Presentation is loading. Please wait.

Presentation is loading. Please wait.

Agenda Overview Current Environment

Published byCharity Casey Modified over 9 years ago

Similar presentations

Presentation on theme: "Agenda Overview Current Environment"— Presentation transcript:

0 AML Compliance Requirements

1 Agenda Overview Current Environment
Prevalent Practices for an AML Compliance Program Questions and Answers

2 Overview

3 “In every war we have fought, bankers have been on the front lines
“In every war we have fought, bankers have been on the front lines. And you are on the front lines today. Make no mistake about that.” “It is clear that what was good enough in the past may not be good enough now. The stakes are much, much higher than ever before.” “Clearly, the times have changed--for banks and for regulators--and a ‘business-as-usual’ approach is not going to be sufficient to meet the challenges at hand.” Daniel P. Stipano Acting Chief Counsel Office of the Comptroller of the Currency

4 Heightened Regulatory Scrutiny
New rules for enforcement actions New interagency Bank Secrecy Act (“BSA”) examination manual Newly-articulated supervisory risk focus New government initiatives underway

5 Implications Enhanced scrutiny of AML compliance by bank regulators and prosecutors Examinations more intense and detailed General, targeted and horizontal exams Past exams not indicative of future exam rating Rating declines from 1 or 2 to 3 or 4 The trend for FinCEN and bank regulators is monetary penalties as well as informal or formal actions Forward Look Look Back (Transaction Review, i.e., back-filing CTRs and/or SARs) If CTR/SAR systems and controls are deemed deficient, a financial institution can be required to go back in time and reconstruct transactions, typically with the “assistance” of a third party, for reporting purposes Can be burdensome and expensive Late-filing is useful in theory, but in reality, late-filing appears punitive

6 Impact Well over 100 formal public enforcement and informal actions in the last few years Regulatory fines have been assessed, in some public actions, ranging from several million to $50 million Pace of recent enforcement actions appears similar to 2004 and 2005

7 Reasons for Enforcement Actions
Recent public/non-public enforcement actions are mainly the result of governance, process and testing failures Lack of management oversight and accountability Failure to meet reporting requirements Failure/Absence of key control activities Inadequate risk assessment Inadequate/Ineffective monitoring functions Failure to conduct due diligence on clients Inadequate communication of information Failure to respond to previous criticism Concealing information from examiners

8 Potential Consequences
Unsatisfactory management or composite rating jeopardizes status of parent as a “FHC” and conduct of non-banking businesses Unsatisfactory rating/enforcement action derails bank acquisitions Expansion of current activity/M&A activity is dependent: Being well managed (at least a satisfactory rating) Being well capitalized Having a satisfactory CRA rating Must have an effective AML program (Section 327 of USA PATRIOT Act allows regulators to restrict a BHC/financial institution ability to complete M&A/expand If under an AML enforcement action, generally barred from M&A and/or expansion activities until it is lifted Coupled with use of bank by money launderers, compliance inadequacies may be basis for criminal charges against bank Involvement in money laundering can trigger the forfeiture of bank charter or FDIC insurance

9 Additional Thoughts Do Not Rest on Your Laurels
A past history of satisfactory BSA exams does not mean your program will be satisfactory today or going forward. Examinations are more rigorous, every program element is subject to heightened scrutiny. Consequently, weaknesses that may not have been identified in earlier exams may surface. Even if your institution is not subject to regular BSA exams, the expectation of prosecutors must also be taken into account. If transactions involving money laundering occur through your institution, prosecutors will take into account whether you have a robust AML/BSA program. Where are you in your peer group? Many institutions not yet subject to formal requirements, e.g., SAR filings, have implemented these program elements as a “best practice”.

