Chapter 3 Anti-Money Laundering/Countering the Financing of Terrorism Compliance Programs Flashcards

1
Q

Assessing AML/CFT Risk

A

An AML/CFT program should be risk-based

risk-based approach is preferable to a more prescriptive approach in the area of AML/CFT because it is more

  • Flexible: Money laundering and terrorist financing risks vary over time and across jurisdictions, customers, products, and delivery channels.
  • Effective: Companies are better equipped than legislators to effectively assess and mitigate the specific money laundering and terrorist financing risks they face.
  • Proportionate: A risk-based approach promotes a more practical and intelligent approach to fighting money laundering and terrorist financing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

FATF Recommendations on Assessing Risk

A
  • Customer risk factors, such as nonresident customers, cash-intensive businesses, complex ownership structures, and companies with bearer shares
  • Country or geographic/jurisdictional risks, such as countries with
    inadequate AML/CFT systems, sanctioned countries , countries involved TF, and countries with significant levels of corruption
  • Product, service, transaction, and delivery channel risk factors, such as private banking, anonymous transactions, and payments received from unknown third parties

many organizations find it valuable to develop money
laundering/terrorist financing (ML/TF) risk models that assess risk at the enterprise level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Maintaining an AML/CFT Risk Model

A

A risk-based analysis should include appropriate inherent and residual risks at the country, sectoral, legal entity, and business relationship level, among others

Thorough understanding of the inherent risks in its customer base, products, delivery channels, services offered

This usually requires expert input from the business lines, risk
management, compliance, and legal units, together with advice from external experts, when necessary

guidance is regularly published by various bodies

ML/TF risk model is subject to regular review

In some countries, there is a legislative obligation for such reviews to
be undertaken on a regular basis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Understanding AML/CFT Risk

A
  • Prohibited: The organization will not tolerate any dealings of any kind
  • High risk: The risks are significant, but they are not necessarily prohibited,should apply more stringent controls,
  • Medium Risk: Medium risks merit additional scrutiny, but they do not rise to the level of high risk
  • Low Risk: This represents the baseline risk of money laundering. Typically, low risk indicates normal, expected activity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

AML/CFT Risk Scoring

A

A risk-scoring model uses numeric values to determine the category of risk,categories are then combined to give a composite score

The model can be made more complex by
weighting each of the factors differently, such as putting more emphasis on the type of customer, as opposed to the product or country

when the categories are combined, the customer’s risk profile becomes clearer

The next step is to determine what thresholds to establish for each risk category.

Although there is generally no requirement to
update a risk assessment on a continuous or specified periodic basis, risk assessments should be updated before the launch of a new product or other significant changes.

Periodically reassessing risk-rating criteria will reveal if the customers that are scored as higher risk are actually more likely to engage in potentially suspicious activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Assessing the Dynamic Risk of Customers

A

initial assessment of the inherent risk,important to consider how a customer’s relationship—and risk—with the
organization changes over time

Modify Risk Ratings based on:

  • Unusual activity, such as alerts, cases, and SAR filings
  • Receipt of law enforcement inquiries, such as subpoenas
  • Transactions that violate economic sanctions programs
  • Other considerations, such as significant volumes of activity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

AML/CFT Risk Identification-Customer type

A

Supervisory authorities in various countries have identified some types of customers are inherently high risk for money laundering, including

  • Banks,Casinos,Offshore corporations and banks located in tax/banking havens,Embassies,MSBs, including currency exchange houses, money remitters, and check cashers
  • Virtual currency exchanges
  • Car, boat, and airplane dealerships
  • Used car and truck dealers and machine parts manufacturers
  • Professional service providers (e.g., attorneys, accountants, investment brokers, and other third parties who act as financial liaisons for their clients)
  • Travel agencies
  • Broker-dealers in securities
  • Jewel, gem, and precious metals dealers
  • Import and export companies
  • Cash-intensive businesses (e.g., restaurants, retail stores, parking)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Geographic location/jurisdiction

A

Sanction lists by (FCA), OFAC, FinCEN, the EU, the
World Bank, the United Nations Security Council, and each local jurisdictions’ regulatory and law enforcement agencies

A risk management model should also take into
account whether a country is a member of FATF or an FSRB and has AML/CFT requirements equivalent to international best practices

How Cash intensive is the country

How to identify High risk countries:

  • The US Department of State issues an annual International Narcotics Control Strategy Report, which rates more than 100 countries on their money laundering controls.
  • Transparency International publishes a yearly Corruption Perceptions Index, which rates more than 100 countries on perceived corruption.
  • FATF identifies jurisdictions with weak AML/CFT regimes and issues
    country-specific mutual evaluation reports.
  • In the US, certain domestic jurisdictions are evaluated based on whether they fall within government-identified higher risk geographic locations, such as high-intensity drug trafficking areas (HIDTAs) and high-intensity financial crime areas (HIFCAs)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Products and services

A

The compliance officer should be an active participant in project teams that identify appropriate control frameworks for new products and systems.

This risk rating calculated using several product-related factors

likelihood that the product requested might be used for money laundering or terrorist financing.

When assessing the AML/CFT risks of products and services, consider
whether they:
* Enable significant volumes of transactions to occur rapidly
* Allow the customer to engage in transactions with minimal oversight by
the organization
* Afford significant levels of anonymity to the users
* Have an especially high transaction or investment value
* Allow payments to third parties
* Have unusual complexity
* Require government verification of customer eligibility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Products and services-certain banking functions and products

A
  • Private banking
  • Offshore international activity
  • Deposit-taking facilities
  • Wire transfer and cash-management functions
  • Transactions in which the primary beneficiary is undisclosed
  • Loan guarantee schemes
  • Travelers checks
  • Official bank checks
  • Money orders
  • Foreign exchange transactions
  • International remittances
  • Payment services such as payment processors, prepaid products,
    automatic clearing house
  • Remote deposit capture
  • Trade-financing transactions with unusual pricing features
  • Payable through accounts
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

AML/CFT risk identification (Case example: Failure to identify high-risk activity)

A

September 2020, Westpac Banking Corporation,AUD$1.3 billion for over 23 million breaches of Australia’s (AML/CTF) Act

(AUSTRAC) aunched legal action against Westpac in November 2019, for failing to detect and report nearly 3,000 transactions related to child trafficking

In 2016, senior managers were alerted to the risk of suspicious payments using its low-value payment service, LitePay. Westpac did not implement controls to detect illicit activity using LitePay for two years

May 2016 Westpac had determined that the child exploitation risks,ow-value payments to the Philippines,ntroduced a detection scenario to one of its payment channels that failed to
detect any issues,detection test was replaced by another in June 2018,applied to only one payment channel, LitePay.

Twelve customers were identified Eleven of them had activity patterns of frequent, lowvalue transactions that were consistent with child exploitation.

customer had a prior conviction for child sexual exploitation, which should have triggered EDD by the bank

Westpac had also failed to adequately assess high-risk
correspondent banking risks, other banks
that held nested relationships with respondents,DRC, Iraq, Libya, and Zimbabwe.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

AML/CFT risk identification (Case example: Failure to identify high-risk activity)-Key Takeaways

A
  • Westpac did not apply the correct typologies or monitoring tools to detect payments linked to child exploitation, even when the risks had been identified.
  • Westpac did not have a consistent and clear understanding of its AML/CFT risk and how it should be managed and mitigated.
  • Westpac’s control failures extended to other high-risk areas such as
    correspondent banking.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The Elements of an AML/CFT Program

A

Four Pillars:

*A system of internal policies, procedures, and controls (first line of
defense)
* A designated compliance function with a compliance officer (second line
of defense)
* An ongoing employee training program
* An independent audit function to test the overall effectiveness of the AML program (third line of defense)

FinCEN established a fifth pillar that requires appropriate, risk-based procedures for CDD

These procedures include:
* Understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile
* Conducting ongoing monitoring to identify and report suspicious
transactions
* Maintaining and updating customer information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A System of Internal Policies, Procedures,
and Controls

A

every employee throughout a financial organization, at all levels of the organization, must contribute to the creation, maintenance, and overall success of the AML/CFT program

large financial organizations, there is a critical need to adopt an enterprisewide approach

there is also a need to accommodate regional and/or business line-specific requirements

achieved by having a different version of the AML/CFT program or by having country-specific addenda to the global AML/CFT program

Internal AML/CFT policies should be established and approved by executive management and the board of directors

The standard AML/CFT operating procedures should be drafted at the operational level in the financial organization,procedures must be
modified and updated, as needed.

