Identifying and Mitigating High Risk Accounts
Download
Report
Transcript Identifying and Mitigating High Risk Accounts
Identifying High Risk Customers
and Managing Their AML
Vulnerabilities
The Anti-Money
Laundering
Association
Winter Park, Florida
January 21, 2009 • 8:30 a.m. to
10:30 a.m.
Peter G. Djinis • AML Compliance •
4370 S. Tamiami Trail • Suite 320
• Sarasota, FL 34231 • 941-9262915 • [email protected]
Agenda
Value of risk assessment
Need for front-end customer
evaluation
How to identify high risk customers
Measures to mitigate specific high
risk customers
High risk transactions
External factors that increase risk
What to do with customers with
recurring risk activity
Identifying New AML Risks
Risk Assessment is core standard
Also, regularly review:
New products/services
SARs filed
Changes in geographic vulnerabilities
World events
Regulatory enforcement actions
One Approach
Establish a risk rating for each
customer
Assign weights by
combination of categories
NAICS code (for businesses)
Citizenship (for individuals)
Zip code
Financial products used
Account opening questionnaire
Specific Customers:
possible measures
Lottery Customers /ATM
Review 6 months of activity
Lotteries
ACH debits to state lottery
Are these commensurate with cash
deposits?
ATMs
ACH credits from known ATM
payment processors
E.g., RBS, Coredata, First Data,
Debits from account in form of cash
withdrawals or cashed checks
Specific Customers:
possible measures
ATM/Lottery Customers
Confirm the account is business,
not personal
For ATMs, confirm with store that
cash withdrawals are in ATM
standard ATM amounts, i.e.,
$10s/20s
Document these steps
Repeat on annualized basis and
compare with previous results
Specific Customers:
possible measures
Embassy Accounts
Require approval by senior
officer
Follow procedures used to
identify/validate PEP
customers
Monitor at least quarterly
Investigate all suspicious
and/or unusual activity
Document these steps
Specific Customers:
possible measures
Non-Resident Alien
Process through back office, not branch
Customer to provide
o
o
Valid passport
Signed W-8 form
Assign a special code to identify account
Regularly determine if NRA accounts
opened without proper documentation
Non-U.S. Addresses
Establish program to identify all such
accounts
Assign increased weight; i.e., make sure
your AML policies contain specific due
diligence provisions
Specific Customers:
possible measures
Charitable Organizations
Identify by NAICS code (NGO)
Use commercial database to
match customer with known
charities (e.g., Guidestar) &
confirm
Tax ID numbers
Nonprofit status
IRS 990 forms
Officers
Income
Other key factors
Specific Customers:
possible measures
Charitable Organizations
Form 990 (but not required for
contributions under $25,000 and certain
churches)
IRS Publication 78 – Cumulative list of
organizations
This may help identify improper NAICS
coding (e.g., homeowners associations
& sports clubs
Retail customers
Work with business units to
understand nature of account and
anticipated activity
Ask the customer!
Obtain evidence of business
Age of business/size and locations
Anticipated volume
Anticipated financial services needed
If high cash activity, inquire into
source of cash if other than retail
Compare to peer customers
Establish manual or automated process to
identify and investigate inconsistencies
Specific Customers:
possible measures
Trade Finance
(International)
Risk weight each financial service
sought
E.g., import or export letters of
credit; import or export documentary
collections
Four potential categories:
Product
Country
Knowledge of customer
Amount of transactions
Specific Customers:
possible measures
PEP/Embassy Customers
PEP (senior foreign political
figures/family/associates)
PEP identified at account opening
AML compliance officer notified
Private bank to determine customer’s
financial services and estimated
activity
This information is reviewed quarterly
Each account is reviewed for SAR
activity
Specific Customers:
possible measures
Embassy Accounts
Require approval by senior
officer
Follow procedures used to
identify/validate PEP
customers
Monitor at least quarterly
Investigate all suspicious
and/or unusual activity
Document these steps
Riskier Transactions
Wire Transfers
Limit to customers of bank
Limit or prohibit wires paid in cash
Value of automated systems:
Identify money in/money out
transfers
Compare current and historical
activity
Look for structured wires (e.g.,
between $ 7500 and $10,000)
Examine high volumes/high amounts
Review transfers to and from high
Riskier Transactions
Monetary Instruments
Aggregate cash purchases at some
amount below $3,000
Look for redemptions in similar
amounts
Chief risk is structuring
Stored value or gift cards:
Sell only to customers
Do not exchange for cash
Consider prohibiting reloading of
cards
Require additional approval to exceed
certain values (e.g., $500)
Restrict number of cards a customer
may purchase
High Risk Business Type
Money Service Businesses (MSBs)
Banks are not expected to be the de
facto regulators of MSBs
Identifying MSBs at your bank
FinCEN guidance
Transparency
Transactions will go underground if MSBs
are not banked
MSBs, like other “high risk
businesses,” do not always present
the highest risk
MSB Due Diligence
Visit the MSB
Request/evaluate the independent
review
Review
AML policies and procedures
Prior regulatory enforcement actions
if any
License and registration
AML Training program and
attendance log
MSB Due Diligence
Review
Agent list, agent review process
and agent files
Financial information, including
tax returns
Account statements from other
financial institutions
Average cash deposits and ACH
activity
Compliance with BSA reporting
and recording keeping
requirements
MSB Due Diligence
Meet with the President and/or CEO,
compliance officer, CFO, IT officer, AML
investigation supervisor
Determine the type MSB services –
types of products offered
Request any prior regulatory
enforcement actions
Review BSA/AML software
How are transactions aggregated?
