Скачать презентацию AML Compliance Requirements Agenda Overview Current Environment Скачать презентацию AML Compliance Requirements Agenda Overview Current Environment

756878bb1aa7b293819fb74efaa02667.ppt

  • Количество слайдов: 37

AML Compliance Requirements AML Compliance Requirements

Agenda Overview Current Environment Prevalent Practices for an AML Compliance Program Questions and Answers Agenda Overview Current Environment Prevalent Practices for an AML Compliance Program Questions and Answers Copyright © 2006 Deloitte Development LLC. All rights reserved.

Overview Copyright © 2006 Deloitte Development LLC. All rights reserved. Overview Copyright © 2006 Deloitte Development LLC. All rights reserved.

 • “In every war we have fought, bankers have been on the front • “In every war we have fought, bankers have been on the front lines. And you are on the front lines today. Make no mistake about that. ” • “It is clear that was good enough in the past may not be good enough now. The stakes are much, much higher than ever before. ” • “Clearly, the times have changed--for banks and for regulators--and a ‘business-as-usual’ approach is not going to be sufficient to meet the challenges at hand. ” Daniel P. Stipano Acting Chief Counsel Office of the Comptroller of the Currency Copyright © 2006 Deloitte Development LLC. All rights reserved.

Heightened Regulatory Scrutiny • • New rules for enforcement actions New interagency Bank Secrecy Heightened Regulatory Scrutiny • • New rules for enforcement actions New interagency Bank Secrecy Act (“BSA”) examination manual Newly-articulated supervisory risk focus New government initiatives underway Copyright © 2006 Deloitte Development LLC. All rights reserved.

Implications • Enhanced scrutiny of AML compliance by bank regulators and prosecutors – Examinations Implications • Enhanced scrutiny of AML compliance by bank regulators and prosecutors – Examinations more intense and detailed • General, targeted and horizontal exams – Past exams not indicative of future exam rating • Rating declines from 1 or 2 to 3 or 4 • The trend for Fin. CEN and bank regulators is monetary penalties as well as informal or formal actions • Forward Look • Look Back (Transaction Review, i. e. , back-filing CTRs and/or SARs) – If CTR/SAR systems and controls are deemed deficient, a financial institution can be required to go back in time and reconstruct transactions, typically with the “assistance” of a third party, for reporting purposes – Can be burdensome and expensive – Late-filing is useful in theory, but in reality, late-filing appears punitive Copyright © 2006 Deloitte Development LLC. All rights reserved.

Impact • Well over 100 formal public enforcement and informal actions in the last Impact • Well over 100 formal public enforcement and informal actions in the last few years • Regulatory fines have been assessed, in some public actions, ranging from several million to $50 million • Pace of recent enforcement actions appears similar to 2004 and 2005 Copyright © 2006 Deloitte Development LLC. All rights reserved.

Reasons for Enforcement Actions • Recent public/non-public enforcement actions are mainly the result of Reasons for Enforcement Actions • Recent public/non-public enforcement actions are mainly the result of governance, process and testing failures – – – Lack of management oversight and accountability Failure to meet reporting requirements Failure/Absence of key control activities Inadequate risk assessment Inadequate/Ineffective monitoring functions – Failure to conduct due diligence on clients – Inadequate communication of information – Failure to respond to previous criticism – Concealing information from examiners Copyright © 2006 Deloitte Development LLC. All rights reserved.

Potential Consequences – Unsatisfactory management or composite rating jeopardizes status of parent as a Potential Consequences – Unsatisfactory management or composite rating jeopardizes status of parent as a “FHC” and conduct of non-banking businesses – Unsatisfactory rating/enforcement action derails bank acquisitions • Expansion of current activity/M&A activity is dependent: – Being well managed (at least a satisfactory rating) – Being well capitalized – Having a satisfactory CRA rating – Must have an effective AML program (Section 327 of USA PATRIOT Act allows regulators to restrict a BHC/financial institution ability to complete M&A/expand • If under an AML enforcement action, generally barred from M&A and/or expansion activities until it is lifted – Coupled with use of bank by money launderers, compliance inadequacies may be basis for criminal charges against bank – Involvement in money laundering can trigger the forfeiture of bank charter or FDIC insurance Copyright © 2006 Deloitte Development LLC. All rights reserved.

