Beneficial Ownership: Practical Applications for Stronger CDD Processes
Noon EST – 2:00 PM ESTA sound check will be performed 5 minutes before the start
time
Technical Assistance• Send a message via the Q & A box• Or Call WebEx Technical Support:
(US & Canada) 866-229-3239 (International) 916-229-3239
Attendee instructions on how to use Audio Broadcast • Do not close the Audio Broadcast panel
• If you are not able to listen to the audio on your computer speakers, press the stop button, wait 5 seconds then press play.
• Make sure to adjust the volume button on your computer speakers and also adjust the volume on your sound card. To do this, go to the Start Menu, click Control Panel, then click Sound & Audio Devices and adjust accordingly.
• If you do not have speakers, please refer to your login instructions for the Teleconference Domestic and International Numbers and Access Code.
• You may request the Teleconference Number by clicking “Request”under the attendee box on your left hand side.
To send a question:
• Locate the Q & A box on the bottom right hand corner of the WebEx platform.
• Type in your question and click send!
Speakers:
Will Vorhees, CAMSManager, Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) & e-Fraud
Investigations Units at SVB Financial Group (SVBFG
Theodore S. Greenberg, CAMS President, TG Global
Beneficial Ownership: Practical Applications for Stronger CDD
Processes
Theodore S. GreenbergPresidentTG Global
Washington, [email protected]
Untying The Gordian Knot
• What happens 16 million times per day in 209 countries and involves 9,000 financial institutions?
• Proceeds of crime are often hidden in plain sight banks of transferred by companies and other legal entities.
• Proceeds of crime are usually laundered through banks in several transit jurisdictions before reaching final hiding place. Is your FI to blame?
Agenda
• What does beneficial ownership mean?• U.S. and International Standards.• Illustrations of problems in identifying beneficial
ownership• Is there any excuse for not knowing who is the
beneficial owner?• Hot Issue: Politically Exposed Persons
Who Is A Beneficial Ownership? • Beneficial owner includes the natural
person[s] who ultimately owns or controls a customer and/or the person on whose behalf the transaction is being conducted. It also incorporates those persons who exercise ultimate effective control over a legal person or arrangement and relevant third parties. FATF Glossary
FinCEN and USG Regulators Issue Guidance on Obtaining and Retaining Beneficial Ownership
Information
• March 5, 2010• As part of BSA/AML compliance program, a FI should
establish and maintain CDD procedures that are reasonably designed to identify and verify the identity of beneficial owners of an account, as appropriate, based on the institution’s evaluation of risk pertaining to an account.
• Definition of “beneficial owner under FinCEN’s regulations specific to CDD for private banking and correspondent account for foreign financial institutions…
FinCEN Continued• “…is the individual(s) who have a level of
control over, or entitlement to, the funds or assets in the account that, as a practical matter, enables the indiviudal(s), directly or indirectly, to control, manage, or direct the account…”
• See, e.g. 31 CFR 103.175(b)
International Standards and Why Should I Care?
• FATF Glossary Definition (above).• FATF R 5: CDD includes identifying the beneficial owner, and taking
reasonable measures to verify the identity of the beneficial owner, and legal persons…this should include…taking reasonable measures to understand the ownership and control structure of the customer.
• EU Third Money Laundering Directive states that this is a natural person controlling 25% of a legal entity.
• Bank of International Settlement (BIS) states than an institution should identify those who have control over the business assets with particular attention to shareholders or others who inject a significant proportion of capital…
• G20 emphasis on transparency and focus on beneficial ownership.
Difficult Areas• Companies• Shell and Shelf Companies• Partnerships (limited liability)• Associations, cooperatives etc.• Trusts• SPVs• Nonprofit corporations
Shell and Shelf Companies• Shell company refers to a legal entity, established under
the laws of a State, that has no independent operations or assets of its own.
• In 2009 one company advertised: “[w]hen you set up with one of these shell corporations, your name is not listed on public records as the “incorporator” and First Director, which can be very key when it comes to privacy.”