Does the MSB have an OFAC
screening tool?
Number of SARs filed (MSB can not
disclose the SARs to their bank)
Other High Risk Business
Types
Not all businesses in any high risk
business type are high risk
The business may only use a low risk
product
May identify High Risk Business types
with NAICs/SIC codes
Determine methods of identifying
historical potentially high risk
businesses
Conduct due diligence
Benefits of an effective due diligence
program
Private Banking
Implement specific AML procedures
Work closely with AML unit and related
business units
Assign AML coordinator
Develop targeted training program to
augment corporate training
Off-site training on periodic basis
Staff meetings to stress AML duties
Track training attendance/proficiency
Private Banking
Install monitoring system to oversee
new accounts and identify high-risk
customers
Enlist help of compliance to review,
improve, and ensure consistency in AML
procedures
Distribute/document internal procedures
as updated
For new customers:
Two types of ID
Pre-established customer profiles
Complete background check
PRIME/OFAC or related check
Customers with recurring SARs
Should you close the account?
Filing a SAR might not be enough
A decision should be reached and
documented whether to continue doing
business with a customer on which a
suspicious activity report or multiple
reports have been filed, or when and
how to terminate the relationship.
Account Termination
Depending on the nature of the
suspicious activity,
• You can continue the client relationship
• But monitor activity closely.
Systems to track and regularly review
any other unusual or suspicious activity.
Policies and procedures before the
customer is notified of termination
• If you know the case is under investigation
– work closely with law enforcement
Account Termination Policies
Policies and Procedures
The prompt referral to compliance officer or
other appropriate legal and compliance
personnel.
The communication of the decision to terminate
and the anticipated date for notifying the
customer of that decision to appropriate
government authorities.
Such information may be communicated in a SAR
to be filed or to augment SARs filed previously.
Certain circumstances may warrant contacting
U.S. Attorney’s Office or other appropriate
government authority.
Account Termination
Written Requests from Law
Enforcement
Seek written request from government to
keep account open
Keep the request on file
Make sure the request is from a senior officer
•
•
•
•
•
Supervisory agent
Assistant U.S. Attorney
Official with Dept. of Justice
Supervisor of state or local law enforcement agency
Attorney with state or local prosecutor’s office
Requests to keep account open
Written requests should:
• Confirm that law enforcement has
requested that an account remain
open and state the purpose for such
request.
• Indicate the duration the account
should remain open,
• Provide for written request to keep
account open after that period (e.g.,
six months).
Coordination with law
enforcement
Follow up is Key
Follow-up with appropriate law
enforcement agency on an ongoing
basis.
