Tax evasion, fci, fraud, compliance 2 28-14

Part 3: Asset Recovery

Tax Evasion and EnforcementFinancial Crime Investigations

FraudCompliance Programs and Controls

CFCS Examination Preparation SeriesFebruary 28, 2014

Presented ByCharles Intriago

Brian Kindle

Brian KindleExecutive Director

Association of Certified Financial Crime SpecialistsMiami

Charles A. IntriagoPresident and Founder

Association of Certified Financial Crime SpecialistsMiami

Asset Recovery


5

Asset forfeiture

• Criminal forfeiture- against the defendant or person

• Civil forfeiture- in rem’ - against property - proceeds, instrumentality of crime

• Substitute assets

6

Asset forfeiture

7

International Assistance

• Freezing Orders - Mareva injunctions

• Pure Bill of Discovery - Norwich Pharmacal

• Production Order - Bankers Trust Orders

• Stand and Deliver - Anton Piller Orders

• Lis pendens

• Letters rogatory

8


Mutual Legal Assistance Treaties (MLATs)

• Taking testimony of persons• Providing documents, records and evidence• Service of documents• Locating or identifying persons• Executing requests for search and seizure• Identifying, seizing and tracing proceeds of crime

9


• Foreign ministries, nation's chief legal officer

• Embassies – yours and theirs

• “Back channel" assistance, for location of witnesses, authentication of records

• Direction to useful public sources to uncover true beneficial owner

10

Enforcement of Judgments

• Uniform Foreign Money Judgments Recognition Act

• Domestic judgments often are enforced in

other countries based on "comity"

Third Party Targets

• Third parties can be valuable, if difficult, targets for asset recovery operations

Possible third party targets• Banks • Broker-dealers, investment advisers, etc. • Company directors • Employees• Lawyers • Auditors and certified public accountants

Key Lessons

• Understand viable targets for asset recovery options

• Understand information sources, including open sources like corporate registries

• Many asset recovery operations have cross-border component – recognizing international tools is essential

Review Question

• You are employed as part of an asset recovery team seeking to recover funds from a corrupt government official indicted for bribery and embezzlement in Canada. You have identified financial accounts and properties the official held in several common-law countries, including Australia and the UK.

You are concerned that the official may attempt to transfer funds out of his accounts or dispose of properties while legal proceedings against him are still underway. What is one legal tool you could use to prevent the official from transferring these assets?

Review Question

A. Letters rogatory

B. Anton Pillar order

C. Mareva injuction

D. Production order

Tax Evasion and Enforcement


16

Overview and Definition

• Conduct designed to intentionally and illicitly avoid paying tax liabilities

• Often a thin line between tax evasion and legal “tax avoidance”

• Evasion is a financial crime itself and a common element of all other financial crimes

Convergence of Tax & Money Laundering Enforcement

• Global trend toward criminalization of tax compliance, enforcement will continue

• Convergence with other areas of law -- criminal law, money laundering, asset forfeiture, international evidence gathering

17

Convergence of Tax & Money Laundering Enforcement

18

• In February 2012, FATF issued revised recommendations on anti-money laundering

• For first time, tax offenses expressly listed as predicate for money laundering crimes

19

Tax Shelters

• Mechanism by which taxpayer may protect assets or income from taxation, or delay tax application

• Investments in pension plans and real estate are common examples, many shelters are completely legal

• Shelters can be deemed abusive by tax authorities when designed solely for avoiding or evading taxes

20

Tax or Secrecy Havens

• Jurisdictions that provide secrecy or other means of protecting assets from taxation• Individuals, corporations, other entities can shift

assets to havens through physical relocation, subsidiaries, shell corporations• Havens have been subject to increasing global

pressure

21

Characteristics of Tax or Secrecy Havens

• No or nominal taxes• Lack of effective exchange of tax information• Lack of transparency in the operation of legislative,

legal or administrative processes• Anonymous company formation• Negotiated tax rates• Inconsistent application of tax laws• Little or no regulatory oversight

