anti-money - AFMA · ANTI-MONEY LAUNDERING NOVEMBER 2006 1 D EBATE AMONG anti-money laundering...

Clearing thetraining hurdleBuilding an effective AML training program

MONEY LAUNDERING RISK Developing a risk assessment model

PRIVACY The Privacy Act meets the AML/CTF Bill

SYSTEMSIdentity resolution technology

anti-money launderingCOMBATING MONEY LAUNDERING IN FINANCIAL SERVICES

NOVEMBER 2006

BLAKE DAWSON WALDRONL A W Y E R S

BrisbaneCanberraMelbournePerthSydney

Port MoresbyShanghai

Associated OfficeJakarta

www.bdw.com

Stephen CavanaghPartnert > (02) 9258 6070e > [email protected]

Phil TrincaPartnert > (03) 9679 3258e > [email protected]

Jonathan GordonPartnert > (02) 9258 6186e > [email protected]

Our dedicated anti-money laundering team can adviseyou on all aspects of the AML legislation and equip yourbusiness to deal with its impact.

Our approach is simple – we cut through the complexity oflegal requirements and help you build the capability ofyour anti-money laundering team.

Our AML Team

For further information, please contact:

Process DesignDocumentation

Drafting and ReviewTrainingCompliance Audit

Mark RadfordPartnert > (02) 9258 6361e > [email protected]

Andrew YoungSenior Associatet > (02) 9258 5881e > [email protected]

Jade HarknessLawyert > (02) 9258 5761e > [email protected]

For more information on our compliance training services contact

Julian FenwickNational Business Development Managert > (02) 9258 6382e > [email protected]

EDITOR’S LETTER

ANTI-MONEY LAUNDERING 1NOVEMBER 2006

D EBATE AMONG anti-money launderingpractitioners continues, as industryawaits the passing of the new AML/CTF

Bill and Rules, scheduled for 7 December. For financial institutions still behind the eight ball,the next six weeks could provide a valuableopportunity to start the planning process and getahead. But, with the final details of the Bill still to be confirmed, what should firms be doing toprepare? According to industry practitioners,the answer is “a lot”.

Achieving senior management buy-in is thefirst priority. Overseas experience indicates thateducating the board of their new responsibilitiesand securing the necessary funding to implementan effective AML/CTF program is critical.AML/CTF project teams must develop a compelling argument to secure the necessaryresources and achieve a successful outcome.

Selling the business benefits of AML/CTF is acommon approach overseas and one likely to beadopted by local practitioners. The argument maintains that firms who invest in embeddingAML/CTF practice into their business are well-positioned to capitalise on flow on businessbenefits. These can include improved customerknowledge/data, streamlined technology systems,enhanced customer relationship management(CRM) and cross-selling opportunities.

In this month’s profile John Kavanagh meetsDavid Harley, senior manager, group fraud controlat Bendigo Bank (page 21). As Harley explains,the Victorian-based retail bank has already usedthis argument and initiated the AML/CTF process,“we are identifying synergies with both Basel IIand our IT business strategy and looking to implement parts of our strategy in a way that willprovide the building blocks to achieve strategicbusiness and IT benefits.”

This sentiment is shared by overseas institu-tions. Nadia Hoff, group money laundering controlofficer, Standard Bank, explains that firms success-fully engaging the business guarantee the bestchance of success: “the bank’s business units haveto stop treating AML/CTF as a compliance issue.”The South African bank has just implemented itsAML program in response to the South AfricanGovernment’s Financial Intelligence Centre Act(FICA), 2001. (page 14)

Whether financial institutions are able to turn such benefits into increased profits remains to be seen. However, the earlier an organisationaligns related compliance and business initiatives,the more likely it will be that it will reap dualbenefits and internal synergies.

For those unconvinced by the business benefits of AML/CTF, the prospect of last minutedecision-making leading to poor implementationand resultant reputation damage and customer attrition should be compelling.

Competition in the financial services sector hasput customer service back on top of the corporateagenda. Like their international counterparts,domestic financial institutions have invested mil-lions of dollars developing marketing campaigns,refining product channels and implementing CRMsystems to enhance customer experience. Yet,according to industry experts, AML/CTF has theability to undo this hard work.

As one AML/CTF expert explains, “Seniormanagement should be made aware – if not imple-mented correctly, additional customer due diligenceand KYC requirements have the potential to leavecustomers feeling frustrated and dissatisfied.Customers, and the front office staff that speak tothem every day, need to understand why they arebeing asked to collect additional information.”

The impact of AML/CTF on the customer is a serious concern for many banks. Several arerumoured to be implementing dedicated customerservice teams, specifically trained to deal withinstances where additional know your customer(KYC) information must be obtained from a client.

Similar initiatives have been successfullydeveloped overseas. As Joe Garbutt explains in thismonth’s Insight column, during the UK’s AMLreforms one bank installed a dedicated KYChelpline (page 37). Sitting within the AML/CTFunit, the helpline provides front line staff with afirst port of call when facing complex questionsregarding account opening and suspicions.

Firms that respond promptly to the Bill and implement enterprise-wide training programswill be well placed to deal with customerissues/enquiries.

While numerous delays to Australia’sAML/CTF reform have done little to create certainty in the market, there is one thing of which AML/CTF project officers can be sure –reform is on its way and once it arrives, time and expertise will both be in short supply. Firms that plan ahead will be well-placed to capitalise on the potential benefits of their implementation and ensure a seamless integration.Those that don’t could face the prospect of costly implementations and the churn of confusedand dissatisfied customers. ■■

Time to plan

By William SandersEDITOR

CONTENTS

NOVEMBER 2006 ANTI-MONEY LAUNDERING2

FEATURES

16 COVER STORY: CLEARING THE TRAINING HURDLEBY ANGUS KIDMAN

Implementing a successful anti-money laundering program poses an organisationalchallenge on several levels. While many financial institutions easily identify the techno-logical and broad process challenges involved in such a task, a surprising number stumblewhen it comes to one of the most fundamentaldelivery mechanisms: training staff.

21 OPPORTUNITY KNOCKSBY JOHN KAVANAGH

While the challenges ahead for financial institutions are apparent, the business benefitsof implementing an anti-money laundering program are harder to see. Streamlined technology, improved customer data and newrevenue streams are some of the potential benefits of an effective implementation.

26 PRIVACY TENSIONBY ANNE LAMPE

In the fight against money laundering, information is imperative. But as banks acrossthe region establish their customer informationcollection procedures, privacy campaignershave again raised concerns over how this information is collected, stored and used.

31 BUILDING THE RAM TO PROTECT YOUR BUSINESSBY EMILY BRAYSHAW AND JULIE BEESLEY

Building the right risk assessment model (RAM) is crucial to the success of every firm'santi-money laundering and counter-terrorismfinancing program. Lacking an appropriate RAM will leave a firm vulnerable to abuse bymoney launderers and terrorist financiers – and the regulator's wrath.

Cover Illustration by Elly W

alton16

31

3446

21

26

CONTENTS


REGULARS

4 NEWS

– FTRA amendments closely watched– The virtual money laundering threat– Fiji/Australia sign AML agreement – AML costs to hit New Zealand– Assessing criminal behaviours– Searchspace becomes Fortent

6 LONDON CALLING ‘AVE A WORDBY CHRIS HAMBLIN

What a difference a word makes! The omission of a single word in the Proceeds of Crime Act (PoCA)might yet doom the entire suspicious transactionreporting process in the United Kingdom.

8 IN EUROPINION SLIPPERY SHOESBY JULIE BEESLEY

Recent headlines from Europe flag both the usual(investment properties) to the more unusual (shoe shop) businesses when considering moneylaundering and terrorist financing risk.

10 STATE OF THE NATIONHOUSE SUBCOMMITTEE GRILLS REGULATORS ON MSBSBY BRETT WOLF

The few US banks that have not closed the accountsof money services businesses because of complianceconcerns are now considering taking such action.

10 INSIDE STORYA ROSE BY ANY OTHER NAMEBY KENNETH RIJOCK

Differences in international naming conventions provide a perfect hiding place for money laundererswishing to conceal their identity.

13 OPINION PLEASE, START WITH THE CRIME, IT WILL PAY OFFBY JOY GEARY

Financial institutions cannot effectively protect themselves from the risks associated with moneylaundering unless they understand what classes ofcriminals are likely to use their products and services.

34 REGIONAL REVIEWTHE GREAT KIWI CONVERSION BY CARL FREDRIKSEN AND GARY GILL

With Australia’s recent raft of anti-money launderingreforms dominating headlines in the local trade press,similar moves afoot across the Tasman have, to a largeextent, managed to slip beneath the media radar.

37 INSIGHTMAKING THE GRADEBY JOE GARBUTT

Developing an effective training and education program is an essential component of any AML program. But what steps do financial institutionsneed to take to ensure they make the grade?

39 TERRORIST FINANCINGTERRORIST FINANCING … WHAT RISK?BY MICHELLE HANNAN

Reporting entities should not assume that moneylaunderers and terrorist financers operate in thesame manner and must develop separate anti-moneylaundering and counter-terrorist financing programs.

42 TOOLKITEXPLOITING THE INTERNET FOR AMLBY JOHN PYRIK

Financial institutions looking to meet know your customer and due diligence obligations are increasingly turning to an underutilised desktopresource: the internet.

44 TECHNOLOGYGETTING TO KNOW YOUBY BRENDON SMYTH

Identity resolution technology has found an interesting application in the fight against moneylaundering. Financial institutions are now able to map relationships between individuals and organisations to create a 360 degree view of a customer.

46 PROFILEREGIONAL CRIME FIGHTINGBY JOHN KAVANAGH

David Harley, Bendigo Bank’s senior manager groupfraud control has the task of developing the bank’santi-money laundering program and rolling it outacross its community branch network.

48 CASE NOTESWHOLESALE MANAGED FUNDS: THE RORSCHACH EFFECTA case of suspicious activity within a wholesale managed fund.

NEWS

F INANCIAL INSTITUTIONShave until December 14 to put in place measures to improve

the information provided with wire transfers, following the passing of the Financial Transaction ReportsAmendment Bill.

The Bill includes a provision that requires customer information be included on all international fund transfer instructions,

both in and out of Australia. The requiredinformation includes name, address (not a PO Box), date of birth and either the customer’s account number or some other unique identifier.

The Anti-Terrorism Act (No. 2, 2005),which is driving the FTRA amendments,also includes a provision that AUSTRACmust maintain a register of remittanceproviders. This register is likely to be

closely followed by the financial servicesindustry, which will be required by the forthcoming AML legislation to conductenhanced due diligence of alternative remittance dealers. The US has a similar register of what it calls ‘Money ServicesBusinesses’. Some banks in the US haverefused to deal with such businesses because of the perceived regulatory risk andadditional compliance requirements. ■■

T HE AUSTRALIAN AND FIJIAN Governments have signed a memorandum of understanding forAustralia to share its expertise in anti-money

laundering with the island nation. Fiji’s Minister for ForeignAffairs and External Trade, Hon Kaliopate Tavola said“Ongoing technical assistance is needed to ensure an effectiveimplementation of international AML/CTF obligations”.

As a result of the agreement Fiji will benefit from theAnti-Money Laundering Assistance Team (AMLAT), whichwas set up in 2005 to assist Pacific island countries to developanti-money laundering and counter-terrorism financing sys-tems. The team has funding from the Australian Governmentof $7.7 million over a four-year period. The agreement withFiji will see two AMLAT project staff based in Suva, with anadditional five based in Canberra undertaking country-specificand regional technical assistance and training work. ■■


FTRA amendments closely watched

Fiji/Australiasign AML agreement

AML costs to hit New Zealand

F INANCIAL INSTITUTIONS in New Zealand are bracing themselves for the cost of complying with the anti-money laundering legislation set to be introduced to the New Zealand

Parliament early next year. The New Zealand Government first announced it would introduce

new laws to help it meet Financial Action Task Force (FATF) standardsin February 2005.

The Government says while there is currently no evidence of terrorist financing in New Zealand, it “refuses to be a possible weaktarget for international criminals and terrorists”.

The Government is overhauling New Zealand’s Financial TransactionsReporting Act 1996 to incorporate groups outside the financial sector, torequire more stringent checks on customer identity and verification, and tonecessitate more detailed record keeping, reporting and monitoring.

The Government has been criticised by compliance analysts forpoor consultation with business, particularly in relation to the likelycosts of the changes. However, Justice Minister Clayton Cosgrovemaintains that “Most people will not be directly affected in their ordinary financial transactions and will not notice any significantchange under the proposed regulatory changes.” ■■

EDITORIAL

EDITOR: William [email protected]

CONTRIBUTING EDITOR: Emily Brayshaw

SUB-EDITORS: Siobhan Brahe, Leah Ingram

CONTRIBUTORS: Anne Lampe, Charis Palmer, Angus Kidman, John Kavanagh

PRODUCTION AND DESIGN

CREATIVE DIRECTOR: Jo Fuller

PRODUCTION MANAGER: Fiona McLennan

PHOTOGRAPHY: Craig Newell, See4

PUBLISHINGREGIONAL SALES MANAGER: Diana Zdrilic – Tel: + 61 2 9776 [email protected]

ANTI-MONEY LAUNDERING MAGAZINE IS PUBLISHED SIX TIMES A YEAR BY

AFMA Services – Level 3, 95 Pitt Street, Sydney NSW 2000.GO Box 3655, Sydney NSW 2001 Tel: + 61 2 9776 4411 Fax: + 61 2 9776 4488

www.afmaservices.com

Disclaimer: This publication is designed to provide accurate and authoritative information in regard to the subjects covered. It is distributed with the understandingthat the AFMA Services is not engaged in rendering legal, accounting or other professional service. If legal advice or other expert assistance is required, the services of competent professional persons should be sought.

anti-money laundering

SUBSCRIPTION ENQUIRIES: Annual Subscription: $595 +GST Tel: + 61 2 9776 7923

This publication is copyright. Other than for the purposes of, and subject to the conditions prescribed under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system, or transmitted without prior permission. Enquiries should be addressed to AFMA Services.

NEWS


V IRTUAL ONLINE COMMUNITIEShave the potential to fall under the radar of anti-money laundering activities,

according to the head of the Australian High TechCrime Centre, Kevin Zuccato.

Zuccato said the virtual economy that takes place inside online worlds, such as Second Life,cannot be traced by groups such as AUSTRAC,thus they could become a useful tool for organisedcrime groups. Second Life made headlines inSeptember when a hacker breached its database,which contained real-world personal information. The organisation that runs Second Life said that while it had encrypted the passwords and paymentinformation of users of the service, personal information such as names and addresses was not. ■■

A ML TRANSACTION moni-toring leader Searchspace has recently been re-branded

as 'Fortent'. The Searchspace name will

continue for the AML monitoring product, but the Fortent Company has also introduced a KYC offeringsolution and is developing additionalproducts and services for their globalFinancial Crime software platform. The Searchspace AML transactionmonitoring solution has been endorsedby the American Bankers Association(ABA) as the 'platform of choice'

for its Enterprise Bank members.“As we continue to extend our

software offering across KYC, AML,fraud and case management we wantedto create a new global brand that recognises the fact that we do morethan just AML transaction monitoring,”explained Nigel Peach, Director,Fortent Australia. “The market drive for global compliance solutions meansthat software companies will need tohave an extended offering to address all areas of financial crime, and theFortent product line now addresses this market.” ■■

Searchspace becomes Fortent

D EVELOPING AN EFFECTIVErisk-assessment methodology is one of the toughest challenges

facing reporting entities captured by theGovernment’s new anti-money laundering and counter-terrorist financing (AML/CTF)Bill, according to Joy Geary, a lawyer andAML adviser to several Australian banks.

Addressing a group of anti-money laundering practitioners at the recent launch of Applied AML, an AML compliance solution developed by Joy Geary, theAustralian Financial Markets Association(AFMA) and the University of Melbourne,Geary stressed the importance of developing a risk methodology that incorporates indicators of criminal behaviour.

“Institutions new to this space often view money laundering from a risk management perspective,” explained Geary,“basing risk assessments on product featuresand functionality.”

Banks that adopt this approach, Gearyargued, run the risk of assigning misleadingrisk weightings that don’t necessarily reflecthow financial products are being used in criminal circles.

Michelle Hannan, University ofMelbourne, who developed Applied AML’s riskmethodology maintains that risk assessment hasto begin with an understanding of the activities

that give rise to the risk. Applied AML incor-porates a comprehensive risk framework basedon criminal behaviours and indicators.

“Our approach to money laundering riskassessment is driven by the activities that generate money laundering risk,” explainedHannan. Hannan, a criminologist, has spentover five years examining global trends inmoney laundering and terrorist financing.

“From a functional perspective you mightargue that nearly all financial transactions thatinvolve value transfer pose a moderate risk ofmoney laundering. To make a meaningfulassessment of risk, reporting entities shouldunderstand which products money launderersprefer to use, how they use them, both now andin the future,” stated Hannan.

