Chapter 3 Anti-Money Laundering/Countering the Financing of Terrorism Compliance Programs Flashcards

Question 1

Q

Assessing AML/CFT Risk

Answer

A

An AML/CFT program should be risk-based

risk-based approach is preferable to a more prescriptive approach in the area of AML/CFT because it is more

Flexible: Money laundering and terrorist financing risks vary over time and across jurisdictions, customers, products, and delivery channels.
Effective: Companies are better equipped than legislators to effectively assess and mitigate the specific money laundering and terrorist financing risks they face.
Proportionate: A risk-based approach promotes a more practical and intelligent approach to fighting money laundering and terrorist financing

Question 2

Q

FATF Recommendations on Assessing Risk

Answer

A

Customer risk factors, such as nonresident customers, cash-intensive businesses, complex ownership structures, and companies with bearer shares
Country or geographic/jurisdictional risks, such as countries with
inadequate AML/CFT systems, sanctioned countries , countries involved TF, and countries with significant levels of corruption
Product, service, transaction, and delivery channel risk factors, such as private banking, anonymous transactions, and payments received from unknown third parties

many organizations find it valuable to develop money
laundering/terrorist financing (ML/TF) risk models that assess risk at the enterprise level

Question 3

Q

Maintaining an AML/CFT Risk Model

Answer

A

A risk-based analysis should include appropriate inherent and residual risks at the country, sectoral, legal entity, and business relationship level, among others

Thorough understanding of the inherent risks in its customer base, products, delivery channels, services offered

This usually requires expert input from the business lines, risk
management, compliance, and legal units, together with advice from external experts, when necessary

guidance is regularly published by various bodies

ML/TF risk model is subject to regular review

In some countries, there is a legislative obligation for such reviews to
be undertaken on a regular basis

Question 4

Q

Understanding AML/CFT Risk

Answer

A

Prohibited: The organization will not tolerate any dealings of any kind
High risk: The risks are significant, but they are not necessarily prohibited,should apply more stringent controls,
Medium Risk: Medium risks merit additional scrutiny, but they do not rise to the level of high risk
Low Risk: This represents the baseline risk of money laundering. Typically, low risk indicates normal, expected activity

Question 5

Q

AML/CFT Risk Scoring

Answer

A

A risk-scoring model uses numeric values to determine the category of risk,categories are then combined to give a composite score

The model can be made more complex by
weighting each of the factors differently, such as putting more emphasis on the type of customer, as opposed to the product or country

when the categories are combined, the customer’s risk profile becomes clearer

The next step is to determine what thresholds to establish for each risk category.

Although there is generally no requirement to
update a risk assessment on a continuous or specified periodic basis, risk assessments should be updated before the launch of a new product or other significant changes.

Periodically reassessing risk-rating criteria will reveal if the customers that are scored as higher risk are actually more likely to engage in potentially suspicious activity

Question 6

Q

Assessing the Dynamic Risk of Customers

Answer

A

initial assessment of the inherent risk,important to consider how a customer’s relationship—and risk—with the
organization changes over time

Modify Risk Ratings based on:

Unusual activity, such as alerts, cases, and SAR filings
Receipt of law enforcement inquiries, such as subpoenas
Transactions that violate economic sanctions programs
Other considerations, such as significant volumes of activity

Question 7

Q

AML/CFT Risk Identification-Customer type

Answer

A

Supervisory authorities in various countries have identified some types of customers are inherently high risk for money laundering, including

Banks,Casinos,Offshore corporations and banks located in tax/banking havens,Embassies,MSBs, including currency exchange houses, money remitters, and check cashers
Virtual currency exchanges
Car, boat, and airplane dealerships
Used car and truck dealers and machine parts manufacturers
Professional service providers (e.g., attorneys, accountants, investment brokers, and other third parties who act as financial liaisons for their clients)
Travel agencies
Broker-dealers in securities
Jewel, gem, and precious metals dealers
Import and export companies
Cash-intensive businesses (e.g., restaurants, retail stores, parking)

Question 8

Q

Geographic location/jurisdiction

Answer

A

Sanction lists by (FCA), OFAC, FinCEN, the EU, the
World Bank, the United Nations Security Council, and each local jurisdictions’ regulatory and law enforcement agencies

A risk management model should also take into
account whether a country is a member of FATF or an FSRB and has AML/CFT requirements equivalent to international best practices

How Cash intensive is the country

How to identify High risk countries:

The US Department of State issues an annual International Narcotics Control Strategy Report, which rates more than 100 countries on their money laundering controls.
Transparency International publishes a yearly Corruption Perceptions Index, which rates more than 100 countries on perceived corruption.
FATF identifies jurisdictions with weak AML/CFT regimes and issues
country-specific mutual evaluation reports.
In the US, certain domestic jurisdictions are evaluated based on whether they fall within government-identified higher risk geographic locations, such as high-intensity drug trafficking areas (HIDTAs) and high-intensity financial crime areas (HIFCAs)

Question 9

Q

Products and services

Answer

A

The compliance officer should be an active participant in project teams that identify appropriate control frameworks for new products and systems.

This risk rating calculated using several product-related factors

likelihood that the product requested might be used for money laundering or terrorist financing.

When assessing the AML/CFT risks of products and services, consider
whether they:
* Enable significant volumes of transactions to occur rapidly
* Allow the customer to engage in transactions with minimal oversight by
the organization
* Afford significant levels of anonymity to the users
* Have an especially high transaction or investment value
* Allow payments to third parties
* Have unusual complexity
* Require government verification of customer eligibility

Question 10

Q

Products and services-certain banking functions and products

Answer

A

Private banking
Offshore international activity
Deposit-taking facilities
Wire transfer and cash-management functions
Transactions in which the primary beneficiary is undisclosed
Loan guarantee schemes
Travelers checks
Official bank checks
Money orders
Foreign exchange transactions
International remittances
Payment services such as payment processors, prepaid products,
automatic clearing house
Remote deposit capture
Trade-financing transactions with unusual pricing features
Payable through accounts

Question 11

Q

AML/CFT risk identification (Case example: Failure to identify high-risk activity)

Answer

A

September 2020, Westpac Banking Corporation,AUD$1.3 billion for over 23 million breaches of Australia’s (AML/CTF) Act

(AUSTRAC) aunched legal action against Westpac in November 2019, for failing to detect and report nearly 3,000 transactions related to child trafficking

In 2016, senior managers were alerted to the risk of suspicious payments using its low-value payment service, LitePay. Westpac did not implement controls to detect illicit activity using LitePay for two years

May 2016 Westpac had determined that the child exploitation risks,ow-value payments to the Philippines,ntroduced a detection scenario to one of its payment channels that failed to
detect any issues,detection test was replaced by another in June 2018,applied to only one payment channel, LitePay.

Twelve customers were identified Eleven of them had activity patterns of frequent, lowvalue transactions that were consistent with child exploitation.

customer had a prior conviction for child sexual exploitation, which should have triggered EDD by the bank

Westpac had also failed to adequately assess high-risk
correspondent banking risks, other banks
that held nested relationships with respondents,DRC, Iraq, Libya, and Zimbabwe.

Question 12

Q

AML/CFT risk identification (Case example: Failure to identify high-risk activity)-Key Takeaways

Answer

A

Westpac did not apply the correct typologies or monitoring tools to detect payments linked to child exploitation, even when the risks had been identified.
Westpac did not have a consistent and clear understanding of its AML/CFT risk and how it should be managed and mitigated.
Westpac’s control failures extended to other high-risk areas such as
correspondent banking.

Question 13

Q

The Elements of an AML/CFT Program

Answer

A

Four Pillars:

*A system of internal policies, procedures, and controls (first line of
defense)
* A designated compliance function with a compliance officer (second line
of defense)
* An ongoing employee training program
* An independent audit function to test the overall effectiveness of the AML program (third line of defense)

FinCEN established a fifth pillar that requires appropriate, risk-based procedures for CDD

These procedures include:
* Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile
* Conducting ongoing monitoring to identify and report suspicious
transactions
* Maintaining and updating customer information

Question 14

Q

A System of Internal Policies, Procedures,
and Controls

Answer

A

every employee throughout a financial organization, at all levels of the organization, must contribute to the creation, maintenance, and overall success of the AML/CFT program

large financial organizations, there is a critical need to adopt an enterprisewide approach

there is also a need to accommodate regional and/or business line-specific requirements

achieved by having a different version of the AML/CFT program or by having country-specific addenda to the global AML/CFT program

Internal AML/CFT policies should be established and approved by executive management and the board of directors

The standard AML/CFT operating procedures should be drafted at the operational level in the financial organization,procedures must be
modified and updated, as needed.

