Standard Chartered Bank Anti-Money Laundering ("AML") Workshop - 4th December 2013 Yangon, Myanmar
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Standard Chartered Bank
Anti-Money Laundering
(“AML”) Workshop
4th December 2013
Yangon, Myanmar
In association with Prudential Corporation Asia Anti-Money Laundering 4th December 2013 - Yangon, Myanmar
SESSION 1
Setting AML Standards for:
- Governments
- Regulators
- The Financial Sector
Mike Trigg
Group Financial Crime Risk Advisor
What is Money Laundering?
Taking the proceeds from crime and moving them through
financial institutions to disguise their illegal origin - and then
investing them to make them appear legitimate.
Proceeds from:
Drug trafficking
Fraud
Corruption
Tax evasion
4
Who sets AML standards ?
International Government and
Regulatory Agencies:
• The UN
• The Basle Committee
• IMF
• World Bank
• Financial Action Task Force (FATF) International
Standards
International Industry Groups
• Wolfsberg Group
• SWIFT
5
What are the minimum standards for
governments and regulators?
Undertake a country level risk assessment
Criminalise Money Laundering and Terrorist Financing –
link them to a wide range of predicate criminal offences
Implement legal procedures to identify and freeze
criminal assets
Create a Suspicious Activity Reporting process and a
Financial Intelligence Unit to support it
6
What are the minimum standards for
governments and regulators?
Improve Financial Transparency
Strengthen Customer Due Diligence requirements
Apply effective supervision and enforcement
Facilitate International Cooperation
Apply the programme to all relevant sectors – not just
banking and insurance
7
Who sets the standards for the
financial sector?
Regulator's
Expectations
Best
International Country
Practice
Laws and
Standards
Regulations
Industry
Guidance
Risk Based or Rule Based?
8
What do standards for the
financial sector cover?
Customer Due Diligence (‘CDD’)
Transaction Monitoring
Training and Awareness
Audit and Assurance
Governance
9
SESSION 2
Establishing a Robust
AML Programme
Mike Trigg
Group Financial Crime Risk Advisor
10An AML Programme
AML Strategy and Risk Assessment
AML Policy and Procedures
CDD Processes
Governance
Assurance
Transaction Client AML
CDD Reviews
Screening Screening Surveillance
Intelligence and Analytics
Organisation and Resources
Training
111. Risk Assessment
CONTROLS ASSURANCE
G Assurance
CONTROL MANAGEMENTGGG
R Onboarding
O
Client & Product Servicing First line
S
S
RESIDUAL
R Transaction Surveillance
Monitoring RISKS
I Customer Screening
S Transaction Screening Audit
K
CDD review
S
Risk assessment will act as basis for decisions on
AML strategy, priorities and resources
122. Customer Due Diligence
Indentify Screen Risk Risk Acceptance Periodic
and Rate Based Updates
Verify Extra
Due
Diligence
133. Transaction Monitoring
Establish expected transaction profile at CDD stage
Exception Reporting
Specialised Systems
Reporting and Disclosure
Intelligence and Analytics
Dynamic Re-Profiling
144. Training
Identify target population
Align to role, product, business
E - Learning
Classroom based
Testing and Tracking
155. AML intelligence and analytics is an area
of increasing focus
Identifying the facts to give a
clearer understanding of
money laundering risks and
providing the knowledge
Optimising
required to manage them.
Risk screening and
identification surveillance
systems
Analytics can significantly
improve the ability to provide
better focused, better
AML analytics and informed and actionable
intelligence: data-driven
decision making intelligence to manage risks
associated with money
laundering.
166. Governance and Assurance
Oversight by senior management – to ensure:
AML controls are operating effectively
The Programme is aligned with relevant regulations
The Programme is Resourced and funded
There is future strategy in place
That strategy is aligned with evolving best practice
It is appropriately resourced and funded
17SESSION 3
Customer Due Diligence
John Gibson
Regional Head of
Financial Crime Compliance
Wholesale Banking
Middle East, Africa, Pakistan and Europe
18Customer Due Diligence (CDD) /
Know Your Customer (KYC)
WHY IS IT IMPORTANT ?
