meet bernie madoff – the man who made off with a lot … · secrecy laws and lack of transparency...

anti-money launderingCOMBATING MONEY LAUNDERING IN FINANCIAL SERVICES

SEPTEMBER 2009

THE ENFORCEABLE UNDERTAKINGS UNDER THE MICROSCOPE – OUR ANALYSIS OF THE BARCLAYS PLC AND MEGA INTERNATIONAL BANK ENFORCEABLE UNDERTAKINGS

KNOW THY REGULATOR – THE 2009-10 SUPERVISORY FRAMEWORK

THE NEW ZEALAND ANTI MONEYLAUNDERING AND COUNTERTERRORISM FINANCING BILL – AN ANALYSIS OF THE GOVERNANCE ANDMONITORING REQUIREMENTS

PEP LISTS –MITIGATING THE RISK OF BREACHINGNATIONAL PRIVACY PRINCIPLES

MEET BERNIE MADOFF – THE MAN WHO MADE OFF WITH A LOT OF OTHER PEOPLE’S MONEY

ITS RAINING ENFORCEMENT ACTIONMEGA BANG FOR MEGA BANK & ANZ PAYS OFAC $5.7M FINE

ITS RAINING ENFORCEMENT ACTION

For more information contact

Stephen [email protected]

Georgie [email protected]

Shamil SharmaSpecial [email protected]

Emma [email protected]

Baker & McKenzie International is a Swiss Verein with member law firms around the world. In accordance withthe common terminology used in professional service organizations, reference to a “partner” means a personwho is a partner, or equivalent, in such a law firm. Similarly, reference to an “office” means an office of anysuch law firm.

Australia

Sydney+61 2 9225 0200Melbourne+61 3 9617 4200

www.bakernet.com

The risks and obligations relatingto money laundering and terrorismfinancing are increasing – are youmanaging them?As the methods used by perpetrators become more diverse andsophisticated, regulators are increasing the obligations on, andmonitoring of, companies providing designated services. In thecurrent global financial crisis, the costs of compliance are anincreasing burden, but the costs to your company of non-compliance could be significant. To protect your company’s brandand reputation, and to avoid regulator action and civil claims, yourcompany needs to ensure that it remains compliant with allAML/CTF obligations.

Money laundering and terrorism financing are global problems.Baker & McKenzie’s AML/CTF team, through its network of locallyqualified, globally experienced lawyers operating in 39 countriesand 69 offices, can help you address all your local and cross-borderAML/CTF issues. We deliver a complete, seamless and timelyservice from any region of the world tailored to meet our client’sspecific needs. This ranges from advice on compliance programsand plans, through to advising on regulator actions (including theuse of enforceable undertakings by AUSTRAC) or privacy andemployment issues connected with AML/CTF regulations.

EDITORIAL

ANTI-MONEY LAUNDERING 3SEPTEMBER 2009

I N BREAKING NEWS as we go to print,APRA has accepted an enforceableundertaking from Mega International

Bank (Mega) which appears to arise out of thesame circumstances that lead to an enforceableundertaking being accepted on 1 July 2009 bythen CEO of AUSTRAC, Neil Jensen PSM.Australia and New Zealand Banking Grouphas paid $5.8m to settle allegations that itdeleted references to US-sanctioned Sudaneseand Cuban entities from SWIFT payment messages before forwarding the messages to US correspondent banks.

The information revealed in the APRAundertaking suggests that the internal operations of Mega fell far short of APRA’sPrudential Standards. However there is abroader question – will APRA see allenforceable undertakings given by its regulated population to AUSTRAC as alsoconstituting breaches of its PrudentialStandards leading to APRA enforcementaction as well? If so, this will change the priority given to AML/CTF compliance inmany reporting entities. And we are yet tosee if ASIC will also weigh in seeing thesebreaches as also breaches of AustralianFinancial Services licence obligations.

There is no doubt that this is a new era in compliance supervision and enforcement in Australia.

Mega has removed its Vice President and General Manager for Australia and itsVice President and General Manager forBrisbane and will be reviewing all staff fortheir involvement in non-compliant accountopening and a range of suspicious transactionsnot reported to AUSTRAC. Mega cannot open new accounts until such time as APRAmay agree and must undertake extensivereviews of accounts and transactions with the involvement of independent experts.

The ANZ fine paid to OFAC arose fromconduct, commonly known as “stripping”,between 2004 and 2006. In all, ANZ stripped31 messages related to trade finance transac-tions, according to statement issued by the US Treasury Department’s Office of ForeignAssets Control and ANZ. This is the largestfinancial penalty for an Australian bank relating to OFAC breaches.

The OFAC statement noted that as part ofits remedial response, ANZ re-engineered itscurrent operating model to enhance its abilityto identify and resolve operational gaps andweaknesses. ANZ enhanced key OFAC procedures and policies to establish moreeffective controls with respect to potentialOFAC violations. As part of its settlement with OFAC, ANZ has agreed to examine and,as necessary, further revise its policies andprocedures to ensure, to the best of its ability,

that transactions that would be in violation ofOFAC’s regulations are not processed by orthrough United States financial institutions.ANZ will report findings of its examination toOFAC. The Australian Prudential RegulationAuthority, ANZ’s primary Australian regulator,has agreed to review the results of the exami-nation conducted by ANZ and monitor the resolution of any adverse findings.

We see similar remedial actions in theJuly enforceable undertakings accepted byAUSTRAC from Barclays Bank plc and Mega regarding frameworks, controls,processes and assurance.

Moving from compliance lapses to criminal activities, another major criminal and money laundering operations is beingcracked open, in New Jersey in the UnitedStates.. A developer who turned into a ‘dobber’ for law enforcement has managed to bring down mayors, rabbis and dozens ofothers in a stunning probe of alleged moneylaundering and bribery, and trafficking inblack-market kidneys and fake handbags.

Most of the Jewish leaders who werearrested as a result of a two year probe standcharged with money laundering the developer’sdirty money through their charities. Thesecharities were also allegedly used to mask ill-gotten gains from the intellectual propertytheft, namely the sale of fake Gucci and Pradahandbags. To the extent that charities havebeen seen as vehicles for terrorism financing, itis time to think again. This probe shows certaincharities, that perhaps no one would suspect ofbeing involved in terrorism financing couldperhaps be a cover vehicle for money launder-ing of the proceeds of a range of crimes.

As we will see from our examination ofthe Madoff Ponzi scheme in this issue and the next two issues leading up to the AMLMagazine Third Annual Conference on 16-17 November, anti-money laundering and counter-terrorism financing (AML/CTF)regimes are forcing those who receive moneyfrom others through the provision of financialservices to be on their guard regarding thesource of funds to avoid being implicated inthe laundering activities. The New Jerseyscheme is a further reminder of the relevanceof source of funds, bringing Jewish charities in the US into centre frame for their bankers,among others.

Madoff and these new accused mightthank themselves lucky that they did not commit their alleged crimes in China. Twofinancial fraudsters (one male, one female)were executed recently for their separatecrimes – taking money from others for investment promising extraordinary returns.

As the Australian AML/CTF communitystudies the meaning of the two enforceable

undertakings accepted by AUSTRAC on 1 July, AUSTRAC gave a further indication ofits readiness to move into business-as-usualsupervision with the release of its SupervisionStrategy 2009-10. Moving with the times, we have changed the conference program forNovember to include a dedicated session onsupervision – AML/CTF Can you afford not to comply? We have invited Amanda Wood(AUSTRAC) and Kate Hughes, Chief RiskOfficer from AWB Ltd (formerly the AustralianWheat Board) to join the panel for this sessionwhich, as the title suggests, will be a thought-provoking look at the risks of non-compliance.

The Australian Taxation Office hasreleased its Compliance Program for 2009-10.The ATO will continue to match data it obtainsfrom AUSTRAC with other data sources toidentify Australian residents involved in foreign transactions and/or those involved in abusive tax haven-related arrangements.Discrepancies in data will be subject to particu-lar scrutiny. It is now the era of data matching,and places to hide will become harder to find.

The ATO will be focusing on financialand structural arrangements that rely on thesecrecy laws and lack of transparency offeredby some international jurisdictions, focusingon concealed assets and income that are subject to tax in Australia. For reporting entities handling transactions involving suchdestinations, the ATO Compliance Program is a timely reminder to tighten monitoring controls and review country risk models. The ATO will also focus on transfer pricingused to shift significant amounts of profit offshore to lower taxing regimes. ‘Know yourcustomer’ for companies doing internationaltransactions between Australian and offshoreoffices is taking on a new meaning.

Registrations for the NovemberConference are rolling in. With 30 speakers –including five international guests – the program will mark the end of a big year forAML/CTF in Australia. We look forward toyour support at the conference. To reserveyour place visit www.amlmagzine.com.au. ■

By Joy Geary EDITOR

About World-CheckWorld-Check’s risk intelligence on heightened-risk individuals and entities is updated daily in real-time by its international research team, and is derived from hundreds of thousands of public sources. Coverage includes money launderers, financial criminals, terrorists and sanctioned entities, as well as individuals and businesses from more than a dozen other high-risk categories. The database also covers Politically Exposed Persons (PEPs), their family members and associates worldwide. World-Check’s intelligence and tools find direct application in financial compliance, Anti Money Laundering (AML), Know Your Customer (KYC), PEP screening, Enhanced Due Diligence (EDD), fraud prevention, government intelligence and other identity authentication, background screening and risk prevention practices. World-Check offers a downloadable database for the automated screening of an entire customer base, as well as a simple online service for quick customer screening. If you are looking for results, look no further – with a 97% annual client renewal rate, the facts speak for themselves.

Over 3 000 institutions worldwide rely on World-Check for theirKYC, AML and Enhanced Due Diligence (EDD) compliance requirements.

Who is hiding in your customer base?

www.world-check.com

CONTENTS


FEATURES

3 Editorial

6 News

12 The enforceable undertakings under the microscope

18 AUSTRAC’s new enforcement strategy –Know Thy Regulator

22 Madoff made off with a lot of other people’s money. What does that mean for reporting entities?

26 PEPs and Privacy – the interaction between PEP lists and the National Privacy Principles

33 AUSTRAC COLUMN Enforceable undertakings

34 PART II – Has New Zealand come of age with its Anti Money-Laundering and Countering Financing of Terrorism Bill?

39 INTERVIEW Neil Jeans

41 LONDON CALLING The big freeze: Switzerland rewrites asset confiscation laws

43 DOING THE CRIME The pleasant, attentive corporate individuals who mask the dark side

46 NEW YORK, NEW YORK Corruption and complacency: the fight against trade-based money laundering

EDITORIAL

EDITOR: Joy Geary – [email protected]

SUB-EDITOR: Roger Balch

CONTRIBUTORS: Martin Coyle (London), Georgie Farrant, Chris Hugh-Jones, Dr. Nicholas Ridley (United Kingdom),Brett Wolf (New York),

PRODUCTION AND DESIGN

CREATIVE DIRECTOR: Jo Fuller

COVER DESIGN: Elly Walton Illustrations (UK)

ADVERTISING AND SUBSCRIPTIONSMANAGER, MARKETING: Jason Sheil – Tel: + 61 2 9776 [email protected]

ANTI-MONEY LAUNDERING MAGAZINE IS PUBLISHED SIX TIMES A YEAR BY

AFMA – Level 3, 95 Pitt Street, Sydney NSW 2000.GPO Box 3655, Sydney NSW 2001

Tel: + 61 2 9776 4411 Fax: + 61 2 9776 4488

www.afma.com.au

Disclaimer: This publication is designed to provide accurate and authoritative information in regard to the subjects covered. It is distributed with the understanding that the AFMA is not engaged in rendering legal, accounting or other professional service. If legal advice or other expert assistance is required, the services of competent professional persons should be sought. AFMA Anti-moneylaundering magazine presents the views of a range of commentators on AML issues for the benefit of readers and AFMA does not necessarily endorse these views.

anti-money laundering

This publication is copyright. Other than for the purposes of, and subject to the conditions prescribed under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system, or transmitted without prior permission. Enquiries should be addressed to AFMA.

NEWS

SEPTEMBER 2009 ANTI-MONEY LAUNDERING6

Powered by

By Brett Wolf, Complinet.

A USTRALIA AND NEW ZEALANDBanking Group has paid $5.8m to settle allegations it deleted

references to US-sanctioned Sudanese and Cuban entities from SWIFT payment messages before forwarding the messages to US correspondent banks. ANZ allegedlyengaged in this conduct, commonly known as “stripping”, between 2004 and 2006. In all, it stripped 31 messages related to tradefinance transactions, according to statementsissued by the US Treasury Department'sOffice of Foreign Assets Control and ANZ.

“ANZ actively manipulated the SWIFTmessages related to the Sudanese transactionsby removing references to Sudan or the names of entities subject to sanctions in the United States, thereby concealing theidentities of the targets of US sanctions and impeding the ability of US banks to detect these violations,” OFAC stated whenannouncing the deal.

The settlement reportedly covers 16 “stripped” transactions, totaling $28m, that allegedly violated Sudanese SanctionsRegulations (31 CFR Part 538), and 15“stripped” transactions, totaling $78m, thatviolated Cuban Assets Control Regulations(31 CFR Part 515).

The use of the term “stripping” – withregard to the practice of removing all mentionof sanctioned entities from SWIFT paymentmessages before forwarding them toManhattan banks – has grown of late. InJanuary, Lloyds TSB Bank agreed to pay$350m to US law enforcement agencies tosettle claims it “stripped” messages to concealthe identities of banking clients in Iran andelsewhere. Of course, the practice first madeheadlines in December 2005, when OFACfined Dutch bank ABN AMRO $40m.

When announcing the deal, OFAC said it“mitigated the total potential penalty based onANZ's substantial cooperation, its prompt and thorough remedial response, and the fact that ANZ had not been subject to an OFAC

enforcement action in the five years preceding thetransactions at issue.”

“Although ANZ did not voluntarily self-disclose the apparentviolations of the SudaneseSanctions Regulations,ANZ substantially cooperated with OFACby conducting an extensive review oftransactions,” OFACstated. “This reviewidentified additional

apparent violations of the Sudanese SanctionsRegulations of which OFAC was not aware,as well as apparent violations of the CubanAssets Control Regulations, which ANZ voluntarily self-disclosed to OFAC.”

According to OFAC, ANZ also “re-engineered its current operating model to enhance its ability to identify and resolveoperational gaps and weaknesses” and“enhanced key OFAC procedures and policies to establish more effective controlswith respect to potential OFAC violations.” It added that as part of the settlement, ANZ “has agreed to examine and, as necessary, further revise its policies and procedures to ensure, to the best of its ability, that transactions that would be in violation of OFAC's regulations are notprocessed by or through United States financial institutions.”

“ANZ will report findings of its examination to OFAC. The AustralianPrudential Regulation Authority, ANZ's primary Australian regulator, has agreed to review the results of the examination conducted by ANZ and monitor the resolutionof any adverse findings,” OFAC stated.

In a statement provided to Complinet,ANZ Chief Risk Officer Chris Page said the bank “recognises that during the 2004 to2006 period, the bank's compliance with US economic sanctions did not meet the highstandards we expect”.

“We've worked hard with regulators overthe past three and a half years to comprehen-sively address the issues identified. This hasincluded more robust policies and procedures,and a group-wide sanctions compliance training program for staff,” Page stated. ■

ANZ Bank pays $5.8m to settleOFAC ‘stripping’ allegations

The use of the term“stripping” – withregard to the practiceof removing all mentionof sanctioned entitiesfrom SWIFT paymentmessages before forwarding them toManhattan banks – has grown of late.

NEWS

T HE AUSTRALIAN government hasbacked the anti-money launderingregulator’s decision to use enforce-

able undertakings (EUs) as an enforcementtool against two major banks in July. TheAustralian Transaction Reports and AnalysisCentre (AUSTRAC) announced its first majorenforcement actions against two overseasfinancial institutions (Barclays Bank andMega ICBC) for a range of anti-money laundering/counter-terrorism financing(AML/CTF) breaches. The regulator’s deci-sion to use EUs as a quick and effective toolto secure compliance has received widespreadsupport from within the industry. Consultantstold Complinet the costs of complying with an

EU were extremely high and they could ulti-mately prove far more expensive than a fine.

At the Asia-Pacific Group on MoneyLaundering’s annual conference in Brisbane,Brendan O’Connor, the new Home AffairsMinister, said the government fully supportedAUSTRAC’s decision to take the EU path.

‘Enforceable undertakings are of criticalimportance in ensuring compliance with ouranti-money laundering regime, without theneed for criminal or civil enforcement action,’O’Connor said.

‘In Australia we are in the fortunate posi-tion to be able to invest significant resourcesin the fight against money laundering andcounter-terrorism financing. And we have

implemented a strong anti-money launderingregime to break the circuit between moneylaundering and a wide range of illegal andcriminal activities.’

O’Connor also said that the governmentwas tightening Australia’s criminal asset con-fiscation laws to complement the AML regu-lator’s efforts. The Attorney-General recentlyintroduced legislation in this area, includingunexplained wealth provisions that requireindividuals to demonstrate that their wealthwas legally acquired.

‘Criminals cannot be deterred by jail sentences alone. Attacking the proceeds ofcrime is a fundamental pillar of modern law-enforcement strategies,’ he explained. ■

7

Powered by

Government backs AUSTRAC’senforceable undertakings

SEPTEMBER 2009ANTI-MONEY LAUNDERING

T RANSPARENCY INTERNATIONALhas criticised Australia for its com-prehensive failure to enforce the

Organisation for Economic Co-operation andDevelopment’s Anti-Bribery Convention butcomplemented the country on its ‘highlyregarded’ AML regime. The latest TI globalreport, which looked at compliance with theinternational anti-corruption agreement,pooled Australia alongside 20 other countriesthat had undertaken ‘little or no enforcement’of the convention. The report attributed thesefailures to a range of issues including outdatedbribery laws, political interference and poorlyfunded regulators.

Under the OECD Anti-BriberyConvention, signatory countries have agreedto eliminate foreign bribery by companies andindividuals based on their jurisdiction. So far38 countries have signed up to the convention,of which four are in compliance and 10 hadshown a ‘moderate’ level of commitment. The countries that TI criticised for having‘next to no enforcement whatsoever’ includedAustralia, Brazil, Canada, Ireland and Poland.

