AML Risk / Interconnectedness of Risk

Question 1

What are the two broad categories of criminal offences in a business setting?

Answer 1

1. Crimes against individuals, property or services.
2. Violations of laws and regulations that are per se offences.

Question 2

What six methodologies could an organisation use to counter crime?

Answer 2

1. Use of external background checking firms.
2. Implementation of clear conduct policies, checks and procedures.
3. Ongoing training.
4. Regular audits to identify early signs of criminal conduct.
5. Use of security cameras and infrastructure.
6. Use of RM to identify vulnerable areas.

Question 3

What three methodologies might be used for cyber crime prevention purposes?

Answer 3

1. Installation of password-protected firewalls and current antivirus software.
2. Retention of specialist firms to identify and resolve security weak posts (e.g. too many employees with privileged access).
3. Ensure adequate back-up processing of key records.

Question 4

What are the three principal losses arising from financial crime?

Answer 4

1. Direct financial loss (e.g. arising from employee fraud).
2. Reputation and brand loss (e.g. stemming from adverse publicity).
3. Legal and regulatory sanctions due to breach of anti-financial crime laws and regulations.

Question 5

What are the three stages of the money laundering process?

Answer 5

1. Placement.
2. Layering.
3. Integration.

Question 6

How do AML laws generally counteract money laundering?

Answer 6

1. AML laws often define in-scope organisations that are obliged to prevent money from being laundered.
2. Regulated organisations that fail to prevent money laundering may be subject to sanctions.
3. Additionally, directors and senior management personnel of non-compliant regulated organisations may be similarly sanctioned.

Question 7

How do ML and TF risks differ?

Answer 7

1. With ML, am offence must occur from which proceeds of crime are laundered.
2. With TF, funds are mobilised to enable the commission of a relevant offence.

Question 8

How five considerations are relevant to management of ML and TF risks?

Answer 8

1. Process is similar to management of other risks - identification and assessment of prevailing risks, with control and monitoring of the same.
2. For the identification step, organisations should identify how their product and services could be used, inadvertently or deliberately, to support ML or TF.
3. Emphasis should be placed upon the products, services, stakeholders and locations that are most susceptible to ML and TF risks.
4. Exposure should be measured in the usual way (probability x impact).
5. Controls and monitoring arrangements should be implemented to address ML and TF risks (e.g. appointment of MLRO; use of compliance reviews and IA).

Question 9

What four activities are typically subject to AML/CTF regulation?

Answer 9

1. Receipt and execution of large cash transactions (UK - >£10k).
2. Provision of credit.
3. Provision of products that offer investment returns.
4. Provision of certain insurance policies.
   => Solicitors, accountants, banks/breaux de change, estate agents, insurers and investment firms often regulated.

Question 10

How is bribery and corruption regulated in the UK, and what six internal control mechanisms should organisations implement to counteract bribery and corruption?

Answer 10

1. Bribery Act 2020 renders organisations and their employees liability for acts of bribery committed either with public officials or on a business to business basis.
2. Organisations should, hence, introduce internal control mechanisms to counteract bribery and corruption risks, predicated on six principles:
   - Proportionality;
   - Top-level commitment;
   - Risk assessment;
   - Due diligence;
   - Communication;
   - Monitoring and review.
3. Internal controls should be proportionate to the size and risk profile of the relevant organisation - an internationalised mining company, with significant revenue, will require more intricate and responsive controls, than, for example, a small coffee shop chain.

Question 11

What are the three facets of political risk?

Answer 11

1. Represents risks that an organisation may face due to political changes or political instability (e.g. arising from sanctions).
2. Political risks are extremely DIFFICULT TO PREDICT and may lead to SUBSTANTIAL STRATEGIC, FINANCIAL AND EMPLOYEE LOSSES for an organisation.
3. High degree of political freedom as NOT NECESSARILY TRANSLATE into a low level of political risk.

Question 12

Name the two categories of political risk.

Answer 12

1. MACRO RISK - Not organisation-specific, instead AFFECT ENTIRE COUNTRY (e.g. civil war);
2. MICRO RISK - ORGANISATION-SPECIFIC or centric to a project performed by an organisation (e.g. windfall taxation on energy companies).

Question 13

What is behavioural risk management?

Answer 13

1. Emphasis on managing INDIVIDUAL and COLLECTIVE BEHAVIOUR or organisation’s employees, targetting:
   - Attitudes;
   - Perceptions; and
   - Relationships of an organisation’s employees.
2. PROMOTION OF GOOD BEHAVIOURS that help achievement of organisational objectives and PREVENTION OF BAD BEHAVIOURS that threaten that same (e.g. negligence, recklessness, bullying, H&S neglect).
3. Focus on LONG-TERM BENEFITS, rather than SHORT-TERM REWARDS - ensuring adherence to policies/procedures, encouraging communication/adherence to advice/good practices and pursuing personel objectives in a manner consistent with organisational requirements (e.g. FS conduct of business).

Question 14

What is climate change risk?

Answer 14

Presentation of FINANCIAL RISKS to an organisation, arising from two chief causes:
1. PHYSICAL - Changing weather patterns, extreme weather events, rising sea-levels; may be particularly ACUTE IF UNINSURED.
2. TRANSITIONAL - Adjustment to lower/carbon neutral operating models; changes in government climate policy.