Regulatory Requirement
Reputational Risk
Operational Risk
It’s the right thing to do
It’s a key control in combating money laundering and terrorist financing
CORE PRINCIPLES
Compliance with the relevant AML laws
Top management commitment
Clear accountabilities & robust controls
Risk based
Awareness & culture building
19Customer Due Diligence (CDD) /
Know Your Customer (KYC)
What does CDD mean?
+ Who is the customer?
+ What do they do?
+ Where do they do it?
+ When do they do it?
+ Why do they do it?
+ How do they do it?
= Does it all add up?
20Customer Due Diligence (CDD) /
Know Your Customer (KYC)
Who is the customer? Determine the true identity and
beneficial ownership of accounts
Individual Entity
• Full legal name • Full legal name
• Residential address • Registered & operating address
• Telephone number(s) • Telephone number(s)
• Date of birth • Incorporation or registration details
• Nationality • Owners and controllers details (keep
unwrapping the layers as entities and
• Unique identifier (passport number, ID individuals)
card, driving license, etc) • Who are they connected to?
• Who are they connected to? • Who are their customers, suppliers, etc?
• Retain evidence • Retain evidence
• Keep up to date • Keep up to date
21Customer Due Diligence (CDD) /
Know Your Customer (KYC)
What do they do? Understanding the customer is key
What is the account to be used for?
What activity is expected? (personal account with salary in and
payments out, savings account, business account, etc)
What monies are expected to come into / go out of the account
What products / services are needed?
If business, what kind of business activity are they involved in? Are
any of these high risk?
22Customer Due Diligence (CDD) /
Know Your Customer (KYC)
Where do they do it?
Where is the customer based?
Where are they from?
Where are they operating?
Where are they transacting with?
Where is their income from?
When do they do it?
When are transactions expected?
Salaries? Monthly, weekly, etc?
Bonuses
Regular payments
Seasonal business
23Customer Due Diligence (CDD) /
Know Your Customer (KYC)
Why do they do it?
Why does the customer want a specific product or set of products?
Why is a company structured the way it is?
How do they do it?
How will payments be made?
How will payments be received?
24Customer Due Diligence (CDD) /
Know Your Customer (KYC)
Does it all add up?
Does the information given make sense?
Can it be corroborated?
Does documentary evidence confirm it?
Is it in line with previous experiences or similar customers?
Ask yourself – would you give them your own money?
25Customer Due Diligence (CDD) /
Know Your Customer (KYC)
Customer due diligence never ceases
Rolling plan required to constantly keep due diligence updated
Every customer touch-point is an opportunity to confirm due
diligence is still up to date, however practicality suggests mix
periodical reviews with certain event based reviews, e.g.
Material change to customer, such as change of name, address,
business line, employer, etc
Change in products, perhaps from
standard product to higher risk products,
such as financial trade instruments
Sudden change in transactional
business through account Ongoing
New information come to light,
such as a link to a PEP
Etc.
26Customer Due Diligence (CDD) /
Know Your Customer (KYC)
Example 1
Personal account for single mother in UK
Current Account only, to be used for state benefits coming in, cash
out, and payments for utilities, etc
Mobile telephone number given
Red flag – the same mobile number was found on 18 different
individual current accounts
Result – the woman was found to be committing benefit fraud with
multiple fictitious names
Morale – Not everyone is who they say they are
27Customer Due Diligence (CDD) /
Know Your Customer (KYC)
Example 2
Business account gold bullion trader in Europe
Only required current account and trade instruments
Customer needed account only for one major transaction with one country
Purpose was to assist Malaysian government to offload some of its gold
reserves
Expected volume of activity was Letters of Credit in and out to the value of
$6 billion
Red flag – the entire gold reserves of Malaysia at the time were
worth only a quarter of this amount
Result – the business was found to have been duped into believing
there was a legitimate deal, when in fact it turned out to be a
massive money laundering scheme
Morale – If it sounds too good to be true, it probably is
28Customer Due Diligence cont.
