Welcome to the ACAMS Live Chat

Securities Focus:Risk-Assessments and the

Broker-Dealer

March 9, 2011 – Noon to 1:00 PM ESTA sound check will be performed 5 minutes before

web seminar

2

Technical Assistance & Audio Broadcast

Technical Assistance • Send a message via the Q & A box• Or Call WebEx Technical Support:

(U.S.) 866-229-3239 (International) +1 916-229-3239

Attendee instructions on how to use Audio Broadcast • Do not close the Audio Broadcast panel • If you are not able to listen to the audio on your computer speakers,

press the stop button, wait 5 seconds then press play. • If you are still not able to hear audio, you will need to join the

teleconference.• To join the teleconference, first close the Audio Broadcast window.

Then click the Request Telephony button beneath the participant list.• Do not forget to enter the meeting number and your designated

attendee ID number when dialing in.

3

• Can you hear the sound check?

• It has begun

Welcome to the ACAMS Live Chat

Securities Focus:Risk-Assessments and the

Broker-Dealer

5

Moderator:John J. Byrne, CAMSExecutive Vice PresidentACAMS

Speakers:Vasilios P. Chrisos, CAMSAmericas Anti-Money Laundering andEconomic Sanctions DirectorMacquarie Group

6

Speakers:

Jay Shechter, CAMSVice President, AML CompliancePershing Advisor Solutions LLC, a BNY Mellon Co.

Importance of Risk Assessments

• Compliance expectation

• Central focus of regulatory examinations

• Anchors the entire AML and sanctions risk management framework

• Facilitates the allocation of compliance resources

• Sound business practice

7

US Regulatory Guidance

• Institutions should not only assess risk within individual business lines, but also on a consolidated basis across all activities and legal entities.

• BSA / AML and OFAC risk assessments should be an ongoing processes, and not just a one-time exercises.

• Institutions should reassess their BSA / AML & OFAC risks at least every 12 to 18 months.

• Risk assessments should also be revisited more frequently if and when there are material changes in the facts and circumstances of the underlying businesses.

• Institutions structure their BSA / AML & OFAC compliance programs to adequately address its risk profiles (as determined by the risk assessments).

8

The revised Federal Financial Institutions Examinations Council (FFIEC) Bank Secrecy Act / Anti-Money Laundering (BSA / AML) Examination Manual recommends that:

International Standards• Financial Action Task Force (FATF)

“Guidance on the Risk-Based Approach to Combating Money Laundering and Terrorist Financing – High Level Principles and Procedures” (June 2007)

• Basel Committee on Banking Supervision“Compliance and the Compliance Function in Banks” (April 2005)

• The Wolfsberg Group“Guidance on a Risk-Based Approach for Managing Money Laundering Risks”

• The United Kingdom Joint Money Laundering Steering Group (JMLSG)

“Prevention of Money Laundering / Combating the Financing of Terrorism” (November 2009)

9

Key Attributes for Success• Executive sponsorship

• Active participation from key stakeholders

• Identification of relevant risk categories / factors

• Comprehensive in terms of depth and breadth

• Applied consistently throughout the enterprise

• Consensus of LOB executive management

• Approval by the appropriate committees

• Risk philosophy and risk assessment methodology are clearly described and documented

10

Commonly Cited Weaknesses

• Risk assessments were not performed / documented

• Risk assessments did not incorporate all line of business or entities

• Assessments did not consider all major risk categories

• Policies did not specify frequency of updates / re-assessments

• Lack of methodology for assigning risk levels to customers

• Policies and procedures not commensurate with institution’s risk profile

11

Key Stakeholders

12

BSA / AML OfficerBSA / AML Officer

AML SteeringAML SteeringCommitteeCommittee

RegulatorsRegulators

LOB ExecutiveLOB ExecutiveManagementManagement

ComplianceCompliance& &

Info TechInfo Tech

Internal AuditInternal Audit

Risk AssessmentRisk Assessment

Determine the population / inventory of business units, legal entities, etc.

Identify the specific risk categories to be used in the risk analysis

Identify types of products / services, customer base, and geographic locations unique to the institution.

Map applicable laws and regulations to business units, legal entities, etc.

Identify key “knowledge”personnel in each BU

Conduct interviews with key personnel

Administer surveys or questionnaires

Review pertinent documents and other BU-specific information

Prepare interview notes and process maps

Validate information obtained with BU management

Prepare final report outlining the risk assessment methodology, procedures performed, and assessment results

Construct “heat maps”summarizing the inherent and residual risks across all business units

Prepare workpapers containing all of the documentation supporting the risk assessment exercise

Obtain requisite approvals

Address key issues stemming from risk assessments

Revisit AML compliance program to determine whether it aligns to institution’s risk profile

Implement modifications to AML compliance program, as necessary

Monitor for changes in the institution’s business strategy and / or operating model and assess impact on money laundering / terrorist financing risk profile

Develop matrix of inherent risks against pre-determined categories

Analyze data and information obtained

Determine the inherent risk across each of the pre-determined risk categories

Assess mitigating factors

Evaluate overall residual risk for each in-scope line of business, legal entity, etc.