Geary explained the concept by compar-ing financial products to guns. “A gun initself is not dangerous. Even the function of agun is not dangerous until it’s in the hands ofthe wrong individual. In the wrong hands itcan be lethal. The same can be said about

financial products and money laundering risk.The function of the financial product mightincidentally make it more attractive to moneylaunderers, but the financial product does notcause money to be laundered until it is usedby a criminal for that purpose.”

Understanding criminal behaviour can also assist banks prioritise investigations.“From a functional perspective a productcould be viewed as moderate to high riskbecause it has certain features,” explainedHannan. “But if you know that this producthas never been used to launder money here or overseas you might decide that this doesn’tpose the same money laundering risk as a product with very similar functional specifications, which is being specifically targeted by criminals.”

Applied AML consists of a series ofeditable templates, a blue-print AML and CTFtoolkit that can be tailored to meet individualorganisations requirements in line with theirrisk-based approach. The solution alsoincludes a comprehensive KYC framework,with customer acceptance processes tailored for retail and wholesale financial products,insurance, hedge funds and funds management.

Applied AML is available from early 2007. For further information and aproduct brochure contact, Diana Zdrilic on 02 9776 7923. ■■

Assessing criminal behaviours

The virtual moneylaundering threat

A GUN ... IN THE WRONG HANDS IT

CAN BE LETHAL. THE SAME CAN BE

SAID ABOUT FINANCIAL PRODUCTS

AND MONEY LAUNDERING RISK.

NEWS


Customer service:

the objective of every City bank

THE UK'S reporting process is as draconian inpractice as it could be towards banks and moneylaundering reporting officers. Dire punishmentsawait the hapless money laundering reportingofficer (MLRO) if he neglects to harbour a reasonable suspicion of his client and freeze hismonies forthwith (note: pompous City financierslove to call their customers 'clients'; it was theRoman word for freed slaves).

Once the money is frozen, the MLRO hasto wait for government consent to resume thetrading relationship. In the meantime, he and hisbank have to lie to the customer (the computer'sdown, the man who deals with your account ison holiday, all the civilly actionable usual) orface five years inside for tipping them off.

In last month's edition of London Calling,we recounted the story of the Crown ProsecutionService's (CPS) latest sacrificial goat: StephenJudge of City Index, who allegedly offendedagainst s336 of Proceeds of Crime Act (PoCA)by processing an illegal transaction — and afterhe had sent a report and frozen the funds, toboot. The Financial Services Authority forbidsits authorised people to take out insuranceagainst fines, so the CPS had a relatively help-less target in its sights. Why, then, did it drop thecase without one real word of explanation?

Back to the textsThe answer might lie in the text of s336 itself.A quick look at Complinet Rulebooks tells usthat the MLRO must not consent to the doing ofa prohibited act unless (among other things) hemakes a disclosure that property is ‘criminalproperty’ to the police, who then give him con-sent to go ahead with the act. There is a morato-rium period in case the police do not answerback, but this is irrelevant here.

The MLRO can only be prosecuted unders336 if he deals in ‘criminal property’ and if,at the same time, the consent issue is in rela-tion to a prohibited act under ss327-9. Thesesections are the ones that make it an offence toconceal, disguise, convert, transfer or remove‘criminal property’ and do various other thingswith it. So what is criminal property?

In ss327-329 one can only commitoffences that pertain to criminal property. Thephrase dominates subs1 of each of those sec-tions. According to s340(3), criminal propertyis a person's benefit from criminal conduct.We therefore have an important question toanswer: is there some objective test thatapplies to criminal conduct?

The answer appears to be no. Section 76says that criminal conduct is conduct which(a) constitutes an offence in England andWales, or (b) would constitute such an offenceif it occurred in England and Wales. It is thesame with the Northern Ireland definition ins224 and the Scottish one in s143 and the onefor the whole of UK in s413.

The crucial section?Perhaps s340 has the answer. It says thatproperty is criminal property if it constitutesor represents a person's benefit from criminalconduct AND if the alleged offender knows orsuspects that it constitutes or represents such abenefit. In other words, it does not matter ifthe offender knows; property has to be derivedfrom a real crime to be laundered property.Did the Act's draftsmen forget to change theword in s340(3)(a) from 'and' to 'or'?

Public debate on this subject has yet toemerge; it is not for nothing that the UK isknown as ‘the Albania of Western Europe’.The secrecy in which prosecutions – evenfailed prosecutions – occur in the UK is legendary. Every inquiry into the smooth

functioning of a government department orquango is a risky foray into forbidden territory,full of delicate problems for certain specialpeople who are evidently more important than the general public. The CPS is unlikely to explain its decision to drop this 'case ofcases' unless absolutely cornered.

The outcome of such a flaw in the Act, ifindeed one exists, is not in doubt. Parliamentwill pass an order to change 'and' to 'or' on thenod. It would be an irony, indeed, if the UKwere to impose its first legally viable obliga-tion to report on banks in a tiny order enactedafter a 60-day wait on the noticeboard in theHouse of Commons. The CPS, meanwhile, isplanning to recruit another 17 barristers andwants to be seizing criminal assets worth£250m a year by 2010.

Stephen Judge's other nemesisThe Financial Services Authority finallyrevoked its old money laundering ‘source-book’, or set of rules, replacing it with thevague pronouncements of its systems and controls ‘sourcebook’ earlier this month.

This sensible piece of surgery finallyexpunged the FSA's pale imitation of the UK'sMoney Laundering Regulations, which will goon as before and which the FSA will continueto expect firms to observe. These regulatory'crib-notes' added little to the fight againstmoney laundering when they came out, failingto convince even the Treasury, which owns theonly share in the private company that is theFSA, that its creature was doing enoughagainst the laundrymen.

From now on, money laundering reportingofficers throughout the UK will be expected tomanage the risks that the FSA wants them toassociate with money launderers and terroristfinanciers. The new regime is expected to

‘ave a wordWhat a difference a word makes! We've seen it before in the UK'sProceeds of Crime Act, and we might be about to see it again. The omission of a single word, in fact, might yet doom the entiresuspicious transaction reporting process to failure

LONDON CALLING

By Chris HamblinEDITOR-IN-CHIEF

COMPLINET

CONTINUES PAGE 30 ��

NEWS


R ECENT HEADLINES fromEurope flag both the usual (investment properties) to the

more unusual (shoe shop) businesses when considering money laundering and terrorist financing risk.

On 8 September, a reputed Mafia leader from Naples was arrested in London's East End, where he owned a shoe store.

Raffaele Caldarelli has been a fugitive for seven years. He was sentenced in absentia to 20 years in an Italian prison.Investigators alleged that Caldarelli was still a crime boss in Naples even though he and his wife had lived in London for atleast three years. Italian police are now trying to determine if he has been involved in money laundering since his move to England.

Caldarelli is allegedly the head of a large criminal organisation with about 6,000 members based in the poverty-strickenMercato neighborhood of Naples. The groupis reported to be the most international of allthe Italian clans, with affiliates across Europeand America, links with cocaine cartels inSouth America and personnel in Australia.1

In France, the prolonged court case of four years, known as “Sentier II”, has prompt-ed calls for France's 1996 money-laundering legislation to be clarified.

The case concerns an alleged fraudscheme by clothing merchants in the JewishSentier district of Paris, who were suspected of laundering thousands of stolen or fraudulent

cheques in French francs with an estimatedworth of EUR 70m. The cheques were allegedly sent to Israel, where they could be signed over to new beneficiaries and exchanged for local currency,before being returned to France through the international correspondent banking network and cleared by French banks.

A French judge has recently ordered top executives from the four banks involved,Société Générale, Barclays France, SociétéMarseillaise de Crédit (owned by HSBC) and the National Bank of Pakistan, to appear in court. The bankers are not accused of enriching themselves, but are being held responsible for failing to enforce stringent anti-money laundering laws at their banks that potentially would have stopped or uncovered the alleged clothing merchant’slaundering scheme. The case continues.2

In Spain, 13 people were arrested and seven properties searched in connectionwith a money laundering ring based in Vélez-Málaga. It appears that more than EUR 2m, obtained allegedly from drug trafficking, was laundered through investment in property and luxury vehicles. As well as making the arrests the NationalPolice seized 18 properties, mainly large villas, and at least 25 vehicles, as well as EUR 12,000 in cash. A real estate office in Vélez was among the premises searched.

One of the most surprising details the case uncovered is that one of the men paid monthly instalments on no fewer than 15 mortgages, despite his only official income being a benefit of 240 Euros.3

Airline travel was not the only thing that changed in the wake of theSeptember 11 terrorist attacks. The worldchanged in many ways for general aviationand aviators, including European pilots.

New requirements for pilots,particularly Europeans who come from outside the U.S. to train, have led to a decline in the number of European studentsand a loss of business for US aviation schools. The requirements (including mandatory background checks and finger-printing for those training in the largest aircraft) were put into place after the government learned that the September 11 terrorists had trained at US flight schoolsbefore the attacks. More European flightschools have since been set up to give pilots other options for training.

How the US government treats certifiedpilots has also changed. Pilot certificates now include security enhancements to makethem difficult to counterfeit. They include a hologram and graphics on a plastic card,which replaced the paper document. In addition, the US registry for aircraft and airmen is being scrubbed on a constant basis and compared with watch lists.

Moreover, following US industry guidelines, manufacturers are now watchingfor suspicious activity or money launderingwhen they sell an airplane.4 ■■

Slippery shoes

Italian shoes, French clothing, Spanish villas and Europeanpilot-training schools. Julie Beesley explores a range of businesses hitting the headlines in Europe

IN EUROPINION

By Julie BeesleyASSOCIATE DIRECTOR,

KPMG FORENSIC

1 Source: United Press International

2 Source: The Financial Times, Europe

3 Source: Sur, Spain

4 Source: The Wichita

10 reasons why you should use Complinet to reduce risk:

Up to date news through the International AML News service providing you with the latest Money Laundering issues and news with in-depth analysis from leading industry experts

Reference material, where available, on the rules relating to AML and CTF specific to your jurisdiction

Client screening services to help reduce exposure to unacceptable clients and transaction activity

AML training – with over 50,000 training users worldwide Complinet can customise e-learning courses making them relevant to your organisation and jurisdiction

Trusted supplier with 1300 corporate clients and 15,000 individual subscribers who access Complinet’s online services every day

International reach with offices in London, New York and Dubai

Free trials available for all services so you can try Complinet with no obligation for 14 days

Topical and relevant conferences and events run in various locations and regions throughout the world that attract the world’s most knowledgeable speakers

Excellent references and testimonials from the worlds leading financial institutions giving you peace of mind that you use the same service as your peers

70 percent of the Global Fortune 500 Banks use Complinet.

2

45678910

Do you need more reasons to speak to us?

Of course not so call today on +44 (0) 870 042 6410 or email [email protected] and we’ll set you up with your free 14 day trial.

Alternatively visit www.complinet.com and simply register online for your free trial.

NEWS


CONCERNED THAT banks closingthe accounts of money services businesses (MSB) could become a full-

blown crisis, a US House of Representativesfinancial services subcommittee recently grilledregulators on their plans to reverse the trend.

Representative Carolyn Maloney,(Dem-New York), asked a regulatory panel:“You’ve been talking about this problem foryears, what action are you taking?”

Maloney did not need to convince anyoneof the need for action, however, as the regulators made clear their own concerns.

Diana Taylor, New York’s banking superintendent, told the congressmen that 29 institutions provide services to moneytransmitters in her state, with two banks offering nearly half of these relationships.

“Only 12 banks provide services to check cashers, and 87 per cent of our licensedcheck cashers do business with only two ofthese banks. The two banks that are mostactive in providing services to money transmitters are currently considering exitingthis business,” she said.

The problem is that banks believe theyare obligated to consider MSBs high-risk customers for the purposes of BSA/AMLcompliance, and some examiners reportedlyhave advised banks to close MSB accounts in recent years. A desire to avoid attractingregulatory scrutiny from being ‘the bank thatoffers services to MSBs’ has led to a panickedfrenzy of account closures. The due diligencenecessary to hedge against the risk of regula-tory fines, let alone actual money launderingactivity, is considered too costly to make theMSB accounts worthwhile.

But without banking services, the MSBscannot function, and when enough of themhave closed, it becomes a crisis for their customers. In the United States, MSBs are

frequented by people who do not have bankaccounts. Often these people are recent immi-grants living in ethnic, urban areas. Thesepeople depend on MSBs to cash their checksfrom work, and to wire money to their fami-lies in their countries of origin. The failure ofthe MSB system could prove devastating.

Interpretive guidance not influentialThe Financial Crimes Enforcement Network(FinCEN) has attempted to ease banks’concerns about MSBs, but to no avail. Lastyear, as MSBs struggled to maintain accountsat banks, FinCEN hosted a fact-finding meet-ing during which representatives from MSBsand the banking industry, along with govern-ment regulators, voiced their concerns. Basedon the information gathered at the meeting,FinCEN and the federal banking regulatorsissued an ‘interpretive guidance’ in April 2005aimed at stating their anti-money launderingcompliance expectations. Unfortunately, thatdocument had little impact.

More guidance the answer?On March 10, FinCEN published an advancenotice of proposed rulemaking to solicit fresh facts about the situation, as well as recommendations about the extent to which a further round of regulatory action mightaddress the problem.

Back at the House, Ann Jaedicke, thedeputy comptroller with the Office of theComptroller of the Currency, was the favouritetarget for the subcommittee’s most stingingquestions. She said that when FinCEN's comment period closes, the OCC will revisit the issue.

“We should take a hard look at the comments that come into FinCEN and see if there are changes that can be made to the

[interpretive] guidance. I think our duty andobligation is to provide clear guidance aboutour regulatory expectations,” she said.

Jaedicke said that banks might need more guidance as to which MSBs could beconsidered low-risk, a topic touched upon inthe interpretive guidance.

“Not all MSBs are risky and most MSBshave never been tainted by or associated with money laundering. Some are nationallyrecognised and respected companies that havestrong AML programs and are licensed andsupervised, while others are small businessessuch as local grocery stores whose products,services and customer base present little to no risk of money laundering. The challengefor all of us is to ensure that banks recognisethese differences and that our supervisoryexpectations, with respect to MSB accounts,are clear,” she said.

To legislate or not to legislate?Representatives repeatedly asked the regula-tors if new laws were needed to prevent banksfrom blacklisting MSBs. The regulatorspolitely, and repeatedly, declined.

“Are you powerless to stop this?” askedRepresentative Spencer Bachus (Rep-Alabama).

“I hope not, sir,” Jaedicke answered.Realistically, reversing the trend will

probably be impossible without legislation orsome kind of incentive program. To the degreeregulators are able to help MSBs regain bank-ing relationships, the process is likely to moveslowly and deliberately.

The MSB plight in the United States is agood lesson for foreign jurisdictions developingpolicies to combat money laundering and ter-rorist financing. Both legislators and regulatorsmust be careful not to create a panic over anyparticular industry that is viewed as high-risk.The damage may well be irreversible. ■■

House subcommittee grills regulators on MSBsBank Secrecy Act/anti-money laundering (BSA/AML) compliance concernshave seen most US banks close the accounts of money services businesses,effectively freezing them out for fear of their being high-risk. This, however,has created another set of problems altogether

STATE OF THE NATION

By Brett WolfMIAMI CORRESPONDENT,

COMPLINET

INSIDE STORY

C OMPLIANCE and money launderingreporting officers in Europe (or its ex-colonies) are from societies that

overwhelmingly share a common approach to identifying and naming their nationals. As a result, they often struggle to appreciate the important differences that exist in othercultures taking a different approach. As a rule,they do not use the first name, middle nameand surname (family name) convention.

Money launderers, however, recogniseand capitalise upon this difference, and unlesscompliance officers are knowledgeable on thistopic, inaccurate or incomplete identificationof customers may be the unfortunate result.Failure to obtain the correct legal name of anew client is compliance malpractice. In this,the first article of our series, we endeavour toensure that it does not occur in your office.

Names in Latin America, with rare exceptions, are influenced by the countriesthat originally settled them e.g. Spain andPortugal. We shall start with Spanish namesand their unique characteristics.

Complete Spanish names for males consist of:

• First name• Middle name• Father’s last name (paternal surname)• Mother’s last name (maternal surname).

Thus, a typical name would be:Jaime Antonio García Lopez. He will refer to himself as Señor (Mister) García, not Sr. Lopez. Sometimes, the mother’s familyname is abbreviated in daily use: JaimeAntonio García L. There may also be multiple middle names, such as: Jaime JoseAntonio García Lopez (although this is the exception rather than the rule) or no middle name at all.

It is thus critical to obtain the full namefrom an official identification document, suchas a passport, or national identification card,with a photograph affixed. We strongly sug-gest that two official forms of identification be required, and that photocopies be retained.

