Management Regimes Flashcards
What are the essential components of a Sanctions Compliance Program (SCP)?
- Management commitment
- Risk assessment
- Internal controls
- Testing and auditing
- Training
What is Final Rule Part 504?
This advisory was issued by the NYDFS on 30 June 2016 to require regulated institutions to maintain transaction monitoring and filtering programs that are reasonably designed to
- Monitor transactions after their execution for compliance with the BSA and AML laws and regulations, including suspicious activity reporting requirements
- Monitor transactions prior to their execution to prevent unlawful transactions with targets of economic sanctions administered by OFAC
What are some deficiencies noted in relation to sanctions screening by NYDFS in ite notice issued in Jan 2017?
- insufficient capacity to assess alerts
- too loose , strict criteria
- excluding transactions without first assessing risj
- watch list filtering nor carried out frequently
- parties on suppression lists not screened periodically or when changes were made to lists
- up to date sanctions lists not used in screening
As a best practice standard, how should firms conduct screening?
- Screen databases each time a regulator amends targets, legislation, regs
- Establish a process that screens all financial flows
- Establish a process to ensure the effectiveness of automated screening tools data quality, AST settings, and frequency of screening
What is batch screening?
Batch screening is a process of screening a firm’s entire customer base and other associated entities, such as vendors.
What should be the frequency of batch screeningv
Risk based basis, but generally daily or when there is an update to a sanctions list.
What is the risk assessment formula?
Inherent risk - control effectiveness = residual risk
What is an important country risk component that is often overlooked?
Assessment of the country risk for those third countries in which the customers’ counterparties are located. This element of the risk assessment is generally linked to the value and volume of transactions to any one country.
What are the options for managing residual risks?
- Transfer risk (vendor)
- Avoid risk (discontinue product line)
- Mitigate risk (increasing monitoring and controls
- Accept risk
How do you evaluate the ability of sanctions screening / filtering software applications to identify unusual activity?
- Checking data records against official sanctions lists and watchlists
- reviewing policies, procedures for monitoring sanctions evasions
- reviewing the processes for ensuring the completeness, accuracy and timeliness of the data supplied but the source transaction processing system?
- evaluating the methodology for establishing and analyzing filtering criteria
- evaluating the filtering matrix that provides the list of messages / payments that are subject to sanctions filtering
What is a U-Turn payment?
A u-turn is a transaction performed by a bank in one country for the benefit of a bank in another country. A bank or other institution from country A sends a transaction through a bank in country B using an offshore bank. In the financial world, U-turn payments are most commonly known in relation to US sanctions - particularly to those imposed on Iran
What are the four kinds of inherent risks?
- Customers
- Products and services
- Countries
- Delivery channels
Inherent risk is linked to the risk assessment process, which evaluates the effectiveness of an institution’s risk controls. Inherent risk considers the livelihood and impact or non-compliance prior to considering any mitigating effects of risk management processes.
What is the meaning of delivery channels?
Delivery channels are the ways in which products and services are provided by a firm to its customer (also referred to as servicing methods and distribution channels). For example, reliance upon brokers, intermediaries and other independent third parties poses a higher sanctions risk than when a business interacts directly with customers and suppliers. Similarly, if a firm relies on affiliates’ due diligence, especially if affiliates are in jurisdictions with lower compliance standards, the absence of face to face onboarding presente a higher risk than when customers are onboarded directly or through a domestic affiliate.
Does a delivery channel that processes payments quickly present a higher risk?
Yes as there is less time for potential investigation. For example, compare a traditional international wire transfer to an international automated clearing house payment. The ACH payment is a higher risk due to the speed of the delivery channel.
What is the role of policies and procedures as aspects of an institution’s sanctions compliance program?
They identify, interdict, escalate, report, and maintain records concerning potentially prohibited activities.