The TI report noted that Australia held aRoyal Commission last year into the AWB

Iraqi ‘oil-for-food’ bribery scandal. As a resultof the inquiry, six civil actions were broughtin 2008.

The report noted: ‘There have been noforeign bribery prosecutions in Australia, but a government Royal Commission wasestablished to inquire into alleged illicit ‘oil-for-food’ related payments of US$220 millionmade in Iraq by [AWB] and a set of civilcases are pending against six AWB executivesfor alleged breach of directors’ duties, broughtby the Australian Securities and InvestmentsCommission just before expiry of the six-yearstatute of limitations.’

TI noted that in November 2008 almostall of those cases were frozen pending thefindings of a taskforce that the government setup to examine whether any of the executivesshould be criminally prosecuted. There arefive investigations underway, including oneinvestigation started in 2008.

On the legislative front, the report arguedthat Australia’s anti-bribery laws were nottough enough for those found guilty of foreignbribery. ‘The government has made a seriouseffort to publicise the need to report foreignbribery. The major states (except Victoria)each have well-funded and independent standing commissions against corruption withhotlines; and all have ombudsman offices,with hotlines, to receive complaints. The federal government has an ombudsman andindependent commissioner but that position is currently being reviewed, and legislativeaction is expected in 2009,’ it noted.

On a positive note, the report applaudedAustralia’s AML regime and said that AUS-TRAC was a ‘highly regarded’ AML regulatorby global standards. It said that the AML/CTFAct 2006 was an effective piece of legislationand had addressed problems identified by the Financial Action Task Force in 2005 – particularly in the area of preventive measures.With regard to areas of improvement, TI saidAUSTRAC could do more to track the predicate offences behind any suspicious trans-actions (at present those types of investigationsare left to the Australian Federal Police). ■

Transparency International slamsAustralian anti-corruption efforts

Australia’s anti-bribery lawswere not tough enough for those

found guilty of foreign bribery.

NEWS


Powered by

J APAN’S Financial Services Agency hastargeted Citibank Japan (CJL) with anenforcement action aimed at punishing

the bank for alleged AML lapses. The FSAsaid there were ‘fundamental problems’ withCJL’s compliance program and ordered it tosuspend all sales operations in its retail banking division for one month.

‘Control systems necessary for the detection, monitoring, and follow-up of suspicious transactions have not been developed. Moreover, it is found that procedures to control any dealing with anti-social forces have not been developed,’the FSA order states, suggesting that CJL’sAML regime is incapable of detecting and reporting transactions that involve organised crime groups.

The FSA ordered CJL to suspend its retailbanking division’s sales activities betweenJuly 15 and August 14. It added, however, that CJL need not turn away unsolicited customers who approach the bank to purchase its products.

Sweeping changes demandedThe enforcement action also orders CJL to ‘fundamentally review and restructure’ its ‘current governance, internal control and business-management system’.Specifically, the FSA ordered CJL to take the following steps:

• Clarify the business attitude of the boardof directors and management committeetowards the establishment and enhance-ment of governance and internal controlsystems;

• Develop and enhance a system for accu-rate execution of the obligation to makenotification of suspicious transactionsincluding money laundering; and, estab-lish a system for the control, monitoring,cancellation, etc, of transactions, etc, subject to notification;

• Ensure a thorough understanding of, andcompliance with, laws and regulationsand other rules by officers and employeesand foster and improve awareness ofcompliance with laws and regulations;

• Restructure the system necessary forensuring the effectiveness of internal control functions, review methods, thefrequency, etc, of audits and conduct follow-ups after the audits; and

• Investigate why the improvement planthat was submitted to the FSA in responseto the FSA’s previous order on September17, 2004 to improve business operationswas not implemented appropriately andclarify where the responsibility lies,including with management.

The original September 2004 orderdemanded that CJL close its private bankingarm, which allegedly engaged in ‘extremely

inappropriate transactions’. It also requiredthat the bank undertake a slew of remedialactions aimed at bolstering its AML regime.

CJL will need to provide a good explanation as to why its remedial plan ‘was not implemented appropriately’.Citigroup is selling-off some of its Japan-based units as part of an effort to recover from toxic asset-related losses. It is unclearwhether those sales would be affected if CJL fails to provide an adequate justificationfor its purported failure.

Citibank’s responseIn a statement, CJL said it ‘takes this administrative action very seriously and is deeply apologetic for the issues insufficiently resolved, including as part of its 2004 [order]’. The bank said it ‘is committed to focus all necessary resources to implement every necessary measure to prevent future occurrence’.

It added: ‘Since an initial incident wasfirst identified and reported voluntarily to theFSA, Citibank Japan has subsequently beenco-operating with the FSA and has alreadybegun to take actions to address issues raised.’When contacted by Complinet, a Citigroupspokesman reiterated that the bank ‘pre-emp-tively reported these matters’ to the FSA. He cited concerns that the mainstream presshas not reported this purported fact. ■

Japan orders Citibank to suspendretail sales and revamp AML regime

NEWS


Powered by

Law enforcement agencies from seven of the G8 countries have wrapped up an ‘unprecedented’ operationaimed at combating bulk cash smuggling.

T HE EFFORT, dubbed OperationMantis, was developed by the G8’sRoma/Lyon group (the group’s

main forum for co-operation on combatingterrorism and organised crime) and nettedmore than $3.5 million in 81 cash seizures at ports of entry around the world. The agencies announced their success during a G8 summit in Italy.

‘Cash smuggling is a crime that impactsevery society. Organised crime syndicates and terrorists employ couriers every day tomove the funds necessary to support theirillicit operations while hoping to avoid detection,’ the US Bureau of Immigration and Customs Enforcement, the Americanagency involved in the operation, stated.

According to ICE, cash couriers prefer touse commercial airlines because many foreigndestinations can be reached quickly and littleplanning is required. During the three-dayoperation, authorities examined hundreds offlights at international airports and found justwhat they expected – ample cash smuggling.

For instance, an examination conductedby British authorities reportedly led to thearrest of a 17-year-old woman who wasattempting to leave the UK carrying about£380,000 in her checked luggage. She wasbound for Vietnam. Following the woman’sarrest, authorities searched her residence andfound another £12,000. The woman facescriminal charges in the UK.

‘The G8 ministerial meeting of justice and home affairs held in Rome a month agoshowed us that the aggression of criminalwealth is a key to fight transnational organised crime,’ said Roberto Maroni, Italian Interior Minister. ‘In this vein,Operation Mantis is a perfect example of what has to be done in order to attain our common objectives in terms of lawenforcement and enhancement of security –both domestically and internationally.’

During the operation, law enforcers inCanada, France, Germany, Italy, Japan, theUK and the United States reportedly shared

real-time information and intelligence in order to target and nab cash couriers. Lawenforcement agencies also relied on currencydetector dogs, X-ray and gamma-ray equipment, body searches and ion mobilityscanners. As a notable exception, Russia didnot participate in the operation.

‘Smuggled currency fuels terrorism andcriminal activity around the world,’ said JanetNapolitano, Secretary for the US Departmentof Homeland Security. ‘This successful operation demonstrates the strength of international co-operation to combat commonthreats and ensure mutual security.’ ■

G8 nations combine forces to target cash smuggling

cash couriers prefer to use commercial airlinesbecause many foreign destinations can be reachedquickly and little planning is required.

NEWS


T HE CHANGES, made following the introduction of the RaceDiscrimination Ordinance (RDO) in

Hong Kong on July 10, aimed to eliminate therisk of any potential for misunderstanding inthe HKMA guidelines. The move, however,may end up causing more problems for thebanking industry than it sought to prevent,said Nigel Morris-Cotterill, head of The AntiMoney Laundering Network, a KualaLumpur-based AML consultancy.

‘The changes have a positive socialimpact upon most business activities,’ he said.‘However, they have negative impact on theassessment of risk for money laundering andother financial crime, in particular corruption.’

The changes in question relate to paragraphs 2.3(a) and 10.6(a) of the HKMA’s Guideline on Prevention of Money Laundering (Supplement) and itsInterpretative Notes, and were communicatedto banks in Hong Kong in a circular from theregulator in July. In the spirit of promoting‘racial equality and harmony in Hong Kong’,the regulator changed the words:

‘origin of the customer (e.g. place ofbirth, residency), the place where the customer’s business is established, thelocation of the counterparties with whichthe customer conducts transactions anddoes business, and whether the customeris otherwise connected with higher riskjurisdictions or jurisdictions which do not or insufficiently apply the FATFRecommendations.’to ‘the customer’s nationality, citizenshipand resident status (in the case of a corporate customer, the customer’s placeof incorporation), the place where itsbusiness is established, the location of the counterparties with whom it conductsbusiness, and whether the customer is

otherwise connected with higher riskjurisdictions or jurisdictions which do not or insufficiently apply the FATF Recommendations.’

in Paragraph 2.3(a) and, in the case ofpolitically exposed persons in Paragraph10.6(a), the focus was shifted from where the PEP was from to where he or she holdspublic office.

Under the RDO, it is unlawful to discriminate, harass or vilify people on thegrounds of their race, the HKMA admonished,saying firms should familiarise themselveswith the provisions of the RDO and reviewtheir existing policies and procedures toensure compliance with its terms, includingtraining their staff and raising awareness ofthe new legislation.

With the changes, which took effect on10 July 2009, the HKMA had inadvertentlymade it more difficult for firms to maintain an effective AML risk-management system,Morris-Cotterill said. Origins – as distinctfrom nationality, and other social and racialfactors – were determinants in building aneffective money-laundering risk matrix, headded, using as an example a migrant from apoor country who has demonstrated rapidaccumulation of wealth.

‘Let’s say he’s a Vietnamese who sayshe’s been a coffee trader in the US, where he

has taken citizenship and now he sells toChina,’ Morris-Cotterill explained. ‘So, underthe new guidelines, he has to be consideredAmerican. The Hong Kong office is to be hissales base for southern China. He uses hisplace of origin (Vietnam) as part of his cover– but bankers are supposed to ignore that fact when assessing the risk he poses. Thatthen removes or reduces the opportunity toconsider the fact that Vietnam is a both a

source and transit country for drugs and people trafficking into China.

In short, it limits bankers, focusing more on the financial transactions instead ofthe broader social and related backgroundwhich are important factors when deciding to be suspicious.’

The removal of the focus on origin andthe new focus on nationality also presentedproblems, said Morris-Cotterill. ‘One of theguidelines I have used for many years is theaccent and speech mannerisms of the person I am dealing with. If a banker can recognisethat they do not match up with the identifica-tion evidence he is being asked to accept, then he may regard that as information whichwould put him on inquiry as to the truth of theidentification evidence and, by association,other evidence. That may lead him to findfalse identification evidence, which is so well prepared that there is nothing on the face of it to raise any questions.’ ■

Race discrimination focus hinders AML risk management says consultant

Powered by

Changes made to the Hong Kong Monetary Authority’s AML guidelines to eradicate traces of racial discrimination may have made it more difficult to assess the money laundering and corruption risk, according to an industry insider.

ANTI MONEY LAUNDERING MAGAZINE CONFERENCE

2009 Beyond the Storm16 & 17 November 2009 | Westin Hotel, Sydney

www.amlmagazine.com.au

Register

Today

and Save!

DISCOUNTED

RATE FOR

ACAMS MEMBERS

LEARN from international experts about the current

risks that are emerging overseas as a result of the

global fi nancial and economic crisis

HEAR how money laundering threat levels have

been reshaped by the weakened economy, as the

world prepares to emerge from the global downturn

COMPARE the AML/CTF approaches of three

Australian branches of overseas fi nancial institutions

CONTRAST the daily work of two AML/CTF

Compliance Offi cers from two quite different fi nancial

institutions

UNDERSTAND complex issues such as when

you may have to freeze funds

BENEFIT from the practical advice provided in

your choice of workshops to help you develop your

AML/CTF Program during these challenging times

register today @ www.amlmagazine.com.au or call 02 9776 7914

Endorsed by

Supported by

Partner Sponsors

AssociateSponsors


The enforceable undertakings

under the microscope

FEATURE

FEATURE

It is raining regulatory actionin Australia. We have twoenforceable undertakingsgiven to AUSTRAC at thebeginning of July by Barclays Bank plc and MegaInternational Bank (formerlythe International CommercialBank of China), we have theANZ OFAC fine and then theacceptance by APRA of the an enforceable undertakingfrom Mega International Bank on Friday 28 August.The regulatory gloves are off.This article examines both the AUSTRAC and APRAenforceable undertakings.

Does your management under-stand the importance of theseenforceable undertakings?

All AML/CTF Compliance Officers and internal audit teams that perform independentreviews should analyse these enforceableundertakings and brief their senior manage-ment. The briefing to management couldcover the financial impacts of these types of undertakings and summarise the otherenforcement powers that AUSTRAC has. The briefing can confirm to senior manage-ment the value of the investment that has been made to date in a robust AML/CTF program; alternatively as an incentive to close gaps and improve the quality of compliance. The briefing could also assuremanagement that the reporting entity is ready to handle any information request or on site visit that AUSTRAC might initiate.A vital point to be made to management is that a breach of AML/CTF compliance may well lead to enforcement action fromother regulators based on simultaneous breach of their Prudential Standards or licence conditions.

What might be the functions ofan enforceable undertaking?

Enforceable undertakings have multiple functions affecting the giver of the undertaking and its peers. It is reasonable tosuggest that the acceptance of an enforceableundertaking could be reflecting a loss of confidence by a regulator in the capability or preparedness of a regulated entity to meetsits legislative and regulatory obligations in theabsence of enforceable consequences. Loss ofconfidence is at the heart of the APRA Megaundertaking. An enforceable undertaking may also reflect the gravity of a compliancebreach in the eyes of the regulator. In thecase of the APRA Mega undertaking itappears to be at the lighter end of what APRA considers were its regulatory options.

Another important function of an enforceable undertaking is its salutary impacton other regulated entities in the same sector.The enforceable undertaking becomes abenchmark against which other regulated entities can measure themselves and take any remedial action deemed necessary aheadof a regulator turning their attention to them.The fact that these enforceable undertakingshave been made public makes it clear that reputation damage is part of the regulatoryrisk that Australian reporting entities need to cover in their ML/TF risk assessments. 1

The fact that APRA and AUSTRAC haveaccepted enforceable undertakings in the case of Mega out of what broadly appears to be the same operational issues will changethe place of AML/CTF in the priority queuefor all reporting entities.

How can you use an enforceableundertaking?

In objective terms, reporting entities can usethese enforceable undertakings to establishsome benchmarks about:• what type of breaches might lead to this

type of regulatory outcome;• what type of operational and governance

outcomes AUSTRAC expects to see inplace in respect of specific obligations;

• the seriousness with which APRA regardscompliance with AML/CTF; and

• where punitive measures might be imposed.It has been a hot topic of discussion,

since the introduction of the AML/CTF Actwhether AUSTRAC would align itself more in the American style of enforcement or the British style. The major differencesbetween those two jurisdictions has been thewillingness of the American regulators to:• impose large financial fines as well

as enforceable undertaking style agreements;

• use retrospective transaction reviews to correct failures to meet reportingrequirements; and

• use publicity as a way of educating otherregulated entities.The American regulators have worked

in tandem with each other, and with overseas counterparts, as in the ABN AmroFincen/OFAC enforcement action in2005/2006. Australian regulators havestepped into this same arena through theundertakings from Mega.

The FSA in the United Kingdom moved away from its initial financial penaltyapproach to a confidential remediationapproach for most cases of breach. There is now a long list of regulated firms in theUnited Kingdom working through supervisedAML/CTF remediation programs, the detailsof which are confidential. The disadvantage of this approach is that other regulated firmsare not learning anything from the predica-ment of their peers.

In these enforceable undertakings we see the absence of direct financial penalty, the use of retrospective transaction reviews (an indirect financial penalty), the forcedengagement of approved third parties and the use of publicity as an educational device. Interestingly, it has been APRA that has stopped account opening for Mega,not AUSTRAC.


�

It is reasonable to suggestthat the acceptance of an enforceable undertakingcould be reflecting a loss of confidence by a regulator in the capability or preparednessof a regulated entity to meets its legislative and regulatory obligationsin the absence of enforce-able consequences.

By Joy Geary, Editor of the AML Magazineand Managing Director of AML Master(www.amlmaster.com)

1 See section 3 of the AUSTRAC Guidance on risk management and AML/CTF Programs

FEATURE

The two AUSTRAC enforceable under-takings are not the same. Barclays Bank plchas offered the more onerous undertaking toAUSTRAC but the APRA Mega undertakingis severe in its terms because it has stoppedaccount opening, caused the removal of management and involves a complete reviewof staff involvement in certain transactionsand account operations.

The discussion below looks at some of the elements of the Barclays enforceable under-taking to AUSTRAC then closes with a summary of the differences between theBarclays enforceable undertaking and thatgiven by Mega International. Not all of the AUSTRAC enforceable undertakings contents are dealt with, as some are obviousfrom their face.

The elements of the Barclaysenforceable undertaking

Acknowledgement of breach The Barclays undertaking relates to acknowl-edged breaches under both the FinancialTransactions Reporting Act 1988 (the FTRAAct) and the Anti-Money Laundering andCounter Terrorism Financing Act 2006 (theAML/CTF Act). Any reporting entity inAustralia that may be entering the terrain of anenforceable undertaking should realise that itmay well have to publicly acknowledge theunderlying breaches. AUSTRAC has set up aprocess whereby the enforceable undertakingsare ‘offered’ by the reporting entity to AUS-TRAC and AUSTRAC then decides whether itis prepared to accept undertaking in the formoffered. Undertakings without acknowledge-ments of breaches may well fall below thethreshold of acceptability to AUSTRAC.

Acknowledging breaches in a public document carries with it reputational risk, aswell as potential for issues to arise in relationto borrowing covenants and other contractualobligations where warranties have been provided regarding regulatory compliance.For some reporting entities these issues maycarry with them historical as well as currentconsequences. For example, is a regulatorycompliance warranty that might have beenprovided in 2005 now misleading as a resultof a 2009 acknowledgement of a regulatorybreach covering compliance status in 2005?

The Barclays enforceable undertakingshows that AUSTRAC expects a reportingentity about to give an enforceable undertaking

to invest in the benefit of legal advice so thatthere can be no doubt about the seriousness ofthe undertaking given and the consequences ifthe enforceable undertaking is not compliedwith. Smaller reporting entities with no internal legal support will need to invest inoutside legal services. AUSTRAC may formthe view that internal legal advice might not be sufficient in certain circumstances, particularly if internal legal support has aresponsibility for compliance.

