anti-money - afma · 2009 international anti-money laundering conference anti-money ... dr peter...

Electronic verification demystified –we talk to the vendors about their products

MISSING IN ACTION – THE SECOND TRANCHE

A REPORT ON MIAMI’S 2009 INTERNATIONAL ANTI-MONEYLAUNDERING CONFERENCE

anti-money launderingCOMBATING MONEY LAUNDERING IN FINANCIAL SERVICES

MAY 2009

PUTTING THE COST-BENEFIT MAGNIFYING GLASS ON AML/CTF –PROFESSOR PETER REUTER GETS SOME ATTENTION AT THE GOVERNMENT’SAML/CTF CONFERENCE 1-2 APRIL 2009

For more information contact

Stephen [email protected]

Georgie [email protected]

Geraldine WilliamsSpecial [email protected]

Shamil SharmaSenior [email protected]

Emma [email protected]

Baker & McKenzie International is a Swiss Verein with member law firms around the world. In accordance withthe common terminology used in professional service organizations, reference to a “partner” means a personwho is a partner, or equivalent, in such a law firm. Similarly, reference to an “office” means an office of anysuch law firm.

Australia

Sydney+61 2 9225 0200Melbourne+61 3 9617 4200

www.bakernet.com

The risks and obligations relatingto money laundering and terrorismfinancing are increasing – are youmanaging them?As the methods used by perpetrators become more diverse andsophisticated, regulators are increasing the obligations on, andmonitoring of, companies providing designated services. In thecurrent global financial crisis the costs of compliance are anincreasing burden, but the costs to your company of non-compliance could be significant. To protect your company’s brandand reputation, and to avoid regulator action and civil claims, yourcompany needs to ensure that it remains compliant with allAML/CTF obligations.

Money laundering and terrorism financing are global problems.Baker & McKenzie’s AML/CTF team, through its network of locallyqualified, globally experienced lawyers operating in 39 countriesand 69 offices, can help you address all your local and cross-borderAML/CTF issues. We deliver a complete, seamless and timelyservice from any region of the world tailored to meet our client’sspecific needs. This ranges from advice on compliance programsand plans, through to advising on regulator actions or privacy andemployment issues connected with AML/CTF regulations.

EDITORIAL

ANTI-MONEY LAUNDERING 3MAY 2009

A N IMPORTANT and exciting eventoccurred in Sydney on 1-2 April2009. AUSTRAC, the Attorney-

General’s Department, the Australian Instituteof Criminology and the Australian BankersAssociation co-hosted a two-day conferencewhich focused on money laundering and terrorism financing. What made yet anotherconference in this area “important and exciting” you might ask? The importance andexcitement was the focus on the real subjectmatter of all anti-money laundering/counter-terrorism financing (AML/CTF) regimes –the crimes of money laundering and terrorism financing – within the context of aconference that brought together all of themain players in AML/CTF – being the government, law enforcement, the regulatorand of course the reporting entities.

This conference was the first step to creating a space in Australia where all theplayers could meet to discuss developmentsand trends in the crimes that the AML/CTFregime seeks to address. The objectives ofthe conference were fourfold – to inform andguide attendees in current thinking and bestpractices in AML/CTF; the provision ofinsight into international standards andobjectives; spreading useful knowledge tomotivate a higher level of compliance fromreporting entities; and the provision ofdetails of AML/CTF research.

For the first we saw broad discussionabout predicate crimes and money launderingcombined with discussions about AML/CTFcontrols being conducted at the most seniorlevels. Past Australian conferences aimed atthe financial services sector focused on thecompliance and operational risk issues arising from the new laws in Australia. Now that reporting entities are convertingtheir implementation work into business-as-usual models, it is appropriate and timely for the focus to shift to the real issues and forall stakeholders to discuss issues together.

The profile of the international speakerswas a credit to the efforts of the conferencehosts and to the respect that Australia hasfrom its peers overseas. The hosts of the conference and Australian reporting entitiescan measure the importance of this event by

the fact that the President of the FinancialAction Task Force attended and spoke at thetwo-day conference. During those two days,the Australian audience was frequentlyreminded by the international speakers of thesignificant achievements of AUSTRAC as afinancial intelligence unit and, in particular,the achievements of its current ChiefExecutive Officer, Neil Jensen PSM, alsoChair of the Egmont Committee. Conferenceattendees were left in no doubt that Australiaholds a respected place on the worldAML/CTF stage through the efforts of both AUSTRAC and Mr Jensen. This is asignificant result for a small country fromthe southern hemisphere. AUSTRAC willlose an outstanding contributor in this fieldwhen Mr Jensen steps down from the helmof AUSTRAC in July of this year.

Australian reporting entities in the finan-cial services sector can reflect on benefitsthat flow from the high esteem in whichAUSTRAC is held by its international peers.Such esteem contributes to the confidencethat other countries have in the AustralianAML/CTF regime, which in turn makes iteasier for Australian businesses to participatein the global financial and payments systems.

As a result of the final date for the 2008 compliance reports falling on the daybefore the conference, and the subjectsaddressed by the conference speakers,money laundering and compliance with theAML/CTF requirements were covered inarticles within the first 10 pages of TheAustralian Financial Review three days in arow (1-3 April). This kind of press coverageis invaluable in helping keep AML/CTF as aserious agenda item for management teamsof reporting entities, despite the savage con-sequences of the global economic turmoil.

We need more conferences of this calibre. We need to keep the discussion onthe crimes addressed by AML/CTF lawsfront and centre. It is time to move frombeing compliance-driven to being crime-driven in terms of AML/CTF debate. In mytime as Editor of this magazine I have soughtto bring crime into the mainstream articles ineach issue as there is no doubt that this typeof information should be the driving force in

any AML/CTF program. This magazine is also focusing on bringing this type of content to the forefront in our plans for the magazine’s AML/CTF conference on 16-17 November 2009.

One of the international speakers, Dr Peter Reuter, kindly agreed to review anarticle for publication in this issue on his presentation about the costs and benefits ofthe global AML/CTF regime. His commentsat the conference produced much debate. He posed key questions as to what impactAML/CTF laws have had on predicate crime reduction and deterrence as well as the value of imposing costly regimes on small countries which face much greater problems with corruption than money laundering. It will be interesting to see if the risk-based approach to money launderingand terrorism financing might one day see different qualities of regimes adopted in countries which face quite different levels of risk – as well as very different financialresources to apply to the issue.

The global AML/CTF regime is barely21 years old. It has achieved an extraordi-nary level of uptake as a global regulatorysystem in a short period of time, no doubtassisted in later years by the reaction toSeptember 11, 2001. It is time to invest in global and national assessments of itseffectiveness and ask whether the players in our economies best placed to address themany different points of weakness in moneylaundering and related predicate crime are all equally engaged through this regime’scurrent structure. This is a compelling question, given the likely delay in imple-menting Tranche II of the AML/CTF Act that would expand its reach to lawyers,accountants and real estate agents. ■

By Joy Geary EDITOR

The Australian government

takes the lead

About World-CheckWorld-Check’s risk intelligence on heightened-risk individuals and entities is updated daily in real-time by its international research team, and is derived from hundreds of thousands of public sources. Coverage includes money launderers, financial criminals, terrorists and sanctioned entities, as well as individuals and businesses from more than a dozen other high-risk categories. The database also covers Politically Exposed Persons (PEPs), their family members and associates worldwide. World-Check’s intelligence and tools find direct application in financial compliance, Anti Money Laundering (AML), Know Your Customer (KYC), PEP screening, Enhanced Due Diligence (EDD), fraud prevention, government intelligence and other identity authentication, background screening and risk prevention practices. World-Check offers a downloadable database for the automated screening of an entire customer base, as well as a simple online service for quick customer screening. If you are looking for results, look no further – with a 97% annual client renewal rate, the facts speak for themselves.

Over 3 000 institutions worldwide rely on World-Check for theirKYC, AML and Enhanced Due Diligence (EDD) compliance requirements.

Who is hiding in your customer base?

www.world-check.com

CONTENTS


FEATURES

3 Editorial

6 News

9 Electronic verification demystified

23 AUSTRAC COLUMN The importance of AML/CTF measures in a global financial crisis

24 Missing in action – the Second Tranche

28 Assessing anti-money laundering controls

32 Country risk verification –the qualitative v quantitative debate

36 Miami Conference at a glance

38 LONDON CALLING The G20, IMF and money laundering

39 NEW YORK, NEW YORK Banks to test new SWIFT format

40 INTERVIEW Joy Geary asks John Byrne about thehot AML/CTF topics in the United States

42 DOING THE CRIME Al-Qaeda: a decade of global (?) terrorist financing

EDITORIAL

EDITOR: Joy Geary – [email protected]

SUB-EDITOR: Roger Balch

CONTRIBUTORS: Adam Courtenay, Aub Chapman, Martin Coyle (London), Professor Peter Reuter (USA), Dr. Nicholas Ridley (United Kingdom),Stephen Watts (Baker & McKenzie)Brett Wolf (New York),

PRODUCTION AND DESIGN

CREATIVE DIRECTOR: Jo Fuller

COVER DESIGN: Elly Walton Illustrations (UK)

ADVERTISING AND SUBSCRIPTIONSMANAGER, MARKETING: Jason Sheil – Tel: + 61 2 9776 [email protected]

ANTI-MONEY LAUNDERING MAGAZINE IS PUBLISHED SIX TIMES A YEAR BY

AFMA – Level 3, 95 Pitt Street, Sydney NSW 2000.GPO Box 3655, Sydney NSW 2001

Tel: + 61 2 9776 4411 Fax: + 61 2 9776 4488

www.afma.com.au

Disclaimer: This publication is designed to provide accurate and authoritative information in regard to the subjects covered. It is distributed with the understanding that the AFMA is not engaged in rendering legal, accounting or other professional service. If legal advice or other expert assistance is required, the services of competent professional persons should be sought. AFMA Anti-moneylaundering magazine presents the views of a range of commentators on AML issues for the benefit of readers and AFMA does not necessarily endorse these views.

anti-money laundering

This publication is copyright. Other than for the purposes of, and subject to the conditions prescribed under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system, or transmitted without prior permission. Enquiries should be addressed to AFMA.

T HE MULTI-DONOR Trust Fund –the first in a series of so-called topical trust funds – started

operations on May 1, 2009, and will provide about US$31 million over five years to contribute to the strengthening of globalAML/CTF regimes by using IMF expertise

and infrastructure. Switzerland, Norway,Japan, Saudi Arabia, the United Kingdom,Luxembourg, South Korea and France willprovide about two-thirds of the financing.Discussions are ongoing with other donorswho have expressed interest in contributing to the fund. ■

T HE AUSTRALIAN money-launder-ing regulator has received a strongresponse from financial services

firms in its latest round of compliance reportsbut is still battling low compliance rates in thegambling and money services sectors. NeilJensen, chief executive of the AustralianTransaction Reports and Analysis Centre, toldComplinet that around 8000 reporting entitieshad filed their reports for the 2008 calendaryear. The figures indicate that out of the15,000 entities registered with AUSTRAC,nearly half failed to meet the March 31 deadline. AUSTRAC said that it was stillworking with reporting entities to get thereports in and would send out letters of non-compliance to those still outstanding.

The AUSTRAC chief said compliance in the “banking and finance” and “non-banking financial services” sectors had

been reasonably high, with between 85 and 90 percent of reporting entities filing on time.(“Banking and finance” includes domesticbanks, foreign and investment banks, financialservices firms, credit unions and buildingsocieties; “non-banking financial services”includes financial planners and insurance brokers, insurance product issuers, custodians, superannuation fund trustees, stockbrokersand managed investment trustees.)

In the gambling and money service sectors, however, compliance was well below 50 percent. Some of the problem areas continue to be pubs and clubs, bookmakers and alternative remittance dealers – industries that have also been a problem for AUSTRAC in the registration phase.

Jensen said that AUSTRAC still had“quite a bit of work to do” in these markets

but he was reasonably satisfied with theresponse from the financial services sector.

“Of the 15,000 entities that have registered online, we’ve now got just over8000 compliance reports coming in. We had12,200 compliance reports for the 2007 year,so there’s still some way to go. The problemareas again are generally those smaller entities — bookmakers, alternative remittancedealers. Of course, these are also the sorts of areas where the number of reporting entities is very high,” he said.

AUSTRAC has once again indicated thatit intends to work with reporting entities toachieve full compliance rather than resortingto aggressive enforcement action at this stage. As a next step, the regulator intends to issue a “strongly worded letter” to anyreporting entities that had not submittedreports by early May. ■

NEWS

MAY 2009 ANTI-MONEY LAUNDERING6

IMF fund to fight money laundering and terrorist financing

Financial services sector ‘leading AML compliance’

Powered by

A JOINT ASIA/PACIFIC GROUPon Money Laundering/FinancialAction Task Force report on the

vulnerability of the casino and gambling sector is now available on the APG website.

The vulnerability of casinos was recognised in the revision of the FATF 40 Recommendations, with obligations on casinos being significantly enhanced. The

APG and FATF undertook a joint study ofvulnerabilities in the gaming and casinos sector. The project was led by New Zealand,with Rachael Horton of the New ZealandDepartment of Internal Affairs leading thework, including the drafting of this report.

The work arose due to FATF and APGmutual evaluations and earlier typologieswork, which noted a range of money

laundering and financing of terrorism risk factors related to gaming and casinos.The project has examined and illustrated areas of vulnerabilities in the gaming andcasino sectors with an emphasis on legal sectors that have a physical presence. The project has sought to identify sector-specific money laundering or terrorist financing indicators; and to highlight possible policy implications for effectiveimplementation of the FATF standards tocover casinos and gaming.

Data in the report was derived from members of the FATF, APG, other FATF-styleregional bodies and open sources. ■

Report on casino and gaming sector vulnerabilities

The International Monetary Fundwill launch a donor-supportedtrust fund to finance technicalassistance for anti-money laundering and counter-terrorismfinancing (AML/CTF).

NEWS


T HE AUSTRALIAN anti-money laundering regulator has released a selection of AML case studies

to demonstrate the role that transactionreports play in the fight against crime. AUSTRAC said that reports (suspiciousmatter, threshold transaction, internationalfunds transfer and cross-border movement)had directly assisted with many majorinvestigations and prosecutions.

Neil Jensen, AUSTRAC chief executive, said that the regulator wantedreporting entities to be aware of the essential role that transaction reports play in detecting money laundering, terrorism financing and other major

crimes such as drug trafficking, fraud andpeople smuggling.

Jensen stated: “By meeting theirAML/CTF obligations, reporting entities provide AUSTRAC with the vital informa-tion required to support partner agencieswith investigations and prosecutions. In the 2007-08 financial year, AUSTRACreceived nearly 18 million financial transaction reports, so it is important that we demonstrate how this information isbeing used and the significant results they help achieve.”

