Developing a Risk Based Approach for DNFBPs on AML/CFT The Special Control Unit Against Money Laundering (SCUML) Seminar on “Strategic Partnership Between SCUML and DNFBPs for Effective Implementation of AML/CFT Regime in Nigeria” Held at EFCC Conference Hall, Lagos Presented by Pattison Boleigha 2. 30 pm to 3. 30 pm February 2012
Outline Background AML Risk Management Process Requisites of Risk Based AML Fundamental Elements In a Risk-Based AML Purpose of adopting RBA Benefits of Risk-Based AML Risk Modeling/Risk Categories Leveraging on Risk Based AML COMPLIANCE & RISK MANAGEMENT MODEL Conclusion 2 Developing a Risk Based Approach for DNFBPs AML/ CFT
Definition of Acronyms 3 SCMUL: Special Commission for AML : Anti Money Laundering Monitoring … CFT: Countering Financing of FATF: Financial Action Task Terrorism Force FI’s : Financial Institutions CTR: Currency Transaction ML: Money Laundering Reports TF: Terrorist Financing STR: Suspicious Transaction DNFI: Designated Non-Financial Report Institutions EDD: Enhanced Due Diligence KYC: Know Your Customer DNFBPs: Designated Non. KYCB: Know Your Customer’s Financial Businesses and Business Professions KYE: Know Your Employee SROs: Self-Regulatory CDD: Customer Due Diligence Organisations EFCC: Economic and Financial RBA: Risk-Based Approach to Crimes Commission AML/CFT NFIU: Nigerian Financial Developing a Risk Based Approach for DNFBPs AML/ CFT Intelligence Unit
Background After the 2007 general guidance on Risk Based AML/CFT, in October 2008, the FATF came up with another set of Guidance on RBA on DNFBPs like Accountants, Casinos , etc. The guidance for the DNFBPs followed the principles of the risk-based approach already established by FATF, and highlighted risk factors specific to the DNFBPs, as well as suggest mitigation strategies that fit with the particular activities and businesses of the DNFBPs. The purpose of this guidance was to: Support the development of a common understanding of what the riskbased approach involves. Outline the high-level principles involved in applying the risk-based approach. Indicate good practice in the design and implementation of an effective risk -based approach. However it should be noted that applying a risk-based approach is not mandatory. A properly applied risk-based approach does not necessarily mean a reduced burden, although it should result in a more cost effective use of resources. 4 Developing a Risk Based Approach for DNFBPs AML/ CFT
Objective of the RBA The strategies to manage and mitigate the identified money laundering and terrorist financing activities are typically aimed at preventing the activity from occurring through a mixture of : deterrence (e. g. appropriate CDD measures), detection (e. g. monitoring and suspicious transaction reporting), and record-keeping (e. g. to facilitate investigations). Proportionate procedures should be designed based on assessed risk: Higher risk areas - enhanced procedures; enhanced customer due diligence checks and enhanced transaction monitoring. Lower risk areas: simplified or reduced controls may be applied. There are no universally accepted methodologies that prescribe the nature and extent of a risk-based approach. An effective risk-based approach will allow accountants to exercise reasonable business and professional judgement with respect to clients. Regardless of the strength and effectiveness of AML/CFT controls, criminals will continue to attempt to move illicit funds undetected and will, from time to time, succeed. 5 Developing a Risk Based Approach for DNFBPs AML/ CFT
The Steps Involved In A Basic Risk-based Approach Identify the money laundering and terrorist financing risks that apply to a firm Then assess the risks presented by the firm’s particular: Customers Products Geographical areas of operation: Firms then need to design and introduce controls to manage and reduce these risks. These controls must then be monitored and improved where necessary Firms must keep a record of what they have done and why they did it. 6 Developing a Risk Based Approach for DNFBPs AML/ CFT
Key Elements For Success DNFBPs, designated competent authorities and SROs should have access to sufficiently detailed, reliable and actionable information about the threats, and how to implement a risk-based approach. There must be emphasis on cooperative arrangements among the policy makers, law enforcement, regulators, and the private sector. Authorities should publicly recognise that the risk-based approach will not eradicate all elements of risk. Authorities have a responsibility to establish an atmosphere in which DNFBPs need not be afraid of regulatory sanctions where they have acted responsibly and implemented adequate internal systems and controls. Regulators’ and SROs’ supervisory staff must be well-trained in the risk-based approach, both as applied by supervisors/SRO and by the accountants. 7 Developing a Risk Based Approach for DNFBPs AML/ CFT
Requisites of Risk-Based AML The Risk-Based Anti-Money Laundering (AML) compliance program should be designed commensurate with its unique risk profile. The risk profile should take cognizance of the inherent risks in the products and services it offers, the customers it serves, and the geographic locations it operates in. It should be a logical process that identifies, monitors and manages risks to the businesses that could be used for money laundering. The risk-based AML should leverage on a robust automated IT solution that can perform data analysis, detection, and advanced data mining to generate alert detection scenarios. 8 Developing a Risk Based Approach for DNFBPs AML/ CFT
Steps in a Risk-Based AML The first step is to conduct a risk assessment, which involves thoroughly evaluating a company’s products and services; customer’s base; delivery channels; and geographical profiles and determining what the vulnerable areas are. Once these areas have been properly defined, the business needs to create and apply policies and procedures to deal with them. – the second step. The third step involves risk monitoring, which varies depending on the size and type of business concerned, but the key is having systems in place that will recognize potential threats in relation to activity. E. G. An organization may utilize a software solution to monitor activity and transactions. Finally, the entire process needs to retain the ability to continually evaluate its own effectiveness – the fourth step. It must be flexible enough to adapt to continually changing circumstances, and it must also make sure that it is being applied appropriately. 9 Developing a Risk Based Approach for DNFBPs AML/ CFT
