combating money laundering: how well are you managing your

Combating Money Laundering: How Well are You Managing your Company’s Risk?

John Farrell

SVP Financial Services.

CGI

James Fried

Assistant Treasurer

TIMEXGROUP

2

Today’s regulatory environment mandates that

companies (and individuals) know:

• Who they are doing business with, including

eventual third parties where their products or

services may end up

• Where their goods and services are being

delivered

• What products, services or intellectual property

they are providing

Who, Where, What…..

3

• OFAC

• SDN

• FinCen

• FAFT

• PATRIOT ACT

• FCPA

• ………..

All persons and entities must comply –ignorance is no excuse!

An alphabet soup of regulations and agencies

4

• So far this year, OFAC alone has imposed

$623,000,000 in enforcement actions

(almost all of these ended up reported in the press)

• Financial Institutions are by far the most

penalized target, but manufacturers,

distributors and service companies

outweigh banks in the number of actions

• The SDN list currently has over 5,000 entries

and is updated frequently

What is the potential liability?

5

Technology plays a large role

• It has to, due to large transaction volumes

• They check (or should check) all of the financial transactions you initiate against:

− Published List

− Suspicious Activities

• Very complex algorithms and “fuzzy logic” is employed

− Alternate spellings

− Potential abbreviations

− Word proximity

− Ability to interpret Cyrillic and Asian characters

What can we learn from Banks

Even though your bank does these checks, you are not released from liability!

6

A Company must• Investigate and evaluate ALL potential transactions

− Domestic as well as international – 100%

− Responsibility starts at point of inquiry – whether or not transaction is completed

− New as well as old – need review process

• Check against all lists and watch lists− Company name, ownership, officers, directors

− Not just buyer/seller – ALL parties involved

− Check during all phases of the transaction – not just once

• Maintain records – show that you checked!

Know Your Customer (KYC)

7

• Reluctant to give information; evasive; unclear

• Products do not fit the line of business

• Unfamiliar with product use

• Declines routine services (training, maintenance)

• Willing to pay cash when terms would be the norm

• Product incompatible with destination

• Abnormal shipping route

• Freight forwarder is final destination

• Will not supply final destination

KYC: Possible Red Flags

8

• You are required to report suspicious transactions

– “Hits” on lists

– Suspicious activity (red flags?)

– All agency websites have inquiry access (e-mail, phone, fax)

for questions

– You must report even if you know another party has already

done so! Every party has separate responsibility to report!

• To whom?

– To the agency responsible (Treasury, BIS, etc.)

– Reporting instructions are on all websites

• Phone, fax, e-mail, anonymous form

Reporting

9

• For all companies, must address (minimally):

– OFAC

– SDN

– USA PATRIOT ACT

– Know your customer (KYC), and preferably KYCC

– Anti-money laundering

• Companies with int’l business must also address:

– Customs

– Export Regs

– Anti-Boycott

– Foreign Corrupt Business Practices Act

Create and Maintain a Compliance Program

10

Compliance Programs

• Companies must have a

mandatory and written

compliance program in

place for all government

regulations

• Having such a policy will

help if you get into a sticky

situation

11

Elements for Success

• Designate a Compliance officer

– Preferably a senior person (CFO, COO)

– May need others to assist

• Also consider internal or external legal counsel

• Assess the risk

– Determine where areas of exposure are

• High risk countries, industries

• Cash business

• Corporate structure, office locations

12

More Elements

• Assign responsibilities

– Clear rules and procedures

– “Go-to” persons for possible violations

– Record-keeping requirements

• Distribute Regulatory Info to Key Persons

– Including OFAC, SDN lists, money laundering updates,

reg changes, etc.

– Easy to subscribe to free updates from regulatory agencies

13

More Elements

• Training for ALL Employees on Compliance– Cover regulatory basics

– “Go-to” procedures

– Consequences for

non-compliance

– Sign statement that

they understand

– Annual event!

• Constant Communication with employees– Changes, Policy Updates, Seminars

14

More Elements

• Conduct Compliance Audit– Spot checks

• Especially for high-risk areas

– Annual in-depth audit

– Check reporting

15

Non-Compliance• Visits by Federal Agents

• Paperwork/Reports

• IRS Audits

• Fines

• Seizure of Goods, Funds

• Revocation of Export License

• Criminal Penalties

• Civil Penalties

• AND - the law prohibits your employer from paying any of your fines/civil penalties

16

Non-Compliance can:

Cost You Money…

Or Worse!!!

