your eyes and ears in washington, d.c. • august 2010 ... · 3 mind the gaps aml / fraud global...
TRANSCRIPT
YOUR EYES AND EARS IN WASHINGTON, D.C. • AUGUST 2010 • ISSUE 17
A PUBLICATION OF ASCELLA COMPLIANCE
www.ascellacompliance.com
������ KNOWYOURACRONYMS
CDI Credit Disability Insurance RAP Regulatory Accounting Principals RFPA Right to Financial Privacy Act NGSCM National Graduate School of Compliance Management
> IN THIS ISSUE: Protecting What’s Yours: The Case for Integrating AML and Anti-Fraud Programs · What does the Pamrapo Savings Bank settlement mean to financial institutions? · Why Be Me, When I Can Be You? · B.S.A. Corner… Bald, Short and Active! · Ascella Spotlight · In the News · K.Y.A. – Know Your Acronyms
As banks emerge from the credit crisis and the financial markets meltdown, they find
themselves operating in an industry that, in many ways, has been fundamentally
altered. The industry, regulators and the public have a renewed focus on the safety
and soundness of financial institutions and the banking system in general. This includes
a greater emphasis on risk management for financial institutions. According to Grant
Thornton’s 17th Annual Bank Executive Survey, monitoring enterprise risk management
(ERM) was audit committee members’ biggest concern and 52% of bank executives
intend to make changes to their bank’s existing risk management programs. Part of risk
management is addressing the risk of fraud. Fraud, of course, takes many forms — from
mortgage fraud to IT fraud to identify theft. Monitoring for the different kinds of risk can
strain limited resources, but banks cannot afford to turn their backs on the threat of fraud,
especially at a time when many are trying to regain their financial footing.
Banks now face increased regulatory requirements under the recently enacted Dodd-
Frank Wall Street Reform and Consumer Protection Act. In addition, financial institutions
will need to be prepared for the Federal Trade Commission’s Red Flags Rule.1 These regula-
tions require financial institutions to develop and implement formal identity theft preven-
tion programs, while also enabling the identification, detection, and response to patterns,
practices or specific activities — so-called red flags — that could indicate identity theft. The
Federal Trade Commission (FTC) can investigate any incidence of identity theft at an insti-
tution after the new compliance date of Dec. 31, 2010. Compliance efforts and evaluation
of risk management practices will demand ample time, money and staff. A recent survey
of 280 global compliance professionals found that two-thirds expect to spend more time
communicating with regulators and monitoring compliance and regulatory developments,2
even amid budget constraints.
1 For more information on the Red Flags Rule, visit www.GrantThornton.com/redflags to read a white paper on the topic: The Red Flags Rule: What financial institutions need to know2 Cost of Compliance Survey 2009, Complinet, New York, 2009. Cost of Compliance Resources.
Protecting What’s Yours:The Case for Integrating AML and Anti-Fraud ProgramsKelly D. Gentenaar
SNAPSHOT OF PAST ARTICLES:An Overview of a Joint State Examination for Money Transmitters
Prepaid Access: Issues Raised by FinCEN’s Proposed Ruling
Financial Reform Bill Elevates Consumer Protection
What does the Wachovia Settlement mean to Financial Institutions?
AML Lawsuits on the Rise: How to Stay Aware
Internet Based Business Models and Current Regulations
Consumer Financial Protection Agency: Impact on Financial Institutions
Conducting an Enterprise Wide Compliance Risk Assessment
Missed an issue?Go to www.ascellacompliance.com
and click on the ComplianceWatch page.
Y O U R E Y E S A N D E A R S I N W A S H I N G T O N , D . C . • A U G U S T 2 0 1 0 • I S S U E 1 7
How can banks address all these new demands and challenges with limited resources? The answer may not be, “Do more with less,” and simply, “Be more efficient.” Maximizing resources through the integration of specific risk management activities, such as Anti-Money Laundering (AML) compliance programs and anti-fraud groups can provide institutions with a solution. Although AML compliance and anti-fraud units have typically been separate operations, integrating these programs can go a long way toward creating efficiencies, cutting costs and protecting your bank from financial crime.
The Case for Integrating Anti-Fraud and AML
When it comes to detecting, preventing and dealing
with criminal activity, there is a natural overlap
between AML compliance and anti-fraud programs.
