Post on 29-Nov-2014
description
transcript
Part 3:
Compliance Programs
Data Security
Tax Evasion and Enforcement
Money and Commodities Flows
CFCS Examination Preparation Series February 5, 2014
Presented By
Beth Berenbaum, Ken Barden, Charles Intriago, Brian Kindle, Hillary Rosenberg, and Jeff Sklar
Beth Berenbaum
VP, Program Management
AML Partners
Franklin, NH
Kenneth Barden
Senior Anti-Corruption Advisor
US Agency for International Development
Washington, DC
Counsel Lewis Baach
New York
Hillary Rosenberg
Managing Partner
Sklar Heyman Hirschfield & Kantor
Bellmore, NY
Jeff Sklar
Compliance Programs
CFCS Examination Preparation Series February 5, 2014
• Processes and controls to comply with laws, regulations, other requirements
• Regulatory structure becoming more complex, global • Convergence moving toward unified “financial crimes
risk management”
Overview of Compliance
Programs Within Compliance
• Governance
– Analytics
– Investigations
– Intelligence
– Customer Due Diligence
– Compliance Audit/Quality Control
Governance
• Enterprise Risk Assessment
• Gap Analyses
• Creating/Reviewing/Delivering Training
• Liaison to Regulators/Examiners and Internal Audit
• Liaison to External Consultants and Auditors
Investigations & Intelligence
• Investigations
– Investigate unusual activity
– Report on unusual activity
– Investigate possible terrorist financing
• Intelligence
– Analyze country risk
– Analyze enterprise-wide financial crimes risk
– Support foreign correspondent banking business
Analytics
• Tools for transaction monitoring
• Analytics for enterprise-wide risk assessment
• Analytics for customer risk rating
• Tools for sanctions monitoring
Customer Onboarding
• Customer Due Diligence - “Know Your Customer”
• Customer Identification Program
• Customer Monitoring/Periodic Review
• Enhanced Due Diligence (High Risk)
Employee Onboarding
• “Know Your Employee”
• Employee Monitoring
• Employee “red flags”
• Size, structure, complexity and risks of organization are basis of compliance program
• Compliance program should include policies, procedures and controls
• Controls can be broadly divided into “preventive” and
“detective”
Organizational Overview of Financial Crime Program
• Preventive controls include:
• CIP and CDD programs • Appropriate training • Risk assessments, gap analysis • Providing line of business reporting, issue remediation • Senior management and board reporting • Liaison with audit, coordination of examinations
Organizational Overview of Financial Crime Program
• Detective controls include:
• Identifying suspicious activity through employee referrals or automated transaction monitoring, customer surveillance
• Investigating identified unusual activities • Activity monitoring, predictive analytics • Monitoring employees, third parties • Screening, blocking, rejecting transactions and customers • Reporting • Exiting customer relationships • Compliance testing
Organizational overview of financial crime controls
Risk Assessment
• Assessing risks allows understanding of vulnerability, better resource allocation
• Should consider
• Types of distribution channels used by business unit • Complexity of unit’s business model • Degree of change in business • Size and type of growth in the business
Risk Assessment
Key elements include • Methodology to quantify level of risk
• Methodology to quantify adequacy of controls
• Assessment of risk of each line of business
• Enterprise-wide assessment to identify systemic risk not apparent in a line of business
Sanctions Compliance
• Laws or regulations of certain nations prohibit conducting transactions for certain national governments, entities and persons
• Sanctions are imposed by variety of enforcement
agencies, international bodies • US Office of Foreign Assets Control • United Nations Security Council • European Union • Other international bodies
Sanctions Compliance
• Some sanctions compliance best practices include:
• Development and implementation of policies, procedures and processes to ensure full compliance with all sanctions prohibitions
• Knowledge of different sanctions lists or orders institution organization is subject to
• Sanctions compliance risk assessment
Sanctions Compliance
• Leveraging screening, transaction monitoring to
detect and prevent payments in violation of sanctions
• Training programs to all affected employees • Testing and ongoing
22
AML Cycle
Organizational Risk Assessment
Identify and rate risks across the organization and within
lines of business
Customer Identification Program
Collect and verify information on a customer to confirm their