Fundamental Elements in a Risk-Based AML Approach Legal & Organizational Structure of the institution: Large organizations with different markets, subsidiaries, functional areas, or business lines present higher levels of AML risk. Geographies & Operating Markets: The level of risk may be heightened as geography and market area expands. Additionally, the institution should evaluate the impact of expanding its business lines to accepting transactions and accounts from areas designated as High Risk Money Laundering and Related Financial Crimes Areas, HIFCAs, requiring scrutiny. Regulatory Framework: Consideration of applicable laws in areas of operation. Lack of regulatory framework or scrutiny may be indicative of heightened risk level for transactions or beneficiaries in those markets. 10 Developing a Risk Based Approach for DNFBPs AML/ CFT
Fundamentals Elements in a Risk-Based AML Approach (contd) Counterparties: Enterprise risk profiling in relation to business with counterparties. An institution can unwittingly accept assume a level of risk through its counterparties that it would not willingly assume if the customer relationship was direct. Compliance expectations from counterparties must be known. It is therefore incumbent for each institution to: ”Know Your Counterparty” Customer Base Characteristics: Review of associated risks emanating from compliance with KYC or KYCB requirements to determine areas for enhanced due-diligence (EDD) in relation to the following: • • • 11 Retail/Individual Clients Institutional/Corporate Clients Domestic & Foreign Correspondent DNFBP Relationships Linked Relationships Risk Weighting & Alert Prioritization. Developing a Risk Based Approach for DNFBPs AML/ CFT
Fundamental Elements in a Risk-Based AML Approach (Cont’d) Customer & Correspondent Bank Validation/ Categorization: • KYC High-Risk Profiling and Transactional-risk scoring • Peer group benchmarking • Service-level profiling Scope of Customer Relationships/Client Account Behaviour Benchmarking: • Determination of breadth and depth of customer relationships. • Exceeds historical benchmarks above thresholds. • Identification of typical behavior/suspected terrorist financing schemes. • Any indication of suspicious transaction of logical entities. • Fraud 12 Developing a Risk Based Approach for DNFBPs AML/ CFT
Purpose of adopting risk-based approach (RBA) Measures to prevent money laundering and terrorist financing in line with risks identified. Risk management process Identification and addressing of high –risk areas Reasonable business judgment Efficient and effective allocation of resources Flexible efforts to fight money laundering and terrorist financing Increased focus on high risk activities Better adaptability to money laundering and terrorist financing methods 13 Developing a Risk Based Approach for DNFBPs AML/ CFT
Challenges Of Adopting RBA Money laundering vs. terrorist financing applicability Resources and expertise requirement Inadequate resources devoted to compliance Diversity of practice among financial institutions Identifying appropriate information to conduct a sound risk analysis Addressing short term transitional costs Greater need for more expert staff capable of making sound judgments. Developing appropriate regulatory response to potential diversity of practice. 14 Developing a Risk Based Approach for DNFBPs AML/ CFT
Limitations To Adopting RBA Rule-based requirements (freezing of assets, STR, CTR) Verification of customer identity Non-applicability of simplified measures to all CDD Due diligence requirements appropriate to each customer Degree of monitoring in accordance with perceived risk Measures and controls for higher risk situations Wilful Blindness Beneficial Ownership Tipping Off 15 Developing a Risk Based Approach for DNFBPs AML/ CFT
Potential Benefits of Risk-Based AML Approach The risk-based AML Approach provides value to the organization and the cornerstone of an effective compliance programme. Allows management to see things as they really are, and make riskappropriate decisions based on measurable data and intelligence. Serves as a basis for management decisions to allocate resources for compliance and internal control to manage the institution's unique risks (Compliance, Regulatory & Strategic) and minimize the incidence of regulatory infractions and penalties. Facilitates a comprehensive AML governance and oversight capability, thereby demonstrating a corporate-wide culture to deter money laundering. Sets the stage for on-going AML risk management, which adapts to changes in regulations, products, and organizational structure. 16 Developing a Risk Based Approach for DNFBPs AML/ CFT
Leveraging on Risk-Based AML Approach Institutions must leverage on risk-based AML approach by adopting a comprehensive programme administration over the following: Compliance Programme: Effectiveness of current management policies and compliance procedures Reporting SAR/CTR Reporting. Case Generation & Management Audit Trail & Record Retention Training Programme to ensure sustenance of compliance efforts Self Assessment Programme: Assessment of current process to through programme testing to design appropriate enhancements to the existing process or develop and entirely new, custom process. 17 Developing a Risk Based Approach for DNFBPs AML/ CFT
Leveraging on Risk-Based AML Approach (Contd) Leveraging on risk-based AML approach for business advantage through adopting of an AML Solution that can perform the following: Generation of Alerts on set compliance parameters. Data mining, advanced analysis & detection Extraction of Exception Reports for SAR/CTR Reporting Risk scoring and prioritization of “Alerts” in support of workflow and case management Flexibility to accommodate sophisticated business rules that can analyse customers’ transactional behaviour in comparison to normalized activity and known money laundering techniques in batch and real time. Flexibility to accommodate KYC-based Models that can learn about customers and their KYC behaviour Accurate and timely SARs/CTRs filing support within regulatorprescribed windows. Adaptability to new and changing regulatory requirements and rapid deployment of new detection capability. 18 Developing a Risk Based Approach for DNFBPs AML/ CFT