As in any culture, a customer may beknown by a short form of his full first name,or by an affectionate or diminutive form, oftenreferred to as a pet name. For that reason, wemust insist upon government-produced formsof identification, as counterfeit unofficial, andeven official, identification is easily obtainedin countries with rampant corruption, such assome countries in Latin America.

Complete Spanish names for marriedfemales generally (but not always) contain:

• First name• Middle name• Father’s last name (paternal surname) • Husband’s father’s last name, preceded

by the Spanish word ‘de’ meaning ‘of’.

Compliance officers in Europe and NorthAmerica often mistake a male’s maternal sur-name as his last name. This can prove to be atruly unfortunate error if the new customer laterturned out to be a known narcotics trafficker,money launderer, corrupt politically exposedperson (PEP), or even terrorist financier. Check,and double-check to ensure you have it right.

Remember also that Spanish contains adiacritical mark called a tilde, which is theunique curved accent over the letter ‘ñ’ thatgives the word a ‘ny’ pronunciation. Manynon-Hispanic fonts do not contain this term,while others substitute a symbol for the letter.It is important to learn how your informationsystems and databases will handle this.

Is Portuguese the same? After all, it is the official language in Brazil, also in Latin

America. Portuguese names follow the formatin common use in most European andEnglish-speaking countries, to wit: first name,middle name and last name. So don’t confusethe Portuguese format with the format ofSpanish names.

Here are some helpful hints:• The full name, including middle name,

is critical; otherwise there is a chance of two or more customers with the exactsame name.

• Official identification documents – such aspassports – are vital as a first know your cus-tomer step. Bear in mind, however, that thereis a flourishing trade in counterfeit passports,so it is vital that you verify the authenticity ofthese documents by using an independentsource like World-Check. Its new Passport-Check service will reveal in seconds thelegitimacy or falsehood of the document.

• The nationality of the individual will tellyou how to interpret the name; find this outfirst so you will know what to look for inthe name and correctly identify them. ■■

Kenneth Rijock is believed to be the only formerbanking attorney-turned career money laundererwho actively consults with law enforcement and the financial community. He has more than 25 years’ experience in the field of moneylaundering, as a practicing ‘laundryman’, financial institution compliance consultant, and trainer/lecturer to law enforcement and theintelligence services of both the United Statesand Canada. After serving as a banking lawyerin an international law firm, he spent thedecade of the 1980s as a money launderer andadvisor to narcotics trafficking organisationsoperating in North and South America. Whilstserving a federal prison sentence for racketeeringand money laundering, he assisted with the first joint Swiss-American money launderinginvestigation of bankers and lawyers, whichresulted in a major seizure of the proceeds ofcrime. Kenneth writes a daily AML column. Formore information visit www.world-check.com


A rose by anyother name?In this month’s Inside Story, Kenneth Rijock explores international naming conventions and how money launderersexploit the inconsistencies to hide their true identity

By Kenneth RijockFINANCIAL CRIME CONSULTANT

WORLD-CHECK

OPINION


I T IS DEEPLY PUZZLING to see so little discussion in currentglobal AML literature or conference programs of the crimes thatunderpin money laundering. While it is appropriate to focus on

compliance requirements, frameworks, monitoring systems, risk assessments, risk-based approaches, audits, reporting, governance etc.,there has been little said about the starting point for the entire sphere of regulatory activity.

The factual sequence involved in laundering money is as follows.A crime is committed that generates money. The criminal needs tochange the quality of the money from illegitimate to legitimate. At some point the money enters and moves around the financial system.It may ultimately leave the financial system through the acquisition of an asset, or it may stay long-term safely disguised or hidden fromview via a complex journey across borders and banks. For a financialinstitution, the legal, compliance and regulatory risks begin from themoment the money enters the financial system, and it is from theserisks that it must protect itself.

Back to the starting point – the crime. The Darwinian principle ofsurvival of the fittest is a good metaphor for the criminal approach tolaundering money. Criminals are intent on survival and success, and ifthey find a way to do something that works they will tend to continuein that mode until there is a threat of failure. One sector of crime willhave evolved by accident into using methods A, B and C whilst anothersector may have evolved into using methods X, Y and Z. Just like evo-lution is repetitious until the environment forces a change, both sectorsof criminals will continue using their particular methods until the risksof detection are too great. Then they will evolve to a new approach.

There are many different classes of criminal, and each has theirpreferred money laundering approach. Criminal habits differ by country and by crime. A financial institution cannot protect itself fromthe risks associated with money laundering unless it knows what classesof criminals are likely to use its products and services, and how theylaunder their money. Understanding this information will allow it tocalibrate its risk mitigation and event detection systems and networks to detect the events and activities that either carry a higher risk of beingassociated with money laundering or which are money laundering.Unfortunately, most discussions around money laundering risk assessments jump the question of how criminals are doing it, jump

the question of what would be the resultant business indicators andfocus on products and customers – this is worthwhile knowledge,but it is knowledge in a vacuum.

However, this information is not easy to obtain. The simplisticexplanation is that because successful money laundering goes undetected,no one knows this information. Conversely, unsuccessful money laundering is what is repeated in FATF-type (Financial Action TaskForce) money laundering typologies. But this simplistic explanation is not persuasive. The process of catching and prosecuting criminalsmeans that much data is gleaned about their financial habits. Further,academics devote careers to the study of the behaviour of criminals.Financial intelligence units such as AUSTRAC spend the significant public resources allocated to them on receiving and analysing suspiciousactivity reports. All this activity must produce some understanding of the ways that different sectors of criminals launder their money.

The lack of ready access to current information of this nature is a material flaw in the way the new anti money laundering and counter-terrorist financing laws are being propagated in Australia and overseas. The proposed Australian laws do not impose a clear obligation onAUSTRAC to provide this information to reporting entities, suitablydisguised. They instead expect reporting entities to conduct riskassessments and monitoring transactions based on no information other than that received annually from FATF and The Egmont Group.This data is already dated when it goes to print and does not help with country-specific differences. Assistance regarding the currentmethods that criminals of different types are using to move money and assets would be of huge help.

Reporting entities need a global information service devoted to the production of real-time information about the successful moneylaundering methods in use by different sectors of criminals. If this information is not known, then how can the regulatory systems expectreporting entities to detect it? If this information is known, but lawenforcement are not prepared to release it or are prevented from releasing it, then what is the policy basis for imposing a compliance burden on reporting entities that they cannot meaningfully discharge? ■■

Joy M Geary is an AML & CTF adviser based in Australia. Joy can be contacted on: [email protected]

Please, start with thecrime, it will pay off

Understanding criminal behaviors could prove to be an invaluabletool in the fight against money laundering, Joy Geary argues.Financial institutions cannot effectively protect themselves from therisks associated with money laundering unless they understand whatclasses of criminals are likely to use their products and services

By Joy M GearyAML/CTF ADVISER

SPONSORED FEATURE


S TANDARD BANK operates in 17African countries under its ownbrand or through subsidiaries.

Its retail division went live withphase one of its AML monitoringand reporting technology solutionon September 1 this year. Phase twowill roll out the system through thewholesale banking division, whilstthe sub-banks in other jurisdictionsare earmarked for phase three.

Nadia Hoff says that whenselecting a technology provider, itwas important to remember that“the way money is laundered hereis much the same as the way it isdone elsewhere”. Knowing this,Standard Bank decided it was wiseto partner with an offshore AMLtechnology vendor that had multiple previous implementationsin different jurisdictions.

Hoff said that it was critical that“we didn’t want to be a guinea pig.We wanted a vendor that hadimplemented systems in a numberof large institutions already. Wewanted to be able to go and look at those systems working.”

Most importantly the vendorhad to have a proven track record.It also had to be able to work across the various business units of the bank and be stable enough

to be implemented across jurisdic-tions in Standard’s sub-banks inother countries.

These three business issues werethe main drivers of Standard’s decision-making process. “Afterthat the other technical issues cameinto play and they were basicallydata and feed issues,” said Hoff.“However, once the basic businessdecision was made everything elsewent according to plan.”

Hoff said there were challengesto be confronted during implemen-tation and at times her staff foundit a “little overwhelming”.

“The challenge wasn’t reallywith Fortent’s system, but with ourown internal systems, in particularour own data capabilities,” she said.“We had to take some products andexclude them from the initial imple-mentation of the system becausewe couldn’t get the feeds into thedata warehouse in time. So we tookthe view of ‘let’s implement whatwe can now, and put the rest on the backburner until next year’.”

The bank did not have to do it all themselves, however. “Fortentwas very helpful. They brought with them the skills and experiencethey had gained from their previousimplementations. When it became a

little overwhelming for us, they werethere saying ‘don’t worry, we’ve donethis before it will all work out OK’.”

IBM was brought in as a technology implementation partnerand worked closely with Fortentand Standard Bank on a day-to-daybasis throughout the process.

Before implementing Fortent’sautomated monitoring and report-ing solution, the bank introduced a uniform set of policies and proce-dures across the group. As a result,any business unit taking on a newcustomer applies the same minimumKnow Your Customer (KYC) and cus-tomer diligence standards. StandardBank also established minimum stan-dards for training, record keeping,compliance monitoring and the submission of monthly managementinformation. The group minimumstandards were rolled out across allbusiness units, using the compliancefunctions across the bank for implementation purposes.

Fortent’s system checks for suspi-cious and unusual transactions andgenerates alerts that are then investi-gated further. It also checks identitiesagainst the UN Security Council list of individuals and entities associatedwith known terrorist groups.

Experience pays

As Australian financial institutions begin their anti-money laundering (AML) implementation,what lessons can be learned from overseas peers? Nadia Hoff, head of group money laundering control at South African-based Standard Bank, details her experience of selecting a compliance software and solutions provider to assist in meeting the requirements of theFinancial Intelligence Centre Act (FICA)

��

SPONSORED FEATURE


These checks are supported at thefront end with a real-time checkingsystem that sits on Standard Bank’sSwift system.

Fraudulent transactions areinvestigated by a separate divisionwithin Standard. However, Hoff andher counterparts in fraud thought it vital that the system worked for all suspicious transactions. “The platform we chose can also be usedby the fraud people. We are now working with the fraud guys to seeif there are some sentinels in the system that they can use,” she said.

Hoff said Standard Bank is “very,very happy” with the implementa-

tion of Fortent’s system. However,she believes that to ensure the best chance of success, the bank’sbusiness units have to stop treatingAML/CTF as a compliance issue. “The business has to take on AMLand make it work. You know the old attitude is we in compliance costthe bank money while they make it, but this [issue] has got to be some-thing that the business adopts.”

The four big South Africanbanks decided early on thatAML/CTF was not a competitiveissue and three of them, includingStandard, chose the same vendorsystem for their AML monitoring

and reporting. Nadia Hoff said this has improved the outcomes in all three banks.

“We have talked about the issueswith each other and co-operated to create an industry best-practicesystem. I strongly urge the Australianbanks to do the same and co-operateon AML. That co-operative approachwas an incredible help to us throughthe whole process.”

About Fortent Fortent was created to become theleading provider of enterprise widerisk and compliance solutions forfinancial institutions worldwide.Funded by the private equity firmWarburg Pincus, Fortent combinesSearchspace, whose AML solutionhas been endorsed by the AmericanBankers Association, and Semagix, apioneering, risk-based approach toKYC and Enhanced Due Diligence.

Implementing its industry-lead-ing technology systems, Fortentworks with financial institutions to integrate risk and compliancemanagement into existing businesspractices. The Fortent team helps its customers – regional, national,and global financial institutions –solve business problems, acting as atrue partner in a rapidly changing regulatory landscape.

Combining best-in-class products with advisory services from experienced banking and regulatory professionals, Fortentsets the global standard for enterprise risk management.

Fortent’s clients includeCommerce Bank, JP Morgan,Barclays, Chevy Chase Bank, First Horizon National Corporation, First Hawaiian Bank, Lloyds TSB,Société Générale, The Bank of New York, The Royal Bank ofScotland, UBS, and WashingtonMutual. Fortent has headquarters in New York, with offices in Atlanta,Frankfurt, London, Paris, San Francisco, and Sydney. ■

Biography: Nadia Hoff HEAD OF GROUP MONEY LAUNDERING CONTROL, STANDARD BANK

2005 | Group money laundering control office takes on responsibility for terrorist financing control with the introduction of anti-terrorism legislation in South Africa

2003 | Returns to Standard Bank as group money laundering control officer with responsibility for implementing the bank’s AML program

2000 | Moves to Barclays Bank to manage the bank’s compliance and money laundering control function in South Africa

1998 | Admitted as an attorney. Joined the group compliance team at Standard Bank

COVER STORY


Clearing the training hurdle

COVER STORY

E MBEDDING NEW PROCESSESthat can combat money launderingand developing a culture of

compliance across business functions poses a unique set of challenges for AML project teams. Market analysts argue that this problem has more to do with workloadsthan any general unwillingness to engage with the issue. “People are busy,” said Richard de Lotto, principal research analystand banking specialist for Gartner Group.“Training takes a lot of time.” However,that time, de Lotto believes, must be found if institutions are to realise the full ambitionof their AML programs, and it can ultimatelydeliver big benefits. “Training may be themost cost-effective method for combatingmoney laundering,” he said.

What the regulator wantsAt the Australian regulatory level,the importance of training is clearlyrecognised, especially as AML reformprogresses. “AUSTRAC is currentlydeveloping an Education and Training

Strategy to meet both industry and othergovernment agency requirements,”said AUSTRAC Director Neil Jensen.“In developing this strategy, we are considering a range of approaches tocater for the large number of groups that the reform impacts on.”

That collaborative approach will be vital, industry figures believe.“Government [agencies] have an important role to play in building publicawareness on why Australia is adoptingthe regime and what they will be doing to support industry and the community in the process,” said Kathy Simonis,director for the risk management division– compliance at Macquarie Bank.

As part of the consultation process,AUSTRAC hopes to develop training

mechanisms that will be applicable to specificindustry groups. “Due to the nature of the legislation, we do not see the education andtraining as one-off events, but rather a processof an ongoing partnership between AUSTRACand external stakeholders,” Jensen said.

The existing inspection-based approachto assessing training programs is expected tocontinue. “AUSTRAC’s inspections currentlycomment and make recommendations on thequality of training programs; for example,relating to account opening procedures or theproduction of suspicious transaction reports,”Jensen said. “Where non-compliance orweaknesses in controls are identified,AUSTRAC reviews areas such as staff training, the content, quality and how often it is provided and our recommendations often seek improvements in training.”

Training will also be increasingly considered in the broader context of overalllegislative compliance. “Where we identifynon-compliance, lax controls or weaknesses inrisk-based systems within organisations, wewill routinely review procedures and staff train-ing to identify both the causes and potentialsolutions to the problem,” Jensen said.

Real-life experienceOverseas practice suggests that setting up thesetraining systems is a substantial undertaking.Bob Upton, head of financial crime prevention

and monitoring for Lloyds TSB Group, saysexperience suggests a number of commontraining problems have been identified acrossdifferent jurisdictions. These include a lack ofclearly defined procedures, internal systemsand controls (which are in themselves easier toconvey via most training methods than vaguemotherhood statements); poor systems for collecting documentation and ensuring it meetsevidentiary standards; a lack of meaningfulmanagement information for tracking theprogress of training initiatives, including a lack of internal audits and other routine testing; and a weak culture of compliance,often exacerbated by a general lack of commitment from senior management.

Deciding upon the scope of the trainingis a particular challenge. Problem issues formost financial institutions typically includesocial security fraud, credit card fraud anddrug financing, as well as money laundering‘proper’. An effective training scheme needsto focus on all these issues, rather than zeroing in selectively, Upton argues.

Staff will ideally need to be aware of specific bank policy regarding AML, plus abroader appreciation of the kinds of activitiesassociated with AML, though this apprecia-tion must be carefully balanced. “There is the need for the combination of awarenesstraining within one’s own organisation and the


Implementing a successful anti-money laundering (AML) program poses an organisational challenge on several levels. While many financial institutions easily identify the technological andbroad process challenges involved in such a task, a surprising number stumble when it comes toone of the most fundamental delivery mechanisms: training staff. Angus Kidman investigates

“Training may be the most cost-effective method for combating money laundering”

Richard de Lotto, Gartner Group

��

COVER STORY

more specific targeted training required forstaff and customers on the operational impactand changes required,” said Macquarie Bank’sSimonis. “Whilst I believe that staff membersservicing the customer also need to have anunderstanding of the boarder AML issues,more critical is the need to understand what isto be achieved at a more granular level.”

Another critical decision is that of whichdelivery method to use. While the financialsector has increasingly moved towards com-puter-based and online training, Upton advisesthat a balance needs to be struck between thisand more traditional face-to-face methods.

