FATF

FATF

Identify the three important tasks that FATF focuses on.

Spreading the anti-money laundering message worldwide,
Monitoring implementation of the FATF Recommendations among FATF members, and
Reviewing money laundering trends and countermeasures
FATF

According to the FATF 40 Recommendations, the complete set of countermeasures against money laundering and terroris financing covers what 5 elements?

The identification of risks and development of appropriate policies,
The criminal justice system and law enforcement,
The financial system and its regulation,
The transparency of legal persons and arrangements, and
International cooperation.
FATF

Describe the FATF's Recommendation 15 (2012) on new technologies.

Countries and financial institutions should assess the risks associated with developments of new products, business practices, delivery mechanisms and technology. Financial institutions should assess these risks prior to launching new products; they should also take appropriate measures to mitigate the risks identified.
THE BASEL COMMITTEE ON BANKING SUPERVISION

What are six principles set forth in the Basel Committee's Statement of Principles called "Prevention of Criminal Use of the Banking System for the Purpose of Money Laundering"?

In 1988, the Basel Committee issued a Statement of Principles called “Prevention of Criminal Use of the Banking System for the Purpose of Money Laundering” in recognition of the vulnerability of the financial sector to misuse by criminals. This was a step toward preventing the use of the banking sector for money laundering, and it set out principles with respect to:
Customer identification,
Compliance with laws,
Conformity with high ethical standards and local laws and regulations,
Full cooperation with national law enforcement to the extent permitted without breaching customer confidentiality,
Staff training, and
Record keeping and audits.
THE BASEL COMMITTEE ON BANKING SUPERVISION

Identify the seven specific customer identification issues as identified in the Base; Committee's October 2001 paper called "Customer Due Diligence for Banks."

Trust, nominee and fiduciary accounts,
Corporate vehicles, particularly companies with nominee shareholders or entities with shares in bearer form,
Introduced businesses,
Client accounts opened by professional intermediaries, such as “pooled” accounts managed by professional intermediaries on behalf of entities such as mutual funds, pension funds and money funds,
Politically exposed persons,
Non-face-to-face customers, i.e., customers who do not present themselves for a personal interview, and
Correspondent banking.
BASEL COMMITTEE ON BANKING SUPERVISION

What are the four key elements of Know Your Customer (KYC) as identified in the Basel Committee's October 2001 paper called "Customer Due Diligence for Banks"?

Customer identification,
Risk management,
Customer acceptance, and
Monitoring.
THE BASEL COMMITTEE ON BANKING SUPERVISION

Describe the elements that should be addressed in a global approach to KYC identified in the Basel Committee's October 2004 paper called "Consolidated KYC Risk Management."

The Basel Committee’s October 2004 paper called “Consolidated KYC Risk Management” addresses the need for banks to adopt a global approach and to apply the elements necessary for a sound KYC program to both the parent bank or head office and all of its branches and subsidiaries. These elements consist of:
Risk management,
Customer acceptance and identification policies, and
Ongoing monitoring of higher-risk accounts.
EUROPEAN UNION DIRECTIVES ON MONEY LAUNDERING

How does the scope of the European Union's Third Money Laundering Directive differ from the Second Money Laundering Directive?

It specifically includes the category of trust and company service providers,
It covers all dealers trading in goods who trade in cash over 15,000 Euros, and
The definition of financial institution includes certain insurance intermediaries.
USA PATRIOT ACT

How is a private banking account defined under Section 312 of the USA Patriot Act?

Under Section 312 of the USA Patriot Act, a private banking account is defined as an account with a minimum aggregate deposit of $1 million for one or more non-U.S. persons and which is assigned to a bank employee acting as a liaison with the non-U.S. person.
EUROPEAN UNION DIRECTIVES ON MONEY LAUNDERING

What was the primary way in which the European Union's Second Directive on Prevention on the Use of the Financial System for the Purpose of Money Laundering (2001) expanded the scope of the First Directive.

The European Union’s Second Directive on Prevention on the Use of the Financial System for the Purpose of Money Laundering (2001) extended the scope of the First Directive beyond drug-related crimes. The definition of “criminal activity” was expanded to cover not just drug trafficking, but all serious crimes, including corruption and fraud against the financial interests of the European Community.
USA PATRIOT ACT

According to Section 312 of the USA Patriot Act, the due diligence program for foreign correspondent accounts must address what three measures?

The due diligence program for foreign correspondent accounts for non-U.S. persons must include “appropriate, specific and risk-based,” and, where necessary, enhanced policies, procedures and controls reasonably designed to identify and report suspected money laundering in a correspondent account maintained in the United States. This due diligence program must also be included in the institution’s anti-money laundering program. The due diligence program must address three measures:
Determining whether enhanced due diligence is necessary,
Assessing the money laundering risk presented by the correspondent account,
Applying risk-based procedures and controls reasonably designed to detect and report suspected money laundering.
FATF

According to FATF's Recommendations (2012), what are the designated thresholds for transactions under Recommendations 10, 22, and 23?

