Anti-Money Laundering Handbook

Shared 1/18/2026•52 views

/ 1

Cheatsheet Content

### Introduction to Anti-Money Laundering (AML) This cheatsheet summarizes key aspects of anti-money laundering and terrorist financing, drawing from the "Handbook of Anti-Money Laundering" by Dennis Cox. It aims to provide financial crime experts and students with essential information on regulatory frameworks, detection, and prevention. ### What is Money Laundering? Money laundering (ML) is the process of disguising the origins of illegally obtained money so that it appears to have come from legitimate sources. Terrorist financing (TF) involves providing funds for terrorist acts or organizations. The definition of what constitutes an "illegal act" can vary between countries but generally includes: - Robbery or theft - Blackmail or extortion - Bribery and corruption - Piracy - Illegal pornography or sexual matters - People trafficking - Tax evasion #### The Three-Stage Process of Money Laundering 1. **Placement:** Initial entry of illicit funds into the financial system, often through cash-intensive businesses (e.g., launderettes, taxis, restaurants, casinos, antique dealers, property). - Can involve purchasing assets (paintings, antiques, cars, lottery tickets, premium bonds, commodities) and reselling them to make the funds appear legitimate. 2. **Layering:** Moving funds around to disguise their original source, making the audit trail complex. This often involves multiple transactions across different accounts and jurisdictions. 3. **Integration:** Reintroducing "cleaned" money into the mainstream economy, making it difficult to distinguish from legitimate funds. Common methods include: - Transferring money from shell banks to legitimate banks. - Using overvalued invoices for goods/services to move funds internationally. - Establishing anonymous companies to grant loans to oneself, claiming tax relief. - Using trading accounts for brokerage. - Canceling insurance policies after premium payment for laundered returns. - Selling acquired assets (e.g., property, sports cars, art) and receiving electronic payments. #### Primary Offences & Concerns - **Initial Drive:** Combatting narcotic-related criminal activity. - **Expansion:** Now includes terrorist financing and funds from any illegal act. - **Growth Industry:** Money laundering is seen as a "growth industry," leading to evolving regulatory structures and improved investigation quality. - **Taxation:** Tax evasion (illegal) is considered a predicate offense for ML. Tax avoidance (generally legal) is not, unless deemed abusive. ### Due Diligence (DD) The role of financial institutions is to be diligent and act on suspicion. #### 1.5 Due Diligence - **Customer Identification:** Properly identify customers and associates. - **Enhanced Due Diligence (EDD):** Required for high-risk relationships. - **Process:** - Identify customer/associate as appropriate for business. - Obtain information on people, companies, and source of funds (as required by local regulation). - Rely on staff vigilance and modeling approaches to identify suspicious accounts. - Conduct investigations without notifying the customer of suspicion. - **Ongoing Due Diligence:** Continuous monitoring to ensure activities are consistent with understanding of the customer and are not suspicious. This obligation continues throughout the customer relationship. #### Higher Risk Situations (from FATF Recommendations) - **Customer Risk Factors:** - Unusual business circumstances (e.g., significant unexplained geographic distance). - Non-resident customers. - Legal persons/arrangements as personal asset-holding vehicles. - Companies with nominee shareholders or bearer shares. - Cash-intensive businesses. - Unusual or excessively complex ownership structures. - **Country/Geographic Risk Factors:** - Countries with inadequate AML/CFT systems (identified by mutual evaluations). - Countries subject to sanctions/embargoes. - Countries with significant corruption or criminal activity. - Countries supporting terrorist activities or designated terrorist organizations. - **Product/Service/Transaction/Delivery Channel Risk Factors:** - Private banking. - Anonymous transactions (including cash). - Non-face-to-face relationships/transactions. - Payments from unknown/un-associated third parties. #### Types of Money Laundering - **Amateur:** Takes opportunities, leaves obvious causes for concern, easier to detect. - **Professional:** Exploits weaknesses in financial institution controls, much harder to identify. #### Businesses Abused by Money Launderers - Launderettes, newspaper sales, taxis, bars/restaurants, casinos, insurance, asset management, antiques, property. ### Suspicion and Reporting When suspicion is identified, it requires investigation and, if confirmed, reporting. #### 1.7 Suspicion and Reporting - **Investigation:** Financial institutions must investigate suspicions to ensure real grounds exist. - **Reporting:** Suspicion is reported to relevant authorities (e.g., Money Laundering Reporting Officer - MLRO) via a Suspicious Activity Report (SAR). - **Safe Harbour:** Submitting a SAR provides protection from prosecution for the financial institution. - **Tipping Off:** Prohibited disclosure of information about a SAR or investigation to the customer. #### 1.8 The Local Service Provider - Cash-based local service providers (plumbers, carpenters, taxi drivers) may under-report income for tax evasion. - Financial institutions are not expected to report these purely due to their cash nature, but clear suspicion requires reporting. #### 1.9 Licence Payments - Minor offences (e.g., driving without a license) are generally not considered money laundering unless directly linked to criminal proceeds. - Predicate offences vary by jurisdiction; awareness of local laws is crucial. ### UN Resolutions UN resolutions are referred to in FATF Recommendations. #### 5.1 Chapter VII of the UN Charter - Outlines the Security Council's ability to act on threats to world peace, breaches of peace, or acts of aggression. Article 39 specifically mentions maintaining or restoring international peace and security. #### 5.2 Resolution 1267 (1999) - Imposed a freezing order and condemned the Taliban. - Formed a Security Council Committee to report on effectiveness against the Taliban. - Sanctions were strengthened by subsequent resolutions (e.g., 1333, 1390, 1455, 1526, 1617, 1735, 1822, 1904, 1989) to apply to designated individuals and entities associated with Al-Qaida. - The Al-Qaida Sanctions List includes: 1. Individuals associated with Al-Qaida. 2. Entities and other groups/undertakings associated with Al-Qaida. #### 5.3 Resolution 1373 (2001) - Broader than 1267, covering all acts of terrorism and TF. - Requires states to: - Prevent and suppress TF. - Criminalize TF. - Freeze funds/assets of persons connected with terrorism without delay. - Refrain from supporting terrorist entities/persons. - Prevent commission of terrorist acts. - Deny safe haven to those who finance, plan, support, or commit terrorist acts. - Prevent use of national territories for terrorist acts against other states/citizens. - Ensure prosecution for TF. - Afford mutual legal assistance in criminal investigations/proceedings related to TF. - Prevent movement of terrorists/groups through effective border controls and identity document checks. ### The Wolfsberg Principles An association of global banks developing financial service industry standards for KYC, AML, and CTF. #### 8.1 Wolfsberg Standards - **Wolfsberg Anti-Money Laundering Principles for Private Banking (2000, revised 2002, 2012):** Guidelines for private banking. - **Statement on the Financing of Terrorism (2002):** Focus on TF. - **Wolfsberg Anti-Money Laundering Principles for Correspondent Banking (2002):** Guidelines for correspondent banking. - **Statement on Monitoring Screening and Searching (2003):** Guidelines for monitoring. - **Guidance on a Risk Based Approach for Managing Money Laundering Risks (2006):** Risk-based approach. - **AML Guidance for Mutual Funds and Other Pooled Investment Vehicles (2006):** Guidance for investment vehicles. - **FAQs on AML Issues (2006):** Covers Beneficial Ownership, PEPs, Intermediaries. - **Statement against Corruption (2007, revised 2011):** Efforts to combat corruption. - **Statement on Payment Message Standards (2007):** Transparency in international wire transfers. - **Guidance on Credit/Charge Card Issuing and Merchant Acquiring Activities (2009).** - **Guidance on Prepaid and Stored Value Cards (2011).