17

Protect Yourself!

• Implement and maintain a compliance policy

• Mandate the completion of a credit app for all transactions

– Add compliance language to credit apps

– Also to PO’s, contracts, any written materials

• Have a trained “go-to” person

– Attorney, senior officer

– Consolidate reporting into one place/one person

• Train ALL employees; train a few intensely

– Keep record of training sessions with sign-in sheets

• Keep written records

• Cooperate with any investigations

18

Last, but not least -

• Automate!!!!!!

• The complexity of compliance has inspired

private development of software/web-based

systems to assist in managing compliance

• Vendors keep up with regs

– Many cross-check up to 14 different lists and

watch lists

• “Canned” or customized versions

19

If you automate:

• Ask about matching / “false hits”

– Lots of names are similar and vendors approach this differently

• Remember to ask about managing existing A/P and A/R databases, not just new inquiries

– The OFAC/SDN lists change

• If you are multi-national, ask about non-US options

• Evaluate web access vs. installed software

– Update issues

20

QUESTIONS

US Government Regulatory Compliance

James A. Fried, CCE

Timex Group USA, Inc.

Today’s Objectives

1. Review of Regulations

2. Your responsibilities

3. Where to get information

4. How to put together a compliance program

5. Horror Stories so you know this is serious

Regulations

Regulations

• Office of Foreign Asset Control (OFAC)

• Specially Designated Nationals (SDN)

• USA PATRIOT Act

• Export Denial Orders

• Anti-Boycott

• Anti-Money Laundering (FinCEN and FATF)

• Customs regulations

• Foreign Corrupt Practices Act

Who is affected by the regs?

• All US citizens and permanent resident aliens, regardless of location

• All persons/entities within the USA

• All USA incorporated entities and their foreign branches

– Special exclusions for “arm’s length” offices

– For certain programs:

– Cuba/N Korea: foreign subs/entities owned or controlled by USA company

Special Exclusions• Arm’s length:

– Subsidiary must have its own officers/board

– No officer or board member may be a US citizen/resident alien

– No employee involved in or having knowledge of transaction may be a US citizen/resident alien

– Profits may not be repatriated to US

• Dividends can be paid

– US entities must be completely blind to transactions

• Do not attempt this without legal counsel

And for added excitement,

• There can be tax consequences, as certain legally permitted activities may have to be reported on tax returns

• IMPORTANT: the regulations are now designed so that violation of one may also trigger violation(s) of other(s) – a “no escape” environment

Office of Foreign Asset Control

• Department of the Treasury

• Identifies countries, activities, generic groups that are prohibited

• Sanctions may be full or partial (limited to certain activities)– Often very difficult to interpret

• Treasury Licenses might be required– Depends on the sanction, and/or goods

classification/type (EAR mostly)

Current OFAC Sanctions

• Balkans

• Burma (Myanmar)

• Cuba

• Diamond Trading

• Iran

• Iraq

• Liberia

• Libya

• Narcotics Trafficking

• Non-Proliferation (Weapons of Mass Destruction)

• North Korea

• Sudan

• Syria

• Terrorists

• Zimbabwe

UN Sanctions

• Do not confuse OFAC with UN Sanctions

• USA sanctions are generally in sync with UN

– Contain slight variations

– Have groupings/categories

– USA has its own unilateral sanctions

• Most other countries – especially industrialized countries – follow UN sanctions

– This can cause confusion

The SDN List

• Specially Designated Nationals

• List of prohibited companies/persons:– Terrorists, drug dealers, money launderers, agents of

OFAC-prohibited entities

• Updated as needed

• Must be checked for ALL parties in a transaction:– Buyer, seller, intermediaries, cargo handling, insurance

co’s, vessel ownership, banks

– Includes owners & officers

USA PATRIOT ACT

• Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act

• Best known/publicized for adjusting the legal processes for wiretapping and privacy as they relate to searching for terrorists

• BUT – also contains many provisions related to the business community

• Act has been revised several times since inception

USA PATRIOT ACT• Know your customer regs:

– ALL companies must have due diligence procedures in place to scrutinize/evaluate all potential and actual business transactions• Includes purely domestic business as well as int’l• Screen every party in transaction against ALL regs• Recordkeeping requirements

– Foreign Banks must be pre-certified with USA banks• Affects all bank-to-bank business: deposit accounts, loans,

risk (I.e., LC confirmations)• Impacts corporate ability to “shop” banks• Slows things down

Export Denial Orders

• Immigration and Customs Enforcement(formerly BIS, formerly BXA)

• Export related; now monitoring pre-export• Know Your Customer requirements

– Red Flag Indicators list

• Also applies to certain types of exports with “dual use”– Technology– Military– Fundamental research

Anti-Boycott

• Protects allies and non-discrimination of the USA

• Primarily, but not solely, applicable to Israel and Middle East

• Watch for prohibited language on contracts, paperwork, PO’s, LC’s or other instruments

• Prohibited language is not intuitive!

