Chapter 3 Flashcards
MAINTAINING AN AML/CFT RISK MODEL
Why is it important to continue to update and revisit risk assessments?
Risk is dynamic and needs to be continuously managed. It should also be noted that the environment in which each organization operates is subject to continual change. Externally, the political changes of a jurisdiction or whether economic sanctions are imposed or removed may impact a country-risk rating. Internally, organizations respond to market and customer demands by introducing new products and services and implementing new delivery systems. The combination of these changes makes it critical that the ML/TF risk model is subject to regular review. In some countries, there is a legislative obligation for such reviews to be undertaken on a regular basis — usually annually or when new products, delivery channels or customer types are introduced.
AML/CFT RISK SCORING
What does FATF recommend considering when assessing risk?
When assessing risk, FATF recommends considering:
• Customer risk factors such as non-resident customers, cash-intensive businesses, complex ownership structure of a company, and companies with bearer shares.
• Country or geographic risks such as countries with inadequate AML/CFT systems, countries subject to sanctions or embargos, countries involved with funding or supporting of terrorist activities, or those with significant levels of corruption.
• Product, service, transaction or delivery channel risk factors such as private banking, anonymous transactions, and payments received from unknown third parties.)
ASSESSING THE DYNAMIC RISK
OF CUSTOMERS
What are some factors an institution should consider when assessing the dynamic risk of its customers?
As every financial institution develops transaction history with customers, it should consider modifying the risk rating of the customer, based on:
• Unusual activity, such as alerts, cases and suspicious transaction report (STR) filings.
• Receipt of law enforcement inquiries, such as subpoenas.
• Transactions that violate economic sanctions programs.
• Other considerations, such as significant volumes of activity where it would not be expected, such as a domestic charity engaging in large international transactions or businesses engaged in large volumes of cash where this would not normally be expected.
AML/CFT RISK IDENTIFICATION—GEOGRAPHIC LOCATION
What are some sources of identifying countries that pose heightened geographic risk?
- The US State Department issues an annual “International Narcotics Control Strategy Report” rating more than 100 countries on their money laundering controls
- Transparency International publishes a yearly “Corruption Perceptions Index,” which rates more than 100 countries on perceived corruption
- FATF identifies jurisdictions with weak AML/CFT regimes and issues country-specific Mutual Evaluation Reports
- In the United States certain domestic jurisdictions are evaluated based on whether they fall within government-identified higher-risk geographic locations such as High Intensity Drug Trafficking Areas (HIDTA) or High Intensity Financial Crime Areas (HIFCA).
SYSTEM OF INTERNAL POLICIES, PROCEDURES AND CONTROLS
What are some examples of internal controls, outside of policies and procedures?
While policies and procedures provide important guidance, the AML/CFT program also relies on a variety of internal controls, including management reports and other built-in safeguards that keep the program working. These internal controls should enable the compliance organization to recognize deviations from standard procedures and safety protocols. A matter as simple as requiring a corporate officer’s approval or two signatures for transactions that exceed a prescribed amount could be a critical internal control element that if ignored seriously weakens an institution’s AML/CFT program and attracts unwanted attention from supervisory authorities.
THE COMPLIANCE FUNCTION
What factors should be considered when determining the sophistication of a compliance function within an institution?
The sophistication of the compliance function should be based upon the institution’s nature, size, complexity, regulatory environment, and the specific risk associated with the products, services, and clientele. No two institutions will have exactly the same compliance structure because the risk facing each institution is going to be different, as identified in their respective risk assessments.
DESIGNATION AND RESPONSIBILITIES OF A COMPLIANCE OFFICER—COMMUNICATION
Why is it critical that the Compliance Officer have good communications skills?
The compliance officer must also have the means to communicate at all levels of the organization — from front-line associates all the way up to the CEO and Board of Directors. It is critical for a compliance officer to be capable of articulating matters of importance to senior and executive management, particularly significant changes that may present risk to the organization, such as a sudden or substantial increase in STRs or currency transaction reports (CTRs). Other items of concern that need to be escalated to management may include changes to laws or regulations that may require immediate action. A compliance officer must have the skills necessary to be able to analyze and interpret these ongoing changes, determine what effect they may have on the institution, and suggest an action plan when appropriate.
DESIGNATION AND RESPONSIBILITIES OF A COMPLIANCE OFFICER—DELEGATION OF AML DUTIES
What controls should a Compliance Officer consider over an AML duty that has been delegated?
The compliance function may establish risk-based quality assurance reviews and monitoring and testing activities to ensure the functions are being performed appropriately. This may include a review of the CDD collected to ensure completeness, monitoring reports of CDD completeness or defects to ensure the systems are working as expected, and performing testing to assess whether the monitoring and the business performance are satisfactorily measuring and ensuring compliance.
AML/CFT TRAINING — WHO TO TRAIN
What are some of the target audiences for training?
- Customer-facing staff
- Operations personnel
- AML/CFT compliance staff
- Senior management and board of directors
- Independent testing staff
AML/CFT TRAINING — HOW TO TRAIN
Why is it important to have a test at the end of a training session?
Tests should be considered as a means to evaluate how well the training is understood with a mandatory passing score.
AML/CFT TRAINING — WHEN TO TRAIN
When should an institution conduct training?
An institution’s training should be ongoing and on a regular schedule. Existing employees should at least attend an annual training session. New employees should receive appropriate training with respect to their job function and within a reasonable period after joining or transferring to a new job. Situations may arise that demand an immediate session. For example, an emergency training session may be necessary right after an examination or audit that uncovers serious money laundering control deficiencies. A news story that names the institution or recent regulatory action, such as a Consent Order, might also prompt quick-response training. Changes in software, systems, procedures or regulations are additional triggers for training sessions.