Nature of the breach The Barclays undertaking only provides a glimpse of the nature of the regulatorybreaches through the actions that Barclaysundertakes to complete. What is left silent isinformation about the level of interactionbetween AUSTRAC and Barclays in the seven years during which there has been anapparent failure to lodge significant cashtransactions and international funds transferinstructions. Reporting entities wishing toeducate themselves as to the circumstances

behind this undertaking do not know the orderof magnitude of the gap in reporting. Theycannot glean from the enforceable undertakingwhether there have been no international fundtransfer instructions and significant cash trans-actions reported or whether only some typesof transactions have missed the reportingprocess and if only some, the proportionalityof the gap and the background to detection. It may be that the full facts are not yet known as to the scope of non-reporting. By comparison, similar enforcement arrange-ments in the United States provide a lot more information about the facts giving rise to the concerns of the regulator.

The APRA Mega undertaking in contrastprovides enough facts about the backgroundto allow reporting entities to understand thehistory of interaction between Mega andAPRA beginning with a request for a internalaudit review in December 2008.

An important fact which is not revealed isthe extent to which Barclays plc may haveapproached AUSTRAC with voluntary disclo-sure regarding the acknowledged breaches.

Reporting entities cannot assess from thewording of the undertaking whether this wasthe last step in a long series of interventionsby AUSTRAC with Barclays. Thus they cannot conclude whether the road to anenforceable undertaking is a long one or ashort one. Reporting entities who believe thatAUSTRAC’s view of them is derived entirelyfrom their annual compliance reports and anydesktop or on site visits should revisit thisunderstanding. AUSTRAC possesses powerfuldata management tools which it applies to thetransaction reports it receives to compare thetransaction reporting performance between

peers looking for outliers that may be evidence of non-compliance. AUSTRAC also has arrangements with other regulators 2

and information provided to APRA may well be information then also provided toAUSTRAC as clearly is in operation in respectof Mega. Reporting entities need to considerthe possibility that one of their peers may havereported an issue to AUSTRAC about them.One thing is certain, reporting entities willcome to AUSTRAC’s attention not through a random selection from a database of 14,000 names but through the application of a risk-based supervisory approach and coordination between regulators.


�

�

The real test will bewhether AUSTRACcould sustain itsopinion regardingthe level of ML/TFrisk if a reportingentity stood itsground regarding itsrisk assessment.

2 See the AUSTRAC Supervisory Framework which outlines details of these arrangements.

The Barclays enforceable undertaking emphasises theneed for overseas AML/CTF policies and procedures to be suitable for the Australian requirements.

FEATURE

Concern about risk ratingsOne of the critically important elements of the Barclays enforceable undertaking is therecording of AUSTRAC’s concern aboutBarclays’ assessment that its provision of designated services represents low to mediumML/TF risk. AUSTRAC could have avoidedthis issue as it would appear there were other grounds to support the enforceableundertaking. The adequacy of an ML/TF riskassessment is subjective and potentially one of controversy.

The Barclays enforceable undertakingclearly says in paragraph 8 that AUSTRAC isnot satisfied that the provision of designatedservices by investments banks like Barclaysrepresents low to medium ML/TF risk. There will be those that argue that a risk-based system allows a reporting entity to form its own view regarding its ML/TF riskand that AUSTRAC is not on a sound footingwhen asserting such a broad conclusionregarding the ML/TF risks of investmentbanks like Barclays.

There will be those that see this kind of statement as consistent with AUSTRACfulfilling its functions as set out in section 212of the AML/CTF Act. 3 The AML/CTF Actdoes expect AUSTRAC to form views aboutthe adequacy of ML/TF risk as assessed by reporting entities and we need look no further than Division 7 of the AML/CTFAct for evidence of that.

The real test will be whether AUSTRACcould sustain its opinion regarding the level of ML/TF risk if a reporting entity stood itsground regarding its risk assessment. In somecircumstances the answer might not be clearcut. If AUSTRAC’s opinion was to prevail insuch circumstances then this would then callinto question the authenticity of Australia’srisk-based AML/CTF regime. After all, theconcept of the risk-based regime as currentlypostulated in the Act and Rules allows areporting entity to form its own view of the

ML/TF risks that it reasonably faces, takinginto account certain required factors and thecomplexity, size and nature of its business.Views on risk imposed by the regulator mightin some cases traverse on the integrity of herisk-based approach.

For Barclays, the quality of this ML/TFrisk assessment will come under the scrutinyof an independent expert via a reporting obligation required to be provided to AUSTRAC by 1 February 2010. A reportingentity facing this kind of scrutiny may welldecide to invest in using consultants to do the ML/TF risk assessment in order to be confident of passing the scrutiny of the inde-pendent expert. The costs of these types ofconsulting services will not be insignificant.

Reporting entities might also wish toreview their answers in the compliance reportsfor 2007 and 2008 and think about how theymay have revealed weaknesses in their riskassessments through answers dealing withrisk-based controls.

Foreign parents’ AML/CTF programsFor reporting entities that have adoptedAML/CTF programs of overseas parentorganisations or head offices overseas, theBarclays enforceable undertaking emphasisesthe need for overseas AML/CTF policies andprocedures to be suitable for the Australianrequirements. There are differences betweenthe Australian AML/CTF regime and regimesoverseas and AUSTRAC would probablyexpect to see a gap analysis between an over-seas program and the Australian requirementswhich would identify what customisation, if

any, is required. Often the customisation is notsubstantive but if the gap analysis was neverconducted then that absence may reflect a lack of local ownership and understanding ofcompliance with Australian requirements.

PublicityIt is not clear from the wording of theBarclays enforceable undertaking how farAUSTRAC may go in publicly discussing the AUSTRAC concerns. The Barclaysenforceable undertaking allows for theenforceable undertaking to be published onthe AUSTRAC website and for AUSTRAC to issue a media release about the enforceable

undertaking and its concerns. How far thisallows AUSTRAC to amplify what aredescribed as its concerns in the enforceableundertaking is not clear and may be an unintended ambiguity. Reporting entities facing enforceable undertakings in the futuremight wish to ensure that this uncertainty isnot present in their undertaking.

Full disclosureIt is clear from the Barclays enforceableundertaking that AUSTRAC may have further concerns regarding the AML/CTFregime at Barclays. Barclays has stated that it has disclosed the material facts that itsinvestigations have revealed to date regardingthe AUSTRAC concerns and that it is continuing to investigate them. Internally, for a reporting entity placed in this position, it is a last opportunity to gain some control of the regulatory problems and exhibit thedesired behaviours that help to rebuild a trusted relationship with the regulator. Weresubsequent problems to emerge in the futurewhich should have been detected as part ofthis current investigation process but were not then AUSTRAC may not be prepared toaccept another enforceable undertaking.

Retrospective reviewAUSTRAC has opted for a retrospectivereview of transactions by Barclays in order toachieve compliance with reporting require-ments relating to significant cash, internationalfunds transfers and suspicious matters. Anyonewho has been associated with a retrospectivereview, also called a ‘look back program’

knows that this is where the real monetary andoperational impact of the Barclays enforceableundertaking lies. The electronic records of all relevant transactions have to be located and loaded from back-up media back on toproduction systems. Rules need to be devisedto identify transactions which might bereportable. Vouchers and other paper docu-ments need to be found and matched to thispopulation of transactions before decisions can be made about whether they are reportableand whether or not a report was made.

Barclays is required by AUSTRAC to use an approved third party to assist it with this work and to report on its completion.


�

�3 In particular see section 212(1)(c); Section 212(1)(d); Section 212(1)(e)

Reporting entities faced with this type of requirement may need to consider the independence of any third parties used to complete the remediation work as theseparties might not qualify as persons independent of thereporting entity to report on completion of the work.

FEATURE

Additional resources will be required internallyto perform this work and additional budget will have to be allocated to pay for the servicesof the independent third party. Management willbe distracted by completion of all parts of theenforceable undertaking and particularly thisaspect, taking their attention from managingthe business. Reporting entities faced with thistype of requirement may need to consider the independence of any third parties used to complete the remediation work as these partiesmight not qualify as persons independent of the reporting entity to report on completion of the work. The budgetary implications of two sets of consultants (both playing roles of independent experts) might be daunting.

Look back programs tend to highlightdeficiencies in record-keeping. Electronicmedia might no longer be able to be restoredbecause of changes in production system.Backup copies may not be able to be found.Paper records cannot always be located or easily sorted against transactions to beinvestigated. Records may be found to beinsufficient requiring contact with a customeror counterparty. All these problems are timeconsuming and cast doubt on the adequacy ofthe mandatory obligations regarding record-keeping. And these problems are all mademore difficult when they are subject to thirdparty oversight and a timetable established inconjunction with the enforceable undertakingand with AUSTRAC.

Know your customer review and remediationBarclays needs to undertake a review of allnew customers and account signatories since12 December 2007 when the new customeridentification procedures came into operation.Another time consuming task which will test the quality of available AML/CTF practitioners in Australia to deliver the qualityof review required. Generally, Australianreporting entities thus far have an embryonicview to the content of customer identificationprocedures. Experienced AML/CTF practition-ers are a scarce resource in Australia and there is a considerable operational differencebetween Australian and overseas practitioners

from the UK and the USA as a result of theirmore mature regimes. A reporting entity facingthis type of regulatory requirement would bewell advised to consider utilising services fromoverseas, particularly if they are availablewithin their own organisation, to ensure thatthe review and resulting remediation workmeets or exceeds expectations. This type ofknow your customer review in the Barclaysenforceable undertaking, like the ML/TF risk assessment, will come under the directscrutiny of AUSTRAC via a report, as well asthe independent expert’s scrutiny so there isreally only one opportunity to perform well.

Ongoing scrutinyBarclays must provide reports from a partyindependent to Barclays and its employees in November 2010 and November 2011regarding its compliance with the AML/CTFAct. This heightened scrutiny increases the already significant cost of compliancebecause there will be no scope for errors within the AML/CTF Program.

The Mega enforceable undertaking

Mega’s enforceable undertaking to AUSTRACis less onerous than that given by Barclays butthe severity of the APRA Mega undertakingsurpasses Barclays. At the time that AUSTRACaccepted the enforceable undertaking fromMega there was no ongoing investigationwithin Mega of the concerns that AUSTRAChad expressed. In retrospect this was probablybecause of the broader action being taken by APRA, showing that both AUSTRAC

and APRA understand the lack of utility inhaving two separate regulators driving two separate enforcement programs overbroadly the same problem.

Although AUSTRAC has indicated that it is not satisfied with the Mega’s assessmentof its ML/TF risk, Mega is only required toupdate an existing ML/TF risk assessmentwhereas Barclays is being required to conductone, presumably from the beginning. This is of itself curious because AUSTRAC hasstated its dissatisfaction with the ML/TF riskassessment as medium or low yet the currentrisk assessment is simply required to beupdated for changes to products, channels,customers, employees and jurisdictions after 15 December 2008. Whether this is anacceptance of the adequacy of methodologyand an objection only to its currency mightturn in part on whether there were majorchanges to (or deterioration in) the Mega business since December 2008. The APRAconcerns about Mega began in December 2008when it requested an internal review.

The AML/CTF look back program thatMega must undertake is far less onerous thanthat required of Barclays because it is notrequired to use an approved third party to perform its retrospective review of transactions. However this work and other remediation work must be subject to independent scrutiny via an independentreport required about its completion. Mega does not even need to tell AUSTRAChow it intends to do its retrospective review.Mega must also submit reports from an independent expert at the same time points as Barclays regarding ongoing compliance. It is clear, since the release of the APRAMega undertaking that the work that Megawill do to comply with the AUSTRACenforceable undertaking is dwarfed by what itmust do to fulfil its undertaking to APRA. ■


�

Mega International Bank is only required to update an existing ML/TF risk assessment whereas Barclays is being required to conduct one, presumably from the beginning.

Experienced AML/CTF practitioners are a scarce resource in Australia and there is a considerable operational difference between Australian and overseaspractitioners from the UK and the USA as a result of their more mature regimes.

Part of every day.

We’ll check they arewho they say they are.

The risk of fraud and security

breaches grows by the day.

So the task of conducting identity

verification has become an essential

part of your job and often a logistical

challenge. But it also takes time.

Australia Post conducts identity

checks at over 3,300 postal outlets,

enabling over 30 reporting entities

to meet their obligations under

AML/CTF legislation. These are

complicated and detailed processes

that they all entrust to Australia Post.

From straightforward checks to

more complex AML identity checks,

we can configure the process to

suit your risk assessment needs.

All your customers need do is visit

a postal outlet with the required

documentation.

Australia Post processes over one

million passport applications every

year and has saved the WA Police

over 15,000 hours of police time by

accepting police check applications

at postal outlets in WA.

Now we would love the

opportunity to take the weight

of customer identity verification

off your shoulders.

Please call Soren Ohrtmann

on (02) 9202 6675 or email

[email protected]

to see how Australia Post can

leave you with one less thing on

your plate.

FEATURE

By Joy Geary

I F IT IS NOT the first commandment of good compliance, then it must be in the top three or four. For reporting

entities, AUSTRAC is thy regulator. And on 3 August 2009 it handed down a NorthSydney version of what some could looselycompare in importance to the sermon on the Mount in the form of the AUSTRACSupervisory Strategy 2009-2010. You candownload a version from: www.austrac.gov.au/supervision_strategy.html.

The Supervisory Strategy completes the change of scenery that AUSTRAC hasbeen publicly forecasting would occur. It commenced with the two enforceableundertakings taken from Barclays Bank and Mega International Bank on 1 July.

AUSTRAC’s Acting Chief ExecutiveOfficer, Thomas Story said, ‘AUSTRAC’ssupervisory approach to date has been appropriate to the implementation stage of theAML/CTF regime. However, given that allobligations under the AML/CTF Act havenow been introduced, we are adapting ourapproach as we move into the next AML/CTFphase – from “start-up” to “business asusual”. The key elements of AUSTRAC’scompliance program to date have been education, assistance and assessment.However, we will now increasingly focus onsecuring compliance by using the full range of powers provided to AUSTRAC under theAML/CTF Act, including enforcement actionwhere appropriate’, he said, noting the recentfirst enforcement actions under the AML/CTFAct as the beginning of enhanced enforcementactivity by AUSTRAC.

As with the enforceable undertakings,AML/CTF Compliance Officers should study the Supervisory Strategy and provide anupdate to senior management and the Boardof what that booklet means to their reportingentity and the sectors in which it operates.When considering the impact of theSupervisory Strategy, it is worth consideringwhether the information AUSTRAC has provided about levels of compliance meanthat risk ratings applied by one reporting entity to other reporting entities which are itscustomers (for example a bank providingbusiness banking services to non-bankingfinancial services businesses that are small in scale) are adequate. If certain businesses in certain sectors are regarded as falling below expectations in terms of AML/CTFcompliance then for some reporting entitiesthis may translate to a heightened ML/TF riskin providing them with financial services.

Range of supervision toolsIt is no surprise that AUSTRAC has described awide range of supervisory tools at its disposal.Some of these are set out in the AML/CTF Act.AUSTRAC has also made this clear via the


AUSTRAC’s new enforcement strategy

Know ThyRegulator

The Supervisory Strategy completes the change of scenery that AUSTRAC has been publicly forecasting would occur. It commenced with the two enforceableundertakings taken from Barclays Bank and MegaInternational Bank on 1 July.

�

FEATURE

Supervisory Framework released in May 2007and in its many public statements on the subject. What the Supervisory Strategy nowclarifies is how those different tools are likely tobe applied during 2009 and 2010 according tothe size of your reporting entity and the sectorin which you operate.

The supervisory tools range in intensityas illustrated in the diagram above, publishedby AUSTRAC in the Supervisory Strategy. At a lower level of intensity are activities suchas mail-outs, e-newsletters and AUSTRACarticles in industry magazines. These activitiescan achieve a high level of coverage across alarge number of reporting entities, but are nottailored to individual entities or their industrysector. They are designed to improve entities’general understanding of their obligations but are likely to be less effective at improvinglevels of compliance than more intensiveforms of supervision.

Of medium intensity are themed reviewsand monitoring of transaction and compliancereports. These activities are more resourceintensive for AUSTRAC but still secure coverage of a broad range of reporting entities. AUSTRAC sees these activities as moderately successful in improving compliance behaviours.

More intensive activities include relation-ship management of individual reporting entities and on-site assessments. These activities are tailored to individual reportingentities and consequently have a far moredirect impact on improving compliance. Where these activities do not result inimproved compliance, they are likely to resultin direct enforcement action. Relationship management at the individual reporting entity level and on site assessments areresource intensive and AUSTRAC’s message is that these will be used to greatest effectaccording to risk balanced with contribution to reporting volumes.

Surveillance behind the scenesThe AML/CTF Act requires reporting entities to monitor their customers and theirtransactions. AUSTRAC in turns monitorsthe reports submitted by reporting entities, orin some cases, the absence of reports beingsubmitted by a reporting entity, or a class ofreporting entities within a particular sector.Reporting entities submitting internationalfund transfer instructions reports, thresholdtransaction reports and suspicious matterreports should themselves look at thosereports for the patterns and trends they showover time. That is what AUSTRAC is doing –

looking not only at timing but also volumeand quality at the individual and peer levelswithin sectors. No reporting entity shouldplace themselves in the vulnerable positionthat AUSTRAC understands more about the picture presented by its reports than thereporting entity.

‘Financial transaction reports submitted to AUSTRAC play a major role in combatingmoney laundering, terrorism financing andother major crime’, Mr Story said, ‘and weare particularly concerned about transactionreporting failures which may result in the loss of significant intelligence to our partneragencies.’

Mr Story explained that, ‘AUSTRAC has a team of people dedicated to the ongoingmonitoring, assessment and rating of the datareported to AUSTRAC, with an emphasis on the identification of quality, timing andvolume issues that require remedial action; the identification of areas of greatest concernfor potential non-compliance; and the profiling of high-risk sectors. We will also be monitoring to detect instances where a reporting entity is under-reporting or hasnever submitted certain types of reports. This will identify outliers within industry sectors that require corrective action.’