Procedures more detailed than policies as they focus on how to achieve the policy goals. Procedures also form a base for Training and Compliance Monitoring Program.

Internal controls, including management reports and other built-in safeguards, four eyed principle, technology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

AML policies, procedures, and controls

A

An AML/CFT compliance program should be in writing and include policies, procedures, and controls that are designed to prevent, detect, and deter money laundering and terrorist financing, including how the organization will:

  • Identify high-risk operations
  • Periodically update its risk profile and provide for an AML/CFT compliance program tailored to manage risks
  • Inform the board of directors of compliance related actions
  • Assign clear accountability to people for performance of duties
  • Provide for program continuity, despite org changes
  • Meet all regulatory requirements and recommendations
  • Provide for periodic review and timely updates
  • Implement risk-based CDD policies, procedures, and processes
  • Provide for dual controls and segregation of duties.
  • Comply with all recordkeeping requirements
  • Provide sufficient controls and monitoring systems for detection and reporting of SARs and large transaction reporting
  • Establish clear accountability lines and responsibilities
  • Establish training requirements and standards
  • Clearly explain the importance of reporting suspicious activity
  • Incorporate into all job descriptions and performance review processes the requirement to comply at all times with AML policies and procedures
  • Develop and implement screening programs during hiring
  • Develop and implement quality assurance testing programs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A system of internal policies, procedures,
and controls (Case example: Lack of overall
policy control and oversight)

A

In October 2016,Monetary Authority of Singapore (MAS)revoked the license of the Singapore branch of Falcon Bank Limited

Individual linked to the 1Malaysia Development Berhad (1MDB) scandal and was facilitated by the actions of a former member of senior management

fine of SGD 4.3 million,14 breaches of AML/CTF regulations, branch manager28 weeks in jail and personally fined SGD 128,000

first identified AML/CFT failings in 2013,follow-up inspection in 2015, the situation had deteriorated

2012 and mid-2015 approved US$3.8 billion of asset transfers linked to the 1MDB fund Despite red flags in these payments processed via urging of senior management

branch manager ,failing to take action on more than SGD 1.3 billion or US$1 billion in payments linked to 1MDB, accused of lying about his links to the alleged mastermind of the 1MDB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A system of internal policies, procedures,
and controls (Case example: Lack of overall
policy control and oversight)-Key takeaways

A
  • Falcon Bank failed to remedy its AML/CTF control deficiencies, and
    regulators found the situation got progressively worse.
  • Senior management exerted influence to facilitate transactions that were flagged as suspicious and unusually large.
  • The sentencing of the Singapore branch manager was intended to be a deterrent to other bankers.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A system of internal policies, procedures,
and controls (Case example: PEP risks)

A

April 2017,Hong Kong Monetary Authority (HKMA),Hong Kong
branch of Coutts & Co AG HKD 7 million.

failed to identify PEPs due to a lack of effective policies and procedures,

only partial screening of customers, lack of action on screening alerts, delays in obtaining senior management approvals for customer relationships with PEPs, and undisclosed customer due diligence (CDD) failures

between 2012 and 2015, Coutts failed to establish effective procedures for identifying PEPs

Coutts had subscribed to a commercially available PEP database that generated alerts during screening, but they were not promptly addressed

HKMA found four instances of PEPs who were not identified or
classified as high-risk customers, despite publicly available information

failed to establish effective procedures for PEP alerts,did not establish a management information system to oversee
the approval process,s limited PEP screening to new customers,identified nine PEPs without management approvals, of which five had generated alerts that were not promptly addressed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A system of internal policies, procedures,
and controls (Case example: PEP risks)-Key takeaways

A
  • Effective policies and procedures for PEPs require an effective control framework based on local regulations.
  • PEP screening should be conducted throughout the customer relationship. PEP policies and procedures need to explicitly and clearly direct when screening takes place. It should not be left open to interpretation.
  • Controls for screening alerts and management approvals need to be consistently followed.
  • Ineffective screening for PEPs and associated procedures can result in regulatory failings.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

The Designation and Responsibilities of a
Compliance Officer

A

the board of directors is responsible for appointing a qualified
individual as the organization’s AML/CFT compliance officer

responsible for managing all aspects of the AML/CFT compliance program.

This includes, but is not limited to, designing and implementing the program, making necessary changes and updates, disseminating information about the program’s successes and failures to key staff members, constructing AML/CFT-related content for staff training programs, and managing the organization’s adherence to applicable AML/CFT laws and regulations, including staying current on legal and regulatory developments in the field.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Compliance Officer-Communication

A

The ability of the compliance officer to communicate effectively, both in writing and verbally, is vital to the success of an organization’s AML/CFT program

critical for a compliance officer to be capable of articulating matters of importance to senior and executive management

A compliance officer must have the skills necessary to be able to analyze and interpret these ongoing changes, determine what effect they may have on the organization, and recommend an action plan, when appropriate

In many countries, the AML/CFT officer must also have a direct reporting line
to the board or equivalent body

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Compliance Officer-Delegation of AML duties

A

Examples of AML/CFT subgroups include:
* Program Management
* Know Your Customer
* Sanctions Screening
* Transaction Monitoring
* Financial Investigations

CDD forms are often completed by account officers and other staff members when a new account is opened

branch personnel participate in periodic reviews of high-risk customers and might be required to provide additionalinformation or explanation to support investigations into potentially suspicious activity

The business and the compliance function might establish risk-based
quality assurance reviews and monitoring and testing activities to ensure the functions are being performed appropriately

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Compliance officer accountability

A

responsible for executing the AML/CFT program

various regulators are seeking enforcement actions against not
only the organization, its executive management team, and board of directors for AML/CFT violations, but the compliance officer as well.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Compliance officer accountability (Case
example: US bank)

A

March 2020,Financial Crimes Enforcement Network (FinCEN),US$450,000 civil money penalty against Michael LaFontaine
chief operational risk officer (CRO) at US Bank National Association (US Bank)

held senior positions in US Bank’s AML department from 2005 to
2014

He failed to:
* Implement and maintain an adequate AML program
* Adequately staff the compliance program with sufficient resources to execute their regulatory expectations
* File suspicious activity reports (SARs) in a timely manner, including on transactions that potentially laundered the proceeds of crimes

LaFontaine knew US Bank’s inadequate policies, procedures, and controls would result in its failure to investigate and report
suspicious and potentially illegal activity

failed to exercise the responsibilities for monitoring and reporting suspicious activity by:
* Imposing upper limits on the number of alerts produced by the institution’s automated transaction monitoring system
* Failing to subject Western Union money transfers to the monitoring system
* Inadequately identifying and monitoring high-risk customers in compliance with the bank secrecy act

LaFontaine was advised of the staffing issues and alert
capping through internal memos,staff resources were
“stretched dangerously thin.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Compliance officer accountability (Case
example: US bank)-Key takeaways

A
  • Compliance departments should be adequately staffed to meet regulatory requirements.
  • Compliance officers should escalate and act upon internal warnings and identified risks.
  • Compliance officers are increasingly held personally liable for wrongdoing and may be prosecuted
  • Compliance officers should always act with integrity and do what is in the best interest of the organization.
  • Compliance officers must understand their legal obligations and act in the spirit and letter of the law
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Compliance officer accountability (Case
example: Personal liability)

A

October 2020,FinCEN) assessed a $60 million civil penalty against Ohio resident Larry Dean Harmon,founder and primary operator of the convertible virtual currency businesses Helix and Coin Ninja

failed to designate a compliance officer

2014 through 2017, Helix and Coin Ninja operated as unregistered money services businesses (MSBs),offering anonymous convertible currency exchange services for bitcoin holders

FinCEN determined that Harmon failed to register his businesses as MSBs, implement and maintain an effective AML program, and report suspicious activity

customers included narcotics traffickers, counterfeiters, fraudsters, and child exploitation websites

willfully violated Bank Secrecy Act (BSA)

Helix and Coin Ninja provided “mixers” or “tumblers,” allowing customers, for a fee, to send bitcoin to designated recipients in a manner that was designed to conceal the source or owner of the bitcoin

Harmon knowingly obscured the nature and identity of customer transactions by

  • Designing Helix to “break the blockchain” by taking bitcoin from the user’s wallet and giving the user new bitcoin from a different pool that could not be traced back to the user
  • Failing to collect and verify customers’ names, addresses, or identifiers on over 1.2 million transactions
  • Failing to collect CDD info for over US$311 million in transactions
  • Deleting customer information after seven days and allowing customers to manually delete their logs

