Detecting Suspicion General Approach to Detecting Suspicion in the Financial Industry Kevin Whelan Resident Advisor, EAG Office of Technical Assistance US Department of Treasury
FATF Recommendations Recommendation 11 Financial institutions should pay special attention to all complex, unusual large transactions, and all unusual patterns of transactions, which have no apparent economic or visible lawful purpose. The background and purpose of such transactions should, as far as possible, be examined, the findings established in writing, and be available to help competent authorities and auditors. Recommendation 13 If a financial institution suspects or has reasonable grounds to suspect that funds are the proceeds of a criminal activity, or are related to terrorist financing, it should be required, directly by law or regulation, to report promptly its suspicions to the financial intelligence unit (FIU).
Two Basic Types of Suspicion Type A (Recommendation 11): Activities and behaviors that are not reasonable and expected for particular customers, customer accounts, or transactions. Type B (Recommendation 13): Activities and behaviors that are consistent with illegal activity, indicators of illegal activities, or typologies for illegal activity, or activities and behaviors that are simply suspicious even in the absence of established indicators or typologies These types are not mutually exclusive Both types should be actively detected by reporting entities.
Type A Suspicions Need to establish expectations for normal behavior. Customer Due Diligence (CDD) is critical At account opening Over time through account monitoring Rely heavily on knowledge of customers and being able to establish customer profile Know Your Customer (KYC) Risk Based Activities and behaviors need to be monitored Deviations from transactional patterns should be detected and explained Failure to adequately explain should be grounds for suspicion. Deviations from normal behavior need to be detected
Type A—Example 1 Customer opens personal account and declares profession to be government employee. Over a period of one year regular deposits are made corresponding to government salary. Average balance remains constant. Suddenly several large deposits are made into the account by the owner and others, followed by wire transfers to foreign accounts Customer explains that he is purchasing foreign property Sources of deposited funds are not adequately explained Automated monitoring system flags transactions as deviating significantly from the norm and forwards an alert to the compliance officer
Type A—Example 1 The facts as presented are plausible, but suspicious The client has deviated significantly from normal activity based on his individual profile The bank compliance officer should investigate further and consider filing a suspicious activity report
Type A—Example 2 The bank holds accounts for several small retail grocery shops. These shops collectively have an identifiable pattern of activity Regular cash deposit activity that correlates with consumer purchasing patterns (e.g. higher sales before weekends and holidays) Monthly payments to wholesalers, suppliers, landlord, utilities providers, etc. One shop deviates significantly from this industry pattern Cash deposits deviate from the pattern in terms of size and regularity Also significant amount of non-cash deposits Payments also deviate from pattern Account makes unexplained use of wire transfers to foreign accounts
Type A—Example 2 (cont) Again, it is plausible that this firm simply uses a different business model. However … The client has deviated significantly from normal activity based on an industry profile The compliance officer should investigate and consider filing a suspicious activity report
Type B Suspicions Knowing the customer is still important. ‘Red Flag’ indicators also important Describe situations that require additional scrutiny Many red flags rely on knowledge of customer and so are related to Type A Most red flags are indicators of possible criminal behavior
Type B Suspicions (cont.) Some basic examples: At Account Opening False, misleading, or inconsistent statements at account opening Desires for products that don’t make economic sense for the type of account and activity Overly curious about banks specific internal policies and practices During account exercise Use of multiple accounts with no clear economic purpose Patterns of transactions that appear designed to avoid reporting (More later)
Example of Type B Multiple accounts share same address but different account owners All declared as retail-level businesses to explain cash generation Cash deposits below mandatory reporting limits made into accounts in highly correlated manner (e.g. same day, or consecutive days) Wire transfers made to single offshore foreign account soon after deposits Indicators: Probable use of straw men (proxies) Probable structuring of deposits Lack of legitimate economic purpose Rapid transfer to consolidation account in offshore jurisdiction
More FATF Recommendations for Financial Institutions Customer due diligence and record-keeping (Recommendations: 4, 5, 6, 7, 8, 9, 10, 11, 12) Reporting of suspicious transactions and compliance (Recommendations: 13, 14, 15, 16) Other measures to deter money laundering and terrorist financing (Recommendations: 17, 18, 19, 20) Measures to be taken with respect to countries that do not or insufficiently comply with the FATF Recommendations (Recommendations: 21, 22)2122 Regulation and supervision (Recommendations: 23, 24, 25)232425
Summary of Recommendation 5 No anonymous accounts or accounts in obviously fictitious names Risk-based due diligence measures, including identifying and verifying the identity of their customers, when: establishing business relations; carrying out occasional transactions: (i) above the applicable designated threshold; or (ii) that are wire transfers in the circumstances covered by the Interpretative Note to Special Recommendation VII; there is a suspicion of money laundering or terrorist financing; or the financial institution has doubts about the veracity or adequacy of previously obtained customer identification data. Due diligence includes: Identifying and verifying customer and/or beneficial owner Understanding purpose and nature of proposed business relationship Ongoing monitoring of relationship and transactions