The AML/CTF Reports and CaseStudies: Summary can be downloaded from the AUSTRAC website. ■

A USTRALIAN BANKS have calledon the government to push aheadwith Tranche II of the anti-money

laundering regime, arguing that any furtherdelays will pose a risk to the integrity of thefinancial system. The head of the bankingindustry association said that Australia waslagging behind other countries with its AMLrequirements for so-called “gatekeeper” industries. The banking industry was speaking out following comments from the Attorney-General which indicated the government would delay Tranche II until the financial outlook improved.

David Bell, chief executive of theAustralian Bankers Association, said thatAustralia’s failure to expedite tranche twomade a mockery of its commitments to implementing the Financial Action TaskForce’s 40+9 Recommendations. He said that the AML framework would only ever be as strong as its weakest link. As such, ifthere were unregulated sectors that criminalscould exploit then the reforms in the financialsector would be of little real benefit.

Robert McClelland, Attorney-General,told the Anti-Money Laundering and Counter-Terrorism Financing Conference thatthe government did not want to rush throughany further AML reforms in the current financial climate. McClelland indicated that

the government was conscious of the need tobalance the second tranche of reforms againstthe “very immediate needs of business in thecurrent financial climate”.

“The global financial crisis increases the risk of this type of activity but it has to bebalanced against concerns that industry mayhave regarding compliance. The governmentis currently considering the feedback receivedand will continue to monitor conditions,” he stated.

Tranche II of the Anti-Money Launderingand Counter-Terrorism Financing Act 2006 was

expected to be finalised later this year, bringinglawyers, accountants, real estate agents andjewellers under the AML/CTF regime.

Bell, meanwhile, argued that failing topush ahead with Tranche II would leaveAustralia “out of step” with the FATF and the other major economies that had regulatedgatekeeper industries.

He stated: “One of the risks of not proceeding with the legislative program is international non-compliance.

The [FATF] assesses whether countries arecomplying with the 40 Recommendations,which set out the measures which nationalgovernments should take to implement effective AML programs.

“Australia remains behind the rest of the world on compliance. While the bankingand financial sector is complying, the FATFjudges Australia as a whole rather than sector-by-sector.”

Bell said that although Tranche I entitieswere at the core of the financial system,lawyers, accountants, real estate agents and

jewellers also completed large transactionssimilar to financial institutions and “are inideal positions to report instances of suspectedmoney laundering”.

He added: “It is important that the regula-tor, AUSTRAC, has increased opportunities to detect instances in these businesses wherelegitimate transactions are being used formoney laundering and terrorism financing,otherwise criminals may use this loophole for illegal activities.” ■

Powered by

Banks call for progress on Tranche II

AUSTRAC highlights role of transaction reports

“... argued that failing to push ahead with Tranche II wouldleave Australia “out of step” with the FATF and the other major economies that had regulated gatekeeper industries.”

“... reporting entities provide AUSTRAC with the vital informationrequired to support partneragencies with investigationsand prosecutions.”

Detect Inspect Resolve

TransWatchTM

introducing the smart way to protect

yourself and your assets

Key Benefits include:

US

UK

UAE

Australia

TransWatch™ is a rule-based financial crime solution for detecting,

investigating and resolving suspicious activities as part of a firm’s

AML process.

TransTTTrTintroducing t

yourse

s atatWthe smartrt wayay t

elf and your ass

chTM

to protecct

sets

FEATURE


Overview A reporting entity (RE) is required to verifyall information provided by its customers.One of the key issues for an RE is where the RE relies on third parties to undertake the verification of identification informationprovided by its prospective customers.

Part 2 of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006(Cth) (AML Act) sets out the identificationrequirements which need to be satisfied by the RE and must form part of the RE’sAML/CTF program.

Part 4 of the Anti-Money Laundering and Counter-Terrorism Financing RulesInstrument 2007 (No.1) (Cth) (AML Rules)provides more detail regarding the RE’s customer identification procedures. The AML Act and the AML Rules require that the RE’s procedures cover the following kinds of customers:

• individuals; • companies;• customers who act in the capacity of a

trustee of a trust;• customers who act in the capacity of a

member of a partnership;• incorporated or unincorporated associa-

tions;• registered co-operatives; and• government bodies.

Obligations on the RE

Collection of informationThe AML Act and the AML Rules require that an RE collect a minimum amount ofinformation from its customer. The nature of the information required to be collecteddepends on the legal status of the customer(i.e. whether the customer is an individual or a company).

Reporting entities and electronic verification

�

By Stephen WattsPARTNER, BAKER AND MCKENZIE

FEATURE

Verification of information The AML Act and the AML Rules alsorequire an RE to have verification proceduresin place to verify the identification informa-tion being provided by the customer. With all types of customers, the AML Rulesprovide for the RE to rely on:• reliable and independent documentation; • reliable and independent electronic data

for the purpose of verification (electronicdata verification); or

• a combination of both.

Where a customer is an individual

Collection of informationThe AML Act and the AML Rules require that an RE collect a minimum amount ofknow your customer information from theindividual: namely the individual’s full name,date of birth and residential address (individual’s information). The RE is alsorequired to have appropriate risk-based systems and controls to determine whetheradditional information should be collectedfrom the individual.

General verification requirements of individuals The AML Rules require that the RE, at a minimum, be able to verify the individual’sfull name and either the individual’s date ofbirth or residential address.

The verification of the individual’s information must be based on:• reliable and independent documentation; • electronic data verification; or • a combination of both.

Safe-harbour procedures for verification of individuals Where the RE has determined that the indi-vidual is considered medium or lower risk,the RE can rely on the document-based verification or electronic verification procedures set out in the AML Rules for verifying the individual’s information, and consequently be considered compliant under the AML Act and AML Rules.

Document-based verificationIn order to verify the individual’s full nameand either the individual’s date of birth or residential address, the RE must verify theinformation from:• an original or certified copy of a primary

photographic identification document(such as a driver’s licence or passport); or

• both an original or certified copy of a primary non-photographic identificationdocument (such as a birth certificate orcitizenship certificate) and an original or certified copy of a secondary identifi-cation document (tax return or utility bill) (together, the document verificationrequirements).


Where the RE hasdetermined that the individual is considered medium or lower risk, the RE can rely on thedocument-based verification or electronic verificationprocedures set out in the AML Rules for verifying the indi-vidual’s information.

�

�

The safe-harbour electronic verification procedure providedunder the AML Rules is moreonerous than that provided underthe safe-harbour procedures fordocument-based verification.

FEATURE

Electronic verificationThe AML Rules provide for a procedure foran RE to rely on electronic verification wherethe individual is considered medium or lowerrisk. However, the information to be verifiedis different to that set out in document verification requirements.

If relying on electronic verification, theRE must be able to verify:• the individual’s name and residential

address using reliable and independentelectronic data from at least two separatedata sources; and either

• the individual’s date of birth using reliable and independent electronic datafrom at least one data source or that the individual has a transaction history forat least the past three years (together, theelectronic verification requirements).Note that the safe-harbour electronic

verification procedure provided under theAML Rules is more onerous than that provided under the safe-harbour proceduresfor document-based verification.

Implications of electronic verification for a RE

There are four important considerations for anRE when contemplating whether electronicverification is appropriate for its complianceunder the AML Act.

Electronic data verification As set out above, the RE already has recourseto rely on electronic data verification underthe general verification requirements of individuals, irrespective of whether to rely on

the safe harbour principles or determiningwhether the individual is considered a medium or lower risk. Irrespective of whether the RE considers the individual to be medium or high risk, the AML Rulesgives the RE scope to rely on electronic data verification.

It is for the RE to determine whether it isappropriate, given the risk-based systems and controls of the RE that is required underthe AML Rules, to rely on the electronic data verification, given the risk profile of its compliance obligations under the AML Actand the risk profile of its customer base.

And the RE may decide to use electronicverification processes but increase the extentof its monitoring controls on customers itaccepts in this way for a period of time until it is satisfied regarding the customer’sactivities and account behaviour.

Reliance on the safe-harbour electronic verification procedureLinked to the risk associated with relying on electronic data verification is the risk associated with relying on the safe-harbourprocedure for electronic verification set out inthe AML Rules. By accident or design, thedocument verification requirements and electronic verification requirements are different. The difference may be an implicitacknowledgement by AUSTRAC that the riskassociated with identity verification by relyingon electronic verification is higher than thedocument-based verification. This is borne outin the additional requirement to verify allthree elements of the individual’s information,or two elements plus proof of a transactionhistory of at least the past three years. The lengthy timeframe associated with this

requirement suggests that, in cases where the individual is a new or existing customerwith a relationship of less than three years,AUSTRAC is setting the verification require-ment (all three elements of an individual’sinformation) higher than the document-basedverification. The RE bears the compliance riskif it falls beneath these requirements since it isnot satisfying the safe harbour requirements.An RE following this path needs to be able todemonstrate the adequacy of its electronicverification processes if challenged by AUS-TRAC. This would not be an easy obligationto satisfy since the implicit purpose of the safeharbour is to establish a minimum standard.

Reliance on external parties In order for the RE to undertake electronicverification effectively, the RE would need to consider contractual arrangements withservice providers for the electronic data verification. Section 4.10.2 of the AML Rulesrequires the RE to consider the following factors when considering electronic data verification:• the accuracy of the data;• how secure the data is;• how the data is kept up-to-date;• how comprehensive the data is (e.g.

by reference to the range of personsincluded in the data and the period overwhich the data has been collected);

• whether the data has been verified from areliable and independent source;

• whether the data is maintained by a government body or pursuant to legislation; and

• whether the electronic data can be additionally authenticated.There is a limit to the extent that the RE

can accurately determine the veracity of theservices provided by the service providers. In this instance, the RE will need to considerthe additional risks associated with relying on service providers to verify its customer’sidentification. It is advisable for the RE toundertake effective due diligence on prospec-tive service providers, to ensure that the REhas identified and considered any and all risksinvolved in relying on such services.


�

The RE bears the compliance risk if it fallsbeneath these requirements since it is notsatisfying the safe harbour requirements.

�

There is a limit to the extent that the RE can accurately determine the veracity of the services providedby the service providers.

FEATURE

Some of the areas that the RE should canvas with services providers are well illustrated in the accompanying article surveying three electronic verificationproviders in Australia. One of the most important areas is what the service providerdoes when it is unable to positively verify a person. The RE needs to understand thepotential for this to occur, and then establishalternative and adequate processes to ensurethat it is able to be reasonably satisfied that the person is who they claim to be.Having to resort to these alternative processescauses delay and additional expense in accepting a customer.

Sections D2.4 – D2.9 of AUSTRAC’s self assessment document ask a series of questions about the decision-making and controls that AUSTRAC believes should be considered when relying on electronic verification. These include:• analysis of the risks of relying on

electronic verification;• testing and quality control processes;• articulation of what the RE has decided

is adequate for each data element to beverified; and

• the setting of predefined tolerance levels for matches and errors in electronic data.An RE using a service provider must also

consider its record-keeping obligations underthe AML/CTF Act. The nature of the recordsto be kept and the method of their storage

and retrieval will be different to the processesinvolved for documentary records generatedin customer identification procedures.

The RE would need to ensure its contrac-tual agreement with the service provider adequately documents the nature of the relationship between the parties, including the rights, responsibilities and expectations of all parties. The RE would also need toensure that the agreement between the partiescovers any procedures which must be followed in the event of breach, terminationand migration of arrangements from serviceprovider to service provider.

Implications for non-individual customersThe discussion above has focused on theimplications of electronic verification of individuals. The issue arises as to how it may influence the RE’s deliberations whenconsidering whether to rely on electronic verification for non-individual customers.

As discussed above, AUSTRAC seems to require a more onerous safe-harbour procedure for electronic verification. Such asafe harbour procedure is not available for non-individual customers. However, the RE

is able to rely on electronic data verification(among others) as the basis for verifying non-individual customer’s identification information. Consequently, the manner inwhich AUSTRAC has structured the safe harbour procedure for electronic verificationof individuals is indicative of some of theissues that the RE should consider when andto what extent it relies on electronic data verification. The RE should consider therequirement in the electronic verificationrequirements for transaction history of at least the past three years and whether, if it cannot satisfy such a requirement, electronic data verification of non-individualcustomer’s information is appropriate.

Additionally, the number of data sourcesrequired by the electronic verification require-ments should inform the RE as to whether the service provider is suitable, as the serviceprovider would need to be able to provide sufficient data sources to verify each type ofinformation to be verified as required underthe AML Rules.

Conclusion Electronic verification has the potential toprovide efficiency and cost savings to the REin complying with its obligations under theAML Act. It can allow an RE to operate without a branch structure and without physical premises that its potential client base can visit for the purposes of undergoingface-to-face application processes. However,the manner in which electronic verification is set out in the AML Rules suggests that the RE should carefully consider the merits of relying on it. In particular, the RE shouldconsider the risk profile of its business and its customers to ensure that this does notresult in additional (and potentially costly)compliance if electronic verification is to be used. The RE should also consider thecompliance risk associated with electronicverification. Finally, the RE should ensure that it is fully informed about any serviceprovider it engages to provide electronic verification and has appropriate risk-basedsystems and controls to manage and mitigateany risks associated with electronic verification by a service provider. All of thiswould need to be adequately covered in thecontractual agreement between the RE and the service provider. ■


�

The number of data sources required by the electronic verification requirements should inform the RE as to whether the service provider is suitable.

The manner in which electronic verification is setout in the AML Rules suggests that the RE shouldcarefully consider the merits of relying on it.

We surveyed three vendors of electronic verification services against the minimumKYC requirements set out in Chapter 4 and the results are shown in this table. This survey was part of the broader survey covered in the following pages.

13

FEATURE


Survey of Electronic Verification Service Providers Adam Courtenay asked 20 questions of three Australian electronic verification service providers. The answers were summarised and collated in the following table to help reporting entities compare the answers of the three providers. The questions asked cover issues that reporting entities should be considering in their risk assessments of whether to use electronic verification services and to assess the risks of service providers. The AFMA Anti-Money Laundering Magazine thanks the service providers for the information they provided.

We asked the following questions:

Name the databases that you use or access in the course of providing verification services? Identify those that you maintain yourself.

Australian Electoral Roll

Sensis White Pages

Dept of Immigration

Other databases: Watch lists DFAT and OFAC; Australia Post Postal Address File; World-check comprehensive list of PEPs.For commercial entities – data sources are ASIC as well as the D&BCommercial database, which has which has more than 130 millioncompany records worldwide and 2.8 million in Australasia.

Databases managed by D&B:• FCS OnLine Public Number Directory: derived from the Integrated

Phone Number Directory (IPND) under legislation using FCSOnLine’s proprietary search and match, and data quality standards;

• FCS OnLine Number and Address Database (derived from historicalElectoral Rolls)

• Watch Lists – DFAT and OFAC• Dept of Immigration database• Australia Post Postal Address File• World-check comprehensive list of PEPs.

Commercial entities – data sources are ASIC as well as the D&BCommercial database

Describe who you are and what you do. D&B manages one of the world’s biggest commercial databases withinformation on more than 130 million companies. In March 2009, Dun & Bradstreet acquired FCS OnLine which provideselectronic identity verification and customer contact services. FCS wasset up in 2002, to provide electronic verification techniques for AMLas well as customer contact solutions.FCS OnLine has access to a number of government and non-governmentdata sources.