2,400 instances in which Harmon failed to file a SAR on suspicious Helix transactions.

forfeiture of 4,400 bitcoin as part of plea

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Compliance officer accountability (Case
example: Personal liability)-Key Takeaways

A
  • Providers of convertible virtual currency anonymizing services are
    considered money transmitters under FinCEN regulations and must
    register as MSBs
  • MSBs are required to develop, implement, and maintain an effective AML program
  • FinCEN can investigate and impose civil money penalties on current and former employees of MSBs that participate in willfully violating BSA regulations.
  • Individual compliance officers can be held criminally accountable for their actions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Components of an effective training program

A

An effective training program should not only explain the relevant AML/CFT laws and regulations, but also cover the organizations’ policies and procedures used to mitigate money laundering risks

ongoing awareness about AML/CFT requirements, such as emails, newsletters, periodic team meetings, intranet sites, and other means of sharing information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Who to train

A

In some countries, training programs must extend beyond full- or part-time employees to include contractors, consultants, students, apprentice placements, and secondees

  • Customer-facing staff: a general course will often be
    sufficient to address the importance of AML and provide some basics, additional training on specific unit procedures related to the products and services carried out by the business line is often needed

Operations personnel:cash vault, wire transfer, trade finance, loan underwriters, loan collections, and treasury management personnel are often in positions to recognize illegal, fraudulent, and unusual account activity

  • AML/CFT compliance staff: more advanced
    ongoing training to stay abreast of requirements and emerging trends is important. Often, this requires attending conferences or AML/CFT-specific presentations that are more robust in nature
  • Independent testing staff: employees should receive periodic training concerning regulatory requirements, changes in regulation, money laundering methods and enforcement, and their impact on the organization
  • Senior management and board of directors:address the importance of AML/CFT regulatory requirements, regulatory changes that impact the organization, penalties for noncompliance, personal liability, and the organization’s unique risks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Training topics

A
  • General background and history pertaining to money laundering controls
  • Legal framework on what AML/CFT laws apply to organizations and their employees
  • New and changing regulatory requirements that affect the organization
  • Penalties for AML/CFT violations,
  • Internal policies
  • Review of the internal AML/CFT and sanctions risk assessments
  • Legal recordkeeping requirements
  • Suspicious transaction monitoring and reporting requirements
  • Currency transaction reporting requirements
  • How to react when faced with a suspicious client or transaction
  • How to respond to customers who want to circumvent reporting
    requirements
  • Duties and accountability of employees
  • How to maintain confidentiality with AML-related matters
  • AML trends and emerging issues related to criminal activity,TF
  • Real-life money laundering schemes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Training best practices

A

The FCA published guidance
* Appropriate training tailored to the individual’s specific roles. Roles lacking specific training included the following areas: offshore centers, mortgage lending, areas servicing PEPs and other high-risk clients, investment banks, and trade finance.
* Periodic refresher training—usually annually—is important for existing employees.
* Banks should assess whether third parties and employees working in outsourced functions need to attend specific AML training.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

How to train

A
  • Identify the issues that must be communicated and decide how best to disseminate the message
  • Identify the audience by functional area and by level of
    employee/management
  • Determine the needs that should be addressed
  • Determine who can best develop and present the training program
  • Determine if “Train the Trainer” sessions are necessary, when
    decentralized training is involved
  • Create a course abstract or curriculum that addresses course goals,
    objectives, and the desired results
  • To the extent possible, establish a training calendar
  • Consider whether to provide handouts
  • Tests should be considered as a way to evaluate how well the training is understood, with a mandatory passing score.
  • Focus on small, easy-to-digest, and easy-to-categorize issues
  • Track employee attendance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

When to train

A

training should be ongoing and on a regular schedule

New employees should receive appropriate training within a reasonable period after joining the organization or
transferring to a new position

Situations may arise that demand an immediate session or enhanced training beyond the basic training program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Where to train

A

Some types of training are more effective when conducted in small groups

Role-playing exercises, which may be used to complement a prepared lecture or panel discussions, are also more effective in small groups

Large groups can be trained using computer-based training courses,which can be designed to automatically record attendance and test attendees,with a required minimum score.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

AML/CFT training (Case example)

A

On February 25, 2016,FinCEN and the Office of the Comptroller of the
Currency (OCC),

actions against Gibraltar Private Bank & Trust Company in Coral Gables, Florida, for willful AML compliance violations

failure to properly train compliance staff, led to a US$2.5 million civil money penalty assessed by the OCC and a US$4 million civil money penalty assessed by FinCEN

From 2009 to 2014, the bank’s implementation of AML training was inadequate and not tailored to the needs of specific positions

In May 2013, a training assessment was undertaken by management that identified the need for significant training to adequately implement the bank’s AML program, over a year later still not done.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

AML/CFT training (Case example) -Key Takeaways

A
  • It is critical that AML training be role-specific and focused on the duties and financial crime risk exposure of relevant staff.
  • Senior officials and board members do not need to be trained in carrying out business functions, but they do need to understand AML requirements, penalties for noncompliance, and how to interpret risk reporting.
  • Regulated firms can be heavily penalized for failing to implement adequate AML training, especially when known gaps are not addressed in a timely manner.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Evaluating an AML/CFT program-Part 1

A

The audit must be independent

should report directly to the board of directors or to a designated board committee composed primarily or completely of outside directors

The independent audit should do the following:
* Assess the overall integrity and effectiveness of the AML/CFT compliance program,including policies, procedures, and processes
* Assess the adequacy of the AML/CFT risk assessment.
* Examine the adequacy of CDD policies, procedures, and processes
* Determine personnel adherence to the organization’s AML/CFT policies,procedures, and processes
* Perform appropriate transaction testing,
* Assess training adequacy
* Assess compliance with applicable laws and regulations
* Examine the integrity and accuracy of management information systems used in the AML/CFT compliance program.
* Review all the aspects of any AML/CFT compliance functions that have been outsourced to third parties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Evaluating an AML/CFT program-Part 2

A
  • Evaluate the ability of transaction monitoring software application
    o Reviewing policies, procedures, and processes for suspicious activity monitoring
    o Reviewing the processes for ensuring the completeness, accuracy, and timeliness of the data supplied by the source transaction processing systems
    o Evaluating the methodology for establishing and analyzing expected activity and filtering criteria
    o Evaluating the appropriateness of the monitoring reports
    o Comparing the transaction monitoring typologies with the AML/CFT risk assessment for reasonableness
  • Review case management and SAR systems
  • Assess the effectiveness of the organization’s policy for reviewing accounts that generate multiple SAR filings
  • Assess the adequacy of recordkeeping and record-retention processes
  • Track previously identified deficiencies
    *overall audit coverage and frequency are appropriate to the risk profile of the organization
    *board of directors was responsive to earlier audit findings.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Evaluating an AML/CFT program-Part 3

A
  • Determine the adequacy of the following, as they relate to the training program and materials:
    o The importance the board and senior management place on ongoing education, training, and compliance
    o Employee accountability for ensuring AML/CFT compliance
    o Comprehensiveness of training
    o Training of personnel from all applicable areas of the organization
    o Frequency of training,
    o Coverage of internal policies, procedures, processes, and new rules and regulations
    o Coverage of different forms of money laundering and terrorist financing as they relate to identifying suspicious activity
    o Disciplinary actions taken for noncompliance with internal policies and regulatory requirements

An effective internal audit department develops and maintains an audit risk assessment to determine audit priorities. It also develops and maintains detailed audit testing programs for every area

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Independent audit (Case example: Apical
Asset Management Pte. Ltd.)