Economy of supervisionThe Supervisory Strategy reveals a strategicapproach to spread its supervision teams effectively across an estimated 17,700Australian reporting entities. Few AML/CTFregulators in any climate could justify theexpense of a supervisory team capable of regular onsite supervision of 17,700 reportingentities. AUSTRAC’s Supervisory Strategyreflects its views on the risk of different sectors in terms of money laundering and terrorism financing risk, their risk of non-compliance as well as their contribution


�

�

That is what AUSTRACis doing – looking notonly at timing but alsovolume and quality atthe individual and peerlevels within sectors.

FEATURE

to intelligence for law enforcement throughreporting. The Supervisory Strategy is a strate-gic statement of how scarce resources will beused to secure the most supervisory benefit.

If reporting entities felt any relief at therecent reduction in headcount at AUSTRAC(a loss of 12 full-time staff, the bulk of whichcame from the supervision area), they shouldthink again. This Supervisory Strategy placesreporting entities on notice of how AUSTRACwill communicate to their sector about compliance issues that it is observing. Ifreporting entities do not connect themselvesinto the communication process which hasbeen selected for their sector, then they standto miss out on advance warnings. If reportingentities did not already see it this way theymight now see that AML/CTF Rules 8.7 and9.7 could be read very broadly to include arequirement to have mechanisms to receivefeedback provided to a sector, or to a class ofreporting entities within a sector and not justone-to-one feedback.

Banks and other lendersThere are two broad classes in this sector –the ADI and investment bank group whoaccount for the majority of transaction reportslodged with AUSTRAC and the non-ADIgroup which is more disparate in size, variesto a greater degree in its familiarity with regulation and in what it invests in by way ofcompliance resources. AUSTRAC has base-lines on reporting from this sector as mostwere also cash dealers under the FinancialTransaction Report Act (FTRA). Outliers interms of comparative reporting activity within

this sector are easier to detect than in sectorsnew to AML/CTF supervision.

AUSTRAC makes these important observations regarding this sector:

• It thinks that some of the ADIs andinvestment banks have not adequatelymet their obligations but are workingtowards addressing shortcomings, withthe obvious involvement of AUSTRAC;

• Some of the ADIs and investment banksat the smaller end of the scale have usedexternal service providers to undertakerisk assessments and develop their programs and do not understand the basis of the risk assessment;

• Independent reviews have not alwaysbeen conducted by independent parties;

• The smaller non-ADIs are struggling witha risk-based approach.

The supervisory strategy AUSTRAC hasannounced it will adopt for this sector is:

Reporting entity population 1,400 entities

Supervisory approach ADIs and investment banks On-site assessments, relationship manage-ment, desk reviews, intensive monitoring of transactions reports (IFTIs, thresholdreports, suspicious matter reports).Regular forums with the major banks andwith relevant industry associations

Supervisory approach Non-ADIs Heavy reliance on communication to the sector, or identified classes in the sector.

Industry associations may be one of thewinners out of this supervisory strategy asAUSTRAC clearly sees them as playing a central role in distribution of key messagesregarding issues with compliance. Reportingentities that do not belong to their industryassociations may find themselves shut out ofkey feedback being provided to the industryassociations or having no voice in industryresponses to issues raised. Service providers tothis sector might consider whether the toolsthey provide are adequately understood by theirclients, as ultimately, an adverse view formedby AUSTRAC regarding the usefulness of such tools may affect market reputation.

Mr. Story indicated that AUSTRAC’sapproach has always been to promote an environment of continuous voluntary compliance. He said that AUSTRAC has carried out an extensive education programover the last few years to help reporting entities understand and comply with theirobligations under the AML/CTF Act – AUSTRAC has delivered 800 industry awareness sessions across the country; pre-sented at about 150 conferences and forums;established a Help Desk service; developed a number of key publications, such as theAUSTRAC Regulatory Guide; and provided e-learning and training material to thousandsof businesses.

He emphasised that ‘now, the onus ofresponsibility does rest with reporting entities.It is reasonable for us to expect reporting entities to conduct money-laundering and terrorism-financing (ML/TF) risk assessments;implement systems and governance to managetheir ML/TF risks; know their customers;make themselves known to AUSTRAC; and report to AUSTRAC.’


�

�

Unaffiliated entities in the money services businesses have been placed on noticethat AUSTRAC will have little choice but to use firm supervision strategies to dealwith this unreachable and seemingly non-compliant population.

The AML/CTF Act has delivereda rapid expansion of the regulated population and thereare no benchmarks to measurethe quantitative and qualitativebenefits from its introduction.

FEATURE

Non-banking financial servicesThere are a number of classes in this sector –financial planning, funds management, stockbroking, custody, superannuation and lifeinsurance. Again AUSTRAC is emphasisingthat it has detected different compliance outcomes according to size.

AUSTRAC makes these important observations regarding this sector:

• Larger organisations are tending to demonstrate that they are well resourced,accustomed to regulation and skilled inrisk management or have access to services to assist them in risk management.

• The larger organisations are not seen asvolume transaction reporters but whetherthat is because of the nature of their business or because they did not haveobligations under the FTRA is unclear.

• This sector is represented by active industry associations.

The supervisory strategy AUSTRAC hasannounced it will adopt for this sector is:

Reporting entity population 3,800 entities

Supervisory approach larger sophisticated organisations Testing effectiveness of controls to ensurethat effective independent reviews are being conducted

Supervisory approach remainder of this sector Monitoring compliance of a sample of reporting entities within a class then communicating findings back to the industry associations and directly. The sample will be selected from risk areas and available intelligence such as compliance reports and patterns in transaction reporting.

Consulting firms equipped to manageindependent reviews of larger and sophisticated organisations in this sectormight be one of the beneficiaries of this supervisory strategy as light touch independent reviews which do not penetrateinto business processes might not surviveAUSTRAC’s scrutiny. Internal audit teamsmight not be adequately resourced or have sufficient knowledge to perform independent reviews that in effect are going to be stress tested by an AUSTRACsupervisory team.

Beware the whiplashAUSTRAC has set out its intended supervisorystrategy for gambling, bullion and the moneyservices business sectors. Gambling and bullionaccount for some 5,500 reporting entities which indicates that there are many smallreporting entities which AUSTRAC believesare struggling with the risk-based approach.AUSTRAC believes there are some seventhousand money services businesses operatingin Australia and it regards this sector as high to moderate risk in terms of money launderingand terrorism financing. Many of these seven thousand are part of the major remitternetworks and thus have indirect coveragethrough the network principals.

The strategy differs between the two sectors and within each sector. Unaffiliatedentities in the money services businesses have been placed on notice that AUSTRACwill have little choice but to use firm supervision strategies to deal with thisunreachable and seemingly non-compliantpopulation.

Reporting entities that provide financialservices to the smaller organisations in these sectors may need to consider the risk ratings they apply and the monitoringcontrols they use to manage the flow onML/TF risk.

A money services business which comesto the attention of AUSTRAC may drag theirbanks and other providers into regulatory

problems through their inadequate detectionand mitigation mechanisms.

Measuring valueOver time AUSTRAC will be able to providedata about the value that is delivered from theAML/CTF regime through a combination ofmicro-level and macro-level performanceindicators. The AML/CTF Act has delivered a rapid expansion of the regulated populationand there are no benchmarks to measure thequantitative and qualitative benefits from itsintroduction. No one yet knows how muchsuspicious activity is occurring in these new populations of reporting entities. These performance indicators might then be able tobe used by researchers to conduct cost-benefitanalyses to assess the value against the cost to the Australian consumer of financial, gambling, bullion and money transfer services meeting their compliance obligations.Whether it will take one year or five years todevelop reliable sector baselines for transac-tion reporting is probably unclear at this stage.These types of performance indicators will notbe available in time for tranche II sectors touse to negotiate their way out of reach of theAML/CTF legislation. It is however positiveto see AUSTRAC take the front foot on setting up a bench-marking framework at thisearly stage in the life of the AML/CTF Act.

Mr Story concluded by saying that ‘countering money laundering and the financing of terrorism is an issue of inter-national importance. Australia has made significant investment over the past five yearsto strengthen Australia’s defences againstthese crimes. We have a responsibility toreporting entities to assess the degree to which the AML/CTF Act is achieving theintended policy outcomes, and ultimately, a responsibility to the Australian people toensure our country is hostile towards thoseattempting to launder money or finance terrorism. We intend to expand our researchactivities to provide a preliminary view ofhow effective the new regime has been.’ ■


�

Subscribe to anti-money laundering magazine, the definitive source of information for the financial services sector on anti-money laundering and counter-terrorist financing.

Call Jason Sheil on 02 9776 7914 or [email protected] for further details.

Don’t get taken to the cleaners

SPECIAL OFFER! Package pricing available for the 2009 Conference and a yearly subscription to anti-money laundering magazine

FEATURE

A T THE VERY LEAST, it illustrates a significant twist to vanilla money-laundering risks. More than ever before

the Madoff saga shows that financial institutions need to think carefully not just about the broadimplications of where they invest client funds, but also about the money-laundering and terrorismfinancing risks attached to incoming funds.

The Madoff saga is a story about huge flows of criminally derived funds handled by myriad reputable and disreputable intermediaries. But howcould the Madoff fraud have endured for as long as it did, and what are the implications for the Anti-Money Laundering/Counter-TerrorismFinancing Compliance Officer and others managingthe financial crime risks in financial institutions?

For investment managers and financiers, one ofthe telling lessons from Madoff must be how easilymoney – which is in fact the proceeds of crime – canbe received. And receiving funds exposes a recipientfirm to criminal and civil penalties for knowingly orrecklessly handling the proceeds of crime, as well aspotential liability to the criminal’s victims throughconstructive trust arguments. Recipients may alsobreach money-laundering laws through proof ofknowledge of the misdeeds in question. So how doesan organisation effectively protect against these risks?

These questions and others will be answered indepth at the November AML Magazine Conference,and this article sets the scene for the conference session by exploring the history of Madoff as a person and his business affairs.


Madoff made off with a lot of other people’s money.

What does that meanfor reporting entities?

THE CONFERENCE SESSION ON LESSONS FROM THE MADOFF SAGA at 8.35am on Tuesday 17 November will be led byJohn Moscow. John is well known and highly respected in the field of white-collar criminal law, having conducted investigationsand prosecutions involving money laundering and fraud at Bank of Credit and Commerce International, the corrupt AR Baron &Co Inc stock brokerage, and theft by top Tyco Inc executives. John spent 30 years with the New York County District Attorney’sOffice. He served as the Chief of the Frauds Bureau (1986-88) and Deputy Chief of the Investigations Division (1988-2004) andinvestigated and prosecuted cases involving international bank and tax fraud, securities fraud, theft, fraud on governmental entities and fraud in money transfer systems – money laundering. He works frequently with bank and securities regulators at thestate and federal level and abroad. John’s current practice involves advising and representing financial institutions in avoiding anddealing with regulatory and civil and criminal litigation matters and representing white-collar criminal defendants in investigationsand at trial. Another partner in his law firm is the trustee for the Madoff funds, unwinding the Madoff failed empire.

Part II of this article will appear in the October issue of the magazine, which will be released before the Magazine’s Third AnnualConference on 16-17 November.

�

By Chris Hugh-JonesCHRIS HUGH-JONES & ASSOCIATES

Is the Madoff saga just another financial scam, or will its consequences spread more deeplyacross financial markets and regulatory agencies?

FEATURE

Bernard Madoff was born on 29 April1938 in the suburb of Queens, New York, toRalph and Sylvia Madoff. His father was aplumber turned stockbroker who was activeafter World War II and during the boom of the late 1950s and 1960s – the ‘Go Go’ years– when loose credit and the birth of the commercial electronics industry helped createyet another stockmarket bubble.

Contemporary accounts of Madoff recallhim as an ordinary but friendly youth at FarRockaway High School and then at HofstraCollege, where he graduated in political science in 1960. Little in his academic profilemarked him out for success but his wife, Ruth Alpern, saw something in him, for theymarried one year before he graduated fromcollege, having met at high school.

Madoff was eager to enter business and,shortly after he graduated, established himselfas a broker-dealer in a shared office at hisfather-in-law’s accounting practice of Alpern& Heller. In the 1960s, American stockmarketswere better regulated than in the prewar period, but they were loose compared withtoday. When Madoff’s firm opened for business, entrenched differences still existed inthe way that big and small capitalisation stockswere traded. Big-cap stocks were mostly traded on the New York Stock Exchange, and small-cap stocks were priced publicly –and sometimes only once a day – and oftentraded on a regional exchange or else ‘over-the-counter’ (off-exchange) between investorsand licensed broker-dealers. These dealersoften traded as principals, taking on the risk of the stock for a short period of time in orderto lock in a wide dealing spread.

Madoff and Carl ShapiroEarly in his career, Madoff met Carl Shapiro,a successful businessman who in 1939 hadfounded Kay Windsor Inc, a large nationalclothing manufacturer and importer. Shapirotook a liking to the affable Madoff and in1961 gave Madoff US$100,000 to invest and,according to Shapiro, ‘did very well with it’.Shapiro, who was later to become a billionaireand a philanthropist, gave Madoff moremoney to invest and along with introductionsfrom Saul Alpern, his father-in-law, Madoffwas soon on the way to a successful career ininvestment management.

Except that, even from the outset, Madoff’sway of operating bore striking similarities with the gigantic fraud now revealed. Madoffnever registered as an investment adviser, butstories recently told by school friend investors


�

By 2005 the Fairfield Sentry fund, still exclusively managed by Madoff, would have US$5.1 billion in funds under management. It was the stability of its earnings which attracted investors: the fundnever had a losing year and often earned more than 10 per cent per annum.

�

FEATURE

recount Madoff offering attractive and steady,seemingly impregnable, rates of return – up to 18 or 19 per cent per annum. Even with inflation high, the rates were temptingand friends and extended family membersinvested heavily.

One of these early accounts comes fromMichael Bienes, an employee accountant ofhis father-in-law at Alpern & Heller, who said in an interview with the US PublicBroadcasting Service earlier this year that inthe early 1960s Madoff would offer investorshighly attractive rates of return, which wereso steady they seemed guaranteed. Investorswere easy enough to find and, as Madoff’sreputation grew in the business community,money flowed in. But one thing did notchange: Madoff never registered as an investment manager. Ostensibly he remained a broker-dealer, making markets in small capitalisation stocks and doing well at it.

Feeder fundsIn 1977, Michael Bienes and Frank Avellino,another employee of Alpern & Heller, left tostart up their own firm in New York. Theirpractice seems largely to have consisted offinding investors for Madoff but, until about1984, they also performed accounting work.

By 1984 Madoff’s fantastic returns meantthey could give up accounting for good and,for all intents and purposes, they appliedthemselves full time to raising money for him.

In 1987, and with Madoff seeminglyuntouched by the 1987 stockmarket crash,they opened up an office in Florida to raisemore money. They were not alone. Severalother similar feeder fund-raising operationsexisted, attracted by the commissions Madoff paid them.

Consistent with his standard practice, in the 1980s Madoff did not charge an investment management fee on funds placed

with him but allowed feeder vehicles –Avellino & Bienes included – to chargebetween 1 and 4 per cent or more each year,depending on his ‘profits’. Madoff onlycharged his trading commissions, explainingthat, given the volume of trading, those commissions were sufficient. All Avellino &Bienes et al had to do were to issue investorswith unregistered certificates of deposit (CDs)at attractive rates of return (usually between

13 and 18 per cent) and take their commis-sions directly from Madoff. And whileAvellino and Bienes ran the risk that Madoff’sprofits would not cover the promised rates ofreturn on the CDs they issued, that neverseemed to happen. It was easy money, andAvellino and Bienes and others feeding fundsto Madoff become multi-millionaires in theprocess. By the early 1990s, Avellino &Bienes alone had over US$400 million committed to Madoff.

Building profileMadoff was busy on other fronts too, becomingincreasingly involved in securities regulationand the creation of an electronic system for thedissemination of price quotes on the illiquidstocks he originally traded. In 1983 he sat onthe National Association of Securities DealersAdvisory Council (now replaced by FINRA,the Financial Industry Regulatory Authority),and was a board member between 1984 and1987. In 1989, helped by a reputation earnedpioneering electronic quotation systems, he saton the board of the recently formed NASDAQstock exchange and was its chairman in 1990and 1991. As recently as 2001, he sat on theNASDAQ Nominating Committee, whichnominated candidates for vacant positions on the NASDAQ Listing and Hearing ReviewCouncil, a senior position with the NASDAQstock exchange hierarchy.

Madoff’s positions gave him status andcredibility within the industry but, in person,he was a control freak, who insisted on amonotone colour scheme in his office and thata single colour of pen ink be used by staff –who sometimes vacuumed the office carpetfirst thing in the morning – and who had the curved walls of his office squared-off byplaster board because he detested ovals. In private, he had a reputation for having a short and volatile temper.


�

�

Madoff’s positions gave him status andcredibility within theindustry but, in person,he was a control freak

MADOFF WAS ... BECOMING INCREASINGLY INVOLVED IN SECURITIES REGULATION AND THE CREATION OF AN ELECTRONIC SYSTEM FOR THE DISSEMINATION OF PRICE QUOTES ON THE ILLIQUID STOCKS HE ORIGINALLY TRADED.

FEATURE

Fairfield Greenwich meets MadoffIn 1989, Madoff met Walter Noel and JeffreyTucker not long after they established aninvestment management firm called FairfieldGreenwich. In July of that year, FairfieldGreenwich gave Madoff US$1.5 million tomanage, and in January 1990 placed anotherUS$1 million with him. Impressed by hissteady returns, Noel and Tucker formed alegitimate registered fund, Fairfield SentryLtd, and raised US$4 million, all of whichMadoff managed on an undisclosed basis.

By 2005 the Fairfield Sentry fund, stillexclusively managed by Madoff, would haveUS$5.1 billion in funds under management. It was the stability of its earnings whichattracted investors: the fund never had a losing year and often earned more than 10 per cent per annum.

In 1992, a Seattle-based investmentadviser stumbled across one of the depositschemes promoted by Avellino & Bienes and,suspicious that it was a Ponzi scheme, calledthe SEC. The SEC was also suspicious butwith relief discovered that, while not held bya registered firm, investors’ funds were simplyplaced with Madoff. Alarmed neverthelessthat Avellino & Bienes had managed to raiseover US$400 million without registering asinvestment advisers, the SEC shut down theirfirm as well as a second firm which was alsoimplicated, and demanded investors’ funds be repaid. Except for about US$18 million (an amount which Michael Bienes allegesMadoff kept) Madoff repaid investors’ fundsand the SEC closed their investigation.Crucially, the SEC did not appear to investi-gate whether Madoff’s firm was registered as an investment adviser.