Key Findings of Money Laundering Threat Assessment One of the key challenges for DNFBPs is developing a risk profile of the customer base so that enhanced due diligence standards can be applied to high risk relationships both of account opening and throughout the course of such relationship Risk categories include product types, geographic location and types of business (what this means is that some customers because of the business they are involved in, where they live or the type of product they utilize, pose a higher risk for money laundering activities) 19 Developing a Risk Based Approach for DNFBPs AML/ CFT
Compliance vs. Risk Management Compliance is the management of regulatory risk. AML/CFT compliance is meeting all obligations mandated under the AML/CFT laws and regulations. Risk is the probability of the occurrence of an event and it’s consequences 20 Developing a Risk Based Approach for DNFBPs AML/ CFT
BUSINESS RISK VS REGULATORY RISK Business Risk is the risk that the DNFBP may be used for ML/TF Regulatory Risk is associated with not meeting obligations under the AML/CFT laws 21 Developing a Risk Based Approach for DNFBPs AML/ CFT
BUSINESS RISKS Customer Risk Products Risk Service Risk Business Practice Risk Delivery Channel Risk Location Risk Jurisdiction/Geography Risk 22 Developing a Risk Based Approach for DNFBPs AML/ CFT
REGULATORY RISKS Non STR Reporting Non Conduct of CDD/EDD No AML/CFT program No training No Independent Compliance Testing Non CTR filing Non Mandatory Reports filling No Management Arrangement 23 Developing a Risk Based Approach for DNFBPs AML/ CFT
COMPLIANCE Compliance is about meeting obligation that may have a mandatory component All compliance risks must be dealt with Compliance identifies all the obligations an organisation has 24 Developing a Risk Based Approach for DNFBPs AML/ CFT
A QUESTION OF RISK A supervised entity is challenged to define its risk appetite in the context of AML/CFT and develop strategies to effectively manage the risk inherent in the business it conducts. It is therefore expected that institutions will be able to demonstrate that they understand the risk they take on and that they have devised internal mechanisms and controls to mange that risk. 25 Developing a Risk Based Approach for DNFBPs AML/ CFT
National Risk Assessment –Factors that influence ML/TF Risk Political environment. Legal environment. A country’s economic structure. Cultural factors, and the nature of civil society. Sources, location and concentration of criminal activity. Size and composition of the financial services industry. Ownership structure of financial institutions and DNFBPs businesses. Size and nature of the activity carried out by DNFBPs, including accountants. Corporate governance arrangements in relation to financial institutions, DNFBPs, including accountants, and the wider economy. The nature of payment systems and the prevalence of cash-based transactions. 26 Developing a Risk Based Approach for DNFBPs AML/ CFT
National Risk Assessment –Factors that influence ML/TF Risk Geographical spread of the financial industry’s and DNFBPs’ operations and customers/clients. Types of products and services offered by financial institutions and accountants. Types of customers/clients serviced by financial institutions and accountants. Types of predicate offences. Amounts of illicit money generated domestically. Amounts of illicit money generated abroad and laundered domestically. Main channels or instruments used for laundering or financing terrorism. Sectors of the legal economy affected. Underground/informal areas in the economy. 27 Developing a Risk Based Approach for DNFBPs AML/ CFT
Risk Definition 28 Risk is the level of exposure –opportunity, threat and uncertainty that a DNFBP must identify, measure, understand effectively manage, as it executes its strategies to achieve its business objectives and create value. Simply defined, “risk” is the likelihood that the outcome of events will vary from our expectations. For example a borrowing customer or trading counterparty may fail to meet its repayment/settlement obligations to the DNFBP as and when due (“Credit Risk”); unforeseen movements in interest rates, foreign exchange rates or equity prices may have major effects on the value of the DNFBP’s trading portfolio (“Market Risk”); the DNFBP may suffer losses due to frauds, systems failures or weaknesses in operational controls (“Operational Risk”) or due to litigation and/or violations of provisions of Laws and Statutes (“Compliance and Legal Risk”) Or the DNFBP may suffer bad press (“Reputation Risk”). A new competitor enters the market to take market share (“Strategic Risk”) Developing a Risk Based Approach for DNFBPs AML/ CFT
The Risk Management Framework The primary role of Risk Management is to minimize the divergence between expectations and outcomes, thus ensuring the realization of more predictable results. This can only be achieved through a robust framework and clearly defined and transparent processes for: the identification of all factors that may lead to the said divergences (“Risk Identification”); estimation of the likelihood of their occurrence and the extent or severity of their impact in the event of occurrence (“Risk Assessment/Measurement”); design of effective controls to minimize both the likelihood and the impact of risk events (“Risk Control”); establishment of procedures to ensure that these controls are effective and are being complied with (“Risk Monitoring”); regular reporting of risk events and controls (“Risk Reporting”); and provision of sufficient capital to absorb the adverse impact of expected and unexpected losses. 29 Developing a Risk Based Approach for DNFBPs AML/ CFT
Risks Associated with Money Laundering Reputational risk is the potential that adverse publicity regarding a businesses practices and associations, whether accurate or not, will cause a loss of public confidence in the integrity of the institution. Borrowers, depositors, and investors might stop doing business with the institution because of a money laundering scandal involving the institution. Operational risk is the potential for loss resulting from inadequate or failed internal processes, people, systems and external events DNFI’s that rely on the proceeds of crime have additional challenges in adequately managing their assets, liabilities and operations. Increased borrowing or funding costs can also be included in such losses. Legal risk is the potential for lawsuits, adverse judgments, unenforceable contracts, fines and penalties generating losses, increased expenses for an institution, or even closure of such an institution. Concentration risk is the potential for loss resulting from too much credit or loan exposure to one borrower. Lack of knowledge about a particular customer or who is behind the customer, or what the customer’s relationship is to other borrowers, can place a DNFBP at risk in this regard. This is particularly a concern where there are related counter-parties, connected borrowers, and a common source of income or assets for repayment. 30 Developing a Risk Based Approach for DNFBPs AML/ CFT