A

July 2020,Monetary Authority of Singapore (MAS),revoked the Capital
Markets Services (CMS) license of Apical Asset Management Pte. Ltd.
(AAMPL) for serious breaches of MAS’ AML/CFT requirements

2013 to 2018. Specifically, AAMPL:
* Failed to conduct an enterprise-wide AML/CTF risk assessment
* Failed to properly assess its customers for elevated financial crime risks
* Had deficient ongoing monitoring controls and procedures
* Failed to assess the effectiveness of its AML/CFT controls by conducting independent audits

MAS concluded that AAMPL did not have in place basic AML/CFT policies and procedures to manage their risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Independent audit (Case example: Apical
Asset Management Pte. Ltd.)-Key takeaways

A
  • A robust, holistic AML/CTF program includes independent oversight and review.
  • An enterprise-wide risk assessment is needed to identify vulnerabilities and allow organizations to develop effective controls.
  • Entities must assess their customers for elevated financial crime risks.
  • AML/CFT policies must be in place to manage risks.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Establishing a Culture of Compliance

A

the ultimate responsibility for the AML/CFT compliance program rests with the organization’s board of directors

Associates in all business units must clearly understand their
commitment to supporting the compliance program by following the rules

FinCEN’s advisory in August 2014 outlined six guidelines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

FinCEN’s advisory in August 2014 outlined six guidelines

A
  1. Leadership must actively support and understand compliance efforts. The board’s role in AML/CFT compliance consists of reviewing and approving the overall AML/CFT program and ensuring that there is ongoing oversight

Once an exam by a supervisor or auditor is conducted, it is the board’s duty to ensure that any necessary corrective
action is taken

  1. Compliance staff should be empowered with sufficient authority to
    implement an organization’s AML/CFT policies not compromised by business interests
  2. Business units should not remain tethered within their own individual silos.

4.leadership should provide for technology resources and appropriate AML/CFT support staff based on its risk profile.

  1. To be effective, an AML/CFT program must include an ongoing,
    documented risk assessment and risk-based customer due diligence
  2. Leadership and staff must understand the purpose of its AML/CFT efforts and how its SAR reporting is used
42
Q

New York State Department of Financial Services (DFS) issued Final Rule Part 504

A

June 30, 2016

organizations to maintain transaction monitoring and filtering programs (TMPs) reasonably designed to:
* Monitor transactions after their execution for compliance with the BSA and AML laws and regulations, including suspicious activity reporting requirements
* Prevent unlawful transactions with targets of economic sanctions
administered by OFAC

The Final Rule, which went into effect on January 1, 2017, also requires boards of directors or senior officer(s) of regulated organizations to make annual certifications to the DFS,The law also applies to nonbank financial institutions with a Banking Law license

43
Q

Transaction Monitoring and Filtering Programs

A
  1. Identification of all data sources
  2. Validation of the integrity, accuracy, and quality of data
  3. Data extraction and loading processes to ensure a complete and
    accurate transfer of data
  4. Governance and management oversight
  5. Vendor selection process when a third-party vendor is used
  6. Funding to design, implement, and maintain a program
  7. Qualified personnel or outside consultant
  8. Periodic training
44
Q

Culture of compliance (Case example: Poor management oversight)Culture of compliance (Case example: Poor
management oversight)

A

July 2020,Monetary Authority of Singapore (MAS)
Apical Asset Management (AAM)

Inadequate AML/CFT policies and procedures
deficient customer risk assessments, and severe deficiencies in the control framework.

The asset managers had also failed to undertake an enterprise-wide risk assessment (EWRA), despite an MAS requirement that the assessment be completed at least every two years

there was no independent audit of AAM’s controls to test their
effectiveness.

MAS identified several significant failings in AAM’s financial crime controls between 2013 and 2018. These deficiencies included the lack of basic AML/CFT controls, which put the organization at risk of receiving illicit funds

In one instance, a fund related to a PEP was not subject to enhanced monitoring over an extended period of time

45
Q

Culture of compliance (Case example: Poor management oversight)Culture of compliance (Case example: Poor
management oversight)-Key takeaways

A
  • AAM had inadequate AML/CFT policies and procedures and client risk assessments.
  • There were severe deficiencies in the control framework and no
    independent audit.
  • Accountability begins and ends with the senior management of an
    organization.
  • Failures by senior management to discharge their duties can result in systemic failings across an organization.
  • Failure to meet regulatory requirements can result in the loss of a business license
46
Q

Customer Due Diligence

A

The organization’s CDD program must have
a process in place to consider each level of due diligence that might be necessary, as well as who is responsible for collecting, verifying, and keeping the information updated and accurate.

CDD is Recommendation 10 in FATF’s updated Recommendations

undertake CDD measures when:
* Establishing business relationships
* Carrying out occasional transactions under certain circumstances
* There is a suspicion of money laundering or terrorist financing
* The financial organization has doubts about the veracity or adequacy of previously obtained customer identification data

47
Q

Main Elements of a Customer Due Diligence
Program (Page 305)

A
  1. Identify the customer and verify the customer’s identity using reliable, independent source documents, data, and information.
  2. Identify the beneficial owner and take reasonable measures to verify the identity of the beneficial owner.
  3. Understand and, as appropriate, obtain information on the purpose and intended nature of the business relationship.
  4. Conduct ongoing due diligence on the business relationship and scrutinize transactions undertaken throughout the course of the relationship to ensure that the transactions being conducted are consistent with the organization’s knowledge of the customer, their business, risk profile, and, when necessary, the source of funds
48
Q

Enhanced Due Diligence -Customer risk factors

A
  • Unusual circumstances regarding how the business relationship is
    conducted, such as significant, unexplained geographic distance between the financial organization and the customer
  • Nonresident customers
  • Legal persons or arrangements that are personal asset-holding vehicles
  • Companies that have nominee shareholders or shares in bearer form
  • Cash-intensive businesses
  • Unusual or excessively complex appearance of the ownership structure of the company, given the nature of the company’s business
49
Q

Enhanced Due Diligence -Country or geographic risk factors

A
  • Countries identified by credible sources, such as FATF’s mutual evaluations and detailed assessment reports, as not having adequate AML/CFT systems
  • Countries subject to sanctions, embargoes, and similar measures issued by, for example, the United Nations
  • Countries identified by credible sources as having significant levels of drug trafficking, corruption, financial crimes, or other criminal activity
  • Countries or geographic areas identified by credible sources as providing funding or support for terrorist activities, or that have designated terrorist organizations operating within them
  • Countries that share a common border and are known to have physical cross-border transactional activity
  • Geographic areas identified as having a higher risk of money laundering or financial crimes, such HIFCAs and HIDTAs in the United States
50
Q

Enhanced Due Diligence –Product, service, transaction, and delivery channel risk factors

A
  • Private banking
  • Anonymous transactions (which might include cash)
  • Non-face-to-face business relationships and transactions
  • Payment received from unknown or unassociated third parties
51
Q

Enhanced Due Diligence for High-Risk
Customers

A

A financial organization should consider obtaining additional information from
high-risk customers, such as:
* Source of funds and wealth
* Identifying information on individuals with control over the account, such as signatories and guarantors
* Occupation or type of business
* Financial statements
* Banking references
* Domicile
* Proximity of the customer’s residence, place of employment, and place of business to the bank
* Description of the customer’s primary trade area and whether
international transactions are expected to be routine
* Description of the business operations, the anticipated volume of currency and total sales, and a list of major customers and suppliers
* Explanations for changes in account activity

Wolfsberg’s Correspondent Banking Principles
and FATF recommend obtaining the approval of senior management to commence or continue the business relationship

first payment to be carried out through an account in the customer’s name with a bank subject to similar CDD standards

52
Q

Account Opening, Customer Identification,
and Verification

A

The Basel Committee’s Sound Management of Risks Related to Money Laundering and Financing of Terrorism

bank should establish a systematic procedure for identifying and verifying its customers when applicable, any person acting on their behalf and any beneficial owners

should not establish a banking relationship or carry out any
transactions until the identity of the customer verified in accordance with FATF Recommendation 10

customers, beneficial owners, and persons acting on their behalf, verified using reliable, independent source documents, data, and
information

53
Q

Account Opening-The Basel Committee provided guidelines for account opening and customer identification in Annex IV General Guide to Account Opening

A

focuses on some methods banks can use to develop effective customer identification and verification programs

natural people seeking to open an account and legal people and legal arrangements

natural person
* Legal name (first and last) and any other names used (e.g., maiden name, former legal name, or alias)
* Complete residential address and, on the basis of risk, also the business address or post office number
* Landline or mobile telephone numbers and email address
* Date and place of birth
* Gender
* Nationality and residency status
* Occupation, position held, and name of employer
* An official personal identification number or other unique identifier
* Type of account and nature of the banking relationship
* Signature

54
Q

Account Opening-Customer Verification-Natural Persons

A

Documentary customer verification procedures include:
* Confirming the identity from an unexpired official document that bears a photograph of the customer
* Confirming the date and place of birth from an official document
* Confirming the validity of the official documentation through certification by an authorized person
* Confirming the residential address