10 Current Environment

11 Current Environment - Overall
Regulatory Requirement Bank Broker-Dealer Insurance Company Investment Company Investment Advisor OFAC Applicable Cash Activity (CTRs) (Form 8300) AML Program (Section 352) Applicable (effective May 2, 2006) Applicable – Mutual Funds; Proposed – Unreg funds Proposed SARs Proposed for Mutual Funds; TBD for Unreg funds TBD

12 Current Environment - Overall
Regulatory Requirement Bank Broker-Dealer Insurance Company Investment Company Investment Advisor CIP (Section 326) Applicable TBD Applicable – Mutual Funds; TBD - Unreg Funds Information sharing (Section 314(a)) Applicable – Mutual Funds**; Proposed – Unreg Funds Information sharing (Section 314(b)) Applicable (effective May 2, 2006) Applicable – Mutual Funds; Proposed – Unreg Funds

13 Current Environment - Overall
Regulatory Requirement Bank Broker-Dealer Insurance Company Investment Company Investment Advisor Special Measures (Section 311) Applicable TBD EDD for Correspondent/ PB Accounts (Section 312) Prospectively for New Accounts – Applicable 4/4/06; Retrospectively for Accts Established Prior to 4/4/06 – 10/2/06 Applicable - Mutual Funds Prospectively for New Accounts – Applicable 4/4/06; Retrospectively for Accts Established Prior to 4/4/06 – 10/2/06; Not Currently Applicable - Unreg Funds Not Currently Applicable Shell Banks (Section 313/319) Currently Not Applicable AML Record (Section 327)

14 Current Environment – Trust Companies
Regulatory Requirement Trust Companies that are Federally Functionally Regulated Trust Companies that are Not Federally Functionally Regulated OFAC Applicable Cash Activity (CTRs) AML Program (Section 352) Not Currently Applicable SARs

15 Current Environment – Trust Companies
Regulatory Requirement Trust Companies that are Federally Functionally Regulated Trust Companies that are Not Federally Functionally Regulated CIP (Section 326) Applicable Information sharing (Section 314(a)) Not Currently Applicable Information sharing (Section 314(b))

16 Current Environment – Trust Companies
Regulatory Requirement Trust Companies that are Federally Functionally Regulated Trust Companies that are Not Federally Functionally Regulated CIP (Section 326) Applicable Information sharing (Section 314(a)) Not Currently Applicable Information sharing (Section 314(b))

17 Current Environment – Trust Companies
Regulatory Requirement Trust Companies that are Federally Functionally Regulated Trust Companies that are Not Federally Functionally Regulated Special Measures (Section 311) Applicable Not Currently Applicable EDD for Correspondent/ PB Accounts (Section 312) Prospectively for New Accounts – Applicable 4/4/06; Retrospectively for Accts Established Prior to 4/4/06 – 10/2/06 Shell Banks (Section 313/319) AML Record (Section 327)

18 Current Environment (cont’d)
Changing Regulatory Approach AML risk management plays key role in corporate governance and independent monitoring functions Continued shift by regulators to risk based supervisory approach More reliance on bank’s own monitoring and senior management assertions “Top down” approach to assess compliance and compliance testing

19 Current AML Environment (cont’d)
Regulatory scrutiny has led to: Defensive filing of Suspicious Activity Reports (“SARs”) Need to enhance AML programs Increased costs of compliance, including responding to regulatory actions Departures from the market Difficulties in managing global clients

20 Risk-Based Expectations for AML
Industry should adopt sound risk management to: Better identify risk Better direct resources Better safeguard the organization Examiners will tailor examination scope to the risk profile of bank

21 Information for Decision Making Enterprise Risk Management Process
Compliance Risk Management POLICY Risk Definition Risk Principles Risk Appetite Risk Governance Model Authorities Information for Decision Making Enterprise Risk Management Process PLAN Risk Strategy Strategic Planning Resource Planning New Product Approvals EVALUATE Monitor Risk Management Reporting to Board Annual Board Assessment Relevant Reporting Entities: Credit Interest Rate Market Liquidity Operational Compliance Legal Strategic Reputation Mitigate Measure & Report Assess Identify FHC Bank: - Retail Objectives - Wholesale Aggregation & Performance Nonbank Subs. Relevant Risk Categories: Compliance Function Corporate Compliance Regional Compliance Business Unit Compliance Relationship with Internal Audit Compliance Elements Roles and Responsibilities Organizational Structure Policies and Procedures Training Testing Management Reporting External Factors Banking Laws and Regs Examination Handbooks Regulatory Bulletins Enforcement Actions Industry Practices