22

Characteristics of Tax or Secrecy Havens

• No requirement for physical presence, allowing for shell corporations

• Self promotion as offshore financial center

• Examples of tax or secrecy havens• Seychelles• Panama• US states of Delaware, Nevada

23

Methods of Tax Evasion and Tax Fraud

• Income tax evasion can be straightforward as under-reporting income, overstating deductions, or not declaring offshore accounts

• Can be extraordinarily complex, involving offshore accounts and layers of corporate entities

• Tax codes of many jurisdictions are complicated, proving tax evasion requires willful intent to defraud

24

Methods of Tax Evasion and Tax Fraud

• Smuggling and evasion of customs duties• Employment tax fraud• Falsified worker status• Pyramiding• Third-party withholding• Cash payments

• Evasion of value added tax (VAT)• “Missing trader” fraud, carousel fraud

25

Red Flags of Tax Evasion

• Failing to follow advice of accountant, attorney or preparer

• Failing to inform a tax professional of relevant facts • Evidence from employees about irregular tax withholding,

suspicious business practices• Missing or altered books and records• Transfer of assets to an offshore location or secrecy haven• Tax and related documents appear to be backdated• Use of many tax numbers by single person or entity• Submission of suspicious wage and other statements

• March 2010 – FATCA signed into US law• February 2012 – Temporary IRS Regulations Issued• Numerous IRS Notices Since • January 17, 2013 – Final IRS Regulations Issued• Key Effective Date – July 1,2014

FATCA

• Essentially enlists ‘Foreign Financial Institutions (FFIs)’ to act as extension of IRS enforcement network• Identifying US Taxpayers holding financial accounts or

investments in their institutions

• Reporting financial assets, US source income annually to IRS

• Withholding 30%, on behalf of the IRS, on certain payments coming from US for noncompliant accounts, institutions

• Reporting, withholding on accounts and payments to other FFIs that do not comply with FATCA

FATCA Overview

28

Intergovernmental Agreements

Model I and Model II Agreements

• Model I requires FFIs to report information on US accountholders to their tax authorities, which collect and deliver it to IRS

• Model II requires FFIs to report information on US accountholders directly to the IRS.

• IGAs will require some countries to change their tax, privacy laws

• Some IGAs require reciprocal reporting – US institutions must report accountholders to tax authorities of signatory nations

29

FATCA Gaining Momentum

• 70 countries reportedly in talks with US Treasury

• FATCA Partners now include 19 countries ( including

major economies like UK, Mexico, Denmark,

Germany, Ireland, Italy, Switzerland, Spain,

Switzerland, Norway; many smaller jurisdictions)

• Tax transparency now a worldwide initiative

• Participation ‘not an option’

30

G20 and Bank Information Exchange

31

OECD Automatic Exchange Standard

32

Key Lessons

• Understand structures used to evade taxes,

especially offshore legal entities

• Understand common types of tax fraud

schemes, including those involving VAT

• Recognize how FATCA works and how it is

laying groundwork for international tax

enforcement regime

33

Practice Question

Your bank holds a business account for a local tax preparation service.

What would MOST likely trigger further investigation by the compliance department in the bank?

A. Numerous deposits of tax refund checks in the names of different individuals but with common addresses

B. Multiple deposits of checks in the same amount written by different tax service customers

C. Variances in the frequency of transactions depending on the calendar cycleD. A request by the customer to have payments made to the Tax Office

through a certified check process

34

Practice Question

• Answer A is the correct answer due to the fact that this is a classic red flag for tax fraud. Multiple tax refund checks for different individuals going to the same address should set off warning alarms in nearly every jurisdiction.

• Answer B is incorrect because this perfectly fits the customer’s profile. The deposit of checks from different tax service customers is what you would expect as each customer paid their bill for the service. You would also expect many of them to be in the same amount for a typical tax preparation service since the fee for tax preparation would be the same for many customers.

35

Practice Question

• Answer C is incorrect because, once again, this fits the customer profile. You would expect variances depending on the calendar cycle as this is largely a seasonal business based on tax reporting deadlines.