Presenter:
Wesley Tam
Head of Anti-Money Laundering, AsiaKnow Your Customer / Customer Due Diligence
KYC/CDD Requirements Group AML Policy remains at a high level Local AML Policy are more specific Main distribution models for insurance: 1. Tied agency 2. Bancassurance 3. Direct marketing 4. Brokers 5. Corporate agency
KYC/CDD Requirements (cont’d)
Tied Agency (Face-to-Face)
KYC/CDD standards
Full compliance with local laws
Adopt a higher standard (if Group requirements are more stringent)
KYC/CDD documents are obtained directly from customers
Sanctions screening is performed on a daily basis
Periodic re-screening is performed
KYC/CDD documents are retained according to the local AML
requirementsKYC/CDD Requirements (cont’d)
Bancassurance (Face-to-Face)
Full compliance with local laws
Reliance is placed upon business partners
Business Agreement, Reliance Letter and/or AML Questionnaire
are in place
KYC/CDD documents obtained by either bank/Prudential staff
KYC/CDD documents are usually disseminated to Prudential; or
disseminated to Prudential upon specific request
Sanctions screening (including re-screening) is performed by both
the bank and Prudential
KYC/CDD documents are retained according to the local AML
requirementsKYC/CDD Requirements (cont’d)
Direct Marketing/Telemarketing (non Face-to-Face)
Full compliance with local laws
KYC/CDD documents are obtained either during customer take on
or must be obtained prior to any payout
Sanctions screening (including re-screening) is performed by
Prudential before any payout
KYC/CDD documents are retained according to the local AML
requirementsKYC/CDD - Rules of Thumb Local Units must comply with all local AML laws and regulations When local laws conflict with Group requirements, the more stringent or higher standard will apply In case a Local Unit cannot meet the minimum requirements of the Group AML Policy, an exemption should be applied PCA cannot grant exemptions if the Local Unit is in breach of any local AML legislations
KYC/CDD - The Principles We Follow Not to enter into or maintain relationships with customers whose conduct gives rise to suspicion of involvement in illegal activities Seek to terminate any customer relationship where the customers’ conduct gives reasonable cause to believe or suspect involvement in illegal activities Before doing business with any prospective customer, all Local Units must obtain appropriate CDD information to ensure that we know with whom we are doing business Enhanced Due Diligence (“EDD”) applied on a risk-sensitive basis in any situation which presents a higher risk
Samples of Minimum Customer Information Requirements
Timing Customer Information to be collected, verified and retained
When business Including, but not limited to:
relations are
established • Full name
• Unique identification number
• Residential address, registered or business address and contact
telephone number(s)
• Date of birth, incorporation or registration
• Nationality or place of incorporation or registration
• Directors (if a company)
• Partners (if a partnership)
• Persons with executive authority
Periodically Ensure it is kept up-to-date, especially for higher risk customers
For XX years Keep the customer identification information and other documents
following the relating to the establishment of business relations, as well as policy
termination of files and business correspondence
business relationsQuestions?
SESSION 4
Transaction Monitoring
John Gibson
Regional Head of
Financial Crime Compliance
Wholesale Banking
Middle East, Africa, Pakistan and Europe
39Transaction Monitoring
WHY IS IT IMPORTANT ?