Document cooperation
Continue to comply with all applicable
BSA recordkeeping and reporting
requirements
Continue to file SARs, if applicable
When to Consider Retaining Outside Help
Variety of situations: short to
long-term
Independent review of your AML
policies
Opinion/advice on a potentially
suspicious customer relationship
Cooperating with criminal
investigators
Developing policies to conform
to new regulatory requirements
When to Consider Retaining Outside Help
Implementing significant program
changes
Selecting external compliance tools
(e.g., CIP or AML surveillance
programs)
Reviewing/resolving AML issues
identified prior to exam
Preparing for an AML exam
Responding to AML issues identified
during exam
Handling an AML enforcement action
When to Consider Retaining Outside
Help
•
•
•
Responding to congressional or
similar investigation
Assistance in dealing with media or
public disclosures (e.g., 10-K annual
report)
Conducting an internal investigation
AML training for employees, officers,
board members, agents/vendors
When to Consider Retaining Outside Help
•
New financial products or services
Determining BSA implications
Developing and implementing new AML
controls
Coordinating with regulators and/or law
enforcement
•
Complying with specific supervisory
requirements
Backfiling requests (CTRs)
SAR Lookbacks
Unique AML issues (Sec. 311 relationships,
GTOs, due diligence of foreign correspondent
accounts)
Managing the Outside
Relationship
Who decides within the bank?
Whether to bring in outside assistance
Do you have sufficient expertise in
house?
Whom to select?
Controlling fees
Standards for termination
•
•
Identify your project and the desired
role of the outsider
Reviewing vs. preparing materials?
Managing the Outside
Relationship
• Preserving confidentiality
• Identifying who’s in charge of
relationship
AML Compliance Officer
Relationship between in-house and external
counsel
Can external counsel deal directly with the
government?
• Assessing the ongoing value of
assistance
• Should you impose time and/or cost
Reference Material for High
Risk Accounts
1.
2.
3.
4.
The following material offers
guidance for banks that
maintain foreign correspondent
accounts
Intended to help you monitor
the accounts
Guidance also suggests ways to
manage such accounts
This material will not be covered
during the presentation except
to answer questions
Foreign Correspondent Accounts
General Due Diligence Policies, Procedures
and Controls for Foreign Correspondent
Accounts must include each of the
following:
Determining whether each such foreign
correspondent account is subject to
enhanced due diligence
Assessing the money laundering risks
presented by each such foreign
correspondent account.
Apply risk-based procedures and controls to
each such foreign correspondent account
reasonably designed to detect and report
known or suspected money laundering
activity, including a periodic review of the
correspondent account activity sufficient to
determine consistency with information
obtained about the type, purpose, and
A Risk Based Approach to Foreign
Correspondent Accounts
Policies, procedures and processes to assess the risks
posed by the FI’s foreign FI customers including, as
appropriate:
Nature of the foreign FI’s business and the markets it serves
The type, purpose, and anticipated activity of the foreign
correspondent account
The nature and duration of the U.S. FI’s relationship with the
foreign financial institution, and if relevant, with any affiliate of
the foreign FI.
A Risk-Based Approach to Foreign Financial
Institution Correspondent Accounts
Additional Relevant Risk Factors to Consider:
The AML supervisory regime of the jurisdiction that issued the
charter or license to the foreign FI, and to the extent available,
the jurisdiction in which any company that is an owner of the
foreign FI is incorporated or chartered.
Information known or reasonably available to the covered FI
about the foreign FI’s AML record, including public information
in standard industry guides, periodicals, and major publications.
Should also consider information issued by the Treasury Dept.
about specific foreign FIs.
The scope and depth of a review will depend on the nature of the
information uncovered and does not require an evaluation of all of
the above factors in every case.
High Risk Banks According to Sec. 312
An Offshore Banking License
A Banking License issued by
an NCCT
A Banking License issued by
a foreign country that has
been designated under Sec.
311 of the Patriot Act
Risk Stratification of the Customer Base
The starting point of an effective general due diligence program
should be a stratification of the money laundering risk based on a
review of the relevant risk factors to determine which accounts may
require increased measures:
Will have an impact on the initial account opening process
Will effect on-going periodic reviews of the client, the
client’s documentation and activity
Will impact monitoring of transactions
and/or accounts
SHELL BANKS
OFFSHORE BANKS &
NCCTs/SEC. 311/NO AML REGS
MSBS & OTHER
HIGH RISK
MEDIUM RISK
LOW RISK
Establishing Levels of Risk
Stratify client base at account opening or the inception of a
business relationship – collect due diligence information and
prioritize accounts for ongoing monitoring based on risk level.