Procedures more detailed than policies as they focus on how to achieve the policy goals. Procedures also form a base for Training and Compliance Monitoring Program.

Internal controls, including management reports and other built-in safeguards, four eyed principle, technology

Question 15

Q

AML policies, procedures, and controls

Answer

A

An AML/CFT compliance program should be in writing and include policies, procedures, and controls that are designed to prevent, detect, and deter money laundering and terrorist financing, including how the organization will:

Identify high-risk operations
Periodically update its risk profile and provide for an AML/CFT compliance program tailored to manage risks
Inform the board of directors of compliance related actions
Assign clear accountability to people for performance of duties
Provide for program continuity, despite org changes
Meet all regulatory requirements and recommendations
Provide for periodic review and timely updates
Implement risk-based CDD policies, procedures, and processes
Provide for dual controls and segregation of duties.
Comply with all recordkeeping requirements
Provide sufficient controls and monitoring systems for detection and reporting of SARs and large transaction reporting
Establish clear accountability lines and responsibilities
Establish training requirements and standards
Clearly explain the importance of reporting suspicious activity
Incorporate into all job descriptions and performance review processes the requirement to comply at all times with AML policies and procedures
Develop and implement screening programs during hiring
Develop and implement quality assurance testing programs

Question 16

Q

A system of internal policies, procedures,
and controls (Case example: Lack of overall
policy control and oversight)

Answer

A

In October 2016,Monetary Authority of Singapore (MAS)revoked the license of the Singapore branch of Falcon Bank Limited

Individual linked to the 1Malaysia Development Berhad (1MDB) scandal and was facilitated by the actions of a former member of senior management

fine of SGD 4.3 million,14 breaches of AML/CTF regulations, branch manager28 weeks in jail and personally fined SGD 128,000

first identified AML/CFT failings in 2013,follow-up inspection in 2015, the situation had deteriorated

2012 and mid-2015 approved US$3.8 billion of asset transfers linked to the 1MDB fund Despite red flags in these payments processed via urging of senior management

branch manager ,failing to take action on more than SGD 1.3 billion or US$1 billion in payments linked to 1MDB, accused of lying about his links to the alleged mastermind of the 1MDB

Question 17

Q

A system of internal policies, procedures,
and controls (Case example: Lack of overall
policy control and oversight)-Key takeaways

Answer

A

Falcon Bank failed to remedy its AML/CTF control deficiencies, and
regulators found the situation got progressively worse.
Senior management exerted influence to facilitate transactions that were flagged as suspicious and unusually large.
The sentencing of the Singapore branch manager was intended to be a deterrent to other bankers.

Question 18

Q

A system of internal policies, procedures,
and controls (Case example: PEP risks)

Answer

A

April 2017,Hong Kong Monetary Authority (HKMA),Hong Kong
branch of Coutts & Co AG HKD 7 million.

failed to identify PEPs due to a lack of effective policies and procedures,

only partial screening of customers, lack of action on screening alerts, delays in obtaining senior management approvals for customer relationships with PEPs, and undisclosed customer due diligence (CDD) failures

between 2012 and 2015, Coutts failed to establish effective procedures for identifying PEPs

Coutts had subscribed to a commercially available PEP database that generated alerts during screening, but they were not promptly addressed

HKMA found four instances of PEPs who were not identified or
classified as high-risk customers, despite publicly available information

failed to establish effective procedures for PEP alerts,did not establish a management information system to oversee
the approval process,s limited PEP screening to new customers,identified nine PEPs without management approvals, of which five had generated alerts that were not promptly addressed

Question 19

Q

A system of internal policies, procedures,
and controls (Case example: PEP risks)-Key takeaways

Answer

A

Effective policies and procedures for PEPs require an effective control framework based on local regulations.
PEP screening should be conducted throughout the customer relationship. PEP policies and procedures need to explicitly and clearly direct when screening takes place. It should not be left open to interpretation.
Controls for screening alerts and management approvals need to be consistently followed.
Ineffective screening for PEPs and associated procedures can result in regulatory failings.

Question 20

Q

The Designation and Responsibilities of a
Compliance Officer

Answer

A

the board of directors is responsible for appointing a qualified
individual as the organization’s AML/CFT compliance officer

responsible for managing all aspects of the AML/CFT compliance program.

This includes, but is not limited to, designing and implementing the program, making necessary changes and updates, disseminating information about the program’s successes and failures to key staff members, constructing AML/CFT-related content for staff training programs, and managing the organization’s adherence to applicable AML/CFT laws and regulations, including staying current on legal and regulatory developments in the field.

Question 21

Q

Compliance Officer-Communication

Answer

A

The ability of the compliance officer to communicate effectively, both in writing and verbally, is vital to the success of an organization’s AML/CFT program

critical for a compliance officer to be capable of articulating matters of importance to senior and executive management

A compliance officer must have the skills necessary to be able to analyze and interpret these ongoing changes, determine what effect they may have on the organization, and recommend an action plan, when appropriate

In many countries, the AML/CFT officer must also have a direct reporting line
to the board or equivalent body

Question 22

Q

Compliance Officer-Delegation of AML duties

Answer

A

Examples of AML/CFT subgroups include:
* Program Management
* Know Your Customer
* Sanctions Screening
* Transaction Monitoring
* Financial Investigations

CDD forms are often completed by account officers and other staff members when a new account is opened

branch personnel participate in periodic reviews of high-risk customers and might be required to provide additionalinformation or explanation to support investigations into potentially suspicious activity

The business and the compliance function might establish risk-based
quality assurance reviews and monitoring and testing activities to ensure the functions are being performed appropriately

Question 23

Q

Compliance officer accountability

Answer

A

responsible for executing the AML/CFT program

various regulators are seeking enforcement actions against not
only the organization, its executive management team, and board of directors for AML/CFT violations, but the compliance officer as well.

Question 24

Q

Compliance officer accountability (Case
example: US bank)

Answer

A

March 2020,Financial Crimes Enforcement Network (FinCEN),US$450,000 civil money penalty against Michael LaFontaine
chief operational risk officer (CRO) at US Bank National Association (US Bank)

held senior positions in US Bank’s AML department from 2005 to
2014

He failed to:
* Implement and maintain an adequate AML program
* Adequately staff the compliance program with sufficient resources to execute their regulatory expectations
* File suspicious activity reports (SARs) in a timely manner, including on transactions that potentially laundered the proceeds of crimes

LaFontaine knew US Bank’s inadequate policies, procedures, and controls would result in its failure to investigate and report
suspicious and potentially illegal activity

failed to exercise the responsibilities for monitoring and reporting suspicious activity by:
* Imposing upper limits on the number of alerts produced by the institution’s automated transaction monitoring system
* Failing to subject Western Union money transfers to the monitoring system
* Inadequately identifying and monitoring high-risk customers in compliance with the bank secrecy act

LaFontaine was advised of the staffing issues and alert
capping through internal memos,staff resources were
“stretched dangerously thin.”