• “Why wait months or years to establish business credit when you can own a turnkey Nevada shelf corporation with over 150k of bank credit.”
A Simple Addition To The Identification Regime
Require a Declaration of Beneficial Ownership
• Provides background to assist with identification and verification.
• Assist regulatory authorities in evaluating BO practices.
• Requirement to sign under criminal penalty, where existing, serves as deterrent.
• One tool – not only tool—to identify and verify BO. Not sufficient to let banks “off the hook”.
Politically Exposed Persons• Individuals who are, or have been, entrusted
with prominent public functions• Includes family members and close associates• Represent a greater ML risk because of the
possibility that they will abuse their position and influence to carry out corrupt acts (e.g., extort/pay bribes, steal assets)
• “Not all PEPs are bad” but all require EDD
Stolen Asset Recovery (StAR) Initiative
Why Focus on PEPs? • Legal and reputational risk to individual bank, and
reputational risk to a jurisdiction’s financial sector as a whole.
• Standard CDD is not sufficient.• Level the playing field – banks are already taking action
on PEPs and many go beyond the international standards.
• The problem continues: Corrupt PEPs are becoming more effective in hiding their identity through associates, legal entities, and intermediaries.
Stolen Asset Recovery (StAR) Initiative
Response – UNCAC & FATF
• UNCAC, Article 52 (entered into force Dec 2005): – “to conduct enhanced scrutiny of accounts sought or maintained
by or on behalf of individuals who are, or have been, entrusted with prominent public functions and their family members and close associates.”
• FATF 40+9 Recommendations: Rec. 6 (June 2003)– Risk management systems to identify PEPs– Senior management approval– Establish source of funds and source of wealth– Conduct enhanced ongoing monitoring
Stolen Asset Recovery (StAR) Initiative
The Reality: Low Compliance • More than 80% of jurisdictions have not
implemented effective measures. Only 3 jurisdictions compliant.
• Compliance lower in FATF jurisdictions.
Stolen Asset Recovery (StAR) Initiative
Link between PEPs and AML
• PEPs should be identified in course of CDD procedures (including identification of beneficial owner)
• Failures in CDD creates risk that PEP will not be identified
• FATF Recommendation ratings build on this link
Stolen Asset Recovery (StAR) Initiative
Recommendation 5 = CDDRecommendation 6 = PEPs
Little Evidence of Monitoring• What is reported by banks?• No corrupt PEP activity in banks or in
other sectors• Few PEP STRs• Few investigations or prosecutions for
grand corruption• Where is the corrupt money?
Stolen Asset Recovery (StAR) Initiative
Why is PEPs Compliance a Problem?
• Lack of political will– Failure to pass and implement legislation and
regulations.– No regulatory sanctions on PEPs.– Little interest in measuring effectiveness of
PEPs measures (e.g., collection of statistics, studies).
– Few cases.
Stolen Asset Recovery (StAR) Initiative
Principle Recommendation 1• Apply EDD to All PEPs, Foreign and Domestic.• UNCAC - domestic and foreign PEPs; FATF – foreign only.• Why?
– Legal and reputation risks remain same – domestic politicians are subject to same pressures and perverse incentives.
– Increase credibility of commitment to fighting corruption and money laundering.
• Reality: Many banks are already covering both.
Stolen Asset Recovery (StAR) Initiative
Principle Recommendation 2• Require a Declaration of Beneficial Ownership.• Provides background to assist with identification and
verification.• Assist regulatory authorities in evaluating BO practices.• Requirement to sign under criminal penalty, where
existing, serves as deterrent.• One tool – not only tool—to identify and verify BO. Not
sufficient to let banks “off the hook”.
Stolen Asset Recovery (StAR) Initiative
Principle Recommendation 3• Request Asset and Income Declarations.• Required in more than 110 countries.• Provides a “snapshot in time” that bank can use
to compare with profile or account activity.• Addressing refusals.• Issues: Verification is uneven. • Other uses: PEP identification if public list of
filers, analysis of STRs by FIUs.