• Answer D is incorrect because there is no indication of tax fraud in this response. The customer is making payments to his jurisdiction’s tax authorities using a certified check, which is simply a check for which a bank has confirmed sufficient funds exist to cover the amount of the check. This is not a viable means to commit tax fraud, and would more likely indicate no fraud is taking place.

Financial Crime Investigations


37

Legal Underpinnings

• Common law systems• Rely on case law, precedent• Legal remedies not in statutes are available• Examples – UK, US, Canada, India, Australia

• Civil law systems• Written laws determine rights, remedies and actions• Examples – Latin America, Continental Europe, Japan

• Helps evaluate ground rules of place where investigation and possible litigation is conducted, costs, likelihood of success

38

Public vs. Private Investigations

• Public investigation by law enforcement agency, grand jury, regulatory body• Deploys all powers, authority of government

• Private investigations by civilians without government powers• Can obtain powerful tools from courts, equitable

remedies, bankruptcy and insolvency laws

39

Investigative Tools and Techniques

• Compulsory power to obtain documents and testimony• Telephone, electronic wire intercepts by government

agencies• Search warrants• Mutual Legal Assistance Treaties (MLATs) and less

formal mutual assistance• Undercover operations• Physical surveillance• Whistleblowers, anonymous tips, informants

40

Open-Source Intelligence

• Publically available information, often online• Many sources, often free and easily discoverable• Online searching and web content• Media outlets and news sources• Public records• Geospatial open source• Professional conferences, live events• Observation and reporting

• Investigation should usually start with exhaustive OSINT before moving to more time-consuming methods

41

Online Open-Source Tools

• Online information increasingly critical in financial crime investigations• Advanced web searching• Searching social networks, blogs• Utilizing free and paid online databases• “Deep web” sources• Reverse image searches• Archived web sites

• Financial criminal use online tools, investigator should take steps to remain secure and anonymous online

42

Interviewing Techniques

• Usually best to begin interviews with persons farthest removed from suspected crime

• Differences between interrogation and interview. In interview, investigator should establish rapport with witness and seek detailed responses.

• Look for knowledge of event, persons or entities involved, physical and intangible evidence

• Plan all elements of interview: location, objectives, needs of the witness

43

Intelligence vs. Evidence

• Intelligence furthers investigation but is not generally admissible in court

• Photos posted online• Information in a news article• Hearsay statements

• Evidence must meet legal rules of admissibility, be material and prove or disprove some relevant matter

• Commercial records obtained by subpoena• Statements made freely to law enforcement agent• Facts observed by enforcement agent conducting lawful

surveillance

44

Investigations Across National Borders

• Many financial crime investigation require assistance from other nations and jurisdictions

• When requesting assistance from another nation for, consider:• Its legal and statutory requirements • How to assure that the information will be admissible as evidence• Will investigative subject be notified of request for assistance? Are

you legally compelled to inform the subject?• Level of probable cause needed to authorize investigative

techniques and enforce court orders

45

Tips and Whistleblowers

• Common trigger of financial crime investigations

• Encouraged by laws authorizing rewards, protections

• Can come from any level of organization up to board of directors

• Wise to maintain skepticism in contact with whistleblowers, who may have their own profit, revenge motives

46

Investigating Employees• Some companies have rules on employee cooperation in

internal investigations, but they must not conflict with laws

• Employee usually has no legal obligation to agree to an interview

• Employer may usually provide employee e-mail, phone logs and computer usage without employee permission, knowledge

• Investigator should consult lawyer on whether it is legal, advisable to obtain employee records without consent

47

Court Orders

• Search warrants • Granted by judge to government agencies, • Specify time, place and items to search• Failure to follow terms may render evidence useless

• Subpoena• Compels a person or entity to produce records, items or

testimony at a place and time• Considerable variation on process among countries

• Preservation orders or litigation holds• Prevent electronic evidence from being deleted or altered

48

Beneficial Owners

• Typically refers to person who maintains ultimate control over funds, assets, legal entities or financial accounts

• Includes individuals who own or control, directly or indirectly, greater than a certain percentage of a legal entity

