Fighting Money Laundering Seven sound practices Frederick E. Curry III Deloitte Financial Advisory Services LLP October 2, 2013 Crime Stoppers International
Seven sound practices Understand the quantity of money laundering risk at your organization Confirm that policies, procedures, and controls address all products and services that you offer “Know Your Customer” Commit sufficient resources to AML compliance Customize employee training to address money laundering risks File required regulatory reports Test your compliance program regularly 2 aspects: Information sharing Policy shifts as gov’t link to international economy
Understand your money laundering risk The Board and senior management should know the quantity of money laundering risk within your organization The U.S. Federal Sentencing Guidelines establish that risk assessments are a foundational element of a compliance program Products, services, customers, delivery channels, and geographies served should have a risk classification Relationships posing higher risks should be reviewed more closely at the inception of the relationship and frequently throughout the term of their relationship Key business stakeholders should be involved in the risk assessment process 2 aspects: Information sharing Policy shifts as gov’t link to international economy
Risk assessment Institutions should identify, measure and consider four main risk measures Based on the extent and the combination of the given risk measures, the overall risk of a customer can be quantified and differentiated through calibrated scales from Low to High Geographies Channels Products & Services Customers • International Wires Internet Banking Large Cash/Large Dollar transactions Private Banking Int’l Correspondent Banking Face - to Face Banking Agents OFAC Areas of Primary ML Concern FATF Non-Cooperative Countries Typical Daily/Monthly Volume Politically Exposed Person Industry / Occupation Customer Geographic Location Length of Relationship EXAMPLES OF RISK MEASURES RISK • Areas identified in the annual International Narcotics Control Strategy Report
Risk assessment matrix Inherent money laundering risk is assessed across four main risk areas. Multiple risk factors are evaluated within each to determine the overall inherent money laundering risk. Risk Factor Low Medium High Customer Base Inherent Risk Stable, known customer base Customer base increasing due to branching, merger, or acquisition A large and growing customer base in a wide and diverse geographic area Product / Account Type Inherent Risk Limited or no private banking, trust or asset management accounts Limited domestic private banking, trust or asset management services Significant domestic and international private banking, trust or asset management services Transactional Inherent Risk Limited number of funds transfers, third party transactions, and foreign fund transfers Moderate number of funds transfers, limited international funds transfers with typically lower risk countries Large number of funds transfers incl. noncustomers, PUPID transactions and high risk jurisdictions Geography Inherent Risk No transactions with high risk jurisdictions Limited transactions with high risk jurisdictions Significant volume of transactions with high risk jurisdictions 2 aspects: Information sharing Policy shifts as gov’t link to international economy
Residual risk illustration High Medium Low Weak Moderate Strong Final AML Controls Assessment Final Inherent Risk Assessment
Establish detailed policies, procedures, and controls Policies and procedures should be written, up to date and reviewed and approved by Board of Directors or other authority Policies and procedures should cover all products and services Policies and procedures should be commensurate with levels of compliance risks Policies and procedures should be implemented Policies and procedures must be effective! 2 aspects: Information sharing Policy shifts as gov’t link to international economy
Know Your Customer (“KYC”) KYC is the basic tenet of an effective AML compliance program KYC procedures help protect the institutions good name KYC is an essential part of sound risk management KYC procedures should articulate customer acceptance standards KYC provides the basis for identifying unusual or suspicious activity 2 aspects: Information sharing Policy shifts as gov’t link to international economy
Commit sufficient resources to compliance Senior management is responsible for establishing an effective compliance function The compliance executive should be a member of senior management The board and senior management is responsible for ensuring the compliance function has the resources to carry out its responsibility effectively The compliance function should establish an annual compliance plan 2 aspects: Information sharing Policy shifts as gov’t link to international economy
Customize employee training Education is essential in managing compliance risks Training should be based on a formal training needs assessment Training should be tailored to the institution’s risk profile Leading practice is to train all employees at least annually The board and senior management should also receive compliance training 2 aspects: Information sharing Policy shifts as gov’t link to international economy
File required regulatory reports Reports establish a paper trail for criminal investigations Regulatory reporting has been highly useful in warding off criminal prosecutions Regulatory reports must be accurate and filed timely 2 aspects: Information sharing Policy shifts as gov’t link to international economy
Test your compliance program regularly It is important to independently assess the effectiveness of the compliance program Leading practice is to test the program annually The scope of testing should include all products and services A written report summarizing the findings should be provided to senior management and the board Compliance deficiencies should be logged and tracked to resolution 2 aspects: Information sharing Policy shifts as gov’t link to international economy
Most common compliance weaknesses Insufficient resources dedicated to compliance Inadequate KYC procedures Employees have not received relevant compliance training Unqualified compliance staff Failure to identify and periodically monitor high risk accounts or activity Lack of automated transaction monitoring procedures Poor record keeping Failure to file timely and accurate required regulatory reports 2 aspects: Information sharing Policy shifts as gov’t link to international economy
Deloitte Financial Advisory Services LLP Frederick E. Curry III Principal Deloitte Financial Advisory Services LLP 555 12th Street, Suite 500 Washington, DC 20004-1207 +1 202 378-5171 fcurry@deloitte.com This publication contains general information only and Deloitte Financial Advisory Services LLP is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte Financial Advisory Services LLP shall not be responsible for any loss sustained by any person who relies on this publication.
About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. Copyright © 2011 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited 14