Question 25

Q

Compliance officer accountability (Case
example: US bank)-Key takeaways

Answer

A

Compliance departments should be adequately staffed to meet regulatory requirements.
Compliance officers should escalate and act upon internal warnings and identified risks.
Compliance officers are increasingly held personally liable for wrongdoing and may be prosecuted
Compliance officers should always act with integrity and do what is in the best interest of the organization.
Compliance officers must understand their legal obligations and act in the spirit and letter of the law

Question 26

Q

Compliance officer accountability (Case
example: Personal liability)

Answer

A

October 2020,FinCEN) assessed a $60 million civil penalty against Ohio resident Larry Dean Harmon,founder and primary operator of the convertible virtual currency businesses Helix and Coin Ninja

failed to designate a compliance officer

2014 through 2017, Helix and Coin Ninja operated as unregistered money services businesses (MSBs),offering anonymous convertible currency exchange services for bitcoin holders

FinCEN determined that Harmon failed to register his businesses as MSBs, implement and maintain an effective AML program, and report suspicious activity

customers included narcotics traffickers, counterfeiters, fraudsters, and child exploitation websites

willfully violated Bank Secrecy Act (BSA)

Helix and Coin Ninja provided “mixers” or “tumblers,” allowing customers, for a fee, to send bitcoin to designated recipients in a manner that was designed to conceal the source or owner of the bitcoin

Harmon knowingly obscured the nature and identity of customer transactions by

Designing Helix to “break the blockchain” by taking bitcoin from the user’s wallet and giving the user new bitcoin from a different pool that could not be traced back to the user
Failing to collect and verify customers’ names, addresses, or identifiers on over 1.2 million transactions
Failing to collect CDD info for over US$311 million in transactions
Deleting customer information after seven days and allowing customers to manually delete their logs

2,400 instances in which Harmon failed to file a SAR on suspicious Helix transactions.

forfeiture of 4,400 bitcoin as part of plea

Question 27

Q

Compliance officer accountability (Case
example: Personal liability)-Key Takeaways

Answer

A

Providers of convertible virtual currency anonymizing services are
considered money transmitters under FinCEN regulations and must
register as MSBs
MSBs are required to develop, implement, and maintain an effective AML program
FinCEN can investigate and impose civil money penalties on current and former employees of MSBs that participate in willfully violating BSA regulations.
Individual compliance officers can be held criminally accountable for their actions

Question 28

Q

Components of an effective training program

Answer

A

An effective training program should not only explain the relevant AML/CFT laws and regulations, but also cover the organizations’ policies and procedures used to mitigate money laundering risks

ongoing awareness about AML/CFT requirements, such as emails, newsletters, periodic team meetings, intranet sites, and other means of sharing information

Question 29

Q

Who to train

Answer

A

In some countries, training programs must extend beyond full- or part-time employees to include contractors, consultants, students, apprentice placements, and secondees

Customer-facing staff: a general course will often be
sufficient to address the importance of AML and provide some basics, additional training on specific unit procedures related to the products and services carried out by the business line is often needed

Operations personnel:cash vault, wire transfer, trade finance, loan underwriters, loan collections, and treasury management personnel are often in positions to recognize illegal, fraudulent, and unusual account activity

AML/CFT compliance staff: more advanced
ongoing training to stay abreast of requirements and emerging trends is important. Often, this requires attending conferences or AML/CFT-specific presentations that are more robust in nature
Independent testing staff: employees should receive periodic training concerning regulatory requirements, changes in regulation, money laundering methods and enforcement, and their impact on the organization
Senior management and board of directors:address the importance of AML/CFT regulatory requirements, regulatory changes that impact the organization, penalties for noncompliance, personal liability, and the organization’s unique risks

Question 30

Q

Training topics

Answer

A

General background and history pertaining to money laundering controls
Legal framework on what AML/CFT laws apply to organizations and their employees
New and changing regulatory requirements that affect the organization
Penalties for AML/CFT violations,
Internal policies
Review of the internal AML/CFT and sanctions risk assessments
Legal recordkeeping requirements
Suspicious transaction monitoring and reporting requirements
Currency transaction reporting requirements
How to react when faced with a suspicious client or transaction
How to respond to customers who want to circumvent reporting
requirements
Duties and accountability of employees
How to maintain confidentiality with AML-related matters
AML trends and emerging issues related to criminal activity,TF
Real-life money laundering schemes

Question 31

Q

Training best practices

Answer

A

The FCA published guidance
* Appropriate training tailored to the individual’s specific roles. Roles lacking specific training included the following areas: offshore centers, mortgage lending, areas servicing PEPs and other high-risk clients, investment banks, and trade finance.
* Periodic refresher training—usually annually—is important for existing employees.
* Banks should assess whether third parties and employees working in outsourced functions need to attend specific AML training.

Question 32

Q

How to train

Answer

A

Identify the issues that must be communicated and decide how best to disseminate the message
Identify the audience by functional area and by level of
employee/management
Determine the needs that should be addressed
Determine who can best develop and present the training program
Determine if “Train the Trainer” sessions are necessary, when
decentralized training is involved
Create a course abstract or curriculum that addresses course goals,
objectives, and the desired results
To the extent possible, establish a training calendar
Consider whether to provide handouts
Tests should be considered as a way to evaluate how well the training is understood, with a mandatory passing score.
Focus on small, easy-to-digest, and easy-to-categorize issues
Track employee attendance

Question 33

Q

When to train

Answer

A

training should be ongoing and on a regular schedule

New employees should receive appropriate training within a reasonable period after joining the organization or
transferring to a new position

Situations may arise that demand an immediate session or enhanced training beyond the basic training program

Question 34

Q

Where to train

Answer

A

Some types of training are more effective when conducted in small groups

Role-playing exercises, which may be used to complement a prepared lecture or panel discussions, are also more effective in small groups

Large groups can be trained using computer-based training courses,which can be designed to automatically record attendance and test attendees,with a required minimum score.

Question 35

Q

AML/CFT training (Case example)

Answer

A

On February 25, 2016,FinCEN and the Office of the Comptroller of the
Currency (OCC),

actions against Gibraltar Private Bank & Trust Company in Coral Gables, Florida, for willful AML compliance violations

failure to properly train compliance staff, led to a US$2.5 million civil money penalty assessed by the OCC and a US$4 million civil money penalty assessed by FinCEN

From 2009 to 2014, the bank’s implementation of AML training was inadequate and not tailored to the needs of specific positions

In May 2013, a training assessment was undertaken by management that identified the need for significant training to adequately implement the bank’s AML program, over a year later still not done.

Question 36

Q

AML/CFT training (Case example) -Key Takeaways

Answer

A

It is critical that AML training be role-specific and focused on the duties and financial crime risk exposure of relevant staff.
Senior officials and board members do not need to be trained in carrying out business functions, but they do need to understand AML requirements, penalties for noncompliance, and how to interpret risk reporting.
Regulated firms can be heavily penalized for failing to implement adequate AML training, especially when known gaps are not addressed in a timely manner.

Question 37

Q

Evaluating an AML/CFT program-Part 1

Answer

A

The audit must be independent

should report directly to the board of directors or to a designated board committee composed primarily or completely of outside directors

The independent audit should do the following:
* Assess the overall integrity and effectiveness of the AML/CFT compliance program,including policies, procedures, and processes
* Assess the adequacy of the AML/CFT risk assessment.
* Examine the adequacy of CDD policies, procedures, and processes
* Determine personnel adherence to the organization’s AML/CFT policies,procedures, and processes
* Perform appropriate transaction testing,
* Assess training adequacy
* Assess compliance with applicable laws and regulations
* Examine the integrity and accuracy of management information systems used in the AML/CFT compliance program.
* Review all the aspects of any AML/CFT compliance functions that have been outsourced to third parties

Question 38

Q

Evaluating an AML/CFT program-Part 2

Answer

A

Evaluate the ability of transaction monitoring software application
o Reviewing policies, procedures, and processes for suspicious activity monitoring
o Reviewing the processes for ensuring the completeness, accuracy, and timeliness of the data supplied by the source transaction processing systems
o Evaluating the methodology for establishing and analyzing expected activity and filtering criteria
o Evaluating the appropriateness of the monitoring reports
o Comparing the transaction monitoring typologies with the AML/CFT risk assessment for reasonableness
Review case management and SAR systems
Assess the effectiveness of the organization’s policy for reviewing accounts that generate multiple SAR filings
Assess the adequacy of recordkeeping and record-retention processes
Track previously identified deficiencies
*overall audit coverage and frequency are appropriate to the risk profile of the organization
*board of directors was responsive to earlier audit findings.