KNOW YOUR CUSTOMER/CDD
According to FATF, when should an institution conduct CDD?
FATF recommends that financial institutions should
be required to undertake CDD measures when:
• Establishing business relationships.
• Carrying out occasional transactions under certain circumstances.
• There is a suspicion of money laundering or terrorist financing.
• The financial institution has doubts about the veracity or adequacy of previously obtained customer identification data.
EDD
According to FATF, when should an institution conduct enhanced due diligence on a customer?
FATF indicates that when there are circumstances where the risk of money laundering or terrorist financing is higher, enhanced CDD measures should be taken.
EDD FOR HIGHER RISK CUSTOMERS
What are some examples of enhanced due diligence for higher risk customers?
A financial institution should consider obtaining additional information from high-risk customers such as:
• Source of funds and wealth.
• Identifying information on individuals with control over the account, such as signatories or guarantors.
• Occupation or type of business.
• Financial statements.
• Banking references.
• Domicile.
• Proximity of the customer’s residence, place of employment, or place of business to the bank.
• Description of the customer’s primary trade area and whether international transactions are expected to be routine.
• Description of the business operations, the anticipated volume of currency and total sales, and a list of major customers and suppliers.
• Explanations for changes in account activity.
ACCOUNT OPENING, CUSTOMER IDENTIFICATION AND VERIFICATION
According to FATF, when should the identity of a customer be verified?
A bank should not establish a banking relationship, or carry out any transactions, until the identity of the customer has been satisfactorily established and verified in accordance with FATF Recommendation 10.
CONSOLIDATED CDD
How should a global financial institution address the performance of CDD across its various operations?
Financial institutions should aim to apply their customer acceptance policy, procedures for customer identification, process for monitoring higher risk accounts and risk management framework on a global basis to all of their offices, branches and subsidiaries. The firm should clearly communicate these policies and procedures through ongoing training and regular communications, as well as conduct monitoring and testing to ensure compliance with the policies and procedures.
ECONOMIC SANCTIONS
What are the three primary categories of economic sanctions?
Sanctions can generally fall into one of the following categories:
• Targeted Sanctions — aimed at specifically named individuals, such as key leaders in a country or territory, named terrorists, significant narcotics traffickers and proliferators of weapons of mass destruction. These sanctions often include the freezing of assets and travel bans where possible.
• Sectoral Sanctions — aimed at key sectors of an economy to prohibit a very specific subset of financial dealings within those sectors to impede future growth.
• Comprehensive Sanctions — generally prohibit all direct or indirect import/export, trade brokering, financing or facilitating against most goods, technology and services. These are often aimed at regimes responsible for gross human rights violations,
and nuclear proliferation.
ECONOMIC SANCTIONS—US
What is the Office of Foreign Assets Control’s (OFAC) list of sanctions persons known as?
The Specially Designated Nationals and Blocked Persons (SDN) list
SANCTIONS LIST SCREENING
When should institutions conduct economic sanctions screening?
Before a financial institution starts doing business with a new customer or engaging in certain transactions (e.g., international wire payments), it should review the various country sanction program requirements as well as published lists of known or suspected terrorists, narcotics traffickers, and other criminal actors for potential matches.
POLITICALLY EXPOSED PERSONS SCREENING
What are some of the limitations on screening customers against lists of Politically Exposed Persons?
The information contained in them — and the ability to positively match your customer with a PEP on a database — can be a challenge. These lists do not always provide all relevant information related to PEPs that would assist in identifying them. For instance, there is no unique identifier, such as a date of birth or address.
ASSESSING RISK AND DEVELOPING A RISK-SCORING MODEL
Why is the risk-based approach more preferable than a prescriptive approach in the area of anti-money laundering and counter-terrorist financing?
- Flexible — as money laundering and terrorist financing risks vary across jurisdictions, customers, products and delivery channels, and over time,
- Effective — as companies are better equipped than legislators to effectively assess and mitigate the particular money laundering and terrorist financing risks they face, and
- Proportionate — because a risk-based approach promotes a common sense and intelligent approach to fighting money laundering and terrorist financing as opposed to a “check the box” approach. It also allows firms to minimize the adverse impact of anti-money laundering procedures on their low-risk customers.
THE ELEMENTS OF AN AML PROGRAM—CONTROLS
What are the basic elements of financial institution’s anti-money laundering program?
- A system of internal policies, procedures and controls,
- A designated compliance officer with day-to-day oversight over the AML program,
- An ongoing employee training program, and
- An independent audit function to test the AML program.
THE ELEMENTS OF AN AML
PROGRAM—COMPLIANCE OFFICER
Identify the responsibilities of the anti-money laundering compliance officer.
A person should be designated as the anti-money laundering compliance officer. This individual should be responsible for designing and implementing the program, making necessary changes and disseminating information about the program’s successes and failures to key staff members, constructing anti-money laundering-related content for staff training programs and staying current on legal and regulatory developments in the field.
THE ELEMENTS OF AN AML PROGRAM—TRAINING
What are some characteristics of a successful anti-money laundering compliance training program?
Regulations and laws require financial institutions to have formal, written AML compliance programs that include “training for appropriate personnel.” A successful training program not only should meet the standards set out in the laws and regulations that apply to an institution, but should also satisfy internal policies and procedures and should mitigate the risk of getting caught up in a money aundering scandal. Training is one of the most important ways to stress the importance of anti-money laundering efforts, as well as educating employees about what to do if they encounter potential money laundering.