Although each department has long been considered
a separate unit, largely due to their unique origins,
the status quo is changing. A recent survey of 152
compliance officers working in financial services
organizations found that 36% have begun integrating
anti-fraud and anti-money-laundering functions
in their organizations and 27% plan to do so in the
future.3 Integrating AML with anti-fraud activities
can create a financial crime group that, combined,
is stronger than each individual unit. Integration can
create more opportunities to leverage the knowledge
of both anti-fraud and AML professionals, resulting
in a solid enterprise-wide approach to detecting,
investigating, and, most importantly, preventing
financial crime.
Risk mitigation through collaboration and commu-
nication can help financial institutions develop new
and valuable ways to manage reputational risk.
Stronger financial crime protection does not neces-
sarily provide a return on investment or generate
revenue, but it does have the potential to reduce
losses, enhance an institution’s reputation and
advance regulatory compliance. As Joseph Soniat,
Bank Secrecy Officer with Union First Market Bank-
shares, put it, “The biggest benefit is having most of
the ‘risk’ in the bank under one department [so that
everyone is] communicating with each other.”
AML and anti-fraud departments involve individuals
with specialized skill sets and technology. Realizing
cost savings by reducing duplicative software, consoli-
dating hardware, reducing headcount or eliminating
redundancies or roles is the most tangible benefit
in integration. However, these cost reductions can
take time to be fully realized. Other benefits of inte-
gration include control efficiencies, a lower level of
reputational risk, a safer environment for customers,
better customer service and increased regulatory
compliance.
3 Mind the Gaps AML / Fraud Global Benchmark Survey, 2009 Money Laundering & Fraud Global Benchmark Survey, Tonbeller AG, 2009. www.tonbeller.com.
The Challenge of Integration
Consolidating anti-fraud and AML efforts makes sense for many
financial institutions, but the movement toward integration did
not develop overnight. Anti-fraud and AML departments tend
to be different from each other culturally, technologically and
organizationally, which can make integration difficult.
In many ways, the origins of anti-fraud and AML departments
have shaped how these groups function and their goals. Anti-
fraud efforts have been around as long as there have been banks.
Although anti-fraud activities have evolved with the nature of the
business, anti-fraud groups have strong standing within many insti-
tutions because they are often perceived as protecting the institu-
tion’s assets.
Fraud in the 21st century has moved well beyond simple check
kiting or loan fraud schemes and now includes activities that are
often associated with security attacks, such as phishing scams, iden-
tity theft and mass credit card theft. This reality has elevated the
nature of anti-fraud programs from protecting the bank’s assets
to protecting the bank’s reputation. Even if a bank does not lose
money as a result of fraud, its reputation could suffer if its customers
are victims of fraud or if the bank is somehow a conduit in the
commission of fraud.
In contrast, AML departments have evolved in response to regula-
tory requirements, beginning with the passage of the Bank Secrecy
Act of 1970 (BSA), which stipulates that financial institutions take an
active role in detecting and preventing money laundering. Addition-
ally, legislation spurred by policy changes and world events has also
modified AML program requirements. Although AML activities took
on even greater importance following the Sept. 11 terrorist attacks
and the passage of the USA PATRIOT Act to block funding of terrorist
networks, the AML department still tends to be viewed as a compli-
ance function and cost center, albeit a very important one.
“In the case of fraud, financial institutions have a clear interest in
expending significant resources to combat this crime taking place
within their businesses. This obviously makes selling the business
www.ascellacompliance.com
case for fighting fraud within your institution easier, because there is a tangible
impact on your institution’s bottom line,” said James Fries, director of the
Financial Crimes Enforcement Network (FinCEN) in a March 2009 speech.
However, Director Fries noted that AML is sometimes viewed as an expense
driven by regulatory requirements because the benefits of running an effec-
tive AML and CFT (Combating the Financing of Terrorism) program accrue to
the overall financial system and society at large. “Money is spent by the institu-
tion for technology and personnel necessary to detect and report suspicious
activity, but there is little for the bank to recover to make up for their expendi-
tures,” he said. “For the financial institution, the business case for fighting fraud
is a much easier argument to make if every investigation aims at least in part to
recover proceeds of fraud.”
The intent of AML regulations is to safeguard the financial system; there-
fore these regulations benefit the financial system as a whole, while the cost
is incurred by individual institutions. However, the information that an AML
group is required to review and collect through regulations is not unlike the
information and data that an anti-fraud group would collect during the course
of an investigation. Again, the cross point of fraud and money laundering is
financial crime. Fraudulently obtained proceeds must be integrated into the
financial system through money laundering. Although one institution may
be the victim of a fraud, the proceeds of that crime may be laundered at a
different institution. By integrating the skills, data collection and technology
resources of AML and anti-fraud groups, institutions have better visibility into
the lifecycle of financial crime. Knowing the lifecycle is the first step in creating
a program of prevention against financial crime.