identity and nature of relationship
Customer Profile and Risk Assessment
Establish expected activity and transactions; create an initial
customer risk rating
Automated Transaction Monitoring
Establish alert thresholds, rules and scenarios based on customer profile and risk assessment
Customer Screening
Screen customer against sanctions and watch lists; establish criteria
for ongoing screening of transactions
Investigation of Alerts and Incidents
Review any alerts generated on customer, file SARs or modify
customer relationship if necessary
Update and Audit
Collect sampling on alert and transaction data, reassess customer risk, renew KYC
information
High-Risk Customers
• Risk depends on product, geographic region. Examples:
• Politically Exposed Persons (PEPs) and their associates • Casinos, securities brokers, dealers in precious metals, stones • Domestic, offshore shell companies • Casas de cambio, currency exchanges, money transmitters • Private investment companies (PIC) • International companies • Deposit brokers • Cash-intensive businesses • Foreign, domestic NGOS, charities • Gatekeepers - attorneys, accountants, etc.
High-Risk Products
• Examples:
• Prepaid, payroll cards • “Payable upon proper identification” (PUPID)
transactions • Money remittances • Online banking • Private banking • Trust and asset management services • Monetary instruments
High-Risk Products
• Other examples :
• Foreign correspondent accounts: bulk currency shipments, pouch activity, and payable through accounts (PTA)
• Trade finance • Services to third party payment processors or senders • Foreign exchange • Special use or concentration accounts • Loans secured by cash collateral and marketable securities • Non-deposit account services, such as non-deposit
investment products and insurance
High-Risk Jurisdictions, Geographic Areas
• Understanding specific money laundering, terrorist financing, corruption, fraud risks of jurisdictions is essential for compliance
• Organization should establish methodology that may include
• Sanctions, terrorist financing lists – OFAC, EU, UN • Jurisdiction's overall reputation – Corruption Perceptions
Index, reports by state departments • Jurisdiction’s adoption of FATF, other international
standards • Regional risk inside a particular jurisdiction
Customer Onboarding and Monitoring
Account opening procedures Best practices include:
• Gathering, verifying, authenticating customer ID materials through paper documents, electronic verification
• Clarifying services customer requests • Screening against sanctions lists, watch lists, PEP lists • Documenting normal, expected activity, including occupation
and business • Documenting relationship with institution or organization,
including all lines of business, subsidiaries
Customer Identification Program (CIP)
• Usually required by jurisdiction’s laws, regulators
• ID information must be collected at account opening, verified within reasonable time after opening
• Verify identity prior to large currency transactions, purchasing certain financial instruments, or ordering wire transfers
• May require identification of beneficial owners in some jurisdictions, particularly legal entities
Enhanced Due Diligence
• For high-risk services, customers, jurisdictions • Examples include:
• Identifying and verifying beneficial owners • Additional investigation of source of funds • Verification of customer, business information through
third-party sources • Augmented transaction monitoring • Thresholds on transactions • Senior management approval of customer relationships,
certain transactions
Employee Onboarding and Monitoring
Best practices for effective “know your employee,” onboarding: • Assessment begins during interview process
• Background screening, especially for criminal history • References and employment history
• Gathering and verifying employee identification materials • Screening employee against sanctions, watch, PEP lists
Employee Onboarding and Monitoring
Best practices for effective “know your employee,” onboarding:
• Providing new employees with organization's written
ethics policy, code of conduct
• Appropriate training for position, including regulations and web-based or classroom training with appropriate scenarios
• “Hotline“ for anonymous reporting, direct reporting to compliance that does not go through business lines
Employee Onboarding and Monitoring
Best practices for ongoing employee monitoring:
• Regularly scheduled background screening • Automated exception reports, review of log files • Regular reviews and updates on the company’s ethics