22 Prevalent Practices for an AML Compliance Program
Thanks Bill and good afternoon everyone. Michael and Bill have provided an overview of the current regulatory environment, the need to have an effective AML program and the consequences that result from having an inadequate program. Given the zeal of the regulators and the potentially significant negative reputational, operational and financial impact of an AML exam that uncovers weaknesses, control deficiencies and/or matters requiring management attention - I am going to focus on AML best practices to assist you in refining or establishing an AML program that meets and/or exceeds regulatory expectations. Like Bill I am going to focus on the banking industry as my benchmark for describing these best practices given that they are the furthest along the AML regulatory lifecycle. I believe though, that all financial institutions currently subject to AML requirements should at least be in the process of implementing these practices. Those financial institutions not yet subject to AML requirements ought to at a minimum be thinking about the business ramifications of implementing these processes and should seriously be considering developing a plan to address these issues. NEXT SLIDE PLEASE

23 Overview Reputation Reputation: The Most Valuable Intangible Asset
Compliance: Acting According to Regulatory Requirements and Expectations Reporting - CTRs - SARs - 314(a) - Board/Sr Mgt Training CIP/ CDD / EDD and Risk Assessment OFAC USA PATRIOT Act Requirements BSA Requirements Spirit of the Law Foundation of the Organization Formal Policy Statements: Mission, Vision, Values Governance/Culture of Compliance Organizational Structure Processes and Procedures Independent Testing

24 Eight Key AML Requirements
1. Governance Board and senior management are responsible for ensuring effectiveness of the compliance program (“Culture of Compliance”) Need to be actively involved; set “tone at the top” Participate in setting AML risk tolerances Approve policy and assist in establishing appropriate controls Receive AML awareness training/education Receive and review reports (e.g., AML risk trends and how risk is managed) to increase transparency Establish AML Committee to provide guidance and leadership on significant AML compliance issues Increasingly held to a higher standard Let’s start with Governance because to me it is the most critical factor Board and senior management commitment must be present in order for a financial institution to have a successful AML program The board and senior management need to adopt a DO AS I SAY AND DO AS I DO ATTITUDE – what I mean by that is they: Must participate in training and awareness sessions to stay up to date on significant changes to the Bank’s AML policy, initiatives, structure and other AML related matters They must receive reports – in addition to AML regulatory examination and independent audit reports – should receive additional reports on a regular basis Such as volumes and trends of currency transaction, suspicious activity and wire transfer activity as well as transactions with high risk customers and geographies in order to monitor AML activities and risk -They Bank Secrecy Act Officer must have direct contact and involvement with the Board -The Board must be kept apprised of AML industry risk trends (e.g., CTRs, SARs, enforcement actions, regulatory guidance) -They have to signed off on the AML policy not only at its inception but at least annually thereafter -They should established an AML Oversight Committee comprised of personnel from various areas including Legal, Compliance, Corporate Security and significant business as well as operational units. Internal Audit should also be involved in an advisory or nonvoting capacity Finally, Boards and Sr Mgt are being held to a higher standard by their regulators as well as their shareholders -lawsuits have been filed against bank boards and senior mgt for lack of fiduciary responsibility when enforcement actions have been issued and civil money penalties assesses for failure to effectively implementing an adequate AML program NEXT SLIDE PLEASE

25 “A culture of compliance should establish – from the top of the organization – the proper ethical tone that will govern the conduct of business. In many instances, senior management must move from thinking about compliance as a cost center to considering the benefits of compliance in protecting against legal and reputational risks that can have an impact on the bottom line.” Governor Susan Schmidt Bies Board of Governors of the Federal Reserve System

26 “Examiners expect to find certain core principles of risk management including, top level involvement, clear responsibilities at each level of management, independence of risk controls, strong well-developed systems and effective monitoring and reporting.” Mary Ann Gadziala Associate Director, OCIE

27 Eight Key AML Requirements
2. Risk Assessment Risk identification, measurement and monitoring Assess at a business and customer level the degree of money laundering and/or terrorist financing risk. Stratify the customer base in an effort to identify monitor those customers that pose a heightened money laundering risk.