For fundamental AML principles andbroad information specific to an individualsector, online delivery is often the most suitable and economic model. However, forspecific training targeted towards an individualline of business, more traditional, face-to-facetraining approaches are appropriate. Virtuallyall training will involve some combination of both approaches, and this may need to betailored at the individual employee level,particularly for more senior managers. In allcases, case studies based on likely scenarioswill be easier to absorb than abstract theory.

“Induction training, including generalmessages and rules, can be effective in anonline environment; however, it is most effective if the training is interactive, obviousin its relevance and does not take hours tocomplete,” Simonis said.

Gartner research supports this,finding that computer-based trainingcan be particularly effective to developbroad awareness, and help convey the idea that staff should be alert topossible fraudulent activity outsidetheir immediate areas of core responsi-bility. The study found that highly specific situational training may be more effective when delivered face-to-face, in small groups.

Training optionsA similar technology mix is likely to beseen at an industry level as well. “Dueto the geographic spread, timelines andnumber of targeted groups (and poten-tial participants), AUSTRAC will utiliseapproaches including presentations,training courses, seminars and online

support materials,” AUSTRAC’s Jensen said.“A major tool in most of our education andtraining will be the utilisation of scenarios,as this makes it far more meaningful and practical whilst highlighting what the legislation requires and associated impacts for AUSTRAC, for industry groups and forAustralia and society more generally.”

“A key component of our strategy will be the identification of key requirements andthemes for each major industry group so wecan focus on these rather than the provision ofgeneric and possibly less focused programs,”Jensen said. “Focusing on key messages andthe specific information that different groupsrequire will allow us to closely assess the efficacy of these approaches.”

That industry focus will also be reflectedin general promotion of the requirements of


��

“Where we identify non-compliance, lax controls or weaknesses in risk-based systems within organisations, we will routinely review procedures and staff training to identify both the causes andpotential solutions to the problem”

Neil Jensen, AUSTRAC

COVER STORY

the new legislation. “An awareness campaignis being planned,” Jensen said. “AUSTRACwill also be developing more industry-specific publications and other materials to assist industries in understanding how they are affected by the reforms.”

Assessment will likely take a variety of forms. “The assessment will include post-workshop/presentation/seminar questionnaires, a mechanism for feedback via our website, ongoing liaison with industry groups to ascertain skill and knowledge areas, as well as then determining requirements for follow-up initiatives,” Jensen said.

While basic training completion is relatively easy to measure, it shouldn’t be the only focus. “The more qualitative measure is perhaps one that arises from staff members escalating potential issues and potentially suspicious transactions thatmay not sit within the defined ‘triggers’that are in place,” Simonis said.

Staff in high-pressure environments willrequire more frequent updates. “There shouldbe more frequent and focused training forstaff in high-risk roles,” Simonis said.

As well as requiring frequent tweaking,training programs are also likely to ultimatelyaffect the overall technology environment for AML systems. As Gartner’s de Lottoexplains: “Once you do the training and getthe procedures in place, your bank is a verydifferent environment than it was a year ago,and you need different software.”

The biggest long-term challenge is inensuring a true culture of compliance. “If an AML program is considered as part of an organisation’s overall risk managementframework, then the training will naturally fitinto the ‘way we do business’ and thereforeshould merge with the compliance culture of the organisation,” Simonis said.

“More broadly, government and industryneed to work together to develop appropriate

consistency for the approach taken in thefight against money laundering and counter-terrorism financing that truly enables a risk-based approach to be adopted,”she said. “This is instrumental in creating the culture of compliance sought by theAustralian regime.” ■■


BUILD VERSUS BUY

While most institutions will need to customise their AML training programs to a significantdegree, many will want to base their programs on content and systems purchased from externalproviders. Gartner advises asking the following questions when assessing such packages:

> Does the program clearly define the entire scope of AML activity, as well as outlining currentareas of broad concern?

> How frequently is the content updated, and when was it last updated?

> Does the program include specific examples, and can it be tailored for non-English speakers?

> Is there any certification offered for relevance to your particular market?

> Can it easily be customised to include institution-specific policies, compliance requirements and procedures?

> Does the system offer a built-in tracking program to monitor employee progress?

“There is the need for the combination of awarenesstraining within one’s own organisation and the more specific targeted training required for staff and customers on the operational impact andchanges required”

Kathy Simonis, Macquarie Bank

FEATURE


Opportunity knocksWhile the challenges ahead for financial institutions are apparent,

the business benefits of implementing an anti-money laundering (AML) program are harder to see. John Kavanagh investigates how some firms

plan to leverage their AML implementation to streamline technology, improve customer data and identify new revenue opportunities.

FEATURE


P AULINE PEREIRA first saw anti-money laundering as a potentialbusiness development opportunity

(rather than yet another expensive compli-ance burden) in July, when she realised therevised draft of the AML/CTF Bill hadadopted a risk-based approach to compliance.

Pereira is the general manager of groupcompliance at the Commonwealth Bank,reporting to the chief risk officer, and it willbe her job to implement the bank’s AML systems over the next two years. “We lobbiedhard for a risk-based approach and not a tick-the-boxes piece of regulation,” Pereira said.

“The risk-based approach allows us tomake our own assessment of our risks andput the appropriate resources in place. Thismakes it more of a business issue. You haveto think about how the systems you are goingto set up might integrate with existing sys-tems and processes,” she advised.

However, compliance officers likePauline Pereira are the exception rather than the rule, according to Julie Beesley,an associate director at KPMG Forensic.Beesley said: “Australian financial servicescompanies are spending tens of millions of dollars on compliance projects, if youinclude Sarbanes-Oxley, Basel II, interna-tional financial reporting standards, financialservices reform and now anti-money laundering. Most of them view this as a cost,focusing more on the need to comply rather than looking at how they can complyin ways that reinforce business objectives.”

Beesley says business benefits are hard to extract from compliance programsbut they are real all the same. She groupsthem under six headings: managing reputational risk; competitive advantage

through better business data; synergies with areas such as fraud and credit risk management; technology integration; creation of revenue opportunities; andenhanced corporate social responsibility.

Earlier this year KPMG surveyed 22 Australian financial institutions on thetopic of “driving business synergies throughrisk and compliance initiatives”. It found thatmost were focusing on the need to complyrather than on how to comply in ways thatsupport business objectives. “We found that funding for compliance projects wasgenerally allocated on a project-by-projectbasis, with few organisations taking an integrated corporate view,” says Beesley.

“Costs are dispersed throughout theorganisation and collation of the full costs of projects across all business units is difficult. Executives seem resentful of the compliance demands and the diversion of scarce resources away from much-neededbusiness improvement and marketing initiatives. Few respondents said they conducted post-project reviews to determinewhether synergies could be realised fromimplementing new regulations. And feworganisations have adopted suitable IT systems to measure, monitor and report compliance performance.

“The tendency for financial institutions,particularly the larger companies, to run compliance initiatives as individual,stand-alone projects within business units means that projects are not easily co-ordinated and synergies are more difficultto achieve. Governance becomes duplicatedor widely spread, and so executives doingmultiple sign-offs across multiple projectsfind it difficult to discover opportunities for business development.

“Our conclusion is that the massiveexpenditure on compliance by financial services institutions in Australia does not appear to be delivering significant,sustainable business benefits.”

Beesley said that some of the smallerfinancial institutions had taken a lead in these matters because, although they have difficulty with the commitment of resources required to meet their compliance requirements, they were better at co-ordinating tasks across theirorganisations and sharing information.

The senior manager of group fraud control at Bendigo Bank, David Harley, sayscost is always an issue in his organisation.“We have set out to deliver a cost-effectiveAML program that provides additional business benefits.” Harley said.

“We are identifying synergies with both Basel II and our IT business strategyand looking to implement parts of our strategy in a way that will provide the building blocks to achieve strategic businessand IT benefits. This way we can, where possible, deliver a return on investment on an otherwise compliance spend.

“While our AML project team has been in place for some time working on the consultation process and pulling together partsof the project, we realised we needed to bringtogether a number of streams of activity andwork collectively. We have created a programoffice and are now working on resolving someof the strategic IT decisions that will direct the way we structure the program.

“We will also work on implementingrelated changes from different streams as

“We are identifying synergies with both Basel II and our IT business strategy and looking to implement parts of

our strategy in a way that will provide the building blocks to achieve strategic business and IT benefits”

David Harley, Bendigo Bank

23 ��

WANT TO KNOW WHAT’S HAPPENING IN THE MIDDLE EAST? …

GET THE MOST UP TO DATE COMPLIANCE NEWS, ANALYSIS AND REFERENCE MATERIAL IN THE REGION AND REDUCE RISK

www.complinet.com

Complinet, the leading international supplier of compliance services to the financial services industry now has coverage in the Middle East region. If your business operates in the region you need to be fully aware of the regulators rules that apply to you and be on top of the latest regulatory developments.

News – the latest Middle East news with content by leading industry specialists, complemented by our expert in-house team provides topical news stories and offer in-depth analysis covering: • Islamic finance • Institutional fund and asset managers • Middle East regulatory issues • Commercial and wholesale banking • Investment banking • Insurance • Corporate finance • Jurisdiction updates

Reference – Middle East reference is an extensive platform with access to vital rules, regulations, laws and legislation from the region. It combines leading technology with up to date and attractively presented texts and enables firms to remain compliant with the latest regulatory challenges in the Middle East. Complinet’s service provides you with full texts of legislation, regulation and supplementary materials from the Middle East’s most prominent regulators and exchanges.

Get a free 14 day trial to the Middle East service and see for yourself just how Complinet have made it easier for you to know the rules, stay up to date and reduce risk.

Call +44 (0) 870 042 6410 or email [email protected] alternatively visit www.complinet.com and register now for your free trial.

FEATURE


one, rather than delivering an AML changethen delivering a system change,” he said.

Beesley says one of the big changes that AML will introduce is that banks will beasking for a lot more information from theircustomers. The way the banks handle this willhave a big bearing on corporate reputation. Shesays: “When you look at customer satisfaction,a lot of it comes down to how they treat thecustomer and the quality of the material theydistribute. These banks have to think about thesort of experience they are going to offer theircustomers when they go through that process.

“And as they go through that processthey have an opportunity to clean up theircustomer data, make sure it is of high qualityand get systems in place that give the organi-sation a single view of the customer by lever-aging common systems.

“For many organisations that sharing ofhigh-quality customer information is still alight on the hill. AML can be a catalyst forgetting that done,” Beesley said.

These issues form a big part of AMLplanning at Deutsche Bank, says KarenKhoury, the head of the bank’s AML program.Khoury says: “We believe the considerableinvestment the bank makes into anti-moneylaundering provides benefits in several waysaside from the obvious regulatory compliance.

“Protecting the bank’s reputation is paramount and the AML initiative aligns withour broader corporate social responsibilitygoals, which is welcomed by our clients,staff and other stakeholders.

“The continuous technological investmentmeans the support processes are streamlinedwith numerous embedded controls including

credit analysis and compliance reviews. Thisimproves efficiencies and increases the qualityof data, which provides the business with astronger operating platform,” Khoury said.

Beesley says the big pay-off, for thosethat can achieve it, will come from IT —developing a technical architecture that notonly supports AML requirements but othercompliance initiatives as well. She says:“Solutions that exploit common capabilitiesacross individual compliance projects, whilesupporting the business strategy, tend to besimpler, more robust, have a lower total operating cost and require far less manual data manipulation and validation.

“We have clients working on that now. It is hard because they have legacy systemsthat are hard to change.”

The Commonwealth Bank’s Pereira, saidthat IT synergies are very much part of herorganisation’s AML planning. Pereira says:“We are looking at how our group security team, which runs our fraud program, mightget involved in AML. That would give ussome synergy in the use of technology andresources and it might give us some opera-tional advantages. We want to use one plat-form where possible.”

The Commonwealth Bank developed aretail banking platform called CommSee,as part of its three-year ‘Which New Bank’re-engineering program. CommSee is designedto give customer-facing staff a complete pictureof a customer’s dealings with the bank. Overthe past year the bank has been putting its business banking operations onto CommSee.Pereira says the AML team is looking at how it can use CommSee for its purposes.

Beesley says KPMG has developed 10 leading practice principles for AML implementation, based on the findings of its

survey. “Number one is to adopt a strategicmindset when planning compliance projects.The leaders in the area do not let compliancedictate business strategy but find ways inwhich compliance can be accommodatedwithin their strategic goals,” she said.

Beesley says it is important to establish a corporate-level governance model for com-pliance projects. “This helps co-ordinate compliance initiatives across business units,it makes it easier to monitor the costs of compliance initiatives, it helps identify andeliminate duplication, it helps establish a platform for capturing synergies and it facili-tates a transfer of organisational learning.”

Beesley says principle number three is to do the homework first: “The experience of financial institutions over the past fewyears has led the best of them to realise that they must be more systematic whenimplementing large-scale risk and complianceprojects. They need to make some investmentupfront to understand the scope of what theyare getting into.”

Other important principles include end-to-end business process ownership,full cost transparency, adopting key performance indicators that drive the adoption of risk-averse behaviour, sharingcompliance components, linking capital and risk to drive performance, and havingcommon IT implementation.

Finally, organisations must use soundproject management practices. Beesley says:“Rigorous project management practice will ensure proper engagement of relevantstakeholders, version control of documenta-tion, embedding of organisational learningand sound change management. A number of leading financial institutions are engagingprofessional project managers to ensure amore strategic outcome.” ■■

“The continuous technological investment means the support processesare streamlined with numerous embedded controls including creditanalysis and compliance reviews. This improves efficiencies and increases the quality of data, which provides the business with a stronger operating platform”

Karen Khoury, Deutsche Bank

�� 21

SPONSORED FEATURE


FINDING A PROVEN SOLUTION

BANKS VALUE THEIR REPUTATIONS; should they be tarnished, legitimate institutions will shun them.

A financial institution that has ‘assisted’ in the launderingof money or in terrorist financing faces severe reputationaldamage. The desire to reduce all avenues of operational,regulatory and reputation risk has driven financial institutionsaround the world to adopt ongoing enhanced anti-moneylaundering/counter terrorist financing and know your cus-tomer (KYC) procedures, and World-Check has for the last fiveyears worked to assist in this complex but rewarding task.

Originally created to provide Swiss institutions with aPolitically Exposed Persons (PEP) database, World-Check istoday considered the world’s leading provider of KYC riskreduction intelligence. Working with some 1,600 institutionsin more than 120 countries, World-Check has found that;

• reputable banks cannot afford to appear on the frontpage of any major newspaper linked to dictators, terrorists, arms dealers, money launderers or any othersuch individuals

• reputation risk drives most banks to carry out activeKYC, terrorist and PEP checks not their legislativerequirements

• management may initially see compliance as being a non-profit making expense until it understands thatwithout effective compliance policies the bank may face multi-million dollar fines, blacklisting by regulators,loss of correspondent banking networks, and even adramatic devaluation in share holder value

• forward-thinking institutions now accept that theirresponsibility is not only to their shareholders, directors and account holders, but also to wider society.Institutions have a key role to play in fighting international crime and terrorism.

"When we set out in late 2000," explains DavidLeppan, World-Check's founder, "our sole purpose was, on behalf of a handful of Swiss banks, to offer an ‘early warning system’ at account opening. The financialcommunity, however, changed dramatically post-September11 2001, as bankers worldwide came to terms with the fact they had no idea of who their customers were. With the global role out of compliance requirements,

Know your customer(KYC) risk reduction

“Compliance is not about keeping regulators happy. It’s about enabling firmsto cut their losses by not doing business with companies that might harm orembarrass them… World-Check offers businesses a tool that can help preventproblem entities from becoming customers.”

Extract from the Gartner Report “Use World-Check Now, Avoid Embarrassment Later.”

��

SPONSORED FEATURE


World-Check, because of its uniqueness, was chosen to assist hundreds of institutions in dramatically and immediately reducing their KYC, terrorist and PEP risk."

World-Check today assists 1,600 institutions, including 43 of the world’s 50 largest banks and more than 200 regulatory, enforcement and government agencies with its global database of heightened-risk individuals and companies.

By consolidating and organising unstructured information from hundreds of thousands of worldwidesources into a database of highly structured profiles,World-Check enables institutions to automatically and regularly screen their client-base for the presence of highand heightened-risk entities. World-Check is the most comprehensive and highly structured intelligence databaseservice available and it has proven to thousands of bankers on a daily basis that KYC checking can make a big difference.

Today it is widely accepted that KYC checking requires diligence to be carried out not only on individualsbut also on companies, trusts and even correspondentbanks. World-Check’ s success has been partly due to the in-depth research carried out over five years, not only to identify these individuals but to connect them to their associates and ‘front companies’. Coverage withinWorld-Check extends from terrorists, fraudsters and organised crime to “shell banks”, sanctioned entities and PEP’s regardless of jurisdiction.