** - **Guidance on Mobile and Internet Payment Services (MIPS) (2014):** Addresses new payment methods. #### 8.1.1 Wolfsberg Anti Money Laundering Principles for Correspondent Banking (2014) - **Responsibility & Oversight:** Senior management approval for relationships, independent review. - **Risk-Based Due Diligence:** Consider geographic risk, ownership structures, business, customer base, regulatory status, AML controls, shell banks. Client visits may be required. - **Enhanced Due Diligence:** Higher approval levels for high-risk relationships, annual review. #### 8.1.2 Wolfsberg Private Banking Principles – May 2012 - **Client Acceptance:** Only accept clients with legitimate source of wealth/funds. Primary responsibility lies with the private banker. - **Identification:** Establish identity of clients and beneficial owners before business relationships. Verify identity using official papers. - **Corporations, Partnerships, Foundations:** Verify existence and ownership structure. - **Intermediaries:** Due diligence on introducing and managing intermediaries. - **Powers of Attorney/Authorised Signers:** Understand relationships between signers and account holders. - **Walk-In Clients & Electronic Banking:** Higher due diligence for these relationships. - **Due Diligence Information:** Collect source of wealth, net worth, funding, account purpose, size, activity, occupation, business nature, third-party relationships, referral source. Corroborate with documentary evidence. - **Numbered/Alternate Name Accounts:** Permitted only if client identity and beneficial owner are established and subject to equal scrutiny as other accounts. Wire transfers must reflect true name. #### 8.1.3 Statement on Anti-Corruption - Bribery involves improper performance for advantage. - **Internal Measures:** Senior management commitment, risk assessment, clear policies, monitoring. - **Misuse of Financial System:** Funds can be collected/used for bribes, state assets misappropriated, transactions cleared. - **Risk-based Approach:** Services (e.g., private banking, project finance, retail banking) are assessed for vulnerability to abuse. - **Red Flags:** Substantial cash/wire transfers inconsistent with legitimate activity, offshore entities obscuring ownership, project payments to third parties with unclear roles. - **Multi-stakeholder Approach:** Collaboration between governments, international institutions, law enforcement, regulators, civil society, and private sector. #### 8.1.4 Wolfsberg Guidance on Mobile and Internet Payment Services (MIPS) - **Risk Factors:** Ability to transfer funds (domestically/internationally), speed of transfer, lack of audit trail, difficulty in aggregating transactions, lack of face-to-face contact, unverified identification, ability to reload/load with cash, ability to withdraw cash, alternative funding sources. - **AML Framework:** Risk-based approach. Identification/verification for high-risk propositions. Sanctions screening for high-risk. Appropriate due diligence for partners. - **Transaction Monitoring:** Unusual ATM usage, high value/volume payment activity, high velocity, high cash activity, MIPS usage in unexpected/high-risk countries, patterns related to typologies. ### The UK Regulatory Framework The UK has a comprehensive regulatory framework to combat money laundering and terrorist financing. #### 6.1 Background - **Evolution:** From Bank of England responsibility to broader financial services regulation (Financial Services Act 1986), then self-regulation, replaced by the Financial Services Authority (FSA). - **Current Structure:** Financial Services Act 2012 divided FSA into: - **Financial Conduct Authority (FCA):** Regulates financial services with focus on consumers and industry stability. - **Prudential Regulation Authority (PRA):** Part of Bank of England, responsible for prudential regulation of banks, building societies, credit unions, insurers, and major investment firms. #### 6.3 Financial Conduct Authority (FCA) Objectives - **Single Definitive Objective:** Ensuring relevant markets function well. - **Aspirational Objectives:** - **Integrity Objective:** Protecting and enhancing the integrity of the UK financial system (soundness, stability, resilience, not used for financial crime, orderly market operation, transparency). - **Protection of Consumers Objective:** Securing appropriate protection for consumers (considering risk, experience, needs for advice). - **Competition Objective:** Promoting effective competition in consumers' interests (needs of different consumers, ease of access, ease of changing providers, market entry, innovation). #### 6.4 Prudential Regulation Authority (PRA) Objectives - **Main Objective:** Promote safety and soundness of PRA-authorised persons to avoid adverse effect on UK financial system stability. - **Aspirational Objective:** - **Insurance Objective:** Contribute to appropriate protection for policyholders. #### 6.5 Enhancing Public Understanding of Financial Matters - Consumer Financial Education Body promotes understanding of financial matters and debt management. #### 6.6 Fit and Proper Person Rules - **General Prohibition:** No person may carry out regulated activity without being authorized or exempt. - **FCA Approval:** Individuals working for firms must be "fit and proper" based on: - Honesty, integrity, and reputation. - Competence and capacity. - Financial soundness. - JMLSG regulations are adopted as best practice within the FCA rule book. #### 6.7 FCA Regulation and Money Laundering Deterrence - **FCA Regard:** Efficient use of resources, proportionality of burdens, sustainable economic growth, consumer responsibility, senior management accountability, regulatory differences, transparency. - **SYSC Rules:** Outline FCA requirements for AML. - Firms must establish/maintain effective systems and controls to counter financial crime risk, proportional to activities. - Regular assessments of adequacy. - FCA considers whether firm followed JMLSG guidance. - **Systems & Controls:** Must include: - Appropriate training. - Information provision to governing body/senior management (MLRO report). - Documentation of risk-management policies. - Incorporation of ML risk into day-to-day operations (new products, customers). - Procedures for new customers to avoid unreasonable denial of access. - **MLRO:** Director or senior manager with overall responsibility for AML systems/controls. Must be independent, have authority, resources, and be based in the UK. #### 6.8 The Proceeds of Crime Act 2002 (POCA) - Consolidates/extends UK legislation on money laundering. Covers all crimes, no de minimis. - **Objectives:** 1. Establishes Assets Recovery Agency to recover criminal assets. 2. Creates five investigative powers for law enforcement: production order, search/seizure order, disclosure order, customer information order, account-monitoring order. 3. Establishes criminal offences: acquiring/using/possessing/concealing/disguising/converting/transferring criminal property; failing to report suspicion; tipping off; destroying documents; false statements. - **Penalties:** - Money laundering: 14 years imprisonment and/or unlimited fine. - Failing to report/tipping off: 5 years imprisonment and/or unlimited fine. - Destroying documents: 5 years imprisonment and/or unlimited fine. #### 6.9 Terrorism Act 2000, and the Anti-Terrorism Crime and Security Act 2001 - **Terrorism Act 2000:** Establishes offences related to facilitating, raising, or using funds for terrorist purposes. - Criminal offences: failure to report terrorist property, tipping off, involvement in arrangements to facilitate retention/control of terrorist property. - Penalties consistent with POCA (e.g., 5 years for failure to report, 14 years for actual ML). - **Anti-Terrorism Crime and Security Act 2001:** Powers to seize terrorist cash, freeze assets, direct firms to provide customer information. #### 6.10 Money Laundering Regulations 2007 (UK) - Specify arrangements for firms to prevent ML/TF. - **Scope:** Regulated activities of financial sector firms (banks, credit institutions, electronic money issuers, insurance companies, bureaux de change, trust/company service providers, high-value goods dealers, lawyers/accountants). - **Key Requirements:** Adequate policies/procedures covering: - Customer due diligence, reporting, record-keeping, internal control, risk assessment/management, compliance management, communications. ### How Money-Laundering-Deterrence Regulations are Applied in the UK – The Joint Money Laundering Steering Group (JMLSG) JMLSG provides main regulatory guidance in the UK. #### 7.1 Membership - Composed of leading UK trade associations in financial services (e.g., British Bankers' Association). - Guidance is approved by HM Treasury and considered by UK courts. Adherence demonstrates compliance with FCA/PRA rules. #### 7.2 The Risk-Based Approach - JMLSG guidance emphasizes a risk-based approach to focus resources on highest ML/TF risks. - **Includes:** - Senior management roles (MLRO). - Formally documented policies/procedures. - Identification of low-risk and high-risk clients. #### 7.3 The Regulatory Framework - JMLSG guidance has been revised to reflect POCA 2002 and Money Laundering Regulations 2007 (implementing EU Third ML Directive). - **Purpose:** Outline legal/regulatory framework, interpret laws, indicate good industry practice, assist firms in designing systems/controls. #### 7.3.1 Credit Cards - **Risks:** Initial fraud risk, but criminal property from fraud is also ML. Source of repayment is key risk factor (third-party payments, cash). - **Mitigation:** Credit checks, monitoring repayment sources. #### 7.3.2 Electronic Money - **Definition:** Electronically stored monetary value for payment transactions. - **Risks:** Susceptible to ML/TF. Low-value e-money is less attractive to launderers. For TF, it can be more accountable than cash. - **Increased