Nondocumentary customer verification procedures include:

  • Contacting the customer by telephone or letter to confirm the information supplied after an account has been opened
  • Checking references provided by other financial organizations
  • Using an independent information verification process, such as by
    accessing public registers, private databases, and other reliable
    independent sources
55
Q

Additional sources of information and enhanced verification procedures-Natural Persons

A
  • Confirming an individual’s residential address on the basis of official papers, a credit reference agency search, or through home visits
  • Checking prior bank reference (including banking group reference) and contacting the bank regarding the customer
  • Verifying income sources, funds, and wealth identified through appropriate measures
  • Verifying employment and public positions held
  • Obtaining a personal reference from an existing customer of the financial organization
56
Q

legal people that are not natural people or legal arrangements, the
following information should be obtained

A
  • Name, legal form status, and proof of incorporation of the legal person
  • Permanent address of the principal place of the legal person’s activities
  • Mailing and registered address of legal person
  • Identity of natural people who are authorized to operate the account; in the absence of an authorized person, the identity of the relevant person
    who is the senior managing official
  • Contact telephone numbers
  • Official identification number
  • Powers that regulate and bind the legal person
  • Identity of the beneficial owners
  • Nature and purpose of activities of the legal entity and its legitimacy
  • Financial situation of the entity
  • Expected use of the account—amount, number, type, purpose, and
    frequency of the transactions expected—on the basis of risk; sources of funds paid into the account; and destination of funds passing through the account
57
Q

Account Opening-Customer Verification-Natural Persons-legal people that are not natural people or legal arrangements

A

Documentary verification methods include:
* Obtaining a copy of the certificate of incorporation, memorandum and articles of association, partnership agreement, or any other document certifying the existence of the entity
* For established corporate entities, reviewing a copy of financial statements (audited, if available)

Nondocumentary verification methods include:
* Undertaking a company search and/or other commercial inquiries to ascertain that the legal person has not been, or is not in the process of being, dissolved or terminated
* Using an independent information verification process, such as by
accessing public corporate registers, private databases, or other reliable independent sources (e.g., lawyers and accountants)
* Validating the legal entity identifier and associated data in the public
access service
* Obtaining prior bank references
* Visiting the corporate entity, when practical
* Contacting the corporate entity by telephone, mail, or email

58
Q

ID&V (Case example: Danske Bank)

A

In 2007, Danske Bank acquired Finnish Sampo Bank and its Estonian branch

Between 2007 and 2015, the Estonian branch expanded its nonresident portfolio. Nearly all of its customers were offshore and shell companies

The parent bank was unaware of the structure,there was no integrated client list

approximately US$200 billion in transactions were processed by the
Estonian branch,closed in 2019 by order of the Estonian Financial
Supervisory Authority (FSA)

Estonian branch was never integrated into the group’s IT compliance infrastructure,group-wide AML and KYC policies and procedures were not shared with the Estonian branch

Estonian branch employees’ understanding of money laundering risks was limited

Danske Bank,failed to apply EDD measures consistent with laws
and regulations and its group-wide requirements

59
Q

ID&V (Case example: Danske Bank)-Key takeaways

A
  • Organizations must integrate the AML/CTF and KYC frameworks of new acquisitions immediately with a thorough risk assessment.
  • Organizations should apply AML/CTF and KYC policies and procedures organization-wide.
  • Organizations need to have a consistent customer risk-rating
    methodology.
  • Organizations need to have robust and consistent KYC processes,
    including EDD.
  • Dedicated AML teams should operate independent from the business.
  • A strong AML culture should be embedded across the organization with clear oversight and direction from senior management
60
Q

Consolidated Customer Due Diligence

A

a strong CDD program is to consolidate and streamline account opening and ongoing monitoring processes across the organization, both domestically and globally

Basel Committee, a global risk-management program for CDD should incorporate consistent identification and monitoring of customer accounts globally across business lines and geographical locations, as well as oversight at the parent level,

When the minimum CDD standards of the home and host countries differ, offices in host jurisdictions should apply the higher standard of the two

Each office, branch, and subsidiary should be capable of complying with the minimum identification and accessibility standards applied by the parent

61
Q

Monitoring and Screening-Economic Sanctions

A
  • Targeted sanctions: Aimed at specific, named individuals, such as key leaders in a country or territory
  • Sectoral sanctions: Aimed at key sectors of an economy to prohibit a very specific subset of financial dealings within those sectors
  • Comprehensive sanctions: Generally prohibit all direct and indirect
    import/export, trade brokering, financing, and facilitating of most goods, technology, and services
62
Q

United Nations

A

UN Security Council committees

Chapter VII of the United Nations Charter.

Article 41, encompass a broad range of enforcement options

measures range from comprehensive economic and trade sanctions to more targeted measures, such as arms embargoes, travel bans, and financial or commodity restrictions

63
Q

European Union

A

Article 215 provides a legal basis for the interruption or reduction, in part or completely, of the EU’s economic and financial relations with one or more third countries

when such restrictive measures are necessary to achieve the objectives of the Common Foreign and Security Policy

The measures are preventive, nonpunitive instruments that
allow the EU to respond swiftly to political challenges and developments

In general terms, the EU imposes its restrictive measures to bring about a change in policy or activity by the target country

The EU wields measures in support of human rights and democracy objectives in the absence of a United Nations mandate and has supplemented UN sanctions

64
Q

United States

A

OFAC’s Specially Designated Nationals and Blocked Persons (SDN) list

applies sanctions to deter nonconstitutional changes, constrain and deter terrorism, and protect human rights

OFAC is not a supervisory agency, but it works closely with supervisory agencies at both the federal and state levels

supervisory examiners review OFAC compliance efforts,
including policies and procedures, training, testing, and tuning of screening systems, to determine a financial organization’s ability to effectively detect SDNs and entities that are sanctioned within all of OFAC’s programs

65
Q

Sanctions List Screening

A

Most of the names of designated terrorists on the OFAC SDN list also include numerous “also known as” alternatives.

  • When Arabic names are written in another alphabet, the spelling might vary
  • Arabic names are typically long. A person’s second name is the father’s name. A “bin” or “ibn” preceding the name indicates “son of.”
  • There is widespread use of certain names
  • Many Arabic names begin with the word “Abu.,Only when Abu is a prefix of a surname should it be accepted as a given name
66
Q

Politically Exposed Persons Screening

A

intergovernmental bodies, such as FATF in its 40 Recommendations,
explicitly reference PEPs, and government regulations, specifically the EU’s Fourth Directive, explicitly detail requirements related to PEPs

lack of available and useful information
become more creative in finding ways to avoid detection

Transparency International, a global, nongovernmental organization devoted to combating corruption, publishes the Corruption Perceptions Index

US Central Intelligence Agency, publish lists of heads of state and cabinet members of foreign governments

Accepting corruption proceeds from PEPs constitutes money laundering in the United States

have strong CDD and monitoring controls

67
Q

Know Your Employee

A

A Know Your Employee (KYE) program ensures that an organization has the means to understand an employee’s background, conflicts of interest, and susceptibility to money laundering complicity

Additionally, codes of conduct and ethics should specify mandatory requirements to report suspicious activity to the MLRO and that failure to comply subjects an employee to disciplinary action and possible employment termination

Federal Deposit Insurance Corporation (FDIC) ‘Pre-Employment Background Screening: Guidance on Developing an Effective Pre-Employment Background Screening Process’

pre-employment background checks can reduce turnover
by verifying that the potential employee has the requisite skills, certification, license, or degree for the position

establish policies that address what to do when screening uncovers information contrary to what the applicant or employee provided.

UK, the Centre for the Protection of National Infrastructure (CPNI)
publishes informative guidelines regarding insider threat and risk
management

68
Q

KYE (Case example: Citigroup Global
Markets Inc.)