policies and ethical compliance culture • Regular communication reinforcing standards • Ongoing employee training • Selective review of email, electronic communications
for high-risk employees
Transaction Monitoring
• Automated system, either proprietary application or vendor-provided, for ongoing transaction, customer and entity data
• Detection typically accomplished through implementation of financial crime scenarios in two broad categories:
• Rules-based scenarios - identify patterns of behavior related to known financial crime typologies or red flags
• Statistical profiling scenarios - identify unusual activity by modeling typical or expected activity profiles for a specific customer or type of customer and identifying outliers
Transaction Monitoring
• More advanced systems incorporate hybrid of rules-based, statistical approaches
• Transaction monitoring can also incorporate third-party data sources
• As transaction and data volumes grow, analytics becoming
increasingly important
• Automatic monitoring no substitute for experienced human supervision, direction
Key Lessons
• Customer due diligence, profiling and risk assessment are key to effective compliance programs
• Essential to establish expected customer behavior, transactions to detect suspicious activity
• Compliance programs are cyclical and ongoing – each step feeds into the next
Practice Question
• A small regional bank recently started using a new transaction monitoring tool that utilizes custom scenarios to identify activity defined by the Financial Crimes Compliance team. There are five scenarios that are live in production. The Analytics team in Financial Crime Compliance Unit researched scenarios and is ready recommend possible changes to the scenariosto management. Which scenario(s) should the Analytics team recommend making changes to first?
Practice Question
A. Scenario A that generated 100 alerts in the past 3 months and 50% of those were deemed suspicious and suspicious transaction reports were filed. B. Scenario B that generated 180 alerts with a 95% false positive rate. C. Scenario C that generated no alerts and there appears to be a problem with the data mapping. D. Scenarios D and E that were put into production in the last 30 days to address a matter requiring attention from a regulator.
Practice Question
Answer A is incorrect and appears to be a well performing scenario. It is generating alerts and the percentage deemed suspicious is reasonable. Answer B is incorrect because while false positive rate is far too high, it is generating alerts and some are deemed suspicious. The false positive rate is an issue that must be addressed, but this scenario is not the one that needs to be addressed first. There will often be scenarios on the live exam that require picking the best answer. In this case, this is not the best answer.
Practice Question
Answer C is correct as it is clearly a broken scenario since no alert was generated. That there appears to be a problem with the data mapping reinforces the conclusion that this scenario must be addressed first. Answer D is incorrect as there is no evidence the scenarios are not performing as expected.
Data Security
CFCS Examination Preparation Series February 5, 2014
41
Definition and Overview
• Properly safeguarding, storing and disposing of the financial, personal and other sensitive data of an organization, its employees and its customers
• Data security and financial crime are increasingly
interconnected • Data breaches lead to fraud, identity theft schemes • Organized crime rings turning to cyber financial crime • Internal data theft and malfeasance supports range of
financial crimes
42
What We Will Cover
• These are the primary topics we will cover today
• Types of Cyberattacks
• Preventing Cyberattacks • Reacting To Cyberattacks
• Data Privacy
43
Common Types of Cyber Financial Crimes
• There are two main types of cyberattacks
• Network based attacks • Relatively rare • What most people think of as hacking • Prevented by firewalls and ACLs
• Virtual attacks
• Most common • Take many forms • Prevented by security policies
• Today we will focus on Virtual Attacks
44
Common Types of Cyber Financial Crimes
• Types of Virtual Attacks
• Social Engineering
• Malware
• Account Takeover
• Other Attacks
45
Common Types of Cyber Financial Crimes
• Social engineering
• Deceiving or manipulating target into turning over personal data, confidential information
• Uses similar tactics to “traditional” fraud • Often involves multiple channels – e-mail,
phone, social networks, in-person contact
46
Types of Social Engineering