“A database that simply confirms a certain individual is a senior politician, but which fails to reveal risk-relevant

information, is of little assistance in meeting the legislativerequirements for KYC, terrorist and PEP identification” says Leppan. “It would, however, be very short sighted to simply want to comply. One needs to understand the reasoning behind KYC, terrorist and PEP checking to fully understand that it makes good business sense to want to know one’s customers and thereby reduce your institution’s risk”.

There is no doubt of the value of ‘early warning’ intelli-gence. World-Check has regularly profiled entities up totwo years ahead of their being added to the Bank ofEngland Sanction list or the US OFAC list. World-Checkprides itself on being ahead on the sanction listing curve.

As Leppan explains, “Never before has a company successfully taken hundreds of thousands of unstructured,open-source documents and converted them into a highlystructured KYC database. Weaving the web of relationshipsacross more than 220 countries and territories has resultedin a unique database. The continuous researching andgathering of information allows us to keep ‘connecting the dots’ and as the pieces of the puzzle fall into place,data becomes intelligence.”

World-Check's drive, expertise and a global team of highly motivated professionals has led to its success. On a regular basis feedback is received from bankers,lawyers and government agents on how valuable this riskreduction service is. The most frequent compliment is thatWorld-Check’s intelligence just keeps getting better and as such the financial community is able to take on its socialresponsibility in stopping the proceeds of crime and terroristfinancing from passing through our banking system." ■

Please visit www.world-check.com for more information.

“World-Check marks a critical advancement in fighting financial crime, and is an important aspect of our ongoing effortsto prevent money laundering and terrorist financing.”

David Thursfield, Director Cayman Financial Reporting Authority.

FEATURE

T HE PRIVACY IMPACT statement ofAustralia’s Anti Money Launderingand Counter-Terrorism Financing Bill

(AML/CTF) is once again causing concern and is currently being reviewed, according toa spokeswoman for the Minister for Justiceand Customs.

Concerns have arisen over whether thenew AML/CTF regime will conflict withexisting privacy laws, which control the use of personal information held by Australianbusinesses and establish rights for individualsto access information held about them. Theresulting tension may necessitate the reviewof previous privacy legislation.

At the centre of the debate, consumer andprivacy groups warn that financial institutions

could use customer information, collected forthe purposes of know your customer (KYC),to market new products. It could also be usedfor customer segmenting and demographicinformation associated with product usage,product design and development.

Under the proposed AML/CTF regime,reporting entities will be required to collectadditional information from individuals toidentify customers, verify that identity,monitor transaction activity and report to theregulator, AUSTRAC. Financial institutionsare also required to report the suspiciousbehaviour of prospective clients enquiringabout services.

Ros Grady, a partner at MallesonsStephen Jaques, said that the information

collected for KYC can be used for other marketing purposes, but only if the customerhas provided informed consent to use it forthat purpose. Therefore, it is possible that consumers will receive an increased amountof marketing material in the mail from their financial institution when the AML legislation comes into effect.

A detailed submission from The PrivacyFoundation also expressed concern aboutsimple enquiries regarding investmentoptions and products being included in the KYC requirements. Individuals beingobligated to identify themselves before making such enquiries is not only excessiveand objectionable in principle, but mayexpose those shopping around to unwantedmarketing of other products.


Privacy tension

In the fight against money laundering, customerinformation is imperative. But as banks across the region establish their information collectionprocedures, privacy campaigners have again raisedconcerns over how this information is collected,stored and used. Anne Lampe investigates

FEATURE

While the new laws do not require identification of customers in order to makeenquiries, they do prevent the provision of financial services unless the correct identification procedures have been carriedout. If suspicious activity is detected duringthe making of an enquiry then the financialinstitution is required under the new proposedlaws to make a report to AUSTRAC. In those circumstances, financial institutions will be expected to make an effort to obtainidentification details and pass these onto the regulator.

But as Joy Geary, an independent consultant on the AML legislation remarks,the new requirements under the proposedAML/CTF Bill may not impact consumers as much as privacy campaigners fear: “there

may not necessarily be a lot more informationcollected than is normally now collected forbusiness purposes, particularly in the contextof a credit application. What is new about this law is the insistence that consideration begiven to collecting this information type evenfor non-credit products, depending on the institution's risk-based approach.

“Further, customer information is requiredto be used to assess potential for money laundering and terrorist financing. And thatrequirement is expressly stated. Financial insti-tutions do not have to assess you individually,but they have to know enough about you andassess how you fit into (or where you fit into)their risk profile. A firm’s business model willdecide whether customers are assessed on anindividual basis or not.”

So how will the legislation work in practice?

Let’s say Joe Bloggs wants to sendUS$50,000 to his mother in New Zealand.

As this is an international funds transferinstruction, it will be reported to AUSTRACby the financial institution, in accordancewith existing process. Additionally, theorganisation will be required to assess thetransaction against its risk-based approach for international transactions. As a result, thetransaction will be examined in the context ofthe country risk represented by New Zealand,the currency used, what the organisationknows about the purpose of the transaction,


‘’AML laws are likely to prevail over privacy laws... especially given the international pressure to

introduce the AML laws’’.

Ros Grady, Mallesons Stephen Jaques

��

FEATURE

and the location and name of the beneficiaryof the payment. If a country’s infrastructurehas the propensity for allowing money to be laundered in its financial systems it will beregarded as high-risk.

The financial institution will also scruti-nize this transaction in the context of othersimilar payments and account activity by JoeBloggs. Such a transaction might fit withusual criteria for Joe Bloggs or be regarded asunusual, depending on the circumstances.

Under the new laws, the financial institu-tion will also be required to hold certain baseinformation about the transaction and about JoeBloggs before it can process the transaction.Some of this information will need to be sentwith the payment instruction to New Zealand.

For example, if Joe Bloggs was sendingmoney to Russia, instead of New Zealand,this would be regarded as a higher risk transaction as Russia is regarded as a high-risk money laundering country.

Financial institutions are expected tomanage money laundering and terroristfinancing risk both at the transaction and customer levels. “Reporting entities under thenew laws are expected to know enough abouttheir customers to assess their risk of moneylaundering and to know enough about thetransactions they undertake to detect anythingunusual or suspicious,’’ Ms Geary explains,“For example, if your income is derivedentirely from cash, then a financial institutionneeds to consider categorising you as medium- or high-risk because you have acash income and placement of cash is the first step in laundering money.”

Experts agree that typical risk criteria forinternational payments would look at whetherthe customer has ever applied to send moneyto the particular destination before; if theyhave ever sent that amount of money before;and, if they have never before done so andare now sending large amounts, the reasonswhy. Unusual patterns of behaviour will bethe trigger for further inquiry.

Legislation and privacy tensions Tensions between privacy principles and the proposed legislation have to date focusedon the subjective nature of the risk assess-ment process. The new processes will be costly and passed onto the general cus-tomer base, resulting in the majority of customers, who are low risk, subsidising new processes attached to higher risk cus-tomers. Unfortunately, loading the costs onto high-risk assessed individuals would defeatthe purpose of the legislation and encouragecustomer turnover to evade unwanted risk ratings. This makes the new laws both a cost and a privacy issue for customers.

Another tension centres on access rights to the AUSTRAC risk-assessmentinformation. In a submission to the govern-ment, the Australian Privacy Foundation tookissue with the very broad access to informa-tion allowed to agencies including the federal police, the Tax Office and over 30Commonwealth, State and Territory agencies.

It is not clear whether amendments will be made to the Privacy Act to preventcustomers from having access to any risk ratings applied to them under these newAML/CTF laws. Currently, customers cangenerally access all personal information held about them by financial institutions. Forexample, customers have the right to inspectcredit information and challenge errors.

Ms Geary rationalises that compliancewith the new AML/CTF laws is a sensibleargument to support the proposition that a customer’s risk assessment is something the customer is not entitled to access underprivacy laws. If access was provided to risk ratings then the new laws would beunder-mined. The debate is essentially one of policy – laws that meet the require-ments of the international Financial ActionTask Force (FATF) necessarily intrude on privacy rights, as well as rights aimed at reducing discrimination.

The Privacy Foundation regards this asunacceptable secrecy. Suspect transactionreports are expressly exempt from accessunder the Freedom on Information Act (1982)

and The Privacy Act (1988), and it is anoffence to notify a customer that a suspecttransaction report has been lodged. ThePrivacy Foundation argues that the suspecttransaction database amounts to a secretblacklist based on extremely subjective criteria and unverified judgements that couldseriously prejudice individuals listed on it,without their knowledge and without any possibility of a challenge or remedy.

“The inclusion of an individual onAUSTRAC’s suspected (transaction/matters)database, accessible to more than 30 agen-cies, has the potential to adversely affectthem, even if they are not aware of the effect.

“At least if the individuals concerned were notified, they would have the opportunityto challenge the reasons for the report. In ourview the concept of secret files compiled on the basis of ‘amateur’ assessments andwholly subjective criteria is inconsistent with a free society, and these provisions must berepealed or replaced with a reporting regimethat incorporates review rights based on natural justice principles.’’

The Foundation is also concerned aboutprogressive function creep, well beyond theserious and organised crime areas originallyused to justify the extraordinary privacy intru-sions. The scheme is already in routine use fora wide range of less serious offences, includ-ing minor welfare and tax transgressions, andthis will accelerate under the new legislation.

Greater intrusion into customers’personal affairs and negative assessment basedon appearance and behavioural factors is also of concern to the Foundation. Theyreport that there “is a risk of over-reporting ofindigenous people or people of a non-Englishspeaking background because of prejudice,discrimination or misunderstanding of different cultural norms of behaviour.’’

“The suspicious reporting regime cannotbe divorced from the legislative prohibitionon notifying the subject of the report,”the Foundation concluded.


��

��

One tension between privacy principles and the proposed legislation is the subjective nature of the risk assessment process and the resources that each financial institution will need to set aside to do the risk profiling.

HITTING THE COMPLIANCE TARGET

Blake Dawson Waldron is pleased to announce that the salt™ library has been expanded to include a suite of courses for the

New Zealand market supplied by Kensington Swan Lawyers.

To understand what salt™ Enterprise can do to help you further your compliance objectives, contact us:

AustraliaJulian Fenwick

Blake Dawson Waldront > 61 2 9258 6382

e > [email protected] > www.compliance.bdw.com

New ZealandRob Noakes

t > 64 9 375 1121e > [email protected]

w > www.kensingtonswan.com/salt

FEATURE

Supplementary to this concern is that the information collected and monitored will be held for a period of seven years and,in certain cases, even longer.

The Privacy Commissioner has submittedthat this long period of data retention withoutthe opportunity to check or challenge the information should require its deletionafter two years, unless action is taken on suspicious matters.

Ms Geary points out that many of theconcerns raised by the privacy lobby arealready covered under the current reportingrequirements. If a transaction involves over$10,000 in cash or the movement of fundsinternationally, it will be reported under thenew rules, as it is today. Similarly, suspicioustransactions will be reported under the newrules as they are now.

So, is the AML/CTF Bill workable or arechanges required to the Privacy Act?

Joy Geary’s view is that it is workablefrom a privacy perspective with one or two consequential amendments to the Privacy Principles in the Act. However,banks will need to modify their privacy notifications, which will in turn raise printing and mailing costs.

“AML laws are likely to prevail over privacy laws,’’ Ros Grady said. “Especiallygiven the international pressure to introducethe AML laws.’’ Experts generally agree that in public policy terms the privacy debateis unlikely to win out over the terroristdebate. General consensus is that the legislation needs to go through in its currentform to satisfy FATF.

How the legislation will be rolled outremains to be seen. A gradual introduction is expected, with certain obligations startingon royal assent and others coming into

operation at different times throughout theimplementation period. There may also be a ‘no prosecution’ period of 12 monthsallowed before financial institutions failing to enforce the rules are prosecuted. Thisextra period of 12 months is an acknowledge-ment by government of the degree of changefinancial institutions will need to make totheir current business processes and systems.

Gaining public acceptance of this further intrusion into customers' private

financial dealings will hinge on the results achieved. Straw polls indicate that the public is likely to accept it providedthey can see the legislation is achieving its aim of capturing those who laundermoney, finance or benefit from drug deals or evade tax. The general consensus appears to be that ‘if I have nothing to hide, then I don't have anything to be worried about’ – as long as the cost (in money or privacy) is not greater than the benefit. ■■


��

“there may not necessarily be a lot more information collected than is normally now collected for business purposes, particularly in the context of a credit application. What is new about this law is the insistencethat consideration be given to collecting this informationtype even for non-credit products, depending on theinstitution's risk-based approach.”

Joy Geary

fit snugly into the FSA's "ARROW II" process,which it hopes to apply to the firms that itinspects. The risk areas of ARROW II that theFSA expects will involve money launderinginclude the following:• institutional client/counterparty

characteristics

• retail customer characteristics• institutional product/market

characteristics• the acceptance of customers• the handling of customers after a sale• something that the FSA calls

“people risk”• controls over human resources• compliance monitoring and guidance.

The regulator has invested a reasonable amount of money in a new program it uses to train ‘supervisors’. These may or may not be the people it plans to send on ARROW II visits. Part of this is a module that teaches FSA staff about computer-based financial crime. ■■

�� FROM PAGE 6 – LONDON CALLING

A LL BUSINESSES that meet the definition of ‘reporting entity’ under the Anti-MoneyLaundering and Counter Terrorism Financing Bill (the Bill), once enacted, will be requiredto take a ‘risk-based approach’ to combating money laundering and terrorist financing

(ML/TF) in order to comply with the requirements of the Bill and finalised AML/CTF Rules.

The legislation sets out obligations under the Rules that may be met by putting appropriaterisk-based systems and controls in place. In many respects, the legislation has given reportingentities a helping hand by requiring them to consider the nature, size and complexity of their businesses and the type of ML/TF risk that they may reasonably face.

FEATURE

Building theRAM to protectyour business Building the right risk assessment model (RAM) is crucial to the success of every firm’s anti-money laundering and counter-terrorismfinancing (AML/CTF) program. Lacking an appropriate RAM will leave afirm vulnerable to abuse by money launderers and terrorist financiers– and the regulator’s wrath. Emily Brayshaw and Julie Beesley fromKPMG examine how the right RAM will underpin a reporting entity’sAML/CTF program and the ways in which it can prove beneficial

��

FEATURE

The Rules also define ‘risk-basedapproach’ (draft Rule 1.2) and specify thefour dimensions that a firm must considerwhen identifying its ML/TF risk i.e., the risksposed by its services and products, channels,customers and jurisdictions. In other words,each firm must consider the ML/TF risk ofevery product/service it offers, every channelthrough which it offers those products/servic-es; every jurisdiction around the world; andevery type of customer.

Many industry bodies have welcomed the risk-based approach as it ensures thatreporting entities are not required to devoteuniform effort across all accounts and cus-tomers. It allows them to allocate effort tomanage and mitigate against ML/TF risk pro-portionally to the risks involved.

Realistically, the overwhelming majorityof a firm’s customers will not be criminals, soa risk-based approach allows firms to allocatetheir resources more efficiently by prioritisingthe management and mitigation of any areasthey determine could be of higher risk. Thisin turn has the added benefits of possible costefficiencies and a lessened risk of undetectedsuspicious activity, which in turn helps tominimise a firm’s reputational risk.

Furthermore, the legislation contains a fundamental requirement to design and implement an AML/CTF program that identifies, manages and mitigates ML/TF risk. The AML/CTF program must be designed to identify significant changes in ML/TF risk and recognise such changes to address theAML/CTF program Rules (Rule 8). The firm must also be in a position to assess the ML/TF risk posed by all new offerings that can be defined as ‘designatedservices’ prior to introducing them to themarket, as well as to all new channels/tech-nologies prior to adopting them.

Ongoing risk managementNeil Jensen, Director of AUSTRAC, wasrecently quoted in the press as saying thatrisk management is a continuous process carried out on a dynamic basis. He explainedthat ML/TF risk assessment is not a one-timeexercise; the static nature of companies renders it an ongoing review exercise.

The RAM is the tool or mechanism that implements the risk-based approach. It allows a firm to identify ML/TF risk across the organisation and to assess its riskdynamically. However, unlike other risk models that may exist, such as an operational

risk model or a credit risk model, how a firm designs its controls to respond to thoserisks is not part of the RAM. The way inwhich a firm designs its controls in responseto ML/TF risks is covered by the widerAML/CTF program.

This means that other operations within areporting entity will take the RAM’s output toimplement the risk-based approach by design-ing different levels of controls to respond tothe risks that the RAM identifies. For example,the RAM may identify Indonesia as a high-riskjurisdiction, so the firm would design different,more stringent procedures for dealing withIndonesian entities or transactions involvingIndonesia, compared to the types of controls itwould apply to entities from, or transactionsinvolving, a jurisdiction that the RAM mightidentify as lower-risk, such as Finland.