FATF also designated specific thresholds that trigger AML scrutiny. For example, the threshold that financial institutions should monitor for:
occasional customers is €15,000 [Recommendation 10];
casinos, including Internet casinos, it is €3,000 [Recommendation 22]; and for
dealers in precious metals, when engaged in any cash transaction, it is €15,000 [Recommendation 22-23].
FATF

Describe FATF's Recommendations 20-21 (2012) on
suspicious transaction reporting and liability

The Recommendations say that financial institutions must report to the Financial Intelligence Unit where they suspect or have reasonable grounds to suspect that funds are the proceeds of a criminal activity or are related to terrorist financing. The financial institutions and the employees reporting such suspicions should be protected from liability for reporting and should be prohibited from disclosing that they have reported such activity.
THE WOLFSBERG GROUP

According to the Wolfsberg Anti-Money Laundering Principles for Private Banking (2000), what are situations for private banking that require further due diligence?
PEPs: Public officials, including individuals holding, or having held, positions of public trust, as well as their families and close associates,
High-risk countries, including countries “identified by credible sources as having inadequate anti-money laundering standards or representing high-risk for crime and corruption,” and
High-risk activities, involving clients and beneficial owners whose source of wealth “emanates from activities known to be susceptible to money laundering.
FATF

Identify the seven topics of international standards incorporated into the FATF 40 Recommendations (2012).

AML/CFT policies and procedures [Recommendations 1-2],
money laundering and confiscation [Recommendations 3-4],
terrorist financing and financing of proliferation [Recommendations 5-8],
financial and non-financial institution preventative measures [Recommendations 9-23],
transparency and beneficial ownership of legal persons and arrangements [Recommendations 24-25],
powers and responsibilities of competent authorities and other institutional measures [Recommendations 26-35], and
international cooperation [Recommendations 36-40].
FATF

Describe FATF's Recommendation1 (2012) on the risk-based approach.

Countries should start by identifying, assessing and understanding the money laundering and terrorist financing risks they face. Then they should take appropriate measures to mitigate the identified risks. The risk-based approach allows countries to allocate their limited resources in a targeted manner to their own particular circumstances, thereby increasing the efficiency of the preventative measures. Financial institutions should also use the risk-based approach to identify and mitigate the risks they face.
MAINTAINING AN AML/CFT RISK MODEL

Why is it important to continue to update and revisit risk assessments?

Risk is dynamic and needs to be continuously managed. It should also be noted that the environment in which each organization operates is subject to continual change.
Externally, the political changes of a jurisdiction or whether economic sanctions are imposed or removed may impact a country-risk rating.
Internally, organizations respond to market and customer demands by introducing new products and services and implementing new delivery systems.
The combination of these changes makes it critical that the ML/TF risk model is subject to regular review. In some countries, there is a legislative obligation for such reviews to be undertaken on a regular basis — usually annually or when new products, delivery channels or customer types are introduced.
AML/CFT RISK SCORING

What does FATF recommend considering when assessing risk?

When assessing risk, FATF recommends considering:
Customer risk factors such as
non-resident customers,
cash-intensive businesses,
complex ownership structure of a company, and
companies with bearer shares.
Country or geographic risks such as
countries with inadequate AML/CFT systems,
countries subject to sanctions or embargos,
countries involved with funding or supporting of terrorist activities, or
those with significant levels of corruption.
Product, service, transaction or delivery channel risk factors such as
private banking,
anonymous transactions, and
payments received from unknown third parties.
ASSESSING THE DYNAMIC RISK OF CUSTOMERS

What are some factors an institution should consider when
assessing the dynamic risk of its customers?

As every financial institution develops transaction history with customers, it should consider modifying the risk rating of the customer, based on:

Unusual activity, such as alerts, cases and suspicious transaction report (STR) filings.
Receipt of law enforcement inquiries, such as subpoenas.
Transactions that violate economic sanctions programs.
Other considerations, such as significant volumes of activity where it would not be expected, such as a domestic charity engaging in large international transactions or businesses engaged in large volumes of cash where this would not normally be expected.
AML/CTF RISK IDENTIFICATION - GEOGRAPHIC LOCATION

What are some sources of identifying coutries that pose heightened geographic risk?

The US State Department issues an annual “International Narcotics Control Strategy Report” rating more than 100 countries on their money laundering controls
Transparency International publishes a yearly “Corruption Perceptions Index,” which rates more than 100 countries on perceived corruption
FATF identifies jurisdictions with weak AML/CFT regimes and issues country-specific Mutual Evaluation Reports
In the United States certain domestic jurisdictions are evaluated based on whether they fall within government-identified higher-risk geographic locations such as High Intensity Drug Trafficking Areas (HIDTA) or High Intensity Financial Crime Areas (HIFCA).
SYSTEM OF INTERNAL POLICIES, PROCEDURES, AND CONTROLS

What are some examples of internal controls, outside of policies and procedures?