Building an Effective Financial Crime Prevention Framework
The key differences between anti-fraud and AML efforts that make integration
so challenging are also what make integration so compelling. For one thing,
anti-fraud efforts tend to focus on identifying the types of fraud activity that
have already happened in the institution and then taking steps to reduce
resulting losses and to guard against the activity reoccurring. AML is focused
on preventing activity — namely, money laundering. By applying the AML
framework to anti-fraud activities, financial institutions can leverage AML’s
proactive strengths — risk assessment, transaction monitoring and customer
due diligence to establish pattern analysis and employee training — to
enhance anti-fraud outcomes and to improve asset protection.
For example, one of the requirements of an effective AML program is to
train tellers and other employees to identify the red flags associated with
potential money laundering transactions. Modifying and expanding those
programs to include training on how to identify red flags associated with other
types of fraudulent transactions can lead to more proactive and potentially
more effective anti-fraud activities at the teller level and for other employee
positions, including the back-office assigned the responsibility of reviewing
transactions after-the-fact.
Integration can also plant the seeds for a more comprehensive and effi-
cient approach to identifying, preventing and addressing financial crime in
general. By conducting a risk assessment that includes all departments, insti-
tutions can gain a broad view of their vulnerabilities to all forms of financial
crime, including crimes committed against the institution (bank fraud), crimes
committed through the institution (money laundering), and crimes committed
against customers (customer security). This exercise can be followed by the
implementation and use of technology to
monitor and assess all types of potential crime
within the institution.
An integrated anti-fraud/AML approach
and framework can help prevent many types
of fraud. Consider this situation: An indi-
vidual contacts customer service to change
the phone number on a line of credit. The
next day, the same customer wires $200,000
from that line of credit to a country in Africa.
Once the first wire transfer goes through,
the customer tries to wire another $100,000
from the same line of credit, once again to
Africa. The second transaction is flagged only
because a loan officer notices that the phone
number listed in the loan file is an overseas
phone number. As a result, the second wire
transfer is not completed, but the bank is
unable to recover any of the funds from the
first wire transfer. If the loan officer had not
happened to notice the phone number issue,
the bank’s loss could have been much greater.
Rather than relying on appenstance, an
integrated anti-fraud and AML approach and
framework would have identified a number
of red flags in this situation. If the customer
had never borrowed against the line of credit
before this transaction or had never made
a domestic or overseas wire transfer, the
transaction should have been flagged as an
anomaly. In addition, effective security proto-
cols would not have allowed a customer to
make a change to his or her profile without
providing detailed account information.
Finally, a request for an international wire
transfer in funds from an equity line of credit
is generally a cause for concern.
In short, this type of transaction should
automatically trigger a closer look from AML
personnel. Unlike credit card and check fraud,
which are more difficult for AML programs to
review, international wire transfer monitoring
and review are critical AML functions and
should be within AML’s purview in this situ-
ation. A better approach would be to allow
multiple layers of monitoring and reviews
of transactions conducted through the call
center, the home loans department and
wire transfers. In that type of structure, AML,
fraud prevention and security all have the
opportunity to review this type of transac-
tion and prevent fraudulent transactions from
occurring.
Y O U R E Y E S A N D E A R S I N W A S H I N G T O N , D . C . • A U G U S T 2 0 1 0 • I S S U E 1 7
Next Steps
Anti-fraud and AML integration can take place at almost any time if
the bank has already prepared the groundwork. However, there are
some circumstances that particularly lend themselves to integration.
For example, financial institutions undergoing a merger or acquisi-
tion can make integration part of the larger transition to the new
organization.
Before financial institutions integrate anti-fraud and AML activities,
it is important to understand all aspects of the integration, including
people, costs, software, scope of activities for both departments, and
reporting structure. It is also important to identify the reasons why
the two departments were initially separate and determine whether
those reasons are still valid. What does each department focus on
and how are they different? In some cases, financial institutions find
integration to be a long-term process. Although the process may
be more difficult at larger and more complex institutions, the payoff
from that integration is also potentially larger.
Making Integration Work
The following six elements are both required
elements of an AML program and best practices
of a fraud program and can be considered as
guidelines for integrating both programs.
Risk Assessment. Identifying the risks a bank faces
in terms of financial crime is the primary element of
a strong program. For example, if the institution has
correspondent banking activity, which poses a high
risk for money laundering activity, or provides lending
services that can be susceptible to mortgage fraud,
those risks should be identified and documented.