Arab League Boycott of Israel

• Common boycott language requires that:

– No Israeli citizen or person of Israeli origin may be employed in any facet of the contract;

– No product or service of Israeli origin be may used to fulfill the contract. • Frequently prohibits use of Israeli carrier, passage

through Israeli port

Current Boycotting Countries

• BAHRAIN

• IRAQ

• JORDAN

• KUWAIT

• LEBANON

• LIBYA

• OMAN

• QATAR

• SAUDI ARABIA

• SYRIA

• REPUBLIC OF YEMEN

• UNITED ARAB EMIRATES

– UAE

– ABU DHABI

– SHARJAH

– AJMAN

– UMM AL-QAIWAIN

– RAS AL KHAIMAH

– FUJAIRH

Lesser known prohibited activities

• Refusing or requiring any other person to refuse to employ

or to discriminate against any U.S. person on the basis of

race, religion, sex or national origin;

• Furnishing information with respect to the race, religion,

sex, or national origin of any U.S. person

Anti-Money Laundering

• FinCEN (Financial Crimes Enforcement Network) and Financial Action Task Force (FATF)

• FATF has a list of countries which do not comply with their 40-point anti-money laundering program

• Transactions not prohibited, but will be flagged by financial institutions and subject to investigation

• FinCEN regs affect financial services– Reporting, forms, deposits, patterns– Which in turn, affects YOU!

Current List

• FATF Non-Complying Countries:

– Myanmar (Burma)

– Nauru

– Nigeria

Customs Regulations• Imports:

– 24 hour rule for Cargo Manifest prior to departure from foreign port

• Exports:– Cargo inspections– 24 hour rule for Cargo Manifest prior to loading– Regs have negatively impacted shipping schedules

• All translates to cash flow changes and higher freight costs!!!

• NOTE: inspections also may apply to pre-export and post-import transactions

Foreign Corrupt Practices Act

• Prohibits US companies from bribing foreign official to initiate or maintain business in that country

• Applies to employees, directors, stockholders, and agents– Cannot authorize another person to do what you

(as US citizen/res. Alien) cannot do directly

• “Foreign Official” includes any employee of a nationalized company

Foreign Corrupt Practices Act

Watch for:

• Country involved

• (corruption index – www.transparency.org)

• Large commissions or fees

• Lump sum invoices

• Split of offshore payments

Websites

• www.treas.gov/ofac– OFAC and SDN

• www.bxa.ntis.gov– KYC, red flags, anti-boycott, denied persons list, export

regulations by industry, licensing info

• www.cbp.gov– Customs regs and forms

• www1.oecd.org/fatf/NCCT_en.htm#List– FATF money laundering watch list

Your Responsibilities

USA Regulatory Compliance

Know Your Customer

• Company must– Investigate and evaluate ALL potential transactions

• Domestic as well as international – 100%• Responsibility starts at point of inquiry – whether or not

transaction is completed• New as well as old – need review process

– Check against all lists and watch lists• Company name, ownership, officers, directors• Not just buyer/seller – ALL parties involved• Check during all phases of the transaction – not just once

– Maintain records – show that you checked!!!

“Know” includes:

• Customary credit information (5 c’s)• Ultimate buyer/seller

– Lots of scrutiny on transactions involving intermediaries

• Ultimate destination/origin of goods• Evidence in writing strongly encouraged

– Credit apps, signed– E-mails or other written correspondence– Copies of website checks (lists/watch lists)– Dates and initials of employee(s) conducting check(s)

It’s NOT Intuitive!!!!