Describe the characteristics of these databases i.e. what specific data sets do they hold (currency, reliability, source)against the data elements you verify?

The proprietary databases are the FCS OnLine Public NumberDirectory and the FCS OnLine Number and Address Database. There is also the D&B Commercial Database. The two FCS databasesare sourced through (but not limited to) the Australian Electoral Roll and the White Pages Telephone Directory which together offer150 million records, dating back 10 years. Australia Post offers national address verification. D&B has found that by using both the FCS OnLine and Sensis derivedpublic number directories, verification match rates increase between2% and 5% over using only one of the data sources.

What is the name of your company? Dun & Bradstreet (incorporating FCS OnLine)www.dnb.com.au

FEATURE


The greenID team is Deloitte Touche Tohmatsu, Edentiti and theGlobal Data Company (GDC). Deloitte is the Integrator of the greenIDsolution with Edentiti providing the self-verification capability throughaccessing dynamic databases. Edentiti was formed in 2004 and sprungout of a Canberra-based innovation incubator. greenID introduced its first AML/CTF product in April which forms thebasis of greenID. Australian-based GDC sources international databases worldwide for the purpose of compliance, money launderingprevention, identity theft, terrorists watch lists and consumer andbusiness direct marketing.

Veda Advantage is a major provider of electronic verification servicesin Australia and New Zealand. Financial and telecom institutions alsouse Veda Advantage to provide critical commercial and consumercredit reporting, in addition to its suite of verification products, whichpre-date both the FTRA and AML/CTF verification requirements.


Sensis White Pages

Dept of Immigration

Other databases: Transaction history based on historical White Pages;National Telephone File; National Citizen File; Medicare; ATO; DFAT;State of Queensland Drivers Licence Registry; Australian CapitalTerritory Drivers Licence Registry; E-Way Electronic Road Tolls;University of Melbourne Alumni Registry; Queensland University ofTechnology Alumni Registry.

Databases managed by greenID:Australian Electoral Roll, Telephone White Pages, transaction historybased on historic White Pages, National Telephone File and NationalCitizen File


Sensis White Pages

Dept of Immigration

Other databases: Veda Advantage maintains the following databases:the Veda Advantage Identity Bureau Data, Veda Advantage CreditBureau Data, Insurance Reference Service, National Tenancy Database,Australian Electoral Roll (with Electoral Roll Commission), ASICDirectors Information (with ASIC) Public Record Information, VPND(together with the IPND manager).

The static databases used by greenID are the so-called conventional“look-up” types where a third party such as a vendor can look up anindividual’s details and compare them to the identity elements thathave been claimed. These look-ups do not require any consent on the part of the owner of the identity to access.

The specific data elements are as follows: Australian Electoral Roll (name, address); Telephone White Pages (name, address, telephone) Transaction History based on historical White Pages (name, address) National Telephone File (name, address, telephone) National Citizen File (name, address).

greenID facilitates a secure electronic presentation by the owner of the identity directly to independent government entities at theirwebsites to verify whether the person who has presented is in fact the person they claim to be.

Veda Advantage proprietary datasets hold information such as name,address, date of birth, transactional history information, driverslicence number and passport information. These datasets are updatedseveral times a day. In addition, Veda Advantage has dedicated dataquality teams who work to improve Veda Advantage’s data throughmanual, scored and technology approaches.

Publicly available datasets are updated in frequency by their ownersfrom daily to quarterly. Veda Advantage installs updates within 24 hours of their provision to Veda Advantage where they are provided by disc. Other updates are installed overnight as received.

greenID www.greenid.com.au

Veda Advantagewww.Veda Advantageadvantage.com.au

FEATURE


Describe how you keep your own databases current?

Updates are created for the FCS databases using FCS OnLine’s proprietary search and match, and data quality standards on a daily basis. The D&B Commercial database undergoes a thorough quality assurance process to keep data bases comprehensive and up-to-date.This includes what we term a “DUNS Number” – a unique nine-digitidentification which identifies single business entities and links corporate and family structures together.

How do you ensure the third-party databases which you rely on and access are accurate and up to date?

Contract requirements are secured during the negotiation process andsupported by regular audits and quality processes at D&B, for exampledata validation. Over-arching all of this is D&B’s adherence to therequirements of the quality standard – AS/NZS ISO9001:2000, whichforms the basis of D&B’s quality assurance system.

What (if any) undertaking do you give to the customers that the information provided is accurate and up to date?

As with question 6.

Do you exclude any liabilities to customersin respect of the verifications you provide?

Again, adherence to the quality standard – AS/NZS ISO9001:2000 is designed to prevent any liabilities from occurring throughout the process.

How do you data match and what do youdo when there is an insufficient match?

IndividualsThe Identi-Check solution uses a compliance algorithm that is basedon verifying the name and address of an individual using “reliable andindependent electronic data from at least two separate data sources”and confirming that the customer has a transaction history within thelast three years.The methodology uses a scoring system and a set of conditional rules to corroborate the supplied customer information against, at minimum, two reliable and independent data sources. The D&B Identi-Check solution comprises numerous and varied datasources. To ensure that all datasets are considered in conjunction(rather than in isolation) for customer verification purposes, D&Bapplies scorecard methodology and creates compliance algorithmsand business rules tailored for each individual risk situation.

CompaniesD&B AML Solution is a robust platform that will allow clients to perform AML Compliance assessment on their “non natural entities”. There are several different entity types. As such there are several distinct algorithms that will be applied to determine AML compliancefor these entities.

Dun & Bradstreet (incorporating FCS OnLine)

FEATURE


greenID applies the updates from static databases as they arereceived. In the case of the Electoral Roll, National Telephone File and National Citizen File, updates are received every three monthsand around 15,000 times a day for the Telephone White Pages.

Veda Advantage employs a number of techniques, processes and technologies to address its obligations. These include:• tight validation and enrichment rules; • a very strong and accurate matching capability;• a well-structured data model that supports data integrity;• regular data cleansing routines that support the data;• well proven and established investigative and amendment processes. Veda Advantage employs a dedicated data quality team of more than20 people.

The dynamic databases are maintained and securely stored by thegovernment agency or department under their charter or enablinglegislation and to their standard, which is a legislatively mandated government standard.greenID understands that the dynamic databases are updated and maintained in real time by the relevant government agency ordepartment.

Veda Advantage employs dedicated data managers, who manage key data supplier relationships and they apply the same diligence to external data sources as Veda Advantage’s own.Veda Advantage conducts regular audits of suppliers’ data to ensurethat data quality is maintained to the highest level, and VedaAdvantage maintains strict service levels and quality assurance practices with key data suppliers.

greenID is unable to provide any undertakings that the informationprovided is accurate and up to date. It depends on the extent to which people keep their electronic identity records accurate and up to date, and the extent to which government agencies or departments do the same.

Veda Advantage is bound by the provisions of the Privacy Act whichrequires the company to maintain its own databases as accurate complete and up to date. Veda Advantage says it is in regular dialoguewith the Office of the Privacy Commissioner as a “key provider offinancial services infrastructure”.

Under the AML/CTF Act it is incumbent on the reporting entity todetermine the match parameters and that the specific parts of a data element are sufficient for a verification to be valid. greenID provides the reporting entity with access to the data sources but cannot be liable for any aspect of the actual data or the verification.

As Veda Advantage is unable to control how a client uses the data provided, Veda Advantage retains usual commercial liability exclusions.

Matching against the static databases is done within greenID using a matching algorithm to a standard set by the reporting entity asrequired under their AML/CTF program and risk appetite.Matching against dynamic databases is done by the governmentagency or department under their legislation and to their own standard (sufficient to safeguard the interests of the government, the taxpayers and the true owner of the identity that is seeking to be verified).The determination as to whether there is an insufficient matchdepends on the risk appetite of the reporting entity, however greenID has the ability to “push” the user to chose other data sources where they are likely to have an electronic identity or to use more “out-of-wallet” or “securely stored-at-home” personalinformation that will generally stop an identity thief from being unwittingly verified.

If an individual person cannot be satisfactorily verified within the risk rules set out by the reporting entity, that attempt (or attempts) will go into a pending queue for manual review by the entity. Often these involve an entity being willing to accept a change of name (ie women who have recently married) or a change of address (ie 24% of electoral roll addresses are already out of date as from the last federal election) or a change in first name (Robert v Bob, Elizabeth v Liz).If all else fails, greenID can facilitate and more importantly track a “face-to-face” verification at Australia Post or other points of physical representation such as a bank branch network.

The matching and result calculation constitutes the last step of theVeriCheck AML process flow. The primary objective is to assess the customer records retrieved in the search and retrieval, using a different set of algorithms to identify the best possible match fromeach database.Each record retrieved is assessed using a matching algorithm to evaluate how similar that record is to the identity data provided oninput. This layer of logic ensures that the phonetically similar recordsretrieved during the search phase are reassessed in terms of actualsimilarity while making allowance for phonetic closeness.VeriCheck AML utilises comparison matching algorithms to assess thesimilarity between two given strings of data. It then returns a valuethat indicates the degree of similarity between these two strings.The matching and result calculation commences at data element leveland concludes with the return of a number of high level summarymatch indicators. Each level is utilised to calculate the match resultlevel above it. The three verification result levels are:• data element match results• data component match results• database match resultsThe data component match results provide a single result for a meaningful group of data elements. An example of a data componentwould be a customer’s name, which is typically made up of their first name, middle name and surname. VeriCheck AML takes the dataelements that constitute this customer’s name and then assessesthese elements collectively to produce a single verification result forthat data component. This is applied when Veda Advantage considersinsufficient matches in line with the other matches achieved againstthe various datasets.

greenID Veda Advantage

FEATURE


What is your overall success rate (and to what standard) across all your current users?

Success rates vary dependent on the level of compliance required. For some 80% is acceptable, others 90%. Success depends on exceeding the service level agreement with each client.

What DFAT screening do you offer? Do you also offer RBA list screening?

The DFAT screening D&B uses focuses on name, date of birth andpassport details: D&B also uses a Department of Immigration databasewhich advises passport validity with regard to name, date of birth,passport number and expiry date.

Can you offer EV for countries other than Australia?

EV is available from a commercial perspective in other countries via D&B’s international network which has information on more than 130 million companies.

What passport verification do you offer(MRZ algorithm or other?) Also what drivers licence verification do you offer(algorithm or other)?

D&B verifies against Department of Immigration lists. From a privacy perspective D&B does not use an official driver’s licence set.

What PEP list screening do you offer? D&B use World-Check for PEP lists. World-Check provides a comprehensive list of known heightened-risk individuals and businesses including Australian and international PEPs.

What is involved in installing your solution, i.e. indicative costs and average time to go-live?

D&B’s solution is deployed via different channels so it is difficult toprovide a “one-size fits all” solution. Clients can use D&B’s EV solutionvia a website link which is almost immediate, or a technology solutioninstalled in a client’s premises which allows the verification rules to sitdirectly within a client’s infrastructure. A full implementation of thisscale can take anywhere from six weeks to 12 months depending onthe complexity required. The website solution is almost immediate.Solutions’ costs are tailored to meet a client’s budget and again varydependent on the scope and complexity of the solution required.


FEATURE


The overall success rate is between 85 to 95%. Most of the users are raising their EV standard to Electronic Safe Harbour (or the equivalent) standard as defined by the AML/CTF rules, as greenID can offer them the capability to do so.

Veda Advantage owns or contracts to access data covering 97% ofAustralia’s population between the ages of 18-65. The 97% does notguarantee that in every instance there will be a name and addressagainst two separate data sources, or that date of birth or transactionhistory as required by the AML/CTF rules can be verified. Completedata may exist on only one dataset, or components held on a numberof datasets may be missing a component that is required to permit anentity to sign off against the AML/CTF rule requirements.

greenID currently offers DFAT and OFAC list screening. RBA Listscreening is in development.

Solution includes 100% global regulatory coverage and PEP andenhanced due diligence lists. Veda Advantage’s combination of listsenables coverage of PEP and sanctions screening for entities operatingaround the globe. The lists include a diverse range of watchlists produced by organisations, regulatory bodies and countries. A vastarray of central bank lists as well as defence ministry and Interpolwanted lists are included. The DFAT and RBA lists are included.

greenID is already set up for use in New Zealand or by New Zealanderswho have recently moved over from New Zealand to Australia.greenID can also be used to EV individual persons whose identitydetails are still based in one of 110 plus other countries other than Australia or New Zealand. The extent to which these individualscan be verified varies according to the quality of the data that is available.

Veda Advantage either owns, or has a relationship with a number ofcredit bureaus overseas and can provide international data access ona client by client basis.

greenID does not use an algorithm to decode the passport MRZ details.It uses the actual passport details to verify the passport holder againsteither the DFAT passport registry for an Australian passport or theDepartment of Immigration and Citizenship database for a foreign passport holder who has either entered Australia and/or been issuedwith an Australian entry visa by an Australian consular mission overseas.greenID does not use an algorithm to decode or validate an Australianstate/territory issued drivers licences. Again, greenID uses the actuallicence details to verify the licence holder directly against the relevantstate/territory drivers licence registry database.

Veda Advantage offers the MRZ Algorithm and Passport and Visa andResidency Entitlement Verification. Both passport verification servicescan be provided on a client by client basis.Full passport, visa and residency entitlement verification is available toeveryone directly through www.ecom.immi.gov.au/e_visa/vevo.htm Drivers licence verification – Veda Advantage maintains a record ofdriver licence details as part of the identity verification bureau. Veda Advantage stores and maintains this data for the drivers licencesof all states.

greenID currently offers PEP screening using a variety of recognisedsources. PEP lists are provided by recognised PEP list authorities –those which are commonly used by leading financial institutions. For contractual reasons we do not divulge the sources of PEP listsoffered to clients.

See above. Veda Advantage uses the PEP list provided by Accuity,which meets these requirements for inclusion of individuals.

greenID is based on web services protocols so there is no greenID specific software required to be installed on a core e-banking platform. All the e-banking system needs is a 128-bit encrypted secure URL that can make calls out to a dedicated greenID URL tosend and retrieve information from the greenID system.Please note that greenID never makes any outbound web servicescalls as greenID wants the reporting entity to manage all their e-banking system security needs.The average cost of a typical installation is less than $15,000 and can be done in six weeks or less depending on the build required in the core e-banking system. greenID is almost “plug-and play” in terms of ease of installation and configuration.

Installation can be set up in a few hours, and access granted via asecure website. It can be online or offline batch processed. It can beseamlessly integrated into the existing environment, via a range ofdelivery channels ie XML.All Veda Advantage products are fully supported by Veda Advantage,who will provide implementation support, full training and post-implementation support to optimise the solution.Costs Set-up – no upfront licence or set-up fees charged by Veda Advantage. IT Integration – no charge from Veda Advantage, (Veda Advantageprovides a XML developers forum for our customers)Ongoing – there are transaction fees, capped plans.