• Recognizes that person in whose name an entity is formed, asset is held, or account is opened is not necessarily the person who truly controls them

• Determining beneficial owners is critical in KYC, due diligence, investigations, AML and anti-corruption, and more, as it is key to true source, origin and control of funds

49

Corporate Registries

• Collect and store information pertaining to corporations and other legal entities created within a given jurisdiction

• Typically maintained by a government agency or department

• May be a single registry for an entire nation, or multiple registries for different states, regions or cities, depending on jurisdiction

• Serve several purposes:• Record creation or incorporation of new legal entity• Collect required information on legal entities• Make some or all collected information publicly available

50


•The following information is usually available from corporate registries: •The name and type of the legal entity•Date of the company formation, and date when the company was dissolved

if no longer in existence•Articles of incorporation and other company formation documents•A physical address of the corporation, or address of formation agent•Name and address of a registered agent for the company

•Some jurisdictions will provide: •Names and addresses of the legal entity’s directors or officers•Names and addresses of the shareholders, members or other legal owners

of the legal entity

•Beneficial owner of legal entity is very rarely available

51


• Many jurisdictions offer access to registries through websites. Some international bodies also maintain sites that allow direct or indirect access to registry information:

• International Association of Commercial Administrators (IACA) http://www.iaca.org/

• Corporate Registers Forum (CRF) http://www.corporateregistersforum.org • European Business Register (EBR) http://www.ebr.org/section/4/index.html • European Commerce Registers’ Forum http://www.ecrforum.org/ • Association of Registrars of Latin America and the Caribbean (ASORLAC)

http://www.asorlac.org/ingles/portal/default.aspx

http://www.iaca.org/

http://www.corporateregistersforum.org/

http://www.ebr.org/section/4/index.html

http://www.ecrforum.org/

http://www.asorlac.org/ingles/portal/default.aspx

52

Types of Financial Institution Records• Critical source to “follow the money” in financial crime

investigations, often need court order to obtain

Examples

• Deposit tickets • Deposited checks• Checks drawn • Debit memos • Credit memos • Outgoing wire transfer orders • Incoming wire transfers

• Cashier’s checks sold • Foreign currency sold • Signature cards • Monthly statements • Cancelled checks• Cashier’s checks • Money orders sold

53

Summarizing Financial Institution Records

• Investigator should prepare summaries of information in documents from an institution, including:

• Deposits and withdrawals• Checks written on the account• Wire transfers into or out of the account• Fluctuations in account balances

• Obtain all documents related to account opening and customer onboarding: application, customer ID, signature card, due diligence and Know Your Customer records

54

What Financial Institution Records Show

• Some leads that a financial account analysis can provide: • Names of persons, entities that received funds• Names of persons, entities that deposited money • Sources, amounts of income or revenue• Cash withdrawals and purchase of cashier’s checks• Activities of previously unknown businesses and ventures• Wire transfers to, from offshore havens, accounts, nominees• Previously unknown accounts• Liabilities, which lead to other financial statements• Asset acquisition, disposition

55

Other Financial and Commercial Records

Examples

• Commercial invoices• Cancelled checks• Receipts, related expense

documentation• Journal entries

• Statement of cash flows• Vendor and customer lists• Physical inventory• Reconciliation of

intercompany accounts

• Tax returns are also a valuable source of information if they can be obtained legally

56

Protecting the Evidence

• All records should be treated as possible evidence • Implement chain of custody from the start• Document chronology of handling of evidence• Where it was initially located, who got it, where it was

stored, who handled it • Obtain originals where possible

• Maintain records for their integrity• Assure that electronic evidence is not altered or unintentionally

overwritten

57

Key Lessons

• Recognize the types of documents and records that can be employed in financial crime investigations

• Understand the differences between evidence and intelligence, and the proper role of each

• Open source intelligence is highly valuable – be familiar with open sources, online and otherwise

Review Question

58

Securities King was a stock brokerage that collapsed after it was revealed to be running a Ponzi scheme. The scheme has left behind numerous defrauded investors and the brokerage is now being liquidated in bankruptcy court. You are an investigative professional who has been asked to look into a lawyer suspected of involvement in the Ponzi scheme. The lawyer is thought to have handled funds for Securities King through his firm’s account. There has been no prior investigation of the lawyer, and you currently have little information him or his firm.

