Post on 01-Apr-2015
transcript
Fighting Money Laundering Seven sound practices
Frederick E. Curry IIIDeloitte Financial AdvisoryServices LLPOctober 2, 2013
Crime Stoppers International
Copyright © 2013 Deloitte Development LLC. All rights reserved.2
1. Understand the quantity of money laundering risk at your organization
2. Confirm that policies, procedures, and controls address all products and services that you offer
3. “Know Your Customer”
4. Commit sufficient resources to AML compliance
5. Customize employee training to address money laundering risks
6. File required regulatory reports
7. Test your compliance program regularly
Seven sound practices
Copyright © 2013 Deloitte Development LLC. All rights reserved.3
• The Board and senior management should know the quantity of money laundering risk within your organization
• The U.S. Federal Sentencing Guidelines establish that risk assessments are a foundational element of a compliance program
• Products, services, customers, delivery channels, and geographies served should have a risk classification
• Relationships posing higher risks should be reviewed more closely at the inception of the relationship and frequently throughout the term of their relationship
• Key business stakeholders should be involved in the risk assessment process
Understand your money laundering risk
Copyright © 2013 Deloitte Development LLC. All rights reserved.4
Risk assessment
Geographies
Channels
Products & Services
Customers
• International Wires• Internet Banking• Large Cash/Large Dollar transactions• Private Banking• Int’l Correspondent Banking
•Face -to-Face Banking• Internet Banking•Agents
• OFAC•Areas of Primary ML Concern• FATF Non-Cooperative Countries
•
Typical Daily/Monthly Volume
•
Politically Exposed Person•
Industry / Occupation
•
Customer Geographic Location
•
Length of Relationship
EXAMPLES OF RISK MEASURES
RISK
•Areas identified in the annual International Narcotics Control Strategy Report
• Institutions should identify, measure and consider four main risk measures
• Based on the extent and the combination of the given risk measures, the overall risk of a customer can be quantified and differentiated through calibrated scales from Low to High
Copyright © 2013 Deloitte Development LLC. All rights reserved.5
Risk assessment matrix
Risk Factor Low Medium High
Customer Base Inherent Risk
Stable, known customer base
Customer base increasing due to branching, merger, or acquisition
A large and growing customer base in a wide and diverse geographic area
Product / Account Type Inherent Risk
Limited or no private banking, trust or asset management accounts
Limited domestic private banking, trust or asset management services
Significant domestic and international private banking, trust or asset management services
Transactional Inherent Risk
Limited number of funds transfers, third party transactions, and foreign fund transfers
Moderate number of funds transfers, limited international funds transfers with typically lower risk countries
Large number of funds transfers incl. noncustomers, PUPID transactions and high risk jurisdictions
Geography Inherent Risk
No transactions with high risk jurisdictions
Limited transactions with high risk jurisdictions
Significant volume of transactions with high risk jurisdictions
Inherent money laundering risk is assessed across four main risk areas. Multiple risk factors are evaluated within each to determine the overall inherent money laundering risk.
Copyright © 2013 Deloitte Development LLC. All rights reserved.6
Residual risk illustration
High Medium Low
Weak High Medium Low
Moderate High Medium Low
Strong Medium Low Low
Final AML
Controls
Assessment
Final Inherent Risk Assessment
Copyright © 2013 Deloitte Development LLC. All rights reserved.7
• Policies and procedures should be written, up to date and reviewed and approved by Board of Directors or other authority
• Policies and procedures should cover all products and services
• Policies and procedures should be commensurate with levels of compliance risks
• Policies and procedures should be implemented
• Policies and procedures must be effective!
Establish detailed policies, procedures,and controls
Copyright © 2013 Deloitte Development LLC. All rights reserved.8
• KYC is the basic tenet of an effective AML compliance program
• KYC procedures help protect the institutions good name
• KYC is an essential part of sound risk management
• KYC procedures should articulate customer acceptance standards
• KYC provides the basis for identifying unusual or suspicious activity
Know Your Customer (“KYC”)
Copyright © 2013 Deloitte Development LLC. All rights reserved.9
• Senior management is responsible for establishing an effective compliance function
• The compliance executive should be a member of senior management
• The board and senior management is responsible for ensuring the compliance function has the resources to carry out its responsibility effectively
• The compliance function should establish an annual compliance plan
Commit sufficient resources to compliance
Copyright © 2013 Deloitte Development LLC. All rights reserved.10
• Education is essential in managing compliance risks
• Training should be based on a formal training needs assessment
• Training should be tailored to the institution’s risk profile
• Leading practice is to train all employees at least annually
• The board and senior management should also receive compliance training
Customize employee training
Copyright © 2013 Deloitte Development LLC. All rights reserved.11
• Reports establish a paper trail for criminal investigations
• Regulatory reporting has been highly useful in warding off criminal prosecutions
• Regulatory reports must be accurate and filed timely
File required regulatory reports
Copyright © 2013 Deloitte Development LLC. All rights reserved.12
• It is important to independently assess the effectiveness of the compliance program
• Leading practice is to test the program annually
• The scope of testing should include all products and services
• A written report summarizing the findings should be provided to senior management and the board
• Compliance deficiencies should be logged and tracked to resolution
Test your compliance program regularly
Copyright © 2013 Deloitte Development LLC. All rights reserved.13
• Insufficient resources dedicated to compliance
• Inadequate KYC procedures
• Employees have not received relevant compliance training
• Unqualified compliance staff
• Failure to identify and periodically monitor high risk accounts or activity
• Lack of automated transaction monitoring procedures
• Poor record keeping
• Failure to file timely and accurate required regulatory reports
Most common compliance weaknesses
Copyright © 2013 Deloitte Development LLC. All rights reserved.14
Frederick E. Curry IIIPrincipalDeloitte Financial Advisory Services LLP555 12th Street, Suite 500Washington, DC 20004-1207+1 202 378-5171fcurry@deloitte.com
Deloitte Financial Advisory Services LLP
This publication contains general information only and Deloitte Financial Advisory Services LLP is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.
Deloitte Financial Advisory Services LLP shall not be responsible for any loss sustained by any person who relies on this publication.
About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.
Copyright © 2011 Deloitte Development LLC. All rights reserved.Member of Deloitte Touche Tohmatsu Limited