Question 39

Q

Evaluating an AML/CFT program-Part 3

Answer

A

Determine the adequacy of the following, as they relate to the training program and materials:
o The importance the board and senior management place on ongoing education, training, and compliance
o Employee accountability for ensuring AML/CFT compliance
o Comprehensiveness of training
o Training of personnel from all applicable areas of the organization
o Frequency of training,
o Coverage of internal policies, procedures, processes, and new rules and regulations
o Coverage of different forms of money laundering and terrorist financing as they relate to identifying suspicious activity
o Disciplinary actions taken for noncompliance with internal policies and regulatory requirements

An effective internal audit department develops and maintains an audit risk assessment to determine audit priorities. It also develops and maintains detailed audit testing programs for every area

Question 40

Q

Independent audit (Case example: Apical
Asset Management Pte. Ltd.)

Answer

A

July 2020,Monetary Authority of Singapore (MAS),revoked the Capital
Markets Services (CMS) license of Apical Asset Management Pte. Ltd.
(AAMPL) for serious breaches of MAS’ AML/CFT requirements

2013 to 2018. Specifically, AAMPL:
* Failed to conduct an enterprise-wide AML/CTF risk assessment
* Failed to properly assess its customers for elevated financial crime risks
* Had deficient ongoing monitoring controls and procedures
* Failed to assess the effectiveness of its AML/CFT controls by conducting independent audits

MAS concluded that AAMPL did not have in place basic AML/CFT policies and procedures to manage their risks.

Question 41

Q

Independent audit (Case example: Apical
Asset Management Pte. Ltd.)-Key takeaways

Answer

A

A robust, holistic AML/CTF program includes independent oversight and review.
An enterprise-wide risk assessment is needed to identify vulnerabilities and allow organizations to develop effective controls.
Entities must assess their customers for elevated financial crime risks.
AML/CFT policies must be in place to manage risks.

Question 42

Q

Establishing a Culture of Compliance

Answer

A

the ultimate responsibility for the AML/CFT compliance program rests with the organization’s board of directors

Associates in all business units must clearly understand their
commitment to supporting the compliance program by following the rules

FinCEN’s advisory in August 2014 outlined six guidelines

Question 43

Q

FinCEN’s advisory in August 2014 outlined six guidelines

Answer

A

Leadership must actively support and understand compliance efforts. The board’s role in AML/CFT compliance consists of reviewing and approving the overall AML/CFT program and ensuring that there is ongoing oversight

Once an exam by a supervisor or auditor is conducted, it is the board’s duty to ensure that any necessary corrective
action is taken

Compliance staff should be empowered with sufficient authority to
implement an organization’s AML/CFT policies not compromised by business interests
Business units should not remain tethered within their own individual silos.

4.leadership should provide for technology resources and appropriate AML/CFT support staff based on its risk profile.

To be effective, an AML/CFT program must include an ongoing,
documented risk assessment and risk-based customer due diligence
Leadership and staff must understand the purpose of its AML/CFT efforts and how its SAR reporting is used

Question 44

Q

New York State Department of Financial Services (DFS) issued Final Rule Part 504

Answer

A

June 30, 2016

organizations to maintain transaction monitoring and filtering programs (TMPs) reasonably designed to:
* Monitor transactions after their execution for compliance with the BSA and AML laws and regulations, including suspicious activity reporting requirements
* Prevent unlawful transactions with targets of economic sanctions
administered by OFAC

The Final Rule, which went into effect on January 1, 2017, also requires boards of directors or senior officer(s) of regulated organizations to make annual certifications to the DFS,The law also applies to nonbank financial institutions with a Banking Law license

Question 45

Q

Transaction Monitoring and Filtering Programs

Answer

A

Identification of all data sources
Validation of the integrity, accuracy, and quality of data
Data extraction and loading processes to ensure a complete and
accurate transfer of data
Governance and management oversight
Vendor selection process when a third-party vendor is used
Funding to design, implement, and maintain a program
Qualified personnel or outside consultant
Periodic training

Question 46

Q

Culture of compliance (Case example: Poor management oversight)Culture of compliance (Case example: Poor
management oversight)

Answer

A

July 2020,Monetary Authority of Singapore (MAS)
Apical Asset Management (AAM)

Inadequate AML/CFT policies and procedures
deficient customer risk assessments, and severe deficiencies in the control framework.

The asset managers had also failed to undertake an enterprise-wide risk assessment (EWRA), despite an MAS requirement that the assessment be completed at least every two years

there was no independent audit of AAM’s controls to test their
effectiveness.

MAS identified several significant failings in AAM’s financial crime controls between 2013 and 2018. These deficiencies included the lack of basic AML/CFT controls, which put the organization at risk of receiving illicit funds

In one instance, a fund related to a PEP was not subject to enhanced monitoring over an extended period of time

Question 47

Q

Culture of compliance (Case example: Poor management oversight)Culture of compliance (Case example: Poor
management oversight)-Key takeaways

Answer

A

AAM had inadequate AML/CFT policies and procedures and client risk assessments.
There were severe deficiencies in the control framework and no
independent audit.
Accountability begins and ends with the senior management of an
organization.
Failures by senior management to discharge their duties can result in systemic failings across an organization.
Failure to meet regulatory requirements can result in the loss of a business license

Question 48

Q

Customer Due Diligence

Answer

A

The organization’s CDD program must have
a process in place to consider each level of due diligence that might be necessary, as well as who is responsible for collecting, verifying, and keeping the information updated and accurate.

CDD is Recommendation 10 in FATF’s updated Recommendations

undertake CDD measures when:
* Establishing business relationships
* Carrying out occasional transactions under certain circumstances
* There is a suspicion of money laundering or terrorist financing
* The financial organization has doubts about the veracity or adequacy of previously obtained customer identification data

Question 49

Q

Main Elements of a Customer Due Diligence
Program (Page 305)

Answer

A

Identify the customer and verify the customer’s identity using reliable, independent source documents, data, and information.
Identify the beneficial owner and take reasonable measures to verify the identity of the beneficial owner.
Understand and, as appropriate, obtain information on the purpose and intended nature of the business relationship.
Conduct ongoing due diligence on the business relationship and scrutinize transactions undertaken throughout the course of the relationship to ensure that the transactions being conducted are consistent with the organization’s knowledge of the customer, their business, risk profile, and, when necessary, the source of funds

Question 50

Q

Enhanced Due Diligence -Customer risk factors

Answer

A

Unusual circumstances regarding how the business relationship is
conducted, such as significant, unexplained geographic distance between the financial organization and the customer
Nonresident customers
Legal persons or arrangements that are personal asset-holding vehicles
Companies that have nominee shareholders or shares in bearer form
Cash-intensive businesses
Unusual or excessively complex appearance of the ownership structure of the company, given the nature of the company’s business

Question 51

Q

Enhanced Due Diligence -Country or geographic risk factors

Answer

A

Countries identified by credible sources, such as FATF’s mutual evaluations and detailed assessment reports, as not having adequate AML/CFT systems
Countries subject to sanctions, embargoes, and similar measures issued by, for example, the United Nations
Countries identified by credible sources as having significant levels of drug trafficking, corruption, financial crimes, or other criminal activity
Countries or geographic areas identified by credible sources as providing funding or support for terrorist activities, or that have designated terrorist organizations operating within them
Countries that share a common border and are known to have physical cross-border transactional activity
Geographic areas identified as having a higher risk of money laundering or financial crimes, such HIFCAs and HIDTAs in the United States

Question 52

Q

Enhanced Due Diligence –Product, service, transaction, and delivery channel risk factors

Answer

A

Private banking
Anonymous transactions (which might include cash)
Non-face-to-face business relationships and transactions
Payment received from unknown or unassociated third parties

Question 53

Q

Enhanced Due Diligence for High-Risk
Customers

Answer

A

A financial organization should consider obtaining additional information from
high-risk customers, such as:
* Source of funds and wealth
* Identifying information on individuals with control over the account, such as signatories and guarantors
* Occupation or type of business
* Financial statements
* Banking references
* Domicile
* Proximity of the customer’s residence, place of employment, and place of business to the bank
* Description of the customer’s primary trade area and whether
international transactions are expected to be routine
* Description of the business operations, the anticipated volume of currency and total sales, and a list of major customers and suppliers
* Explanations for changes in account activity