Risk Factors:** High/no transaction/purse limits, frequent cross-border transactions, merchant activity (betting/gaming), funding by unverified parties/cash, non-face-to-face nature, business value chain segmentation, new technology. - **Systems/Controls:** Limits on storage/turnover, detection of ML patterns, identification of multiple purses/accounts, detection of accounts with different issuers. - Can provide additional transaction information to law enforcement. #### 7.3.3 Wealth Management - **Definition:** Banking/investment services for high-net-worth clients, bespoke products, international facilities (current accounts, high-value transactions, sophisticated products, offshore entities, trusts). - **Vulnerability:** Complex products/services, international operations, reputable environment, high-value transactions. - **Risk Factors:** Reluctant/unwilling clients, high public profile, multiple/complex accounts, confidentiality cultures, concealment (offshore trusts/shell companies), banking secrecy in some countries, rapid fund movements, concentration accounts. - **Mitigation:** Standard identification, understanding client's wealth/income source, business nature, transactions, structures, purpose of complex structures. Client visits and documentation. #### 7.3.4 General Insurers - **Considerations:** Internal policies/procedures, communication to staff, clear procedures for suspicious activities, guidance on "tipping off," reporting failures, short reporting lines, record-keeping, screening, training, compliance testing. #### 7.3.5 Execution-only Stockbrokers (ExOs) - **Characteristics:** High volume/low value or high net worth. No advice, little knowledge of motives. Customers spread activities across brokers. Non-face-to-face. - **Risk:** Lower than other financial products, but not as low as investment management. #### 7.3.6 Asset Finance - **Nature:** Monies paid to supplier, not customer. Repayments by direct debit. - **ML Risk:** Low inherent risk. Overpayment/accelerated repayments are key risks. - **Mitigation:** Full credit searches, additional identity verification. #### 7.3.7 Corporate Finance - **Involvement:** Layering or integration stages of ML. Can involve concealment, use/possession of criminal property, TF. - **Risks:** Transfer of assets between parties, securities/corporate instruments. Less transparency in ownership (trusts, SPVs), less independent verification. - **Mitigation:** Enhanced due diligence for complex structures, verification of beneficial owners, understanding associations. #### 7.3.8 Trade Finance - **Risks:** Legitimate transactions/documents used to disguise fund movement, non-existent/fraudulent goods. Parties in league to disguise true nature. - **Techniques:** Over-invoicing, under-invoicing, multiple invoicing, short shipping, over-shipping, deliberate obfuscation of goods, phantom shipping. - **Mitigation:** Due diligence on parties, frequency of trade, business relationships, checking warning notices, external validation services, source of goods/prices, relationship meetings, corroboration from other group resources, verification of shipments. #### 7.3.9 Correspondent Banking - **Characteristics:** Correspondent has no direct relationship with underlying parties, limited info on transactions. Non-face-to-face. - **Risk:** High risk for ML/TF. Allows other firms with inadequate AML/CFT systems access to international banking. - **Risk Indicators:** Respondent's domicile (weak regulatory controls, corruption, high-risk jurisdictions), ownership/management structures (lack of transparency, PEP involvement), business/customer base (vulnerable segments), downstream clearing. - **Mitigation:** Enhanced due diligence, senior management approval, documentation of responsibilities, no shell banks. #### 7.3.10 Wholesale Markets - **Characteristics:** Traded products on regulated markets or between regulated parties. Rapid/opaque transfer of ownership, changing asset nature, extended audit trail, diverse customer base. - **Risks:** Cash/third-party payments. - **Mitigation:** No cash deposits or personal accounts for money transmission. Monitoring customer requests for third-party payments. Risk-based approach for margin/option premium payments. ### Risk Management and ML Deterrence Financial crime poses a significant risk and requires robust risk management. #### 11.1 The Risks within Money-Laundering Deterrence - **High Priority:** Regulators and board prioritize financial crime. - **Risk Management:** Needs risk identification and appetite. Effective training and KYC are key. - **Firm Risks:** From illegal events and how the firm handles them. - **High-Risk Business Types:** Regularly receive funds from high-risk jurisdictions, accept significant cash, deal with remote customers. Requires EDD and ongoing monitoring. - **Common Problems (FSA, 2012):** Failure to identify PEP accounts, failure to conduct EDD on high-risk accounts, inadequate challenge from staff, accepting customers despite criminal activity allegations. #### 11.1.1 Regulatory Risk - **Definition:** Generally part of operational risk, but often managed separately. - **MLRO Role:** Ensure firm has policies/procedures to meet local and international regulatory expectations. Not responsible for actual ML/TF, but for ensuring staff training and complaint investigation/reporting. - **Management:** Access to lists of high-risk customers, sanctions, PEPs. System to implement changes in rules/regulations. #### 11.1.2 Reputational Risk - **Importance:** Central to a firm's success. Failure to protect against unscrupulous individuals significantly impacts reputation. - **Ownership:** Often unclear, usually a consequence of another risk. Can arise from electronic media rumors. - **Case Study (HSBC, 2012):** Fined $1.9 billion for ML failures, admitting poor controls. Mexican affiliate not treated as high-risk, $7 billion in bank notes moved without suspicion, circumventing safeguards, clearing suspicious traveler's cheques. - **Mitigation:** Adequate KYC, testing validity of customer information, no relationship is worth the firm's reputation. #### 11.1.3 Operational Risk - **Definition:** Risk of loss from inadequate or failed internal processes, people, systems, or external events. - **Impact:** Failure to adhere to policies/procedures can lead to regulatory penalties and reputational damage. - **Monitoring:** KYC processes and reporting of concerns. - **Investigation Trail:** Detailed record of investigations, actions, and decisions for safe harbour. - **Penalties:** Increasing globally. UK example: £140,000 fine for foreign exchange provider, £14,000 for MLRO for inadequate AML systems/controls. ### The Role of the Money Laundering Reporting Officer (MLRO) The MLRO is a key individual responsible for AML/CTF compliance. #### 12.1 What is an MLRO? - **International Requirement:** Global AML regulations require local jurisdictions to implement rules. A responsible individual (MLRO) is usually appointed. - **Key Responsibilities:** First point of contact for ML/TF issues, strategic decisions, managerial responsibility for ML regulation. - **Accountability:** Fines for insufficient performance. Board retains ultimate responsibility for business direction. - **Conflict of Interest:** MLRO must report conflicts between executive management and their obligations to authorities. - **Regulatory Importance:** Regulators emphasize appropriate controls. Failure can lead to fines (e.g., Habib Bank AG Zurich, £525,000 to firm, £17,500 to MLRO). - **High-Risk Countries:** MLRO must ensure due diligence accounts for all available evidence and regulatory expectations, not just local knowledge. #### 12.2 Who Can Be Appointed as an MLRO? - **Seniority:** Normally a senior management position due to investigation of sensitive subjects. - **Resources:** Must have sufficient resources, time, and support staff. - **Independence:** Role can be combined with Compliance Officer but not Head of Internal Audit. Ideally, role is minimally client-facing. - **Small Companies:** May outsource some MLRO work to maintain independence. #### 12.3 The Role of the Money Laundering Reporting Officer - **Oversight:** Responsible for implementing AML/TF strategies. - **Key Elements:** - Strategic decisions on suspicious activity. - Internal reporting. - Reporting to regulatory authorities. - Awareness/training for staff. - Monitoring AML policies. - Annual report on AML activity. - Liaison with regulators. #### 12.3.1 The Safe Harbour and its Limitations - **Protection:** Local legislation protects MLROs, allowing them to override customer confidentiality for reporting. - **Diligence:** MLRO must demonstrate due care and attention to obtain protection from prosecution. Documentation is key. #### 12.3.2 Matrix Management - **Reporting Suspicions:** MLRO ensures procedures for reporting to authorities. May delegate to deputy. - **Confidentiality:** Minimize people involved in reporting to prevent tipping off. - **Large Corporations:** Dual notification systems for high volume of suspicions. - **Alternative Contact:** For small companies, alternative notifying officer from non-client-facing role. #### 12.3.3 What is an MLRO's Internal Reporting Procedure? - **Reporting:** All