Additional Thoughts Do Not Rest on Your Laurels – A past history of satisfactory Additional Thoughts Do Not Rest on Your Laurels – A past history of satisfactory BSA exams does not mean your program will be satisfactory today or going forward. – Examinations are more rigorous, every program element is subject to heightened scrutiny. Consequently, weaknesses that may not have been identified in earlier exams may surface. – Even if your institution is not subject to regular BSA exams, the expectation of prosecutors must also be taken into account. • If transactions involving money laundering occur through your institution, prosecutors will take into account whether you have a robust AML/BSA program. • Where are you in your peer group? Many institutions not yet subject to formal requirements, e. g. , SAR filings, have implemented these program elements as a “best practice”. Copyright © 2006 Deloitte Development LLC. All rights reserved.

Current Environment Copyright © 2006 Deloitte Development LLC. All rights reserved. Current Environment Copyright © 2006 Deloitte Development LLC. All rights reserved.

Current Environment - Overall Bank Broker-Dealer Regulatory Requirement Insurance Company Investment Advisor OFAC Applicable Current Environment - Overall Bank Broker-Dealer Regulatory Requirement Insurance Company Investment Advisor OFAC Applicable Applicable Cash Activity Applicable (CTRs) Applicable (Form 8300) AML Program Applicable (Section 352) Applicable (effective May 2, 2006) Applicable – Mutual Funds; Proposed – Unreg funds SARs Applicable (effective May 2, 2006) Proposed for Mutual Funds; TBD for Unreg funds Applicable Copyright © 2006 Deloitte Development LLC. All rights reserved. Proposed TBD

Current Environment - Overall Bank Regulatory Requirement Broker. Dealer Insurance Company Investment Advisor CIP Current Environment - Overall Bank Regulatory Requirement Broker. Dealer Insurance Company Investment Advisor CIP (Section 326) Applicable TBD Applicable – Mutual Funds; TBD Unreg Funds Information sharing (Section 314(a)) Applicable TBD – Mutual Funds**; Proposed – Unreg Funds Information sharing (Section 314(b)) Applicable (effective May 2, 2006) Applicable TBD – Mutual Funds; Proposed – Unreg Funds Copyright © 2006 Deloitte Development LLC. All rights reserved. TBD

Current Environment - Overall Regulatory Requirement Bank Broker-Dealer Insurance Company Investment Advisor Special Measures Current Environment - Overall Regulatory Requirement Bank Broker-Dealer Insurance Company Investment Advisor Special Measures (Section 311) Applicable TBD TBD EDD for Correspondent/ PB Accounts (Section 312) Applicable - Not Currently Applicable Shell Banks (Section 313/319) Applicable Currently Not Applicable AML Record (Section 327) Applicable Currently Not Applicable Prospectively for New Accounts – Applicable 4/4/06; Retrospectively for Accts Established Prior to 4/4/06 – 10/2/06 Copyright © 2006 Deloitte Development LLC. All rights reserved. Prospectively for New Accounts – Applicable 4/4/06; Retrospectively for Accts Established Prior to 4/4/06 – 10/2/06 Mutual Funds Prospectively for New Accounts – Applicable 4/4/06; Retrospectively for Accts Established Prior to 4/4/06 – 10/2/06; Not Currently Applicable Unreg Funds

Current Environment – Trust Companies Regulatory Requirement Trust Companies that are Federally Functionally Regulated Current Environment – Trust Companies Regulatory Requirement Trust Companies that are Federally Functionally Regulated OFAC Applicable Cash Activity Applicable (CTRs) AML Program (Section 352) Applicable Not Currently Applicable SARs Applicable Not Currently Applicable Copyright © 2006 Deloitte Development LLC. All rights reserved. Trust Companies that are Not Federally Functionally Regulated

Current Environment – Trust Companies Regulatory Requirement Trust Companies that are Federally Functionally Regulated Current Environment – Trust Companies Regulatory Requirement Trust Companies that are Federally Functionally Regulated Trust Companies that are Not Federally Functionally Regulated CIP (Section 326) Applicable Information sharing (Section 314(a)) Applicable Not Currently Applicable Information sharing (Section 314(b)) Applicable Not Currently Applicable Copyright © 2006 Deloitte Development LLC. All rights reserved.