FEATURE


What plans do you have for furtherenhancements/improvements?

Further developments to the solutions include access to datasetswhich will assist further in verification of date of birth, drivers licencedetails and fraudulent details.

Does your product have any other functionality not covered in the above questions?

The reporting capability and ability to configure the service have been the key factors cited by clients for selecting D&B. For example –management reports can be downloaded, clients can assess matchrates as a percentage in terms of both ‘user’ and ‘product’. From a reporting and monitoring perspective this provides audit trails which are critical for AML legal compliance and also enables management to be dynamic and amend criteria to respond to data trends and prevent fraud.

How does your service comply with the Australian Privacy Act?

D&B says it is compliant with the Australian Privacy Act. Where D&B used publicly available sources and DFAT data, for example, it always discloses this use to customers.

What, in your opinion, makes your EV solution better than your competitors?

D&B says that their clients rate the following areas highly: 1.Ease of customisation 2. Access to unique data – D&B has access to a number of governmentand non-government data sources, including the Australian ElectoralRoll. It also has the unique ability to verify passport informationagainst data from the Department of Immigration.3. The D&B international network – D&B considers this one of theworld’s most valuable commercial databases with information onmore than 130 million companies, all of which is readily availablewhen a client works with D&B Australia.

How many sites do you have that use yourservice as their only verification means?

ING and Rabobank use D&B’s electronic verification means on anexclusive basis.


FEATURE


greenID is now looking at adding more university based data sourcesto cover off that difficult to track 18 to 25 age group who are highlymobile and thus do not have very permanent addresses. greenID isalso looking at adding more drivers licence registries and motoringservices organisations such as the NRMA.greenID is also looking at adding private health fund data sources as these are generally tied to Medicare, healthcare providers andbanking details (for the refunds).greenID is also looking to add local government based data sourcessuch as library memberships.

Veda Advantage is in the process of delivering the following:• 20% increase in ‘safe harbour’ match rates • Improving Medicare, passport, tax file and

other government data sources.

greenID is investigating verification of identity via biometrics stored on a telephone, fingerprint identification or utilising smartcards issued by another organisation. There is also no reason why greenIDcould not verify the identity of a person through their qualifications,places of employ or by any other reason where a person has a relationship with another person or organisation.

Veda Advantage has a 12-year track record of managing closed usergroup fraud prevention communities and databases, supporting a collaborative community-based approach to fraud prevention. Veda Advantage has the ability to estimate the probability that theclaimed identity is invalid, or invalidly claimed by the applicant. This estimated probability (the score) will be used to determine further actions to be taken by the customer, who would establish a threshold level for the score. These fraud prevention solutions are built into the Veda AdvantageElectronic Verification Services as an option for those organisationsthat would like to take advantage of Veda Advantage’s ability andknowledge in this area.

greenID does more than just comply with the Australian Privacy Act1988, it actually enhances the ability of individuals to exercise theirrights under National Privacy Principle No 6. It allows the individualsto ask of an entity: “Do you hold any information about me?” and theright to determine whether their personal details are correct or not.

The proposed solution provides a verification service that relies onaccessing a number or databases (both proprietary and publicallyavailable).The results are delivered on a match/no match basis. The purpose of the structure is to provide the precise amount of information necessary (and no more than that) so as to respect the privacy of the individual who is the subject of the verification request.The collection, use and disclosure processes have been designed toaddress the requirements of the Privacy Act 1988 (National PrivacyPrinciples and Part IIIA provisions).

greenID can offer reporting entities access to more data sources, particularly those that can allow verification of a name and associated date of birth.greenID also uses data sources that are maintained and securelystored by a government agency or department under their charter or enabling legislation, to their standard. That is, a legislatively mandated government standard and similarly interrogated by the government agency or department to their own standard in thecourse of verifying the individual.

Veda Advantage believes that its unique name, address and date of birth data source, combined with matching technology and post sales implementation process, has translated into a significantincrease in customer’s identity verification rates. Veda Advantage continues to work to find innovative ways to improve identity verification rates under the strict privacy regimewhich operates in Australia.Veda Advantage’s aim is to provide: • fraud definition and management capability;• best of breed data reciprocity rules, KPIs and management;• world-class matching algorithms; and • world class provision of data, analytics, research and insights.Veda Advantage’s vision is to provide a platform and set of services tosupport the fraud prevention community, facilitate the relationshipsand communication between the closed user group community andthereby close the circle on fraud.

greenID has over 10 sites in production for EV across numerous industries. This includes use across a range of verification options;static databases requiring no consent, self-verification via the dynamic data sources and sighted.greenID offers a single point view of a composite verification of identity. There are not only database look-ups but administrator look-ups and integration with the Australia Post system.

Veda Advantage offers verification services to over 2000 customers.This is offered on a number of levels: • EV as a standard identity component of the credit process for

consumers and commercial entities.• EV for non AML/CTF requirements for commercial and consumer

entities.• EV for AML/CTF purposes for regulatory compliance for

commercial and consumer entities.Veda Advantage also offers more in depth EV data components for verification of commercial entities where there are increased levels of risk.


Part of every day.

We’ll check they arewho they say they are.

The risk of fraud and security

breaches grows by the day.

So the task of conducting identity

verification has become an essential

part of your job and often a logistical

challenge. But it also takes time.

Australia Post conducts identity

checks at over 3,300 postal outlets,

enabling over 30 reporting entities

to meet their obligations under

AML/CTF legislation. These are

complicated and detailed processes

that they all entrust to Australia Post.

From straightforward checks to

more complex AML identity checks,

we can configure the process to

suit your risk assessment needs.

All your customers need do is visit

a postal outlet with the required

documentation.

Australia Post processes over one

million passport applications every

year and has saved the WA Police

over 15,000 hours of police time by

accepting police check applications

at postal outlets in WA.

Now we would love the

opportunity to take the weight

of customer identity verification

off your shoulders.

Please call Soren Ohrtmann

on (02) 9202 6675 or email

[email protected]

to see how Australia Post can

leave you with one less thing on

your plate.

ANTI-MONEY LAUNDERING

The importance of AML/CTF measures

in a global financial crisis

T O HELP regulated entities understandhow commercial systems can be misused by criminal elements, each

year AUSTRAC publishes the AUSTRACTypologies and Case Studies Report. Thisreport provides regulated entities with casestudies on money laundering and terrorismfinancing methodologies and ‘red flag’ indicators. It illustrates the direct relationshipbetween the financial transaction and suspi-cious matter reports submitted to AUSTRACby regulated entities and tangible results suchas arrests, convictions and asset seizures.

The following is a case featured in the AUSTRAC Typologies and Case StudiesReport 2009 (scheduled to be released in mid-2009).

Massive amphetamines importation seizedAn investigation into a suspected drug importation operation resulted in a massivedrug seizure by law enforcement officers inAustralia. The main Australian suspect in theoperation was involved in the transfer ofapproximately A$127,000 into Australiabefore the importation, allegedly to coveradministrative expenditures involved in theoperation. The suspect also used details ofother associates to transfer cash into Australiain amounts structured to avoid the A$10,000cash transaction reporting threshold.

In addition, just prior to the drug importa-tion, the main suspect withdrew all of the fundsfrom a co-conspirator’s account via a series of withdrawals once again structured to fallbelow the A$10,000 cash transaction reportingthreshold. These funds were then transferred toa single account in Asia. The main suspect leftAustralia for a destination in Asia within daysof completing these transactions.

The law enforcement investigations result-ed in the seizure of 412 kilograms of ampheta-mines which had been imported into Australia,and the arrest of two individuals who wereeach sentenced to 14 years’ imprisonment. The main suspect was also arrested some fouryears later and sentenced to 14 years imprison-ment for his involvement in the operation.

This case study demonstrates the needfor, and value of, risk-based systems and con-trols for ongoing customer due diligence, andmore specifically an appropriate transactionmonitoring program. It also highlights theimportance of using red flag indicators to ful-fil a business’s AML/CTF obligations, partic-ularly suspicious matter reporting.

A customer deliberately structuring trans-actions to avoid the A$10,000 cash transactionreporting threshold is a common red flag indi-cator of illicit activity. Further investigation ofsuch red flags quite often leads entities to formsuspicions about a customer and/or their trans-actions, at which point they are required to sub-mit a suspicious matter report to AUSTRAC.

It is important to note that the reportingof a suspicious matter should feed into anentity’s ongoing customer due diligenceprocesses (i.e. their enhanced customer duediligence program) on that customer.

This case also demonstrates that combat-ing money laundering, terrorism financing andmajor crime is a partnership between industry,AUSTRAC and other government agencies.

The global financial crisis means that thiscollective effort is even more important andwill provide additional benefits. These include:• the reduced risk of a business’s products

and/or services being misused for moneylaundering and/or terrorism financing

in a climate where financial crime isexpected to increase, and

• the strengthening of Australia’s unitedfront against those attempting to misuseour financial system for criminal purposes.The recently published AML/CTF

Reports and Case Studies: Summary detailsthe AUSTRAC feedback process (refer toFigure 1). This directly links regulated entities, AUSTRAC and our partner agencies,and reinforces the importance of each group’srole in protecting the integrity and reputationof Australia’s financial systems.

The AML/CTF Reports and Case Studies:Summary also includes examples of caseswhere financial data contained in financialtransaction and suspicious matter reports submitted to AUSTRAC has been integral tosuccessful partner agency investigations.

AUSTRAC has developed a number ofresources to assist reporting entities, in fulfill-ing their AML/CTF program obligations. Theseinclude publications such as the AUSTRACTypologies and Case Studies Reports and the AML/CTF Reports and Case Studies:Summary, both of which are available on theAUSTRAC website www.austrac.gov.au. ■

For more information visit the AUSTRAC website or contact the AUSTRAC Help Desk:Website: www.austrac.gov.au Telephone: 1300 021 037 Email: [email protected]

AUSTRAC COLUMN

Anti-money laundering and counter-terrorism financing (AML/CTF) obligations, along with the submission of financial transaction and suspicious matter reports to AUSTRAC, are integral to Australia’s efforts to fight financial crime and protect the integrity of the nation’s financial system.

Figure 1: The AUSTRAC feedback cycle

23MAY 2009

FEATURE

D OES IT REALLY MATTER toAustralian financial institutions that the second tranche might be

delayed indefinitely? Is this delay more a matter of public policy – or does it indeedimpact negatively on financial institutions?Bottom line: this means more work for the financial services sector to manage themoney laundering and terrorism financingrisks (ML/TF risks) represented by the second tranche sectors.


Missing in action – the Second Tranche

By Joy Geary

The impact of the GFC has led to the government considering a delay in the introduction of Tranche II, which would haveexpanded the Anti-Money Laundering/Counter-TerrorismFinancing Act (AML/CTF Act) to include lawyers, accountants,company and trust-formation businesses and real estate agents (the “second tranche sectors”). Federal Attorney-GeneralRobert McClelland said at the AUSTRAC conference on 1 April 2009 in Sydney that the government was conscious of the need to balance these reforms against the more immediate needs of business in this financial climate.

The genesis for the second tranche sits in the Financial Action TaskForce’s Revised 40 Recommendations.Recommendation 24 (b) states that:

“Countries should ensure that the other categories of designated non-finan-cial businesses and professions are subjectto effective systems for monitoring andensuring their compliance with require-ments to combat money laundering and terrorist financing. This should be per-formed on a risk-sensitive basis. This maybe performed by a government authority or by an appropriate self-regulatory organisation, provided that such an organisation can ensure that its memberscomply with their obligations to combatmoney laundering and terrorist financing.”

The definition of designated non-financial businesses and professionsincludes:a) casinos (which also includes internet

casinos) (which are already covered inthe current AML/CTF Act);

b) real estate agents;c) dealers in precious metals (bullion

dealers are covered in the currentAML/CTF Act);

d) dealers in precious stones;e) lawyers, notaries, other independent

legal professionals and accountants –

this refers to sole practitioners, part-ners or employed professionals withinprofessional firms. It is not meant torefer to ‘internal’ professionals whoare employees of other types of busi-nesses, nor to professionals workingfor government agencies, who mayalready be subject to measures thatwould combat money laundering; and

f) Trust and company-service providers –refers to all persons or businesses that, as a business, provide any of thefollowing services to third parties:• acting as a formation agent of legal persons;• acting as (or arranging for another person to act as) a director or secretary of a company, a partner of a partnership or a similar position in relation to other legal persons;• providing a registered office, businessaddress or accommodation, correspon-dence or administrative address for acompany, a partnership or any otherlegal person or arrangement;• acting as (or arranging for another person to act as) a trustee of anexpress trust; or• acting as (or arranging for another person to act as) a nominee shareholder for another person.

�

FEATURE

There are two very good reasons why thisdelay in implementation of the second trancheshould matter to the financial services sector.The first reason, and perhaps the most com-pelling, is the implications of this delay forthe risk-based AML/CTF controls that finan-cial institutions have implemented in order tocomply with the requirements of theAML/CTF Act. The second reason is theimpact the delay will have on internationalperceptions of the robustness of the AustralianAML/CTF framework.

Implications for risk-based AML/CTF controls

During the consultation phase, I was a vocalproponent of the problems that would arise forfinancial institutions if the implementation ofthe new AML/CTF initiatives were to be splitinto two tranches. Despite opposition from the financial services sector, the governmentproceeded with the two-tranche approach,intending to include second tranche sectorswithin 12 months of the first tranche. Themethod of implementing the second tranchewill be, one day, to amend Section 6 of thelegislation by adding new designated services.The 2008 version of the proposed amend-ments can be found on the Attorney-General’swebsite. 1 Not all of the activities of lawyersand accountants are intended to fall withinscope of the AML/CTF Act on the passing ofthe second tranche amendments. In contrast,the core business of real estate agents will besquarely caught.

As long as the second tranche sectors falloutside the AML/CTF Act, financial institu-tions that provide these businesses with serv-ices are on notice that, from the regulator’sperspective, they are dealing with higherML/TF risk clients. There is no escaping fromthe fact that the second tranche sectors areregarded as potentially acting as gatekeepersfor money launderers. This view is the genesisof FATF Recommendation 24(b). The involve-ment of lawyers, accountants and company

and trust-formation services may be at anyone of the three stages of money launderingsuch as:• placement through the receipt of proceeds

of crime through trust accounts;• transfer of funds through trust accounts to

avoid detection by monitoring authorities;• layering and integration through acting

for money launderers and their associatesin transactions where assets changehands;

• facilitating money-laundering activitiesthrough the establishment and operationof corporate and trust vehicles; and

• facilitating activities through the benefitof the use of a reputable professionalfirm’s name to establish entities in otherjurisdictions or to secure connections inother countries.Real estate agents may also be involved

at one of the three stages of money launderingthrough their involvement in the acquisitionand disposition of interests in real estate andtheir management of properties leased forfinancial return.

Financial institutions have needed to consider what their own controls will be fortheir second tranche sectors clients since theintroduction of the AML/CTF in December2006. However the indefinite delay of the second tranche reinforces the fact that financial institutions may need to put longer-term controls in place in relation to these business types instead of assuming the second tranche will relieve them of managingthese additional risks.