While policies and procedures provide important guidance, the AML/CFT program also relies on a variety of internal controls, including management reports and other built-in safeguards that keep the program working. These internal controls should enable the compliance organization to recognize deviations from standard procedures and safety protocols. A matter as simple as requiring a corporate officer’s approval or two signatures for transactions that exceed a prescribed amount could be a critical internal control element that if ignored seriously weakens an institution’s AML/CFT program and attracts unwanted attention from supervisory authorities.
THE COMPLIANCE FUNCTION

What factors should be considered when determining the sophistication of a compliance function within an institution?

The sophistication of the compliance function should be based upon the institution’s nature, size, complexity, regulatory environment, and the specific risk associated with the products, services, and clientele. No two institutions will have exactly the same compliance structure because the risk facing each institution is going to be different, as identified in their respective risk assessments.
COMMUNICATION

Why is it critical that the Compliance Officer have good communication skills?

The compliance officer must also have the means to communicate at all levels of the organization — from front-line associates all the way up to the CEO and Board of Directors. It is critical for a compliance officer to be capable of articulating matters of importance to senior and executive management, particularly significant changes that may present risk to the organization, such as a sudden or substantial increase in STRs or currency transaction reports (CTRs). Other items of concern that need to be escalated to management may include changes to laws or regulations that may require immediate action. A compliance officer must have the skills necessary to be able to analyze and interpret these ongoing changes, determine what effect they may have on the institution, and suggest an action plan when appropriate.
DESIGNATION AND RESPONSIBILITIES OF A COMPLIANCE OFFICER - DELEGATION OF AML DUTIES

What controls should a Compliance Officer consider over an AML duty that has been delegated?

The compliance function may establish risk-based quality assurance reviews and monitoring and testing activities to ensure the functions are being performed appropriately. This may include
a review of the CDD collected to ensure completeness,
monitoring reports of CDD completeness or defects to ensure the systems are working as expected, and
performing testing to assess whether the monitoring and the business performance are satisfactorily measuring and ensuring compliance.
AML/CTF TRAINING - WHO TO TRAIN

What are some of the target audiences for training?

Customer-facing staff
Operations personnel
AML/CFT compliance staff
Senior management and board of directors
Independent testing staff
AML/CTF TRAINING - HOW TO TRAIN

Why is it important to have a test at the end of a training session?

Tests should be considered as a means to evaluate how well the training is understood with a mandatory passing score.
AML/CTF TRAINING - WHEN TO TRAIN

When should an institution conduct training?

An institution’s training should be ongoing and on a regular schedule.
Existing employees should at least attend an annual training session.
New employees should receive appropriate training with respect to their job function and within a reasonable period after joining or transferring to a new job.
Situations may arise that demand an immediate session. For example, an emergency training session may be necessary right after an examination or audit that uncovers serious money laundering control deficiencies. A news story that names the institution or recent regulatory action, such as a Consent Order, might also prompt quick-response training. Changes in software, systems, procedures or regulations are additional triggers for training sessions.
KNOW YOUR CUSTOMER/CDD

According to FATF, when should an institution conduct CDD?

FATF recommends that financial institutions should be required to undertake CDD measures when:

Establishing business relationships.
Carrying out occasional transactions under certain circumstances.
There is a suspicion of money laundering or terrorist financing.
The financial institution has doubts about the veracity or adequacy of previously obtained customer identification data.
EDD

According to FATF, when should an institution c onduct enhanced due diligence on a customer?

FATF indicates that when there are circumstances where the risk of money laundering or terrorist financing is higher, enhanced CDD measures should be taken.
EDD FOR HIGHER RISK CUSTOMERS

What are some examples of enhanced due diligence for higher risk customers?

A financial institution should consider obtaining additional information from high-risk customers such as:
Source of funds and wealth.
Identifying information on individuals with control over the account, such as signatories or guarantors.
Occupation or type of business. Financial statements.
Banking references. Domicile. Proximity of the customer’s residence, place of employment, or place of business to the bank.
Description of the customer’s primary trade area and whether international transactions are expected to be routine.
Description of the business operations, the anticipated volume of currency and total sales, and a list of major customers and suppliers.
Explanations for changes in account activity.
ACCOUNT OPENING, CUSTOMER IDENTIFICATION AND VERIFICATION

According to FATF, when should the identity of a customer be verified?

A bank should not establish a banking relationship, or carry out any transactions, until the identity of the customer has been satisfactorily established and verified in accordance with FATF Recommendation 10.
CONSOLIDATED CDD

How should a global financial institution address the performance of CDD across its various operations?

Financial institutions should aim to apply their
customer acceptance policy,
procedures for customer identification,
process for monitoring higher risk accounts and
risk management framework on a global basis to all of their offices, branches and subsidiaries.
The firm should clearly communicate these policies and procedures through ongoing training and regular communications, as well as conduct monitoring and testing to ensure compliance with the policies and procedures.