Risk Management Process Overview Communicate & Consult Establish Context Internal context External context Stakeholders’ criteria Define structure Identify Risks Analyse Risks Evaluate Risks What can happen? Review controls Compare against criteria How and why? When and where? Determine likelihood & consequence Hence: risk level Monitor & Review Page 31 Risk Assessment Rank risks & set priorities Treatment? Treat Risks Identify options Select the best responses. Develop risk treatment plans. Implement Assess residual risk
Risk Management Model Page 32 Developing a Risk Based Approach for DNFBPs AML/ CFT 32
Organizational Risk Environment 33 Developing a Risk Based Approach for DNFBPs AML/ CFT
RISK MANAGEMENT MODEL RISK IDENTIFICATION Identify the Main Business Risks - Customers/Businesses - Products/Services - Practices/Delivery channels - Locations/countries -Identify the main regulatory Risk RISK REVIEW 34 RISK ANALYSIS & MEASUREMENT Determine the likelihood and Impact of risk: - Likelihood-chance of the risk happening - Impact – the amount of loss or damage if the risk happened Determine risk level/score RISK MITIGATION & IMPLEMENTATION OF CONTROL (RISK TREATMENT Manage the Business Risks: Monitor and Review the Risk -Apply risk management and Plan mitigation strategies -Develop and Implement -Implement policies and monitoring regime procedures -Keep necessary records -Review the business risk plan Manage the Regulatory Risks -Review the AML/CFT program -Deploy system -Prepare internal audit NB: -Complete compliance report This model is dependent on the size of the DNFBP and the resources available Developing a Risk Based Approach for DNFBPs AML/ CFT
RISK MANAGEMENT WORKSHEET RISK GROUP CUSTOMERS HIGH RISK IMPACT RISK SCORE TREATMENT/ACTION Pe. P Customers in cash generating business Customers who is an unregistered charity 35 LIKELIHOOD Developing a Risk Based Approach for DNFBPs AML/ CFT
Level of Risk (Heat Wave) Li k el ih o o d of O c c ur re n ce Almost Certain 5 Likely 4 M M H H H D L Possible 3 L Unlikely 2 L G M M H C M H H M F H H H E H A 1 L L M 1 Rare 2 B 3 Insignificant Minor Moderate M H 4 5 Major Key: High; 36 Medium; Low. Magnitude of Impact Developing a Risk Based Approach for DNFBPs AML/ CFT Catastrophic
RISK TOLERANCE In addition to defining the risk’s appetite you can also define a level of variation to how you manage the risk. This is called risk tolerance. It provides some operational flexibility while still adhering to the Risk framework the DNFBP has developed. The DNFBP has decided for example that generally the risk is unacceptable to accept inflow from IRAN. However, it has some risk tolerance. In this case the business will permit transaction provided it is a DNFBP-to-DNFBP transaction. The customer provides identification using International Passport only and the verification is carried out, the transaction is approved by a Senior Manager. As such the DNFBP understands and accepts the consequences of a ML/TF risk being realised 37 Developing a Risk Based Approach for DNFBPs AML/ CFT
RISK TREATMENT Risk Treatment steps include: Setting transaction limits for higher risk products Having a management approval process for high risk products Having a process to place customers in different risk categories and apply different identification and verification methods Not accepting customers who represent unregistered NGOs, NPOs, Charities, Hawala etc and those who wish to transact with a high-risk country 38 Developing a Risk Based Approach for DNFBPs AML/ CFT
RISK IDENTIFICATION –Customer/Client NATURAL PERSONS: Citizenship Place of birth Residence Employment Source of funds Source of wealth Purpose of account History/ Internet search results Type of product being purchased 39 Developing a Risk Based Approach for DNFBPs AML/ CFT
RISK IDENTIFICATION -Customer LEGAL PERSONS: Place of incorporation Type of business Level of regulation Assets Private or public Local presence Audited financial statement 40 Developing a Risk Based Approach for DNFBPs AML/ CFT
RISK IDENTIFICATION -customer Customer Business Nature of Activity/Business i. e. AML/TF prone or not Category of Customer i. e. PEP, FEP, Non F/F Type of Customer (Private/Retail) Ownership Structure Size of Business Family Tree/Subsidiaries/Affiliation Level of KYC available Level of monitoring available Lifestyle/mannerism Layering/Integration risks 41 Developing a Risk Based Approach for DNFBPs AML/ CFT
EXAMPLES OF HIGH RISK CUSTOMER Politically Exposed Persons (PEPs) Financially Exposed Persons (FEPs) Non-resident customers Safe custody/safety deposit boxes Existing customers changing to a new and different business Off-shore customers Account opened by intermediaries (Lawyers, Accountants) Significant/unexplained distance between customer location and DNFBP Movement of accounts to different DNFBP in different locations Difficulty in identifying Beneficial Owner. Cash intensive businesses MSB, CASINO, BDC etc The use of intermediaries that are not supervised Minors Disabled customers Trust, Nominee and Fiduciary clients Partnerships 42 Developing a Risk Based Approach for DNFBPs AML/ CFT
EXAMPLES OF HIGH RISK CUSTOMER Partnerships Non Governmental Organisations (NGOs) Private DNFBP-anonymous clients Joint Accounts Numbered accounts Nominee shareholders or shares in bearer form Use of cash cards mobile phones, internet Use of Corporate Vehicles Introduced Business Non-Face-to-Face Customers Correspondent DNFBP relationships Client Accounts Opened By Professional Intermediaries Real estate brokers/agents Non-Bank financial institutions Government account 43 Developing a Risk Based Approach for DNFBPs AML/ CFT
RISK IDENTIFICATION (PRODUCT RISK) Any product that allows a customer to readily convert cash into monetary instruments is High risk Any product or service that allows a Customer to readily move value from one jurisdiction to another and which conceals the source of fund is high risk If not consistent with customer type/business nature then it is high risk If it makes no economic sense considering the nature of customer/business it is high risk. 44 Developing a Risk Based Approach for DNFBPs AML/ CFT