A

July 2019, it fined Citigroup Global Markets Inc. (CGMI) US$1.25 million

failed to conduct timely and adequate background checks on more than 10,000 employees and may not have fingerprinted all required employees over a seven-year period

previous criminal convictions

Key takeaways
* Know your regulatory requirements for KYE.
* Effective KYE require background checks and fingerprinting.
* Use a risk-based approach to the timing of background checks and other pre-employment requirements.
* KYE protects regulated companies, their customers and investors, and the financial system

69
Q

Suspicious and Unusual Transaction Monitoring and Reporting

A

systems for monitoring and reporting suspicious activity should be risk-based and determined by factors such as the organization’s size, the nature of its business, its location, the frequency and size of transactions, and the types and geographical locations of its customers

core operating system-generate specific internal
reports

  • Daily cash activity exceeding the country’s reporting threshold
  • Daily cash activity just below the country’s reporting threshold (to identify possible structuring)
  • Cash activity aggregated over a period of time (e.g., individual transactions over a certain amount or totaling more than a certain amount over a 30-day period, to identify possible structuring);
  • Wire transfer reports/logs with filters using amounts and geographical factors
  • Monetary instrument logs/reports
  • Check kiting/drawing on uncollected funds with significant debit/credit flows
  • Significant change reports
  • New account activity reports
70
Q

Typical suspicious or unusual transaction reporting process

A
  • Procedures to identify suspicious and unusual transactions and activity through various channels,
  • Formal evaluation of each instance and continuation of unusual
    transactions and activity
  • Documentation of the SAR reporting decision (i.e., whether or not a report was filed with authorities)
  • Procedures to periodically notify senior management or the board of directors of SAR filings
  • Employee training on detecting suspicious transactions and activity

Most laws also grant immunity from civil liability (i.e., safe harbor) to the filing organization and its employees

The US has even made it illegal to reveal information that would lead to knowledge of the existence of a SAR

Strong recordkeeping procedures are key

FIUs in various countries often publish reports on how many SARs are filed ,which areas are filing the most , suspicious activity and typology trends and case studies

71
Q

Automated AML/CFT Solutions

A
  • Automated customer verification: Using third-party databases to compare information provided by a customer with source data
  • Watch list filtering: Screening new accounts, existing customers,
    beneficiaries, and transaction counterparties against terrorist, criminal, and other blocked-persons sanctions and/or watch lists
  • Transaction monitoring: Scanning and analyzing transactional data for potential money laundering activity
  • Automation of regulatory reporting: Filing SARs, CTRs, and other regulatory reports with the government
  • Case management: Providing a dashboard feature to view customer KYC, transaction history, investigations undertaken, and regulatory filings filed on a customer
  • Audit trail: Documenting steps taken to demonstrate compliance efforts to auditors and supervisory authorities

can reflect a company’s commitment to meet or exceed compliance
requirements

72
Q

Automated AML/CFT Solutions-RFP

A

Request for Proposal (RFP) ,issue RFPs to software providers

Most organizations seek a partner with a longstanding commitment

Ideally, the system is flexible, fast, and efficient to deploy

allow the organization to navigate seamlessly client relationships,
accounts, and transactions across a variety of product lines and systems, including deposits, wires, transfers, loans, trust, brokerage, letters of credit

73
Q

Capabilities of the system during its assessment

A
  • Ability to monitor transactions and identify anomalies that might indicate suspicious activity
  • Ability to gather CDD information for new and existing customers, score customer responses, and store CDD data for subsequent use
  • Ability to conduct advanced evaluation and analysis of suspicious and unusual transactions identified by the monitoring system in the context of each customer’s risk profile and that of his peer group
  • Ability to view individual alerts within the broader context
  • Workflow features,
  • Ability to use data from the organization’s core database
  • Ability to store and recall at least 12 months of data
  • Ability to manage the assignment of suspicious activity investigations
  • Automated preparation and filing of SARs to FIUs
  • Standard and ad-hoc reporting on the nature and volume of suspicious activity investigations and investigator productivity for management and other audiences
  • Enhanced ability to plan, assign, and monitor the caseload
  • Ability to provide comprehensive and accurate reporting of all aspects of AML compliance
  • User-friendly updating of risk-parameter settings
  • Tiered user-rights access
74
Q

Following aspects of automated systems

A
  • Ease of use of the application
  • Ease of data integration, system implementation, and configuration
  • Scalability of application
  • Extent to which the system can be supported with internal resources
  • User satisfaction with hardware and software support
  • Price, including initial cost and ongoing costs to sustain the system

One-stop access systems can provide images, standardization, and control for documents that must be accounted for and produced for compliance purposes.

75
Q

Unusual Customer Behavior

A
  • Customer has an unusual or excessively nervous demeanor.
  • Customer discusses a financial organization’s recordkeeping or reporting requirements with the apparent intention of avoiding them.
  • Customer threatens an employee in an effort to discourage required recordkeeping or reporting.
  • Customer is reluctant to proceed with a transaction after being told it must be reported.
  • Customer suggests paying a gratuity to an employee.
  • Customer appears to have a hidden agenda or behaves abnormally, such as declining a higher interest rate on a large account balance.
  • Customer, who is a public official, opens an account in the name of a family member, who begins making large deposits that are not consistent with the known sources of legitimate family income.
  • Customer, who is a student, uncharacteristically transfers or exchanges large sums of money.
  • Account shows high velocity in the movement of funds, but it maintains low beginning and ending daily balances.
  • Transaction involves offshore organizations whose names resemble those of well-known legitimate financial organizations.
  • Transaction involves unfamiliar countries or islands that are difficult to locate on an atlas or map.
  • Agent, attorney, or financial advisor acts for another person without proper documentation, such as a power of attorney
76
Q

Unusual Customer Identification
Circumstances

A
  • Customer provides unusual or suspicious identification documents or declines to produce original documents for verification.
  • Customer is unwilling to provide personal background information when opening an account.
  • Customer tries to open an account without identification, references, or complete local address.
  • Customer’s permanent address is outside of the organization’s service area.
  • Customer’s home or business telephone is disconnected.
  • Customer does not want a statement of his account or any other mail to be sent to him.
  • Customer asks many questions about how the financial organization shares information about the identification of its customers.
  • A business customer is reluctant to provide complete information about the nature and purpose of its business, anticipated account activity, and other details about the business, or to provide financial statements or other documents about a related business entity.
  • Customer provides no record of past or present employment on a loan application.
  • Customer’s Internet Protocol (IP) address or online device tracing does not match the identifying information or government-issued identification provided during online registration.
77
Q

Unusual Cash Transactions part 1

A
  • Customer makes a large cash deposit without having counted the cash.
  • Customer frequently exchanges small bills for large bills.
  • Customer’s cash deposits often contain counterfeit bills or musty or
    extremely dirty bills.
  • Customer enters the bank with another customer, and they go to different tellers to conduct currency transactions under the reporting threshold.
  • Customer makes a large cash deposit containing many high-denomination bills
    *Customer opens several accounts in one or more names, and then makes several cash deposits under the reporting threshold.
  • Customer withdraws cash in amounts under the reporting threshold.
  • Customer withdraws cash from one of her accounts and deposits it into another account the customer owns.
  • Customer conducts unusual cash transactions through night deposit boxes, especially large sums that are not consistent with the customer’s business.
  • Customer makes frequent deposits or withdrawals of large amounts of currency for no apparent business reason or for a business that generally does not generate large amounts of cash.
  • Customer conducts large cash transactions at different branches on the same day or coordinates other individuals to do so on his behalf.
78
Q

Unusual Cash Transactions part 2

A
  • Customer deposits cash into several accounts in amounts below the reporting threshold, consolidates the funds into one account, and then wire transfers them abroad.
  • Customer attempts to take back a portion of a cash deposit that exceeds the reporting threshold after learning that a CTR will be filed.
  • Customer conducts several cash deposits below the reporting threshold at ATMs.
  • Corporate account has deposits or withdrawals primarily in cash, rather than checks.
  • Customer frequently deposits large sums of cash wrapped in currency straps.
  • Customer frequently purchases monetary instruments with cash in
    amounts lower than the reporting threshold.
  • Customer conducts an unusual number of foreign currency exchange transactions.
  • Customer conducts foreign currency exchange transactions/currency swaps without seeming to care about the margins.
  • A noncustomer deposits cash into a customer account, which is
    subsequently withdrawn at a different geographic location.
79
Q

Unusual Noncash Deposits

A
  • Customer deposits a large number of traveler’s checks, often in the same denominations and in sequence.
  • Customer deposits large numbers of consecutively numbered money orders.
  • Customer deposits checks and/or money orders that are not consistent with the stated purpose of the account or nature of business.
  • Customer deposits a large number of third-party checks.
  • Deposited funds are moved quickly out of the account via payment
    methods inconsistent with the established purpose of the account.
80
Q