What would be the most appropriate first step to take in your investigation?

Review Question

59

A. Request that a bankruptcy court judge name you a

receiver of Securities King

B. Contact the lawyer to schedule an interview

C. Thoroughly research the lawyer and his firm online

and in public records

D. Conduct physical surveillance of the lawyer to

understand his movements

Review Question

60

Answer C is the correct answer. While all four responses may be appropriate at some point in the investigation, the question asks for the most appropriate first step.

As you currently have little information on the attorney, it would be inappropriate to approach a judge with a request to be named receiver. Likewise, conducting surveillance and interviewing the attorney are more time-consuming and potentially risky steps best left to later in the investigation, if conducted at all. Starting with thorough open-source research would be the investigative best practice.

Fraud Detection and Prevention


62

Overview and Definition

• Intentional misrepresentation, concealment or deception in pursuit of financial gain or to further a financial crime

• Recent fraud trends• Greater professionalization, smarter attacks• Increased “sharing” of fraud practices• More frauds perpetrated from offshore locations• Technical fraud or cybercrime combined with traditional skills• More collusion between merchants, fraudsters and organization

insiders

63

Understanding and recognizing types of fraud

• Ponzi schemes• Despite recent exposure, remain widespread type of fraud

• Some red flags • Investment returns “too good to be true”• Investment statements show growth or performance

contrary to market trends• Unusual or no fee structure• Lack of information or substance behind investment

• Securities fraud• Misrepresentation around a security, which can be

virtually any tradable asset or financial instrument• Inaccurate or misleading information to encourage

investment• Selling a security that is illegal or nonexistent• Insider trading

• Now facilitated by online communications, social networks, other tools

64


• Common types of securities fraud include– Microcap or “penny stock” frauds, like pump and dump

schemes– Insider trading– Hidden terms and agreements– Fraud tied to falsified reporting or accounting

• In US alone, securities fraud estimated to total $10 – 40 billion annually

65


• Fraud in loans and mortgages• Intentional, material misrepresentation or omission to

obtain loan or larger loan than lender typically grants• May also be perpetrated by lenders: loans with hidden or

predatory terms, unlicensed lenders

Common schemes

66


• Income and employment fraud• Occupancy fraud• Appraisal fraud

• “Shot-gunning” fraud• Cash-back fraud• Foreclosure scams

• Credit and debit card fraud• Need not involve physical fraud; increasingly common to

steal numbers, personal information online• Tampering with card readers at ATM and other point-of-

sale locations through skimmers• Online theft of numbers through compromise of online

security or data breaches• Gathering personal information by sending fake

applications for cards to targets• Physical theft of card

68


• Other types of fraud include:– Insurance– Health care– Government benefits

• Can be perpetrated by an entity against a customer or by customer against an entity

69


• Fastest growing types of consumer fraud• A leading threat to accounts at banks and other

institutions• Common ways to steal identities • Social engineering• Creating fake online identities• Technological tools – skimmers, phishing, malware• Internal fraud and data theft

70

Identity Theft and Fraud

• Common signs indicating a stolen or compromised identity• Alerts and warnings from a credit reporting company• Suspicious documents, including forged or altered IDs• Inconsistent personal identifying information• New credit or debit card request immediately after

notification of change of address

• Identity theft furthers many other fraud schemes• Using stolen identities to obtain government benefits, tax refunds• Obtaining loans or mortgages with false identities• Opening accounts with stolen or false identities

71

Red Flags of Identity Theft

Preventing Fraud

72

• Similar measures as other compliance programs, but training, awareness are even more important in fraud prevention

• Starts with comprehensive fraud risk assessment• Create a team with necessary expertise• Identify organization’s universe of fraud risks

• Fraudulent financial reporting• Misappropriation of assets• Expenditures, liabilities for improper purpose• Revenue and assets obtained by fraud• Costs, expenses avoided by fraud• Financial misconduct by management

