detecting suspicion general approach to detecting suspicion in the financial industry kevin whelan...
TRANSCRIPT
Detecting Suspicion
General Approach to Detecting Suspicion in the Financial Industry
Kevin WhelanResident Advisor, EAGOffice of Technical AssistanceUS Department of [email protected]
FATF Recommendations
Recommendation 11 Financial institutions should pay special attention to
all complex, unusual large transactions, and all unusual patterns of transactions, which have no apparent economic or visible lawful purpose. The background and purpose of such transactions should, as far as possible, be examined, the findings established in writing, and be available to help competent authorities and auditors.
Recommendation 13 If a financial institution suspects or has reasonable
grounds to suspect that funds are the proceeds of a criminal activity, or are related to terrorist financing, it should be required, directly by law or regulation, to report promptly its suspicions to the financial intelligence unit (FIU).
Two Basic Types of Suspicion
Type A (Recommendation 11): Activities and behaviors that are not reasonable and expected for particular customers, customer accounts, or transactions.
Type B (Recommendation 13): Activities and behaviors that are consistent with illegal activity, indicators of illegal activities, or typologies for illegal activity, or activities and behaviors that are simply suspicious even in the absence of established indicators or typologies
These types are not mutually exclusive Both types should be actively detected by
reporting entities.
Type A Suspicions
Need to establish expectations for normal behavior. Customer Due Diligence (CDD) is critical At account opening Over time through account monitoring Rely heavily on knowledge of customers and being
able to establish customer profile Know Your Customer (KYC) Risk Based
Activities and behaviors need to be monitored Deviations from transactional patterns should be
detected and explained Failure to adequately explain should be grounds for
suspicion. Deviations from normal behavior need to be detected
Type A—Example 1
Customer opens personal account and declares profession to be government employee. Over a period of one year regular deposits are made
corresponding to government salary. Average balance remains constant.
Suddenly several large deposits are made into the account by the owner and others, followed by wire transfers to foreign accounts Customer explains that he is purchasing foreign
property Sources of deposited funds are not adequately
explained Automated monitoring system flags transactions as
deviating significantly from the norm and forwards an alert to the compliance officer
Type A—Example 1
The facts as presented are plausible, but suspicious The client has deviated significantly from
normal activity based on his individual profile
The bank compliance officer should investigate further and consider filing a suspicious activity report
Type A—Example 2
The bank holds accounts for several small retail grocery shops.
These shops collectively have an identifiable pattern of activity Regular cash deposit activity that correlates with consumer
purchasing patterns (e.g. higher sales before weekends and holidays)
Monthly payments to wholesalers, suppliers, landlord, utilities providers, etc.
One shop deviates significantly from this industry pattern Cash deposits deviate from the pattern in terms of size and
regularity Also significant amount of non-cash deposits Payments also deviate from pattern Account makes unexplained use of wire transfers to foreign
accounts
Type A—Example 2 (cont)
Again, it is plausible that this firm simply uses a different business model. However … The client has deviated significantly from
normal activity based on an industry profile
The compliance officer should investigate and consider filing a suspicious activity report
Type B Suspicions
Knowing the customer is still important. ‘Red Flag’ indicators also important
Describe situations that require additional scrutiny Many red flags rely on knowledge of customer and so
are related to Type A Most red flags are indicators of possible criminal
behavior
Type B Suspicions (cont.) Some basic examples:
At Account Opening False, misleading, or inconsistent statements at account
opening Desires for products that don’t make economic sense
for the type of account and activity Overly curious about banks specific internal policies and
practices During account exercise
Use of multiple accounts with no clear economic purpose
Patterns of transactions that appear designed to avoid reporting
(More later)
Example of Type B
Multiple accounts share same address but different account owners All declared as retail-level businesses to explain cash
generation Cash deposits below mandatory reporting limits made
into accounts in highly correlated manner (e.g. same day, or consecutive days)
Wire transfers made to single offshore foreign account soon after deposits
Indicators: Probable use of straw men (proxies) Probable structuring of deposits Lack of legitimate economic purpose Rapid transfer to consolidation account in offshore
jurisdiction
More FATF Recommendations for Financial Institutions
Customer due diligence and record-keeping(Recommendations: 4, 5, 6, 7, 8, 9, 10, 11, 12)
Reporting of suspicious transactions and compliance(Recommendations: 13, 14, 15, 16)
Other measures to deter money laundering and terrorist financing(Recommendations: 17, 18, 19, 20)
Measures to be taken with respect to countries that do not or insufficiently comply with the FATF Recommendations(Recommendations: 21, 22)
Regulation and supervision(Recommendations: 23, 24, 25)
Summary of Recommendation 5
No anonymous accounts or accounts in obviously fictitious names
Risk-based due diligence measures, including identifying and verifying the identity of their customers, when: establishing business relations; carrying out occasional transactions: (i) above the applicable
designated threshold; or (ii) that are wire transfers in the circumstances covered by the Interpretative Note to Special Recommendation VII;
there is a suspicion of money laundering or terrorist financing; or
the financial institution has doubts about the veracity or adequacy of previously obtained customer identification data.