Current Environment – Trust Companies Regulatory Requirement Trust Companies that are Federally Functionally Regulated Current Environment – Trust Companies Regulatory Requirement Trust Companies that are Federally Functionally Regulated Trust Companies that are Not Federally Functionally Regulated CIP (Section 326) Applicable Information sharing (Section 314(a)) Applicable Not Currently Applicable Information sharing (Section 314(b)) Applicable Not Currently Applicable Copyright © 2006 Deloitte Development LLC. All rights reserved.

Current Environment – Trust Companies Regulatory Requirement Trust Companies that are Federally Functionally Regulated Current Environment – Trust Companies Regulatory Requirement Trust Companies that are Federally Functionally Regulated Trust Companies that are Not Federally Functionally Regulated Special Measures (Section 311) Applicable Not Currently Applicable EDD for Correspondent/ PB Accounts (Section 312) Applicable Prospectively for New Accounts – Applicable 4/4/06; Retrospectively for Accts Established Prior to 4/4/06 – 10/2/06 Not Currently Applicable Shell Banks (Section 313/319) Applicable AML Record (Section 327) Applicable Not Currently Applicable Copyright © 2006 Deloitte Development LLC. All rights reserved.

Current Environment (cont’d) • Changing Regulatory Approach – AML risk management plays key role Current Environment (cont’d) • Changing Regulatory Approach – AML risk management plays key role in corporate governance and independent monitoring functions • Continued shift by regulators to risk based supervisory approach • More reliance on bank’s own monitoring and senior management assertions • “Top down” approach to assess compliance and compliance testing Copyright © 2006 Deloitte Development LLC. All rights reserved.

Current AML Environment (cont’d) • Regulatory scrutiny has led to: – – – Defensive Current AML Environment (cont’d) • Regulatory scrutiny has led to: – – – Defensive filing of Suspicious Activity Reports (“SARs”) Need to enhance AML programs Increased costs of compliance, including responding to regulatory actions Departures from the market Difficulties in managing global clients Copyright © 2006 Deloitte Development LLC. All rights reserved.

Risk-Based Expectations for AML • Industry should adopt sound risk management to: – Better Risk-Based Expectations for AML • Industry should adopt sound risk management to: – Better identify risk – Better direct resources – Better safeguard the organization • Examiners will tailor examination scope to the risk profile of bank Copyright © 2006 Deloitte Development LLC. All rights reserved.

Compliance Risk Management Enterprise Risk Management Process • • PLAN Risk Strategy Strategic Planning Compliance Risk Management Enterprise Risk Management Process • • PLAN Risk Strategy Strategic Planning Resource Planning New Product Approvals Information for Decision Making POLICY Risk Definition Risk Principles Risk Appetite Risk Governance Model Authorities EVALUATE • Monitor Risk • Management Reporting to Board • Annual Board Assessment Relevant Reporting Entities: FHC Bank: - Retail Identify Measure & Report Assess Mitigate - Wholesale Objectives Aggregation & Performance Nonbank Subs. Relevant Risk Categories: t di e Cr s re e nt I Compliance Function • Corporate Compliance • Regional Compliance • Business Unit Compliance • Relationship with Internal Audit Copyright © 2006 Deloitte Development LLC. All rights reserved. te • • • a t. R l t ty e gal gic ion na ke di ui tio nc Le trate utat p Liq pera ia S Re pl O r Ma m Co Compliance Elements Roles and Responsibilities Organizational Structure Policies and Procedures Training Testing Management Reporting • • • External Factors Banking Laws and Regs Examination Handbooks Regulatory Bulletins Enforcement Actions Industry Practices

Prevalent Practices for an AML Compliance Program Copyright © 2006 Deloitte Development LLC. All Prevalent Practices for an AML Compliance Program Copyright © 2006 Deloitte Development LLC. All rights reserved.