Preventing Fraud

73

• Assess likelihood of fraud schemes or scenarios• Assess materiality of risks: which schemes would

have greatest impact• Assess preexisting fraud controls, compare them

against risks• Consider how controls may be over-ridden or manipulated

by employees and others• Employee collusion is serious fraud risk

Key Lessons

74

• Preventing fraud is heavily reliant on awareness, training, and internal controls

• Financial crime professionals should be prepared to identify many types of fraud

• Fraud schemes are frequently linked – one element feeds into larger operation

Review Question

75

• Your institution has recently been dealing with a large number of identity theft cases, in which thieves have stolen sensitive customer data and used it to fraudulently apply for credit cards.

After an initial investigation, you suspect that an employee is participating in the identity theft scheme. What would be the most effective first step you could take to prevent further theft of customer information?

Review Question

76

A. Immediately notify customers whose data has been compromised

B. Restrict access to sensitive customer data, and monitor employee access on an ongoing basis

C. Impose strict alert thresholds in the automated monitoring system for all credit cards

D. Conduct a mandatory ethics seminar with all institution employees

Review Question

77

Answer B is the correct response. Like other review questions, all of these answers could be considered good responses to a data breach or theft.

However, only Answer B will actually serve to prevent further theft of data, which is the focus of the question.

Review Question

78

A mortgage administrator has been dealing with a buyer attempting to obtain a large mortgage on a home from your institution. According to the buyer, he is seeking to purchase the home as an investment property.

The buyer has been behaving erratically and has been difficult to contact at times. Concerned about a potential fraud, the administrator has asked you to examine the mortgage application and accompanying documents.

You note the following information. Which is the best indicator that the buyer may be committing mortgage fraud?

Review Question

79

A. A real estate agent from a nearby city is helping to broker the sale

B. The seller is not currently listed as the occupant of the property

C. The buyer currently has a large mortgage outstanding on his own property

D. The buyer has no previous history of obtaining mortgages from your institution

Review Question

80

Answer C is the correct answer. In the question, it describes the loan applicant as seeking the home as an investment property. However, the applicant has a large mortgage outstanding on his own property, raising questions about his finances and ability to purchase an investment property.

Answer B may also be considered a red flag by some. However, in the question it describes the buyer’s behavior as erratic and potentially suspicious. Since the buyer is already under suspicion, the red flag in Answer C should be given priority. Answers A and D are not indicative of any suspicious or fraudulent activity.

Compliance Programs


• Processes and controls to comply with laws, regulations, other requirements

• Regulatory structure becoming more complex, global

• Convergence moving toward unified “financial crimes risk management”

Overview of Compliance

Programs Within Compliance

• Governance– Analytics– Investigations– Intelligence– Customer Due Diligence– Compliance Audit/Quality Control

Governance

• Enterprise Risk Assessment• Gap Analyses• Creating/Reviewing/Delivering Training• Liaison to Regulators/Examiners and Internal

Audit• Liaison to External Consultants and Auditors

Investigations & Intelligence

• Investigations– Investigate unusual activity– Report on unusual activity– Investigate possible terrorist financing

• Intelligence– Analyze country risk– Analyze enterprise-wide financial crimes risk– Support foreign correspondent banking business

Analytics

• Tools for transaction monitoring• Analytics for enterprise-wide risk assessment• Analytics for customer risk rating• Tools for sanctions monitoring

Customer Onboarding

• Customer Due Diligence - “Know Your Customer”

• Customer Identification Program• Customer Monitoring/Periodic Review• Enhanced Due Diligence (High Risk)

Employee Onboarding

• “Know Your Employee”• Employee Monitoring• Employee “red flags”

• Size, structure, complexity and risks of organization are basis of compliance program

• Compliance program should include policies, procedures and controls

• Controls can be broadly divided into “preventive” and “detective”

Organizational Overview of Financial Crime Program

• Preventive controls include: • CIP and CDD programs• Appropriate training• Risk assessments, gap analysis• Providing line of business reporting, issue remediation• Senior management and board reporting• Liaison with audit, coordination of examinations