suspicions to MLRO/deputy MLRO. Direct and timely. - **Documentation:** Full documentation of date, time, staff name, position, role. - **Initial Report:** Details of customer, suspicion. MLRO acknowledges receipt, instructs staff not to tip off. - **Internal Enquiries:** Documented. Used to confirm/reject suspicion, support decisions, provide defence. - **Ongoing Reporting:** All subsequent suspicious activity reported until suspicion cleared. #### 12.3.4 What is Contained in the MLRO's Annual Report? - **Purpose:** Focus on specific outcomes, assess effectiveness of AML/TF systems, make recommendations. - **Benefit:** Documents MLRO policies/procedures, identifies key issues for senior management. - **Content:** - Nominated Officer (MLRO) activities. - Demarcation of responsibilities. - MLRO functions (restrictions, resources, access to information). - Staff training. - Documentation of policies/risk assessments. - New products (susceptibility to ML/TF). - Financial exclusions (risk of excluding customer groups). - Monitoring effectiveness of systems/controls (nature of systems, recommendations). - Summary of business areas (susceptibility to criminal elements). - Customers and CDD processes (customer base, PEP policies, sanctions compliance, identification verification, high-risk customers, KYC implementation, transaction monitoring, product range, geographical risks). - Overall assessment of systems and controls (comprehensiveness, regular review). ### Know Your Customer (KYC) KYC is fundamental to AML, requiring appropriate and adequate customer due diligence. #### 13.1 What is Know Your Customer? - **Purpose:** Understand the customer and their risks (ML/TF, profitability). - **Depth of Analysis:** Commensurate with risk. Not just accepting customer-provided information. - **Verification:** Independent sources for validation. - **Criminals:** Aware of rules, will exploit weaknesses. - **Local Requirements:** Vary (general understanding vs. detailed rules). - **UK Requirements:** Specific requirements for retail and corporate customers. #### 13.2 Why Should Firms Carry out KYC Requirements? - **Two Parts:** Identity verification and additional information based on risk. - **Objectives:** 1. Understand customer circumstances, business, source of funds/wealth. 2. Understand purpose of specific transactions. 3. Understand expected nature/level of transactions, ensure information is current/valid. - **Importance:** Adequate KYC prevents transactions/relationships with suspicious backgrounds. Failure to obtain sufficient detail means relationship should not be established. - **Tipping Off:** Customer should not be notified of ML concerns. #### 13.3 What Does KYC Involve? - **Identification:** Prescribed form (national ID, passport, driving license). - **Record Keeping:** Details recorded and kept for designated years (e.g., 5 years from transaction date, or after relationship ends). - **Local Rules:** Specific requirements vary. Face-to-face vs. non-face-to-face. #### 13.4 What Are the General Issues? ##### 13.4.1 Reluctance to Provide Information - Customers reluctant to provide information on activities/location/directors. - Could indicate ML, or just privacy concerns. Suspicion should be investigated. - Experienced launderers come prepared with perfect information. ##### 13.4.2 Conflicting Information - Incomplete, conflicting, or incongruous information from new personal customers. - Repeated problems or regular corrections raise awareness. - Perfect information from a customer can also be a cause for concern. ##### 13.4.3 Provision of Key Data - Customers not providing addresses/phone numbers or using serviced office addresses are high risk. - Firms must verify phone numbers, addresses, and conduct credit reference checks. ##### 13.4.4 Fraudulent Information - **Camouflage Passports:** Risks of non-existent country passports, often with matching documents. - **Verification:** Original passport must be seen. Date/time of receipt recorded. - **Forged Documents:** Easily available. Link face to name. - **Multiple Passports:** Some countries allow. Businessmen may have multiple for visa purposes. - **High-Risk Countries:** Passports may show travel to high-risk countries. ##### 13.4.5 Diplomatic Passports - Diplomatic passports from small/new countries pose risk. - Firm should evaluate consistency of details, appearance, and attitude. ##### 13.4.6 Financial Information - Review financial information for consistency with size and scope of activities. - Unusual activity (e.g., funds from new country) requires investigation. ##### 13.4.7 Too Fast - Rushing customers, multiple accounts/relationships opened by foreign nationals. - Requires EDD, even if it delays account opening. #### 13.5 Reliance on Third Parties - Historically, reliance on other banks/branches. Now considered inappropriate. - Each office should conduct its own due diligence. - **UK HM Treasury (2009):** Third parties meeting standards can be relied upon, but ultimate responsibility remains with the firm. Based on FATF recommendations. #### 13.6 The Third EC Directive – KYC Requirements - **Guidance:** Consolidated guidance for Member States. - **Procedures:** - Identify and verify customer identity (reliable, independent source). - Identify and verify beneficial owner (risk-based measures). - Obtain purpose/intended nature of business relationship. - Ongoing monitoring of transactions for consistency with knowledge of customer. #### 13.7 The UK KYC Requirements - **JMLSG Guidance:** Calls KYC as CDD. - **13.7.1 Required CDD:** When establishing business relationships, occasional transactions, suspicion of ML/TF, doubts about identification data. - **CDD Procedures:** - Identify/verify customer (reliable, independent source). - Identify/verify beneficial owner (risk-based measures, ownership/control structure). - Obtain purpose/intended nature of business relationship (inconsistent transactions). #### 13.7.2 Quality and Quantity of CDD - **Evidence:** Identity documents (passport, driving license) are key. Written assurances from trusted sources. - **Risk-Based:** Amount of information gathered depends on product/service, existing relationship, assurances from other firms, physical presence. #### 13.7.3 Documentary Evidence Used as Part of KYC - **Reliability:** Government documents are highest. - **Forged Documents:** Firms must be aware of forgery signs, take steps to establish if document is lost/stolen. ### Money Laundering Training Staff awareness and training are crucial for combating money laundering. #### 14.1 The Importance of Staff Awareness and Training - **Critical:** Staff must be trained on financial crime regulatory requirements, ML/TF. - **Purpose:** Alert staff to risks, well-trained in identifying unusual/suspicious activities. - **Scope:** All relevant employees, including temporary/contract staff. #### 14.2 The Core Obligations of Training - **Awareness:** - Risks of ML/TF, relevant legislation, obligations. - Identity and responsibilities of MLRO. - How ML crimes operate, how they appear in firm records. - What constitutes TF. - Legal position of firm and individuals. - Risk-based approach. #### 14.3 Legal and Regulatory Obligations - **Penalties:** Criminal penalties for staff for ML/TF involvement or failure to report. - **FCA Requirements:** Senior management must ensure employee awareness and training. - **FCA Suggestions:** Right level of competence, ongoing competence, appropriate supervision, regular review, MLRO appointment. - **FCA Guide (Financial Crime, A Guide for Firms, 2013):** Helpful materials for training. - **Self-Assessment Questions:** Vetting, employee awareness, training access, quality, tailoring, effectiveness, material relevance. - **Good Practice:** Thorough vetting for high-risk roles, tailored training, new staff training before client interaction, practical case studies, testing, clear whistleblowing procedures. - **Poor Practice:** Incompetent staff, one-off vetting, undue focus on legislation, outdated material, failure to identify needs, no tracking, lack of management sign-off, no whistleblowing/escalation. #### 14.4 Staff Responsibilities ##### 14.4.1 Senior Management - **Responsibility:** Ensure appropriate systems, monitoring, and reporting are in place. - **MLRO Training:** Provide guidance on responsibilities, identity of nominated officer/MLRO, potential effects of breaches. ##### 14.4.2 Staff - **Responsibilities:** Aware of anti-money-laundering procedures from start of employment. - **Offences:** Failure to report suspicions, tipping off, prejudicing investigation. #### 14.5 Internal Training Procedures - **Specialized Training:** Required for all employees, explaining how products/services can be used for ML/TF. - **Firm Procedures:** Explain firm's procedures for managing risks. - **Legal Liabilities:** Explain firm and employee liabilities. - **Importance:** Highlight importance of training, firm's risk of prosecution. - **Key Information:** What employees need to know for their role, what to do if suspicious. - **High-Risk Circumstances:** Awareness of particular circumstances/customers, additional verification work. - **Changing Behaviour:** Awareness of evolving ML/TF methods (FATF Guidance, NCA information, JMLSG case studies). #### 14.6 Training Methods and Assessment - **Variety:** Depends on firm's needs. Classroom-based for high-risk/specialist roles. - **Effectiveness:** Online training may be limited. Testing (e.g., multiple-choice questions) is crucial to ensure learning. - **Tailored Training:** More effective than generic materials. - **Ongoing:** Regular intervals, comprehensive records of who trained, when, effectiveness. ### Retail Customer Identification Identification procedures for private individuals. #### 15.1 Who Are Retail Customers? - **Definition:** Private individuals acting in their own capacity. - **Distinction:** Different from corporate customers, though some corporate relationships may require similar individual identification. - **Compliance:** Procedures must meet requirements of host and home regulatory regimes. - **Higher Standards:** Prudent to meet higher of home/host regulations. - **Complexity:** Individual forming a company blurs retail/corporate distinction. Focus on understanding customer activity. #### 15.2 Basic Retail Identification Evidence - **Key Information:** Full name, residential address, date of birth. - **Source:** Reliable and independent sources (government agencies). Photocopied documents generally not accepted unless authorized. - **Documents:** Passport, driving license, identity card, utility bill. At least one document with customer's face. - **Local Rules:** Specific requirements vary by location. Non-face-to-face customers pose challenges. #### 15.3 Documentary Verification - **Validation:** Conduct validation, especially for enhanced risk relationships. - **Highest Quality:** Government-issued documents. Awareness of forgery signs. - **Reasonable Confidence:** Evidence must provide reasonable confidence in identity. - **Government Documents:** Passport, driving license (with photo), national identity card (with photo). - **Other Documents:** Utility bills (for address verification). - **Face-to-Face:** Valid passport/photocard license with reasonable likeness. Perfect likeness can be suspicious. #### 15.4 Customer Exclusion - **Rules:** Specific rules on financial exclusion in most countries. - **Difficult Cases:** Street vendors without permanent address, illiterate. May accept symbol with additional procedures. - **Documentation:** Rules may require passport/driving license. Teenage customer example highlights ineffectiveness of rigid rules. - **UK Repeal:** Rigid documentation requirements for low-risk customers have been repealed. #### 15.5 Electronic Verification - **Purpose:** Electronic check using customer's name, address, date of birth (commercial agencies like Experian). - **Standard:** Must meet standard level of confirmation (e.g., match name/address/DOB, manual review for errors). - **Outsourcing:** Firms can delegate but not abrogate responsibility. Oversight required. #### 15.6 Impersonation Fraud - **Growing Problem:** Fastest growing fraud. - **Risks:** Fraud, reputational damage. Greater risk with electronic data for anti-fraud checks. - **Mitigation:** First payment through customer's name at regulated institution, verify identity with third-party sources, telephone contact, welcome call, direct mailing, clear/understood activation procedures. #### 15.7 Family Members - **General Rule:** No requirement to verify other family members, only customer. - **Increased Risk:** If spouse has ML/TF conviction, it's relevant. UN/EU notices refer to "associates." - **Additional Investigation:** If legal, economic linkage test for close relationships. #### 15.8 Transaction Monitoring - **Updating:** Varies by jurisdiction. Some require employer details for loans. - **UK:** No obligation to provide up-to-date info. Firms can't identify inappropriate transactions. #### 15.9 Source of Funds - **Requirement:** Firms generally record source of funds for deposits/repayments. - **Verification:** Rarely required to verify source. - **Launderers:** Will provide plausible explanations. - **Detection:** Vigilance for unusual patterns of behavior. Repeated "legacies" from same parent are suspicious. ### Corporate Customer Identification ##### 16.1 Who Is a Corporate Customer? - **Forms:** Listed companies, private limited companies, partnerships, trusts, charities. - **Listed Companies:** Lower risk due to market regulation, public disclosure, external audit. Still can be involved in inappropriate activity. - **Unlisted Securities:** Higher scrutiny for larger unlisted companies. - **Key Problem:** Publicly accessible information can be exploited by launderers to disguise illegal objectives. - **Family-Owned/Smaller Companies:** Limited independent verification. Bank needs to consider additional procedures. #### 16.2 Risks Associated with Corporate Customers - **Higher Risk:** Complex business structures, particularly those used to hide inappropriate activity (e.g., tax evasion, fraud). - **Control by Individuals:** Direct shareholding can give individuals significant control, overriding internal procedures. Lack of internal control is exploited by launderers. - **Mitigation:** Firm must verify legitimate commercial purpose for business structure. Investigate group structures and controlling relationships. Conduct enhanced due diligence for complex structures. - **Risk Assessment:** Assess high shareholder control on a risk-sensitive basis. #### 16.3 Beneficial Owners - **Definition:** Person who ultimately owns/controls (>25% shares/voting rights) or exercises control over management. Directors are not necessarily beneficial owners. - **Identification:** Key individuals within corporate structure. - **Verification:** Full retail-style identification may not be required. Signatories may be identified for risk transfer. #### 16.4 Standard Evidence for Corporate Entities - **Existence:** Confirmation of listing, company registry search, Certificate of Incorporation, documents forming entity, memorandum/articles of association. - **Identification Evidence:** Full name, registered number, registered office, business address. - **Private/Unlisted Companies:** Also require names of directors, individuals owning/controlling >25% shares/voting rights, or exercising management control. Information needs to be *provided*, not necessarily *verified*. - **Verification:** Internet, trade journals, registration bodies, telephone book, central registry. Firm must ensure company is who it claims to be. #### 16.5 Private and Unlisted Companies - **Lower Public Disclosure:** Less scrutiny than publicly quoted companies. - **Risk:** Vulnerable to money launderers. - **Mitigation:** Independent evidence to support identity. #### 16.6 Enhanced Due Diligence - **Requirement:** Undertaken if customer nature, business, location, product, or delivery channel indicates higher risk. - **Measures:** Request additional identity information. #### 16.7 Charities and Trusts - **Enhanced Risk:** High risk for ML/TF. - **Verification:** Deeds forming organization, objectives. - **Controllers:** Verify controllers, as beneficial owners are rare. - **UK Charities Commission:** Emphasizes awareness, proactive oversight, analysis of trends. - **Case Study (Nicaragua):** 18 Mexicans transporting $9.2 million of illegal funds, highlighting need to verify identity of those claiming to be from a firm. ### Politically Exposed Persons (PEPs) PEPs are individuals who hold prominent public functions and are considered high-risk. #### 17.1 What is a Politically Exposed Person? - **Definition:** High-risk category requiring enhanced due diligence due to vulnerability to corruption. - **Risks:** Facilitation payments, inappropriate commissions, absconding with government funds, biasing legislation. - **Scope:** Majority of PEPs are not engaged in illegal activity. EDD is commensurate with risk. - **Public Scrutiny:** Higher public scrutiny and reputational risk for financial institutions dealing with PEPs. - **Dynamic Status:** Individuals can become PEPs (e.g., elected officials) or cease to be PEPs. Continuous monitoring is essential. #### 17.2 The Definition of a Politically Exposed Person (PEP) - **UK Definition:** An individual who is or has been entrusted with prominent public functions, and their immediate family members or close associates. Includes those in states outside the UK, community institutions, or international bodies. - **Limitations:** Limited time after leaving office (e.g., one year in UK). - **Recommendation:** Use a wider definition, including those with significant influence. Implement policies to identify high-risk relationships regardless of PEP status. Regularly review former officials. #### 17.3 At What Level is Someone a PEP? - **Lower Levels:** Public functions at lower than national level may still pose political exposure (e.g., Mayor of a large city). - **Fraud at All Levels:** Fraud can occur at any level of public function. - **Risk-Based Approach:** Implement consistent modeling and criteria to establish PEP status. #### 17.4 Prominent Public Functions - **UK Regulations:** Include Heads of State/government, ministers, MPs, supreme court members, central bank boards, ambassadors, high-ranking armed forces officers, state-owned enterprise management. - **Case