• These are the common types of Social Engineering Attacks
• Phishing
• SMS Phishing (Smishing)
• Voice Phishing (Vishing)
• Spear Phishing
47
Types of Social Engineering
• Phishing
• Using false e-mail or other electronic message to manipulate recipient into providing confidential data
• There are many types of phishing attacks
• Data Capture • Nigerian 419 Scam (Often Advance Fee Fraud) • Man-in-the-Middle Attack
• Data captured in phishing furthers identity theft, account takeover schemes
48
Types of Social Engineering
• SMS Phishing
• Smishing is achieved by sending SMS messages to people with links to website that will perform a data capture
• Becoming more common
• More successful than email phishing since most
people are less cautious about SMS Messages
49
Types of Social Engineering
• Voice Phishing (Vishing)
• Vishing is basically using phone calls while posing as someone in authority to elicit sensitive information (like Passwords and logins)
• Most similar to standard confidence frauds from the past
• Far more successful than you would expect • Sometimes Vishing refers to leveraging VoIP
systems to commit a fraud, but is less common
50
Types of Social Engineering
• Spear Phishing
• This is very similar to a standard phishing attempt, but more targeted
• Uses some personal information to personalize
the communication • Far more likely to be successful than a standard
phishing attack
51
Common Types of Cyber Financial Crimes
• Malware • Computer Virus- a computer program that can replicate
itself and extend from one computer to another through actions undertaken by the user to proliferate
• Trojan Horse or Trojan- a non-self-replicating type of malware which appears to perform a desirable function of a legitimate software application but instead facilitates unauthorized access to the user’s computer system
• Computer Worm - a standalone malware computer program that replicates for the purposes of spreading to other computers automatically
52
Common Types of Cyber Financial Crimes
• Malware
• Malicious or intrusive computer code used to obtain and transmit data to a third party
• Typically delivered by a compromised or malicious website, but can be delivered within other software packages
• Designed to run undetected, capture activity on a device (i.e. keystroke loggers) or allow a third-party remote access or control
53
Common Types of Cyber Financial Crimes
• Account Takeover
• Often the end result of other cybercrime, identity theft schemes
• Occur when attacker obtains login information,
credentials for an individual or business financial account, performs unauthorized transactions
• Estimated $350 million to $ 1 billion lost from US commercial accounts in just the past year
54
Case Study: Target Data Breach
• In early January, Target confirmed it was the victim of one of the largest data breaches of all time • Full credit and debit card information on 40 million
customers • Personal data on additional 70 million customers • Major fallout- civil suits, investigation by US Attorney
general • JPMorgan, other banks limiting transactions
55
Case Study: Epsilon Data Breach
• The Target attack was a multi-tiered attack
• Began with attackers purchasing “crimeware” that steals data from point-of-sale systems
• Attackers compromised Target web server • Once server was accessed, attackers were able to upload
malware to POS systems • POS systems automatically transmitted information back to
computers controlled by attackers • Card information was uploaded to blank cards for charges,
withdrawals around US • Personal information will likely result in further identity theft,
spearphishing schemes
56
Planning for a Data Security Program
• Assess what needs protection, classify and
prioritize data based on risk • Take into account physical and human aspects of
data security, not just technological issues • Physical security is a major vulnerability, a great deal of
security breaches are due to failings of internal security • Must have internal security policies as well as external
access policies
• Consider and plan for potential repercussions from data breaches and theft
57
Data Security Program Best Practices
• Manage log of changes • Multi-tiered access rights, highest levels of
access only from specific internal sources • Change all default, vendor-supplied credentials • Partition networks to isolate sensitive data • Strictly manage your data retention policy • Multi-factor authentication for network access • Data retention/deletion policies and process
58
Data Security Program Best Practices
• Train both your employees and customers to