Close shave with regulatorsWhile the SEC did not publicly out Madoff asthe manager behind the Avellino & Bienescertificates of deposit, The Wall Street Journaldid so in a December 1992 article. In it,Madoff was interviewed and explained that he had not known the Avellino & Bienesmoney was raised illegally. Madoff also

claimed that his performance to that datemerely tracked the ten-year return of the S&P 500 and was not remarkable.

With striking parallels, he described his strategy as one of convertible arbitragecoupled with a stock index futures hedgingstrategy. And he had avoided losses in the1987 crash, he said, by holding stock indexput options, giving him downside protection.

Years later in his interview with the PBS,Michael Bienes was to contradict some ofMadoff’s account. It was Madoff, Bienes said, who had always insisted they not registerwith the SEC. ‘It was all about Bernie. We did just what he wanted us to do.’

But this brush with the regulators did little to deter Madoff, and unsubstantiatedallegations suggest much of the moneyreturned to Avellino & Bienes’ investorsquickly found its way back to Madoff viaother feeder mechanisms. In any event, bynow Madoff’s relationship with FairfieldGreenwich and with other intermediariesincluding Ezra Merkin, a prominent New Yorkmoney manager, saw the funds committed to Madoff keep rising.

While the precise amounts are not yet clear,it seems beyond doubt that during the 1990sbillions of dollars from around the world foundtheir way to Madoff through a growing networkof third-party intermediaries, many of whomwere professional and highly reputable invest-ment managers, and many based in Europe. By some counts, for example, something likeone-third of private wealth managers based inZurich, Switzerland, are alleged to have somesort of exposure to Madoff, but obviously thesefigures are difficult to substantiate.

Within his fundraising network, moneywas always raised on the same basis. WhileMadoff allowed a third-party feeder fund man-ager to charge an investment management feefrom Madoff’s ‘profits’, Madoff would retainjust the commissions on trades allegedly donewith the committed funds. In consideration,Madoff was never identified as the ultimateinvestment manager in feeder fund offeringdocumentation. Madoff also used a smallaccounting firm run by his brother-in-law toconduct his firm’s audits, steadfastly refusingrequests from investors to provide due diligence access to his books and records.

Friends and family meanwhile investeddirectly through Madoff, but a request forredemption meant that you were unlikely tobe allowed back in. So most stayed invested –taking comfort in posted, but never sent electronically, account statements. ■

In the last issue of the magazine before theNovember conference we will publish the sec-ond part of this article looking at the periodleading up to Madoff’s arrest.


�

Madoff’s relationship with Fairfield Greenwich and withother intermediaries including Ezra Merkin, a prominentNew York money manager, saw the funds committed toMadoff keep rising.

By some counts, for example, something like one-third of private wealth managers based in Zurich, Switzerland,are alleged to have some sort of exposure to Madoff, but obviously these figures are difficult to substantiate.

FEATURE

T HE INTERACTION between theobligations contained within the Anti-Money Laundering and Counter-

Terrorism Financing Act 2006 (AML/CTFAct) and the obligations under the Privacy Act1988 (Privacy Act) has been a topic of debatesince the first draft of the AML/CTF Act waspublished.1 The debate in relation to this issueis ongoing, as evidenced by the 2008 report of the Australian Law Reform Commissionwhich includes consideration of various privacy issues raised by the AML/CTF Act 2.

One example of the tension between theprivacy obligations of reporting entities andtheir obligations under the AML/CTF Actarises from the requirement for reporting

entities to consider their customer typesincluding whether that may include any politically exposed persons (PEPs). One particular concern is that the PEP lists which a reporting entity may access in order to fulfil this requirement are likely to includeinformation which is classified as ‘sensitiveinformation’ under the Privacy Act.

In this article we set out a reporting entity’s obligations under the AML/CTF Actin relation to PEPs and their obligations under the National Privacy Principles (NPPs)within the Privacy Act in relation to sensitiveinformation. We then address what factorsshould be taken into account by a reporting


�

PEPs and PrivacyThe interaction between PEP listsand the National Privacy Principles

By Georgie FarrantPARTNER, BAKER & MCKENZIE

* Footnotes: see end of story

FEATURE

entity when developing its approach to PEPidentification to minimise the risk of a breachof the NPPs.

PEP obligationsThe AML/CTF Act requires reporting entitiesto identify their level of money launderingand terrorism financing risk (ML/TF risk) and to undertake customer identification andcustomer due diligence. The Anti-MoneyLaundering and Counter-Terrorism FinancingRules Instrument 2007 (AML/CTF Rules)state that when identifying ML/TF risk one of the factors that a reporting entity must consider is ‘its customer types, including anypolitically exposed person’.3 This obligationarises under the rules relating to identificationof general ML/TF risks4 and to customer identification procedures5 required under areporting entity’s AML/CTF program.

There is no definition of a PEP in theAML/CTF Rules or the AML/CTF Act.Paragraph 6.6 of the AUSTRAC GuidanceNote Risk Management and AML/CTFPrograms (Risk Management Guidance Note)6

quotes the definition given by the FinancialAction Task Force (FATF)7 namely:

‘Individuals who are or have beenentrusted with prominent public functionsin a foreign country, for example heads ofstate or of government, senior politicians,senior government, judicial or militaryofficials, senior executives of state ownedcorporations, important political partyofficials. Business relationships with family members or close associates ofPEPs involve reputational risks similar to those with PEPs themselves. The definition is not intended to cover middle ranking or more junior individualsin the foregoing categories’.

The requirement to specifically considerPEPs when undertaking ML/TF risk assess-ment arises from a recognition that ML/TFrisk increases where customers are PEPs. This is because PEPs are potential targets for bribes and illegal kickbacks, as well as

the connection between PEPs and financiallycorrupt regimes in some countries. Of course,the fact that a person is a PEP does not automatically mean they are a money launderer or even a high ML/TF risk, it is just one factor that reporting entities arerequired to take into consideration when evaluating the risk of a customer. However,those reporting entities which have potentialto have PEPs as customers ignore these risksat their peril. One example of the risks is theenforcement action against Riggs Bank NA in the United States which arose in part from its banking relationships with AugustoPinochet and Equatorial Guinea and resultedin a civil penalty of US$25 million for deficiencies in its AML program.

Sources of PEP Information There is no official Australian GovernmentPEP list against which reporting entities whichhave potential to have PEPs as customers cancheck their current and prospective customers.8

The AUSTRAC Regulatory Guide9 states that‘A reporting entity may ask customers to ‘self-identify’ themselves as a PEP and/or use theservices of commercial PEP list providers’.

Whether self-identification is practical for a reporting entity, and acceptable to its customer basis, will vary between reportingentities but most reporting entities with largenumbers of customers are likely to rely on one of the commercial PEP list providers as either their main or supplementary PEPdetection control.

Given that AML/CTF regulation is aglobal issue most PEP list providers operateon a global basis, creating a single multi-national PEP list for use around the world.These operators usually offer informationfrom multiple sources so that reporting entities can use their services to comply withmultiple compliance requirements includingelectronic identification verification and therequirement to check customers against various sanction lists, and they will offervarying degrees of customisation in relation to the lists that can be provided.10

As a result of the global nature of PEPlists, it is unlikely that most providers willhave had regard to the specific requirementsof the Australian privacy regime when compiling PEP lists, or when devising optionsfor customers to access the information contained on the PEP lists.

The National Privacy Principles All reporting entities in Australia which col-lect information for the purposes of reportingunder the AML/CTF Act are bound by theNational Privacy Principles. This is as a resultof section 6E(1A) of the Privacy Act 1988which was inserted11 as a response to concerns


�

�

One particular concern is that the PEP lists which a reporting entity may access in order to fulfil this requirement are likely to include information which isclassified as ‘sensitive information’ under the Privacy Act.

As a result of the global nature of PEP lists,it is unlikely that most providers will havehad regard to the specific requirements of the Australian privacy regime when compiling PEP lists, or when devisingoptions for customers to access the information contained on the PEP lists.

FEATURE

raised by the Privacy Impact Assessment following the first exposure draft of the proposed AML/CTF legislation.12 Thisexpands the requirements of the Privacy Act to reporting entities which are small businesses that otherwise would be excludedfrom the operation of the Privacy Act. TheAML/CTF Act also makes clear that, withregard to record keeping obligations, thePrivacy Act applies to the collection and storage of information gathered for the pur-poses of complying with the AML/CTF Act13.

The Privacy Act provides that an act orpractice of an organisation is an interferencewith the privacy of an individual if it breachesa NPP14. NPP 1015 prevents the collection of‘sensitive information’ about a person unlessone of the stated exceptions apply (includingif the person consents16 or the collection isrequired by law17.)

Sensitive information is defined as personal information (which can include facts and opinions, whether true or not) about an individual’s: • racial or ethnic origin; • political opinions; • membership of a political association; • religious beliefs or affiliations; • philosophical beliefs; • membership of a professional or trade

association; • membership of a trade union; • sexual preferences or practices;

• criminal record; or • health, including information about

any ailments or disabilities that they may suffer.18

The information contained within PEPlists will inevitably contain some sensitiveinformation (such as membership of politicalassociations and criminal records) and theymay also expressly or impliedly contain information which falls within the other categories of sensitive information. The specific nature of examples of sensitive information, such as health information, maybe relevant to assessing ML/TF risk because it may be relevant to the risk of exposure toblackmail in turn linked to abuse of powerand corruption. Whether a piece of sensitiveinformation is relevant to assessment ofML/TF risk will depend on facts in each case.

PEP lists may also contain sensitive information about persons other than PEPs.For example, although the FATF definition

of PEPs does not define someone who is a family member or close associate of a govern-ment official as actually being a PEP, it doesexpressly indicate that these family membersand close associates carry risks similar toPEPs. Therefore PEP lists often include suchfamily members or close associates. If, forexample, it had been reported in the press that a certain individual was the sexual partnerof a politician that person might be listed in aPEP list, together with an explanation as towhy they have been so listed, and this wouldtherefore be a record of information or opinion

about the sexual preferences or practices ofboth the politician and the other individual.

In addition, NPP 1 relates generally to the collection of personal information andprovides that, if it is reasonable and practicalto do so, an organisation must collect personal information (which would includeany sensitive information) about an individualonly from that individual.

Irrespective of whether it collects information from the individual or fromanother source, it must take reasonable stepsto ensure that the individual is made aware of certain information specified in NPP 1.This information includes the name of reporting entity, the purpose for which theinformation is collected and the fact that the individual is able to gain access to theinformation. If information is collected directly from the individual, this obligationcan be satisfied by including the relevantinformation in the application documents.

However, if personal information is collected from a third party such as a PEP listprovider, the reporting entity must take reasonable steps to ensure make sure that the individual is or has been made aware ofthe information described in NPP before or at the time of the information collection.

Compliance with the NPPs is enforcedthrough a complaint based system.19 If, afterinvestigation a complaint, and if it cannot be resolved by agreement between the partiesthe Privacy Commissioner can make a determination that a breach of the NPPs has occurred and he/she has the power todeclare that payment of a specified amount of compensation should be made and/or a prohibition on the practice giving rise to the complaint. Determinations of theCommissioner are enforceable by a courtagainst in the Federal Court.20

What constitutes ‘collection’The prohibition in NPP 10 is on the ‘collection’ of sensitive information. There is no definition of collection in the Privacy Actbut the Federal Privacy Commissioner has, in its Guidelines to the National PrivacyPrinciples, suggested a broad definition ofcollection consistent with the nature of thePrivacy Act, namely:

‘An organisation collects personal information if it gathers, acquires orobtains personal information from anysource and by any means. Collectionincludes when an organisation keeps personal information it has come acrossby accident or has not asked for.’21


�

�

Whether a piece of sensitive information is relevant to assessment of ML/TF risk willdepend on facts in each case.

FEATURE

It follows from this definition that if, forexample, a reporting entity downloaded theentirety of a PEP list onto its system, and keptit on its system without deleting irrelevantentries, it would be considered to have ‘collected’ all of that information regardless of whether anyone at the reporting entity actually reviews the information. Therefore,the reporting entity is likely to be deemed tohave collected all the information on the PEPlist including any personal or sensitive infor-mation about customers and non-customers contained on the PEP list.

If a reporting entity downloaded theinformation on a single PEP as part of its customer due diligence process and stored thatinformation on a customer file or in a casemanagement system, then it is also likely tobe deemed to have collected that informationon that single PEP including any personal orsensitive information it contains.

Reporting entities using PEP Lists mayneed to review individual PEP references in order to dismiss the reference as a false positive i.e. being a reference to a person other than their customer or a person connected with their customer. For example, if information is sought from a PEP list abouta new customer, John Brown, this might returnmultiple hits from a PEP list. Once it has beenidentified which, if any, of the entries relate to

the new customer, the reporting entity needs todecide what it should do with the informationabout the other John Browns. If they do notdelete this information they will be deemed to have collected it.

Of course reporting entities have recordkeeping obligations under the AML/CTF Actand they may wish to keep some record of the fact they searched for John Brown on the PEP list but depending on the documentationcreated it may be possible to do this but todelete any sensitive information about theother John Browns so that the entity is notdeemed to have collected that information.Depending on the file format that the information is provided in this may be simple or difficult.

Collection permitted if ‘required by law’There are a number of exceptions in NPP 10to the prohibition on collecting sensitive information, the most relevant of which are:• if the collection is required by law; and • if consent is obtained from the relevant

individual. Is it required by law for a reporting

entity to collect sensitive information from aPEP list? A reporting entity has a clear legal obligation to undertake an assessment of itsML/TF risk, and to consider whether its customer types may include PEPs as part of

that assessment. However, there is no legal obligation to use PEP Lists or to collect all of the information that might be contained on a PEP list, particularly information on aPEP list about non-customers.

Because the AML/CTF Act is risk-based,and is not prescriptive about the informationthat must be collected when assessing ML/TFrisk, there is a grey area in relation to theexact amount of information that would beconsidered to be ‘required by law’ for areporting entity to collect in order to fulfil its ML/TF risk assessment and customer duediligence obligations. Prudent accessing ofinformation from a PEP list at an individualcase level is more likely to be covered by the exception than downloading an entire PEP list and storing it within a reporting entity’s computer systems.

Another issue could be the collection ofinformation from a PEP list in relation todomestic rather than foreign PEPs. The FATFdefinition of a PEP only includes foreign government officials and AUSTRAC has stated that generally it is not necessary to identify local PEPs although it has left the possibility open for some reporting entitiesdepending on the nature of their business.22

However, PEP lists created for a global marketwill naturally include local as well as foreignPEPs therefore running searches against such PEP lists, information is likely to beencountered which relates to persons who aredomestic PEPs or associated with them.

Collection permitted if consent obtainedThe second key exception to the prohibitionon collecting sensitive information is whereconsent is obtained from the individual about whom information is being collected.23

In order to be effective, the consent for


�

�

Because the AML/CTF Act is risk-based, and is not prescriptive about the informationthat must be collected when assessing ML/TF risk, there is a grey area in relation to the exact amount of information that would be considered to be ‘required by law’ for a reporting entity to collect in order to fulfil its ML/TF risk assessment and customer due diligence obligations.

If there is a concern that the level of information that a reporting entity might wish to access about a customerfrom sources such as PEP lists might not be required by law, consent could be obtained from the customer toaccess any information, including sensitive information,contained about them on such databases.

FEATURE

the purposes of the Privacy Act must be voluntary and include knowledge of the matter consented to.24

If there is a concern that the level ofinformation that a reporting entity might wish to access about a customer from sourcessuch as PEP lists might not be required bylaw, consent could be obtained from the customer to access any information, includingsensitive information, contained about themon such databases. This could potentially be achieved by ensuring that application documentation, or privacy notices includedwith the application documentation, refer to the fact that the reporting entity may collect information about the individual fromspecified third party sources (such as PEPlists) in connection with the application. Inaddition, the privacy notice should be draftedgenerally to apply to any personal information(including sensitive information) that thereporting entity collects.

This, of course, does not assist a reportingentity where it is looking at alerts in order todismiss false positives since the informationbeing reviewed, if it is a false positive, wasnot about their customer and thus not coveredby the consent.

No exception for publically available informationThe Australian Privacy Act, unlike the legisla-tion in some other jurisdictions, does not con-tain any exception for the collection of sensi-tive information that is publically availableinformation and therefore such informationcannot be collected unless required by law orconsent is obtained. This is in contrast to theUnited States where the relevant federalrequirement is for financial institutions to protect ‘non-public’ personal information.25

Other countries, such as New Zealand,

exempt from the requirement to comply withdata protection principles any informationwhich the entity ‘reasonably believes is publically available’.26

Under Australian law, simply because apiece of sensitive information has appeared in a public document, or has been reported in the press, that does not mean that a reporting entity can feel free to collect thatinformation if it does not come within one ofthe exceptions to NPP10. Many PEP listproviders market themselves on the fact thatthey only contain publically available infor-mation but Australian reporting entities shouldbe aware that this will not provide protectionunder the Australian privacy regime.

Use and disclosure of the informationEven if the collection of sensitive informationfrom a PEP list could be justified on the basis that it is required by law or the relevantconsent has been received, the reporting entity must still handle that information inaccordance with the Privacy Act.

Under NPP 2 the entity may not use ordisclose that information for any purpose other than the primary purpose of collection,(which in this case would be the assessment of ML/TF risk and/or customer due diligence).This obligation applies to personal informationgenerally, not just sensitive information. There are a number of exceptions to this obligation, including if the disclosure isrequired or authorised by law. This is likely to cover the inclusion of such information in a suspicious matter report to AUSTRAC if the information is relevant to that reportingobligation.

In order to comply with NPP 2 a reporting entity should ensure that it has pro-cedures in place to store personal information (including sensitive information) securely toguard against improper use and disclosure.