Study (South Africa, 2009):** 923 government officials involved in fraud, highlighting that local/provincial officials can be involved in inappropriate activity. - **Risk Strategy:** Banks analyze relationships in four groups: PEP accounts (local rules), high-risk accounts, standard risk accounts, low-risk accounts. #### 17.5 The Immediate Family Rules - **Inclusion:** Immediate family members of a PEP are included in additional monitoring (e.g., spouse, partner, children, parents). - **Rationale:** PEPs may transfer funds to family members or family members may exert undue influence. - **Scope:** Firms may extend definition beyond local requirements based on risk-based approach. #### 17.6 The Associate Rules - **Inclusion:** Associates of a PEP are included in enhanced ML/TF deterrence procedures. - **Definition:** Joint beneficial ownership of legal entity, close business relations, sole beneficial ownership for PEP's benefit. - **Information:** Firm only needs to consider information in its possession or publicly known. No active research presupposed. - **Risk-Based:** Implement risk-based approach for determining associates and conducting EDD. - **Case Study (UK, 2010):** Fraud involving council employee and businessmen, highlighting importance of identifying business associates. #### 17.7 What Is the Risk-Based Approach? - **No Single Definition:** Firms develop criteria based on local circumstances. - **Back-Testing:** Use known ML cases to test effectiveness of EDD procedures. - **Policies/Procedures:** - Risk-based procedures to determine PEP status. - Senior management approval for relationships. - Measures to establish source of wealth/funds. - Enhanced ongoing monitoring. #### 17.8 The Risk-Based Approach to Determining PEPs - **Focus:** Resources on high-risk products/transactions (e.g., cash-based, non-face-to-face). - **Identification:** Internet search, public reports, corruption risk indices (e.g., Transparency International Corruption Perceptions Index). - **Ongoing Status:** Alert to public information on changes in customer's political exposure. Regular reviews to identify newly elected PEPs. #### 17.9 Transparency International - **Organization:** Fights corruption, produces annual global corruption report (Corruption Perceptions Index). - **Definitions:** Defines political corruption as abuse of entrusted power for private gain (power, wealth, influence trading). - **Bribe Payers' Index:** Ranks likelihood of companies bribing abroad. - **Risk-Based Criteria:** List can help firms develop risk-based criteria. #### 17.10 The Global Nature of Corruption - **Ubiquitous:** Corruption exists globally. - **Case Study (China, 2012):** Township official appropriated funds, lent to developers, abused power. - **Financial Institution Role:** Conduct sufficient investigation and ongoing monitoring to provide evidence of adequate due diligence. ### Non-Face-to-Face Customers Transactions occurring without the customer being physically present are considered higher risk. #### 18.1 Who Are Non-Face-to-Face Customers? - **Examples:** Internet banking, telephone banking, credit cards, online share dealing. - **Increased Risk:** Primary identification (matching face to document) is absent. - **Jurisdictional Differences:** Some countries require branch visits for identity confirmation; others don't. - **Identification Fraud:** Still possible even with face-to-face. - **Aggravated Risks:** Ease of access, multiple fictitious applications, absence of physical documents, speed of transactions. #### 18.2 Additional Measures for Non-Face-to-Face Customers - **Policies/Procedures:** Firms need appropriate risk-based policies. - **Identification:** May involve documentation or independent data (e.g., electoral roll, credit reference). - **Payment Profile:** Understand customer's payment profile. First payment from customer's name at prime bank. - **Quality of Bank:** Assess quality of bank where account is placed. #### 18.3 Risk-Based Approach to Non-Face-to-Face Customers - **Extent of Measures:** Depends on product/service, ML risk. - **Wholesale Markets:** Customer often not present. Focus on verifying firm's identity and officer's authority. - **Avoiding Contact:** If customer avoids face-to-face contact, firm should have clear policy, possibly reject and report. #### 18.4 The Problems of Buying Online - **Online Fraud:** Cases of non-delivery, fake companies, phishing. - **Due Diligence:** Requires basic due diligence (e.g., calling numbers, checking for problems). - **Monitoring:** Monitor activity of companies with high online trading. #### 18.5 FATF Guidance - **Report (Money Laundering using New Payment Methods, 2010):** Highlights cases of concern. - **Internet Payment Methods:** Categorized into online banking, prepaid internet payment products, digital currencies. Displayed cases of ML through gift cards and prepaid phone cards. - **Red Flags:** Discrepancies in customer info, unusual volume of internet accounts, large/diverse source of funds, multiple reference bank accounts, third-party funding. ### Suspicious Conduct and Transactions Identifying, investigating, and reporting suspicious activities. #### 19.1 Introduction - **Suspicious Activity:** Difficult to define, but regulators expect firms to detect it. - **Detection:** Rules aim to identify patterns, but unscrupulous individuals find ways to avoid detection. - **Commonplace vs. Suspicious:** What's suspicious to one may be normal to another. - **Investigation:** Required for any suspicion. Must be documented. - **Protection:** Reporting protects the bank. Investigation must avoid tipping off. - **Criminal Offence:** Tipping off is a criminal offence. #### 19.2 What is a Suspicious Transaction? - **Indicators:** Potentially suspicious activities that warrant further investigation: - Numerous different accounts, frequent fund transfers among them. - Cash deposits/withdrawals in corporate accounts. - Customer not requesting cash when expected. - Unusual cash transactions (traveler's cheques, money orders). - Activity inconsistent with customer's profile (e.g., large deposits of cashier's cheques). - Large dollar transactions without explanation. - Accounts with little/no regular activity, used as temporary repository. - Numerous cash deposits followed by lump-sum wire transfer overseas (drug trafficking). - Account brought to bank from outside normal service area. - Corporate customer with large cash deposits but not using other banking services. - Retail business with numerous cheque deposits but rarely cash withdrawals. - Sudden/inconsistent changes in currency transaction patterns. - Inconsistent cash deposits/debits in business. - Sudden foreign currency transactions for non-international business. - Monetary instruments with incomplete/fictitious payees. - Transactions without commercial basis (unusual transfers between related accounts). - Business owner making several deposits same day using different branches. #### 19.3 Avoiding a National Reporting or Record-Keeping Requirement - **Red Flag:** Transactions structured to avoid reporting thresholds. - **Examples:** - Customer requesting exemption from policies. - Customer withholding part of currency deposit/withdrawal to stay below threshold. - Customer reluctant to provide information for mandatory reports. - Customer coercing employee not to file reports. - Customer avoiding face-to-face contact, using ATMs for deposits/withdrawals below threshold. - Customer reluctant to furnish identification for negotiable instruments. - **Mitigation:** Firms must create tailored lists of indicators. #### 19.4 Wire or Fund Transfers - **Risk:** Reduces review level, funds moved quickly. - **Examples:** - Wire transfer to/from financial secrecy havens without apparent business reason. - Periodic wire transfers from personal accounts to secrecy havens. - Large incoming wire transfers for foreign clients without explicit reason. - Large, round transaction amounts without explanation. - Funds transferred in/out same day/short period. - Payments/receipts without apparent links to legitimate contracts. - Transfers through multiple foreign/domestic banks without reason. - Unexplained repetitive/unusual activity. - Depositing funds into multiple small accounts, consolidating, then transferring overseas. - Instructions for incoming/outgoing wires of equal amounts from other sources. #### 19.5 Insufficient or Suspicious Information by a Customer - **Cause for Suspicion:** Customer provides data that makes no sense or is reluctant to provide information. - **Professional Launderers:** Have best quality documentation. - **Signs:** - Reluctance to provide business purpose, banking relationships, officer/director names, location. - Refusal for credit/banking services information. - Spike in activity without explanation. - Desire to open account without references/identification. - Unusual/suspicious identification documents. - Disconnected phone. - No employment record for loan. - Frequent/large transactions with no employment experience. - Background at variance with business. - Financial statements differ from similar businesses. #### 19.6 Other Suspicious Customer Activity - **Indicators:** - Substantial high-denomination