EXAMPLE OF HIGH RISK PRODUCTS One-off transaction products/services Private bank facilities Non-customer wire transfers Complexity of transaction No apparent economic justification E-banking, Mobile banking, Electronic Funds Transfer Travellers cheque, Money Order, Cashier Cheque, Value Card. Correspondent bank services International private DNFBP services DNFBP note and precious metal trading and delivery Services that enable anonymity or can readily cross international borders e. g online Banking 45 Developing a Risk Based Approach for DNFBPs AML/ CFT
RISK IDENTIFICATION (GEOGRAPHY) Reputation Political Stability Level of corruption Hard Drug Production Hard Drug Transit Secrecy Jurisdictions/Tax Havens OFAC listed countries Domestic Factors High crime rate Smuggling activities Affinity (4 -1 -9) Border Towns Black Spots 46 Developing a Risk Based Approach for DNFBPs AML/ CFT
EXAMPLES OF HIGH RISK LOCATION Customers subject to UN sanctions, embargoes etc Countries identified as lacking AML/CFT regime by FATF Countries identified as providing funds/support for Terrorism/Terrorist activities Countries identified as having significant level of corruption or criminal activity Drug producing countries 47 Developing a Risk Based Approach for DNFBPs AML/ CFT
FG TERRORISM WATCH LIST SEP. 2011 Somalia Pakistan Yemen Sudan Niger Chad Mauritania 48 Developing a Risk Based Approach for DNFBPs AML/ CFT
RISK ANALYSIS & MEASUREMENT Attaching weight to identified risk criteria FATF proposed: Assessment to be done at inception of relationship Assessment to be done during the relationship Based on Circumstance (e. g information received from competent authority) 49 Developing a Risk Based Approach for DNFBPs AML/ CFT
AML/CFT Risk Assessment 50 Developing a Risk Based Approach for DNFBPs AML/ CFT
51 Developing a Risk Based Approach for DNFBPs AML/ CFT
A Model of Risk THREAT PROTECTION IMPACT PROTECTION VULNERABILITY CONTROL ASSETS Page 52 PROTECTION
Total Cost Approach Optimal Operating Point Total Risk-Related Costs COST Cost of Controls Cost of Losses LEVEL OF CONTROL 53 Developing a Risk Based Approach for DNFBPs AML/ CFT
Another View Event Frequency Event Severity Threat Vulnerability Impact on Assets Business Risks Page 54
The COSO Control Framework The COSO definition is a generally accepted framework for internal control evaluation. All five pillars must be in place for internal control to be effective. Monitoring • Assessment of a control system’s performance over time • Combination of on-going and separate evaluation • Management and supervisory activities. • Internal audit activities Information & Communciation • Pertinent information identified, captured and communicated in a timely manner • Access to internally generated information • Flow of information that allows for successful on responsibilities to summary of findings for management action 55 Control Environment • Sets tone of organisation • Influencing control consciousness of its people • Factors include integrity, ethical values, competence, authority, responsibility. • Foundation for all other pillars of control Developing a Risk Based Approach for DNFBPs AML/ CFT Control Activities • Policies/procedures that ensure management directives are carried out • Range of activities including approvals, authorizations, verifications, recommendations, performance reviews, asset security and segregation of duties Risk Assessment • Risk assessment is the identification and analysis of relevant risks to achieving the entity’s objectives. • This forms the basis for determining control activities
Risk Management in Corporate Governance Executive Decisions Regulators Review External Reporting Shareholders Internal Reporting Plan Business Goals Objectives & Expectations Business Performance Risk Appetite Risk Assessment Regulations & Compliance Business Plans Business Objectives Business Strategy Internal Control Process Control Objectives Policy and Standards Board and Executive Line Management & Staff Measure Implement Key Performance Indicators Risk Monitoring Key Risk Indicators Sensitivity &Stress Testing Scenario modelling Business Processes Business Operations Business Systems People Management Internal Controls Risk Mitigation Monitoring Page 56 Internal Communications Independent Audit Internal Auditors External Auditors
Compliance Culture Embedding a compliance culture into the overall institutional culture is key to an effective AML program. Staff at the business lines will quite legitimately argue that they are overwhelmed by other priorities. Sometimes, the culture of immediate, short-term profit overwhelms the culture of compliance with money laundering laws and regulations. It is dangerous when compliance staff is ignored, viewed as not relevant, or operating too distant from the business units. It is critical that firms establish a strong culture of compliance that guides and reinforces employees as they make decisions and choices each day. Raising awareness, to the point where everyone in the organization feels compelled to deter and detect money laundering, is vital. 57 Developing a Risk Based Approach for DNFBPs AML/ CFT
Board Senior Management’s Role Ultimate responsibility for the AML compliance program rests with the board of directors. Members must openly voice their commitment to the program, ensure that their commitment flows through all service areas and lines of business and be willing to report results to shareholders, if necessary. The board’s role in AML compliance consists of oversight. That means board members are not expected to become money laundering experts themselves, nor are they responsible for daytoday program management. The board’s job is to formally approve an institution’s AML Compliance program and then make sure the program is adequately implemented and maintained by staff. The board’s oversight role also extends to the supervisor’s examination process. 58 Developing a Risk Based Approach for DNFBPs AML/ CFT
Senior Managament Commitment to Compliance Senior management must show its commitment to compliance by: Establishing a strong compliance plan that is fully implemented and approved by the board of directors; Insisting that it be kept informed of compliance efforts, audit reports and any compliance failures, with corrective measures instituted; Including regulation compliance within the job description and job performance evaluation of institution personnel; and Conditioning employment on regulation compliance. 59 Developing a Risk Based Approach for DNFBPs AML/ CFT