Stolen Asset Recovery (StAR) Initiative
Principle Recommendation 4• Periodic Review of PEP Customers• Review of the “big picture” on risk-based
approach, at least yearly• Helps to overcome silo approach• Should include consideration by at least
one senior manager• Good Practice: PEPs Committee
Stolen Asset Recovery (StAR) Initiative
Principle Recommendation 5• Avoid Setting Limits on the Time a PEP
Remains a PEP.• UNCAC and FATF – “once a PEP always
a PEP”.• Problems with time limits.• Consider on case-by-case basis using
risk-based approach.
Stolen Asset Recovery (StAR) Initiative
Other Recommendations & Issues
• PEPs are an asymmetric risk – no one single tool will solve problem.
• Ensure inclusion of “family members” and close associated in definition of PEPs.
• Commercial Databases.• Involvement of group AML/CFT compliance
officer in decision to accept customer.• Issue: National List of PEPs.
Stolen Asset Recovery (StAR) Initiative
Regulatory Authorities, FIUs
• Include PEPs component in on-site inspections.• “Red flags” or typologies to help identify PEPs,
including close associates, and indications of corruption.
• Enforcement, use of sanctions.• Guidance on filing PEP STRs.• Collection of statistics.
Stolen Asset Recovery (StAR) Initiative
Beneficial Ownership:
Practical Applications for Stronger CDD Process
William Voorhees; MFA, CAMS, CFE
Issues to be addressed at today’s presentation How to:
Mitigate the risk of banking high-risk entities
Identify account holders
Monitor those relationships
Maintain CDD/EDD records
Report suspicious activity
Discussion Points:What are beneficial owners
What are the risks in not identifying them
What is the latest interagency guidance
How to put a strong CDD/EDD program in place to ensure reasonable detection and identification
“An enterprise-wide compliance risk-management program should be dynamic and proactive. It should assess evolving risks when new business lines or activities are added, when existing activities and processes are altered, or when there are regulatory changes. The process should include an assessment of how those changes may affect the level and nature of risk exposures, and whether mitigating controls are effective in limiting exposures to targeted levels. To avoid having a program that operates on autopilot, an organization must continuously reassess its risks and controls and communicate with all employees who are part of the compliance process. If compliance is seen as a one-off project, an organization faces the risk that its compliance program will not keep up with the changes in its services or customer mix.”
-Governor Susan Schmidt Bies (former)Board of Governors of the Federal Reserve System
What is a Beneficial Owner?A person who enjoys the benefits of ownership
even though title is in another name
Any individual or group of individuals that, either
directly or indirectly, has the power to vote or
influence the transaction decisions regarding a
specific entity– Investopedia
Interagency GuidanceFinancial Crimes Enforcement Network (FinCEN)Board of Governors of the Federal Reserve System (FRB)Federal Deposit Insurance Corporation (FDIC)National Credit Union Administration (NCUA)Office of the Comptroller of the Currency (OCC)Office of Thrift Supervision (OTS)Securities and Exchange Commission (SEC)
Interagency Guidance
Issued to clarify existing regulatory expectations
Cornerstone of a strong BSA/AML program is CDD
CDD process should be commensurate with Bank’s BSA/AML risk
Risk assessment needs to be conducted to determine risk present
Interagency Guidance
Consider implementing on an enterprise-wide basis
Encouraged to share information across business lines, separate legal entities w/in the enterprise and affiliates
Look for additional information from other areas of the bank, such as:
Credit underwriting
Marketing
Fraud detection
Interagency Guidance
Examples of CDD on-boarding procedures:
Is the customer acting as an agent on behalf of another?
Is the customer a non-public entity (association, PIC,
trust, foundation)? If so, obtain structure info.
Is the customer a Trustee? If so, obtain structure info,
such as, the provider of the funds and any persons who
control the funds or trust.
