Chapter 3 - AML/CFT Compliance Programs Flashcards
FATF Recommendations for assessing risk (3 risk factors)
- Customer risk factors (non resident, cash-intensive, complex ownership structure)
- Geographic risk factors
- Product, Service, Transaction or delivery channel risk factors
AML/CFT Risk Categories
- Prohibited
- High (enhanced controls required)
- Medium (merits additional scrutiny)
- Low (normal / expected activity)
AML / CFT Risk scoring
Institutions are encouraged to use scoring models (1-3 = low, 4-7= medium, 8-10 = high)
Example considerations triggering a modification of customer risk rating
- Unusual activity (alerts, SARs)
- Receipt of law enforcement inquiries
- Transactions that violate economic sanctions
- Activity not in line with ENPR
New products (characteristics that make new products susceptible to ML)
- Enable high volume / value of txn
- Client can transact with minimal oversight
- Users can be anonymous
- Allows value transfer to 3rd parties
- Unusually complex
Elements of an ALM/CFT Program (4 Pillars)
- System of internal policies, procedures and controls (1LoD)
- Designated compliance function with compliance officer (2 LoD)
- Ongoing employee training program
- Independent audit function (3 LoD)
Elements of AML/CFT Program (5th pillar introduced by FinCEN)
Appropriate, risk based procedures for ongoing CDD (normally under pillar 1)
Elements of an AML/CFT program - FinCen Pillar 5 (3 elements)
- Understanding ENPR to develop a risk profile of a client
- Conducting ongoing monitoring to identify and report suspicious txns
- Maintaining and updating customer information
AML Compliance Officer - Delegation of duties (typical subgroups)
- Program Management
- KYC (CRR, QA)
- Screening, Monitoring
- Investigations
AML/CFT Training - WHO TO TRAIN?
- Client facing staff
- Ops staff (esp i. transactions)
- AML/CFT compliance staff
- Independent testing staff
- Board
FinCEN 2014 Advisory on Strengthening AML/CFT Compliance Culture (6 recommendations)
- ) Leadership must understand and support efforts
- ) Risk mitigation efforts must not be compromised by revenue interests
- ) Relevant info from businesses must be shared with compliance
- ) Compliance function must be adequately resourced
- ) Compliance program must be effective (e.g., use independent party to test)
- ) Leadership and staff must understand the importance of regulatory reporting
DFS Final Rule Part 504 (June 2016)
FIs must maintain Transaction Monitoring and Filtering Programs
Board of Directors must make annual certification to DFS that all steps have been taken to comply!
DFS 504 (8 minimum requirements for TMP)
- Identification of all data sources
- Validation of data accuracy
- Data extraction processes must be complete
- Governance and mgt oversight
- Vendor selection process
6, Funding to design, implement and maintain a program - Qualified personnel
- Periodic training
KYC - FATF Recommendation 10 (When to undertake CDD)
- When establishing a client relationship
- When carrying out occasional txn under certain circumstances
- There is suspicious activity
- doubts about the veracity of previously obtained information
7 main elements of a sound CDD program
- Customer Identification (incl. source of Wealth)
- Profiles (ENPR)
- Customer Acceptance
- Risk Rating
- Monitoring
- Investigations
- Documentation
EDD - Customer Risk Factors (examples)
- Non resident clients
- Companies with bearer shares
- Cash intensive businesses
- Unusual circumstances (complex structures)
EDD - Geographic risk factors
- High risk countries
- Countries that share a common border with known physical cross-border activity
EDD - Product, service, txn, delivery channel risk factors
- Private Banking
- Non face to face
EDD - Additional data points to be collected (examples)
- Source of funds
- Identifying information
- Financial statements
- Description of business operations
- Explanations for changes in account activity