deposits. - Mailing address outside normal jurisdiction. - Frequent exchanges of small for large currency. - CDs/investment used as loan collateral. - Large loan suddenly paid down without explanation. - Frequent deposits of strapped currency from other banks. - Disorganized/unbalanced strapped currency deposits. - Dirty bills. - Purchasing cashier's cheques/money orders/monetary instruments with large cash. - Professional service provider (lawyer, accountant, broker) making large cash deposits into client/in-house accounts. - Customer insisting on meeting outside business premises. - Domestic bank accounts (casa de cambio) with suspicious wire transfers/structured deposits. - Suspicious fund movements between banks. - Offshore companies requesting loans or using offshore banks as collateral. - Use of loan proceeds inconsistent with purpose. - Unbanked person purchasing monetary instrument with large bills. #### 19.7 The Role of Internal Audit - **Review:** Internal audit reviews firm's ML deterrence program. - **Purpose:** Ensure controls, compliance with jurisdiction, updated procedures. - **Assessment:** Monitoring procedures, software application, algorithms. - **Reporting:** All suspicious transactions reviewed, properly recorded. - **Staff Training:** Adequacy of training assessed. ### Unusual Transactions Staff accountability and guidance for detecting unusual transactions. #### 20.1 The Identification of Unusual Transactions - **Accountability:** Staff accountable for recognizing unusual transactions. - **Guidance:** Clear guidance needed for employees to detect unusual transactions. - **Investigation:** Unusual transactions trigger additional procedures, potentially leading to SAR. - **Employee Role:** Crucial for identifying suspicions. Requires training, role-plays. #### 20.2 The Development of Policy - **Clarity:** Policy must be easily understood, avoid jargon, be relevant, and consistent with authorities. - **Content:** What requirements must be complied with. #### 20.3 Money-Laundering Control - **Public Statement:** Institutions highlight importance of financial crime deterrence. - **Typical Policy:** Obligations for employees, info on non-consistent activities, breaking up amounts, transfer to private accounts, irregular transaction conditions, prevailing indicators. #### 20.4 Compliance Risk Management Training - **Public Statement:** Importance of training staff on systems and controls. - **Topics:** Legislative/regulatory requirements, money laundering, terrorist financing, market conduct, health/safety. - **Staff Skills:** Need to handle difficult customers, obtain information tactfully. - **Recording:** Record information without reacting, repeat to confirm accuracy. #### 20.5 The Types of Events that Might Cause Suspicion - **Non-Exhaustive List (JMLSG):** - Transactions with no apparent purpose/economic sense. - Unnecessarily complex transactions. - Use of non-resident accounts/structures without economic justification. - Transactions outside normal range for customer. - Dealing with customers not expected in that business area. - Transfers to/from high-risk jurisdictions without explanation. - Structured transactions below regulatory threshold. - Business relationship used for single/short-term transaction. - Funds routed through third-party accounts without legitimate purpose. - Unusual investment transactions without profitable motive. - **Relevance:** Examples must be tailored to business activity. #### 20.6 The Problems of Customer Identification - **Vigilance:** Employees must identify unusual behavior in customer identification. - **Concerns:** - Reluctance to provide information. - Unusual/complex legal/corporate structure. - Inconsistencies in info. - Vague/unusual address. - Opening account in wrong jurisdiction. - Inconsistent information with banking services. - Lack of supporting documentation. - Other banking/financial relationships. - Urgency to conclude arrangements. - Suggesting changes to avoid information provision. - **Skepticism:** Natural skepticism is key. Profitable customers can be launderers. - **Imperfect Documents:** Customers may have imperfect documents. #### 20.7 What Might Highlight Terrorist Activity? - **Indicators:** - Round sum deposits followed by same amount wire transfer. - Frequent international ATM activity. - Absence of known source of income. - Wire transfers/internet use to/from high-risk countries. - Frequent address changes. - Purchases of military items/technology. - Media reports on suspected terrorists. - **Objective:** Avoid undertaking such transactions. Front-line staff vigilance/training is paramount. - **Reputational Risk:** Banks included in prosecution cases can suffer reputational damage. ### Investigating Suspicions The process of investigating and reporting suspicious activities. #### 21.1 The Investigation Process - **Initiation:** Initial identification of suspicious transaction, staff report to officer. - **Investigation:** Firm determines if real suspicion exists, gathers information for FIU report, maintains evidence. - **Caution:** Conduct with care. Investigator safety, no tipping off. - **External Reports:** Submit SARs to reporting agency. Agency may request more info or freeze funds. - **Delays:** Significant delays in response can lead to tipping off. #### 21.2 Conducting an Investigation - **Project Management:** Treat investigation as a project. - **Goal:** Establish true suspicion, obtain info for FIU, maintain evidence. - **Care:** Ensure investigator safety, avoid tipping off. - **Information Gathering:** Internal documents + reputable external sources. - **Victim vs. Perpetrator:** Contact victim (e.g., credit card fraud) is not tipping off. Contacting perpetrator requires caution. - **Staff Involvement:** If internal staff involved, witnessed investigation, suspension. - **Information without Concerns:** Customer relationship management approach: obtain info while offering better products. - **Forensic Investigation:** Requires training, self-defense. Record findings. #### 21.3 Seeking Consent for Financial Transactions in the UK - **NCA:** National Crime Agency (formerly SOCA) provides responses to SARs. - **Authorised Disclosure (POCA Section 338):** - Before prohibited act. - During prohibited act (discloser's initiative). - After prohibited act (discloser's initiative, good reason for failure before). - **Consent:** Allows reporter to proceed with transaction, provides defence. Does not mandate act, imply approval, provide defence against other offences, derogate from duties, override private law rights. - **Timeframes:** "Notice Period" (7 working days) for NCA to risk assess. "Moratorium Period" (31 calendar days) if consent refused. - **Notification:** Usually by phone, followed by letter. - **Sensitivity:** NCA communicates only with verifiable persons. #### 21.3.3 Submitting a Request for Consent - **Method:** Use SAR Online. Automatic acknowledgment and unique reference number. #### 21.3.4 Making a Report - **Obligation:** Regulated firms report knowledge/suspicion of ML/TF. - **Internal Process:** Firm investigates to confirm suspicion, staff report to MLRO. MLRO assesses grounds. - **Training:** Staff trained on reporting to MLRO. #### 21.3.5 Internal Reporting - **Obligation:** All relevant employees report to nominated officer. - **Protection:** Statutory obligation satisfied, protected from regulatory action. - **Short Reporting Lines:** Speed, confidentiality, swift access. - **Initial Investigation:** Dispassionate review, evidence-based. #### 21.3.6 External Referrals - **Reporting:** MLRO/nominated officer reports to relevant agency (e.g., NCA). - **Timeliness:** Report as soon as practical. Avoid delays. #### 21.3.7 What is Meant by “Knowledge” and “Suspicion”? - **Knowledge:** Actually knowing, or inferred from circumstances (obvious to reasonable employee). - **Information Source:** Knowledge must come from business or agency disclosure, not external (e.g., newspaper reports). - **Suspicion:** Subjective, but must have a foundation beyond speculation. Requires concrete support. - **Unusual vs. Suspicious:** Unusual transaction triggers investigation, not necessarily suspicion. Document investigation and explanations. #### 21.3.8 What is Meant by “Reasonable Grounds” to Know or Suspect? - **Objective Test:** Based on guidance from authority. Reasonable person would infer knowledge/suspicion. - **Balance of Probability:** Most transactions are not ML/TF. - **Complexity:** Difficult to establish evidence in complex cases. - **Employee Defence:** Demonstrate reasonable steps, risk-based approach, KYC. #### 21.3.9 The Investigation by the Nominated Officer - **Purpose:** Assess suspicion, prepare ML report. - **Information:** Access to all necessary info, including KYC. - **Intermediary:** May seek info from intermediary or customer (cautiously). #### 21.3.10 Reporting in the UK - **NCA:** MLRO reports suspicious activity to NCA as soon as practical. - **SAR Content:** Relevant customer info (occupation, NI number). #### 21.3.11 When is There No Obligation to Report? - **Conditions:** Identity of fraudster unknown, whereabouts of laundered property unknown, no info to assist identification. - **Example:** Lost