One example might be:
Low risk – might include entities that are “trusted” by the
financial institution
Medium risk – might include entities that are publicly-traded
on an exchange “recognized” by the financial institution
High risk – might include entities that are privately-held, or not
publicly traded on a “recognized” exchange
Risk Scoring for Correspondent
Banking
Business Risk Factors
Product Risk Factors
Specifically identified by
Regulators/Law Enforcement
Money Laundering Placement
Specifically identified by
Regulators/Law Enforcement
Favors anonymity or involves third
parties
Risk; such as cash intensive
businesses
Supports high transaction volumes
Other authoritative pronounce-
Involves cross border transactions
ment
Money Laundering Layering or
Integration Risks
Involves cash, monetary or bearer
instruments
Supports high speed movement of
funds
Foreign Correspondent Banks
Enhanced Due Diligence for Certain
Foreign Banks
Conduct enhanced scrutiny of the correspondent
account which requires an FI to obtain and
consider information relating to the foreign
bank’s AML program.
Under appropriate circumstances, monitor
transactions to, from or through the
correspondent account in a manner reasonable to
detect money laundering and suspicious activity
Obtain information about the identity of any
person with authority to direct transactions
through any correspondent account that is a
payable through account
Foreign Correspondent Banks
Enhanced Due Diligence for
Certain Foreign Banks
Determine whether the foreign bank in
turn maintains correspondent accounts
for other foreign banks and take
reasonable steps to obtain information
relevant to assess and mitigate money
laundering risks, including as
appropriate, the identity of those
foreign banks
Foreign Correspondent Banks
Enhanced Due Diligence Ownership
Determine, for any correspondent
account established or maintained for a
foreign bank whose shares are not
publicly traded, the identity or each
owner of the foreign bank and the
nature and extent of each owner’s
ownership interest.
Owner means any person who directly
or indirectly owns, controls, or has the
power to vote 10 percent or more of any
class of securities of a foreign bank.
Special Procedures when DD or EDD
cannot be performed
The covered FI’s due diligence program is
required to include procedures to be
followed in circumstances in which a
covered FI cannot perform appropriate
due diligence or EDD with respect to a
correspondent account.
This could include procedures to refuse to
open the account in the first place,
suspend transaction activity, file a
suspicious activity report, or close the
account.
Appropriate action may include a
combination of the above measures.
Foreign Correspondent Banks
Risk factors in dealing with
shell companies
Inability to determine legitimate
purpose of the shell
Inability to determine legitimate
purpose of the account that is opened
for the shell
Use of a company formation agent or
other intermediary
Involvement of a non-U.S. person or
entity
Inability to easily determine
beneficial ownership
Foreign Correspondent Banks
Key questions to ask to prevent corporate
vehicle misuse include:
Who are the ultimate beneficial owners of a
company and who are the settlors, trustees and
beneficiaries involved with a trust?
What is the purpose for which the corporate
vehicle was formed?
Why are foreign jurisdictions being used for
creation/administration of the entity?
Why are complex structures being utilized?
Foreign Correspondent Banks
Consider Frequently occurring Risk Factors
associated with corporate vehicle misuse.
What are the corporate vehicle formation
requirements in the source jurisdiction?
Are the adequate regulatory standards or
investigative capacities in the jurisdiction
where the corporate vehicle has been
incorporated/formed/ administered (e.g.
particularly involvement of TSCPs).
How might information on the beneficial
owners be made available or be obtained in
the jurisdiction of incorporation and/or the
country in which the company and trust
administration services are provided.
What is known about the beneficial owner?
Foreign Correspondent Banks
Consider Frequently occurring Risk Factors
associated with corporate vehicle misuse
Is the corporate vehicle a regulated or unregulated
entity?
What is the purpose of the corporate vehicle? Does it
have “real activities” or is it solely involved with
holding/administering the assets of the beneficial
owner?
Why has the corporate vehicle been established in a
foreign jurisdiction?
Can a shell or shelf company be formed in the
jurisdiction of incorporation?
What is known about the source of funds?
What is know about the scale of the business/funds?
Foreign Correspondent Banks
Best Practices may include the
following elements:
Financial institutions need to apply a
risk-based approach, both to CDD
and ongoing monitoring
It may be impossible for a financial
institution to dig through layers of
shell companies in every instance –
How far you peel the onion should be
tied to the degree of risk posed by
the potential or actual client.
Identifying High Risk Customers
and Managing Their AML
Vulnerabilities
The Anti-Money
Laundering
Association
Winter Park, Florida
January 21, 2009 • 8:30 a.m. to
10:30 a.m.
Peter G. Djinis • AML Compliance
• 4370 S. Tamiami Trail • Suite
320 • Sarasota, FL 34231 •
941-926-2915 •
[email protected]