Question 15

What does resilience means?

Answer 15

1. RM focused on anticipated impact and probability of risks, to quantify and control exposure. Where there is uncertainty, resilience planning ensures organisation can RESPOND TO UNANTICIPATED RISK EVENTS to MITIGATE their effects.
2. Emphasis is there NOT PREVENTION but EFFECT REDUCTION of uncertainties that become risk events.
3. Four-stage risk reduction process:
   - Implementation of EFFECTIVE CRISIS MANAGEMENT and BUSINESS CONTINUITY ARRANGEMENTS;
   - QUICK REACTION;
   - Investment in EFFECTIVE RISK REDUCTION TOOLS (e.g. PR management); and
   - LEARNING from PAST EVENTS, incluing SUCCESSES and FAILURES.

Question 16

What four risk considerations arise from organisational change?

Answer 16

1. NEW RISKS may emerge as organisations change.
2. Probability and impact of EXISTING RISKS may INCREASE SIGNIFICANTLY.
3. EXISTING RM CONTROLS may be INSUFFICIENT to detect, assess and mitigate these risks.
4. New risks may bring NEW BUT UNEXPLOITED OPPORTUNITIES.

Question 17

What are the three key causes of emerging or changing risks?

Answer 17

1. COMPLEXITY - Function of GLOBALISATION as well as IT developments, increase in regulation, size/structure of organisation, long supply chains and use of outsourced service providers.
2. INTERCONNECTEDNESS - CROSS-BORDER and -SECTOR IMPACT of risks (e.g. Fukushima earthquake => impact on financial markets, semi-conductor production, nuclear energy policy).
3. GLOBALISATION - INCREASING INTERACTION amongst nations and peoples of the world. Risks include - cross-cultural misunderstandings; political extremism; unbalanced economic development due to labour and capital migration distortions; competitive disadvantage of national businesses (v. multinationals); vulnerability of IT imfrastructure to cyber attacs; protectionism; increasing market complexity.

Question 18

What are five principal methods for assessing and controlling emerging risks?

Answer 18

1. Board-level STRATEGIC RISK ASSESSMENTS.
2. SCENARIO PLANNING - Structured means of assessing future risks and opportunities; may be formal, or comprise complex techniques (e.g. systems thinking).
3. REVERSE STRESS-TESTING - Analyses how extreme but plausible may impact an organisation, to the point of non-viability.
4. RESILIENCE and REPUTATIONAL RISK MANAGEMENT.
5. FOSTERING CULTURE of creativity, mindfulness and situation awareness.

Question 19

What are the four key risks arising from social media?

Answer 19

1. Privacy / security of personal identities.
2. Fake news.
3. Velocity - social media reputations may be unseated extremely quickly.
4. Cyber-bullying.

Question 20

What does talent risk management comprise?

Answer 20

1. Recognition that talent risk is a BUSINESS RISK, with personnel being the only organisational assets capable of INNOVATING.
2. Accordingly, talent RM involves benchmarking employee needs and hiring capacity versus external and internal resources - the BOARD SHOULD RETAIN OVERSIGHT of talent management, rather than delegating this to subordinate stakeholders.
3. Talent management practices should be REGULARLY REVIEWED to capitalise on talented employees for GROWTH and EXPANSION into NEW MARKETS.

Question 21

What seven things may an organisation do to address talent risks?

Answer 21

1. Adoption of a talent risk management FRAMEWORK.
2. CONTINGENCY PLANNING and crisis management scenarios (e.g. sudden departure, illness, poaching).
3. BOARD OVERSIGHT of CEO/executive compensation.
4. Rectification of DIVERSITY and PAY GAPS, as part of talent risk management.
5. Implementation of SUCCESS PLANNING processes.
6. Regular provision of TALENT KPIs to board stakeholders.
7. Appointment of a DESIGNATED TALENT MANAGEMENT DIRECTOR to address talent RM.

Question 22

What five new technologies are having a formative impact on businesses and society?

Answer 22

1. BLOCKCHAIN - Real-time, verifiable and permanent means of data processing (e.g. payments, transfers, settlements).
2. ROBO-ADVISORY - Low-cost digital customer service with little or no human interaction.
3. FACIAL RECOGNITION - Used for identifying or veriffying person with digital or video image.
4. VOICE/SPEAK RECOGNITION - Understands and performs spoken commands.
5. AUGMENTED REALITY - Supplement of real world objects with computer-generated perceptual information.

Question 23

What are four digital technlology-related risks?

Answer 23

1. PROFITABILITY IMPACT - Structurally-disruptive technologies may threaten established business models and revenue generation capabilities.
2. EARLY/UNNECESSARY ADOPTION - May bring little benefit, if hte cost-monetary benefit cannot justify early technological adoption or the organisation is not (culturally) ready for deployment.
3. CREATION OF ADDITIONAL/UNFORESEEN RISKS - New technologies often change or create new cyber-security risks.
4. NEAR-IMMEDIATE DISSEMINATION OF NEGATIVE INFORMATION - A digital ecosystem may enable swift and often uncontrollable circulation of compromising information.