Due Diligence. An integrated AML/anti-fraud
group includes a process for evaluating the bank’s
due diligence, including what types of customer
information the bank collects and whether that
information is sufficient to help the bank understand
its customers and prevent financial crime.
Monitoring. Monitoring transaction patterns is
required for AML compliance. Banks with separate
systems for anti-fraud controls and AML activities
could save money and create efficiencies by
combining monitoring systems.
Segregation of duties. From an AML standpoint,
segregation of duties helps to ensure that no activities
are omitted from scrutiny. However, segregation of
duties is also of paramount importance in detecting
and preventing internal fraud. If no one person
handles end-to-end transactions, employees have
less opportunity to commit fraud.
Comunication. Inter-departmental communication
is extremely important and, in many financial
institutions, there is already some ongoing
communication between anti-fraud and AML
departments.
Training. Employees who deal with customers
and employees who are responsible for reviewing
transactions and activities both need to be aware
of trends and types of criminal activities in order to
spot red flags before a transaction is approved.
A successfully integrated AML/anti-fraud group is greater than the sum of its parts [...] reducing potential losses, strengthening compliance and, perhaps most importantly in today’s environment, enhancing the bank’s reputation and ensuring customer and regulator trust.
www.ascellacompliance.com
Conclusion
As the economy recovers, many financial
institutions are focused on reducing costs and
increasing efficiency. However, any institution that
pursues AML/anti-fraud integration should keep
in mind that a successfully integrated AML/anti-
fraud group is greater than the sum of its parts and
provides the institution with stronger protection
against financial crime, thereby reducing potential
losses, strengthening compliance and, perhaps
most importantly in today’s environment,
enhancing the bank’s reputation and ensuring
customer and regulator trust.
Kelly Gentenaar is a Senior Manager in the Forensic
Accounting and Investigative Services division of Grant
Thornton LLP. She devotes most of her practice to
identifying and tracing assets, particularly the proceeds
of fraud and corruption. She has conducted
background investigations for state gaming agencies
and for corporate and individual applicants. She specializes in
compliance with the US Foreign Corrupt Practices Act and advises
companies on how to avoid FCPA violations and remediate compliance
problem areas. She has worked closely with the U.S. Department of
Justice in managing large-scale international forensic accounting
investigations and serves as advisor to financial institutions on
compliance with BSA requirements and other regulatory issues. She can
be reached at [email protected].
1 Assess current activities.A successful integration begins with a clear understanding of what
is required from one end of each process to the other. Therefore,
the first step toward integration is conducting an inventory of the
activities of the anti-fraud and AML departments, the functions and
business units each department covers, and the controls each is currently using
to fulfill its mission. This is also the time to evaluate the tools each department
uses to determine whether opportunities for efficiency gains exist. For
example, if each department is using a different type of transaction-monitoring
software, is one better able to meet the bank’s needs relative to its cost?
When an institution does decide to integrate anti-fraud and AML, there are several important steps in this process:
3 Preserve the strength of each department.
While looking
for potential
efficiencies, redundancies and
cost-cutting opportunities
is an important part of
integration, it is not the
only focus. Banks must also
look for areas where there
is no overlap between anti-
fraud and AML. For example,
if the anti-fraud group is
charged with reviewing
mortgage documentation
during every mortgage
transaction and AML has no
role in that process at all, it
may be possible to leverage
those anti-fraud activities to
strengthen AML. At the same
time, there may be areas of
weakness or functional gaps in
the anti-fraud group that can
be addressed by leveraging
processes and activities from
AML compliance.
2 Develop a plan.Once each department has been evaluated, it is possible to develop
an integration plan. In many cases, anti-fraud and AML groups are
using very different technology and may be in different physical
locations. Investments in training and new technology may also be
necessary to support the newly integrated group. In addition, each employee
can be measured for fit against required performance levels. If necessary,
banks may need to recruit new talent to handle the work of the new group.
It is important to keep in mind the human element involved in integration. Inte-
gration, particularly when efficiencies and effectiveness are goals, can be unset-
tling. The nature of employees’ work is likely to change, and they may be reassigned
or laid off. Therefore, it is important to maintain sensitivity and to help people who
are worried about change continue to be effective until the process is completed.
Support and expertise from the human resources department can help deal with
these issues. In addition, senior management should not only be involved in the inte-
gration of the groups, but also should communicate the choices and decisions that
have led to the integration of all the employees involved.
Content in this publication is not intended to answer specific questions or suggest suitability of action in a particular case. For additional informa-
tion on the issues discussed, consult a Grant Thornton client service partner.