recognize fraud attempts • Actively monitor your network • Restrict administrative connections to specific
internal sources and do not allow any external connections
• Implement firewalls and ACLs and keep them updated
• Implement internal policies to keep all software updated with automatic systems
59
Ongoing Data Security Monitoring and Testing
• Flagging, monitoring failed login attempts
• Enforcing password, authentication policies • Password cracking tests • Routine log monitoring
• Ongoing employee training, monitoring
60
Responding to a Data Breach
• Unfortunately, it is likely a matter of time before a
data breach will occur • An important part of you data security program
should include how you react to data breaches • There are often legal requirements, depending on
your jurisdiction, for how to react • It is far better to be proactive in controlling the
narrative rather than to trying to ‘sweep it under the rug’
61
Data Breach Response Best Practices
In addition to closing the vulnerabilities that led to the breach, you should: • Identify the sensitivity of the data lost and the
impact on the subjects and the organization • Establish if the data can be accessed without
special software or techniques • Identify whether the data can be recovered • Notify the crisis management team • Establish a list of affected customers • Draft both public and direct communications • Prepare a PR Strategy
62
Essentials of a Data Privacy Program
As custodians of personal data about your customers there are certain responsibilities in keeping that data secure. You should:
• Designate an employee(s) to manage the Information Security Program
• Identify and asses the risk of losing customer data in each area of the company
• Test and monitor on an ongoing basis • Assure service providers with access to the data
are compliant with your data security program • Know how to respond to Law Enforcement
requests for data
63
International Data Privacy Laws
EU Data Privacy Directive • In addition to protecting customer data from data
breach, companies have a great deal of regulation as to how and when they can release customer data
• While there are several international laws, and numerous local ones that depend on the jurisdiction, the EU DPD is a strong example
• The EU DPD is very restrictive for protecting data privacy, it requires: • Consent from the customer • Necessary for compliance with a legal issue • Necessary for meeting a legitimate interest
64
Key Lessons
• Securing human side is more important aspect of
data security • Cyberattacks rely heavily on old-fashioned fraud • Data security and privacy policies should focus on
limiting access to data
• “Stricter” is not always better
Practice Question
Your financial institution has been subject to several hacking attempts over the last few weeks. While none have been successful, you worry that it might be a matter of time. To keep your network secure, you have decided to update your network security policies.
What is an important step to include in your network security policy?
Practice Question
A. Educate your online customers to detect phishing attempts and other fraudulent email scams.
B. Disable auto deletion of old data, including access logs, and move them to an archive server.
C. Only permit administrative connections via the Internet through HTTPS or SSH connections.
D. Require confirmation from network Engineering before resetting any lost passwords.
Practice Question Answer A is correct as this is a recommended step in all network security policies. While not high tech or glamorous, educating your staff and your customers to recognize phishing and fraudulent emails is a fundamental and highly successful way to prevent fraud.
Answer B is incorrect as this is the opposite of a good data retention policy, and has nothing to do with a network security policy.
Practice Question
Answer C is incorrect as a good security policy will not allow any administrative connections through the internet, even via secure connections like HTTPS or SSH. Administrative connections are those that allow you to log into internal devices and make changes to how they function. This task should only be allowed from internal connections. Answer D is incorrect as it is not very scalable and network engineering is the wrong group to manage this anyway. There are hundreds of password resets that are performed every day by most large financial institutions. There is no way that the network engineering staff would be able to keep up with the requests. They would also have no way to determine if the requests should be approved or denied.