Where are the Risks? Risky Customers Those with high net worth PEPs may be considered high risk So might be their relatives Those in risky professions/industries Charities Those who are of risky national/geographic origin Those without adequately explained sources of wealth/income Those whose identity is not convincingly established Those whose stated purpose for establishing a relationship with the bank is not fully convincing Those who match ‘red flag’ indicators
Where are the Risks? Risky Products/Services Wire transfer Certain types of loans Trust services Private Banking Trade Financing Correspondent Banking
Where are the Risks? Risky Transactions Large cash transactions Transactions to offshore jurisdictions Other transactions that match ‘red flag’ indicators
Where are the Risks? Risky Locations Countries without adequate AML/CFT regulation Jurisdictions known to be involved in the narcotics trade Countries in which the production or transportation of illegal drugs may be taking place Bank Secrecy Havens Countries identified in FinCEN advisories or the advisories of other countries Money laundering countries and jurisdictions identified in the US Department of State’s annual International Narcotics Control Strategy
Profiling Customer Risk How? By who they are By the products they use By the transactions they make By where they are When Account Opening When conducting transactions Periodically when updating customer information High risk customers should get extra scrutiny at account opening and when conducting transactions
Recommendation 15 Recommendation 15 Financial institutions should develop programs against money laundering and terrorist financing. These programs should include: a) The development of internal policies, procedures and controls, including appropriate compliance management arrangements, and adequate screening procedures to ensure high standards when hiring employees. b) An ongoing employee training program. c) An audit function to test the system.
Compliance Plan Should include the following: Internal policies, Procedures, and Controls Definition of roles and responsibilities Compliance Officer role, in particular Internal Audit function Training function Should be designed for effectiveness given the characteristics of the bank (there is not one size that fits all) Should be designed to implement local AML/CFT laws and regulations Plan should be in writing, regularly reviewed, and put into practice. Should be approved by Board of Directors
Ongoing Training At a minimum staff should be trained to: Understand the bank’s Compliance Plan Understand specific risks and red flags associated with customers, products, and transactions in their area of work Understand the concept of suspicion Understand the internal reporting procedure for suspicions Understand legal provisions against unauthorized disclosure of reporting activity Understand safe harbor provisions of the law Understand potential penalties under the law Training should be a tool for changing the culture of compliance of bank staff
Internal Audit/Control Can be based on regulatory exam procedures For example, exam procedures by US regulators are published on their webs site Should include transaction testing Are suspicious transactions really being identified and reported? Should assess employee’s knowledge Do they know what they are supposed to? Are they applying that knowledge? Are they following the policies and procedures? Should detect possible internal complicity in evading AML controls
Typical CDD/Monitoring Strategies Large Bank Strategy (capital intensive) Focus on policies and procedures Invest in automated systems Risk oriented Testing and monitoring of the system itself Small Bank Strategy (labor intensive) Less emphasis on policies and procedures Focus on testing of transactions and records Much more hands-on emphasis
Role of Technology What Technology Cannot Do: Cannot substitute for training Cannot create a compliance culture nor implement standards of integrity and ethical behavior Cannot replace the human element, especially when dealing with the human element Cannot be an excuse for failing to detect abuse What Technology Can Do: Reduce Compliance Costs In record keeping, for example Manage and analyze large amounts of information Enhance sharing of information Assist in the case management process
Technology Risk Management Software Designed both for regulatory compliance and protection of reputation Software can be configured to highlight suspicious transactions of both Type A and Type B Those transactions which don’t match the normal patterns for the individual or legal entity Those transactions which match a known pattern of financial crime Can assist in manual investigation of highlighted transactions Can automate reporting requirements Can automate record keeping requirements Rare that these technologies are used in developing economies Expensive Work in conjunction with sophisticated automated transactions processing systems Many banks in developing economies can’t justify the expense Still possible to do same things at low cost Identification Software Watch List Matching (e.g. UN List)
Most Important Considerations for Detecting Suspicion Suspicious activities are not always difficult to detect. But … You Have to look for Suspicion! You have to make investments into training and systems You have to monitor the systems and ensure they are working You have to work with the FIU and others to ensure that the latest typologies are known to you You have to see suspicion when it is there Consider the definitions Don’t be too willing to rationalize what you see Encourage employees to report what they see to the compliance officer Do not discourage employees from reporting … no penalties, no fear! You have to act upon suspicion that you see Have courage Have confidence in yourself and the FIU File a complete SAR