Regulatory Requirement
Reputational Risk
Operational Risk
It’s the right thing to do
It’s a key control in combating money laundering and terrorist financing
CORE PRINCIPLES
Compliance with the relevant AML laws
Automation
Clear rule based scenarios
Effective case management
Awareness & culture building – quick responses
40Transaction Monitoring
Overview
One of the keys to AML is effective and regular monitoring of
transactions
The purpose of this transaction monitoring is to be able to identify an
abnormal or unusual transaction
It is also used to maintain a watch on higher risk accounts
As it is a legal obligation to report suspicious activities, it is a vital
control to assisting an organisation in identifying such activity
With the large volumes of transactions going through any financial
institution it is impossible to rely on manually spotting these
However, automation should be considered as the last line of
defence. It will not pick up everything, and it will also pick up
transactions that turn out to be legitimate
Staff need to be encouraged to be vigilant as well – this does not
replace a staff member’s obligation, but acts as a safety net for the
organisation
41Transaction Monitoring
Expectations
Transaction monitoring requires rules; a set of variables designed to
alert when thresholds are crossed
An institution must regularly review the output of rules, and measure
their success
The purpose of variables is to allow an institution amend rules to
help reduce “false positives”
No system can capture every suspicious transaction
Systems will generate alerts that then need to be reviewed
The majority of these alerts will in all likelihood turn out not to be
suspicious (“false positives”)
Rules should be based on industry standards, regional intelligence,
and a banks own experiences
42Transaction Monitoring
Sample Rules
Monies coming into the account far exceed what has come in
previously in a similar month, or over a period
Monies come into an account, and within short period, majority has
gone straight back out
Large volume of inwards and outwards traffic
Large volumes or values of cross border payments for mainly local
companies
Transfers to and from higher risk countries
Values just below certain internal or external thresholds
Round figure amounts
Large number of refunds
etc
43Transaction Monitoring
Specific Example of Variables
Where incoming funds is greater than 150% of incoming funds via
electronic means in the previous 1 month
This sample rule could be used to look for accounts with a sudden
increase in volumes of deposits. The areas in red are variables.
Reviews of the alerts generated by this rule may suggest :
150% is too high, and that no alerts are generated at this setting, whereas setting
it at 105% is too low, and it generates too many alerts to be reviewed
The focus on electronic means may miss out cash transactions coming into an
account, but the inclusion of cash may result in amounts being very varied,
resulting in too many alerts
In the previous 1 month may suit personal accounts which are salaried, but for
business accounts, where turnover may not be as similar each month, it may be
beneficial to set at previous 12 months
44Transaction Monitoring
Transaction Monitoring never ceases
It will be run constantly, although
various different rules may be set to
run daily, weekly or monthly Ongoing
Every alert must be reviewed
Requires a collaborative approach –
often best to utilise designated team to
review alerts, however, they will not have
specific knowledge of customers. Therefore vital that they reach
out to specific branch or employee who has most knowledge of a
customer, as they may be aware of a reason behind something that a
system may view as suspicious
In these scenarios, quick responses are essential
45Transaction Monitoring
Example 1
Business account in Germany
Manufacturer of religious items
Alert – Sudden increase of turnover, threefold, compared with
previous four months
Result – the customer was legitimate. The keystone of the
customer’s business was the sale of good relating to Christmas.
Large orders would com in around June / July / August to ensure
retailers had their supplies in time for the run up to December
Morale – Not every alert is suspicious; good due diligence up front
will save a large amount of effort at the back end
46Transaction Monitoring
Example 2
Business account in Nigeria
Main supplier in UK
Alert – large volumes of payments received back from main supplier
Result – the customer was overpaying the supplier in the UK in
exchange for a rebate. They were sent the overpayment back, plus a
further small discount for their trouble. The UK supplier was then
sending refunds back using drug money. The refunds were used to
disguise the illicit money from the UK as appearing legitimate, being
linked to an actual business transaction, and the legitimate funds
from Nigeria were used to disguise the criminal funds in the UK.
Morale – Know your customer’s customer
47Transaction Monitoring Cont.
Presenter:
Wesley Tam
- Head of Anti-Money Laundering, AsiaSuspicious Transaction Monitoring
Suspicious Transaction Monitoring
If a financial institution (“FI”) suspects or has reasonable
grounds to suspect that funds are the proceeds of a criminal
activity, or are related to terrorist financing, it should report its
suspicions to the applicable Financial Intelligence Unit or local
authority
An STR is a way of alerting authorities to the possibility that a
particular transaction could involve money laundering or
terrorist financing and should be investigated
In most cases, the reporting FI will not have evidence that the
transaction represents the proceeds of crime
Most likely, the FI will not be aware of the source of funds or the
reason for the transaction and cannot inquire of the customer
without the risk of tipping-off the customer
In these cases the FI should submit an STR and leave it to the
authorities to further investigateSuspicious Transaction Monitoring (cont’d) When filing suspicious transaction reports (“STRs”), FIs should not, under any circumstances, notify a customer that his/her behaviour has been reported to the authority “Safe harbour” laws help to encourage FIs to report all suspicious transactions. Such laws protect FIs and employees from criminal and civil liability when reporting suspicious transactions to competent authorities in good faith
Regional Requirements
Standard Transaction Monitoring
Review of red flags for ALL customers
1 to 3 monthly basis
Review ALL transactions for the previous 6 months at least
Special Monitoring of Medium / High Risk Customers
Review of transactions for ALL medium / high risk customers
despite hitting red flags or not
Review ALL transactions monthly (on a 6 month rolling cycle at
least)Red Flags
No apparent purpose or which make no obvious economic sense
Incompatible with the normal activities of the customer
Not commensurate with the customer’s apparent financial means
Overpayment of premium by a customer without apparent cause
Transfers to and from high-risk jurisdictions without reasonable
explanation
Structured just below a regulatory reporting
or identification thresholdRed Flags (cont’d) Unusual number of new (and cancelled) business (NTU) and/or withdrawal (and partial withdrawal) transactions over a short period of time Agents who have consistently high activity levels of single premium business far in excess of any average company expectation Unusual sources of funds or income Unusual number of policy loans
CASE STUDIES
Case Study 1
Profile of a Policyholder Policy Details
• Traditional Endowment
• Annual Premium : $200,000
• Bank Transfer lump sum of
$1,000,000 for 5 years
advance premium payment
No reason given
NTU
- Age 53, Female Within 1 week full
- Declared Occupation: refund
Business owner Source of funds
- Annual declared income:
$36,000 Premium payable does not commensurate
with declared income
Cancellation with no purpose / reasonCase Study 1 (cont’d)
The policy was escalated by the Operation Team
Due to the premium amount refunded exceeded the
pre-defined reporting threshold
STR raised to local authority
Tagged for continuous monitoring on customer’s
portfolio.Case Study 2
Abnormal Transaction Pattern
Self and Family Policies
by a high performing agent
Policy Holder A
Prudential
Policy Holder B
Policy Loan /
FC Policy Surrendered
Policy Holder C
..
.
Secretary A Secretary B 20 policyholders with 64
high premium contracts Frequent policy loans are
One of agent’s personal taken out
secretaries is from Policyholders include
agent’s family, Frequent policies
National Tax Service cancellation
Secretaries' salary is 5 secretaries, and
times higher than market secretaries’ family
averageCase Study 2 (cont’d)
It is “POSSIBLE” that…
1. The agent and his family/secretaries are involved in money-laundering.
Given that 1) purchasing high premium policies, 2) drawing policy loans and 3) frequent
surrendering of premium, we felt suspicious for money laundering and agent being a front
person of money-laundering for 3rd parties
OR
2. Agent is making these transactions in order to achieve sales target and
maintain ‘top agent status’ thus enjoying various benefits.
There is a high chance that premiums are
paid by the agent himself for those policies
of his and secretaries’ relatives.Case Study 2 (cont’d)
This case was detected by these red flags:
① Surrender shortly after a series of loans
② Make repeated partial withdrawal and top-up in a short period
of time
③ Buy multiple policies in a short period of time
Collected various data &
analyzed transactions Even though the agent
is not with Prudential,
Reported the result to CEO his policies are being
and CAO closely monitor
Agent and his
customers are
filtered out due to Reported to FIU
suspicious CAO indirectly warned the
transactions agents for his abnormal
transactions Another report to FIU
has been filed on one of
his customer’s
Agent left Prudential for transaction for pattern ②
unknown reason aboveCase Study 3
Illegal Money Lender & Loan Shark
Illegal money lenders, are unlicensed (lending without a
credit license) and operate outside the law
Loan shark is a person or body that offers loans
at extremely high interest ratesCase Study 3 (cont’d)
Screening
Prudential
Premium
policyCase Study 3 (cont’d)
TWO MONTHS
LATER……Case
v Study 3 (cont’d)
Suspicious
System has detected and alerted for this
Transaction Found!! customer’s transaction due to:
1.Aggregate transactions amount over
threshold
Result 2. Money incoming and outgoing are not In
line with customer profession
3.Frequent cash withdrawal in a short
period of time
•Policyholder
avoid callsCase Study 3 (cont’d)
Customer Transaction
Summary
Cash withdrawal over the counter
Cash withdrawal after short period
Request of transfer to unknown 3rd partiesCase Study 3 (cont’d)
Actions On-site
Visit
Taken
The customer is an
illegal money lender
Terminate
policyCase Study 4
Abnormal high frequencies of policy
loans spotted from some
policyholders and agents via regular
transaction monitoring
Loan Repayments
Usually made on the
same day or within
just a few days
Loan Disbursements Prudential
Policy Holders
No cash involved. The majority of the loan
repayments were paid by policyholders’
credit cardsCase Study 4 (cont’d) Investigation confirmed that the purpose of such high frequency transactions was to earn bonus points from credit card; The case was promptly disclosed to local enforcement agency; and Prudential management have implemented measures to stop these abusing activities.
Questions?
SESSION 5
Effective Employee
Training and Awareness
John Gibson
Regional Head of
Financial Crime Compliance
Wholesale Banking
Middle East, Africa, Pakistan and Europe
70Effective Employee Training & Awareness
WHY IS IT IMPORTANT ?
Regulatory Requirement
Reputational Risk
Operational Risk
It’s the right thing to do
It’s a key control in combating money laundering and terrorist financing
CORE PRINCIPLES
Compliance with the relevant AML laws
Relevant and targeted
Tested to ensure effective knowledge transfer
Mandatory
Technical knowledge transfer as well as awareness &
culture building
71Effective Employee Training & Awareness
Overview
Bank staff are often the best control in the fight against money
laundering and terrorist financing
The purpose of training is to enable staff to be able to identify
suspicious activity
It is also used to embed awareness of money laundering in to
everyday activity
As it is a legal obligation to report suspicious activities, it is a vital
control to enable staff to meet their obligation
Like all training, it needs to be engaging – staff must remember the
key messages
It needs to be relevant, so consideration needs to be given to
multiple training materials to cover different aspects
72Effective Employee Training & Awareness
Challenges
It needs to be interesting and engaging
It needs to be cost effective
Consideration to method of delivery
Face to face more expensive, but better interaction
Paper based cheap to deliver, but difficult to record and retain
Online interactive, easier to deliver and record, but not as effective, and lose
value of discussion
One to one more focused, but in groups better discussion
The point is there is no one method that is best – consideration
should be given to use of more than one approach
It must be mandatory and it must be tested - this means pass mark
and fail mark
Everyone must have some sort of training
Re-sit for failure
What to do with repeat offenders
73Effective Employee Training & Awareness
Training Content
Understand the basics of money laundering
Understand the predicate offences
Understand the reasons behind money laundering and terrorist
financing, the scale of it, and the impact
Understand the basics of legislation, and the impact on the organization
as well as on themselves personally
Understand some key typologies, so as to be able to identify suspicious
activity
Understand the banks own controls and requirements to ensure they are
met
Understand what to do in the event that they find something suspicious
Understand what they can and cannot do once something has been
reported
74Effective Employee Training & Awareness
Training never ceases
It will be run continuously, giving staff reminders, and updating them
on new trends, regulations, typologies, etc.
It must be regularly reviewed to ensure it is up to date, relevant and
still effective
Requires a collaborative approach –
often best to utilise a mix of
designated training teams who
Ongoing
understand knowledge transfer,
with AML specialists, who can
ensure technical knowledge
is accurate.
75Effective Employee Training & Awareness
Example 1
Financial institution in the UK
Diverse range of products
11,000 staff - training adopted in a modular approach
Every staff member was given at least a basic training
A member of staff employed solely as a driver within the Asset
Finance Division was sent to repossess a vehicle
He found a number of chequebooks in different names in the back of
the car
Having completed a basic training, was unsure exactly what this
meant, but reckoned he should report it anyway, as it didn’t seem legal
Result - It turned out that the chequebooks were all forgeries, and the
previous hirer of the vehicle was involved in a major forgery ring
Morale – everyone in your organisation has the potential to see
something suspicious
76Effective Employee Training & Awareness
Example 2
Relationship manager in Pakistan
New to the organisation, and therefore had to complete training
Had been given a portfolio of existing customers
Highlighted that one of his customer files contained a note to say the
beneficial owner could not provide evidence of his ownership of the
company, as he was a taxpayer in another country, and therefore
didn’t want to pay more tax on this business in Pakistan
Having completed his training, he was now aware that tax evasion
was a predicate offence in Pakistan
Result – A Suspicious activity report was filed on the customer for
tax evasion
77Effective Employee Training & Awareness Cont.
Presenter:
Wesley Tam
- Head of Anti-Money Laundering, AsiaTraining
Induction and Refresher Training (Internal Staff members) Face-to-Face Computer Based Training Post-Training Assessment with a reasonable pass mark Mandatory training i.e. 100% attendance rate Human Resource Department to track attendance record for internal staff Disciplinary actions for non-attendance
Induction and Refresher Training (Agents) Face to Face Computer Based Training Paper Based Compact Disc Post-Training Assessment with a reasonable pass mark Mandatory training i.e. 100% attendance rate for active agents Agency to track attendance record for tied agents Disciplinary actions for non-attendance
SESSION 6
Governance, Assurance
and the Role of
Regulators
Mike Trigg
Group Financial Crime Risk Advisor
82Effective Governance
Oversight by senior management – to ensure:
the overall AML programme is operating effectively
the programme is aligned with relevant regulations
the programme is appropriately resourced and funded
there is future strategy in place
that strategy is aligned with evolving best practice
and it is appropriately resourced and funded
83Governance: setting priorities to deliver a clear Strategic
Objective
Develop an integrated Better integrate AML monitoring and intelligence outputs into customer management to drive
approach to the informed business decisions.
management of AML
enterprise-wide Use analytics to improve our ability to understand our risks and support controls.
Continue building Leverage technology and process design to upgrade customer due diligence in all business.
execution excellence in the
Integrate appropriate advice from the compliance function into customer due diligence.
businesses and
compliance Upgrade capabilities for surveillance and screening through technology and specialist skills.
Gain greater assurance that Understand and test the key controls across the three lines of defence.
controls are well designed
and operating effectively Have courageous conversations about the risks in the right governance forums.
Ensure staff have the Build a risk based approach to AML training for employees.
knowledge and awareness Better equip the compliance function to recognise AML risks.
to manage AML Learn from our experience and our peers to raise awareness.
Build reputation by Better communicate our policy and approach internally and with our regulators.
contributing to the
Contribute to the development of government policy and regulation for AML compliance.
reduction of crime through
spreading good practices Influence and spread industry best practices in our markets.
84Governance: strong oversight of the AML Programme
Board Board
Risk Committee Audit Committee
Group
Group Risk Committee
Group Financial Crime Risk
Committee
e.g. Wholesale Banking and Country
Business
Consumer Banking Risk
Committees Country AML Risk Committees 85
(CORCs)
e.g. Business Responsibility and
Reputational Risk Committees
Specialist forums e.g. CDD Working Group
85….and to build a culture of AML compliance
Top
Performance Supervisor
management Personal beliefs
Objectives behaviour and
behaviour and
communications
communications
Culture and
Employee Values of
behaviour the
organisation
Policies and Monitoring Disciplinary
Rewards Management
Procedures and assurance
Culture is shown through the aggregate behaviour of all employees
Need to align all influences on behaviour to achieve desired outcome
86Money Laundering Prevention Officer (MLPO)
Assist the Group CEO
Advise the Group Board
Report to senior management and Audit Committee
Set policies and standards
Identify/resolve significant breaches and regulatory issues
Foster good relations with the authorities
Liaise with Compliance, Audit and other control functions
Liaise with other Money Laundering Prevention Officers
87Assurance
Ensuring all the controls are operating effectively:
First Line: Business – Key Controls, Key Indicators,
Self Assessment
Second Line: Compliance Monitoring
Third Line: Internal Audit
88Role of Regulators
Define local requirements in accordance with international
standards
Work with local institutions to make the requirements
practical and appropriate to local risks and business practices
Partner institutions in effective implementation
Apply a risk based approach to AML supervision
Promote and support international access
Focus on combating financial crime!
89You can also read