Most accountants and lawyers run trustaccounts which hold their clients’ funds.


�

�1 (http://www.ag.gov.au/www/agd/agd.nsf/Page/Anti-moneylaundering_SecondTrancheofReforms)

Currently Australian banks which providethe trust accounts have no informationwhatsoever on who are the beneficiariesof the money held in those trust accounts.

Despite opposition from the financial services sector, the government proceeded with the two-trancheapproach, intending to include second tranche sectors within 12 months of the first tranche.

FEATURE

These funds might be held on trust to payfees, to be used for settlement of transactions,to be invested through mortgage or otherinvestment schemes, or for other similar purposes. Currently Australian banks whichprovide the trust accounts have no informationwhatsoever on who are the beneficiaries of the money held in those trust accounts. TheAustralian AML/CTF Rules require suchbanks to take a risk-based approach to theknow your customer (Chapter 4 of the Rules)and ongoing customer due diligence require-ments (Chapter 15 of the Rules). Assessingthe risk of trust accounts of lawyers andaccountants involves:• understanding what type of legal services

the lawyers or accountants are providing;• the types of clients these services are

being provided to;• the channel through which the services

are delivered or the clients sourced; and• what other countries might be involved

(either through the domicile of the client,the business activities of the client, thenature of the services, the location of thesubject matter of the services or perhapsthe channel through which the servicesare delivered or the clients are sourced).Only by understanding each of these

areas of the business of the lawyers or theaccountants who are the trustees of the trustaccounts can the ML/TF risks they representbe fully assessed. It is a safe statement tomake that no bank in Australia would knowthis level of information about those that they operate these trust accounts for. It is also probably a safe statement to make thatthere is no way that lawyers and accountantswould divulge this type of information to their financial services providers. Two scenarios could provide some light on theimportance of this assessment.

Scenario one:A small accounting firm located on the mid-NSW coast in a regional centre holds atrust account with the branch of one of themajor Australian banks. This trust accountwas opened in 1985 by the predecessors of the current owners of this accounting firm. The partners of the accounting firm hold their business and personal banking relation-ships with this same bank. They also employ 20 staff, all of whom hold a bank accountwith the bank and there are preferential borrowing arrangements in place for staff of the firm with the bank as one of theiremployment benefits. In short, the accountingfirm is an important and special client of the bank and vital to the performance of the branch.

The accounting firm has expanded itsofferings to include a speciality practice in tax work for the entertainment industry as aresult of taking on a new partner. This area ofwork has grown considerably, clients are now coming to the practice from overseas as wellas Australia. The accounting firm borrowedmoney from the bank and set up offices inLondon, Hong Kong and New York. Some ofthe work involves establishing and managingentities established offshore. Significant fundsflow from the trust account of the accountingfirm to an account held at a major UK bank in the name of the accounting firm in London.

Scenario two:A major law firm based in Australia hasoffices throughout Asia. It operates its trustaccount at one of the major Australian banks.Its client list includes 40 percent of the ASXtop 50 companies and it has a large number of the US Fortune 500 companies as clients.On any one day the balance of the trustaccount exceeds $50 million. Large sumscome and go daily through the trust account.Its practice specialities include banking andfinance, mergers and acquisitions, taxationadvice, intellectual property rights, employ-ment law, building and construction, and environmental law. Its clients operate inEurope, the Middle East, Asia includingChina, Africa and the Americas.

Given the presence of red flags in bothscenarios, what kind of action should the banktake as part of its risk-based approach toongoing customer due diligence for these twodifferent clients, which appear to have quitedifferent profiles? The Australian FinancialReview ran an article on 30 April 2009 aboutMichael Milne who claimed that he had notlaundered money because he had used a perfectly legitimate structure set up for him by a former lawyer with well-known law firmAtanaskovic Harntell. This structure wasclaimed to be a perfectly legitimate way ofinvesting money overseas whereby the legaland equitable interest in shares in a listedcompany were transferred to five managementcompanies overseas.

Not all money that is held in trustaccounts will be caught by the amendmentsimplementing the second tranche and therewill be permanent risk management issues in this area going forward. For example, services provided by lawyers to personscharged with criminal offences fall outside theproposed designated services that will affectlawyers. But, irrespective of the secondtranche, should a financial institution, using arisk-based approach, decide that all law firmswhich provide services in the criminal lawarea should be treated as higher risk of moneylaundering? The risks being managed hereinclude the possibility that a criminal may pay into the lawyer’s trust account the proceeds of crime to pay for their defence.People interested in the complexity of thisquestion may like to research the fate of Ben Kuehne, a Miami lawyer who specialisesin business and complex crimes litigation. The charges allege that Kuehne broke the lawwhen he certified that millions of dollars paidby a Medellín drug lord to his trial lawyerwere legitimate. Kuehne was retained toresearch the source of funds paid to AttorneyBlack and then provided opinion letters.Attorney Black accepted the money, relyingon these opinion letters. Kuehne was paid forthe opinion letters from these funds. He isnow facing criminal charges.

As a bank for a law firm representing a high-profile criminal defendant – whetherwhite-collar crime or otherwise – what


�

�

The money passingthrough these accountsmay well be the proceedsof crime being used topay for legal services.

People interested in the complexity of this question may like to research the fate of Ben Kuehne, a Miami lawyer who specialises in business and complex crimes litigation.

FEATURE

kind of due diligence arises for the moneypassing through both the trust account andbusiness accounts of that law firm? Themoney passing through these accounts may well be the proceeds of crime being used to pay for legal services. The passing of the second tranche will not resolve the dilemma facing the bank in these circumstances as it does not include as a designated service providing legal services in criminal cases.

Those providing financial services to real estate agents must consider an evenbroader range of ML/TF risks. Those wholaunder money through real estate are likely to use many real estate agents, and financialinstitutions have zero visibility of peopleengaged in multiple real estate acquisition and disposition. Banks may be unable to see who has deposited funds into a real estateagent’s account unless they are monitoringaccount numbers on electronic fund inflows.Banks will not be able to see who is the beneficiary of those funds – and at best may see them move to a lawyer’s trustaccount through a settlement process or ultimately to another financial institution at settlement.

International perceptions of the Australian AML/CTF regime

In response to the Attorney-General’s statement on 1 April, David Bell, ChiefExecutive of the Australian BankersAssociation, said in a press release that

“one of the risks of not proceeding with the legislative program is international non-compliance. The Financial Action Task Force on money laundering assesseswhether countries are complying with the 40 Recommendations, which set out the measures which national governments shouldtake to implement effective AML programs.The FATF report from October 2005 recordedAustralia was not compliant with most FATFRecommendations relating to non-financialbusinesses and professions. Australia remainsbehind the rest of the world on compliance.While the banking and financial sector iscomplying, the FATF judges Australia as awhole rather than sector by sector.”

The expansion of AML/CTF regimes tothe second tranche sectors is mixed across theworld. A major G8 member (the U.S.A.) hasnot yet implemented Recommendation 24(b)fully and several others have incompleteimplementations. Can any conclusion bedrawn about the real risks of international criticism where a number of other countriesare also yet to comply?

It seems that the real issue with the delayin Tranche II lies in the increased AML/CTFregulatory burden that remains with those that provide financial services to these sectors.For the financial sector in Australia, it seemsthat Tranche II will again reappear on theChristmas wish list for 2009. ■


�

The expansion of AML/CTF regimes to the second tranche sectors is mixed across the world.

Subscribe to anti-money laundering magazine, the definitive source of information for the financial services sector on anti-money laundering and counter-terrorist financing.

Call our subscription department today on 02 9776 7914

Don’t get taken to the cleaners

FEATURE


The following article summarises the presentation by Peter Reuter at the AUSTRAC Conference in Sydney on 1-2 April 2009. The article has been prepared by Joy Geary and reviewed for publication by Dr Reuter. Dr Reuter’s area of interest in AML/CTF is derived from his broaderinterest in the cost-benefit analysis of public policy, particularly in the areas of alternative ways of controlling the problems presented to societies by substance abuse.

Dr Reuter is a Professor in the School of Public Policy and in the Department ofCriminology at the University of Maryland (USA). He is also the Director of the Program on the Economics of Crime and Justice Policy at MarylandUniversity and also the Senior Economist at RAND, anon-profit research organisation

Assessing anti-moneylaundering controls

FEATURE

A NTI-MONEY laundering/counter-terrorism financing (AML/CTF) is a global phenomenon. In record

time it has moved from problem identification(money laundering and, after the September 11attacks, terrorism financing) to the institutionalisation of a new global system to address that problem. It has taken just 20 years since 1989 when the FinancialAction Task Force was created by the G7 (as it then was) to move to a near universalmembership of countries, each of whom haveintroduced domestic laws to reflect the FATFrecommendations. The sheer power of theFATF was demonstrated by the potency of the Non-Co-operative Countries andTerritories List which came into use in 2000;almost every listed country made changes thatenabled it to get off the list. The subsequentinvolvement of the IMF and the World Bankhas consolidated the stature of the dominantapproach of FATF to the twin problems ofmoney laundering and terrorism financing.

However as domestic AML/CTF regimesexpand their scope there is growing privatesector pressure for accountability, for someobjective measurements of the size of theproblems being addressed, and the efficacy of the measures in place to address them.

Any cost-benefit analysis of the globalAML/CTF regime must begin with identify-ing its primary and secondary goals. Thisopening point made by Dr Reuter provokedsome discussion at the end of his presentation,as there was not universal agreement amongkey audience members at the AUSTRAC conference as to what those primary and secondary goals might be.

It is estimated that the AML/CTF regimein the US in 2003 alone cost an estimatedUS$7 billion in compliance costs. Six yearslater, that figure will have increased substantially, given the change in landscapefor terrorism financing in particular and the significant fines handed out by US regulators. This burden has fallen on business,on the government and on society as both taxpayers and consumers. In addition to the financial cost, the AML/CTF system can be criticised for being onerous, intrusiveand prone to error.

Dr Reuter posited the following views regarding the achievements of the global AML/CTF regime:

• Measurement of achievements firstlyrequires the setting of objectives and common agreement regarding those objectives;

• It is very hard to determine what has been achieved, because of the significantabsence of key data;

• The absence of research into the possibleachievements making it difficult for anyconcrete conclusions to be drawn aboutthe cost-benefit outcomes of AML/CTFregimes; and

• The statistics about money laundering andterrorism financing are unconvincing andsubject to challenge.

Dr Reuter suggested that the primary goals ofAML/CTF regimes are:• To reduce predicate crimes, as the

movement of money into and through the financial system is assumed to be a point of vulnerability for criminals;

• To protect the integrity of the core financial system; and

• Combat global problems such as terrorism, kleptocracy 3 and corruption.

He then suggested that the secondary goals of AML/CTF regimes might include:• A way of sanctioning those engaged

in major crimes;• Providing a form of punishment to

criminals; and• A way of inconveniencing major

criminals through putting obstacles in their path.

Dr Reuter challenged the way that currentdata about the extent of money laundering has been estimated. The flaw in the macroapproach is that it is built on estimates of the underground economy and producesimplausibly high estimates. The oppositeapproach of using a micro approach of calculating estimates of income from criminal activity results in data which lacks a systematic empirical base. The conclusiondrawn was that there is little prospect ofstrengthening the estimates generated byeither of these approaches.

One of the issues that surfaces whenmeasuring the achievements of AML/CTFregimes is that money laundering itself is ahighly differentiated activity, as suggested in the table below provided by Dr Reuter. 4

Thus any measurement of achievement of AML/CTF regimes has to involve itself inthe minutia of the differentiation of moneylaundering to produce a plausible result. And this differentiation will be exaggeratedby specific factors, including geographicaland ethnic differences within any one countryor continent.

A compelling question to ask is whetherthere has been a drop in predicate crime as a result of the extensive implementation of AML/CTF regimes. The cocaine price


3 Kleptocracy is a term applied to a government that extends the personal wealth and political power of government officials and the ruling class (collectively, kleptocrats) at theexpense of the population, sometimes without even the pretense of honest service. 4 This table is adapted from material in Dr Reuter’s book Chasing Dirty Money co-authored with Edwin M Truman and published by the Institute for International Economics in 2004.

�

There is growing private sector pressure for accountability, for someobjective measurements of the size of the problemsbeing addressed, and the efficacy of the measures in place to address them.

Crime

Drug dealing

Other blue-collar

White Collar

Bribery andcorruption

Terrorism

Cash

Exclusively

Mostly

Mix

Sometimes

Mix

Scale ofOperations

Very large

Small to medium

Mix

Large

Small

Severity of harm

Severe

Low to modest

Low to modest

Severe

Most severe

Most affectedpopulation

Urban minoritygroups

Not known

Broad

Developingcountries

Broad

FEATURE

structure from production of leaf through tosale on the streets of a large US urban centresuggests AML controls have limited potentialto cause a drop in the predicate crime. Thesecontrols focus on the importation and whole-sale phases of cocaine distribution since thestreet retailers usually earn less thanUS$25,000 per annum, which is reused ascash for living expenses and not placed in thefinancial system by the retailer directly.Making it twice as expensive for cocaineimporters to launder money would probably add only 1 percent to thestreet price, which is hardly a deterrent.

A further issue thrown up by Dr Reuterwas the inconsistent distribution of AML/CTFcontrols across different communities of regulated entities as highlighted in the table below. 5 The prevention aspect ofAML/CTF regimes involves the key controlsof customer due diligence, reporting to afinancial intelligence unit, regulation andsupervision and sanctions for failure to comply with the regime. In the US (as in Australia) these key controls are not consistently applied to all regulated entities,leading to real potential for inadequacies in the overall strength of the regime.Alternatively, this inconsistency could openup questions regarding the efficacy of the controls at both macro and micro levels, or question the cost/benefit equation for regulating that sector in the first place.

The stability of the core financial systemseems to be an afterthought in the AML/CTF

regimes rather than a true primary goal. It israrely mentioned in strategy documents as acore driver and does not qualify as an initialmotivator in the way that drugs, human trafficking, terrorism and corruption do.Developing any assessment tool regardingAML/CTF regimes and their protection of the stability of the core financial system is difficult when this goal does not appear to be a true motivator. Certainly, major money-laundering events such as that involving theDominican Republic’s BanInter in 2003 havelead to crises of confidence in the financialsystem involved and international reactionswhere the country involved is perceived as aweak link in the global chain.

A problem central to assessing the effectiveness of AML/CTF regimes is that the problem being addressed is diverse. Anymeasurement methodology must take accountof the multiplicity of money-laundering methods and the highly differentiated natureof the predicate crimes involved. There is no doubt that money laundering in some cases may have become more expensive, but there is little data to suggest that it hasbecome prohibitively expensive. AML/CTFcontrols have led to cases being successfully

prosecuted, which has provided intelligencefor law enforcement, but there has been littlecost-benefit analysis performed on the cost of the controls against these outcomes. Andthere is little data to suggest an overall drop inpredicate crimes as a result of the implemen-tation of domestic AML/CTF regimes.

Understanding the cost-benefit outcomesof AML/CTF regimes stands as a critical policy issue. There is no doubt that AML/CTFregimes are expensive to establish and operate. Poor countries are subject to expensive regimes when they do not representgood opportunities for money laundering orterrorism financing. Poor countries probablyneed much more help with corruption thanthey do with prevention of money launderingand terrorism financing. Rich countries, on the other hand, are more logical subjects forthese expensive regimes because of theirattractiveness to money launderers, allowingpoor countries to marshal their resources for better gains.

At best, the global AML/CTF regimemust be seen as a work in progress. Some may question whether this is adequate, 20 years on from the establishmentof the FATF. ■


�

5 This table is also adapted from material in Dr. Reuter’s book Chasing Dirty Money co-authored with Edwin M Truman and published by the Institute for International Economics in 2004.

Poor countries probably need much more help with corruption than they do with prevention of money laundering and terrorism financing.

Yes

Yes

Yes

Pending

No

No

Limited

Limited

Yes

Yes

Yes

Yes

No

Some

Limited

Limited

Yes

Some

Some

No

No

No

Very Limited

Very Limited

Yes

Limited

Yes

No

No

No

Very Limited

Very Limited

Customer due diligence

Reporting requirements Supervision Sanction

Financial Institutions

Core Financial Institutionsa

Other Types of Financial Institutionsb

Non Financial Businesses

Casinos

Dealers in Precious Metals and Stones

Real Estate Agents

Otherc

Professions

Lawyers and Accountants

Trust and Company Services Providers

a. Depository institutions, securities firms, insurance companies and combinations.b. For example, mutual funds and investment advisors.c. For example, travel agencies, commodity trading advisors and vehicle sellers.

as requiras requir

fifiAre you Are you

red by the AMred by the AM

fit and readyfit and readyML/CTF RuleML/CTF Rule

for indepenfor indepenyys?s?

ndent reviewndent revieww w

IndepeIndepeAMLAML

eeRRendentendentSSAAMMLL

ooooTTTTooevieweviewSTERSTER

olol

gainst eagainst eated ated agenerageneraAML/CTF Programs aAML/CTF Programs a

IndepenIndepenUsers of theUsers of the

..reviewreviewrequirements and gurequirements and guworkbook can help bworkbook can help b

AML/AML/changes in thechanges in they financial instituy financial instituManMan

wing scores anwing scores anach topic shoach topic shoand receive a report which isand receive a report which is

workbook cworkbook coolooldentReviewTdentReviewTTToo

ensuring you are rea ensuring you are reauidance,uidance,AML/CTF pAML/CTF pbench mark yourbench mark your

IndepIndepThe The /CTF requirements./CTF requirements.utions struggle to stay on toputions struggle to stay on top

ps.ps.nd gand gatically tically s automas automa

can score theircan score their

y for independenty for independentadadgainstgainstrogram arogram a

ool ool pendentReviewTpendentReviewTTToop of the requirements andp of the requirements and

IFTIS and thre IFTIS and threEFTIs,EFTIs,te modules arte modules arSeparaSepara

AUSTRAAUSTRAReporting to Reporting to OngOngKYC,KYC,yees,yees,EmploEmplo

spreadsheets coverinspreadsheets coverinIndependentReviewTIndependentReviewT

gainst eagainst eated ated ageneragenera

shold transactions.shold transactions.vailable forvailable forre also are also a

AC and Record Keeping.AC and Record Keeping.going Customer Due Diligencgoing Customer Due Diligenc

GovernaGovernaScope,Scope,ng Program,ng Program,ted annually withted annually with is upda is updaooloolTTTToo

wing scores anwing scores anach topic shoach topic sho

ce,ce,ance,ance,hh

ps.ps.nd gand ga

AML/CTF PrograAML/CTF Progra

check for your check for your

– an essential he– an essential he

IndependentRIndependentR

m.m.

ealthealth

ooloolReviewTReviewTTToo

SPONSORED FEATURE

Country risk verification –the qualitative v quantitative debate

MARCH 2009 ANTI-MONEY LAUNDERING32

R ISK ASSESSMENT and risk management are fields that are consistentlygaining in complexity given their application in multiple aspects of business.Through this complexity, we often struggle with the requirement to justify

how each component of risk is measured and approximated, especially whenapplied to a wide variety of applications and business sectors. Even harder is that we often try to apply the relative and unique jurisdictional risks that have acontextual impact on the individual risks exposed to each business unit.

Traditionally, country-risk quantification or risk reporting is carried out qualitatively and done in-house following a strict expert-based approach.Increasingly, we are seeing that institutions are not only depending on the expertopinion that represents the qualitative country risk approach, but also consideringreplacing or supplementing it with predictive algorithms that feed on quantitativedata – a result of the vast array of information available through the data age aswell as the maturing and ever incremental accuracy of predictive algorithms.

Given the current state of the art combined with the abundance of data whichis often freely available and of high quality (as a result of improved gathering means and channels) have we now reached a point whereby we areable to clearly choose one approach over the other? To begin answering this question, let us first examine the merits and limitations of both the quantitativeand qualitative means of country-risk analysis.

The power of numbers over subjective judgement

Moving away from jurisdictional risk, let us take a quick look at a domain of credit-risk analysis, which is arguably the most important arm in the spectrum of risk-analysis functions run by most financial institutions.

If we zoom into the business-to-business credit-risk evaluation systems currently in use, we immediately realise that a majority of these models fall intoa category which we can generally denote as judgement-based or rule-basedcredit risk models. How this works is that the risk managers are provided with aset of credit data on the company which they weigh and assign scoring to basedon personal insights, perception and experience. Often, this includes companydata such as:

• Payment histories;• Credit agency ratings;• Audit statements; and• Financial collateral.

�

By Ridzwan Aminuddin

Ridzwan Aminuddin

Ridzwan Aminuddin heads upCountry-Check, a new servicemeasuring country risk across 243 countries and territories.Developed by World-Check, this advanced risk index takes 43 separate risk criteria intoaccount in a highly standardisedmanner. In his capacity as Project Manager, Ridzwan hasworked with some of the leadingmathematicians and computer scientists around the globe toincorporate the latest cutting-edge statistical algorithms andmodels relating to objective risk ranking into Country Check.

SPONSORED FEATURE

Herein lies the fallacy of judgement rule-based systems.Judgement-based models are vulnerable in that critical decisions and thresholds have to be subjectively set. Imagine ifyou assigned a group of five or more credit-risk analysts arounda table and told them that they had to decide on:

• The most important factors that determine the company’s credit

• and further to that, instruct them to rank these in order and magnitude of importance.

This is not a simple task, and one which would result innumerous models. The driver behind this issue is that the factorweights would be biased based upon each individual’s experi-ence and perceptions. However, it may be argued there areways to combine these varied responses in a robust, calculatedmanner such that a universal ”result set” may be derived from these varied responses. This again is a short-sighted expectation that makes no sense, given that you would beattempting to objectify what is inherently subjective. Instead,let’s look at the alternative.

In statistical-based systems, various statistical tests may beapplied in order to identify risk factors that should be included,and in what magnitude they should contribute to the overalloutcomes. Since these tests are driven by fixed statistical analysis of the mathematical identifiers of the input, they willalways result in a single fixed outcome.

Error analysis is also difficult and sometimes impossiblewith judgement-based models. If for some reason the risk managers feel that the model is incorrect, it is often difficult tolocalise – and much less reverse engineer – a judgement-basedsystem. In contrast, for statistical-based systems, it is a straight-forward process to determine which variables are causing the problem and fix the model. For example, this may beachieved by applications of Bayesian inference rules given someassumptions which may be made possible by simple statisticaldistribution analysis and transformations.

Further to this, statistical-based models are much easier to build than judgemental systems. Now, because of the availability of sophisticated and relatively inexpensive software,and with the necessary history available, a statistical-basedmodel can be developed in far less time than a judgmentalmodel that uses a wide range of input variables. The inherentset-up of the two types of systems also lends to its dynamismand currency. Judgemental-based models are rigid, difficult toupdate and inflexible – therefore making them very static.

Risk is constantly evolving according to business exposures,trade climates and many other factors. This leads to a require-ment that the systems that model these risks need to be checkedand recalibrated to fit the most current definition of the riskbeing analysed. Statistical-based models have this added advantage of being justified easily. You can easily look up

�

�

ANTI-MONEY LAUNDERING 33MARCH 2009

Increasingly, we are seeing that institutionsare not only depending on the expert opinionthat represents the qualitative country riskapproach, but also considering replacing orsupplementing it with predictive algorithmsthat feed on quantitative data.

Judgement-based models are vulnerable in that criticaldecisions and thresholds have to be subjectively set.

SPONSORED FEATURE

current results and review retrospective estimations, which help you fine-tune and tweak your statistical model. This ensuresthat the model continually improves and dynamically evolves as your risk changes.

The most important difference in my opinion is that judgemental-based systems lack any mechanism to quantifyrisk. With statistical-based risk models, uncertainty measuresand probability scores can be easily represented. These areimportant pieces of information as they help validate not only the types of risk-mitigation policies but also the intensityand focus of remediation or risk-hedging tasks required. With judgemental risk models, providing risk rankings or riskindicators for a country is possible, but saying for certain that a country may have a high risk of vulnerability with an X percentage of confidence is not.

This little snippet above may be applied to country risk aswell. As per my introduction, the expert-based opinionapproach mentioned mirrors the judgement-based approach in the B2B credit-risk approach outlined below. The statistical-based systems are again exactly what services like Country-Check provide. The advantages of a quantitative B2B credit-based system also apply to the country-risk system.

Given the points outlined above, it is imperative weacknowledge how important it is that a statistical-basedapproach be given the necessary consideration. What propelsthis requirement even further is the fact that costs relating to technology and computing capabilities have fallen dramati-cally over the years. In this day and age we now see advancedstatistical mechanisms successfully implemented upon internetplatforms. Advanced trading-floor algorithms run in real time,with complicated simulation models in many exchanges around the world. This is a clear indication that the technology

for statistical-based risk analysis models has become readilyavailable, and may be more cost effective than judgement-based systems.

When does qualitative risk become important?Given the merits of a statistical approach to risk analysis as outlined, we need to look into its disadvantages and limita-tions. In order to do this, let us take a closer look at qualitativeanalysis, understand its original interpretation and application,and observe instances in history whereby numbers alone wouldhave failed to pinpoint the real risk situation on the ground.

Classically, one definition of qualitative analysis refers tothe assessment of the economic, financial and socio-politicalfundamentals that can affect the investment-return prospectsin a foreign country. Qualitative analysis tends to steer awayfrom focusing on numerical and statistical indices to summariseor represent the true risk situation as observed; instead it tries to comprehend a country’s underlying strengths and weaknesses by going back to its basic building blocks.

MARCH 2009 ANTI-MONEY LAUNDERING34

�

�

It is thus important to consider ratings as helpful decision-makingtools that must be supported by a more qualitative analysis integrating all these specificities.

■ THE KOREAN WON experienced a sudden collapse in the mid-1990s.

SPONSORED FEATURE

In order to illustrate situations when this is critical, we justhave to look at the example of the Thai baht and Korean won’ssudden collapse in the mid-1990s. These two countries had stable sovereign credit ratings, no major fiscal imbalances, positive GDP growth estimates and inflation was in check – yet no numbers or balance sheets could explain the suddendepreciation of their currencies. In essence, the numbers gaveno indication of an impending meltdown.

This Thai and Korean example exemplifies the shortcom-ings of the quantitative approach, which may lack contextualapplication due to its inherent latency. Data only arrives after it has been reported and this may lead to inaccurate andambiguous or misleading quantitative assumptions.

Outlined below are the weaknesses of the quantitativeapproach:• Two countries facing similar ratios and financial indicators

may face considerably different socio-economic structures;• Quantitative data is either not available on time, or data is

incomplete, incorrect or distorted;• Interpretation is made difficult given mixed and often

contradictory signals; and• Figures seem sound but are subject to considerable

volatility due to regional contagion, herding instinct andexternal shocks including downgrading by rating agencies.

“Risk specificities of ranked countries cannot be accountedfor by such a uniform approach. It is thus important to consider ratings as helpful decision-making tools that must besupported by a more qualitative analysis integrating all thesespecificities.” – Coface Deputy Director Clei (1998).

It is clear from the point and example above that comprehensive assessment of country-risk must include amajor consideration of macro-economic and socio-politicalfactors. One way to see it is that we cannot merely ignore thenumerical data, but it should be viewed as inputs that feed an analysis aimed at highlighting the economic, socio-politic,financial and institutional structures of the country’s develop-ment process.

Summary – the preferred hybrid approach

The reality of the risk assessment world is that each approach– be it qualitative or quantitative – has its limitations. In therealm of information security, risk results driven by numbersare often non-reflective of actual risk situations, and takinginto account multiple risk elements both numerical and contextual brings us closer to a better appreciation of actualrisk levels. This hybrid approach seems to be the most ideal,but in practice introduces a level of complexity that againneeds to be dealt with.

There are inherent strengths and limitations to eachapproach. The quantitative approach to risk analysis is suitablewhen there are requirements for measures of magnitude or thedegree of risk-mitigation policies required. This may beachieved through statistical means integrated into estimationtools which allow for numerical indicators to be produced. The qualitative approach, on the other hand, serves as a suitable method when the requirement is only for prioritisationor scheduling of remediation actions.

The important point to be made in conclusion is that thetwo approaches, although very different, have a reciprocal relationship. They should therefore be applied together toobtain a holistic and complete outcome. ■

�

Visit www.world-check.com or email [email protected]

for more information.

Statistical-based models are much easier to build than judgemental systems.

With statistical-based risk models,uncertainty measures and probabilityscores can be easily represented.

FEATURE

By Aub ChapmanDIRECTOR, AUB CHAPMAN CONSULTING SERVICES

The conference at a glance The annual International Anti-MoneyLaundering Conference is organised bymoneylaundering.com. Participants comefrom many countries and represent a diversepopulation of entities that:• have obligations under anti-money

laundering (AML) and counter-terrorismfinancing (CTF) legislation and/or aresubject to economic and trade sanctions(ETS) regimes;

• are suppliers of specialist advisory, risk-management and technology-basedsolutions that assist organisations uponwhich AML/CTF/ETS legislative and regulatory regimes impose obligations;

• are regulators and law enforcement agencies with responsibilities related to AML, CTF and/or ETS.

The faculty of speakers (50 this year)comprises many well-known experts who collectively represent both government and

private-sector views on issues that concernAML, CTF and ETS practitioners.

The conference also attracts a wide rangeof sponsors and exhibitors (46 this year). Theconference program is structured in a mannerconducive to networking and provides ampleopportunity for discussions with exhibitors.

Conducted over three days with pre and post-conference workshops on specifictopics, the conference is a mixture of plenary sessions and six concurrent sessions.These are categorised into five tracks: AMLProgram Optimisation, Global Challenges,Industry Spotlight – Insurance, IndustrySpotlight – Securities, and Industry Spotlight– Money Services Businesses. This meansthere are 30 concurrent sessions with somepresentations being repeated, allowing attendees to select the six presentations most relevant to their needs.