Overview Reputation: The Most Valuable Intangible Asset Reputation Reporting - CTRs - SARs - Overview Reputation: The Most Valuable Intangible Asset Reputation Reporting - CTRs - SARs - 314(a) - Board/Sr Mgt Training CIP/ CDD / EDD and Risk Assessment OFAC USA PATRIOT Act Requirements BSA Requirements Spirit of the Law Compliance: Acting According to Regulatory Requirements and Expectations Foundation of the Organization Formal Policy Statements: Mission, Vision, Values Governance/Culture of Compliance Copyright © 2006 Deloitte Development LLC. All rights reserved. Organizational Structure Processes and Procedures Independent Testing

Eight Key AML Requirements 1. Governance – Board and senior management are responsible for Eight Key AML Requirements 1. Governance – Board and senior management are responsible for ensuring effectiveness of the compliance program (“Culture of Compliance”) • Need to be actively involved; set “tone at the top” • Participate in setting AML risk tolerances • Approve policy and assist in establishing appropriate controls • Receive AML awareness training/education • Receive and review reports (e. g. , AML risk trends and how risk is managed) to increase transparency • Establish AML Committee to provide guidance and leadership on significant AML compliance issues • Increasingly held to a higher standard Copyright © 2006 Deloitte Development LLC. All rights reserved.

“A culture of compliance should establish – from the top of the organization – “A culture of compliance should establish – from the top of the organization – the proper ethical tone that will govern the conduct of business. In many instances, senior management must move from thinking about compliance as a cost center to considering the benefits of compliance in protecting against legal and reputational risks that can have an impact on the bottom line. ” Governor Susan Schmidt Bies Board of Governors of the Federal Reserve System Copyright © 2006 Deloitte Development LLC. All rights reserved.

 • “Examiners expect to find certain core principles of risk management including, top • “Examiners expect to find certain core principles of risk management including, top level involvement, clear responsibilities at each level of management, independence of risk controls, strong well-developed systems and effective monitoring and reporting. ” Mary Ann Gadziala Associate Director, OCIE Copyright © 2006 Deloitte Development LLC. All rights reserved.

Eight Key AML Requirements 2. Risk Assessment – Risk identification, measurement and monitoring – Eight Key AML Requirements 2. Risk Assessment – Risk identification, measurement and monitoring – Assess at a business and customer level the degree of money laundering and/or terrorist financing risk. – Stratify the customer base in an effort to identify monitor those customers that pose a heightened money laundering risk. Copyright © 2006 Deloitte Development LLC. All rights reserved.

Eight Key AML Requirements 3. Comprehensive Program – Policies, procedures and internal controls • Eight Key AML Requirements 3. Comprehensive Program – Policies, procedures and internal controls • Clearly delineate AML roles and responsibilities of management, staff as well as functions (e. g. , internal audit, compliance, etc. ) • Define regulatory requirements (inventory of applicable laws/regulations • Communication/Roll-out/Employee sign-off • Annual review and update – Organizational Structure and Staffing • Designation of an AML officer; senior person with requisite skills and direct access to Board of Directors • Independent Structure/Reporting lines • Designate an adequate staff • Focus on business accountability Copyright © 2006 Deloitte Development LLC. All rights reserved.

Eight Key AML Requirements 4. Comprehensive Program – Training • Establish general/customized (specialized) AML Eight Key AML Requirements 4. Comprehensive Program – Training • Establish general/customized (specialized) AML training • Identify affected employees and establish mechanism to track participation • Train all “affected employees” at a minimum • “Train the Trainers” – Testing • Regulators looking for three-pronged approach: 1) Business unit self-assessment 2) Compliance testing 3) Internal audit • Risk based monitoring, surveillance and testing • Testing of automated systems • Reporting and tracking of deficiencies Copyright © 2006 Deloitte Development LLC. All rights reserved.

Eight Key AML Requirements 5. Know Your Customer (KYC) – KYC • Determine the Eight Key AML Requirements 5. Know Your Customer (KYC) – KYC • Determine the nature and level of expected transaction activity, source of funds, purpose of account, etc. • Understand customer and expected activity in order to identify and monitor for unusual activity • Establish electronic KYC databases for business and personal customers and automate “call reports” – Customer Identification Program (CIP) • Develop and maintain for each business unit written procedures tailored to the AML risks presented by the products, services, customers, delivery channels, etc. – Enhanced Due Diligence (EDD) • Identify circumstances when it becomes necessary to perform EDD as well as the level of review to be undertaken by customer category and/or risk level Copyright © 2006 Deloitte Development LLC. All rights reserved.