Size matters By prescribing the four dimensions that firms must consider when building a RAM,AUSTRAC has provided reporting entitieswith a good starting point when consideringwhere to look for ML/TF risks within theirbusinesses. However, the size and complexityof the RAM will vary among firms.


��

Building a RAM, and maintaining it, can seem like a daunting task ... talking to otherorganisations about their RAMs and any potential problems that they may be facing can help a firm to avoid typical pitfalls and help resolve issues around risk ratings.

��

For example, a small, boutique firm that offers a select number of products to a very targeted customer base will have a small RAM, adequately scaled to assess the risks across jurisdictions; channels (the firm may only offer products throughthree channels); products (the firm may offer, say only 50 products); and customers (the firm may only offer its products to 10 different types of customer).

This streamlined model will look very different from a RAM for a larger firm,which may offer thousands of different products and services to a broad range of customers across several disparate businessunits and through a variety of channels.While a smaller firm may be able to make do with a RAM that operates using a simpleExcel spreadsheet, a larger firm will likelyrequire something much more sophisticated.

Remember too, AUSTRAC’s view that risk management is a continuous process and that reporting entities must consider the nature, size and complexity oftheir business when determining ML/TF risk. This means that the larger firm will likelyrequire far greater resources to build andmaintain an effective RAM than a smallerentity. In other words, a larger firm that opts to build an extremely simplistic RAMmay have to justify to the regulator why it did not consider the size, nature of complexity of its business when doing so.

RAM – more that just finding risky customersThe clearest use of a RAM for reporting entities will be to assess the ML/TF risk that (initially) all new customers (and eventually all existing customers) pose to the business. The RAM will form part of the customer identification process by interacting with the customer identification program to:

• consider what customer type theperson/entity may be and the ML/TFrisks involved for that customer type (for example, a private banking client,a politically exposed person, a trust or an ordinary retail customer);

• consider the ML/TF risks of the jurisdiction(s) in which the customer will transact;

• consider the ML/TF risks in the products/services the customer will use; and

• consider the ML/TF risks of the channelsthrough which the customer will accessthose products/services.

The composite risk that each customerposes is the combination of these risks basedon their individual circumstance. For instance,a private banking customer who wishes to set up a Bahamas-based trust account, whichis managed by a lawyer who wires funds tothe trust, may well pose a higher compositerisk than a nurse who lives in Australia andwho has a retail account, a credit card and a personal loan and a mortgage, all of whichare accessed via internet banking.

This composite risk will drive the typeof customer due diligence the firm will

be required to conduct. For example, it could determine that enhanced customer due diligence be conducted on clients whohave a high composite risk, but may onlyrequire minimum customer information beobtained for customers identified as having a lower composite risk.

But there are other ways in which theRAM can, and should, be used when under-pinning a risk-based AML/CTF program. The AML/CTF draft Rule 8.3, for instance,states that reporting entities must put in placeappropriate risk-based systems and controlsto determine whether, and how to, screenprospective employees for ML/TF risk and to re-screen any employees who may be promoted or transferred to another part of thebusiness. The firm can use the RAM to deter-mine which areas of the business are highestrisk and the appropriate level of screening foremployees who work in those areas.

The RAM can also be used to establish,say, the highest-risk products that a firmoffers so that the firm can provide the suitablelevel of training for staff who handle thoseproducts, in line with draft Rule 8.2.

Another key potential benefit of the RAM is helping the firm to get the most out of its monitoring and reporting functions. For example, a firm may wish to monitor for suspicious matters every transaction that occurs in the top three highest-risk jurisdictions over a seven-day period. The RAM will tell the reporting entity which jurisdictions are the top three forML/TF risk so that the transaction monitoring and reporting system can scrutinise the transactions required. The

same exercise may well yield radically differ-ent results when conducted six months later,because the RAM will have been continuouslyupdated to assess and identify new risks.

The RAM can also be used when consid-ering a firm’s correspondent banking relation-ships. The firm can identify any high-riskjurisdictions and the status of the AML/CTFregulatory authority in the jurisdiction inwhich the correspondent bank operates, inline with draft Rule 7.1.1(d). Without this riskidentification, the firm will not be able todetermine the level of controls it needs toapply to the relationship, or even whether itwill maintain or commence a relationshipwith the correpsondent organisation.

Teething problems?Building a RAM, and maintaining it, canseem like a daunting task, but it is importantfor firms to remember that fighting moneylaundering and terrorist financing is a spacein which there is no competitive advantage tobe gained from hoarding information. Talkingto other organisations about their RAMs andany potential problems that they may be fac-ing can help a firm to avoid typical pitfallsand help resolve issues around risk ratings,how to determine risk and how to use theinformation that the RAM produces.

By defining a risk-based approach toAML/CTF through the draft AML/CTFRules, AUSTRAC has not only elegantlyinterpreted the Financial Action Task Forceon Money Laundering’s The FortyRecommendations, but provided firms withthe opportunity to develop the approach tocompliance that suits them best. One of themost important things to remember, however,is to document the RAM development andmaintenance methodology thoroughly inorder to demonstrate to AUSTRAC that itreally is the right RAM for the business. ■■

FEATURE


REGIONAL REVIEW


The great Kiwi conversion

With Australia’s recent raft of anti-money laundering reformsdominating headlines, similar moves afoot across the Tasman havelargely slipped beneath the media radar. KPMG’s Carl Fredriksenand Gary Gill highlight New Zealand’s key money laundering andterrorist financing risks and consider the implications of the Kiwi anti-money laundering and counter-terrorism financing (AML/CTF)reform for Australian financial firms

REGIONAL REVIEW

New Zealand – a high-risk jurisdiction?

N EW ZEALAND’S low financialtransaction flow and volume assign the country to a less

prominent role within the Asia Pacific region than the key financial markets ofJapan, Singapore, Hong Kong and Australia. Hence, the risk of large volumes of dirtymoney passing through the New Zealandfinancial system at the layering and integration stages of laundering is reduced.Accordingly, both the 2005 and 2006 US Department of State’s InternationalNarcotics Control Strategy Reports (INCSR)do not classify New Zealand as a country of primary money laundering concern.

This same report in 2005 informed that narcotics trafficking and white-collarcrime are the primary sources of funds laundered through New Zealand’s financial system. A significant portion of these crimes are believed to be motivated by gambling, as stated by the Problem Gambling Foundation of New Zealand in a reportreleased in March this year.

However, in spite of the lowprofile the country has in theworld’s financial markets, therestill exists a very real threat ofmoney laundering in New Zealand.

A recent money laundering casealso illustrates the scale of the proceeds ofdrug crimes in New Zealand. Earlier this yearauthorities arrested an Israeli national in Indiaon narcotics trafficking and money launderingcharges, following a tip-off from Dutch intelligence services. Subsequent raids of theindividual’s New Zealand residence revealedevidence that the suspect had laundered morethan AU$16m, derived from narcotics traf-ficking in New Zealand and the Netherlands.

The 2005 International Monetary Fund (IMF) Country Report No.

05/284, New Zealand: Report on theObservance of Standards and Codes – FATF Recommendations for Anti-MoneyLaundering and Combating the Financing of Terrorism provides further informationhighlighting the risks of money launderingand terrorist financing in New Zealand. The report illustrates serious deficiencies in New Zealand’s Financial TransactionReports Act 1996 (FTRA), which failed to incorporate the majority of recommenda-tions made by the Financial Action TaskForce on Money Laundering (FATF) on the legal and institutional framework forfinancial institutions.

The IMF report recommended that New Zealand authorities develop an effectivesupervisory framework to ensure compliancewith AML/CTF requirements of their financial sector. It stated that the NewZealand financial intelligence unit (FIU) has responsibility for regulatory oversight ofthe FTRA, but that neitherthe Reserve Bank ofNew Zealandnor the FIU

conduct on-site examinations of banks.Further, the FIU can only make an on-siteinspection with a search warrant.

“Supervision by competent authorities …plays a limited role in the [New Zealand]framework, and this creates an obstacle toensuring the effective application of theAML/CTF [sic] requirements by financialinstitutions. The FIU is not in position tofully carry out its supervisory role to ensurecompliance, due to its limited resources andthe absence of legal authority.” (IMF report)

On a more positive note, money laundering in New Zealand is less likely to involve the proceeds of corruption thanalmost anywhere in the world. The Land ofthe Long White Cloud is among the world leaders in its anti-corruption initiatives,demonstrated by Transparency International’sCorruption Perception Index, which has continuously ranked New Zealand as amongthe three least corrupt nations of the worldsince 2002. This also indicates that any

AML/CTF initiatives New Zealand intro-duces are unlikely to be hampered by

corrupt officials, which is a majorimpediment to AML reform in

many less-developed nations.


��

REGIONAL REVIEW

The tackle

The IMF’s report resulted in the New ZealandMinistry of Justice throwing its weight behind afull reform process to bring the FTRA into linewith the revised FATF 40+9 Recommendations.An initial discussion document about theamendment was released in August 2005 and followed up with a second discussiondocument in June 2006. A third consultationdocument is expected to be released later this year with the aim of introducing a draftAnti-Money Laundering and Anti-TerroristFinancing Bill in 2007.

A key aspect of the proposed changes is that legislation will capture entities beyond the scope of the financial sector, suchas lawyers, accountants, casinos, jewellersand real estate agents. As expected, theamendments will include more stringentrequirements regarding suspicious transactionreporting, customer identification and verification procedures. For example, therequirement for covered entities to managetheir compliance efforts via a risk-basedAML/CTF program will be incorporated –something that Australian reporting entitieshave begun to grapple with. It is also likely the amended legislation will overhaul NewZealand’s financial regulatory authorities to ensure them the power to effectively supervise the new AML/CTF regime.

The New Zealand Ministry of Justice hasreceived a range of submissions providingcomment on its second discussion documentfrom a broad range of stakeholders, including

the New Zealand Law Society, the NewZealand Racing Board, the Securities IndustryAssociation, the New Zealand Institute ofChartered Accountants, the Institute ofFinancial Advisors and a consortium representing New Zealand’s casino industry.The volume and scope of feedback reflectspositively on New Zealand’s aim to formulatea legislative response which balances impactedindustry stakeholder concerns regarding compliance costs with the government’sresponsibility to not only conform to interna-tional expectations, but to assume a leadingrole in establishing appropriate legislativebenchmarks for the Asia Pacific region.

Trans-Tasman repercussions?

Aiming to reduce compliance costs, severalsubmissions have suggested the New ZealandMinistry of Justice consider harmonising legislation with that of Australia. It is aproposition already supported by initiatives in place designed to enhance bilateral economic cooperation between the trans-Tasman neighbours. In February 2006,the Australian Treasury and the New ZealandMinistry of Economic Development signed a revised memorandum of understanding(MOU) on the coordination of business law. During the MOU review process,both governments identified the coordinationof AML frameworks to minimise compliancecosts for financial institutions as an area of possible cooperation and, accordingly,included it in the MOU’s work program.

With New Zealand’s four largest bankscontrolled by Australian banking groups,

New Zealand-based subsidiaries and brancheswill be subject to the risk-based AML/CTFrequirements of their Australian parent companies, as currently stated in draftAML/CTF Rule 8.9 under Australia’s second Draft Exposure AML/CTF Bill. There is a clear dichotomy between the interests of New Zealand’s largely foreign-owned banking sector and those of otherdomestic financial institutions impacted by proposed legislation. To the extent thatNew Zealand’s legislation is consistent with that of Australia, these foreign-con-trolled entities will be spared the cost of complying with two different sets of

legislative requirements. Australian financialinstitutions with operations in New Zealandwill watch with interest the development of New Zealand’s AML legislation with aview to incorporating the New Zealand-basedoperations into their risk-based programs.

The New Zealand government’s ongoingchallenge will be to determine whether itscountry’s best interests lie in pursuing harmonisation with Australian legislation orworking with Australian officials to explorethe development of a mutual recognition policy for each nation’s AML/CTF supervisoryframework. The history of the Bledisloe Cupdemonstrates that Australia doesn’t always set the benchmark when it comes to Trans-Tasman rivalry. Accordingly, New Zealandmust develop the most effective and practicallegislative response to the threat that moneylaundering and terrorist financing pose to itsrole in the Asia Pacific region. ■■


��

The history of the Bledisloe Cup demonstrates that Australia doesn’talways set the benchmark when it comes to Trans-Tasman rivalry.Accordingly, New Zealand must develop the most effective and practical legislative response to the threat that money launderingand terrorist financing pose to its role in the Asia Pacific region

INSIGHT


By Joe GarbuttSENIOR MANAGER, GROUP COMPLIANCE

RISK, NATIONAL AUSTRALIA BANK LTD.

How often to train?

I T IS TEMPTING to think of AMLtraining as a one-off ‘tick the box’exercise run every two years or so,

before getting back to the ‘real’ work.However, this approach has serious flaws.Given rapid developments in this area,two years between training is too long.Furthermore, basic issues are easily forgotten over a two year period.

A well-structured training programshould be delivered regularly in a flexibleformat, allowing trainers to tailor content to specific job functions within an organisa-tion. Implementing a standardised one-size-fits-all program runs the risk of being irrelevant, and even de-motivating, to many of those attending.

For example, consider the differentresponsibilities of the audiences listed in Figure 1.

Building successful trainingInstilling a culture of compliance across yourorganisation is the best way to avoid mistakesoccuring within your AML program. This culture should form the bedrock of your AML/CTF training. Explain to staff why they must attend AML training sessions– to prevent and detect crimes with real victims. Regularly reinforce the importanceof new policies and procedures. Remember,a procedural failure at the account openingstage could lead to regulator action and reputational damage.

A successful training program willengage all staff members in ensuringaccounts are opened accurately and suspicions are reported in time.

Some tips to assist you achieve this success are:• design imaginative annual training and

awareness programs

• if you pursue frequent training, shortenits length to avoid overload

• adapt training to meet your audience’srequirements. General awareness training may suit all, but account opening for retail and corporate bankswill need to be differentiated.

The right training for your AML/CTF staffAML qualifications have been established in the US and UK, but it may take some time for that to happen here. In the meantime, conferences are useful for obtaining expert insights and informalbenchmarking. It is critical that you attend any training provided by regulatorsand law enforcement.

Ensure specialist employees have access to relevant AML resources. Thesemight include articles, books, governmentbulletins, regulatory updates, or papers from FATF, the Wolfsberg Group, theEgmont Group of Financial IntelligenceUnits, or the Asia Pacific Group. Ensurethey keep training logs of the reading they’ve done to keep abreast of the issues.

Stay on top of financial crime trends.Internet or media word searches on ‘organ-ised crime, money laundering, terrorism,or fraud’ will keep your typologies contem-porary. Consider subscriptions to relevantindustry newsletters and updates provided by your AML system providers.

Making the gradeAn effective training and education program is an essentialcomponent to any AML approach. Joe Garbutt provides some practical tips to ensure yours makes the grade.

��

TRAINING AUDIENCE DIFFERENTIATOR

The board and senior management Oversight responsibilities.

AML/CTF (and compliance, fraud, Compliance and financial crime expertise. internal audit colleagues) Dealing with regulators, intelligence and

law enforcement agencies.

Customer-facing colleagues Account opening. Suspicions that may derive from customer behaviour and financial activity.

Back-office colleagues Suspicions that may derive from financial activity patterns.

FIGURE 1

INSIGHT

Don’t forget to leverage off the learningof other experts within your organisation.Speak to your firm’s fraud team, whose contacts and currency of knowledge in financial crime is usually excellent.

Within your business unit, undertake a‘training needs analysis’ based on specific jobroles. Some employees may need to furtherdevelop their knowledge or skills in legal,compliance, project management and IT systems, or maintain existing skills.

Lastly, work with your Learning andDevelopment team to establish a benchmark ofthe required level and type of training that mustbe undertaken each year to keep up-to-date.

Identifying the best type of trainingUnfortunately, there is no single approach to effective training. Most methods havedrawbacks. For example, modules with formalassessments can focus participants on merelypassing the assessment, leading to little retention of knowledge. The use of videos issimilarly limited; passive viewing does littleto engage the learner.

So each training approach has its limita-tions. The goal is to select the method mostapplicable to the material presented and mostappropriate for the learning needs of the partici-pant. Combining different delivery mechanismsin a blended approach is the best way to keepthe subject ‘fresh’ and the audience stimulated.

Some general points that might help are:• Face-to-face training is powerful. • If utilising a ‘train the trainer’ approach,

ensure both parties have time to resolveissues before delivery.

• The most effective training is applicableto the organisation and the employee’srole. This subject area should be juicy,it’s about criminals after all. Bring thesubject alive by including generic scenarios related to your industry sector.This is a highly effective way to help colleagues recognise suspicions.

• Good training combines the training expertise of experienced facilitators andinstructional designers with AML/CTF sub-ject matter experts. Attempting to deliverone without the other can lead to disaster.

• Ensure training meets identified outcomes. Maintain records to proveemployee attendance and achievement of competency-based assessments.