cheque book/debit card leading to low-value fraudulent transactions. #### 21.4 Sanctions and Penalties for Failing to Comply - **Consequences:** Criminal prosecution or regulatory censure for firms, employees, MLROs. - **UK Penalties:** Imprisonment up to 5 years and/or fine. ### Ongoing Monitoring Continuous scrutiny of customer relationships and transactions. #### 22.1 The Importance of Ongoing Monitoring - **KYC Supplement:** Initial due diligence must be supplemented by ongoing monitoring. - **Criminal Tactics:** Launderers anticipate initial due diligence, prepare documents. - **Detection:** Layering/integration phases are best for detection. - **Business Case:** Launderers perform consistent activity initially, then introduce illicit funds. - **Objective:** Identify customer activity inconsistent with understanding of customer/business. #### 22.2 The Link to Customer Relationship Management - **Purpose:** Identify unusual activity. - **CRM Inverse:** Uses normal customer behavior patterns to identify unusual transactions. - **Software:** Software solutions flag transactions for examination. - **Documentation:** Record findings, decisions to meet regulatory requirements. #### 22.3 What Does Ongoing Monitoring Involve? - **Scope:** Scrutiny of transactions (source of funds), updating records, monitoring customer transactions (trends, real-time). #### 22.4 Enhanced Ongoing Monitoring - **Circumstances:** Specific transaction types (high-risk, large amounts, cross-currency without business reason), customer profile (PEPs, cash-intensive businesses), parties involved (sanctions list). - **Customer Contact:** Document analysis, contact customer for additional services, confirm/disprove suspicion. - **Risk Assessment:** Firms define high-risk situations. #### 22.5 The Risk of Dormant Accounts - **High Risk:** Dormant accounts (no customer transactions for a period). - **Concern:** Abuse by employees, funds diverted. - **Mitigation:** Clear definition of "dormant," monitoring for adjustments to prevent classification. - **Case Study (UK, 2009):** Former policeman/bank employee defrauded bank using dormant accounts. Highlights staff exploitation of system loopholes. #### 22.6 What Type of Enhanced Monitoring is Required? - **Scope/Complexity:** Depends on firm's business activities/size. - **Key Elements:** Up-to-date customer information, identify suspicious activity, investigate. - **Credit Card Example:** Monitoring helps protect customers. #### 22.7 Automated vs. Manual Systems of Monitoring - **Manual:** Hard to identify unusual trends. - **Automated:** Software for large volumes. Uses statistical inference or scenarios. - **Effectiveness:** Depends on programming and data availability. - **Benefit:** Back-up control, defence against claims. - **Danger:** Standardized monitoring may miss personalized nuances. Personal review still needed. #### 22.8 Issues to Consider When Implementing a Monitoring System - **Evaluation:** Firms evaluate objectives, business needs. - **Questions:** - Risk-based approach effectiveness. - Correlation between alerts and ML/TF incidence. - Levels of investigation, false positives. - Types of ML/TF addressed. - Data requirements. - **Back-Testing:** Use historical data to evaluate software effectiveness. #### 22.9 Staff Training - **Importance:** Staff awareness is crucial. - **Factors:** Employee experience and intuition for spotting suspicious activity, direct exposure to customers (physical behavior, tone of voice), practical experience. ### Tipping Off Preventing disclosure of information that could prejudice an investigation. #### 23.1 Introduction - **Definition:** Informing a customer they are suspected. - **Objective:** Prevent hampering investigation, ensure funds not moved. - **Sanctions:** Draconian penalties. - **Timing:** Can occur at initial contact, during transaction processing, or after reporting. - **Scope:** Extends to contractors, interim staff, outsourced providers. #### 23.2 Letting the Customer Know - **Criminal Offence:** Disclosing information likely to prejudice investigation. - **Employee Conduct:** Conduct enquiries tactfully, avoid raising suspicion. - **Standard Procedures:** Use standard comments to deflect suspicion. #### 23.3 The Problems in Practice - **Employee Actions:** What should an employee do during investigation? Obtain info without raising suspicion. - **Standard Procedures:** Rely on standard procedures to avoid tipping off. - **Junior Staff:** Often first contact. Moving responsibility up the chain can tip off. - **Vigilance:** Front-line staff must be vigilant and aware of processes. #### 23.4 Penalties for Tipping Off - **Severity:** Major penalties for individuals (imprisonment, unlimited fines). - **Cases:** Few cases where tipping off has actually been penalized. #### 23.5 Communications with Customers Under Investigation - **Ongoing Offence:** Tipping-off offence continues after SAR submission. - **No Disclosure:** Cannot tell customer why transaction is delayed or account frozen. - **MLRO Involvement:** Ensure actions comply with regulations. ### Correspondent Banking Provision of banking services by one bank (correspondent) to another (respondent). #### 24.1 What Are the Money-Laundering Risks in Correspondent Banking? - **No Direct Relationship:** Correspondent has no direct relationship with underlying parties, limited information. - **High Risk:** Non-face-to-face business. - **Systemic Risk:** Allows firms with inadequate AML/CFT controls access to international banking. #### 24.2 How to Assess the Elements of Risk in Correspondent Banking - **Highest Risk Respondents:** Offshore banks, non-local currency, weak regulatory controls, institutionalized corruption. - **Shell Banks:** Do not maintain relationships with shell banks or those providing services to shell banks. - **EDD:** Required for respondents and third parties. - **Risk Indicators:** Respondent's domicile (jurisdiction, parent, FATF pronouncements), ownership/management (transparency, PEP involvement), business/customer base (vulnerable segments), downstream clearing. #### 24.3 Client Visit - **Purpose:** Verify respondent is not a shell bank. #### 24.4 Enhanced Due Diligence - **Elements:** Ownership/management (sources of wealth, reputation, ownership changes, executive experience), PEP involvement, AML/CFT controls, central banks/supranational organizations, branches/subsidiaries/affiliates. - **Responsibility:** Ultimate responsibility for CDD failures remains with the relying institution. ### Record-Keeping Essential for demonstrating compliance and providing audit trails. #### 25.1 The Purpose of Record-Keeping - **Obligation:** Maintain appropriate ML/TF deterrence records and controls. - **Audit Trail:** Essential for combating ML. - **Evidence:** Retain records for customer identification and transactions for investigations. - **Accuracy:** Keep records up to date. - **Customer Contact:** Use relationship management activities to update records. #### 25.2 What Records Have to Be Kept? - **Content:** Customer information, transactions, internal/external suspicion reports, investigation records, MLRO annual reports, information not acted on, agency requests, training/compliance monitoring, training effectiveness. - **Format:** Electronic form permitted if easily obtainable. - **Local Laws:** Verify specific laws. #### 25.2.1 Customer Identification - **Content:** References, identity certificates. Additional EDD info. - **Evidence:** Information for re-obtaining documents from original source (type, number, date, place of issue). - **Retention:** Up to five years after relationship ends or last transaction. - **Passport:** Photocopying only photo page is insufficient. #### 25.2.2 Transactions - **Content:** Records of all transactions (credit/debit slips, cheques). - **Audit Trail:** Maintained for financial profile of suspect accounts. - **Retention:** Minimum five years from transaction completion. Longer for assets with claims beyond five years. #### 25.2.3 Internal and External Reports - **Content:** All actions under reporting requirements (MLRO consideration of info, non-reported suspicions). - **Retention:** Up to five years from report date. #### 25.3 In What Form Should Records Be Kept? - **Options:** Original documentation, photocopies, microfiche, scanned, computerized/electronic. - **Retention:** Unaffected by format. Accessible and retrievable. - **International:** Records held outside country must meet same requirements. No secrecy/data protection should inhibit access. #### 25.4 Failure to Keep Records - **Consequences:** Prosecution, imprisonment, fine, or regulatory censure. ### Money-Laundering-Deterrence Software Computer programs designed to detect suspicious transactions. #### 26.1 What is Money-Laundering-Deterrence Software? - **Purpose:** Analyze customer data, detect suspicious transactions. - **Providers:** Actimize, Ambit, Mantas, Fiserv, Fortent, Norkom, SAS. - **Approaches:** Scenario-modelling, inference-based. - **Requirement:** Not strictly required, but provides audit trail and helps meet onerous requirements. #### 26.2 The Scenario Approach - **Method:** Software uses pre-defined scenarios to identify ML/TF attributes. - **Limitations:** