Anti-Money Laundering (AML) Taking a company-wide approach
February 2014
• Themes
• Moving beyond tick the box
• Bringing regulatory compliance to the heart of the
business
OR
• Keeping the CEO out of trouble
• Content
• Governance
• Risk Management
• Monitoring
• Updates
Introduction
2
A comprehensive framework for AML compliance
3
Governance
Operations
Risk Management
Awareness
Monitoring
Good governance relates to:
• Leadership
• Strategic
• Risk appetite
• Culture
• Management
• Policies
• Guidance
• Processes
• Clarity of scope
• FCA’s Handbook
• Senior Management Arrangements, Systems & Controls (SYSC)
Governance is the process of decision-making and control
4
Governance
Governance models
5
A - Divisional Framework
B - Federal Framework
C - Enterprising
Governance
• Board executive responsibility
• Global minimum policy
• Risk appetite articulated to Divisions, Business Units
• Oversight resource allocation proportionate to extent of
delegated risk appetite
• Delegated risk managed at regional level
• Mechanisms for assurance on adequacy of controls
• Good management information
• Eliminate duplication / leverage synergies to reduce costs
The best model takes a number of these features
6
Governance
1. Adopt formal Financial Crime / AML Policies
2. A defined governance and oversight structure
3. Defined AML roles and responsibilities
• Designated MLRO
• Designated Nominated Officer
4. Defined clear approval/ escalation process (CDD / SARs)
• Defined internal path
• Established governing body roles and responsibilities
5. Defined AML training & awareness strategy
For AML, your best governance model must include…
7
Governance
Overlay the Three Lines of Defence Model
8
First line of defence
Second line of defence
Third line of defence
Increasing regularity of
review
Governance
The Financial Crime governance model in practice
9
Financial Crime Committee
AML Sanctions Bribery Fraud Market Abuse
Data Security
Shared Services
Intelligence
• Larger organisations are more likely to have more complex organisational structures
• Amalgamation of Financial Crime areas may provide efficiencies • Centralised / holistic organisation recommended
Audit Committee Group / Board
Executive Committee
Risk Committee Compliance Committee
Governance
How are outputs shared?
Committee meetings should include the following topics
10
Agenda items will be driven by:
• Business type • Activity • Key risks • Issues
• Regulatory horizon • FCA thematic reviews • Emerging risks • Hot topics • MI • Strategic activities which may
impact Financial Crime • Oversight / Assurance / Audit
plans • Projects (e.g. remediation) • Intelligence
Governance
Attendance Active Engagement
Challenge
Getting the policy and procedures right
11
Group Policy
& Risk Appetite Statement
Guidance
Procedures
Desktop Manuals
Governance
• Due diligence is determined via a Risk Based Approach
• This allows for focused time and effort on the highest risk
customers
Due diligence effort is determined by risk rating
12
Risk
Management
Low risk ‘Simplified’ or lesser amount of due diligence
Medium risk ‘Standard’ due diligence (i.e. more than ‘Low’)
High risk ‘Enhanced due diligence’ (EDD)
Customer due diligence should drive risk management
13
Ind
ivid
ual
s Le
gal E
nti
ties
• Verify identity • Identify sources of
income / wealth • Identify proposed
use of the account
• Identify legal structure • Identify type of business • Identify beneficial owners • Identify source of funds /
client’s own customer base
• Identify intended use of the account
• Where is the money coming from?
• Is the activity consistent with what is known about the client (KYC)?
• Is the activity consistent with the product/ account type?
• Where is the money going?
• Who owns / controls the money?
Information Intelligence
Risk
Management
Intelligence informs your customer’s risk profile
14
• High risk customer? • Business type • Connection to PEPs • Anticipated activity • Sanctions targets
• High risk country? • Country of residence • Country of prime business • Connections to sanctions • Source of funds
• High risk product? • Service offered • Product facilities • Restrictions on the product • Speed on transaction size • Delivery channels
• Suspicious activity? • Meets with Risk Appetite?
Information Intelligence
Risk
Management
• Enhanced due diligence is required…
• No face-to-face meeting with the client
• The client is a PEP
• The client is a correspondent
• Any other situation with elevated ML/TF risk
• Enhanced Due Diligence is a more robust level of due
diligence including:
• Enhanced monitoring
• Periodic review
• Negative news searches
• Politically Exposed Person (PEP) searches
• Due diligence on controlling persons and related parties
• Additional documentation gathering
EDD must be applied for higher risk customers/accounts
15
Risk
Management
• Legal risk
• Reputational risk
• Regulatory risk
• FCA’s “Thematic Review for High Risk Money Laundering Risk
Situations” and in its “Guide for Firms”
• 4th EU Money Laundering Directive – Domestic PEPs inclusion
• Financial risk
• Recent enforcement action
• Political corruption risk
• Standard Customer Due Diligence (CDD) is not sufficient
• PEPs are becoming more effective in hiding their identity
PEPs are a higher risk category of customer
16
Risk
Management
• New client approval
• Identification of existing clients
• Enhanced Due Diligence (EDD)
• Enhanced monitoring
• Reviews – existing PEP clients
• Training and education
Controls are required for PEP risk management
17
Risk
Management
An approach to PEP risk management is recommended
18
Screening Decision EDD Approval Ongoing Review
Decision based on: • Discounting • Judgement • Profile • Control • Public sources • Adverse media • Country risk • Sanctions risk • Reputation
Management Information (MI)
Risk
Management
• PEP profile
• Actual vs. Connected, Current vs. former etc.
• e.g. Actual current PEP = High
• Adverse media
• Money Laundering
• Terrorist Financing
• Fraud, Bribery & Corruption
• Sanctions and Regulatory fine/censure
• Current, recent, historic news
• e.g. Current conviction or charge of money laundering = High
• Country risk association
• Use of Country Risk Ratings
• Based on individual's Country or Residence etc.
• e.g. Individual is a UK ambassador in Syria and has been a
resident of Syria for > 3 years = High
An example of a PEP risk assessment methodology
19
Risk
Management
Country risk is relevant to PEP risk management
20
Risk
Management
Country impacts
• Residency (& nationality) • Client’s place of prime
business
• Business factors
• Source of funds
• Funds destinations
Country risk indicators For example: • Membership of FATF • Membership of regional
FATF • FATF Strategic deficiencies • Transparency International
CPI Score • US INSCR reports • IMF review status / reports • OFAC status
Country risk scoring High risk
Medium risk Low risk
• Methodology output can be used to drive:
• Due diligence requirements
• Frequency and level of ongoing monitoring
• Overall view of PEP risk distribution
• Accurate MI and board reports
• Improved ability to drive business decisions
• Deeper understanding of risks posed
• Ensure customer base aligned to firm’s risk appetite
Benefits of PEP risk assessment include…
21
Risk
Management
• Global policy must have clarity on minimum standards
• Documented procedures should reflect business operations
• Golden source of data is used across business and
jurisdictions effectively
• Intelligence (e.g. from SARs) is used effectively in-house
• Processes are owned and over sighted
• Transaction monitoring systems are efficient and effective
• Synergies between relevant processes optimised
• Record keeping is comprehensive
Monitoring of systems and controls is vital
22
Monitoring
• 4th EU Money Laundering Directive
• Bribery & Corruption –fining on JLT Speciality Limited
• Market Abuse Directive
• Future FCA thematic reviews
Regulatory update
23
Wrap Up
24
Questions
25
Wrap up
26
Governance
Operations
Risk Management
Awareness
Monitoring