28 Eight Key AML Requirements
3. Comprehensive Program Policies, procedures and internal controls Clearly delineate AML roles and responsibilities of management, staff as well as functions (e.g., internal audit, compliance, etc.) Define regulatory requirements (inventory of applicable laws/regulations Communication/Roll-out/Employee sign-off Annual review and update Organizational Structure and Staffing Designation of an AML officer; senior person with requisite skills and direct access to Board of Directors Independent Structure/Reporting lines Designate an adequate staff Focus on business accountability With regard to a comprehensive program - a key activity that should be performed is to Define your Institution’s Regulatory Requirements - whether or not you have policies and procedures already in place – it is an effective way to show the Board, sr mgmt, internal audit and employees as well as your regulators that you have assessed and understand which AML laws and regs are applicable to your institution. The regulatory requirements matrix reflects AML laws and regs and your instit business units/support functions and were the two intersect. This not only assists in developing your policies and procedures but will also assist in building your testing programs which I’ll discuss in more detail later on. Most institutions have developed an AML policy because it is one of the basic requirements of an AML program, however, many institutions have not effectively communicated and rolled-out the policy often it is not disseminated to appropriate business units or affected employees (what I mean by affected employees are those who deal directly/indirectly with customers and/or money movements). These individuals are not required to sign-off that they have read, understand and will comply with the policy Another area were the AML policy typically falls short is in defining AML roles and responsibilities of all employees – from the Board down to Line Personnel The policy needs to be supported by AML Program (some institutions bake the AML program into the policy while others separate them) Business Unit Procedures -each business unit has their own procedures including CIP – these documents are typically signed of by sr business personnel as well as the AML Officer Designation of AML Officer Select someone who is senior enough to interact with the Board and has the respect of the business lines; if the person is a junior level the regulators as well as your employees will not think you are serious about AML compliance. Be sure to provide the right level of authority and reporting lines – typically reports into the board or a committee thereof alternatively it often reports to the chief risk officer or general counsel. Many institutions that have come under regulatory scrutiny do not have the AML Officer sign off on all SARs that are filed but I would strongly recommend it. It assists in making sure the SAR is complete, accurate and timely and tends to make them more consistent Next Slide Please

29 Eight Key AML Requirements
4. Comprehensive Program Training Establish general/customized (specialized) AML training Identify affected employees and establish mechanism to track participation Train all “affected employees” at a minimum “Train the Trainers” Testing Regulators looking for three-pronged approach: 1) Business unit self-assessment 2) Compliance testing 3) Internal audit Risk based monitoring, surveillance and testing Testing of automated systems Reporting and tracking of deficiencies General Training - typically provided to all employees – assists in providing a baseline of knowledge Customized training - typically provided to those business units or individuals who are affected again meaning those units or individuals who deal directly/indirectly with customers and/or money movements) – the training is specifically geared to their activities - for example the AML requirements, red flags etc. encountered by the wire room is going to be very different than those encountered by sales folks or relationship managers and as such AML training needs to be customized to meet their specific needs. Compliance Training – typically includes internal as well as external training in order to keep abreast of current trends, regulatory expectations, changes to regulatory requirements, industry practices. Train the Trainer KEEP Records of Attendance as well as any tests that must be taken and passed Testing 3 pronged approach – business unit self assessment; compliance testing and internal audit Horizontal vs Vertical Reviews – Bank regulators Next Slide Please

