Chapter 3 Flashcards
Why is a Risk based approach preferrable to a more prescriptive approach?
- flexible risks vary across jurisdictions, customers, products, and delivery channels and over time.
- effectve companies are better equipped assess and the risks they face; and
- proportionate promotes a commonsense approach as opposed to a check-the-box approach. It also allows firms to minimize the adverse impact of anti-money laundering procedures on their low-risk customers.
Three Risk Factors a company must address?
• customer risk factors such as nonresident customers, cash-intensive businesses, complex ownership structure of a company and companies with bearer shares;
• country or geographic risks such as countries with inadequate AM/CFT systems, countries
subject to sanctions or embargos, countries involved with funding or supporting of terrorist
activities or those with significant levels of corruption; and
• product, service, transaction or delivery channel risk factors such as private banking, anonymous
transactions and payments received from unknown third parties.
What events can cause a customer’s risk rating to change?
• unusual activity, such as alerts, cases and suspicious transaction report (STR) filings;
• receipt of law enforcement inquiries, such as subpoenas;
• transactions that violate economic sanctions programs; and
• other considerations, such as significant volumes of activity where it would not be expected,
such as a domestic charity engaging in large international transactions or businesses engaged
in large volumes of cash where this would not normally be expected.
What documents assist companies in identifying high risk countries?
• The U.S. State Department issues an annual International Narcotics Control Strategy Report
rating more than 100 countries on their money laundering controls.
• Transparency International publishes a yearly Corruption Perceptions Index, which rates more
than 100 countries on perceived corruption.
• FATF identifies jurisdictions with weak AMUCFT regimes and issues country-specific Mutual
Evaluation Reports.
• In the United States, certain domestic jurisdictions are evaluated based on whether they fall
within government-identified higher risk geographic locations such as High Intensity Drug
Trafficking Areas (HIDTA) or High Intensity Financial Crime Areas (HIFCA).
the four pillars, the basic elements that must be addressed in an AMIJCFT program are
• a system of internal policies, procedures and controls – Line of Business (first line of defense);
• a designated compliance function with a compliance officer (second line of defense);
• an ongoing employee training program; and
• an independent audit function to test the overall effectiveness of the AML program (third line
of defense)
FinCEN established a fifth pillar that requires appropriate risk-based procedures for conducting ongoing CDD, raising the prominence of this critical aspect of AML/CFT programs to its own pillar. These procedures include:
• understanding the nature and purpose of customer relationships for the purpose of developing
a customer risk profile;
• conducting ongoing monitoring to identify and report suspicious transactions; and
• maintaining and updating customer information.
Who should the independent audit report to?
the board of directors or to a designated board committee composed primarily or completely of outside
directors.
Six guidelines for strengthening AML/CFT compliance culture in financial institutions.
- Leadership must actively support and understand compliance efforts.
- Efforts to manage and mitigate AML/CFT deficiencies and risk must not be compromised by revenue interests
- Relevant information from the various departments within the organization must be shared with compliance staff to further AML/CFT efforts.
- The institution must devote adequate resources to its compliance function.
- The compliance program must be effective. One way to ensure this is by using an independent and competent party to test the program.
- Leadership and staff must understand the purpose of its AML/CFT effofts and how its STR reporting is used.
New York State Department of Financial Services (DFS) issued Final Rule Part 504 on June 30, 2016, requiring regulated institutions to maintain Transaction Monitoring and Filtering Programs (TMPs) reasonably designed to
• monitor transactions after their execution for compliance with the BSA and AML laws and
regulations, including suspicious activity reporting requirements; and
• prevent unlawful transactions with targets of economic sanctions administered by the U.S.
Treasury Department’s Office of Foreign Assets Control (OFAC).
FATF recommends that institutions incorporate the following four measures into their CDD programs
• Identifying the customer and verifying the customer’s identity using reliable independent source
• Identifying the beneficial owners
• Understanding the purpose and intended nature relationship
• Conducting ongoing due diligence on the business relationship and scrutiny of transactions
undertaken throughout the course of the relationship
Sanctions can generally fall into one of the following categories.
- Targeted sanctions: aimed at specifically named individuals
- Sectoral sanctions: aimed at key sectors of an economy
- Comprehensive sanctions: generally prohibit all activity
The U.N. Security Council can take action to maintain or restore international peace and security under
• Chapter VII of the United Nations Charter.
Office of Foreign Assets Control’s (OFAC) Specially Designated Nationals and Blocked Persons (SDN) list
• Names of individuals and businesses, as well as aircraft and ships (vessels) from more than
150 countries that the U.S. government considers to be terrorists, international narcotics traffickers
or others covered by U.S. foreign policy and trade sanctions.
Appropriately functioning technology can equip financial institutions with improved defenses in the fight against financial crime by providing the following.
• Automated customer verification: Using third-party databases to compare information provided by a customer with source data
• Watch list filtering: Screening new accounts, existing customers, beneficiaries
• Transaction monitoring
• Automation of regulatory reporting: Filing suspicious transaction reports (STRs), CTRs, ETC.
• Case management: Providing a dashboard feature to view customer KYC, transaction history
and any investigations undertaken, or regulatory filings filed on a customer.
• Audit trail: Documenting steps taken to demonstrate compliance efforts to auditors and supervisory authorities.