The impact of the global financial crisiswas in clear evidence at the conference, withregistration numbers well down on previousyears. The number of exhibitors was also considerably lower. There was a feeling thatfinancial pressure arising from the GFC andan acute awareness of the reputational damagethat may result from any public perception that

taxpayer bailout money was being “wasted”on employees attending conferences hadadversely influenced attendance numbers.

Key themes from the 2009 conference The headline for the March edition of thismagazine read:

The battle of 2009 Compliance versus survival

The editorial highlighted key issues and the Complinet article “Staying vigilant:AUSTRAC on high alert amid financial maelstrom” incorporated strongly wordedquotes from Neil Jensen, AUSTRAC ChiefExecutive regarding the stance the regulatorwas taking amid fears (and some evidence)that criminals were exploiting the turmoilwithin the global financial systems.

Readers would not be surprised to learnthis topic was one of several key themes run-ning through the conference this year. Duringa number of plenary sessions US regulatorsrepeatedly stated that there was growing evidence that criminals – and transnationalorganised crime syndicates in particular –were exploiting market volatility to maskfinancial aspects of their illegal activities.

With many financial institutions nowfocusing on survival at the expense of sound business practices, weaknesses in risk-management control frameworks arebecoming more obvious and reductions in non customer-facing staffing levels are compounding the problems – especially in critical areas of regulatory compliance such as AML, CTF and ETS. A number of US regulators acknowledged that, while


Miami Conference at a glance

This article summarises the author’s observations of the key themes covered during the 14th Annual International Anti-Money Laundering Conference held on March 16-18, 2009 at the Westin Diplomat Resort and Spa in Hollywood Florida in the US.

�

A number of US regulators acknowledged that, while there was a clear need for financial institutions to focus on actions that would assist their survival in this turbulent environment, any lessening of focus on risk management would be unacceptable and regulatory action would be initiated against organisations that ignored sound risk-management practices.

FEATURE

there was a clear need for financial institu-tions to focus on actions that would assisttheir survival in this turbulent environment,any lessening of focus on risk managementwould be unacceptable and regulatory actionwould be initiated against organisations thatignored sound risk-management practices.

The key learning from this theme wasobvious: regulators are not going to reducetheir supervisory efforts – they intend to beeven more vigilant and will not hesitate to initiate enforcement action where warranted.This message is obviously being conveyed byregulators in many jurisdictions, as we havealready seen this year from AUSTRAC.

Not unexpectedly, the second theme that ran through the conference related to thefight against the financing of terrorism and the role that the financial services industrywas required to play under legislative and regulatory initiatives introduced in many jurisdictions. A number of presentations pointed to the complexities that arose as a result of inconsistencies in approachesbetween individual countries, especially for financial institutions that conducted operations in multiple jurisdictions.

From the range of questions raised by members of the audience in breakout sessions in the Global Challenges stream, continuing problems with counterparties,especially where cross-border wire transferswere involved, remain an issue for manyfinancial institutions.

Concerns regarding actions that a regulator may initiate are resulting in somefinancial institutions to consider exiting somelines of business, or at least restricting theclient types for which some products andservices will be made available.

As most readers will know, ML/TF typology reports issued over the past fewyears by the Financial Action Task Force and other international bodies point to moneyservices businesses (or alternate remittanceservices providers as they are referred to insome countries) presenting a higher level of ML/TF risk than mainstream financialinstitutions. This has led to many major banksdeciding to no longer provide banking services to MSBs due to the regulatory scrutiny that results from continuing to service this sector. This type of generalisedaction has created difficulties for many MSBs that operate in full compliance withtheir legal obligations.

The high point in the conference coverageof CTF was an entertaining debate titled“Point-Counterpoint: the fight against terrorist financing: necessary bulwark or

unnecessary burden? The outline for thedebate summarises the topic as follows:

“In the wake of the 9/11 terrorist attackson the World Trade Centre reporting and other requirements were placed uponfinancial institutions. Many in the lawenforcement field argue that the requirementsfor financial institutions to identify and reportpotential terrorist financing activity are necessary and have aided them in their effortsagainst terrorism. Others, however, argue thatthese measures are ineffective and place anunnecessary burden on financial institutionsthat must spend resources trying to identify acrime that many have concluded is close toimpossible for them to detect”.

The panelists presented a number of arguments demonstrating the value (necessarybulwark) and the ineffectiveness (unnecessaryburden) of CTF obligations imposed on financial institutions. The argument in support

of the CTF regime pointed to value in terroristfinancing-related BSA data reported. Of particular interest was the fact that the totalnumber of terrorism subjects in FBI investiga-tions with positive hits in Investigative DataWarehouse/BSA data sets was 41.7 percent of which 94.3 percent were from CTRs, 3.61percent from SARs and 2.36 percent fromother BSA data. Statistics were produced todemonstrate the terrorism-related financingprosecutions, while trending downwards,remain a key element in the fight against terrorism and there is tangible evidence thatreporting by financial institutions and the subsequent law enforcement investigations(and prosecutions in a number of cases) hadprevented terrorism events from occurring.

The counterargument was just a strong.The cost and effort required by the financialservices sector was totally disproportionate to the value derived by law enforcement agencies in identifying and investigatingactivity which may or may not be associatedwith the financing of terrorism. The counter-argument also pointed to the social impactthat this costly regime had caused throughmore complex processes that needed to be followed by the average citizen and the coststhat were being passed onto the consumer inthe form of increased fees and charges by the financial services sector.

As expected, both points of view hadmerit but neither party won a resounding victory. Clearly, much work still needs to bedone to establish the true economic and socialvalue of the CTF regime.

The third theme evident throughout theconference was ETS. By the interest shownby conference participants, it is obvious that financial institutions are devoting anincreasing number of resources (human andsystems) to managing their ETS obligations.One of the key observations was the accept-ance that ETS are now part of each county’sforeign policy rather than simply reflectingindividual countries’ adoption of UnitedNations resolutions. A number of attendeesreadily stated that their own institutions hadrecognised that “sanctions were now a part oflife for all financial institutions” and that thepenalties for breaches made it imperative thatrobust technology-based monitoring programs

needed to be put in place for all critical customer information systems, products anddelivery channels. As expected, correspondentbanking was one area of continuing concernfor many financial institutions and there wasconsiderable debate in some of the sessions,especially those related to monitoring of tradetransactions. For the third year in a row, thesession on monitoring trade transactions formismatches with industry unit-pricing normsattracted a large audience of both governmentand private sector attendees.

Summing upFor most readers, the three themes I havecommented on will come as no surprise andreflect the core issues facing most financialinstitutions in Australia – either directly orindirectly depending on the scope of theorganisation’s business.

AML/CTF/ETS practitioners will continue to face many challenges in seekingto protect their organisations against the risk of facilitating money laundering or thefinancing of terrorism and from the risk ofbreaching obligations imposed under economic and trade sanctions. For many of us,keeping up to date with trends in ML/TF riskand being aware of new developments inmanaging these risks is what makes life interesting and rewarding. ■


�

It is obvious that financial institutions are devoting an increasing number of resources (human and systems) to managing their ETS obligations.

COLUMN


T HE BODY is set to plough $31 million over five years to contribute to the strengthening of

global AML and counter terrorism financingregimes using the expertise of IMF personneland resources. Switzerland, Norway, Japan,Saudi Arabia, the UK, Luxembourg, South Korea and France have agreed to contribute two-thirds of the financing. The donor-supported fund will finance theIMF’s technical assistance for countries needing help with their AML programs.

In the grand scheme of things, the cashrepresents a drop in the ocean of the amountof illegally laundered funds that flow aroundthe world but the IMF is keen to stress theimportance of the program. Around a year agothe IMF decided to change its approach toproviding technical assistance and soughtdonors on a multilateral rather than a bilateralbasis. It was thought that countries joiningtogether could achieve more as a unifiedgroup than as separate entities.

I spoke to Jody Myers, head of the IMF’sFinancial Integrity Group, who stressed thatdonor countries would be able to have aninfluence on the group’s work but would notbe able to completely direct the direction ofthe scheme.

“Fundamentally the idea is that interesteddonors could achieve a number of goals byjoining together so they could co-ordinatethings between themselves and collectivelythey could have more influence over the workthat we do. But what we are going to do isstill IMF work – we are not essentially givingdonors carte blanche to direct our program,”he said.

The technical assistance program wouldwork in tandem with the IMF’s general workand will therefore direct its efforts towardssystemically or strategically important coun-tries at risk from money laundering. The IMFis of course reluctant to name the specificcountries it wants to help, but said its focuswas likely to be on emerging market countrieswhere growth had outpaced the capacity offinancial regulators to track laundering. Thisdid not necessarily mean low-income coun-tries, but could include those jurisdictions.

The IMF has put forward the names ofcountries that it wants to work with and thetype of work that it wants to do to help them,but is bound by confidentiality agreements onthe specifics. The spotlight is likely to be onrelatively large financial sectors or economiesthat have a global impact and are likely to beof concern to the international community.

“We can play a valuable role in terms ofacting as a pressure valve. We can release thepressure that has been placed on countries bythe Financial Action Task Force or by othersin the international realm,” said Myers.

In practical terms, the focus of the topicaltrust fund will initially be on providing assis-tance with the design of AML systems, theimplementation of effective national AMLstrategies, risk assessment, financial regula-tion supervision and financial intelligence unitwork. The IMF will steer away from provid-ing frontline assistance to law enforcementauthorities but will make suggestions to gov-ernment officials if it spies potential areas forimprovement.

In terms of the benefits that each countryreaps from its investment, the IMF is of the

view that problems in one country can quicklyspread to other countries in the region or otherparts of the world.

Myers admitted that some countries wereinitially doubtful as to the benefits of a multi-donor account and whether the programwould be able to reach each targeted constituency. The IMF has been workingthrough these issues, he said. He added thatthe IMF understood that countries were keento get credit for the work they did and thebody would look for opportunities to givethem recognition.

Myers said the work might focus on different areas such as anti-corruption, drug trafficking, terrorist financing and thesecuring of inward investment. These are different goals and would need differentapproaches to setting priorities, he said. Myers was keen to stress that risk assessmentwas an important IMF target and was longoverdue for some “serious work”.

”Countries are dealing with FATF recommendations that are very difficult andexpensive to implement. Not all countries arethe same. When countries are faced with thisinternational standard to implement they wantto know where to start, and why we try toencourage countries to take ownership of theirown programs to understand where they areand what goals they are trying to achieve withthis standard,” he said.

It remains to be seen whether this laudable initiative will have a real impact onstamping out money laundering and terroristfinancing in those corners of the world struggling to stop the flow of dirty cash in the banking system. ■

The G20, IMF andmoney launderingWith the recent G20 meetings putting the focus on tax haven secrecyand the inherent money laundering risks associated with some offshore regimes, a new anti-money laundering (AML) initiative was quietly pushed out by the International Monetary Fund.

LONDON CALLING

By Martin CoyleSENIOR EDITOR,

COMPLINET

COLUMN


A T A RECENT anti-money launder-ing (AML) conference in Miami oneexpert from a large multinational

bank recommended that attendees unaware ofpending changes to the format of SWIFT’sMessage Type 202 ‘leave the room and make a phone call’.

This article is intended to instil a similar– albeit less dramatic – sense of urgency.

As SWIFT describes it, the MT202 ‘is the de facto standard used to cover customer credit transfers and to settle payments resulting from other business transactions such as securities and treasurytransactions’. It is a bank-to-bank wire transfer message format. A similar messageformat, the MT103, is used by a bank whenits customers want to make payments to customers of other banks in other countries.

As reported by Complinet in April 2007,the Wolfsberg Group and The Clearing Housesuggested ‘the creation of a new or enhancedSWIFT payment message format for third-party cover payments that enables informationregarding the originator and the beneficiary to be included’.

The concern stemmed from the fact thatcertain European banks had been ‘stripping’MT202s of any references to originators orbeneficiaries blacklisted by the US before for-warding the messages to their correspondentsin New York for clearing. These intermediaryUS banks had no way of knowing what washappening and were duped into processing the transactions.

This practice first made headlines inDecember 2005 when the US Office of

Foreign Assets Control fined then Dutch bankABN Amro US$40 million. More recently,Lloyds Group was targeted by the USDepartment of Justice and the ManhattanDistrict-Attorney’s Office for strippingSWIFT messages and agreed to forfeitUS$350 million.

The Lloyds caseManhattan District-Attorney RobertMorgenthau said that by stripping the wiretransfer information Lloyds made it ‘appearthat the transactions originated at Lloyds in the United Kingdom rather than the sanctioned banks’. He added that the bank facilitated the transfer of more thanUS$300 million on behalf of Iranian banks(including Bank Melli, Bank Saderat, BankSepah) in violation of America’s InternationalEmergency Economic Powers Act.

Lloyds also processed US$20 million ofoutgoing payment transactions on behalf of aLibyan customer through its US correspon-dent banks between 2002 and 2004, courtdocuments stated. The documents added,however, that the bank processed a similarsum of transactions for Sudanese bank customers – transactions that continued until September 2007.

‘More than US$350 million moved fromplaces such as Iran through locations around

the world because Lloyds stripped identifyinginformation from international wire transfersthat would have raised a red flag at US finan-cial institutions and caused such payments tobe scrutinised,’ said Acting AssistantAttorney-General Matthew Friedrich.

New cover-payments processIn order to improve the transparency of thecover-payments process and prevent suchschemes SWIFT issued a new messaging standard, MT202 COV, that will go live in November 2009. The new format will force banks to include originator and beneficiary details.

The US Federal Reserve banks and The Clearing House announced in Octoberthat they had distributed specifications forbanks ‘to maintain compatibility with theSWIFT enhanced message format when

transmitting cover payments through theFedwire Funds Service and CHIPS’ (the US wire-transfer systems).

At that time, Lauren Hargraves, seniorvice-president of the Federal Reserve banks’Wholesale Product Office, noted that ‘even though the changes take effect a year from now, it’s prudent for banks tobegin plans to adapt their internal systems’.Obviously, her message is even more pressing at this late date. ■

Banks to test new SWIFT format

NEW YORK NEW YORK

By Brett WolfCOMPLINET

Banks will soon begin testing SWIFT’s enhanced message format aimed at increasing transparency in cross-border transactions and preventing money laundering and sanctionsviolations linked to so-called ‘cover payments’. Their goal is tomeet the November deadline for adoption of the new format.

THE NEW FORMAT WILL FORCE BANKS TO INCLUDE ORIGINATOR AND BENEFICIARY DETAILS.

INTERVIEW – JOHN BYRNE


Joy Geary asks John Byrneabout the hot AML/CTF topics in the United States

Joy: Let’s cut right to the core issuesJohn. What are the big issues on the American AML/CTF landscape in April 2009?