Unusual Wire Transfer Transactions Part 1

A
  • Wire transfers are sent or received from the same person to or from different accounts.
  • Customer uses message type (MT) 202 for a covered payment in SWIFT messaging to obscure wire transfer information.
  • Nonaccount holder sends wire transfer with funds that include numerous monetary instruments, each in an amount under the reporting threshold.
  • An incoming wire transfer includes instructions to convert the funds to cashier’s checks and mail them to a nonaccount holder.
  • Wire transfer activity occurs to and from secrecy havens or high-risk
    geographic locations without apparent business reason or inconsistent with a customer’s transaction history.
  • An incoming wire transfer is followed by the immediate purchase by the beneficiary of monetary instruments for payment to another party.
81
Q

Unusual Wire Transfer Transactions Part 2

A
  • There is an increase in international wire transfer activity in an account with no history of such activity or when the stated business of the customer does not warrant it.
  • Customer frequently shifts purported international profits by wire transfer out of the country.
  • Customer receives many small incoming wire transfers and then orders a large outgoing wire transfer to another country.
  • Customer deposits bearer instruments followed by instructions to wire the funds to a third party.
  • An account in the name of a currency exchange house receives wire
    transfers and/or cash deposits under the reporting threshold.
82
Q

Unusual Safe Deposit Box Activity

A
  • Customer spends an unusual amount of time in the safe deposit box area, possibly indicating the safekeeping of large amounts of cash.
  • Customer often visits the safe deposit box area immediately before
    making cash deposits of sums under the reporting threshold.
  • Customer rents multiple safe deposit boxes
83
Q

Unusual Activity in Credit Transactions

A
  • A customer’s financial statement makes representations that do not
    conform to accounting principles.
  • A transaction is made to appear more complicated than necessary by the use of nonsensical technical terms, such as emission rate, prime bank notes, standby commitment, arbitrage, and hedge contracts.
  • Customer requests loans either made to offshore companies or secured by obligations of offshore banks.
  • Customer suddenly pays off a large problem loan with no plausible
    explanation regarding the source of funds.
  • Customer purchases certificates of deposit and uses them as collateral for a loan.
  • Customer collateralizes a loan with cash deposits.
  • Customer uses cash collateral located offshore to obtain a loan.
  • Customer’s loan proceeds are unexpectedly transferred offshore
84
Q

Unusual Commercial Account Activity

A
  • Business customer presents financial statements that are noticeably
    different from those of similar businesses.
  • Large business presents financial statements that are not prepared by an accountant.
  • Retail business that provides check-cashing services does not make
    withdrawals of cash against check deposits, possibly indicating that it has another source of cash.
  • Small business makes deposits that are inconsistent with its expected activity or receives funds from other unrelated businesses.
  • Customer maintains an inordinately large number of accounts for the type of business purportedly being conducted.
  • Corporate account shows little or no regular, periodic activity.
  • A transaction includes circumstances that would cause a banker to reject a loan application because of doubts about the collateral.
  • Multiple high-value payments or transfers occur between shell companies with no apparent legitimate business purpose.
  • Transacting businesses share the same address, provide only a registered agent’s address, or raise other address-related inconsistencies.
85
Q

Unusual Trade Financing Transactions part 1

A
  • Customer seeks trade financing on the export or import of commodities with stated prices that are substantially higher or lower than those in a similar market situation or environment.
  • Customer requests payment of proceeds to an unrelated third party.
  • Customer presents significantly amended letters of credit without
    reasonable justification or changes the location of payment or the
    beneficiary just before payment is made.
  • Customer changes the place of payment in a letter of credit to an account in a country other than the beneficiary’s stated location
  • Customer’s standby letter of credit is used as a bid or performance bond without the typical reference to an underlying project or contract or designates unusual beneficiaries.
  • Letter of credit is inconsistent with customer’s business.
  • Letter of credit covers goods that are in little demand in importer’s
    country.
  • Letter of credit covers goods that are rarely, if ever, produced in the
    exporter’s country.
  • Documents arrive without title documents
86
Q

Unusual Trade Financing Transactions part 2

A
  • Letter of credit is received from a country that is considered high risk for money laundering.
  • Obvious overpricing or underpricing of goods and services.
  • The structure of a transaction appears unnecessarily complex and
    designed to obscure the true nature of the transaction.
  • Commodities are shipped through one or more jurisdictions for no
    apparent economic or logistical reason.
  • Transaction involves the use of repeatedly amended or frequently
    extended letters of credit.
  • Size of a shipment appears inconsistent with the regular volume of
    business of the importer or exporter.
87
Q

Unusual Investment Activity

A
  • Customer uses an investment account as a pass-through vehicle to wire funds to offshore locations.
  • Investor seems disinterested in the typical decisions made about
    investment accounts, such as risk, commissions, fees, and the suitability of the investment vehicles.
  • Customer wants to liquidate a large position through a series of small transactions.
  • Customer deposits cash, money orders, traveler’s checks, or cashier’s checks in amounts under the reporting threshold to fund an investment account.
  • Customer cashes out annuities during the free-look period or surrenders the annuities early.
88
Q

Other Unusual Customer Activity

A
  • Customer conducts an unusually high number of transactions over the internet or by telephone.
  • Customer purchases several open-end prepaid cards for large amounts, inconsistent with normal business activity.
  • Funds withdrawn from accounts are not consistent with the normal
    business or personal activity of the account holder or include transfers to suspicious international jurisdictions.
  • Customer uses a personal account for business purposes.
  • Customer repeatedly uses bank or branch locations geographically distant from the customer’s home or office without sufficient business purpose
89
Q

Unusual Employee Activity

A
  • Employee exaggerates the credentials, background, financial ability, or resources of a customer in written reports the bank requires.
  • Employee is involved in an excessive number of unresolved exceptions.
  • Employee lives a lavish lifestyle that could not be supported by her salary.
  • Employee frequently overrides internal controls or established approval authority or circumvents policy (e.g., removes the name of a high-risk person from a wire, known as wire stripping).
  • Employee uses company resources to further private interests.
  • Employee facilitates transactions in which the identity of the ultimate beneficiary or counterparty is undisclosed.
  • Employee avoids taking periodic vacations.
  • Employee functions performed by vendors or contractors have unusual billing or payment terms
90
Q

Unusual Activity in a Money Remitter or Currency Exchange House Setting

A
  • Customer uses money orders, traveler’s checks, or funds transfers in an unusual manner.
  • Two or more people work together in transactions.
  • Transaction is altered to avoid filing a CTR.
  • Customer comes into the bank frequently to purchase less than US$3,000 in instruments each time (or whatever the local recordkeeping threshold is).
  • Transaction is altered to avoid completing a record of funds transfer, money order, or traveler’s checks of US$3,000 or more (or whatever the local recordkeeping threshold is).
  • The same person uses multiple locations in a short time period.
  • Two or more people use the same identification.
  • One person uses multiple identification documents.
91
Q

Unusual Activity for Virtual Currency

A
  • Repeated receipt of funds transfers from virtual currency exchanges is inconsistent with customer profile.
  • Multiple transfers are made to one common end user.
  • Transactions involving virtual currency exchanges are followed within a brief time by funds transfers to high-risk geographies or ATM withdrawals in high-risk geographies.
  • Purchase of virtual currency quickly follows the receipt of funds transfers from unconnected third parties.
  • Multiple accounts are used to collect and funnel funds to a small number of virtual currency accounts.
  • Multiple purchases of virtual currency are at or just below US$3,000, or the local recordkeeping requirement.
  • Key words entered into the transaction could relate to the sale of
    suspicious products.
92
Q

Unusual Activity in an Insurance Company
Setting

A
  • Cash payments are made on insurance policies.
  • Customer overfunds an insurance policy and then moves money out of it, despite early-withdrawal fees.
  • Customer uses multiple currency equivalents (e.g., cashier’s checks and money orders) from different sources to make insurance policy or annuity payments.
  • Customer purchases products that appear outside his normal range of financial wealth or estate planning needs.
  • Customer makes an early withdrawal of insurance bond, disregarding applicable fees
  • Customer requests refunds during a policy’s legal cancellation period or free-look period.
  • Policy premiums are paid from abroad or by a third party, especially from an offshore financial center.
  • A policy stipulates the periodic payment of premiums in large amounts.
  • Customer changes the named beneficiary of a policy to a person with no clear relationship to the policyholder.
  • There is a lack of concern for significant tax or other penalties assessed when cancelling a policy.
  • Insurance bonds that were originally subscribed to by an individual in one country are redeemed by a business entity in another country.
93
Q