Gain concurrence from BU management

Project Management

AligningReportingRisk ratingInformationgathering Planning

Sample Risk Assessment Approach

Ongoing Communication with Key Stakeholders

BU Risk Assessments Program Development & Execution Risk Reporting

Escalation

Formalized, Documented Process

• A formal process that considers all elements, stakeholders, inherent risk, and residual risk within a documented, defensible and maintainable form

• Reporting is key to managing operational risk, regulatory need, and to influencing future risk assessments

Governance Policies and Procedures

Program Monitoring

Evaluation

Internal Metrics

Formally Linking Risk Scores to Practices

Transaction Monitoring /Case Mgmt

ClientOnboarding

Executive Sponsorship / Advocacy

SARReporting

OFAC /Sanctions

EmployeeTraining

• Allows for a phased implementation approach based on risk.• Initial roll-out to those business units more likely to be used as conduits for money laundering / terrorist

financing activities (e.g., business units deemed high risk after conducting the risk assessments).• Other factors that would be considered during the completion of the risk assessments and would

potentially impact the phased roll-out would be business units with multiple source systems, existence of data warehouses, known data quality issues, and the extent of manual monitoring procedures already in place.

BSA/AML Risk Assessment Factors

Primary Factors• Customer and Entities• Geographic Locations• Products and Services• Distribution Channels• Funds Flow• Terms of Settlement /

Delivery

Secondary Factors• SARs Filed• 314(a) and 314(b)

Referrals• Subpoena Volume

15

Controls / Mitigating Factors

• Organizational structure and tone

• Business practices

• IT infrastructure and transaction monitoring capabilities

• BU-specific policies and procedures

• Employee training and awareness

• Results of prior internal and external program assessments

• Issue / incident resolution process

16

Inherent Risk - Controls / Mitigating Factors = Residual Risk

17

RESIDUAL RISK MATRIX Quality of Risk Management

InherentRisk

Satisfactory Needs Improvement Deficient

High M H H

Medium L M H

Low L L M

Broker-Dealer Risk Assessments

• In 2010, FINRA released an updated version of the AML Template for Small Firms

– New version recommends a risk assessment as a “good practice”

– Guidance notes that a risk assessment is a “useful tool for demonstrating to your firm’s examiner that the firm used a reasonable approach for designing its AML program.”

– Stresses the importance of developing internal controls to identify when circumstances change

Source - http://www.finra.org/Industry/Issues/AML/p006340

Assessing Risk in the Clearing/Introducing Firm Model

• FINRA enforcement actions have cited failures by clearing firms to adequately assess AML risks associated with introducing firms

– Legent Clearing • Legent “did not adequately consider the money laundering risks posed by its

introducing firms,”• Noted high risk AML activities such as penny-stock liquidations and

providing clearing services to firms with “significant disciplinary backgrounds”

– Penson Financial• Penson utilized exception reports but the criteria used for the reports were

not appropriately risk based and did not identify or account for high-risk customers and activities

Beneficial Ownership Guidance

• March 2010 guidance stresses the importance of evaluating risk when reviewing and on-boarding new customers

• “The requirement that a financial institution know its customers, and the risks presented by its customers, is basic and fundamental to the development and implementation of an effective BSA/AML compliance program.”

• Procedures reasonably designed to identify and verify beneficialowners “based on the institution’s evaluation of risk pertaining to an account.”

Source – FIN-2010-G001 Guidance on Obtaining and Retaining Beneficial Ownership Information

21

Question & Answers

22

If you have questions about today’s session, please send them to

training@ACAMS.org

Thank You for Joining Us Today!

23

Next Web Seminar:

Understanding the FRAML Process

March 30, 2011 – Noon to 2:00PM EST

24

With more than 10,000 members in over 140 countries, ACAMS has been serving the AML community since 2002 through:

The CAMS certification program

A powerful career resource center

Online forums and listservsmake connections, share ideas, ask questions

Live and virtual training eventsfive annual international conferences, web seminars, live AML seminars and free live chats

Visit www.ACAMS.org for more information

25

Isn’t it time you were recognized as an expert?

Enhance your career

Broaden your expertise

Earn global recognition

Increase your earning power – by up to 14%*

*according to the ACAMS Annual AML/CFT Compensation Survey

Visit www.ACAMS.org for more information