Organizational Overview of Financial Crime Program

• Detective controls include:

• Identifying suspicious activity through employee referrals or automated transaction monitoring, customer surveillance• Investigating identified unusual activities • Activity monitoring, predictive analytics• Monitoring employees, third parties• Screening, blocking, rejecting transactions and customers• Reporting • Exiting customer relationships • Compliance testing

Organizational overview of financial crime controls

Risk Assessment• Assessing risks allows understanding of vulnerability,

better resource allocation

• Should consider

• Types of distribution channels used by business unit• Complexity of unit’s business model• Degree of change in business• Size and type of growth in the business

Risk Assessment

Key elements include• Methodology to quantify level of risk

• Methodology to quantify adequacy of controls

• Assessment of risk of each line of business

• Enterprise-wide assessment to identify systemic risk not apparent in a line of business

Sanctions Compliance• Laws or regulations of certain nations prohibit

conducting transactions for certain national governments, entities and persons

• Sanctions are imposed by variety of enforcement agencies, international bodies• US Office of Foreign Assets Control• United Nations Security Council• European Union• Other international bodies

Sanctions Compliance• Some sanctions compliance best practices include:

• Development and implementation of policies, procedures and processes to ensure full compliance with all sanctions prohibitions

• Knowledge of different sanctions lists or orders institution organization is subject to

• Sanctions compliance risk assessment

Sanctions Compliance

• Leveraging screening, transaction monitoring to detect and prevent payments in violation of sanctions

• Training programs to all affected employees

• Testing and ongoing updating of lists, policies and procedures – sanctions regimes change constantly

97

AML CycleOrganizational Risk

Assessment Identify and rate risks across the organization and within lines of

business

Customer Identification Program

Collect and verify information on a customer to confirm their identity

and nature of relationship

Customer Profile and Risk Assessment

Establish expected activity and transactions; create an initial

customer risk rating

Automated Transaction Monitoring

Establish alert thresholds, rules and scenarios based on customer profile

and risk assessment

Customer ScreeningScreen customer against sanctions

and watch lists; establish criteria for ongoing screening of transactions

Investigation of Alerts and Incidents

Review any alerts generated on customer, file SARs or modify

customer relationship if necessary

Update and AuditCollect sampling on alert and

transaction data, reassess customer risk, renew KYC

information

High-Risk Customers

• Risk depends on product, geographic region. Examples:• Politically Exposed Persons (PEPs) and their associates• Casinos, securities brokers, dealers in precious metals, stones• Domestic, offshore shell companies• Casas de cambio, currency exchanges, money transmitters• Private investment companies (PIC) • International companies• Deposit brokers• Cash-intensive businesses• Foreign, domestic NGOS, charities• Gatekeepers - attorneys, accountants, etc.

High-Risk Products

• Examples:• Prepaid, payroll cards• “Payable upon proper identification” (PUPID)

transactions• Money remittances• Online banking• Private banking• Trust and asset management services• Monetary instruments

High-Risk Products• Other examples :• Foreign correspondent accounts: bulk currency shipments,

pouch activity, and payable through accounts (PTA) • Trade finance • Services to third party payment processors or senders• Foreign exchange• Special use or concentration accounts • Loans secured by cash collateral and marketable securities • Non-deposit account services, such as non-deposit

investment products and insurance

High-Risk Jurisdictions, Geographic Areas

• Understanding specific money laundering, terrorist financing, corruption, fraud risks of jurisdictions is essential for compliance

• Organization should establish methodology that may include

• Sanctions, terrorist financing lists – OFAC, EU, UN• Jurisdiction's overall reputation – Corruption Perceptions

Index, reports by state departments• Jurisdiction’s adoption of FATF, other international

standards• Regional risk inside a particular jurisdiction

Customer Onboarding and Monitoring

Account opening procedures

Best practices include: • Gathering, verifying, authenticating customer ID materials

through paper documents, electronic verification• Clarifying services customer requests• Screening against sanctions lists, watch lists, PEP lists• Documenting normal, expected activity, including occupation

and business • Documenting relationship with institution or organization,

including all lines of business, subsidiaries

Customer Identification Program (CIP)