Compliance Officer's Role One of the compliance officer’s tasks is to obtain endorsement of the anti-money laundering program from senior management. The compliance officer must explain the roles and responsibilities of the board of directors and senior management, and how reputational risk can hurt the firm. The Compliance officer is also required to disseminate AML information across the organisation. 60 Developing a Risk Based Approach for DNFBPs AML/ CFT
GOOD COMPLIANCE CONTROLS – WHEN TO BE FLEXIBLE Strike the right balance, with a full appreciation of the environment and risks. Identify the risks, but do not be blinded by them. Having said…. May be better to over control, as louse controls are ultimately costlier in the long run. 61 Developing a Risk Based Approach for DNFBPs AML/ CFT
An Integrated Approach to Governance, Ethics, Compliance and Controls Functional Roles Ethics & Compliance Responsibilities Market, Regulator & Stakeholder Expectations Board of Directors Audit Oversight & Monitoring Governance Senior Management Assurance & Risk Management Objectives & Tone at the Top Functional & Unit Management Compliance Facilitator Drive Implementation Ethics & Compliance & Risk Management Establish Tools, Monitor Results Workforce & Third Parties Self-Monitor & Comply Developing a Risk Based Approach for DNFBPs AML/ CFT 62
ML/CFT Risk Mitigation The information about a customer obtained at the time of the establishment of a relationship or the opening of an account constitutes a “customer profile”. DNFBI businesses shall have policies and procedures for updating customer profiles and for confirming information provided by customers, commensurate with the assessment of the money laundering risks posed by the customer’s expected use of products and services: The customer’s source of funds The customer’s source of income and assets The nature and extent of the customer’s expected use of its products and services (i. e. a transaction profile) or the customer’s investment objectives. 63 Developing a Risk Based Approach for DNFBPs AML/ CFT
MITIGANTS & CONTROL INTERNAL CONTROL FRAMEWORK: Identify and measure risk Policies, procedures, systems and controls periodic risk based audit Corrective measures to strengthen compliance Training to meet identified gaps 64 Developing a Risk Based Approach for DNFBPs AML/ CFT
MITIGANTS & CONTROL CDD/KYC STR Monitoring Training and Awareness Risk Based internal control 65 Developing a Risk Based Approach for DNFBPs AML/ CFT
MITIGANTS & CONTROL -CDD/KYC Involves: Identification and verification of customer Identification and verification of Beneficial Owners Understand nature and level customer’s business Ultimately you should be able to determine that customer is who he says he is. Also RBA adopted will enable the decision to lower CDD in respect of a customer. 66 Developing a Risk Based Approach for DNFBPs AML/ CFT
Know Your Customer The most important means by which DNFBPs can avoid criminal exposure to a customer who use DNFBPs’ resources for illicit purposes is to have a clear and concise understanding of their practice. DNFBPs should know their customers at a minimum. How can we Meet these Requirements? “Know Your Customer” “Risk-based” approach to KYC Enhanced KYC identification if appropriate Countries considered to be non-cooperative. Need to establish “beneficial ownership” Source of funds both initially and on-going A regulatory chore? Or Commercial Common Sense Identification of location of business of customers (FATF). Similar process BUT different forms for different entities. 67 Developing a Risk Based Approach for DNFBPs AML/ CFT
Customer Identification DNFBPs shall have policies and procedures to obtain sufficient reliable significant Information to determine the identity of all its customers – individual, corporate and other legal entities. 68 Developing a Risk Based Approach for DNFBPs AML/ CFT
Establish Transaction Profile A Transaction Profile is a snap shot or picture of the anticipated financial behaviour of a customer and the type of transaction he/she is expected to do with us. This behaviour forms a baseline from which we can evaluate whether or not future account activity is consistent with the client’s anticipated financial activity. How DNFBPs can Meet these Requirements? KYC forms should have the space where relationship manager is required to provide the information about: Transactions customer may do through DNFBPs. Expected volumes of transaction Type of products Type of facilities he/she will enjoy 69 Developing a Risk Based Approach for DNFBPs AML/ CFT
Classification Of Clients/Customers Accounts Determine which accounts need to be monitored on an ongoing basis. Accounts should be divided into two categories: Plain Vanilla Accounts This is the low risk category account and that perform in the anticipated manner and NEED not be scrutinized on an on-going basis. High Risk Accounts This require additional due diligence and on going periodic monitoring. Following basic Risk Category should be used to analyse your customers: - High Risk Geographies - High Risk Business - High Risk Products 70 Developing a Risk Based Approach for DNFBPs AML/ CFT
Classification Of Account (Cont’d) All accounts should be reviewed annually to re-assess their risk activities i. e. classify from High Risk to Low Risk or vice versa. Circumstances other than account activity that may cause to shift a low risk account to High risk account: Adverse stories in the media about a company or its principals (Print, Radio, T. V. ) Negative reputational rumours in the financial or special community. Suspicious or unusual transactions. 71 Developing a Risk Based Approach for DNFBPs AML/ CFT
Enhanced Due Diligence/Know Your Customer Information that outlines additional information about the customer: Description of lines of business Business activity and market share Main customer bases Assessment of Anti-Money Laundering Controls Expected service requirements Anticipated Transaction Activity Supporting documentation of facts 72 Developing a Risk Based Approach for DNFBPs AML/ CFT