John: In my opinion, there are three majorissues that really stand out. The first is theimminent change to regulatory structures arising from the reaction to the global financial crisis It is not clear what the newregulatory structures will look like once thecurrent processes are overhauled, in terms ofsystemic risk and also in terms of consumerregulation. These changes will necessarilyimpact how AML/CTF is supervised eventhough AML/CTF is not a frontrunner issuedriving this overhaul. The second major issueis that of tax evasion. The offshore tax-havenissue now has prominence as a result of someof the events of 2008 such as the client datafrom Lichtenstein, Citibank and more recentlyUBS. If the US introduces legislation con-cerning offshore tax havens – and there is adraft bill currently in circulation – then thiswill have a dramatic impact on dealings byUS citizens with those countries. Financialinstitutions might have to consider using controls not dissimilar to how they haveresponded to Office of Foreign Assets Controlrequirements to avoid contravention of thesenew prohibitions on tax havens. We can alsoexpect to see greater regulation of hedgefunds, which interestingly might make it

easier in some ways for financial institutionsattempting to perform customer due diligenceon those entities. Currently, know your customer and customer due diligence onhedge funds can be very difficult. The bigchallenge in introducing tougher regulationright now is that financial institutions acrossthe board are struggling for survival. And aswe know, new regulation always means more expenditure on understanding andimplementing new requirements.

Joy: One of the things that we observefrom Australia when looking at the US regime is the heavy penalties thathave been handed out for violations of Banking Secrecy Act requirements or for OFAC violations. Could you comment on whether you think thesehave been effective?

John: The real benefit for the industry of the enforcement actions and the fines has beenthe effect on institutions that are not involvedin the underlying action. Each of theseenforcement actions has its own particularfacts – there were sufficient bad facts to make the resultant enforcement action highlyspecific to the circumstances in all cases ofthe large penalties. It is safe to say that noneof the big fines were handed out withoutunderlying bad facts as the root cause.

�

John Byrne

John served for years at the AmericanBankers Association where he was theprincipal spokesperson on financialcrime for the US banking industry. Hewas a member of the Drug RelatedFinancial Crimes Group of the WhiteHouse Office of National Drug ControlPolicy and a charter member of the USTreasury Department’s Bank Secrecy ActAdvisory Group. John is currently chairman of the Association of CertifiedAnti-Money Laundering Specialists,which established an Australian chapterin 2007. Most recently, he was the globalregulatory relations executive at Bank ofAmerica after overseeing anti-moneylaundering (AML) policy and strategy atthe bank. He is now a financial consultantto financial institutions and governmentagencies in Washington DC. John spoke at the AUSTRAC AML and CTFConference in Sydney on 1-2 April 2009.

INTERVIEW – JOHN BYRNE

But AML/CTF compliance officers are able totake enforcement actions and use the causesand the findings as training and assurancetools. From an assurance perspective they can use the cases to benchmark their ownframeworks and processes and, if you like,stress test them to see if they would withstandregulatory scrutiny. From a training perspec-tive, these cases provide live materials thatmake compelling reading for business teamsbecause they show what can happen and whatthe consequences can be. Some of theseenforcement actions have also led to peoplelosing their jobs for their involvement, or fortheir failure to implement adequate AML/CTFframeworks to prevent the excesses. And inthe case of Riggs Bank, the enforcementaction ultimately led to the demise of thebank. We must remember that all the enforce-ment agreements published are negotiateddocuments, so they represent some sort ofmiddle road between the regulator’s viewsand the view of the financial institution.Behind the enforcement action stands morecolour, light and movement about what actually did occur.

The look-back requirements where institutions are required to review two or threeor five years’ worth of past transactions forsuspicious matters and other compliancerequirements have little utility and are largelypunitive. They place a financial institution ona long path of identifying more and morecompliance problems, which often lead tomore regulatory and enforcement action. Thecost of these look-back requirements vastlyexceeds the financial penalties that might flowbecause they involve so much time andresources stretching over a number of years.The ABN Amro look-back program, whichwas global over all international payments inall currencies, was estimated to cost morethan US$400 million – dwarfing the penaltyof US$83 million.

I actually think that financial institutionsshould concentrate on the benefit of sharing

information about their AML/CTF examina-tions and supervisory visits, bearing in mindany relevant confidentiality restrictions. Thisknowledge can add to the stock of assurancetools that a financial institution has becauseknowing how one’s peers have been examinedshould assist a financial institution to do betterin its own AML/CTF work, and thus in itsown examinations. The outcome is a betterAML/CTF framework within the industry andwithin individual institutions.

Joy: John, what are your thoughts aboutthe sufficiency of flow of informationbetween AML/CTF regulators and theregulated entities?

John: This area will always be an area ofcontinuous improvement. We will never losethe major obstacle of confidentiality that prevents law enforcement from sharing information. Leaving that real and seriouslimitation aside, there is sufficient volume ofsuspicious activity reports to be able to gener-ate meaningful information that can then befed back to those that are required to report. It is very important for financial institutions to know that the quality of what they reportmeets requirements. If they do not know thatthe quality misses the mark then they willcontinue to miss the mark. If they know theyare meeting or exceeding expectations, thenthat positive feedback supports the ongoingmaintenance of high standards of reporting. Italso provides valuable feedback which can beused internally to support budget requirementsand to confirm the quality of the AML/CTF

framework. It would be useful for feedback to industry to move to include informationabout the way a financial product has beenused so that AML/CTF compliance officerscan observe trends in specific product usage.Australia is at the right stage to look at someform of collaborative work between the financial institutions, AUSTRAC and lawenforcement on this kind of approach. The casestudies and typology reports that AUSTRAChas already produced would be of great help to industry and is certainly more than mostother countries are currently producing.

Joy: In closing John, in your role as an advocate for industry during your time with the American BankersAssociation, what stands out as the most important element for success in the area of AML/CTF?

John: There is no doubt that the sense ofpartnership that was forged, partly through the role played by the American BankersAssociation, has been the key to the wayAML/CTF has evolved in the US. Evenbefore September 11 2001, the Americanbanking industry had worked very closelywith government agencies in shaping theBanking Secrecy Act requirements. Thisallowed the form of regulation that emergedto at least reflect the way the industry functioned while also meeting the require-ments of law enforcement. There has neverbeen much of a move towards a JMLSG 6

type of approach in the US. The Bank SecrecyAct examination manual, while coming froma quite different direction, actually providesextensive insight into regulatory expectationsand has helped lead to a more even playingfield in terms of supervision. The sense ofpartnership that existed before 2001 deepenedconsiderably since that year through theexpanding requirements and the importance ofcountering terrorism financing. And this part-nership remains the ongoing key to successfulmanagement of these issues throughout theUS financial services sector. ■


�

The real benefit for the industry of theenforcement actions and the fines hasbeen the effect on institutions that arenot involved in the underlying action.

Australia is at the right stage to look at some form of collaborative work between the financial institutions, AUSTRAC and law enforcement on this kind of approach.

6 The Joint Money Laundering Steering Group comprises the leading UK Trade Associations in the financial services industry. Its aim is to promulgate good practice in counteringmoney laundering and to give practical assistance in interpreting the UK money laundering regulations. This is primarily achieved by the publication of industry guidance.

DOING THE CRIME

by Dr Nick Ridley

I N 2001, amid the post 9/11 aftermath andplethora of strategic studies from lawenforcement intelligence and government

policy agencies, it was commonly held that al-Qaeda central command illicitly raised and deployed finances on a neo-global scale. The doyen of the study of Islamic extremistterrorism, Rohan Gunaratna, wrote in hiscompact but comprehensive study of al-Qaeda in 2002:

“Strategic and tactical direction of the global terrorist network is providedby the leadership of al-Qaeda … Osama directly co-ordinated importantoperations.”

Regarding al-Qaeda’s finances, he wrote:

“Al-Qaeda has built the most complex,robust and resilient money-generatingand money-moving network ever seen.”

During this period, in South-East Asia, by February 2002 (before the Bali outrage)Indonesian and Philippine law enforcementauthorities were unearthing and collating evidence that – far from being locally contained separatist groups – many terrorist

organisations in the region in fact had closeand long-running connections not only with each other, but to Osama bin Laden’s al-Qaeda. One al-Qaeda-linked group identified by law enforcement investigationsat this period was the Indonesian IslamicLiberation Front (IILF). According to intelli-gence reports, IILF members received training

not only from al-Qaeda in Afghanistan butalso from al-Qaeda members in Mindanao in the Philippines.

However, following the post 9/11 periodof frenetic international efforts against terror-ist financing, al-Qaeda’s financial structure

appeared to have radically altered. By late2003 or early 2004, the perceived wisdomamong law enforcement intelligence was thatal-Qaeda’s central control over the financialnetwork was broken. The main cause wasascribed to international law enforcement andco-operation among financial regulatory


�

“Al-Qaeda has built the most complex, robust and resilient money-generating and money-moving network ever seen.”

Al-Qaeda: a decade of global (?) terrorist financing

DOING THE CRIME

regimes, which were increasingly deprivingal-Qaeda of potential funds and the means oftransferring them to differing regions andjurisdictions. This interpretation was apparent-ly corroborated by the increasing indicatorscollated and analysed by law enforcementunits dealing with terrorist financing, whichrevealed that numbers of al-Qaeda affiliategroups and cells were becoming increasinglyself-financing.

Indeed, the European Union al-Qaedacells were perceived by law enforcementintelligence to be self-financing, engaged inshort-term criminal activity as a pragmaticmodus operandi to gain funds. LorettaNapoleoni, a distinguished economist andexpert in terrorist financing and consultant toterrorist intelligence forum the Club ofMadrid, described the al-Qaeda network in the EU by 2005 as:

“The EU [al-Qaeda cells] resembled acluster of decentralised, loosely connectedand often self-financing networks.”

Corroborating the same premise regardingal-Qaeda’s European finances and the newrecruits to the jihad, one Italian magistratesaid in the same year,

“For people who have no link with al-Qaeda, people who never travelled tothe training camps, and that after 9/11felt compelled to join the cause, it is easier to fund themselves than to get intouch with al-Qaeda and ask for money.”

By 2005 certain US strategic intelligenceanti-terrorist units, particularly those of theCentral Intelligence Agency, were citing al-Qaeda as an organisation with its central

control broken, and that its financial organisa-tions were dispersed, with al-Qaeda itselfbereft of funds. In the words of one CIA representative to officials from Europol’s anti-terrorist unit it was:

“even bankrupt as far as affording operational support is concerned.”

The 9/11 attacks occurred in 2001; by 2007 al-Qaeda could no longer operate acentral global finance system.

However, in the post-2007 period therehas been a reappraisal of the results of the half decade of international efforts against terrorist financing that apparently severelyimpacted and broke al-Qaeda’s central control over global financing of terrorism

Firstly, by 2006 international efforts andco-operation against the financing of terrorismdid not yield the anticipated rich haul from theterrorist war chest. The amounts involvedconcerning intercepted terrorists’ funds wereextremely small. In the six years since 2001,the total amount of suspected funds globallytaken out of circulation or interdicted and

withheld from al-Qaeda and affiliated groupswas equal to only 0.4 per cent of the annualcriminal profits of drug dealing.

But al-Qaeda’s transnational financialactivity had not totally ceased. Support cellsthat came to light in some jurisdictions werefound to be co-ordinating and supporting and financing operatives belonging to othercells in other jurisdictions. Even the groups in Europe during the mid-2000s (identified asself-contained cells operating autonomously)were not totally isolated. In 2002 the al-Qaeda Melian cell, based in Frankfurt,Germany, attempted to cause explosions inStrasbourg during the Christmas shoppingperiod of 2002.They purchased chemicals

for making explosive devices. The moniesavailable for the purchase derived from theproceeds of criminal activity from anothercell, that of the ben Khamais cell based inMilan, engaged the previous months in credit card fraud.

In the post 2007 period in Italy, betweenmid-2008 and November 2008 in Milan and Bologna, Italian police and Carabinieriarrested members of two different Islamicextremist cells who were co-ordinating andsupporting finances for recruitment and transport of suicide bombers to Afghanistan.In one case the funds were being raised fromthe sale and/or exchange of false documents,in the other by petty fraud.

In 2008 Donald Kerr, the principal director of US National Intelligence, warnedagainst total complacency with the words:

“AQ remains capable of conducting operations … and attacks despite disruptions of its networks … Despite our successes the group has retained or regenerated key elements of its capability … to deploy operatives forattacks in the West.”

Significantly, in a November 2008 report,prepared by a Washington-based think tank,the Washington Institute for Near East Policy,to brief the incoming US administration on the situation regarding Islamic extremistterrorism, it was noted that:

“Al-Qaeda, which was on the back footbetween 2004 and 2007, has regained its equilibrium … and al-Qaeda is notfunding operations as much as it did in the past”

The report specifically avoided statingthat al-Qaeda had ceased centralised fundingof operations.

Strategic intelligence analysis among lawenforcement and governmental policymakersalike regarding the ability of al-Qaeda to control and deploy financing of terrorism hasbeen adapted and changed.

As at 2009, al-Qaeda’s engagement in terrorist activities has been severely disruptedand the leadership has been depleted, but it retains a limited capacity to deploy and co-ordinate global financing of terrorism andhas lost none of its resilience. Complacency inintelligence is almost as dangerous as a lackof reliable information. Herein lies the lessonfor both law enforcement and the financialand banking sector regarding potentialexploitation and unwitting involvement in the financing of terrorism. ■


�

“Al-Qaeda, which was on the back foot between 2004 and 2007, hasregained its equilibrium … and al-Qaeda is not funding operations asmuch as it did in the past”

Take the bite out of AML and CTF Compliance

Complinet Global ScreeningComplinet’s Global Screening solutions can help to reduce your organisation’s exposure to unacceptable clients and transaction activities.

AML solution. Complinet’s Global Screening delivers a smarter end-to-

your operational screening costs.

Find out more about Complinet’s Global Screening solutions at www.complinet.com/connected/solutions/global-screening/

Complinet AML training and e-learningComplinet combines expert content with cutting-edge design capability to help organisations meet all their AML training needs. Our market-ready

Abuse and Insider Dealing.

Find out more about Complinet’s e-learning solutions at www.complinet.com/connected/solutions/regulatory-insight/e-learning/

On June 12 2007, the Australian parliament passed the second phase of its Anti-Money Laundering and Counter-Terrorism Financing Act 2006, which introduced correspondent banking provisions.

The Australian Transaction Reports and Analysis Centre will carry out more rigorous on-site inspections to examine

AML/CTF programmes, including

processes; recordkeeping systems; ongoing customer due diligence; and the regulator’s strict guidance on transaction reporting and in-house training.

The new obligations will create immense

have only one year to implement the reforms and become fully compliant.

www.complinet.comtel: +44 (0)870 042 6400 | fax: +44 (0)870 042 6405 | email: [email protected]

To register for a free trial, visit www.complinet.com or contact us on [email protected]

tel: +61 (2) 9994 8099 | fax: +61 (2) 9994 8008 | email: [email protected]

anti-money - afma · 2009 international anti-money laundering conference anti-money ... dr peter...

Documents