• If a colleague failed to attend face-to-facetraining, is there some written materialthey can read?

• If you outsource training, ensure a feed-back process is in place that considers the specific issues experienced by customer-facing employees

• Deliver case studies that involve examplesof suspicion recognition, reporting andthe subsequent handling of the customer.Basing examples on real life situationsprovides colleagues with the opportunityput into practice what they have learned.

• Keep training simple. Use plain languageand eliminate unnecessary padding.

• Be proportionate. Anti-money launderingis a serious subject, but don’t scare colleagues.

• Employee turnover is a challenge – but remember, if we don’t train new customer-facing colleagues adequately on how to open accounts properly, we are asking for trouble.

Using awareness campaignsto supplement trainingAwareness campaigns can be used in conjunction with your internal communica-tions team to keep AML ‘front of mind’.

Good tools you can use are:• company-wide reminder emails • posters for branch back offices • newsletters with stories from the

‘coal-face’ and tips from other staff • sales conferences. Inviting regulators to

speak to sales staff, ensuring the ChiefExecutive Officer stresses the importanceof AML in his opening speech and distrib-uting information about AML to attendees,are all useful methods of raising awareness.

• company intranet. Ensure yourAML/CTF training and reference materialare visible and easily accessible.

Training based on the new AML/CTF BillEnsure you are well prepared in advance ofthe release of the AML/CTF Bill. Once thelegislation is enacted you will face a hugeone-off training workload to ensure staffreceive the necessary training.

Remember, it might take several monthsbefore training settles to ‘business as usual’.During the 2002 UK AML reforms my formerbank’s branch network were required to attendfive training sessions in 13 months before settling into a regular training schedule.

The new AML/CTF Bill can be brokendown into the following training components:

• AML/CTF definitions• legal and regulatory reform• your firm’s response to the reform• reporting suspicions (this process should

be tailored for specific business units indiverse financial services groups)

• account opening/customer due diligenceprocedures

• specialist training examining transactionscreening, transaction monitoring, internalaudit, compliance and fraud.

Final tipsUse spot inspections to ensure training programs meet expectations. Spot checks can be used to test staff awareness or monitortraining attendance. If you receive feedbackfrom the regulator, make sure it’s actionedappropriately.

Provide staff with back-up, such as a helpline that customer-facing colleagues can call when in doubt. A UK bank implemented a know your customer (KYC)helpline within the AML unit to deal with complex questions. Front office staffuse the helpline to answer questions, like“should I open this account, I am suspiciousand I don’t want to launder money, but I don’t want to refuse the prospective customer and alert him/her?”

Above all, be realistic. You can’t train forevery situation. However, you can provide staffwith the knowledge and tools to ensure they areskilled enough to problem solve the rest. ■■

Joe Garbutt is senior manager, group compliance risk, at National Australia Bank. Joe draws on previous AML experience forthese articles. The views expressed in the article represent Joe’s personal opinions and he is not speaking for National Australia Bankin this article.


��

“ABOVE ALL, BE REALISTIC. YOU CAN’T TRAIN FOR EVERY SITUATION.

HOWEVER, YOU CAN PROVIDE STAFF WITH THE KNOWLEDGE AND TOOLS TO

ENSURE THEY ARE SKILLED ENOUGH TO PROBLEM SOLVE THE REST”

TERRORIST FINANCING

R ECENT REGULATORY ACTIVITY in the area of AML/CTF has focused heavily on money laundering. Terrorist financing has been viewed as either too hard or, optimistically, to be covered by AML measures. This article aims

to redress this lack of focus on terrorist financing. Regulated entities will soon be required to comply with legislation and associated rules for both money laundering and terrorist financing.

Before we consider how the risk of terrorist financing should be incorporated into arisk-based AML/CTF approach, a key misconception needs to be corrected. It isn’t just regulated entities who assume AML measures will fit terrorist financing. The underlyingassumption of both the proposed new AML/CTF legislation and the existing FinancialAction Task Force on money laundering (FATF) recommendations is that money launderingand terrorist financing are similar activities with comparable risk profiles and identifiers.Therefore, these activities can be tackled in the same way. But this overlooks a fundamentalissue – money laundering and terrorist financing are not the same.

The fundamental difference lies in the movement of these activities: money launderingaims to move the funds generated from criminal activity into the formal financial system and to make those funds appear legitimate, whereas terrorist financing aims to move the funds tothe criminal activity with little or no need to look legitimate. Other key differences betweenmoney laundering and terrorist financing include: money laundering usually involves movinglarge amounts of money, whereas terrorist financing typically entails the movement of smallamounts; the source of laundered funds is illegal, whereas the source of funding for terroristactivities is often legal; laundered funds are often used to buy legal assets, whereas terrorismrelated funds are usually used to purchase illicit goods on the black market, such as arms. The only common denominator between the two is that the controllers of the funds want tomove the funds from A to B with four methods at their disposal: the legitimate formal financialsystem, the informal financial system, illegal financial networks or the physical movement ofcash. These difference alone justify regulated entities creating a separate CTF program.

A separate CTF program does not mean having another risk-based approach. A CTF specific program needs to be developed within the overall risk-based approach constructed byeach regulated entity. Under this risk-based approach needs to sit a tailored risk identificationand management framework that reflects, not just the risks to be identified and managed,but the risk profile of the financial institution. In other words, if the institution has an accuraterisk-based methodology that identifies the risk profile and characteristics of that institution and


Terrorist financing …what risk?

Underlying the proposed anti-money laundering and counter-terrorist financing (AML/CTF) legislation is an assumption that money laundering and terrorist financing are similar activities.But as criminologist Michelle Hannan demonstrates, this may not be true and should be reflected in the development of a separate CTF program.

��

A separate CTF programdoes not mean havinganother risk-basedapproach. A CTF specific program needs to be developed within the overall risk-basedapproach constructed by each regulated entity

TERRORIST FINANCING

the criminal activity to be detected, then this same macro-methodology or approach can be applied to different risky activities. What doeschange between AML/CTF are the inputs and subsequent outcomes.Obviously, the risks that populate the methodology will change, as well as how these risks are managed at an operational level.

For regulated entities to construct an effective CTF program,key characteristics of terrorist financing and indicators of how thisactivity may be manifest need to be identified. The overall risk-basedmethodology determines how to identify the risk of potential terroristfinancing activity and translation of these risks into indicators.

Table 1 outlines some of the key characteristics of terrorist financing that need to be identified and how these may be translatedinto indicators of potential risks within a financial institution. The criminal activity generating the risk determines the construction of the indicators and process to manage risks..

Once indicators have been constructed, then the approach to managing these risks should be applied. Managing the risks will includereporting, know your customer measures and monitoring measures.How these processes are activated and undertaken will again be determined by the risks themselves. The overall approach doesn’t alterfor terrorist financing, but the operational outcomes will be different toreflect the different risks and characteristics of terrorist financing.

A risk-based approach allows regulated entities to tailor how theyidentify and manage risks. This methodology provides a top-downrisk framework that can then be applied to different types of risks with bespoke strategies being constructed. The bottom-up componentis the populating of the methodological framework with the risks to be identified and managed. In turn, these risks are determined by thecriminal activity generating those risks.

It would be easy to leave the CTF component of the new proposedregulatory requirements to the end of compliance changes, or even toassume it will be covered by the AML measures. However, thisapproach will not be effective. Remember, money laundering and terrorist financing are not the same. Regulated entities need to developa risk-based methodology that encapsulates money laundering and terrorist financing from the beginning. And the result? An effectiverisk framework that also rewards in terms of efficient compliancedevelopment time and costs. ■■


TABLE 1 – RISK INDICATORS OF TERRORIST FINANCING

CHARACTERISTIC

The use of charitable funds to finance terrorist activities (the donors may not be aware of these arrangements).

The use of aid organisations, often related to charities.

Fake identities to disguise ‘imported’ terrorist identities.

Foreign transactions from high-risk countries.

Deposits from high-risk countries or those with tight banking secrecy laws.

Funds transferred to alternativeremittance dealers operating in theinformal financial system or illegalnetworks where they may be usedto purchase arms or illegal goods.

INDICATOR OF ACTIVITY

Deposits from charities intoaccounts, particularly personalaccounts.

Transactions from aid accounts into non-related accounts.

The use of fake identities indicatesother criminal activity, includingpotential terrorist activities.

Deposits into charities or personalaccounts originating from high terrorist-risk countries.

Regular or one-off deposits from offshore banks in high-riskcountries into personal accountsthat cannot be explained.

Transfers to money dealers or similar financial intermediaries without adequate explanation, especially with funds received ineither US dollars or home currency.

��

Reach out to the market

ADVERTISING SOLUTIONSOver 4,500 qualified industry practitioners, including 350 AML project managers from the retail, wholesale, funds management and insurance sectors, read Anti-money laundering magazine. To reach the industry’s key decision makers, contact our advertising team on 02 9776 7923

COMING SOON – SERVICES DIRECTORY Are you a solution/service provider in the anti-money laundering,

fraud and counter-terrorist financing sector? Don’t miss thisopportunity to list your organisation in March’s annual

services directory. For more information contact Diana Zdrilic on 02 9776 7923 or email [email protected]

4 easy ways to register Web www.afmaservices.com Tel + 61 2 9776 7923 Fax + 61 2 9776 4488 Email [email protected]

1 5 N o v e m b e r 2 0 0 6 | M a l l e s o n s S t e p h e n J a q u e s | S y d n e y | 7 C o n t i n u i n g E d u c a t i o n ( C E ) h o u r s

Basel IITwo half-day workshops exploring the implementation

challenges of Basel II from the operational risk

and credit risk perspectives

Mr David Clark, Non-Executive Director, Westpac Europe

Drawing from his experience as Senior Advisor to the UK’s FSA, David will provide an insight into the implementation experiences in the UK.

Dr Donald R. van Deventer, Ph.D, Chairman and CEO, Kamakura Corporation

Dr van Deventer, is one of the worlds leading experts in credit risk management and will explore credit risk modelling and model validation.

06BaselII advert.indd 1 20/10/2006 8:55:23 AM

TOOLKIT


The invisible web

U TILISING THE INTERNET to verify client information is largely a matter of searching public records. Such information, however, is typically part of the ‘deep’ or

‘invisible’ world wide web – the area that search engines cannot enter.Their ‘spiders’ dutifully index the content of a website, but when theyencounter a database, they hit a wall.

This is a problem because these databases contain high-value information for compliance officers and fraud investigators.

A good example is the ASIC Banned and Disqualified Personslist (http://www.search.asic.gov.au/ban.html). Researchers conductingdue diligence on an individual can not rely on Google to tell them ifsomeone is on the list; they must go to the ASIC website themselvesand conduct the search there.

Other useful websites are part of the invisible web because they charge a fee. If you are trying to locate someone, for example,you could search electoral rolls using the Adult Population Index(http://www.abr.com.au/oneoffs/order_form.htm?Source=API) or checkmore than one million tenant records using the National TenancyDatabase (http://www.ntd.net.au/). However, because both are ‘gated’ sites, their content is inaccessible to search engines.

Internet toolkitCompliance officers should build an ‘internet toolkit’ by noting thesewebsites and gradually add others with high-value information insearchable databases.

The sites already mentioned, for example, could be placed in aninternet ‘favourites’ folder called ‘People’. Sites for researching politi-cally exposed persons (PEPs) could also be added, such as:

• https://www.cia.gov/cia/publications/chiefs/index.html – the CIA’sweekly update of chiefs of state and cabinet members of foreigngovernments;

• http://www.rulers.org – lists of leaders, some going back as far as 1700; and

• http://www.arabdecision.com – covers institutions and decision makers in Egypt, Jordan, Lebanon, Morocco, Palestine, SaudiArabia, Syria and the UAE.

A separate folder for favourites called ‘Company’ could also bebuilt, and contain the following:

• Thomas Global Register (http://tgrnet.com/) – a directory of700,000 manufacturers and distributors from 28 countries,classified by 11,000 products and services categories;

• Kompass Company Directory (http://www.kompass.com) – B2B search engine listing 1.9 million companies;

• Europages (http://www.europages.com) – European business directory listing 600,000 companies in 35 countries;

• AskAlix Online Business Directory (http://www.askalix.com/uk/)– this directory contains 22 million records covering the UK and 14 other European countries sourced from its partnership with Dun & Bradstreet; and

• http://www.CorporateInformation.com – source for global corporateinformation on the leading companies in over 55 countries includ-ing useful links to country specific websites (see Country Profiles).

Those who need to dig deeper may also wish to search registrationrecords. In Australia, a quick (and free) search of the National NamesIndex (http://www.search.asic.gov.au/gns001.html) will confirm if acompany is registered.

In the U.S., the NASS website has corporate registration detailsonline at http://www.nass.org/busreg/corpreg.html. In Canada, you can use the Candian Business and Consumer site to source corporate registrations at: http://strategis.ic.gc.ca/cgi-bin/sc_mrksv/cor-

pdir/dataOnline/search.cgi?lang=e.

Exploiting theinternet for AMLFinancial institutions with ‘know your client’ and due diligence obligations have a powerful desktop resource at their fingertips: the internet. Unfortunately, efforts to obtain backgroundinformation on individuals and to research companies are often frustrated by inexpert searchesthat take too long and miss crucial information. John Pyrik provides some useful tips to improve your web searches.

��

TOOLKIT


For the rest of the world, a good starting point for finding companyinformation is Karen Blakeman’s ‘Official Company Registers’,available at http://www.rba.co.uk/sources/registers.htm.

Gateways to public recordsAside from the sites mentioned, there are plenty of pages availablewhere others have already amassed collections of useful links.

The library at Trinity College, for example, has a webpage called‘Australian Deep or Invisible Web and Specialist Search Engines’,available at http://www.trinity.wa.edu.au/plduffyrc/web/invis/austinv.htm

Compliance officers can also benefit from link collections createdfor private investigators and journalists (e.g. http://www.journoz.com).

One of the most comprehensive collections of searchable publicrecord databases is http://www.onsightresources.com. A tremendous aid to searching in the US, it also has an extensive collection of international links. Best of all, its free!

Searching namesThere are some simple tricks available to achieve better results whenusing a search engine to find someone.

Typing Stephen Harris into the Google search box is like typingStephen AND Harris. This search will find every page where bothsearch terms appear. The problem? The terms could be side by side orseparated by hundreds of words.

TIP #1: Use quotation marks. The easiest way to narrow a namesearch is to put the name in quotes: e.g. “Stephen Harris”. This forcesGoogle (and most other search engines) to only return pages whereStephen appears right next to Harris.

But there is a danger in doing this. What if a webpage lists our target as Harris, Stephen? Our search won't find it!

TIP #2: Search backwards and forwards. Just to cover all of thebases, run your regular search, then run a second search and reverse the name order.

TIP #3: Search variations – is it Stephen or Steven? To be thorough,you may wish to search common name variations and nicknames. Use Multi-Cultural Name Analysis, available online athttp://www.trackingthethreat.com/tools/lasnvg.jsp, to find variations in spelling for proper names. This free tool was developed usingdetailed studies of nearly a billion names from every country in the world. Also try Celatro’s Arabic Name Search at http://www.cela-

tro.com/content/demos/Plug-ins/03-Arabic.Name.Search.aspx or itsRussian Name Search at http://www.celatro.com/content/demos/Plug-

ins/02-Russian.Name.Search.aspx.

But what if a webpage lists our target as Stephen R. Harris?Neither of our two previous searches would find it.

TIP #4: Use an asterisk (*). It can stand it for an unknown word orwords in the middle of a search phrase. This is an undocumented feature of Google. A search of “stephen * harris” returns webpages containing the following strings:

Stephen R. HarrisStephen Roy Harris

TIP #5: Add creative keywords. If a search produces too manyresults, try using a few well-chosen keywords with your name search to zero in on relevant pages. For example, use “Stephen Harris” and2618 (his postal code) to cull the results further.

Through the resourceful exploitation of the invisible web, the systematic accumulation of high value sites into an ‘internet toolkit’ and better search strategies, compliance officers will turn the internet into avaluable ally in combating money laundering and terrorist financing. ■■

John Pyrik, CAMS, has a broad range of analytical and investigative experience accumulated from 15 years of government service. He hasworked as an intelligence officer, a securities investigator, and a moneylaundering analyst. He teaches an online course called “Internet forInvestigations” and travels extensively to provide internet training to finan-cial institutions, government departments and law enforcement agencies.

Stephen

Webpages for “Stephen”

Webpages for “Harris”

Harris

Stephen Harris

Through the resourceful exploitation of the invisible web, the systematic accumulation of high value sites into an ‘internet toolkit’ and better search strategies, complianceofficers will turn the internet into a valuable ally in combatingmoney laundering and terrorist financing.