Wolfsberg’s Correspondent Banking Principles
and FATF recommend obtaining the approval of senior management to commence or continue the business relationship

first payment to be carried out through an account in the customer’s name with a bank subject to similar CDD standards

Question 54

Q

Account Opening, Customer Identification,
and Verification

Answer

A

The Basel Committee’s Sound Management of Risks Related to Money Laundering and Financing of Terrorism

bank should establish a systematic procedure for identifying and verifying its customers when applicable, any person acting on their behalf and any beneficial owners

should not establish a banking relationship or carry out any
transactions until the identity of the customer verified in accordance with FATF Recommendation 10

customers, beneficial owners, and persons acting on their behalf, verified using reliable, independent source documents, data, and
information

Question 55

Q

Account Opening-The Basel Committee provided guidelines for account opening and customer identification in Annex IV General Guide to Account Opening

Answer

A

focuses on some methods banks can use to develop effective customer identification and verification programs

natural people seeking to open an account and legal people and legal arrangements

natural person
* Legal name (first and last) and any other names used (e.g., maiden name, former legal name, or alias)
* Complete residential address and, on the basis of risk, also the business address or post office number
* Landline or mobile telephone numbers and email address
* Date and place of birth
* Gender
* Nationality and residency status
* Occupation, position held, and name of employer
* An official personal identification number or other unique identifier
* Type of account and nature of the banking relationship
* Signature

Question 56

Q

Account Opening-Customer Verification-Natural Persons

Answer

A

Documentary customer verification procedures include:
* Confirming the identity from an unexpired official document that bears a photograph of the customer
* Confirming the date and place of birth from an official document
* Confirming the validity of the official documentation through certification by an authorized person
* Confirming the residential address

Nondocumentary customer verification procedures include:

Contacting the customer by telephone or letter to confirm the information supplied after an account has been opened
Checking references provided by other financial organizations
Using an independent information verification process, such as by
accessing public registers, private databases, and other reliable
independent sources

Question 57

Q

Additional sources of information and enhanced verification procedures-Natural Persons

Answer

A

Confirming an individual’s residential address on the basis of official papers, a credit reference agency search, or through home visits
Checking prior bank reference (including banking group reference) and contacting the bank regarding the customer
Verifying income sources, funds, and wealth identified through appropriate measures
Verifying employment and public positions held
Obtaining a personal reference from an existing customer of the financial organization

Question 58

Q

legal people that are not natural people or legal arrangements, the
following information should be obtained

Answer

A

Name, legal form status, and proof of incorporation of the legal person
Permanent address of the principal place of the legal person’s activities
Mailing and registered address of legal person
Identity of natural people who are authorized to operate the account; in the absence of an authorized person, the identity of the relevant person
who is the senior managing official
Contact telephone numbers
Official identification number
Powers that regulate and bind the legal person
Identity of the beneficial owners
Nature and purpose of activities of the legal entity and its legitimacy
Financial situation of the entity
Expected use of the account—amount, number, type, purpose, and
frequency of the transactions expected—on the basis of risk; sources of funds paid into the account; and destination of funds passing through the account

Question 59

Q

Account Opening-Customer Verification-Natural Persons-legal people that are not natural people or legal arrangements

Answer

A

Documentary verification methods include:
* Obtaining a copy of the certificate of incorporation, memorandum and articles of association, partnership agreement, or any other document certifying the existence of the entity
* For established corporate entities, reviewing a copy of financial statements (audited, if available)

Nondocumentary verification methods include:
* Undertaking a company search and/or other commercial inquiries to ascertain that the legal person has not been, or is not in the process of being, dissolved or terminated
* Using an independent information verification process, such as by
accessing public corporate registers, private databases, or other reliable independent sources (e.g., lawyers and accountants)
* Validating the legal entity identifier and associated data in the public
access service
* Obtaining prior bank references
* Visiting the corporate entity, when practical
* Contacting the corporate entity by telephone, mail, or email

Question 60

Q

ID&V (Case example: Danske Bank)

Answer

A

In 2007, Danske Bank acquired Finnish Sampo Bank and its Estonian branch

Between 2007 and 2015, the Estonian branch expanded its nonresident portfolio. Nearly all of its customers were offshore and shell companies

The parent bank was unaware of the structure,there was no integrated client list

approximately US$200 billion in transactions were processed by the
Estonian branch,closed in 2019 by order of the Estonian Financial
Supervisory Authority (FSA)

Estonian branch was never integrated into the group’s IT compliance infrastructure,group-wide AML and KYC policies and procedures were not shared with the Estonian branch

Estonian branch employees’ understanding of money laundering risks was limited

Danske Bank,failed to apply EDD measures consistent with laws
and regulations and its group-wide requirements

Question 61

Q

ID&V (Case example: Danske Bank)-Key takeaways

Answer

A

Organizations must integrate the AML/CTF and KYC frameworks of new acquisitions immediately with a thorough risk assessment.
Organizations should apply AML/CTF and KYC policies and procedures organization-wide.
Organizations need to have a consistent customer risk-rating
methodology.
Organizations need to have robust and consistent KYC processes,
including EDD.
Dedicated AML teams should operate independent from the business.
A strong AML culture should be embedded across the organization with clear oversight and direction from senior management

Question 62

Q

Consolidated Customer Due Diligence

Answer

A

a strong CDD program is to consolidate and streamline account opening and ongoing monitoring processes across the organization, both domestically and globally

Basel Committee, a global risk-management program for CDD should incorporate consistent identification and monitoring of customer accounts globally across business lines and geographical locations, as well as oversight at the parent level,

When the minimum CDD standards of the home and host countries differ, offices in host jurisdictions should apply the higher standard of the two

Each office, branch, and subsidiary should be capable of complying with the minimum identification and accessibility standards applied by the parent

Question 63

Q

Monitoring and Screening-Economic Sanctions

Answer

A

Targeted sanctions: Aimed at specific, named individuals, such as key leaders in a country or territory
Sectoral sanctions: Aimed at key sectors of an economy to prohibit a very specific subset of financial dealings within those sectors
Comprehensive sanctions: Generally prohibit all direct and indirect
import/export, trade brokering, financing, and facilitating of most goods, technology, and services

Question 64

Q

United Nations

Answer

A

UN Security Council committees

Chapter VII of the United Nations Charter.

Article 41, encompass a broad range of enforcement options

measures range from comprehensive economic and trade sanctions to more targeted measures, such as arms embargoes, travel bans, and financial or commodity restrictions

Answer 65

A

Article 215 provides a legal basis for the interruption or reduction, in part or completely, of the EU’s economic and financial relations with one or more third countries

when such restrictive measures are necessary to achieve the objectives of the Common Foreign and Security Policy

The measures are preventive, nonpunitive instruments that
allow the EU to respond swiftly to political challenges and developments

In general terms, the EU imposes its restrictive measures to bring about a change in policy or activity by the target country

The EU wields measures in support of human rights and democracy objectives in the absence of a United Nations mandate and has supplemented UN sanctions

Answer 66

A

OFAC’s Specially Designated Nationals and Blocked Persons (SDN) list

applies sanctions to deter nonconstitutional changes, constrain and deter terrorism, and protect human rights

OFAC is not a supervisory agency, but it works closely with supervisory agencies at both the federal and state levels

supervisory examiners review OFAC compliance efforts,
including policies and procedures, training, testing, and tuning of screening systems, to determine a financial organization’s ability to effectively detect SDNs and entities that are sanctioned within all of OFAC’s programs

Answer 67

A

Most of the names of designated terrorists on the OFAC SDN list also include numerous “also known as” alternatives.