Eight Key AML Requirements 6. Reporting – CTR • Ability to identify, aggregate and Eight Key AML Requirements 6. Reporting – CTR • Ability to identify, aggregate and report in a timely fashion cash activity on bank-wide basis – SAR • Ability to detect, escalate, monitor, report (as necessary) and document ultimate resolution of unusual activity • Assess cash, wires, monetary instruments, at a minimum – OFAC • Adopt an internal “watch list” • Screen customers, wires, charitable contributions, vendors and employees against SDN List at initiation/when list is updated – Section 314(a) Requests – General • Periodic reporting to the Board • Well defined escalation process • Corrective action tracking Copyright © 2006 Deloitte Development LLC. All rights reserved.

Eight Key AML Requirements 7. Human Resources – Incorporate AML Compliance into Employee Performance Eight Key AML Requirements 7. Human Resources – Incorporate AML Compliance into Employee Performance Measurement – Consider establishing a “Whistleblower” process – Require Employees to sign-off that they have read, understood and will comply with the AML Policy “We must all hang together, or assuredly we shall hang separately. ” — Benjamin Franklin Copyright © 2006 Deloitte Development LLC. All rights reserved.

Eight Key AML Requirements 8. Continuous Maintenance, Assessment and Refinement Copyright © 2006 Deloitte Eight Key AML Requirements 8. Continuous Maintenance, Assessment and Refinement Copyright © 2006 Deloitte Development LLC. All rights reserved.

“An enterprise-wide compliance-risk management program should be dynamic and proactive, meaning it constantly assesses “An enterprise-wide compliance-risk management program should be dynamic and proactive, meaning it constantly assesses evolving risks when new business lines or activities are added or when existing activities are altered. To avoid having a program that operates on “autopilot, ” an organization must continuously reassess its risks and controls and communicate with its business lines. An integrated approach to compliance-risk management can be particularly effective for Bank Secrecy Act and anti-money-laundering (BSA/AML) compliance. … Controlling BSA/AML risk continues to be a primary concern for banking organizations. ” Governor Susan Schmidt Bies Board of Governors of the Federal Reserve System Copyright © 2006 Deloitte Development LLC. All rights reserved.

Contact Information Peter Fitzgerald Principal Deloitte & Touche LLP pefitzgerald@deloitte. com 212 -436 -5221 Contact Information Peter Fitzgerald Principal Deloitte & Touche LLP [email protected] com 212 -436 -5221 www. deloitte. com/aml Copyright © 2006 Deloitte Development LLC. All rights reserved.

This presentation and related discussion hereon are intended to provide general information on the This presentation and related discussion hereon are intended to provide general information on the particular subject and is not an exhaustive treatment of the subject. Accordingly, the information in this document is not intended to constitute professional advice or services. Before making any decision or taking any action that might affect your personal or professional interests, you should consult a qualified professional advisor. About Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, its member firms and their respective subsidiaries and affiliates. Deloitte Touche Tohmatsu is an organization of member firms around the world devoted to excellence in providing professional services and advice, focused on client service through a global strategy executed locally in nearly 150 countries. With access to the deep intellectual capital of 120, 000 people worldwide, Deloitte delivers services in four professional areas, audit, tax, consulting and financial advisory services, and serves more than one-half of the world’s largest companies, as well as large national enterprises, public institutions, locally important clients, and successful, fastgrowing global growth companies. Services are not provided by the Deloitte Touche Tohmatsu Verein and, for regulatory and other reasons, certain member firms do not provide services in all four professional areas. As a Swiss Verein (association), neither Deloitte Touche Tohmatsu nor any of its member firms has any liability for each other’s acts or omissions. Each of the member firms is a separate and independent legal entity operating under the names “Deloitte”, “Deloitte & Touche”, “Deloitte Touche Tohmatsu” or other related names. In the US, Deloitte & Touche USA LLP is the US member firm of Deloitte Touche Tohmatsu and services are provided by the subsidiaries of Deloitte & Touche USA LLP (Deloitte & Touche LLP, Deloitte Consulting LLP, Deloitte Financial Advisory Services LLP, Deloitte Tax LLP and their subsidiaries), and not by Deloitte & Touche USA LLP. The subsidiaries of the US member firm are among the nation's leading professional services firms, providing audit, tax, consulting and financial advisory services through nearly 30, 000 people in more than 80 cities. Known as employers of choice for innovative human resources programs, they are dedicated to helping their clients and their people excel. For more information, please visit the US member firm’s web site at www. deloitte. com/us. © 2006 Deloitte Development LLC. All rights reserved. Copyright © 2006 Deloitte Development LLC. All rights reserved.