Bay Industries, Santa Monica, CA

Cargo Aircraft Leasing Corp, Ft. Lauderdale, FL

Sports Zone, Houston, TX

Travel Services, Inc, Hialeah, FL

Matrix Churchill Corp, Cleveland, OH

Holy Land Foundation for Relief & Development,

Richardson, TX

Atlas Air Conditioning, London

Vinales Tours, Cancun

Possible Red Flags

• Reluctant to give information; evasive; unclear• Products do not fit the line of business• Unfamiliar with product use• Declines routine services (training, maintenance)• Willing to pay cash when terms would be the

norm• Product incompatible with destination• Abnormal shipping route• Freight forwarder is final destination• Will not supply final destination

Red Flag Indicators

• BXA has great info in its website!!!

– www.bxa.doc.gov – lists to check

– www.bxa.doc.gov/enforcement/knowcust.htm

– http://www.bxa.doc.gov/enforcement/redflags.htm

Reporting

• You are required to report suspicious transactions

– “Hits” on lists

– Suspicious activity (red flags?)

– All agency websites have inquiry access (e-mail, phone, fax) for questions

– You must report even if you know another party has already done so!!! Every party has separate responsibility to report!!!

• To whom?

– To the agency responsible (Treasury, BIS, etc.)

– Reporting instructions are on all websites

• Phone, fax, e-mail, anonymous form

Credit Reports

• For Credit Bureaus, Credit Reporting Agencies, Requestors of Information

• Credit Bureaus can choose to include OFAC/SDN info on credit reports

• If so, they must follow specific guidelines

– That info is similar to info on the OFAC/SDN lists. Cannot state that it is prohibited unless known for certain

– Should direct users to the OFAC brochure

– OFAC cannot remove info from credit report

Compliance Programs

Elements and Implementation

Compliance Programs

• Companies must have a mandatory and written compliance program in place for all gov’t regs

• Having such a policy will help if you get into a sticky situation

Compliance Programs

• For all companies, must address (minimally)

– OFAC

– SDN

– USA PATRIOT ACT

– Know your customer (KYC), and preferably KYCC

– Anti-money laundering

• Companies with int’l business must also address

– Customs

– Export Regs

– Anti-Boycott

– Foreign Corrupt Business Practices Act

Elements for Success

• Designate a Compliance officer

– Preferably a senior person (CFO, COO)

– May need others to assist

• Also consider internal or external legal counsel

• Assess the risk

– Determine where areas of exposure are

• High risk countries, industries

• Cash business

• Corporate structure, office locations

More Elements

• Assign responsibilities– Clear rules and procedures

– “Go-to” persons for possible violations

– Record-keeping requirements

• Distribute Regulatory Info to Key Persons– Including OFAC, SDN lists, money laundering

updates, reg changes, etc.

– Easy to subscribe to free updates from regulatory agencies

More Elements

• Training for ALL Employees on Compliance

– Cover regulatory basics

– “Go-to” procedures

– Consequences for non-compliance

– Sign statement that they understand

– Annual event!

• Constant Communication with employees

– Changes, Policy Updates, Seminars

More Elements

• Conduct Compliance Audit

– Spot checks

• Especially for high-risk areas

– Annual in-depth audit

– Check reporting

Non-Compliance• Visits by Federal Agents

• Paperwork/Reports

• IRS Audits

• Fines

• Seizure of Goods, Funds

• Revocation of Export License

• Criminal Penalties

• Civil Penalties

• AND - The law prevents your employer from paying any of your fines/civil penalties

Non-Compliance can:

Cost You Money…

Or Worse!!!

Protect Yourself!

• Implement and maintain a compliance policy

• Mandate the completion of a credit app for all transactions– Add compliance language to credit apps

– Also to PO’s, contracts, any written materials

• Have a trained “go-to” person– Attorney, senior officer

– Consolidate reporting into one place/one person

• Train ALL employees; train a few intensely– Keep record of training sessions with sign-in sheets

• Keep written records

• Cooperate with any investigations

Last, but not least -

• Automate!!!!!!

• The complexity of compliance has inspired private development of software/web-based systems to assist in managing compliance

• Vendors keep up with regs

– Many cross-check up to 14 different lists and watch lists

• “Canned” or customized versions

If you automate:

• Ask about matching/”false hits”– Lots of names are similar and vendors approach this

differently

• Remember to ask about managing existing A/P and A/R databases, not just new inquiries– The OFAC/SDN lists change

• If you are multi-national, ask about non-US options

• Evaluate web access vs. installed software– Update issues

Possible Vendors

• There are lots, but these are ones with whom I am personally/professionally familiar, in alphabetical order:– Bridger Insight– IBM– Innovative Systems– Nextlinx– Thomson Financial– TradePoint

• Check with others – “live” referrals are best!