Tax Evasion and Enforcement
CFCS Examination Preparation Series February 5, 2014
70
Overview and Definition
• Conduct designed to intentionally and illicitly avoid paying tax liabilities
• Often a thin line between tax evasion and legal “tax avoidance”
• Evasion is a financial crime itself and a common element of all other financial crimes
Convergence of Tax & Money Laundering Enforcement
• Global trend toward criminalization of tax compliance, enforcement will continue
• Convergence with other areas of law -- criminal law, money laundering, asset forfeiture, international evidence gathering
71
Convergence of Tax & Money Laundering Enforcement
72
• In February 2012, FATF issued revised recommendations on anti-money laundering
• For first time, tax offenses expressly listed as predicate for money laundering crimes
73
Tax Shelters
• Mechanism by which taxpayer may protect assets or income from taxation, or delay tax application
• Investments in pension plans and real estate are common examples, many shelters are completely legal
• Shelters can be deemed abusive by tax authorities when designed solely for avoiding or evading taxes
74
Tax or Secrecy Havens
• Jurisdictions that provide secrecy or other means of protecting assets from taxation
• Individuals, corporations, other entities can shift assets to havens through physical relocation, subsidiaries, shell corporations
• Havens have been subject to increasing global pressure
75
Characteristics of Tax or Secrecy Havens
• No or nominal taxes
• Lack of effective exchange of tax information
• Lack of transparency in the operation of legislative, legal or administrative processes
• Anonymous company formation
• Negotiated tax rates
• Inconsistent application of tax laws
• Little or no regulatory oversight
76
Characteristics of Tax or Secrecy Havens
• No requirement for physical presence, allowing for shell corporations
• Self promotion as offshore financial center
• Examples of tax or secrecy havens
• Seychelles
• Panama
• US states of Delaware, Nevada
77
Methods of Tax Evasion and Tax Fraud
• Income tax evasion can be straightforward as under-reporting income, overstating deductions, or not declaring offshore accounts
• Can be extraordinarily complex, involving offshore accounts and layers of corporate entities
• Tax codes of many jurisdictions are complicated, proving tax evasion requires willful intent to defraud
78
Methods of Tax Evasion and Tax Fraud
• Smuggling and evasion of customs duties
• Employment tax fraud
• Falsified worker status
• Pyramiding
• Third-party withholding
• Cash payments
• Evasion of value added tax (VAT)
• “Missing trader” fraud, carousel fraud
79
Red Flags of Tax Evasion
• Failing to follow advice of accountant, attorney or preparer
• Failing to inform a tax professional of relevant facts • Evidence from employees about irregular tax withholding,
suspicious business practices • Missing or altered books and records • Transfer of assets to an offshore location or secrecy haven • Tax and related documents appear to be backdated • Use of many tax numbers by single person or entity • Submission of suspicious wage and other statements
• March 2010 – FATCA signed into US law
• February 2012 – Temporary IRS Regulations Issued
• Numerous IRS Notices Since
• January 17, 2013 – Final IRS Regulations Issued
• Key Effective Date – July 1,2014
FATCA
• Essentially deputizes ‘Foreign Financial Institutions (FFIs)’ to act as extension of IRS enforcement network
• Identifying US Taxpayers holding financial accounts or
investments in their institutions
• Reporting financial assets, US source income annually to IRS
• Withholding 30%, on behalf of the IRS, on certain payments
coming from US for noncompliant accounts, institutions
• Reporting, withholding on accounts and payments to other FFIs
that do not comply with FATCA
FATCA Overview
82
Intergovernmental Agreements
Model I and Model II Agreements
• Model I requires FFIs to report information on US accountholders to their tax authorities, which collect and deliver it to IRS
• Model II requires FFIs to report information on US accountholders directly to the IRS.
• IGAs will require some countries to change their tax, privacy laws • Some IGAs require reciprocal reporting – US institutions must
report accountholders to tax authorities of signatory nations
83
FATCA Gaining Momentum
• 60 - 80 countries now engaged in talks with US Treasury
• FATCA Partners now include 19 countries ( including
major economies like UK, Mexico, Denmark, Germany,
Ireland, Italy, Switzerland, Spain, Switzerland, Norway;
many smaller jurisdictions)
• Tax transparency now a worldwide initiative
• Participation ‘not an option’
84
G20 and Bank Information Exchange
85
Key Lessons
• Understand structures used to evade taxes,
especially offshore legal entities
• Understand common types of tax fraud schemes,
including those involving VAT
• Recognize how FATCA works and how it is laying
groundwork for international tax enforcement
regime
86
Practice Question
Your bank holds a business account for a local tax preparation service. What would MOST likely trigger further investigation by the compliance department in the bank?