Will s.235 of the AML/CTF Actprovide protection?Section 235 of the AML/CTF Act provides a‘safe harbour’ for acts done in compliancewith the AML/CTF Act. The section states:

(1) An action, suit or proceeding (whethercriminal or civil) does not lie against:(a) a person (the first person); or(b) an officer, employee or agent of the first person acting in the course of his orher office, employment or agency;in relation to anything done, or omitted tobe done, in good faith by the first person,officer, employee or agent:(c) in carrying out an applicable customeridentification procedure under this Act; or(d) in fulfilment, or purported fulfilment,of a requirement under this Act not tocommence to provide a designated service, or not to continue to provide adesignated service; or(e) in compliance, or in purported compli-ance, with any other requirement under:

(i) this Act; or(ii) the regulations; or(iii) the AML/CTF Rules.

This section could potentially be reliedupon to defend any action brought by thePrivacy Commissioner for a breach of one or more of the NPPs. The section is likely toprovide a wider defence than the required by law exception within NPP 10 because itincludes acts done in ‘purported compliance’with the AML/CTF Act or AML/CTF Rulesbut the same uncertainties arise because there are no black and white answers in relation to the steps that a reporting entitymust undertake in order to identify its customer types, including any PEPS. Thedefence is still unlikely to apply where sensitive information is collected from a PEP list which is clearly unnecessary for areporting entity to assess its ML/CTF risk or to undertake customer due diligence.

Key considerations when undertaking PEP identificationThe first question for a reporting entity when considering what steps it needs toundertake to fulfil its obligations under theAML/CTF Act is whether it needs to obtainany information from a PEP list. The obligation on a reporting entity is to considerthe ML/TF risks presented by its customertypes, including any PEPs. Depending on thesize of the reporting entity, and the designatedservices that it provides, it is possible that the reporting entity may be able to satisfy this


�

�

The defence is stillunlikely to apply wheresensitive information is collected from a PEP list which is clearlyunnecessary for a reporting entity to assessits ML/CTF risk or toundertake customer due diligence.

FEATURE

requirement without the need to consult a PEPlist, either by requiring self-identification bycustomers or by satisfying itself through othermeans that its customer base does not containPEPs (or at least that the risk is insignificantthat it may have PEPs).

If a reporting entity does decide that itwishes to use a PEP list to identify and mitigate its ML/TF risks then it should consider the following to minimise the risk of a breach of the NPPs:• the process utilised to access the informa-

tion on the PEP list. At one extremewould be downloading an entire PEP list,and all available information about thosePEPs, onto the reporting entity’s server.This would represent the highest riskfrom a privacy perspective. To reduce thisrisk (and also to avoid collecting hugequantities of irrelevant information)reporting entities should consider adopting processes which mean that they only initially receive limited infor-mation from PEP lists which match theircustomer names, and only if there is amatch that needs further investigation is additional information requested from the PEP list provider;

• the types of information which it choosesto access from a PEP list. Most PEP listsproviders allow some degree of customisa-tion in relation to the information that canbe requested and a reporting entity shouldcarefully consider whether it needs a certain piece of information in order to fulfil its AML/CTF obligations;

• ensuring that any non-relevant personalinformation is deleted from the reportingentity’s records. This would potentiallyinclude deleting records relating to false positive PEP records and also anyinformation obtained from PEP lists aboutcustomers but which is not relevant toassessing the ML/TF risk. In determiningwhat information should be deleted thereporting entity should also have regard toits requirement to keep sufficient recordsto establish that it did assess its PEP risksand undertake customer dud diligence;

• implementing procedures to protect anypersonal information it has collectedunder the PEP review requirements of the AML/CTF regime. For example, byquarantining that information so that only authorised staff can review forauthorised purposes; and

• incorporating appropriate consents anddisclosures into any application forms sothat compliance with the reasonable stepsrequirements in NPP 1 is ensured andavailable defences to complaints underNPP 10 are maintained.

ConclusionReporting entities should take all steps necessary to ensure that they are not collecting personal information, especiallysensitive information, about customers (and non-customers) which is not necessary to comply with their AML/CTF obligations (or other legal requirements).

Whilst there are no clear boundaries inrelation to the information that should be used to undertake PEP risk identification, ifreporting entities set up appropriate practicesand procedures to restrict the informationobtained, reviewed and retained from PEP liststo information that is reasonable necessary toundertake the analysis, then they are morelikely to be protected by the required by lawexception in NPP 10 and/or by Section 235 ofthe AML/CTF Act. Reporting entities shouldalso consider the text of their applicationforms and privacy notices in order to assesswhether further protection can be obtained by obtaining consent in advance to accessinginformation for sources of information such as PEP lists. ■


�

1 Salinger & Co. Privacy Impact Assessment: Privacy Impacts of the Anti-MoneyLaundering and Counter Terrorism Financing Bill and Rules, 2006. 15 September 2006.

2 Australian Law Reform Commission. For your information: Australian Privacy Lawand Practice Report 108, May 2008.

3 AML/CTF Rules – Rule 4.1.3(1); 8.1.4(1) and 9.1.4(1). See also Hannan, M. “Are

there PEPs under the beds of Australian Financial Institutions” Anti Money Laundering,September 2008, Pg 34.

4 Part A – See: AML/CTF Act Sections 84(2)(c) and 85(3)(b); AML/CTF Rules 8.1.4(1)and 9.1.4 (1) .5 Part B – See: AML/CTF Act Sections 84(3)(b) and 85(3)(b); AML/CTF Rule 4.1.3(1).6 AUSTRAC Guidance Note – Risk Management and AML/CTF programs – September 2007 version 1.7 Financial Action Task Force on Money Laundering. The Forty Recommendations.

FATF Secretariat. 20 June 2003 incorporating amendments

of 22 October 2004. Glossary.

8 The Department of Foreign Affairs and Trade maintains a list of all individuals and

groups who are the subject of current United Nations financial sanctions, but this is only

a list of those whom it is prohibited to deal with pursuant to the Charter of the UnitedNations Act 1945 (Cth). See the consolidated list in Regulation8_consolidated.xls avail-

able for download from http://www.dfat.gov.au/un/unsc_sanctions/index.html

9 Frequently asked questions in Chapter 4.

10 See discussion of interaction of alert lists and electronic verification in Wood, J.

“Electronic Identification and Verification UK Style” Anti Money Laundering, July 2009, Pg 22..

11 See Anti-Money Laundering and Counter-Terrorism (Transitional Provisions andConsequential Amendments) Act 2006.

12 Attorney General’s Department. AG Response to the Privacy Impact Assessment ofAML/CTF Bill and Rules.

13 Anti-Money Laundering and Counter-Terrorism Financing Act 2006 Section 106.

14 Privacy act s13A

15 See Schedule 3 to the Privacy Act 1988. 16 Privacy Act 1988 Schedule 3 – NPP 10.1(a).

17 Privacy Act 1988 Schedule 3 – NPP 10.1(b).

18 Privacy Act 1988 Section 6.

19 Privacy Act 1988 – Sections 36 (complaints), 40 (investigation by commissioner).

20 Privacy Act 1988 – Section 52 (Determinations of the Commissioner). An organisa-

tion that is the respondent to a determination is required by the Privacy Act to comply

with the determination. Affected parties, including the complainant and the Privacy

Commissioner, may take action in the Federal Court to enforce a determination. The

Federal Court is empowered to make certain orders in support of this enforcement,

including injunctions prohibiting the complained of conduct.

21 Office of the Federal Privacy Commissioner. Guidelines to the National PrivacyPrinciples. 2001 at Page 17.

22 AUSTRAC Guidance Note – Risk Management and AML/CTF programs – September 2007 version 1 paragraph 6.8.

23 Privacy Act 1988 Schedule 3 – NPP 10.1(a).

24 Office of the Federal Privacy Commissioner. Guidelines to the National PrivacyPrinciples. 2001 at Page 17.

25 Financial Services Modernization Act (15 U.S.C. §§6801-6827)

26 Section 6, Principle 2 (2)(a) Privacy Act 1993 (New Zealand)

if reporting entities set up appropriate practices and procedures to restrict the information obtained, reviewed and retained from PEP lists to information that is reasonable necessary to undertake the analysis, then they are more likely to be protected by the required by law exception in NPP 10 and/or by Section 235 of the AML/CTF Act.

Detect Inspect Resolve

TransWatchTM

introducing the smart way to protect yourself and your assets

Key Benefits include:

• Save time and resources with automated key tasks and limited manual intervention

• Fully scaleable with the ability to monitor from a few thousand up to millions of accounts each day

• Rapid deployment and customization with over 95 pre-built and pre-tested detection rules provided as standard

• Dynamic and intuitive workflow allows full control to rest with the compliance team throughout the investigation process

• Powerful reporting that delivers critical informa-tion on customer accounts quickly and easily through pre-built reports

Contact [email protected] for more information about monitoring transactions with Complinet’s TransWatch™ solution.

US

+1 646-289-6270

UK

+44 (0) 870 042 6410

UAE

+971 (0) 4-211-5153

Australia

+61 (0)2 9994 8099

TransWatch™ is a rule-based financial crime solution for detecting,

investigating and resolving suspicious activities as part of a firm’s

AML process.

ANTI-MONEY LAUNDERING 33AUGUST 2009

Enforceable undertakings

T HE ENFORCEABLE undertakingswere the first to be accepted by AUSTRAC under the Anti-Money

Laundering and Counter-Terrorism FinancingAct 2006 (AML/CTF Act).

The undertakings represent legallyenforceable commitments by Barclays andMega ICBC to remedy deficiencies andbreaches of Australia’s anti-money laundering(AML) and counter-terrorism financing (CTF) laws.

AUSTRAC’s supervision aims to improvethe compliance of reporting entities with their obligations to manage ML/TF risk andsubmit transaction reports to AUSTRAC. This includes requirements to submit a rangeof transaction and suspicious matter reports to AUSTRAC.

Both Barclays and Mega ICBC admittedto failures to comply with their reporting obligations.

AUSTRAC’s aim is to maximise thequality of the data we receive to enable us toproduce financial intelligence of the highestquality. This financial intelligence is animportant input to other government agenciesin the areas of law enforcement, nationalsecurity, revenue collection, income support,social justice and financial markets regulation.

For this reason, AUSTRAC takes non-compliance by reporting entities seriously. We are particularly concerned about transac-tion reporting failures which may result in the loss of significant intelligence to ourpartner agencies.

BarclaysAUSTRAC’s on-site assessment of Barclaysdisclosed a number of deficiencies andbreaches of various provisions of Australia’sAML and CTF laws, including reporting obligations.

Within the terms of the enforceableundertaking, Barclays has agreed to:• review transactions for a period of seven

years and provide AUSTRAC with anyoutstanding reports required by law;

• develop and implement proper systemsand controls to ensure that Barclays complies in the future with its reportingand AML/CTF program obligations; and

• submit to AUSTRAC an independentexpert report detailing Barclays’ compliance with the AML/CTF laws.Barclays will also be required to submitsimilar reports in 2010 and 2011.

The undertaking for Barclays also notes that the global systems, policies andprocedures Barclays has in place have notbeen supplemented to meet the specifics of Australian legislative requirements.

Mega ICBCMega ICBC has acknowledged a number ofdeficiencies and breaches, including reportingbreaches of Australia’s AML and CTF laws.

Under the terms of the undertaking, Mega ICBC is required to update the riskassessment of its products, channels, customers, employees and jurisdictions. Mega ICBC must also redevelop itsAML/CTF financing program and introducesatisfactory customer identificationand record-keeping systems.

Similar to Barclays, Mega ICBChas agreed to review transactionsfor the past seven years and provide AUSTRAC with any outstanding reports required by law and submit to AUSTRACindependent reports detailing their AML/CTF compliance.

AUSTRAC’s enforcement approachAUSTRAC’s acceptance of the enforceableundertakings reflects the agency’s intention to address non-compliance with Australia’sAML/CTF laws.

AUSTRAC recently made the AUSTRACsupervision strategy 2009–10 available to thepublic on its website. The strategy describesthe characteristics of the different industrysectors the agency supervises, including thenature of each industry, the roles played byindustry bodies and other regulators, and the various levels of compliance observed.

The agency’s Enforcement Manual is also available online, from the ‘Publications’menu of the AUSTRAC website

(www.austrac.gov.au). The manual outlinesAUSTRAC’s policies on the use of enforce-ment powers under the FTR Act andAML/CTF Act.

While AUSTRAC will continue to workwith entities to assist them with meeting theirobligations, enforcement action will be usedin a measured and appropriate manner tosecure compliance and rectification.

It is important for reporting entities tonote that the staggered implementation of the AML/CTF Act is complete and all of itsobligations are now in effect.

In addition, the former Minister forJustice and Customs’ Policy (Civil PenaltyOrders) Principles 2006, which placed conditions on the circumstances in whichAUSTRAC would take enforcement action,no longer apply to many obligations. ■

AUSTRAC COLUMN

What is an enforceableundertaking?

An enforceable undertaking is a writtenundertaking an entity gives to, and which is accepted by, the AUSTRAC CEO to rectify breaches in Australian law. An enforceable undertaking is enforceablein a court.

The AML/CTF Act empowers the AUSTRAC CEO to accept enforceableundertakings as a means to ensure compliance with the AML/CTF Act, including as an alternative to taking criminal or civil enforcement action.

On 1 July, AUSTRAC announced it had accepted enforceable undertakings from Barclays Bank plc(Barclays) and Mega International Commercial Bank Co Ltd (Mega ICBC).

PART II – Has New Zealand come of age with its Anti-MoneyLaundering and Countering Financing of Terrorism Bill?

FEATURE

Joy Geary looks further atsome of the high points of theNew Zealand AML/CFT Bill

I N THE LAST ISSUE of the magazinewe looked at the identification and verification requirements of the long

awaited New Zealand Anti-MoneyLaundering and Countering Financing ofTerrorism Bill (AML/CFT Bill)1 which finally arrived in the New Zealand parliamenton 25 June 2009. In Part II we look at the monitoring, governance and programrequirements of the Bill.

Capture mechanismAs pointed out in Part 1, the capture mecha-nism in the Bill differs from the Australianapproach of designated services. TheAustralian legislation brings businesses within the definition of ‘reporting entity’through a list of designated services. In contrast, the New Zealand Bill has created adefinition of a business type – those businesstypes are financial institutions and casinos –and then made financial institutions and casinos reporting entities in respect of theentirety of their businesses. Reporting entitiesmay conduct a mixture of businesses, someof which carry no money laundering risk but are subject to the obligations set out inthe Bill for all of their businesses, unlessthere are carve-outs provided through regulation. The AML/CFT Bill only allowsfor carve-outs of persons and classes of persons, not activities.

MonitoringThe Bill contemplates in Section 28 that New Zealand reporting entities must conductongoing customer due diligence and accountmonitoring in order to ensure two things:• that the business relationship and the

transactions relating to that relationshipare consistent with what the reportingentity knows about the customer and its risk profile; and

• identify any grounds for reporting a suspicious transaction.This is of quite different construction to

the Australian obligations. The AustralianAML/CTF Rules call for a transaction monitoring program which must have thepurpose of identifying, having regard tomoney laundering and terrorism financingrisk (ML/TF risk), any transaction thatappears to be suspicious. In New Zealand,


1 New Zealand uses the term anti-money launderingand countering financing of terrorism in the Bill.

Australia uses the term anti-money laundering andcounter-terrorism financing.

�

FEATURE

the conduct of ongoing customer due diligence and account monitoring is in orderto identify grounds for reporting a suspicioustransaction. This is a higher standard thanAustralian reporting entities are subject to. It also is a tautology, because a transactioncan only be suspicious if the reporting entityhas decided it has reasonable grounds to suspect certain things. The proper wordingmight be to ‘identify any grounds for reporting a transaction as suspicious’.

Another material difference is the expectation that a New Zealand reporting entity will have a risk profile for a customer.While this might be a practical outcome of the AML/CTF Rules in Australia, it is not an express outcome set out in a legislative section or provision. Australian entities might thus have more flexibility about management of risk profiles. Any differencein practical outcomes will reveal itself overtime after the Bill is passed. Typical ofAML/CTF regimes around the world, legislation and rules and regulations often

set out bare minimums of expectations ratherthan prescriptive wording which is capable ofintense scrutiny for meaning.

Regular account review is going to be an obligation under the New Zealand Bill, if passed in its current form, and there is no connection between that requirement and thelevel of ML/TF risk posed by the customer.Low-risk customers may therefore need to be reviewed regularly as high risk customers.Additional monitoring and ongoing customerdue diligence requirements may be introducedby further regulation.

AML/CFT Programme2

New Zealand reporting entities will have tohave a compliance program (called theAML/CFT programme) which has procedures,policies and controls with slightly differentfunctions to that of the Australian equivalent.In Australia, the primary purpose required ofan AML/CTF program is to identify, mitigateand manage ML/TF risk. In New Zealand oneof the outcomes of the AML/CFT programmeis that it detects money laundering and thefinancing of terrorism. This is a significant

difference and will place a considerable obligation on New Zealand reporting entitiesnot shared by their Australian counterparts. In Australia the equivalent sections 84 and 85were limited to identification, mitigation andmanagement of ML/TF risk.

AML/CFT Compliance Officer Compliance Officers are required under theNew Zealand Bill and their responsibility is to administer and maintain the AML/CFTprogramme. In Australia there is no legislative or regulatory prescription of theresponsibilities of the AML/CTF ComplianceOfficer. AUSTRAC has issued a GuidanceNote of what it expects of an AML/CTFCompliance Officer but it lacks the legislativeforce that the New Zealand Bill contains. A New Zealand AML/CFT ComplianceOfficer is required to report to senior management; an Australian AML/CTFCompliance Officer is required to be at management level, which may well leavethem well down the chain of command in some organisations.


2 New Zealand uses the English spelling of programme, the Australian legislation uses the American spelling of program.

�

�

FEATURE

New Zealand Bill Australian AML/CTF Act and Rules


�

�

Vetting requirements for employee due diligence is limited to seniormanagers, the AML/CFT Compliance Officer and others engaged inAML/CFT related duties. This might be regarded as including everyonewho performs an AML/CFT procedure such as account opening. There is no reference to a risk-based approach.

The vetting requirements of the employee due diligence rules are risk-based and focus on new employees and those changing roles.

Training on AML/CFT matters has to be given to senior managers, theAML/CFT Compliance Officer and others engaged in AML/CFT-relatedduties. This might be regarded as including everyone who performs anAML/CFT procedure such as account opening. There is no reference toa risk-based approach.

Training is tied to the risk-based approach and has prescribed outcomes of what employees should be able to understand.

