of company (entity type)
Copyright © 2012 Simon Legal & Compliance. All rights reserved.
CUSTOMER RISK RATING MODEL: CUSTOMERS WITH A PREDEFINED RISK RATING
20
There are certain types of (prospecti ve) customers who from a customer integrity perspecti ve represent a lower inherent risk or higher inherent risk. Pre-defi ned and high risk customers are set forth below:
The following customer types automati cally qualify as low risk:
A supervised fi nancial insti tuti on in a low risk jurisdicti on. A publicly traded company in a low risk jurisdicti on which is l isted on a
recognized exchange. This includes all direct and indirect wholly-owned subsidiaries of such a publicly traded company, provided that such a subsidiary is located in a low risk jurisdicti on.
A supervised agent or intermediary in a low risk jurisdicti on. Government departments, agencies or local authoriti es in a low risk
jurisdicti on.
Copyright © 2012 Simon Legal & Compliance. All rights reserved.
CUSTOMER RISK RATING MODEL: CUSTOMERS WITH A PREDEFINED RISK RATING
21
The following customer types automati cally qualify as high risk:
A customer that has issued bearer shares. Bearer shares pose a high r isk because the ownership of these shares may change without any registrati on or noti fi cati on which makes i t d iffi cult to identi fy the ulti mate benefi cial owner(s) . In additi on the companies that issue bearer shares are frequently incorporated in high r isk jurisdicti ons. Therefore customers with bearer shares should be c lass ifi ed as high r isk.
Copyright © 2012 Simon Legal & Compliance. All rights reserved.
For customers that do not qual i fy as pre-defi ned low risk as described in previous sheet a r isk score is calculated based on AML risk associated with the fol lowing 3 main r isk areas:
CUSTOMER RISK RATING MODEL: ALL OTHER CUSTOMERS
CDD Risk Rating
3. Entity Type
1. Country Risk Rating
2. Industries
and sectors
22Copyright © 2012 Simon Legal & Compliance. All rights reserved.
Each category is rated low (L) , medium (M) or high (H) according to how the customers jurisdicti on, enti ty type and industry and sector fa l ls within a pre-defi ned set of rules.
Within the calculati on model every category has the same weight. By s imple counti ng the ti mes that the outcome is low, medium or high, the CDD risk rati ng wi l l be determined.
CUSTOMER RISK RATING MODEL: ALL OTHER CUSTOMERS
23Copyright © 2012 Simon Legal & Compliance. All rights reserved.
The table below shows al l possible combinati ons of category scores and the corresponding CDD risk rati ng.
E x a m p l e : C a t e g o r y j u r i s d i c ti o n i s r a t e d h i g h , c a t e g o r y i n d u s t r y a n d s e c t o r i s r a t e d l o w, c a t e g o r y e n ti t y i s r a t e d m e d i u m . S o r e s u l t i s 1 h i g h , 1 m e d i u m a n d 1 l o w. B a s e d o n t h e t a b l e a b o v e t h e c o n c l u s i o n i s a n i n i ti a l r i s k r a ti n g o f m e d i u m .
CUSTOMER RISK RATING MODEL: ALL OTHER CUSTOMERS
24
Factor risk rankings (Jurisdiction, Industry and Sector and Entity Type): the number of occurrences over all 3 categories
Customer risk classification
HIGH MEDIUM LOW
3x - - High
3x 1x - High
3x - 1x High
1x 2x - High
1x - 2x Medium
1x 1x 1x Medium
- 2x 1x Medium
- 1x 2x Low
- - 3x Low
Copyright © 2012 Simon Legal & Compliance. All rights reserved.
QUESTIONS
25Copyright © 2012 Simon Legal & Compliance. All rights reserved.
P i e r re A . S i m o nM a n a g i n g D i r e c t o r, A n ti - M o n e y L a u n d e r i n g C o n s u l ti n gS i m o n L e g a l & C o m p l i a n c e
P h o n e : + 3 1 ( 0 ) 2 0 - 7 9 9 7 9 5 5p i e r r e @ s i m o n l e g a l . n lW T C H - To w e rZ u i d p l e i n 3 61 0 7 7 X V A m s t e r d a m
P i e r r e i s m a n a g i n g d i r e c t o r a t S i m o n L e g a l & C o m p l i a n c e a n d h a s l e d c o m p l e x , g l o b a l A M L p r o j e c t s a t v a r i e t y o f fi n a n c i a l i n s ti t u ti o n s . P r e v i o u s l y, P i e r r e s e r v e d a s S e n i o r D u e D i l i g e n c e A d v i s o r f o r a l a r g e D u t c h b a n k . P r i o r t o t h a t , h e w a s a B u s i n e s s A n a l y s t A M L i n t h e G l o b a l D u e D i l i g e n c e M a n a g e m e n t g r o u p o f a l a r g e fi n a n c i a l i n s ti t u ti o n w h e r e a m o n g s t o t h e r s h e h e l p e d s e t u p a c o m p l e t e l y n e w C D D d e p a r t m e n t .
H e b e g a n h i s c a r e e r i n 1 9 9 7 a t t h e A r u b a n P o l i c e F o r c e a n d n o w h a s a p r o f e s s i o n a l b a c k g r o u n d a s a p o l i c e o ffi c e r, b u s i n e s s a n a l y s t a n d s e n i o r A M L c o m p l i a n c e c o n s u l t a n t f o r o v e r 1 5 y e a r s . H e s t u d i e d D u t c h L a w a t t h e V U U n i v e r s i t y A m s t e r d a m a n d h a s g a i n e d m o s t o f h i s p r o f e s s i o n a l e x p e r i e n c e w i t h i n l a r g e E u r o p e a n o r g a n i z a ti o n s s u c h a s E u r o n e x t , R a b o b a n k , E u r o c l e a r a n d F o r ti s B a n k ’s G l o b a l S e c u r i ti e s a n d F i n a n c i n g G r o u p a n d i s t h e f o u n d e r o f S i m o n L e g a l & C o m p l i a n c e . P i e r r e fi n d s h i s a d d e d v a l u e e s p e c i a l l y i n c h a l l e n g e s e n v o l v i n g p o l i c y d e v e l o p m e n t & i m p l e m e n t a ti o n s a n d p r o j e c t m a n a g e m e n t w i t h i n fi n a n c i a l i n s ti t u ti o n s .
THANK YOU
26Copyright © 2012 Simon Legal & Compliance. All rights reserved.