JOHN PYRIK

��

TECHNOLOGY

I DENTITY THEFT is fast-growing inAustralia; anecdotally at 300% per month(albeit off a low base). Estimates of the

cost of identity related fraud in Australia vary between $1 and 5 billion per year. A significant portion of the cost is borne by thebanking industry. But identity resolution andname ‘disambiguation’ technology offers thehope that bankers soon will be better able todiagnose cases of stolen identity and poten-tially fraudulent activity, as well as moneylaundering or terrorist financing activity.

Gone phishingOnce an ID is stolen, the result is fairly predictable. Control of personal financialaccounts will be wrested from legitimate own-ers, with one of three things usually occuring:money is directly stolen and spent, fraudulentcredit and loan applications are approved byunwary banks, and accounts are manipulatedto launder money for use by criminals andeven terrorists. For banks, losses traced toidentity theft can be more than monetary; theyalso can involve the costly loss of reputation.

When it comes to accurately identifyingnew and existing customers, existing processes within many financial institutionsare low–tech and rely heavily on employeesto manually screen for accurate identificationwithout the benefit of comprehensive IT support. Additionally, the complex, disparatenature of existing customer information,combined with data drift, means that banksare not able to truly understand who is who and who knows whom within their customer data stores.

Who’s who? The upshot is that too often financial institutions’ customer identification processesadd up to a losing proposition, especially in a high-stakes business environment underpressure from customers, competitors andgovernmental regulatory agencies.

There are, in fact, two different businesscases to be made in connection with improvedidentity resolution technology for financialinstitutions. As noted above, one addresses thesignificant monetary and public relations risksassociated with fraud, and the other involvesregulatory compliance.

In order to comply with the proposed anti-money laundering and counter-terrorist financ-ing (AML/CTF) Bill, banks (as well as other‘reporting entities’) will have to implementprocedures to help ensure they know their cus-tomers much more intimately than in the past.

Meanwhile, Basel II calls for credit andoperational risk to be assessed in terms of asingle, enterprise-wide view of the customerthat includes information about associationsthey may have with other bank customers (indi-viduals or legal entities), external groups, bankemployees or associations with persons on gov-ernment watch lists. There are issues of privacyto be considered, but customers themselves aredemanding that banks take more measures toprotect them from fraud and identity theft.

It’s just good business for a financialservices company to know who its customersare, who they’re related to and what productsthey use across all lines of business. This notonly complies with regulatory and customerdemands, but also:• manages operational risk more stringently • utilises customer data to generate

increased revenue • capitalises on potentially cost-effective

business process improvements. Increasingly, financial services companies

are discovering enterprise-wide implementationof a know your customer (KYC) strategy canbe a big job. Realistically, the only way a largebank can come close to ‘knowing’ millions ofindividual customers is through advanced tech-nologies that help identify and uncover cus-tomer relationships and data issues.

In the end, a technology-based KYC pro-gram not only protects against identity theft

and the risk of being involved in, or facilitating,money laundering or the financing of terrorism,but also represents a way for banks to drive further profitability.

Getting to know youTechnology exists today that offers a way toverify that a customer is who they say they are,and then relate that information in near real-time to ongoing transactions and regulatoryrequirements. It essentially combines identityresolution (who’s who), relationship resolution(who knows whom) and anonymous resolutionto create a single view of the customer that can be shared safely – not only among a singlebank’s various business units, but among other banks and government agencies.

Identity resolution is not another name for identity management; it’s not validation of user log-ons, for instance, or granting permissions. It refers to the resolution of personal identities, connecting those identifiedpersons to other people and organisations toassess what is called a network threat, and then sharing that information with other entities (anonymously, if need be) to managerisk across the whole financial industry without jeopardising customer privacy.

Identity resolutionThe desire to have a 360-degree view of thecustomer once sprang from marketing depart-ments desire to reduce duplicative direct mailings to the same customer. Today itrelates to post-9/11 demands for financialservices companies to comply with regulatorydirectives aimed at preventing fraud, moneylaundering and the financing of terrorism.

By combining several value attributes,in addition to names and addresses, identityrecognition has reached a previously unattain-able level of precision and accuracy. It is now powered by technology capable of maintainingidentity repositories that perpetually replenishin streaming mode as new data enters the system in real-time. Identity resolution systemshone in on an accurate representation of ‘who’s who’ in a bank’s customer set, going far to help financial services institutions:• recognise a single individual who may

have multiple identities and accounts • consolidate customer and citizen identities


Getting to know youIdentity resolution technology has found an interesting application in the fight against money laundering and identity theft. Brendon Smythexamines how financial institutions can map relationships between individuals and organisations to create a 360 degree view of a customerto meet know your customer (KYC) requirements.

• strengthen anti-money laundering, counter-terrorist financing and anti-fraud protections

• improve up-sell and cross-sell opportuni-ties, service and customer satisfactionbased on a full and complete view of the customer, and

• comply with customer identification andKYC information requirements.

Relationship resolutionKnowing who’s who is only one element ofthe complete identity resolution cure. It isequally important that banks have a morethorough understanding of who knows whom.

Traditional customer and employee data integration technologies take a one-dimensional approach to resolving identities.What they miss are the non-obvious relationships that potential or existing customers may have with other customers,vendors, bank employees or, in the worstcases, persons on government watch lists.

Relationship resolution technology permits banks to look beyond the bounds ofdirectly attributable data into an individual’sbusiness, family and friendship circles.

Relationship resolution technology alsocan be used as a competitive differentiator

for banks, pointing the way to extended customer relationships that may offer revenueopportunities. For example, the system couldbe used to identify high-value customers or touncover customer networks of families andfriends that could be cultivated in terms ofcustomised offerings and higher rates ofreturn for combined purchases.

Anonymous resolutionThe third and final element of the entity analytics financial health regime answers this question: how does a bank strategicallyuse personal information to combat fraud and money laundering but, at the same time,protect customer privacy and help ensurelong-term loyalty? It’s a contentious issue thatcan put regulatory compliance at loggerheadswith customer relationship management.

Anonymous resolution technology permits a bank to anonymously share relevantpersonal information among databases controlled by different business units,companies or even government agencies.Customer data can be compared without sharing underlying personally identifiableinformation that may be subject to legal,regulatory or company policy restrictions.

Anonymous resolution technology allowsdatabase owners to provide only anonymisedmetadata, which can then be compared to pinpoint specific subjects of interest.Customer privacy is maintained, even as abank’s ability to perform due diligence isenhanced to meet regulatory requirements.

A dose of opportunityIn one sense, identify resolution is a form ofeconomic medicine. Banks can take it to successfully ease – and perhaps even cure – a virulent strain of identity theft that currentlyutilises the financial network to spread fromone victim to the next. (see Figure 1)

But before inoculation comes acknowl-edgement. There first has to be a consensusthat the problem is real, local and growing,and that customer identification and KYC is more than just a troublesome regulatorymandate. It’s a very real – and potentiallyprofitable – opportunity, and a healthy way to do business. ■■

Brendon Smyth, is the risk and compliancesolution leader for IBM Global BusinessServices in Australia and New Zealand. [email protected]

TECHNOLOGY


Composite Party EngineFront Line Apps

Account Opening/ Customer Identification

Program

Suspicious MatterReporting

Candidate Screening

ID VerificationALERT

SUPEONA

ALERT

ALERT

ALERT

Ontology’s / Drill Down Queries

Link Analysis /Relationships / Trees

Case ManagementSemantic Search

Investigative Tools

FOLLOW

SEARCH

InternalInformation

Assets

CUSTOMER

CUSTOMER

CUSTOMER

CUSTOMER

EMPLOYEE

VENDOR

OTHER

CUSTOMERDATA

INTEGRATION

External Data

Identity and Relationship Resolution

Watch Lists

HIT

LEAD

HIT

FIGURE 1 – ACHIEVING BUSINESS BENEFITS FROM INTEGRATION AND PROCESS AUTOMATION

PROFILE

D AVID HARLEY BREATHED A HUGE SIGH OF RELIEFin July when the Federal Government released the latest draft of its proposed anti-money laundering (AML) legisla-

tion. Harley is the senior manager of group fraud control at BendigoBank, and he had noted that earlier versions of the Bill suggested a system that would require each of Bendigo’s Community Bank branches to be a separate AML reporting entity.

“This would have created an organisational nightmare where each Community Bank had to have its own program, training andreporting,” Harley said. “Fortunately, working with the Bank ofQueensland, which faced a similar issue, the Australian Bankers’Association, the Attorney-General’s Department and AUSTRAC,we were able to develop changes to the draft exposure bill which,if implemented, will resolve this issue.”

Bendigo’s Community Bank model is essentially a franchise system. The Government had to take a view on whether each agency had responsibility under AML, or if the licensed approved deposit takinginstitution could act on behalf of its agencies. “If the Government had

stuck with its initial position, some Community Banks would not have had the money to meet their obligations,” Harley believes.

Bendigo has dodged that bullet but Harley says there are other aspects of AML that will pose problems for regional banks such as Bendigo.

“We have very high customer satisfaction ratings, which we have created by encouraging our staff to spend time developing goodrelationships with customers,” Harley said. “With AML we are goingto be much more structured in the way we deal with clients and we are going to be much more intrusive. For example, we will be asking about the expected inflow into an account. Some of our customers could find that confronting. The challenge is to complywith the legislation and retain the point of difference that makes us attractive to our customers. Managing staff and customer impact is going to be a big exercise. We are hopeful that the Governmentand AUSTRAC deliver on a promised public education program,although we are yet to see any detail of this.”


Regionalcrime fighting

DAVID HARLEY | BIOGRAPHY

2004 | Senior manager group fraud control, Bendigo Bank, with responsibility for internal and external fraud, including anti-money laundering

2001 | Head of security, fraud and anti-money laundering operations at Westpac Pacific Banking, working in Papua New Guinea and the Pacific Islands

1997 | Joined Westpac as an internal fraud investigator

1982 | Began a career with Victoria Police

David is a member of the Association of CertifiedFraud Examiners and a senior associate of theFinance and Securities Institute of Australia.

PROFILE

Another challenge for Bendigo is one that confronts all smallfinancial institutions. It has a relatively small budget to allocate to its AML program and must implement it in a cost-effective way.Harley says: “Big banks have more complex systems and they will face cost pressures too, but I would say that in proportion to the relative size of earnings our AML program will be bigger than theirs. It will be very important for us to get a high level of commitment from our external providers.”

Bendigo Bank has one million customers being serviced by 340 branches. In terms of customer numbers and revenue, for an institution of its size it has a very large footprint. That raises someissues. Harley and his team must ensure that all the people in all the different locations are following the AML protocols in the same way. Further, its geographic spread means that customer risk

profiles will vary greatly. This will demand some level of automation.Financial institutions with more concentrated operations will find thismuch easier. Harley concedes that getting a uniform approach to AMLacross the banks will be hard.

Harley says it is easy to slip into a mindset where AML is onlyabout costs, difficult compliance issues and hard work. He maintainsthere are gains to be made from the bank’s AML implementation.

“From the commencement of our work we have considered what business benefits can be derived from the delivery of an AMLprogram,” he said. “There will be significant investment for us

in developing our IT systems. We think we can gain in customer relationship management. This bank does not have a CRM system and what that means is that our identification with a customer is at the single account level. We would hope to use the AML exercise to get to a global view of the customer.

“The focus on ‘know your customer’ creates a need to be able to understand all the relationships a customer holds with you. A real benefit of this will be a reduction of mail outs and returnedmail. After addressing any privacy issues, this aggregation of the relationship view also creates an opportunity to market the right product to the right customer at the right time,” Harley believes.

Harley has a small team working with him on AML but says this will build as the Government gets closer to passing its proposed

legislation. He believes he has achieved the right level of involvementfrom stakeholders within the bank.

“We have key stakeholders from the various businesses. There are combinations of senior management and hands-on staff within that stakeholder group. We are currently building the core of our project team with the recognition that the various businesses within the bank need to own most of the change and that their involvementwill drive business benefits. Our project steering committee has seniorbank executives from Strategy, Wealth, Retail and IT, demonstratingthe commitment by the executive and the importance of driving a successful AML program,” he said. ■■


“With AML we are going to be much more structured in the way we deal with clients and we are going to be much more intrusive ... some of our customers could find that

confronting. The challenge is to comply with the legislation and retain the point of difference that makes us attractive to our customers”

Claim your FREE subscription* to anti-money laundering magazine, the definitive source of information for the financial services sector on anti-money laundering and counter-terrorist financing.

Call our subscription department today on 02 9776 7923 *subscription offer ends June 2007

Don’t get taken to the cleaners

CASE NOTES


A S THE AUSTRALIAN SUBSIDIARY of a large UK-based funds manager, your organisation receives a number of international customer account investments

and withdrawals on a daily basis. As the person responsible for anti-money laundering and counter-terrorist financing (AML/CTF) compliance, you like to review these transactions. Today you notice that one account has received a Thai Baht-denominated cheque drawn on a regional Thai Bank. This is not unusual,as this Australian customer appears to receive similar-sized cheques about once a month, and they are always deposited into one of two wholesale investment (non-super) trusts held in similar account names. However, on looking at the internationalwithdrawals, you notice that there has been a large withdrawal from these same accounts. You think this is a bit strange and decide to investigate further.

When you have a closer look at the withdrawals, it appears that the funds have been removed from accounts investing in the wholesale investment trust, and transferred to a bank account inSingapore in the name of a broker. Transferring funds from a managed fund in Australia to a Singapore bank account is not unusual for your organisation, but you are still a bit curious and think it might be prudent to look at the deposits as well.

When you investigate the deposits you find that they have been made through a broker account in Thailand with a similar name as the account receiving the funds transferred to Singapore.

You notify the product manager for the wholesale fund involvedand suggest that they contact the client to find out a bit more. In particular, you ask the product manager to enquire about why the client doesn’t simply deposit the money directly from Thailand to Singapore without paying the (admittedly modest) entry and exit fees your organisation charges on this fund, particularly when a significant proportion of the money only remains invested for around one month.

The product manager calls you back a few days later and explainsthat the client is aware of the additional fees and costs they are payingwith this arrangement, but are happy with it because they want to control the movement of their investment funds.

So what could be their rationale for these transactions?

Possible explanations

1) A legitimate explanation maybe that the customer lives in Australia and owns a number of commercial properties in Thailandfrom which they receive rental payments. The customer is alsoundertaking a property development in Singapore, which is wherethe funds are being sent after withdrawal. As the customer is basedin Australia, they prefer the funds from Thailand to be sent hereand for the customer to then control the payments made to theirSingapore development.

2) An alternative explanation may be that money received in Thailand is from illicit drug activities and is being deposited via a third party(a broker) into an Australian managed fund, with possibly Australiandrug proceeds being added to the account, and the proceeds then sent to Singapore again through the third party (with the broker even operating as the launderer) as part of the layering phase.

Questions you should consider if faced with this case:

• What know your customer (KYC) procedures would have beenapplied to this customer when they made their initial investmentinto the wholesale fund? What further KYC information might you attempt to obtain?

• What recording procedures should be in place for internationalfunds transfers?

• What AML risk do brokers represent for managed funds?

• Are there any risk indicators of possible money laundering activityin this case study, such as:o deposits of funds by a third unrelated partyo transaction behaviour that is unusual for this type of product;

for instance, funds only being invested in the fund for a short period of time

o unexplained non-economically justified behaviour such as undertaking costly transactions

o multiple withdrawals to an overseas account. ■■

Wholesale managed funds:the Rorschach effectHow can financial products be used to launder money via managed funds? And what questionsshould a fund’s compliance staff ask if things appear out of the ordinary? This month we explorea case for suspicion in the funds management industry.

six steps to implementation

© 2006 KPMG, an Australian partnership, is part of the KPMG International network. All rights reserved. August 2006. VIC10327FAS.

AML legislation.In-depth

knowledgeworking for you.

The Government’s new anti-money laundering(AML) legislation is upon us. At KPMG, we can help you assess clearly and pragmatically theimpacts for your business.

Our team of AML professionals offer deep knowledgeand practical experience in helping financial servicesorganisations, just like yours.

We can help you assess the money laundering andfinancing of terrorism risks faced by your business – and more importantly how to address them.

Our team can assist in the design and implementationof new policies and processes, systems selection andintegration advice and staff training.

We have worked with leading financial institutions,globally and in Australia, in areas such as moneylaundering and terrorist financing risk reviews anddeveloping AML processes, policies, training andtechnology. It all translates into more focused, up-to-date and relevant advice for your business.

So when it comes to understanding the new AMLlegislation, contact the professionals in the know – KPMG Forensic.

For more information please contact Gary Gill on +61 2 9335 7312 or [email protected]

kpmg.com.au

Date post:	11-Jun-2020
Category:	Documents
Upload:	others
View:	3 times
Download:	0 times

anti-money - AFMA · ANTI-MONEY LAUNDERING NOVEMBER 2006 1 D EBATE AMONG anti-money laundering...

Documents