The AML/CFT Programme covers account opening, ongoing customerdue diligence, account monitoring, case investigation, reporting suspicious transactions, record keeping and many of the other controls expected within an AML/CFT framework but has avoided the Australian complexities of having programs within programs aswell as having key activities such as record keeping and reporting leftoutside the AML/CFT Programme. This simplified structure makessense in terms of legislative and regulatory preciseness.

The Australian framework has an AML/CTF Program composed of aPart A and a Part B. Within Part A there are more programs, called:• A risk awareness training program• An enhanced customer due diligence program (Chapter 15)• A transaction monitoring program (Chapter 15).Part A is actually defined in Chapters 8 and 9 of the AML/CTF Ruleswhich do not contemplate the existence of Chapter 15. The AML/CTFProgram legislative and rule references do not refer to record-keeping ortransaction reporting (whether suspicious, threshold or international).In Part B of the AML/CTF Program there is a customer identificationprogram.

The New Zealand Bill requires an AML/CFT Programme to have adequate and effective procedures to prevent the use of money laundering or financing of terrorism of products and transactions thatmight favour anonymity. The combination of the words ‘adequate’ and‘effective’ and the absence of any reference to risk make the Programrequirements significant obligations. This is an obligation well beyondanything found in the Australian legislation.

The Australian legislation is structured around a concept of identification, mitigation and management of ML/TF risk, not money laundering and terrorism financing. This is an important structural difference as few financial institutions in the world couldmanage an obligation of the type posited by the New Zealand Bill.

The requirements that an AML/CFT Programme must meet can be supplemented by regulations and guidance. Guidance in this contextwill allow any of the AML/CFT supervisors to introduce requirementsoutside the scrutiny of Parliament.

The AML/CTF Rules define the requirements of the AML/CTF Programand they can be supplemented by new rules. Guidance issued by AUSTRAC is not binding; however Australian reporting entities wouldneed to be able to show good reason for not following it.

New Zealand reporting entities will have to assess their ML/TF riskbefore they establish their AML/CFT Programmes or conduct customerdue diligence (customer acceptance). The factors to be considered whenassessing risk have been combined with those that Australian reportingentities are required to consider when determining their appropriaterisk-based systems and controls. Although the meaning is not clear, it islikely that regulatory risk must also be included in the risk assessment.The New Zealand Bill makes no reference to employee ML/TF risk,something which is in the Australian requirements by implication.

Australian reporting entities are required to assess their ML/TF risk bylooking at customer types, service types, channels through which services are delivered and countries dealt with. In responding to theidentified ML/TF risks and implementing appropriate systems and controls, Australian reporting entities then have to look at the nature,size and complexity of the business.Time will show whether these different formulations betweenAustralia and New Zealand will result in different outcomes in ML/TFrisk assessments.

New Zealand reporting entities will be required to conduct regularreviews of risk assessments and the AML/CFT Programme.

This is implied in the Australian AML/CTF Rules through the require-ment for regular independent review.

New Zealand reporting entities will also be required to have theirAML/CFT Programmes audited every two years by an appropriatelyqualified person. Such a person cannot have been involved in theestablishment, implementation or maintenance of the programme tobe audited. The New Zealand Bill has sought to soften the meaning ofthe word ‘ audit’ through allowing persons who are not charteredaccountants or qualified to undertake financial audits as being permitted to conduct them. ‘Audit’ is a well-defined term which may be regarded as elevating the threshold of this obligation wellabove the meaning of a review.

Australian reporting entities do not have to have their Part A audited;only independently reviewed. Time will show whether these differentformulations between Australia and New Zealand will result in different outcomes in audit/review requirements.

There is a requirement for annual AML/CFT reports to be provided tothe relevant regulator.

There is a similar compliance reporting requirement which has beenmade an annual report by AUSTRAC.

The following table compares the requirements of the New Zealand Bill to the current Australian AML/CTF Act and Rules:

FEATURE

Overseas businessesNew Zealand reporting entities that have businesses overseas must ensure that theyapply at least the New Zealand requirementsto their activities with respect to customer due diligence, ongoing customer due diligence, risk assessments, AML/CFT programmes and record-keeping. This requirement is limited by what is permitted in the laws of the country where the businessis located, which overcomes problems such as the suspicious matter reporting elements of the AML/CFT programme.

Codes of practiceThe various AML/CFT regulators can beinstructed by the minister responsible for that regulator to prepare codes of practice for their industries to assist with helpingreporting entities to comply with the requirements of the Bill.

PenaltiesSenior managers are liable to criminal chargesif their corporations commit certain offencesand they knew that the offence was beingcommitted, were in a position to influence the conduct involved, and failed to take stepsto prevent the commission of the offence.Offences involve failing to report suspiciousor threshold transactions; unlawful disclosureof suspicious transaction reports; failure tokeep records about suspicious transactions;obstruction of investigations into suspicioustransactions; obstructing an AML/CFT supervisor, providing false or misleadinginformation to an AML/CFT supervisor.Maximum limits on penalties for individualsvary from $10,000 to $300,000 (depending on the offence) and jail terms of not morethan two years. Maximum limits on penaltiesfor corporations vary from $50,000 to $5 million, depending on the offence.

Civil liability acts are associated with:• Failing to conduct customer due

diligence;• Failing to adequately monitor accounts

and transactions;• Entering into business relationships

without satisfactory evidence of identity;• Entering into or continuing a

correspondent banking relationship with a shell bank;

• Failing to keep records;• Failing to establish, implement or

maintain a AML/CFT programme; and• Failing to ensure that branches and

subsidiaries comply with the relevantAML/CFT requirements.

One of these civil liability acts is worthyof special mention. It is a civil liability act toenter into or continue a business relationshipwith a person who does not produce or providesatisfactory evidence of their identity (section76(c) of the Bill). As pointed out in Part I ofthis article in the last issue, on first blush,

the Bill seems to exempt reporting entitiesfrom needing to re-identify existing customers.But as we have experienced in Australia, what seems to be a narrow obligation on its face, when coupled with other matters, often turns out to be bigger than first under-stood. If this civil liability act is interpreted to apply to existing customers who have never produced evidence of identity beforethen this provision could be construed asrequiring reporting entities to re-identify all of their existing customers to put the matter beyond doubt.

Designated business groupsThe definition of a designated business groupallows for members who are not reportingentities – provided they are subject toAML/CFT requirements outside New Zealandand provided they are all related to each otherunder the New Zealand Companies Act. There are several other ways to satisfy membership, such as a joint venture or being a nominated government department. A member of a designated business group canconduct customer due diligence proceduresfor another member, share aspects of theAML/CFT programme of another member,use the risk assessment of another, and make a suspicious transaction report on behalf ofanother member. There is no exemption in the tipping off provision for the passage ofthis information between members of the designated business group. There is also some confusion in section 33(5)(b) about how this might work between members of the designated business group in practice.

PrivacyInformation passing from one member of the designated business group to another issubject to New Zealand Privacy legislation,which may introduce some comparativeanalysis requirements between the New Zealand privacy laws and overseas privacy laws as to their adequacy.

Big issuesNew Zealand reporting entities appear likely to be subject to a higher standard thanAustralian reporting entities in relation toongoing customer due diligence, monitoringand what their AML/CFT programmes have to achieve by way of outcomes. ■

Disclaimer – The information provided inthis article is of a general nature, and it is notintended to address the circumstances of anyparticular individual or entity. No one shouldact on this information without appropriateprofessional advice after a thorough examination of their particular situation.


�

If this civil liability act isinterpreted to apply toexisting customers whohave never produced evidence of identitybefore then this provisioncould be construed asrequiring reporting entities to re-identify all of their existing customers to put thematter beyond doubt.

Dow Jones Watchlist

How to TellYour Best Customer fromYour Worst Nightmare

Doing business with just one wrong customercan result in steep financial penalties for yourbusiness or, worse, cause irreparable damageto your reputation.

Dow Jones Watchlist helps you easily andaccurately identify high risk clients with detailed,up to date profiles on more than 500,000 entities.Coverage includes national and international

government sanction lists; persons linked to highprofile crime; and senior foreign political figures,their relatives, and close associates.

To learn more about Dow Jones Watchlist, contactRichard Butler at [email protected] at +61 (0)2 82724600.

Win the battle against fraud, money launderingand terrorist financing with Dow Jones

INTERVIEW

What were your key objectives coming into the Group AML role?

I joined NAB in 2006 as the consultationphase for the AML/CTF Act was movingtowards its conclusion. During the first yearat NAB one of my key priorities was to assist with the input that NAB made to theconsultation phase, through the AustralianBankers Association.

Coming from the United Kingdom, I hadextensive experience and knowledge of moremature regimes in other countries. I had alsowitnessed firsthand some of the practicalissues regarding implementing AML/CTFchange programs within financial institutions.

Another of my priorities during 2006 and2007 included helping with the Australianbusiness plan and preparing for implementa-tion. Senior management looked to me duringthis period for assurance that NAB’s imple-mentation was consistent with best practiceoverseas and would take account of likelyfuture directions of AML/CTF regulation inAustralia. This latter issue is a key issue whenthere are large amounts of technology invest-ment involved in customer information andmonitoring systems. Future-proofing theimplementation was one area of concern.

What was the NAB landscape likewhen you arrived, in terms ofresources, reporting lines, level ofknowledge, approach to assuranceand management of ML/TF risk?

Like all other Australian banks, NAB’sAML/CTF regime was limited – well withinthe then current regulatory requirements, butlimited nonetheless compared with standardsoverseas in the UK and the US.

As a result, when I arrived there werelimited resources, limited capability and –most importantly – limited understanding ofwhat changes were going to be necessary tomeet domestic and international challengesand opportunities.

The role that I assumed was in the Groupfunction with an overall assurance remitacross all of the lines of business globally in terms of their AML/CTF activities. Locally, each business had primary responsi-bility for how they managed AML/CTF.

At that time NAB had businesses in Asia, the US and the UK.

What were your big achievementsduring the 26 months you have been in the Group role?

I think that the changes that I have introducedcover two major areas.

One was to establish a global AML/CTFcommunity within the organisation, spanningall business units and countries of operation.People working on AML/CTF throughout theorganisation then had a place where theycould exchange views and strive towardscommon standards. At the end of this process,NAB had established global standards for keyareas of AML/CTF practice and could moreeffectively assure itself regarding the qualityof compliance. This AML/CTF communitywill continue to develop and shape itself aswe move forward.

The second area of change was to ensurethat NAB built an AML/CTF regime inAustralia that was fit for purpose and flexible enough to accommodate a changingand dynamic business and regulatory environment. This regime meant that we had to build the right capability both withinthe AML/CTF functions and within the business to support the regime. Part of thatinvolved choosing and growing the right people internally, or reaching outside to hire experienced people who could themselves lead these changes.

Describe the team that has nowbeen put in place to manage ML/TF risk across the Group: know your customer (KYC) assurance, sanctions, monitoring,list screening, investigations andcase management and training.

We have spent time making sure that we have the right numbers of people with theright skills and experience to manage NAB’s ML/TF risk. Such people represent the right blend of knowledge of NAB, itsprocesses and the Australian regulatory environment – as well as knowledge aboutAML/CTF.

NAB has been prepared to invest inbringing in people from overseas, and thesepeople have helped create the environmentfor the transfer of knowledge and growingtalent internally.


Neil Jeans began his careerin the UK financial markets workingas a dealer on the London StockExchange, progressing to theinvestment management side of the industry in the UK.

In 1991 he joined the UKMetropolitan Police Service, ultimately working on major criminal investigations (includingmurder, fraud and drug trafficking)focusing on financial investigation.

In 1998 Neil joined the UKFinancial Services Authority andwas significantly involved in thedrafting of the FSA Rules on Money Laundering, ultimatelyworking as the Money LaunderingTheme Manager developing theFSA’s Anti-Money Laundering (AML)regulatory and supervisory tools.

Neil joined National AustraliaBank (NAB) in May 2006 as Head of Group AML, based in Melbourne.At NAB, Neil is responsible for co-ordinating the Group’s AML risk management and complianceactivity and providing assurance tothe Group’s senior managementregarding the effectiveness of theGroup’s AML/CTF framework. He lives on the edge of Melbourne and had an abrupt introduction tobushfires during the Black Saturdayfires in February this year.

Neil has recently taken up a new role as General Manager Group Assurance, expanding hisresponsibilities to all businessprocesses, not just AML/CTF. �

Up close and personal

INTERVIEW

You have integrated sanction management with AML/CTF – whatare the advantages of doing that?

AML/CTF and sanction management areclosely aligned disciplines and require similar risk-management processes. This has allowed NAB to increase its capability in both areas by cross-leveraging the peopleworking in each area. This has delivered benefits for both AML/CTF and sanctions. It also means that we have consistent processes and consistent management of similar risks.

How do you manage career progression for your team globally?

With Australia still maturing and NewZealand just beginning its AML journey,career progression has not been an issue. But we know it will be in the future, and we recognise the importance of developingour people for their next role.

Clearly our overseas expertise will be abenefit in developing our skills internally andit will help to reduce the amount of learning

that is achieved through mistakes – learningfrom mistakes can be useful, but as a development tool it can be problematic.

What do you see as being the bigchallenges that your team will facenow you have moved on to your new role in Group Assurance?

The biggest challenge the team faces is maintaining the AML/CTF risk-managementregime in what seems to be a constant cycleof change. I often comment that I have been involved in AML (from a number of perspectives) for almost 20 years andAML/CTF compliance and risk managementfor 10 of those 20 years, and I have neverbeen in a business-as-usual environment.

One thing that I am certain about is that, as the regulatory regime matures, so willAUSTRAC’s expectations change. In myexperience, when regulatory expectationschange it doesn’t mean less is expected ofyou, it always means more is expected. Hencemy reference to trying to future-proof some of the big areas of expenditure, anticipatingwhat some of these changes might be.

In Risk Assurance you will still havean impact on AML/CTF within NAB.Can you describe the kinds of thingsthat will be priority to you in yournew role?

Risk assurance is a new discipline and recognises that, with the current focus of regulatory attention, the type and quality of assurance given to senior managementregarding risk management will be increasingly important.

As with all risks, including ML/TF, thereneeds to be transparency – and where possibleconsistency – to ensure we manage riskappropriately. That allows for risk-manage-ment decisions to be made in light of all the available knowledge or information.

I have been undertaking assurance in theAML/CTF space for a number of years andmy understanding of what assurance is bothwanted and needed continues to evolve, asdoes the expectations of those to whom youare providing assurance. I don’t expect thatevolution to stop or – even slow. And the keychallenge of any assurance activity, includingAML/CTF, is to ensure that the risk position isidentified and articulated, and that changes tothe risk position are identified and escalatedfor appropriate and timely management. ■


�

Subscribe to anti-money laundering magazine, the definitive source of information for the financial services sector on anti-money laundering and counter-terrorist financing.

Call our subscription department today on 02 9776 7914

Don’t get taken to the cleaners

Clearly our overseas expertise will be a benefit in developing ourskills internally and it will help to reduce the amount of learningthat is achieved through mistakes – learning from mistakes canbe useful, but as a development tool it can be problematic.

COLUMN


V ALENTIN ZELLWEGER,Ambassador and Deputy Director of the legal department of the

Swiss Foreign Ministry, spoke to Complinetrecently about the long-running saga. He said the government was dismayed about the failure of the case and spoke about thelack of help the Swiss had received from the Congolese government.

Zellweger said that the new law, which iscurrently being drafted, has sparked interestfrom international bodies such as the WorldBank. The law would make it easier for theSwiss government to confiscate money that it suspected of coming from corruption.Zellweger explained that this would allow the government to impound money in casessuch as Mobutu’s, where there had been an

initial request for mutual legal assistance from a foreign government that had not beenpursued. The law could also be used wherethere were strong suspicions that the moneywas stolen — for instance, if it came from an endemically corrupt jurisdiction where the leader had experienced a ‘staggering’increase in income.

The big freeze:Switzerland rewritesasset confiscation laws

LONDON CALLING

By Martin CoyleSENIOR EDITOR,

COMPLINET

Switzerland’s futile 12-year battle to freeze millions of euros in assets belonging to the formerZairian dictator Mobutu Sese Seko is likely to result in new legislation. The new law, which would be the first of its kind in the world, would aim to stop money that is thought to be stolenbeing returned to corrupt leaders or their families.

�

Zellweger explained that, although the €5 millionconcerned was a drop in the ocean compared to thebillions that Mobutu is thought to have plundered, it was of ‘symbolic’ value.

‘It would allow us to then reverse the burden of proof. It would be very complicated,but it would enable the judge to say that if theleader cannot prove the legal of the origins ofthe funds it could be confiscated and sent backto the government or the people concerned.The aim is to benefit the people concerned,and would allow us to act without the co-oper-ation of the concerned government,’ he said.

Zellweger said that the legislation wouldbe challenging in terms of the EuropeanConvention on Human Rights but that theSwiss had decided to press ahead nevertheless.It is likely to be laid before parliament nextyear. It is estimated that Mobutu stole billionsof dollars before his death in 1997, with much of the cash spirited away to bankaccounts around the world. Around €5 millionof this was funnelled to various banks inSwitzerland. In 1997, the Congolese govern-ment sent 10 legal assistance requests to various countries (including France, Belgiumand Switzerland) in an effort to repatriate thefunds, much of which was thought to havebeen plundered from foreign aid.

The legal requests were filed with thevarious countries. All the jurisdictions stoppedmutual assistance, however, because of theCongolese government’s lack of co-operation.It did not back its requests with evidence that the money in the banks was stolen. This led to most of the fortune being returnedto the Mobutu family. It is estimated that the Belgian government returned around US$1 billion to the Mobutus.

Lack of co-operationIn 2003, the Swiss Justice Ministry decided toclose the case and return the cash because ofthe Congolese government’s stance. TheSwiss government stepped in and decided toput a further block on the cash. Zellweger saidthat the government tried to work with theCongolese administration but was thwarted bystonewalling. This was partly due to a lack ofinterest and partly because Mobutu’s son hadrisen to prominence in the government. In2007, the Swiss President visited Congo andspoke to the President, Joseph Kabila, in aneffort to negotiate a solution, but to no avail.Under Swiss law, like the UK, proof is neededthat the money resulted from wrongdoing tobe blocked and repatriated.

‘We had to have a legal case in order tosend the money back. What is different inSwitzerland compared to other countries is thatthe government pursued the policy of recoveringthese assets and sending them back.