Enhanced Due Diligence (EDD) What is EDD? Risk Assessment Know Your Correspondent DNFBP (KYCB) Understand: Use of products and services Transaction activity Monitoring Reporting of suspicious activity Training Documentation confirming that the entity is duly “Licensed” in the jurisdiction and authorized to operate abroad. Details of the financial institution’s/corporation’s ownership and its market reputation 73 Developing a Risk Based Approach for DNFBPs AML/ CFT
Questions DNFBPs’ Employees Must Ask When dealing with your customers, ask yourself these questions: How well do I know this customer? Does the transaction make sense considering the customer's profile? Do I fully understand the transaction the customer wishes to complete? Am I comfortable with this transaction? Is this the usual method for conducting this type of business transaction? If in doubt, there may be a possibility that your customer is using your institution to launder money 74 Developing a Risk Based Approach for DNFBPs AML/ CFT
Eleven Red Flags Know Your Customer and Transactions Products inconsistent with customer’s business Transaction structure unnecessarily complex Payment of proceeds to unrelated third party Locations or descriptions inconsistent with LC Significantly amended letter of credit Conducting business in high-risk jurisdictions Shipping products through high-risk jurisdictions Transaction in high-risk products Misrepresentation of quantity & type of products Invoice inconsistent with Customs documents Obvious over- or under-pricing of products 75 Developing a Risk Based Approach for DNFBPs AML/ CFT
MITIGANTS & CONTROL SUSPICIOUS TRANSACTION REPORTING: Unjustified frequency Unjustified complexities Activities inconsistence with business profile Activities that does not make economic sense These reports can be developed into a robust database from which information can be shared by relevant authority and FIs thereby enhancing RBA to AML/CFT 76 Developing a Risk Based Approach for DNFBPs AML/ CFT
MITIGANTS & CONTROL MONITORING OF TRANSACTION (Factors) Size AML/CFT risk, Methodologies Activity under scrutiny Resources IMPLEMENTATION FACTORS UNDER RBA Threshold Adequacy of systems and processes 77 Developing a Risk Based Approach for DNFBPs AML/ CFT
Monitoring of DNFBPs Activities In developing appropriate methods of monitoring, DNFBIs should consider: Current reports and management information generated for marketing/fraud prevention purposes. Could these records be adapted or used for AML/KYC purposes Whether manual or computerised monitoring is suitable or practical. May be carried out in a variety of ways, monitors must understand their responsibility in relation to AML & learn to recognize the signs of crime. Monitoring is either manual or software assisted and comprises analysis of transactions. It is designed to seek the unusual and may be inter-jurisdictional e. g. monitoring FT’s globally. Data protection issues, client confidentiality and DNFBP secrecy legislation can make investigation problematic. 78 Developing a Risk Based Approach for DNFBPs AML/ CFT
Periodic Monitoring/On-going – Due Diligence Once we have determined that a customer profile places it in the High Risk Category, we are required to monitor. Review High risk accounts for value, movement into and out of the account and geographic locations from which and into which funds flow. Review related accounts of principals or persons who have signature authority over the account. Determine if the sum total of the DNFBP activities are consistent with what we know about the client. Determine if a customer or business account has or uses additional business names or corporate entities. 79 Developing a Risk Based Approach for DNFBPs AML/ CFT
PERIODIC MONITORING/ON-GOING – DUE DILIGENCE (Cont’d) How DNBFIs can Meet these Requirements? Departmental Monitoring – Self Testing Following steps are to be taken to monitor the transactions movements in HIGH RISK ACCOUNTS. - All High Risk Accounts to placed on on status (Blocked Accounts). - All transactions in these accounts will be entered in the registers being maintained by each department/ branch. - All departments will updated their checklist and procedure to handle their products in this respect 80 Developing a Risk Based Approach for DNFBPs AML/ CFT
Periodic Monitoring/On-going – Due Diligence (Cont’d) How DNBFIs can Meet these Requirements? (cont’d) Departmental Monitoring – Self Testing (cont’d) All transactions over these accounts have to be approved by a Group Head and relationship manager before processing. - Departmental registers to be reviewed by Unit Heads to ensure all transactions are being properly entered. - List of these accounts will be circulated to all concerned staff and are made available on desk tops. 81 Developing a Risk Based Approach for DNFBPs AML/ CFT
Periodic Monitoring/On-going – Due Diligence (Cont’d) How DNFBPs can Meet these Requirements? Independent Monitoring Testing Control staff will review the movements in these account as under: - Daily report showing outward FCY transfers by beneficiaries and remitters is being reviewed for High Risk accounts. - Human Decision Report showing all accounts on status ‘ 5’ is being reviewed for LCY/FCY transactions. Daily reviews are monitored through Control proof charts. 82 Developing a Risk Based Approach for DNFBPs AML/ CFT
MITIGANTS & CONTROL TRAINING AND AWARENESS: RBA is largely human related. The need for training is key (recom. 15) Training must: Be tailored to responsibility Have appropriate detail Be at appropriate frequency Test to assess that knowledge meets information provided 83 Developing a Risk Based Approach for DNFBPs AML/ CFT
MITIGANTS & CONTROL INTERNAL CONTROL : Risk Based Process must be imbedded within the internal control measures. It must enhance staff compliance Snr. Management must create culture of compliance 84 Developing a Risk Based Approach for DNFBPs AML/ CFT
MITIGANTS & CONTROL FACTORS DETERMINING NATURE AND EXTENT OF AML/CFT CONTROLS : Nature, scale and complexity of DNFBP’s business Diversity of operation and geography Customer, product and activity Distribution channels Risk level of operation Volume of operation Extent of direct dealing 85 Developing a Risk Based Approach for DNFBPs AML/ CFT
High Risk Products Any product which allows a customer to readily convert cash to a monetary instrument. Any product or service which allows a customer to readily move value from one jurisdiction to another and which conceals the source of those funds. Ask whether the products or services the client is asking for make sense given the nature of their account or business. 86 Developing a Risk Based Approach for DNFBPs AML/ CFT