Unusual Activity in a Broker-Dealer Setting

A
  • The customer appears to be acting as an agent for an undisclosed
    principal, but declines or is reluctant to provide information, or is otherwise evasive
  • For no apparent reason, the customer has multiple accounts under a single name or multiple names, with a large number of inter-account or thirdparty transfers
  • The customer’s account has unexplained or sudden extensive wire activity
  • The customer makes a funds deposit for the purpose of purchasing a longterm investment that is followed shortly thereafter by a request to liquidate the position
  • The customer engages in excessive journal entries between unrelated accounts
  • The customer requests that a transaction be processed in a manner that avoids the organization’s typical documentation requirements
  • The customer, for no apparent reason engages in transactions involving certain types of securities
  • The customer’s account shows an unexplained high level of activity with very low levels of securities transactions
94
Q

Unusual Real Estate Activity Part 1

A
  • Borrower/buyer submits invalid documents in order to cancel mortgage obligations or pay off her loan balances(s).
  • The same notary public and/or other authorized representative works with and/or receives payments from an unusually high number of borrowers.
  • Certified checks, cashier’s checks, or noncash item checks are falsified and drawn against a borrower/buyer’s account, rather than from the account of a financial organization.
  • Borrower/buyer applies for a loan for a primary residence, he but does not reside in the new primary residence
  • Borrower/buyer requests refinancing for her primary residence, although public and personal documents indicate that she resides elsewhere
95
Q

Unusual Real Estate Activity Part 2

A
  • Low appraisal values, non-arms-length relationships between short-sale buyers and sellers, and previous fraudulent sale attempts in short-sale transactions
  • The agent unlicensed
  • Improper/incomplete file documentation,
  • The apparent resubmission of a rejected loan application with key
    borrower/buyer details modified from the individual borrower to
    company/corporation
    *Borrower/buyer attempts to structure currency deposits and withdrawals, or otherwise hides or disguises the true value of assets
  • There is a request from third-party affiliates on behalf of distressed
    homeowners to pay fees in advance of the homeowner receiving
    mortgage counseling, foreclosure avoidance, loan modification, or other related service.
    *A third party solicits distressed homeowners for purported mortgage counseling, foreclosure avoidance, loan modification, or other related services
96
Q

Unusual Activity for Dealers of Precious Metals and Other High-Value Items Part 1

A
  • Diamonds originate from a country where there is limited production or no diamond mines at all.
  • Trade is conducted in large volumes with countries that are not part of the diamond pipeline.
  • The volume of purchases and/or imports grossly exceeds the expected sales amount.
  • Gold bars, coins, and loose diamonds are sold from a jewelry store (i.e., retail).
  • There is an increase in the volume of activity in a diamond dealer’s account, despite a significant decrease in the industry-wide volume
  • An intermediary located abroad facilitates the selling and buying of
    diamonds between two local companies
  • Payments related to the appearance of rare or unique diamonds are made in the international market outside of known trading procedures
97
Q

Unusual Activity for Dealers of Precious Metals and Other High-Value Items Part 2

A
  • A single bank account is used by multiple businesses.
  • A single bank account has multiple deposit handlers (retail and wholesale).
  • Third parties are used to deposit funds into a single dealer’s or multiple diamond dealers’ accounts
  • Financial activity is inconsistent with practices in the diamond trade.
  • Deposits or transfers to a diamond dealer’s account from foreign
    companies are followed by the immediate transfer of similar amounts to another jurisdiction.
    Open export is settled by offsetting to, and receiving payment from, a third party.
  • Funds are received/transferred for import/export, and the ordering
    customer/beneficiary is an MSB.
  • The name of receiver in the payment from the diamond dealer is not the exporter/supplier
98
Q

Unusual Activity Indicative of Trade-Based Money Laundering

A
  • Payment is made by virtually any method (e.g., cash, wire, check, or bank drafts) by a third party with no connection to the underlying transaction.
  • Structured currency deposits are made to individual checking accounts with multiple daily deposits to multiple accounts at different branches of the same bank on the same day.
  • There are discrepancies between the description of goods or commodity in the invoice and the actual goods shipped.
  • Letters of credit are amended without justification.
  • There is no apparent business relationship between the parties and
    transactions.
  • Frequent transactions are conducted in round or whole dollars.
  • Funds are transferred into an account and moved to a high-risk country in the same amount.
  • Companies operate in jurisdictions where their business purpose is not fully understood, and there are difficulties in determining ownership.
  • There is a lack of appropriate documentation to support transactions.
  • Negotiable instruments are used to fund transactions in sequential
    numbers and/or have missing payee information.
99
Q

Unusual Activity Indicative of Human Smuggling Part 1

A
  • Multiple wire transfers, generally kept below the US$3,000 reporting
    threshold, are sent from various locations
  • Multiple wire transfers are conducted at different branches of a financial organization to or from US or Mexican cities
    Money flows do not fit common remittance patterns
  • Unusual currency deposits into US financial organizations are followed by wire transfers to countries with high migrant populations
  • Multiple apparently unrelated customers send wire transfers to the same beneficiary, who might be located in a US or Mexican city along the southwest border
  • A customer’s account appears to function as a funnel account, whereby cash deposits (often kept below the US$10,000 reporting threshold) occur in cities/states where the customer does not reside or conduct business
100
Q

Unusual Activity Indicative of Human
Trafficking Part 1

A
  • A business customer does not exhibit normal payroll expenditures
  • Wages are substantially deducted
  • Payroll checks are cashed, but the majority of the funds are kept by the employer or deposited back into the employer’s account
  • Frequent outbound wire transfers, with no business or apparent lawful purpose, are directed to countries at high risk for human trafficking
  • A customer’s account appears to function as a funnel account, whereby cash deposits occur in cities/states where the customer does not reside or conduct business* Multiple apparently unrelated customers send wire transfers to the same
    beneficiary
  • Transactions are conducted by individuals and escorted by a third party (e.g., under the pretext of requiring an interpreter) to transfer funds, which seem to be their salaries, to other countries
101
Q

Unusual Activity Indicative of Human
Trafficking Part 2

A
  • Frequent payments are made to online escort services for advertising, including small posting fees to companies of online classifieds and more costly, high-end advertising and website hosting companies
  • Frequent transactions, inconsistent with expected activity and/or line of business
  • Payments are made to employment or student recruitment agencies that are not licensed/registered
  • A customer establishes an account or visits a branch to conduct
    transactions while escorted by a third party (e.g., under the pretext of
    requiring an interpreter). The third party escorting the customer might have possession of the customer’s ID
  • A common signer/custodian is used in apparently unrelated business and/or personal accounts
  • An employer or employment agency serves as a custodian for the
    accounts of foreign workers or students
102
Q

Unusual Activity Indicative of Potential
Terrorist Financing-Behavior indicators

A
  • Parties to the transaction (e.g., owner, beneficiary) from countries known to support terrorist activities and organizations
  • Use of false corporations, including shell companies
  • Inclusion of the individual on the United Nations 1267 Sanctions list
  • Media reports that the account holder is linked to a known terrorist
    organization or engaged in terrorist activities
  • Beneficial owner of the account is not properly identified
  • Use of nominees, trusts, family member, or third-party accounts
  • Use of false identification
  • Abuse of nonprofit organizations
103
Q

Unusual Activity Indicative of Potential
Terrorist Financing-Indicators linked to financial transactions

A
  • Use of funds by nonprofit organization inconsistent with the purpose for which it was established
  • Transaction not economically justified, considering the account holder’s business or profession
  • Series of complicated transfers of funds from one person to another as a means to hide their source and intended use
  • Transactions that are inconsistent with the account’s typical activity
  • Deposits structured below the reporting requirements to avoid detection
  • Multiple cash deposits and withdrawals with suspicious references
  • Frequent domestic and international ATM activity
  • No business rationale or economic justifications for the transactions
  • Unusual cash activity in foreign bank accounts
  • Multiple cash deposits in small amounts in an account, followed by a large wire transfer to another country
  • Use of multiple foreign bank accounts
104
Q

Unusual Activity Indicative of Cyber Criminal Activity

A
  • Phishing Scams:
  • Spear Phishing: Similar to phishing, spear phishing messages appear to come from a trusted source that is familiar to the victim
  • Ransomware: This is an attack conducted by a hacker in which malicious software designed to block access to a computer system
  • Business Email Compromise (BEC): BEC is a scam in which an attacker obtains access to a business email account