‘The problem is that if you want to givesomething to someone then the ‘someone’

must accept the ‘something’. The problem wehad, was that the someone did not want thesomething for political reasons,’ he explained.

The freeze on the Mobutu funds was dueto come to an end in December 2008. InOctober of that year, the Swiss governmentattempted a last-ditch effort to end the case byoffering to finance an experienced Geneva-based lawyer who had worked on the Abachacase to take on the mandate. The Congoleseeventually agreed to this, just days before theDecember deadline. Despite this, Swiss prose-cutors ruled that the case could not be broughtunder Swiss legislation. An appeal against thisdecision was thwarted as the Congoleserefused to give approval for the appeal.

Finger pointingThe latest and final ruling by the FederalCriminal Court came following a complaintthat a Swiss professor of law made to appealagainst the earlier decisions to unfreeze themoney. This failed and the money will berepaid to various members of the Mobutufamily. The Swiss Federal Department ofForeign Affairs said that it ‘deplored’ the decision and pointed the finger squarely at the Congo government.

‘Since 1997 the Confederation has goneto considerable lengths to bring this matter toa satisfactory conclusion. In accordance withthe mandate it received from the FederalCouncil, the FDFA assisted the parties concerned in an effort to reach as satisfactory a conclusion as possible. However, the lack of support over a long period from theCongolese authorities, together with theinflexibility of the Mobutu heirs, meant that it was not possible to reach an agreement,’ it said in a statement.

Zellweger said that the case had demon-strated that, without the help of the governmentconcerned, it was difficult to help to rightfullyrepatriate the money. The new law, if enacted,would help to change this, however. The gov-ernment has a similar ongoing case regarding€5 million held by Swiss banks related toJean-Claude ‘Baby Doc’ Duvalier, the formerHaitian dictator. The Swiss, however, are morehopeful in this case as they have the support ofthe Haitian government.

After last week’s ruling, Congo’sInformation Minister, Lambert Mende, criti-cised the Swiss government for not doingenough to help to return the money to thecountry, which he said could have been used

to improve the country’s infrastructure. One official close to the case said that theSwiss would soon publicly demonstrate all it had done to try to return the cash. He dismissed Mende’s comments.

Zellweger explained that, although the €5 million concerned was a drop in the oceancompared to the billions that Mobutu is thoughtto have plundered, it was of ‘symbolic’ value.

‘It is part of our development co-operationefforts. Why should we send overseas aid to some countries if it is then siphoned off and it then comes back to our banks? So it is part of our development policy to aim atstrengthening the institution’s governance and rule of law,’ he said.

In 2004, anti-corruption bodyTransparency International labelled Mobututhe third most corrupt leader of all time, estimating that he stole around half of theUS$12 billion in aid money the countryreceived from the International MonetaryFund during his tenure. ■


COLUMN

�

FEATURE


F ROM A criminological perspective,there appear to be three main types offront directors or company executives.

The first are those whose role is restricted tobeing purely nominal executives or officials,and who know nothing and engage in no tangible activity beyond signing whateverdocumentation they are instructed to sign bytheir criminal masters. The signing is usuallycarried out through legal advisers.

The second type are those who are frontindividuals but who also have – and are paidat an appropriate rate – initiative, skill andresourcefulness in handling and deflectingunwelcome inquiries. And who, in the worst-case scenario, carry out their executive dutiesin a manner designed to delay law-enforce-ment investigations. (The case against allegedinternational fraudster Allen Stanford hasimplicated a close confident of the accused inher role as a related company chief executivecarrying out delaying tactics.) This secondtype can take limited pre-emptive initiativesin retransferring funds, investments or sumsof monies in advance, in order to forestall anyinquiries that may occur as a result of law-enforcement action – such as individualsbeing interviewed or arrested or changes infiscal and criminal fraud legislation.

The third type engages in the same activity as the second but on a more frequentand wider level. They are a member of anorganised crime group, albeit at the lowerlevel, who are perpetrating the criminality.Among criminological academia and lawenforcement circles there is debate as towhether the third type can be classified as afront, as they are involved in the criminalityas part of the criminal group.

Such front individuals act in many typesof companies and financial institutions. InAustralia, a brother and a sister opened adeposit account linked to a loan account.Many cash deposits (significantly under thereporting threshold) made in one day drew

�

The pleasant, attentive corporate individuals who mask the dark sideby Dr Nick Ridley

The front man or ‘cardboard bozo’ in corporate entities and financial institutions who is involved in concealing or facilitating criminal finances is as long-standing as financial crime itself.

DOING THE CRIME


attention to the young individuals, who statedthat the amounts were for building expensesfor four properties. Further review of theaccount revealed high-value transactions with a significant number of withdrawals ortransfers between $900,000 and $2 million.One of the individuals was found to be a nominal director of a company based in anoffshore jurisdiction.

Another case, in 2007, that occurred inSouth-East Asia involving Australian banksrevealed customers opening business accountsin their own names with online banking facilities. All the involved customers werepensioners, according to the account-openingforms. The accounts showed several onlinedeposits over a 72-hour period totalling$400,000, the funds being redirected to another foreign-exchange business account.The funds were then transferred to HongKong. It was found that the business

was established as a money-exchange business with related companies of which the pensioners were nominal executives.

Property deals on an international scaleare a common method of laundering, involving front individuals in a cycle ofevents consisting of the criminal grouparranging to sell a piece of property to

a foreign investor. The investor is himself afront individual, part of the group workingthrough offshore companies. The sale price is inflated above acquisition costs and themonies are repatriated and integrated in theform of a capital gain on a property deal. The key individuals are the front executives,the ‘foreign investor’ and executives of theoffshore companies transferring the monies.

The post-2007 series of economic crisesmay facilitate an increase of the second typeof front executive (that is, those that are paidand use their initiative). A recent KPMGreport, (resulting from in-depth research and surveys of companies and employeebehaviour) formulated several conclusions.

One was that, due to ‘exceptional economic circumstances’ unemployed orrecently redundant company professionals,‘would be tempted to join or be recruited bycriminal groups’. If such potential recruitmentto conscious, active and knowing criminalityby professional executives may increase, then

conversely, there are even more possibilitiesthat such wayward individuals may take asofter option.

This softer option is that of stopping short of knowingly engaging or facilitating fraudulent or criminal activity – or that which is judicially provable – and becoming a front executive of the second type, utilising

their skills and corporate and professionalknowledge in acting as an effective cut-outpoint and preventing any unwelcome inquiries– but in doing so acting in a legitimate function without actively engaging in criminal activity of fraud. In the words of one (unattributable) international law enforcement investigator:

‘These individuals are smart, good servants of their ultimate masters, but are self-preserving and remain fully legitimate. Their curtain role andtheir legitimacy make them doubly valuable to organised crime groups.’

One case occurred in Australia, wheremonies were being transferred from Europethrough a series of interlinked companies in Italy involved in the vegetable and foodproduce trade. Several financial institutionswithin two other EU countries were involved.As receiving bank accounts were opened in South-East Asian jurisdictions, so theItalian companies acquired other linked small businesses in the EU. Each ‘new’ acquisition had been a company of a similarsmall business established for 18 months priorto the merger, with four common individualsas executives of one or more of the ‘new’ corporate acquisitions. Despite these takeovers, the original two Italian companies did not appear to increase their amount offoodstuff turnover – although there was an increase in transferred funds to new companies, which was transferred to theaccounts in South-East Asia. The originalinterlinked twin Italian companies were suspected of having links to two branches of an organised crime family.

The various permutations of tame companies and compliant executives, assisted by other linked entities in offshore

�

The post-2007 series of economic crisesmay facilitate an increase of the secondtype of front executive (that is, those that are paid and use their initiative).

�

(LEFT) PROPERTY DEALS ON AN INTERNATIONAL SCALE ARE A COMMON METHOD OF LAUNDERING. (RIGHT) ONE CASE OCCURREDIN AUSTRALIA, WHERE MONIES WERE BEING TRANSFERRED FROM EUROPE THROUGH A SERIES OF INTERLINKED COMPANIES IN ITALY INVOLVED IN THE VEGETABLE AND FOOD PRODUCE TRADE.

DOING THE CRIME


jurisdictions, are manifold in facilitating theproceeds of financial crime. However, frontexecutives or directors have also played animportant role in terrorist financing.

In the late 1980s, with the reverberationsof BCCI collapse echoing in financial regulatory corridors and international lawenforcement intelligence offices, and information gleaned from classified files shuffling between fraud investigators, anti-terrorist sections and other governmentdepartments, inquiries were initiated by thegovernments of several jurisdictions.

Within the UK, one inquiry was convenedfollowing the possibility of a London connec-tion being linked to BCCI finances involvingan extreme Palestinian terrorist organisation(the Abu Nidal Organisation). Finance flowscirculating around, into and from financialinstitutions and banks based in London werepinpointed during a two-year period. Duringthis period there occurred a complex series oftransfers involving five corporate accounts to several interlinked companies in the UK,several European countries, Jordan and Syria.

The transfers and retransfers spanned five periods of movements; one crucial period(between 8 June and 29 July) by contra transactions, and an intense sequence ofdeposits and onward transfers to differingaccounts, often in the same bank, and thensome retransferred back to the original corporate account, but in another branch.

By skilful timing and plausible reasoningin instructions to the banks, ₤2 million over asix-week period was successfully transferredout of the UK. The key to this unobtrusivetransfer was the activities of two front executives, with directorships in seven of the interlinked companies, and one other front director whose company with its

corporate account was a useful temporarybasis for placing transfers for five-workingday periods before transferring the monies.The whole inquiry revealed a terrorist finance presence in London which hadspanned several years.

During the 1980s, the Provisional IRAhad several such individuals in place in mainland Britain who ran companies whichdealt with vehicle hire, accommodation and

import-export, all of whom could also furnishlarge cash amounts at short notice. One suchindividual brought to trial and sentenced to along term of imprisonment was described bythe trial judge as:

‘indeed a very dangerous man . You gave succour [and] support, had smallbusinesses and provided essential accommodation and cover. It was youwho was minding the shop.’

During the post-2007 economic crisisperiod, the OECD, the United States and othergovernmental and international regulatorybodies have called for increased efforts andsupervision regarding certain jurisdictions and offshore entities. However, in the wordsof one international investigator:

‘Action against the ‘safe haven’ jurisdictions for organised crime is welcome. What is essential is awarenessof, and investigative action against, the invaluable front directors acting fororganised crime. It is their expertise, skilland international corporate knowledgethat forms the strong first line of financialdefence for organised crime.’ ■

�

The key to this unobtrusive transfer was the activities oftwo front executives, with directorships in seven of theinterlinked companies, and one other front director whose company with its corporate account was a usefultemporary basis for placing transfers for five-working dayperiods before transferring the monies.

BY SKILFUL TIMING AND PLAUSIBLE REASONING IN INSTRUCTIONS TO THE BANKS, 2 MILLION POUNDS OVER A SIX-WEEK PERIOD WAS SUCCESSFULLY TRANSFERREDOUT OF THE UK.

COLUMN


H IGH-LEVEL Swiss and Americanofficials, along with UBS, are keento avoid litigation aimed at forcing

the Swiss banking giant to release the namesof 52,000 wealthy American clients suspectedof tax evasion. The judge, who delayed thecase until at least early August, did so at the request of all parties involved. Still, it is clear that negotiations remain tricky, becausethe US government wants the names of the suspected tax evaders and the Swiss government knows that complying would tear a hole in its much vaunted bank secrecy.

Of course, UBS is glad that its government has decided to openly join the fray. In a written statement, the bank stated that it ‘welcomes the announcementthat the US and Swiss governments haveagreed to negotiations for the purpose ofresolving the litigation’.

As Complinet reported in mid-February,UBS avoided prosecution on charges it helped Americans to evade taxes by signing a so-called ‘deferred prosecution agreement’(DPA) with the US Department of Justice.UBS agreed to pay US$780 million in fines,

penalties, interest and restitution nd turn over 250 client names to the US InternalRevenue Service.

The following day however, the DoJ filed a lawsuit in Federal Court seeking toforce UBS to turn over the data of the 52,000 other US clients, an act that the bankhas said would force it to violate Swiss criminal law. Lawyers with the DoJ’s tax division made clear the rationale behind the lawsuit in a court document:

‘UBS has not yet faced all the conse-quences of its illegal conduct in the UnitedStates,’ the DoJ lawyers stated, likening theDPA to a plea agreement in any criminal case.‘We routinely expect the consequences ofadmitted criminal conduct in the United Statesto also include acceptance of civil liability,payment of restitution and identification ofothers who participated in the criminal enterprise with the accused.’

The DoJ lawyers’ tough talk was matchedby the Swiss government in a court filing ofits own. Swiss officials wrote that their government will ‘use its legal authority toensure that the bank cannot be pressured totransmit the information illegally, including if necessary by issuing an order taking effective control of the data at UBS.’

According to a statement released by the DoJ, it supported a postponement of court proceedings ‘in order to provide the parties additional time to discuss a possiblealternative resolution of the matter’. It added,however, that ‘the parties have agreed that any alternative resolution reached would

Federal judge delays litigation in US-UBS lawsuit

NEW YORK NEW YORK

By Brett WolfCOMPLINET

�

‘We routinely expect the consequences of admittedcriminal conduct in the United States to also includeacceptance of civil liability, payment of restitution and identification of others who participated in thecriminal enterprise with the accused.’

A federal judge in Miami has postponed the commencement of the US government’s tax evasionlawsuit against UBS AG to give all parties involved, including the Swiss government, more time to negotiate a settlement.


necessarily include a provision requiring UBS to provide the Internal Revenue Serviceinformation on a significant number of individuals with UBS accounts’.

‘If an alternative resolution is notreached, the Department of Justice will continue to vigorously pursue enforcement of the summons through the court,’ the DoJ stated.

The case is US v UBS AG, 09-cv-20423,US District Court for the Southern District of Florida. The judge overseeing the case is Alan S. Gold.

And it begins — DoJ wins first conviction based on records surrendered by UBSIn an interesting development, a South Floridachartered accountant has become the first person prosecuted based on account recordsthat UBS turned over to the DoJ as part of the deferred prosecution agreement. StevenRubinstein of Boca Raton has pleaded guiltyto filing a false tax return. He admitted that hesurreptitiously controlled UBS accounts heldin the name of Hybridge International Ltd, a British Virgin Island shell company.

Between 2001 and 2007, Rubinstein communicated with UBS bankers via email,telephone and in person about the purchaseand sale of securities worth more thanSFr4.5m and the conversion of investmentsfrom US dollars to British pounds. He alsodeposited and sold more than US$2 million in South African Krugerrands through hisUBS accounts.

‘From 2005 through 2007, the defendant requested the transfer of more than US$3 million from the UBS Swiss bank accounts to a bank account at HSBC

in Monaco in the name of Duroc Ltd for thepurchase of property and construction of thedefendant’s personal residence in Boca Raton.In total, over US$7 million was transferredfrom a bank account at HSBC in Monaco forthe purchase of … the defendant’s personalresidence,’ the plea agreement states.

According to the plea agreement, on orabout April 15, 2005, Rubinstein filed a taxreturn for 2004 in which he failed to reportthat he had an interest in, or signature authori-ty over, the UBS accounts in Switzerland. Ofcourse, he failed to report the related incomehe earned. Rubinstein also admitted that he

intentionally failed to file Reports of ForeignBank and Financial Accounts (FBARs) disclosing his UBS bank accounts, which is acrime since the accounts contained more thanUS$10,000. He agreed to pay a 50 per centpenalty for the year with the highest balancein the accounts in order to resolve his civil liability for failing to file the FBARs.

Sentencing has been scheduled forSeptember 30. Rubinstein faces up to threeyears in prison and a maximum fine of

US$250,000 or twice the amount of pecuniarygain to the defendant or loss to the IRS.Rubinstein remains free on a US$12 millionbail pending sentencing.

The US government is not about to easethe pressure it is exerting on UBS. WithAmerican budget shortfalls reaching perilouslevels there is tremendous political pressure tocrack down on tax evaders and those financialinstitutions that aid them. President BarackObama, who was a vocal critic of ‘tax havens’when serving in the US Senate, has clearlydemonstrated that halting offshore tax evasionis a priority for his administration.

Since many American tax evaders hidebehind offshore shell companies when concealing their wealth within foreign financial institutions, it is clear that anti-money laundering personnel will have a roleto play as financial institutions get seriousabout uncovering US tax dodgers. Preciselywhat role AML personnel will be expected toplay is not yet clear, but there is little doubtthat their expertise in lifting the corporate veil will be of the utmost importance. ■

COLUMN

�

The US governmentis not about to easethe pressure it isexerting on UBS.

om.au

al experts about the current

rseas as a result of the

mic crisis

ering threat levels have

kened economy, as the

from the global downturn

THIS IS ONE EVENT YOU CANNOT AFFORD TO MISS!

Take the bite out of AML and CTF Compliance

Complinet Global ScreeningComplinet’s Global Screening solutions can help to reduce your organisation’s exposure to unacceptable clients and transaction activities.

AML solution. Complinet’s Global Screening delivers a smarter end-to-

your operational screening costs.

Find out more about Complinet’s Global Screening solutions at www.complinet.com/connected/solutions/global-screening/

Complinet AML training and e-learningComplinet combines expert content with cutting-edge design capability to help organisations meet all their AML training needs. Our market-ready

Abuse and Insider Dealing.

Find out more about Complinet’s e-learning solutions at www.complinet.com/connected/solutions/regulatory-insight/e-learning/

On June 12 2007, the Australian parliament passed the second phase of its Anti-Money Laundering and Counter-Terrorism Financing Act 2006, which introduced correspondent banking provisions.

The Australian Transaction Reports and Analysis Centre will carry out more rigorous on-site inspections to examine

AML/CTF programmes, including

processes; recordkeeping systems; ongoing customer due diligence; and the regulator’s strict guidance on transaction reporting and in-house training.

The new obligations will create immense

have only one year to implement the reforms and become fully compliant.

www.complinet.comtel: +44 (0)870 042 6400 | fax: +44 (0)870 042 6405 | email: [email protected]

To register for a free trial, visit www.complinet.com or contact us on [email protected]

tel: +61 (2) 9994 8099 | fax: +61 (2) 9994 8008 | email: [email protected]

meet bernie madoff – the man who made off with a lot … · secrecy laws and lack of transparency...

Documents