A. Numerous deposits of tax refund checks in the names of different individuals but with common addresses
B. Multiple deposits of checks in the same amount written by different tax service customers
C. Variances in the frequency of transactions depending on the calendar cycle
D. A request by the customer to have payments made to the Tax Office through a certified check process
87
Practice Question
• Answer A is the correct answer due to the fact that this is a classic red flag for tax fraud. Multiple tax refund checks for different individuals going to the same address should set off warning alarms in nearly every jurisdiction.
• Answer B is incorrect because this perfectly fits the customer’s profile. The deposit of checks from different tax service customers is what you would expect as each customer paid their bill for the service. You would also expect many of them to be in the same amount for a typical tax preparation service since the fee for tax preparation would be the same for many customers.
88
Practice Question
• Answer C is incorrect because, once again, this fits the customer profile. You would expect variances depending on the calendar cycle as this is largely a seasonal business based on tax reporting deadlines.
• Answer D is incorrect because there is no indication of tax fraud in this response. The customer is making payments to his jurisdiction’s tax authorities using a certified check, which is simply a check for which a bank has confirmed sufficient funds exist to cover the amount of the check. This is not a viable means to commit tax fraud, and would more likely indicate no fraud is taking place.
Money and Commodities Flows
CFCS Examination Preparation Series February 5, 2014
90
Financial Crime and Money Transfer Mechanisms
• Mechanisms to move, transfer and employ criminal
proceeds are essential to perpetrating financial crimes • Methods to move money and other financial assets are
limited only by imagination of the financial criminal- wire transfers, international trade, informal value transfer systems, prepaid cards, etc.
• As new mechanisms evolve, pre-existing money
transfer methods remain, leaving complex and growing network of threats
91
Checks and Bank Statements
• While declining in use, checks in combination with bank
statements can still be useful to map flows of money or other assets.
• Financial crime professional should look for: • Payees on checks • Comparison of endorsers to determine consistency • Volume of checks and pattern of account use show
in bank statement • Large checks or others that do not fit general use of
account • Notes and numbers written on the back of a check
by bank employees
92
Wire Transfers
• All-purpose vehicle to move funds in all financial crime
scenarios • Examples of red flags include:
• Funds transfers to known tax/secrecy havens • Wire transfers with no legitimate business purpose • Customer with low account balance sending or receiving frequent
wire transfers • Rapid succession of wire transfers in similar or exact amounts • Customers in cash-intensive businesses that send large wire
transfers • Unusual funds transfers by correspondent banks • Customers using cash or bearer instruments to purchase wire
transfers
93
Trade Price Manipulation
• Also known as trade-based money laundering,
continues to be a popular vehicle to move illicit proceeds
• Requires two or more persons working together to move funds using combinations of over-valued and under-valued imports and exports
Parties may understate the price of imported goods or overstate the price
of exported goods.
Parties may overstate the price of imported goods or understate the price
of exported goods.
94
Trade Price Manipulation
Assume Person A wishes to move money from Country X to
Person B in Country Y.
• Person B buys 10,000 widgets in Country Y and exports them to Person A in Country X with an invoice for $100 per widget, although he only paid $10 per widget.
• Persons A or B go to a bank to obtain trade financing to finance the exportation or importation of 10,000 widgets at $100 apiece.
• Person A pays Person B the $1 million that is invoiced. By this transaction, Person A is able to move an excess of
$900,000 disguised in international trade.
95
Trade Price Manipulation
• Why so popular?
• Difficult to detect • Lack of accurate, timely data on goods and
commodities pricing in many jurisdictions • Volume of legitimate trade • Able to move funds across borders
• Key concern for institutions engaged in trade finance –
letters of credit, factoring, etc.