Interagency Guidance
Examples of EDD on-boarding procedures:
Identify and verify beneficial owners
Reasonably understand the sources and uses of funds in
the account
Reasonably understand the relationship between the
customer and the beneficial owner
Interagency Guidance
Examples of high-risk clients:
Trusts
Corporate entities
Shell entities
Private Investment Companies (PICs)
Nominee accounts (set up by gatekeepers)
*Private Banking and Foreign Correspondent accounts too
Interagency Guidance
Evaluate the anticipated activity information obtained in account opening against actual account activity after the account is established.
Does the anticipated activity seem normal for that business or account type?
Cant just book it and forget it!
Interagency Guidance
Private Banking
Source of customer’s wealth
Anticipated activity
Geographic location
Corporate structure
Public informationSpecial rules apply to Senior
Foreign Political Figures (SFPF)
Case Studies / Enforcement Actions
Reading these point out industry-wide concerns.
These include legal precedents and specific facts.
It is important to discuss these with senior management and the board of directors.
Can be part of Board packet for BSA training.
Case Studies / Enforcement ActionsBanc of America Investment Services, Inc.
2007 – Fined $3 million by NASD for failure to obtain customer information on certain high-risk accounts
Failure to have adequate communication with the parent bank to ensure SAR filings were met
34 accounts linked to one family in the Isle of Man involving trusts and PICs
Above accounts engaged in multi-million-dollar international wire transfers
High Risk Companies as ClientsNew account opening procedures
Beneficial ownership structure
Analyze funds to determine a baseline of activity
Design monitoring timeline
Compliance play active role in on boarding and approving
How to mitigate the risks of high-risk CompaniesThe Bank’s EDD process should cover:
Identification of the risk
Control of the risk
Measuring the residual risk
Monitoring of the risk/controls
Reporting
Adjustments to controls
Updates to the profile (when and why)
How to mitigate the risks of high-risk CompaniesObtain an understanding of the customer’s risk profile in
order to develop the appropriate processes to mitigate the overall risk. Specifically, the analysis of the data pertaining to the customer’s activities should consider the following:
Purpose of the account;
Actual or anticipated activity in the account;
Exact nature of the customer’s business;
Customer’s location; and
Types of products and services used by the customer.
How to evaluate the information received Example: The data collected in the on-boarding process
reflects that a client process 100 international funds transfers per day. Further analysis may show that approximately 90 percent of the funds transfers are recurring well-documented transactions for long-term customers. On the other hand, the analysis may show that 90 percent of these transfers are non-recurring or are for anonymous / new customers. While the numbers are the same for these two examples, the overall risks are different.
How to mitigate the risks of high-risk CompaniesBeneficial Ownership Drilldown:Keep drilling until you have identified a natural person who ultimately
owns or controls the company
All owners with >X% (10%, 20%, 25%)
Find the natural person, or:
Governmental entity
Publically traded company
Well-known private company (Bechtel, Mars, etc)
NGO/NPO (get the Board)
In some cases well known VC firm
Trust (get the trustees and beneficiaries)
How to mitigate the risks of high-risk Companies
One way to build a program is to identify the high-risk business types. For example:Professional Service Providers (law firms, travel agents, holding companies, investment brokers)
Foreign Corporate Entities (PICs, IBCs, foreign financial institutions)
Cash Intensive Businesses (MSBs, pawn shops, gas stations, liquor stores, etc)
Non-Governmental Organizations (charities, PACs, associations)
Dealers (car dealers, import/export, precious metals, weapons, luxury goods)
Entertainment (adult, card clubs, casinos, etc)
How to mitigate the risks of high-risk Companies
Coding of the high-risk client types
Break up the high-risk client types into tiers
Require escalated approval for the highest of the high
risk clients (BSA Oversight Committee or similar)
Design a monitoring program for the high risk clients
EDD on all high risk clients but frequency of review can differ
based on the tier levels
Design of a CDD/EDD Monitoring Program (example)
After initial on-boarding, periodic review of client
relationship, including:
Review of relationship and actual activity/CDD for risk rating
purposes
EDD on High-Risk clients, looking for:
Change in business model
Change in business operations
Activities discovered through transaction monitoring
Changes in beneficial ownership
Other significant changes, as appropriate
Design of a CDD/EDD Monitoring Program (example)
EDD Steps:
Standard profile validation step can include:
Negative news searches
Review of notes from relationship teams in Client Records system
Review of client service changes (new products or services like RDC)
Secretary of State records, if appropriate
Professional services registrations
Review alerts/cases in transaction monitoring or case management system
Update records to include changes to risk rating, business code,
committee approvals needed, etc.