Due diligence includes: Identifying and verifying customer and/or beneficial owner Understanding purpose and nature of proposed business
relationship Ongoing monitoring of relationship and transactions
Where are the Risks?
Risky Customers Those with high net worth PEPs may be considered high risk
So might be their relatives Those in risky professions/industries Charities Those who are of risky national/geographic origin Those without adequately explained sources of
wealth/income Those whose identity is not convincingly established Those whose stated purpose for establishing a
relationship with the bank is not fully convincing Those who match ‘red flag’ indicators
Where are the Risks?
Risky Products/Services Wire transfer Certain types of loans Trust services Private Banking Trade Financing Correspondent Banking
Where are the Risks?
Risky Transactions Large cash transactions Transactions to offshore jurisdictions Other transactions that match ‘red flag’
indicators
Where are the Risks?
Risky Locations Countries without adequate AML/CFT regulation Jurisdictions known to be involved in the narcotics
trade Countries in which the production or transportation of
illegal drugs may be taking place Bank Secrecy Havens Countries identified in FinCEN advisories or the
advisories of other countries Money laundering countries and jurisdictions
identified in the US Department of State’s annual International Narcotics Control Strategy
Profiling Customer Risk
How? By who they are By the products they use By the transactions they make By where they are
When Account Opening When conducting transactions Periodically when updating customer information
High risk customers should get extra scrutiny at account opening and when conducting transactions
Recommendation 15
Recommendation 15 Financial institutions should develop programs
against money laundering and terrorist financing. These programs should include:
a) The development of internal policies, procedures and controls, including appropriate compliance management arrangements, and adequate screening procedures to ensure high standards when hiring employees.
b) An ongoing employee training program. c) An audit function to test the system.
Compliance Plan
Should include the following: Internal policies, Procedures, and Controls Definition of roles and responsibilities
Compliance Officer role, in particular Internal Audit function Training function Should be designed for effectiveness given the
characteristics of the bank (there is not one size that fits all)
Should be designed to implement local AML/CFT laws and regulations
Plan should be in writing, regularly reviewed, and put into practice.
Should be approved by Board of Directors
Ongoing Training
At a minimum staff should be trained to: Understand the bank’s Compliance Plan Understand specific risks and red flags associated
with customers, products, and transactions in their area of work
Understand the concept of suspicion Understand the internal reporting procedure for
suspicions Understand legal provisions against unauthorized
disclosure of reporting activity Understand safe harbor provisions of the law Understand potential penalties under the law
Training should be a tool for changing the culture of compliance of bank staff
Internal Audit/Control
Can be based on regulatory exam procedures For example, exam procedures by US regulators
are published on their webs site Should include transaction testing
Are suspicious transactions really being identified and reported?
Should assess employee’s knowledge Do they know what they are supposed to? Are they applying that knowledge? Are they following the policies and procedures?
Should detect possible internal complicity in evading AML controls
Typical CDD/Monitoring Strategies
Large Bank Strategy (capital intensive) Focus on policies and procedures Invest in automated systems Risk oriented Testing and monitoring of the system itself
Small Bank Strategy (labor intensive) Less emphasis on policies and procedures Focus on testing of transactions and records Much more hands-on emphasis
Role of Technology
What Technology Cannot Do: Cannot substitute for training Cannot create a compliance culture nor implement
standards of integrity and ethical behavior Cannot replace the human element, especially when
dealing with the human element Cannot be an excuse for failing to detect abuse
What Technology Can Do: Reduce Compliance Costs
In record keeping, for example Manage and analyze large amounts of information Enhance sharing of information Assist in the case management process
Technology
Risk Management Software Designed both for regulatory compliance and protection of
reputation Software can be configured to highlight suspicious transactions
of both Type A and Type B Those transactions which don’t match the normal patterns for the
individual or legal entity Those transactions which match a known pattern of financial
crime Can assist in manual investigation of highlighted transactions Can automate reporting requirements Can automate record keeping requirements Rare that these technologies are used in developing economies
Expensive Work in conjunction with sophisticated automated transactions
processing systems Many banks in developing economies can’t justify the expense Still possible to do same things at low cost
Identification Software Watch List Matching (e.g. UN List)
Most Important Considerations for Detecting Suspicion
Suspicious activities are not always difficult to detect. But … You Have to look for Suspicion!
You have to make investments into training and systems You have to monitor the systems and ensure they are working You have to work with the FIU and others to ensure that the latest
typologies are known to you You have to see suspicion when it is there
Consider the definitions Don’t be too willing to rationalize what you see Encourage employees to report what they see to the compliance
officer Do not discourage employees from reporting … no penalties, no
fear! You have to act upon suspicion that you see
Have courage Have confidence in yourself and the FIU File a complete SAR