96
Trade Price Manipulation
• Red flags for TBML include:
• Payments to vendors in cash or wire transfers by unrelated parties
• Packaging inconsistent with commodity or shipping method
• False reporting on type, quantity or quality of commodities imported/exported
• Carousel transactions- repeated importation, exportation of same high-value commodities
• Trading in commodities that do not match business
97
Money Service Businesses
• Like banks and other financial institutions, MSBs are vulnerable for use by financial criminals. Some reasons for this include:
•Simplicity and certainty of transactions •Global reach of network of MSBs •Cash nature of initial steps of transactions •Fewer customer identification rules are imposed • Because of the high volume of customers, reduced possibilities of verification of customer identification • Customer relationships sometimes less formal, customers rotate
98
Informal Value Transfer Systems
• System for transferring value through exchange of
goods or currency from one person in one country to person in another country
• Not banks in the traditional sense
• Maintain their own financial accounts but do not rely on global financial system to move funds
• Common examples include: • Black market peso exchange • Hawala
99
BMPE
Narcotics proceeds in US dollars sold to
“cambistas” in US or Mexico
Cambistas swap dollars with
import/export businesses
Import/exporters or cambistas
purchase goods in US dollars
Goods transported or smuggled
Cambistas pay off narcotics rings in
pesos
Drugs smuggled into US and sold
100
Money Transfer through Securities Trading
• Trade in securities is multi-trillion dollar sector of global
economy, can be very difficult to monitor
• Securities trading can be used to launder and move criminal proceeds, also be manipulated to earn illicit proceeds
• More commonly used in layering, integration for money laundering, as in wash trading
• May involve complicity of broker or employee
101
Money Transfer through Securities Trading
• Common indicators of suspicious activity in securities
industry include:
•Changing share ownership when making cross-border transfer •Liquidating what would usually be a long-term investment within a short period •Using a brokerage account similar to a depository account •Opening multiple accounts or nominee accounts •Engaging in transactions involving nominees or third parties
102
Prepaid Cards and Financial Crime Risks
• Also called “stored value cards,” can represent easily
transferred, highly portable means to move funds • Sometimes can be obtained with less due diligence
than opening bank account or obtaining credit card
• Prepaid card fraud is sometimes tied to credit/debit card fraud and account takeover schemes- stolen cards and account value is used to purchase prepaid cards
103
Prepaid Cards and Financial Crime Risks
• Ways to mitigate prepaid usage for financial crime
include:
• Understanding how and why card will be used • Monitor reload activity, set limits on reloads • Identify source and location of reloads • Monitor number and type of cards issued to any given customer • Conduct due diligence to understand all parties involved in issuance of cards
104
Key Lessons
• Channels for illicit transactions are multilayered and
increasingly complex
• Professionals should be able to recognize key attributes, red flags in many payment and value transfer systems
• Understanding “normal” behavior in any given transaction, customer relationship is essential
105
Review Question
• You are an investigative professional who has been asked look in to an
import/export firm that specializes in tropical fruits, vegetables and other agricultural products. The firm is suspected of involvement in a trade-based money laundering operation.
You gather the following intelligence. What would be the best indicator of TBML, and a lead to focus your investigation?
a) The firm’s articles of incorporation do not list its beneficial owners
b) The firm has made large numbers of domestic wire transfers c) The firm has a number of invoices for exports of high-end
electronics d) The firm has received a letter of credit from a large, well-
known financial institution
106
Practice Question
A young woman who is a national of Country A, works as a caregiver for a family in the U.S. She sends much of her earnings to support her family back in Country A by giving the amount in cash to a local grocer, whose family heritage is also in Country A. Once the grocer receives the cash, he calls his partner who runs a market in one of the larger cities in Country A. From there, the young woman's family can pick up the money sent. What is the name commonly used to describe this form of remittance transaction? A. Cash transfer B. Hawala C. Referral Banking D. Black Market Peso Exchange (BMPE)
Your Questions
108
Please Join US for a Networking
Reception Courtesy Of