Reporting System Know your customer program is to alert management to unacceptable risks. The purpose of the program is to review accounts that may ultimately harm the institution. Once staff spots suspicious transaction either in the course of their normal duties or during on-going monitoring process, Management must be alerted. Staff must also report to their Supervisors. Supervisor should report to the Compliance Officers and the and Senior Managers should then confer and determine if it is necessary to consult with Legal Counsel so they can take appropriate action. 87 Developing a Risk Based Approach for DNFBPs AML/ CFT
Reporting System (Cont’d) How DNFBPs can Meet these Requirements? All suspicious activities or any other information e. g. adverse stories, negative reputational rumours of our customers should be reported to relationship managers group heads, Compliance Officers, who then confer and determine the actions to be taken. All transactions to be reported to relationship managers and group heads for their sign-offs. 88 Developing a Risk Based Approach for DNFBPs AML/ CFT
What A DNBFI Should Look Out For Beware Of Activity Not Consistent With The Customer’s Business Beware Of Attempts To Avoid Reporting Or Record-keeping Requirements Beware Of Certain Funds Transfer Activities Beware Of A Customer Who Provides Insufficient Or Suspicious Information Beware Of Changes In DNFBP Transactions Beware Of Transactions With Politically Exposed Persons Business Transactions Involving Suspect/ Blacklisted Transactions Through Real Estate Investments. Beware Of Secured And Unsecured Loan Transactions Beware Of Transactions With Non-financial And Specialised Institutions Beware Of Some Investment Activities Beware Of Some International Trade Finance Activities Beware Of A Certain DNFBP Employees Beware Of Certain Shareholders 89 Developing a Risk Based Approach for DNFBPs AML/ CFT
What You Should Do If You Decide To Carry Out A Suspicious Transaction. Seek information from the customer as to the origin and the destination of the funds, the aim of the transaction and the identity of the beneficiary. Draw up a written report as quickly as possible. Ensure that the DNFBP is not exposed to risk, in the carriage of the transaction. Take appropriate action to prevent the laundering of the proceeds of a crime or an illegal act. Like: Termination of the account Reducing services offered Additional monitoring Filing a criminal referral with Local Law Enforcement Agency. Send the report timely to regulatory authorities. 90 Developing a Risk Based Approach for DNFBPs AML/ CFT
Approval Controls Over High Risk (HRA) Transactions (PEP’s, NGO’s BDC’s and Dom a/c’s) All accounts designated as “HRA” will be opened only on the approval in writing of the Managing Director (MD) or his/her deputy. All “HRA” credit facilities, irrespective of amount, will be signed off by the MD or his deputy. All transactions on a “HRA” up to a certain amount (deposit and withdrawal) must be approved in writing by the Managing Director or his deputy. The transactions would include but are not limited to, cash deposits, cheque deposits, investments etc. All “HRA” shall be flagged on the DNFBP software on a special status such that the status appears whenever enquiries or transactions are done on them. A weekly report on all HRA related transactions should be sent to the MD and copied to the DMD and the Chief Compliance Officer (CCO). In other words all HRA accounts will be flagged and monitored weekly. On a semi-annual basis, all “HRA” will be reviewed by Internal Control Unit to ensure that all the aforesaid processes and procedures are being followed in the management of these accounts. Deviations shall be reported to the MD and copied to the DMD and CCO. These reviews would be in addition to the routine quarterly audits. 91 Developing a Risk Based Approach for DNFBPs AML/ CFT
Advice to DNFBP Operators Front lines of a battle Don’t get complacent Be aware of new trends Identify how these new convenience tools can add to your risk Combat by arming yourself with knowledge Think about things differently Learn to think like a money launderer Risk & Information Analytics Group 92 Developing a Risk Based Approach for DNFBPs AML/ CFT
Conclusion Ultimately, RBA should not prohibit FIs from transacting business with customers but enable it to effectively manage ML/CFT risks Risk-based AML Approach facilitates identification of high risk situations (high risk transactions, customers – Fe. Ps, Pe. Ps, Non. Face-to Face etc. and carry out enhanced due diligence when necessary. In the current context of globalization, the risk-based approach to AML initiatives must be designed to meet requirements that would counter emerging methods and techniques of money laundering activities in the context of each institution's particular risk profile. “Non-DNFBP” money laundering techniques, corporate money laundering, and the new payment technologies and e-products should be given particular attention. Risk-Based approach to AML initiatives must extend to the cataloging of laundering typologies found in other regions of the world – Asia, Latin America and Central & Eastern Europe. 93 Developing a Risk Based Approach for DNFBPs AML/ CFT
Questions & Issues 94 Developing a Risk Based Approach for DNFBPs AML/ CFT
References and Further Reading http: //www. fdic. gov/news/financial/2005/fil 2405 a. html 15 http: //www. occ. treas. gov/ftp/eas/ea 2005 -101 16 http: //www. fincen. gov/foster 17 http: //www. fsa. gov. uk/Pages/Library/Communication/PR/2005/117. shtml 18 http: //www. fincen. gov/abnamro. html The World Bank: Capacity Enhancement Program on ” Anti-Money Laundering and Combating Financing of Terrorism” Study Guide for the CAMS Certification Examination (ACAMS) www. , acams. org www. fatf. org Debra. geister@lexisnexis. com John S. Zdanowicz, Ph. D. Florida International Bankers Association Professor of Finance Florida International University john. zdanowicz@fiu. edu President – International Trade Alert, Inc. johnz@internationaltradealert. com; www. internationaltradealert. com 95 Developing a Risk Based Approach for DNFBPs AML/ CFT
Thank You
My Contact Details Pattison Boleigha Bsc, MBA, FCA, ACIT, HCIB, CAMS, CGEIT Chief Compliance Officer Access DNFBP plc +234 -8022924308, +234 -012712014 boleighap@access. DNFBPplc. com; boleighap@gmail. com Page 97
Скачать презентацию Developing a Risk Based Approach for DNFBPs on
153fc61a7134ee24c3d9f0c347ef8d11.ppt