When Arabic names are written in another alphabet, the spelling might vary
Arabic names are typically long. A person’s second name is the father’s name. A “bin” or “ibn” preceding the name indicates “son of.”
There is widespread use of certain names
Many Arabic names begin with the word “Abu.,Only when Abu is a prefix of a surname should it be accepted as a given name

Answer 68

A

intergovernmental bodies, such as FATF in its 40 Recommendations,
explicitly reference PEPs, and government regulations, specifically the EU’s Fourth Directive, explicitly detail requirements related to PEPs

lack of available and useful information
become more creative in finding ways to avoid detection

Transparency International, a global, nongovernmental organization devoted to combating corruption, publishes the Corruption Perceptions Index

US Central Intelligence Agency, publish lists of heads of state and cabinet members of foreign governments

Accepting corruption proceeds from PEPs constitutes money laundering in the United States

have strong CDD and monitoring controls

Answer 69

A

A Know Your Employee (KYE) program ensures that an organization has the means to understand an employee’s background, conflicts of interest, and susceptibility to money laundering complicity

Additionally, codes of conduct and ethics should specify mandatory requirements to report suspicious activity to the MLRO and that failure to comply subjects an employee to disciplinary action and possible employment termination

Federal Deposit Insurance Corporation (FDIC) ‘Pre-Employment Background Screening: Guidance on Developing an Effective Pre-Employment Background Screening Process’

pre-employment background checks can reduce turnover
by verifying that the potential employee has the requisite skills, certification, license, or degree for the position

establish policies that address what to do when screening uncovers information contrary to what the applicant or employee provided.

UK, the Centre for the Protection of National Infrastructure (CPNI)
publishes informative guidelines regarding insider threat and risk
management

Answer 70

A

July 2019, it fined Citigroup Global Markets Inc. (CGMI) US$1.25 million

failed to conduct timely and adequate background checks on more than 10,000 employees and may not have fingerprinted all required employees over a seven-year period

previous criminal convictions

Key takeaways
* Know your regulatory requirements for KYE.
* Effective KYE require background checks and fingerprinting.
* Use a risk-based approach to the timing of background checks and other pre-employment requirements.
* KYE protects regulated companies, their customers and investors, and the financial system

Answer 71

A

systems for monitoring and reporting suspicious activity should be risk-based and determined by factors such as the organization’s size, the nature of its business, its location, the frequency and size of transactions, and the types and geographical locations of its customers

core operating system-generate specific internal
reports

Daily cash activity exceeding the country’s reporting threshold
Daily cash activity just below the country’s reporting threshold (to identify possible structuring)
Cash activity aggregated over a period of time (e.g., individual transactions over a certain amount or totaling more than a certain amount over a 30-day period, to identify possible structuring);
Wire transfer reports/logs with filters using amounts and geographical factors
Monetary instrument logs/reports
Check kiting/drawing on uncollected funds with significant debit/credit flows
Significant change reports
New account activity reports

Answer 72

A

Procedures to identify suspicious and unusual transactions and activity through various channels,
Formal evaluation of each instance and continuation of unusual
transactions and activity
Documentation of the SAR reporting decision (i.e., whether or not a report was filed with authorities)
Procedures to periodically notify senior management or the board of directors of SAR filings
Employee training on detecting suspicious transactions and activity

Most laws also grant immunity from civil liability (i.e., safe harbor) to the filing organization and its employees

The US has even made it illegal to reveal information that would lead to knowledge of the existence of a SAR

Strong recordkeeping procedures are key

FIUs in various countries often publish reports on how many SARs are filed ,which areas are filing the most , suspicious activity and typology trends and case studies

Answer 73

A

Automated customer verification: Using third-party databases to compare information provided by a customer with source data
Watch list filtering: Screening new accounts, existing customers,
beneficiaries, and transaction counterparties against terrorist, criminal, and other blocked-persons sanctions and/or watch lists
Transaction monitoring: Scanning and analyzing transactional data for potential money laundering activity
Automation of regulatory reporting: Filing SARs, CTRs, and other regulatory reports with the government
Case management: Providing a dashboard feature to view customer KYC, transaction history, investigations undertaken, and regulatory filings filed on a customer
Audit trail: Documenting steps taken to demonstrate compliance efforts to auditors and supervisory authorities

can reflect a company’s commitment to meet or exceed compliance
requirements

Answer 74

A

Request for Proposal (RFP) ,issue RFPs to software providers

Most organizations seek a partner with a longstanding commitment

Ideally, the system is flexible, fast, and efficient to deploy

allow the organization to navigate seamlessly client relationships,
accounts, and transactions across a variety of product lines and systems, including deposits, wires, transfers, loans, trust, brokerage, letters of credit

Answer 75

A

Ability to monitor transactions and identify anomalies that might indicate suspicious activity
Ability to gather CDD information for new and existing customers, score customer responses, and store CDD data for subsequent use
Ability to conduct advanced evaluation and analysis of suspicious and unusual transactions identified by the monitoring system in the context of each customer’s risk profile and that of his peer group
Ability to view individual alerts within the broader context
Workflow features,
Ability to use data from the organization’s core database
Ability to store and recall at least 12 months of data
Ability to manage the assignment of suspicious activity investigations
Automated preparation and filing of SARs to FIUs
Standard and ad-hoc reporting on the nature and volume of suspicious activity investigations and investigator productivity for management and other audiences
Enhanced ability to plan, assign, and monitor the caseload
Ability to provide comprehensive and accurate reporting of all aspects of AML compliance
User-friendly updating of risk-parameter settings
Tiered user-rights access

Answer 76

A

Ease of use of the application
Ease of data integration, system implementation, and configuration
Scalability of application
Extent to which the system can be supported with internal resources
User satisfaction with hardware and software support
Price, including initial cost and ongoing costs to sustain the system

One-stop access systems can provide images, standardization, and control for documents that must be accounted for and produced for compliance purposes.

Answer 77

A

Customer has an unusual or excessively nervous demeanor.
Customer discusses a financial organization’s recordkeeping or reporting requirements with the apparent intention of avoiding them.
Customer threatens an employee in an effort to discourage required recordkeeping or reporting.
Customer is reluctant to proceed with a transaction after being told it must be reported.
Customer suggests paying a gratuity to an employee.
Customer appears to have a hidden agenda or behaves abnormally, such as declining a higher interest rate on a large account balance.
Customer, who is a public official, opens an account in the name of a family member, who begins making large deposits that are not consistent with the known sources of legitimate family income.
Customer, who is a student, uncharacteristically transfers or exchanges large sums of money.
Account shows high velocity in the movement of funds, but it maintains low beginning and ending daily balances.
Transaction involves offshore organizations whose names resemble those of well-known legitimate financial organizations.
Transaction involves unfamiliar countries or islands that are difficult to locate on an atlas or map.
Agent, attorney, or financial advisor acts for another person without proper documentation, such as a power of attorney

Answer 78

A

Customer provides unusual or suspicious identification documents or declines to produce original documents for verification.
Customer is unwilling to provide personal background information when opening an account.
Customer tries to open an account without identification, references, or complete local address.
Customer’s permanent address is outside of the organization’s service area.
Customer’s home or business telephone is disconnected.
Customer does not want a statement of his account or any other mail to be sent to him.
Customer asks many questions about how the financial organization shares information about the identification of its customers.
A business customer is reluctant to provide complete information about the nature and purpose of its business, anticipated account activity, and other details about the business, or to provide financial statements or other documents about a related business entity.
Customer provides no record of past or present employment on a loan application.
Customer’s Internet Protocol (IP) address or online device tracing does not match the identifying information or government-issued identification provided during online registration.

Answer 79

A

Customer makes a large cash deposit without having counted the cash.
Customer frequently exchanges small bills for large bills.
Customer’s cash deposits often contain counterfeit bills or musty or
extremely dirty bills.
Customer enters the bank with another customer, and they go to different tellers to conduct currency transactions under the reporting threshold.
Customer makes a large cash deposit containing many high-denomination bills
*Customer opens several accounts in one or more names, and then makes several cash deposits under the reporting threshold.
Customer withdraws cash in amounts under the reporting threshold.
Customer withdraws cash from one of her accounts and deposits it into another account the customer owns.
Customer conducts unusual cash transactions through night deposit boxes, especially large sums that are not consistent with the customer’s business.
Customer makes frequent deposits or withdrawals of large amounts of currency for no apparent business reason or for a business that generally does not generate large amounts of cash.
Customer conducts large cash transactions at different branches on the same day or coordinates other individuals to do so on his behalf.