• Usually required by jurisdiction’s laws, regulators

• ID information must be collected at account opening, verified within reasonable time after opening

• Verify identity prior to large currency transactions, purchasing certain financial instruments, or ordering wire transfers

• May require identification of beneficial owners in some jurisdictions, particularly legal entities

Enhanced Due Diligence

• For high-risk services, customers, jurisdictions

• Examples include: • Identifying and verifying beneficial owners • Additional investigation of source of funds• Verification of customer, business information through

third-party sources • Augmented transaction monitoring• Thresholds on transactions• Senior management approval of customer relationships,

certain transactions

Employee Onboarding and Monitoring

Best practices for effective “know your employee,” onboarding:

• Assessment begins during interview process• Background screening, especially for criminal history• References and employment history

• Gathering and verifying employee identification materials • Screening employee against sanctions, watch, PEP lists


Best practices for effective “know your employee,” onboarding:

• Providing new employees with organization's written ethics policy, code of conduct

• Appropriate training for position, including regulations and web-based or classroom training with appropriate scenarios

• “Hotline“ for anonymous reporting, direct reporting to compliance that does not go through business lines


Best practices for ongoing employee monitoring:

• Regularly scheduled background screening• Automated exception reports, review of log files• Regular reviews and updates on the company’s ethics

policies and ethical compliance culture• Regular communication reinforcing standards• Ongoing employee training • Selective review of email, electronic communications

for high-risk employees

Transaction Monitoring

• Automated system, either proprietary application or vendor-provided, for ongoing transaction, customer and entity data

• Detection typically accomplished through implementation of financial crime scenarios in two broad categories:

• Rules-based scenarios - identify patterns of behavior related to known financial crime typologies or red flags• Statistical profiling scenarios - identify unusual activity by

modeling typical or expected activity profiles for a specific customer or type of customer and identifying outliers

Transaction Monitoring

• More advanced systems incorporate hybrid of rules-based, statistical approaches

• Transaction monitoring can also incorporate third-party data sources

• As transaction and data volumes grow, analytics becoming increasingly important

• Automatic monitoring no substitute for experienced human supervision, direction

Key Lessons

• Customer due diligence, profiling and risk assessment are key to effective compliance programs

• Essential to establish expected customer behavior, transactions to detect suspicious activity

• Compliance programs are cyclical and ongoing – each step feeds into the next

Practice Question

• A small regional bank recently started using a new transaction monitoring tool that utilizes custom scenarios to identify activity defined by the Financial Crimes Compliance team. There are five scenarios that are live in production. The Analytics team in Financial Crime Compliance Unit researched scenarios and is ready recommend possible changes to the scenarios to management. Which scenario(s) should the Analytics team recommend making changes to first?

Practice Question

A. Scenario A that generated 100 alerts in the past 3 months and 50% of those were deemed suspicious and suspicious transaction reports were filed.

B. Scenario B that generated 180 alerts with a 95% false positive rate.

C. Scenario C that generated no alerts and there appears to be a problem with the data mapping.

D. Scenarios D and E that were put into production in the last 30 days to address a matter requiring attention from a regulator.

Practice Question

Answer A is incorrect and appears to be a well performing scenario. It is generating alerts and the percentage deemed suspicious is reasonable.

Answer B is incorrect because while false positive rate is far too high, it is generating alerts and some are deemed suspicious. The false positive rate is an issue that must be addressed, but this scenario is not the one that needs to be addressed first. There will often be scenarios on the live exam that require picking the best answer. In this case, this is not the best answer.

Practice Question

Answer C is correct as it is clearly a broken scenario since no alert was generated. That there appears to be a problem with the data mapping reinforces the conclusion that this scenario must be addressed first.

Answer D is incorrect as there is no evidence the scenarios are not performing as expected.

Your Questions

Thank you for attending

Economy & Finance

Tax evasion, fci, fraud, compliance 2 28-14