30 Eight Key AML Requirements
5. Know Your Customer (KYC) KYC Determine the nature and level of expected transaction activity, source of funds, purpose of account, etc. Understand customer and expected activity in order to identify and monitor for unusual activity Establish electronic KYC databases for business and personal customers and automate “call reports” Customer Identification Program (CIP) Develop and maintain for each business unit written procedures tailored to the AML risks presented by the products, services, customers, delivery channels, etc. Enhanced Due Diligence (EDD) Identify circumstances when it becomes necessary to perform EDD as well as the level of review to be undertaken by customer category and/or risk level

31 Eight Key AML Requirements
6. Reporting CTR Ability to identify, aggregate and report in a timely fashion cash activity on bank-wide basis SAR Ability to detect, escalate, monitor, report (as necessary) and document ultimate resolution of unusual activity Assess cash, wires, monetary instruments, at a minimum OFAC Adopt an internal “watch list” Screen customers, wires, charitable contributions, vendors and employees against SDN List at initiation/when list is updated Section 314(a) Requests General Periodic reporting to the Board Well defined escalation process Corrective action tracking The inability to provide accurate, timely and complete CTRs and SARs have been the main reason that financial institutions have been placed under public and non-public enforcement actions – from a regulatory perspective these are considered to be fundamental … to use a football analogy these are the basic blocking and tackling that need to occur in order to be successful. The OCC has recently issued guidance that states Other important aspects include…

32 Eight Key AML Requirements
7. Human Resources Incorporate AML Compliance into Employee Performance Measurement Consider establishing a “Whistleblower” process Require Employees to sign-off that they have read, understood and will comply with the AML Policy “We must all hang together, or assuredly we shall all hang separately.” — Benjamin Franklin Now I will turn it back to Michael

33 Eight Key AML Requirements
8. Continuous Maintenance, Assessment and Refinement Now I will turn it back to Michael

34 “An enterprise-wide compliance-risk management program should be dynamic and proactive, meaning it constantly assesses evolving risks when new business lines or activities are added or when existing activities are altered. To avoid having a program that operates on “autopilot,” an organization must continuously reassess its risks and controls and communicate with its business lines. An integrated approach to compliance-risk management can be particularly effective for Bank Secrecy Act and anti-money-laundering (BSA/AML) compliance. … Controlling BSA/AML risk continues to be a primary concern for banking organizations.” Governor Susan Schmidt Bies Board of Governors of the Federal Reserve System

35 Contact Information Peter Fitzgerald Principal Deloitte & Touche LLP

36 This presentation and related discussion hereon are intended to provide general information on the particular subject and is not an exhaustive treatment of the subject. Accordingly, the information in this document is not intended to constitute professional advice or services. Before making any decision or taking any action that might affect your personal or professional interests, you should consult a qualified professional advisor. About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, its member firms and their respective subsidiaries and affiliates. Deloitte Touche Tohmatsu is an organization of member firms around the world devoted to excellence in providing professional services and advice, focused on client service through a global strategy executed locally in nearly 150 countries. With access to the deep intellectual capital of 120,000 people worldwide, Deloitte delivers services in four professional areas, audit, tax, consulting and financial advisory services, and serves more than one-half of the world’s largest companies, as well as large national enterprises, public institutions, locally important clients, and successful, fast-growing global growth companies. Services are not provided by the Deloitte Touche Tohmatsu Verein and, for regulatory and other reasons, certain member firms do not provide services in all four professional areas. As a Swiss Verein (association), neither Deloitte Touche Tohmatsu nor any of its member firms has any liability for each other’s acts or omissions. Each of the member firms is a separate and independent legal entity operating under the names “Deloitte”, “Deloitte & Touche”, “Deloitte Touche Tohmatsu” or other related names. In the US, Deloitte & Touche USA LLP is the US member firm of Deloitte Touche Tohmatsu and services are provided by the subsidiaries of Deloitte & Touche USA LLP (Deloitte & Touche LLP, Deloitte Consulting LLP, Deloitte Financial Advisory Services LLP, Deloitte Tax LLP and their subsidiaries), and not by Deloitte & Touche USA LLP. The subsidiaries of the US member firm are among the nation's leading professional services firms, providing audit, tax, consulting and financial advisory services through nearly 30,000 people in more than 80 cities. Known as employers of choice for innovative human resources programs, they are dedicated to helping their clients and their people excel. For more information, please visit the US member firm’s web site at © 2006 Deloitte Development LLC. All rights reserved.