Answer 80

A

Customer deposits cash into several accounts in amounts below the reporting threshold, consolidates the funds into one account, and then wire transfers them abroad.
Customer attempts to take back a portion of a cash deposit that exceeds the reporting threshold after learning that a CTR will be filed.
Customer conducts several cash deposits below the reporting threshold at ATMs.
Corporate account has deposits or withdrawals primarily in cash, rather than checks.
Customer frequently deposits large sums of cash wrapped in currency straps.
Customer frequently purchases monetary instruments with cash in
amounts lower than the reporting threshold.
Customer conducts an unusual number of foreign currency exchange transactions.
Customer conducts foreign currency exchange transactions/currency swaps without seeming to care about the margins.
A noncustomer deposits cash into a customer account, which is
subsequently withdrawn at a different geographic location.

Answer 81

A

Customer deposits a large number of traveler’s checks, often in the same denominations and in sequence.
Customer deposits large numbers of consecutively numbered money orders.
Customer deposits checks and/or money orders that are not consistent with the stated purpose of the account or nature of business.
Customer deposits a large number of third-party checks.
Deposited funds are moved quickly out of the account via payment
methods inconsistent with the established purpose of the account.

Answer 82

A

Wire transfers are sent or received from the same person to or from different accounts.
Customer uses message type (MT) 202 for a covered payment in SWIFT messaging to obscure wire transfer information.
Nonaccount holder sends wire transfer with funds that include numerous monetary instruments, each in an amount under the reporting threshold.
An incoming wire transfer includes instructions to convert the funds to cashier’s checks and mail them to a nonaccount holder.
Wire transfer activity occurs to and from secrecy havens or high-risk
geographic locations without apparent business reason or inconsistent with a customer’s transaction history.
An incoming wire transfer is followed by the immediate purchase by the beneficiary of monetary instruments for payment to another party.

Answer 83

A

There is an increase in international wire transfer activity in an account with no history of such activity or when the stated business of the customer does not warrant it.
Customer frequently shifts purported international profits by wire transfer out of the country.
Customer receives many small incoming wire transfers and then orders a large outgoing wire transfer to another country.
Customer deposits bearer instruments followed by instructions to wire the funds to a third party.
An account in the name of a currency exchange house receives wire
transfers and/or cash deposits under the reporting threshold.

Answer 84

A

Customer spends an unusual amount of time in the safe deposit box area, possibly indicating the safekeeping of large amounts of cash.
Customer often visits the safe deposit box area immediately before
making cash deposits of sums under the reporting threshold.
Customer rents multiple safe deposit boxes

Answer 85

A

A customer’s financial statement makes representations that do not
conform to accounting principles.
A transaction is made to appear more complicated than necessary by the use of nonsensical technical terms, such as emission rate, prime bank notes, standby commitment, arbitrage, and hedge contracts.
Customer requests loans either made to offshore companies or secured by obligations of offshore banks.
Customer suddenly pays off a large problem loan with no plausible
explanation regarding the source of funds.
Customer purchases certificates of deposit and uses them as collateral for a loan.
Customer collateralizes a loan with cash deposits.
Customer uses cash collateral located offshore to obtain a loan.
Customer’s loan proceeds are unexpectedly transferred offshore

Answer 86

A

Business customer presents financial statements that are noticeably
different from those of similar businesses.
Large business presents financial statements that are not prepared by an accountant.
Retail business that provides check-cashing services does not make
withdrawals of cash against check deposits, possibly indicating that it has another source of cash.
Small business makes deposits that are inconsistent with its expected activity or receives funds from other unrelated businesses.
Customer maintains an inordinately large number of accounts for the type of business purportedly being conducted.
Corporate account shows little or no regular, periodic activity.
A transaction includes circumstances that would cause a banker to reject a loan application because of doubts about the collateral.
Multiple high-value payments or transfers occur between shell companies with no apparent legitimate business purpose.
Transacting businesses share the same address, provide only a registered agent’s address, or raise other address-related inconsistencies.

Answer 87

A

Customer seeks trade financing on the export or import of commodities with stated prices that are substantially higher or lower than those in a similar market situation or environment.
Customer requests payment of proceeds to an unrelated third party.
Customer presents significantly amended letters of credit without
reasonable justification or changes the location of payment or the
beneficiary just before payment is made.
Customer changes the place of payment in a letter of credit to an account in a country other than the beneficiary’s stated location
Customer’s standby letter of credit is used as a bid or performance bond without the typical reference to an underlying project or contract or designates unusual beneficiaries.
Letter of credit is inconsistent with customer’s business.
Letter of credit covers goods that are in little demand in importer’s
country.
Letter of credit covers goods that are rarely, if ever, produced in the
exporter’s country.
Documents arrive without title documents

Answer 88

A

Letter of credit is received from a country that is considered high risk for money laundering.
Obvious overpricing or underpricing of goods and services.
The structure of a transaction appears unnecessarily complex and
designed to obscure the true nature of the transaction.
Commodities are shipped through one or more jurisdictions for no
apparent economic or logistical reason.
Transaction involves the use of repeatedly amended or frequently
extended letters of credit.
Size of a shipment appears inconsistent with the regular volume of
business of the importer or exporter.

Answer 89

A

Customer uses an investment account as a pass-through vehicle to wire funds to offshore locations.
Investor seems disinterested in the typical decisions made about
investment accounts, such as risk, commissions, fees, and the suitability of the investment vehicles.
Customer wants to liquidate a large position through a series of small transactions.
Customer deposits cash, money orders, traveler’s checks, or cashier’s checks in amounts under the reporting threshold to fund an investment account.
Customer cashes out annuities during the free-look period or surrenders the annuities early.

Answer 90

A

Customer conducts an unusually high number of transactions over the internet or by telephone.
Customer purchases several open-end prepaid cards for large amounts, inconsistent with normal business activity.
Funds withdrawn from accounts are not consistent with the normal
business or personal activity of the account holder or include transfers to suspicious international jurisdictions.
Customer uses a personal account for business purposes.
Customer repeatedly uses bank or branch locations geographically distant from the customer’s home or office without sufficient business purpose

Answer 91

A

Employee exaggerates the credentials, background, financial ability, or resources of a customer in written reports the bank requires.
Employee is involved in an excessive number of unresolved exceptions.
Employee lives a lavish lifestyle that could not be supported by her salary.
Employee frequently overrides internal controls or established approval authority or circumvents policy (e.g., removes the name of a high-risk person from a wire, known as wire stripping).
Employee uses company resources to further private interests.
Employee facilitates transactions in which the identity of the ultimate beneficiary or counterparty is undisclosed.
Employee avoids taking periodic vacations.
Employee functions performed by vendors or contractors have unusual billing or payment terms

Answer 92

A

Customer uses money orders, traveler’s checks, or funds transfers in an unusual manner.
Two or more people work together in transactions.
Transaction is altered to avoid filing a CTR.
Customer comes into the bank frequently to purchase less than US$3,000 in instruments each time (or whatever the local recordkeeping threshold is).
Transaction is altered to avoid completing a record of funds transfer, money order, or traveler’s checks of US$3,000 or more (or whatever the local recordkeeping threshold is).
The same person uses multiple locations in a short time period.
Two or more people use the same identification.
One person uses multiple identification documents.

Answer 93

A

Repeated receipt of funds transfers from virtual currency exchanges is inconsistent with customer profile.
Multiple transfers are made to one common end user.
Transactions involving virtual currency exchanges are followed within a brief time by funds transfers to high-risk geographies or ATM withdrawals in high-risk geographies.
Purchase of virtual currency quickly follows the receipt of funds transfers from unconnected third parties.
Multiple accounts are used to collect and funnel funds to a small number of virtual currency accounts.
Multiple purchases of virtual currency are at or just below US$3,000, or the local recordkeeping requirement.
Key words entered into the transaction could relate to the sale of
suspicious products.