Design of a CDD/EDD Monitoring Program (example)
EDD Steps:
After your records are updated, ensure any dates or
other controls devices are updated so the client will be
reviewed when its time is up.
Remember that by taking a “risk-based approach” you
can stagger out your ongoing CDD/EDD reviews so as
to not overwhelm your staff resources
Reference Resources
The joint release Financial Institution Letter regarding Guidance on Obtaining and Retaining Beneficial Ownership Information http://www.fdic.gov/news/news/financial/2010/fil10008a.html
This is where to find the release that describes the interagency guidance
Reference Resources
The Federal Financial Institutions Examination Council (FFIEC), http://www.ffiec.gov/bsa_aml_infobase/documents/BSA_AML_Man_2010.pdf
Brand, spankin’ new BSA/AML Exam Manual,Provides guidance to examiners for carrying out BSA/AML and Office of Foreign Assets Control (OFAC) examinations.
EDD for nominal and beneficial owners on page 65
Reference Resources
Network Branded Prepaid Card Association: Recommended Practices for Anti-Money Laundering Compliance for U.S. Based Prepaid Card Programs, http://www.nbpca.com/docs/NBPCA-AML-Recommended-Practices-080220.pdf
Entities covered by BSA/AML Requirements,BSA/AML Risk Assessment,Internal Controls,Federal Reporting Requirements,KYC & Third-Party Agents, andIndependent Compliance Testing
Reference Resources
The FinCEN web site, www.fincen.gov
Excellent resource for statutes, regulations, forms, enforcement actions, and news about FinCEN;The SAR Activity Review includes an SAR analysis by product, industry and geographic location of activity www.fincen.gov/news_room/rp/sar_tti.html
Reference Resources
The Financial Action Task Force (FATF) , http://www.fatf-gafi.org
Contains the FATF 40+9 Recommendations,Provides guidance, best practices and interpretive notes,Includes mutual evaluation reports (MERs) and detailed assessment reports (DARs) for countries – an excellent source of information about country risk, andDiscusses the methodology used for assessing country AML/CTF frameworks.
Contact Information
William J. Voorhees, MFA, CAMS, CFEAML/BSA & e-Fraud ManagerOFAC OfficerSVB Financial Group3003 Tasman DriveSanta Clara, CA 95054Tel: [email protected]
If you have additional questions for today’s experts, please send them to:
Thank you for joining us today!
Web Seminar Certificate of AttendanceTo request a certificate of attendance, please fill out the request form, found in your reference materials, and email the form to [email protected] along with your payment information. First certificate is included in cost of seminars. There is a $40 administrative fee for each additional certificate.
You may also call +1 305.373.0020 to process payment over the phone.
Next Web Seminar:
Banks and MSB Clients: Understanding Risk Ranking and
Regulator Expectations
April 14, 2011 – Noon to 2:00PM EST
Conducting Effective AML Investigations: Law Enforcement Methodologies and
Private Sector TechniquesFebruary 25 | Washington, DCFebruary 28 | New York CityApril 29 | New York City
Join veteran law enforcement speakers, Dennis Lormel and Edward Rodriguez, as they present a full review of the investigative process from start to finish. In this comprehensive, full‐day seminar, attendees will gain invaluable insight on:
• Increasing your AML expertise based on case study analysis from the law enforcement and private sector perspectives
• Practicing critical interview processes and techniques• Determining when to file a suspicious transaction report
Register today!
go.acams.org/seminars | +1.305.373.0020 | [email protected]