Download ppt "Agenda Overview Current Environment"

Similar presentations

Organizational Governance

Organizational Governance
Seven sound practices Understand the quantity of money laundering risk at your organization Confirm that policies, procedures, and controls address all.

Seven sound practices Understand the quantity of money laundering risk at your organization Confirm that policies, procedures, and controls address all.
Auditing, Assurance and Governance in Local Government

Auditing, Assurance and Governance in Local Government
The Corporate Laws Amendment Bill, B6/2006. © 2006 Deloitte Touche Tohmatsu Corporate Laws Amendment Bill, B6/2006 – 29 May 2006 Introduction Presenting.

The Corporate Laws Amendment Bill, B6/2006. © 2006 Deloitte Touche Tohmatsu Corporate Laws Amendment Bill, B6/2006 – 29 May 2006 Introduction Presenting.
1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.

1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.
Investments Institute of Insurance and Risk Management (IIRM) Hyderabad, India 15 November 2005 Arup Chatterjee – Advisor International Association of.

Investments Institute of Insurance and Risk Management (IIRM) Hyderabad, India 15 November 2005 Arup Chatterjee – Advisor International Association of.
1 Financial Crimes Enforcement Network “FinCEN” Anna Fotias Senior Regulatory Compliance Specialist Office of Regulatory Policy 202-354-6400

1 Financial Crimes Enforcement Network “FinCEN” Anna Fotias Senior Regulatory Compliance Specialist Office of Regulatory Policy
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Anti-Money Laundering and OFAC Compliance for Transfer Agents SSA Annual Conference July 25, 2008.

Anti-Money Laundering and OFAC Compliance for Transfer Agents SSA Annual Conference July 25, 2008.
Charles E. Constantin Director, Senior Bank Regulatory Compliance Officer Royal Bank of Canada, RBC Capital Markets Institute of International Bankers.

Charles E. Constantin Director, Senior Bank Regulatory Compliance Officer Royal Bank of Canada, RBC Capital Markets Institute of International Bankers.
1 Supplement to the Guideline on Prevention of Money Laundering Hong Kong Monetary Authority 8 June 2004.

1 Supplement to the Guideline on Prevention of Money Laundering Hong Kong Monetary Authority 8 June 2004.
Pricing for value Tom Friedman, Principal Deloitte Consulting LLP Global Consulting Leaders Symposium December 5–7, 2007.

Pricing for value Tom Friedman, Principal Deloitte Consulting LLP Global Consulting Leaders Symposium December 5–7, 2007.
Caribbean Indigenous Banks Anti-Money Laundering Survey

Caribbean Indigenous Banks Anti-Money Laundering Survey
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit
1 Copyright © 2006 Deloitte Development LLC. All rights reserved. The Case ABC Molecular Imaging is seeking an Investment Bank to advise them on the sale.

1 Copyright © 2006 Deloitte Development LLC. All rights reserved. The Case ABC Molecular Imaging is seeking an Investment Bank to advise them on the sale.
TELLEFSEN AND COMPANY, L.L.C. SEC Regulation SCI and Automation Review Policy Compliance March 2013 Proprietary and Confidential.

TELLEFSEN AND COMPANY, L.L.C. SEC Regulation SCI and Automation Review Policy Compliance March 2013 Proprietary and Confidential.
“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.

“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.
1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.

1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.
V. Conferencia Internacional Antilavado de dinero y Contra el Financiamiento al Terrorismo Anti-Money Laundering Compliance for Broker/Dealers Current.

V. Conferencia Internacional Antilavado de dinero y Contra el Financiamiento al Terrorismo Anti-Money Laundering Compliance for Broker/Dealers Current.

Similar presentations

Ads by Google