Answer 94

A

Cash payments are made on insurance policies.
Customer overfunds an insurance policy and then moves money out of it, despite early-withdrawal fees.
Customer uses multiple currency equivalents (e.g., cashier’s checks and money orders) from different sources to make insurance policy or annuity payments.
Customer purchases products that appear outside his normal range of financial wealth or estate planning needs.
Customer makes an early withdrawal of insurance bond, disregarding applicable fees
Customer requests refunds during a policy’s legal cancellation period or free-look period.
Policy premiums are paid from abroad or by a third party, especially from an offshore financial center.
A policy stipulates the periodic payment of premiums in large amounts.
Customer changes the named beneficiary of a policy to a person with no clear relationship to the policyholder.
There is a lack of concern for significant tax or other penalties assessed when cancelling a policy.
Insurance bonds that were originally subscribed to by an individual in one country are redeemed by a business entity in another country.

Answer 95

A

The customer appears to be acting as an agent for an undisclosed
principal, but declines or is reluctant to provide information, or is otherwise evasive
For no apparent reason, the customer has multiple accounts under a single name or multiple names, with a large number of inter-account or thirdparty transfers
The customer’s account has unexplained or sudden extensive wire activity
The customer makes a funds deposit for the purpose of purchasing a longterm investment that is followed shortly thereafter by a request to liquidate the position
The customer engages in excessive journal entries between unrelated accounts
The customer requests that a transaction be processed in a manner that avoids the organization’s typical documentation requirements
The customer, for no apparent reason engages in transactions involving certain types of securities
The customer’s account shows an unexplained high level of activity with very low levels of securities transactions

Answer 96

A

Borrower/buyer submits invalid documents in order to cancel mortgage obligations or pay off her loan balances(s).
The same notary public and/or other authorized representative works with and/or receives payments from an unusually high number of borrowers.
Certified checks, cashier’s checks, or noncash item checks are falsified and drawn against a borrower/buyer’s account, rather than from the account of a financial organization.
Borrower/buyer applies for a loan for a primary residence, he but does not reside in the new primary residence
Borrower/buyer requests refinancing for her primary residence, although public and personal documents indicate that she resides elsewhere

Answer 97

A

Low appraisal values, non-arms-length relationships between short-sale buyers and sellers, and previous fraudulent sale attempts in short-sale transactions
The agent unlicensed
Improper/incomplete file documentation,
The apparent resubmission of a rejected loan application with key
borrower/buyer details modified from the individual borrower to
company/corporation
*Borrower/buyer attempts to structure currency deposits and withdrawals, or otherwise hides or disguises the true value of assets
There is a request from third-party affiliates on behalf of distressed
homeowners to pay fees in advance of the homeowner receiving
mortgage counseling, foreclosure avoidance, loan modification, or other related service.
*A third party solicits distressed homeowners for purported mortgage counseling, foreclosure avoidance, loan modification, or other related services

Answer 98

A

Diamonds originate from a country where there is limited production or no diamond mines at all.
Trade is conducted in large volumes with countries that are not part of the diamond pipeline.
The volume of purchases and/or imports grossly exceeds the expected sales amount.
Gold bars, coins, and loose diamonds are sold from a jewelry store (i.e., retail).
There is an increase in the volume of activity in a diamond dealer’s account, despite a significant decrease in the industry-wide volume
An intermediary located abroad facilitates the selling and buying of
diamonds between two local companies
Payments related to the appearance of rare or unique diamonds are made in the international market outside of known trading procedures

Answer 99

A

A single bank account is used by multiple businesses.
A single bank account has multiple deposit handlers (retail and wholesale).
Third parties are used to deposit funds into a single dealer’s or multiple diamond dealers’ accounts
Financial activity is inconsistent with practices in the diamond trade.
Deposits or transfers to a diamond dealer’s account from foreign
companies are followed by the immediate transfer of similar amounts to another jurisdiction.
Open export is settled by offsetting to, and receiving payment from, a third party.
Funds are received/transferred for import/export, and the ordering
customer/beneficiary is an MSB.
The name of receiver in the payment from the diamond dealer is not the exporter/supplier

Answer 100

A

Payment is made by virtually any method (e.g., cash, wire, check, or bank drafts) by a third party with no connection to the underlying transaction.
Structured currency deposits are made to individual checking accounts with multiple daily deposits to multiple accounts at different branches of the same bank on the same day.
There are discrepancies between the description of goods or commodity in the invoice and the actual goods shipped.
Letters of credit are amended without justification.
There is no apparent business relationship between the parties and
transactions.
Frequent transactions are conducted in round or whole dollars.
Funds are transferred into an account and moved to a high-risk country in the same amount.
Companies operate in jurisdictions where their business purpose is not fully understood, and there are difficulties in determining ownership.
There is a lack of appropriate documentation to support transactions.
Negotiable instruments are used to fund transactions in sequential
numbers and/or have missing payee information.

Answer 101

A

Multiple wire transfers, generally kept below the US$3,000 reporting
threshold, are sent from various locations
Multiple wire transfers are conducted at different branches of a financial organization to or from US or Mexican cities
Money flows do not fit common remittance patterns
Unusual currency deposits into US financial organizations are followed by wire transfers to countries with high migrant populations
Multiple apparently unrelated customers send wire transfers to the same beneficiary, who might be located in a US or Mexican city along the southwest border
A customer’s account appears to function as a funnel account, whereby cash deposits (often kept below the US$10,000 reporting threshold) occur in cities/states where the customer does not reside or conduct business

Answer 102

A

A business customer does not exhibit normal payroll expenditures
Wages are substantially deducted
Payroll checks are cashed, but the majority of the funds are kept by the employer or deposited back into the employer’s account
Frequent outbound wire transfers, with no business or apparent lawful purpose, are directed to countries at high risk for human trafficking
A customer’s account appears to function as a funnel account, whereby cash deposits occur in cities/states where the customer does not reside or conduct business* Multiple apparently unrelated customers send wire transfers to the same
beneficiary
Transactions are conducted by individuals and escorted by a third party (e.g., under the pretext of requiring an interpreter) to transfer funds, which seem to be their salaries, to other countries

Answer 103

A

Frequent payments are made to online escort services for advertising, including small posting fees to companies of online classifieds and more costly, high-end advertising and website hosting companies
Frequent transactions, inconsistent with expected activity and/or line of business
Payments are made to employment or student recruitment agencies that are not licensed/registered
A customer establishes an account or visits a branch to conduct
transactions while escorted by a third party (e.g., under the pretext of
requiring an interpreter). The third party escorting the customer might have possession of the customer’s ID
A common signer/custodian is used in apparently unrelated business and/or personal accounts
An employer or employment agency serves as a custodian for the
accounts of foreign workers or students

Answer 104

A

Parties to the transaction (e.g., owner, beneficiary) from countries known to support terrorist activities and organizations
Use of false corporations, including shell companies
Inclusion of the individual on the United Nations 1267 Sanctions list
Media reports that the account holder is linked to a known terrorist
organization or engaged in terrorist activities
Beneficial owner of the account is not properly identified
Use of nominees, trusts, family member, or third-party accounts
Use of false identification
Abuse of nonprofit organizations

Answer 105

A

Use of funds by nonprofit organization inconsistent with the purpose for which it was established
Transaction not economically justified, considering the account holder’s business or profession
Series of complicated transfers of funds from one person to another as a means to hide their source and intended use
Transactions that are inconsistent with the account’s typical activity
Deposits structured below the reporting requirements to avoid detection
Multiple cash deposits and withdrawals with suspicious references
Frequent domestic and international ATM activity
No business rationale or economic justifications for the transactions
Unusual cash activity in foreign bank accounts
Multiple cash deposits in small amounts in an account, followed by a large wire transfer to another country
Use of multiple foreign bank accounts

Answer 106

A

Phishing Scams:
Spear Phishing: Similar to phishing, spear phishing messages appear to come from a trusted source that is familiar to the victim
Ransomware: This is an attack conducted by a hacker in which malicious software designed to block access to a computer system
Business Email Compromise (BEC): BEC is a scam in which an attacker obtains access to a business email account

Brainscape's Knowledge GenomeTM

Chapter 3 Anti-Money Laundering/Countering the Financing of Terrorism Compliance Programs Flashcards

Brainscape's Knowledge Genome^TM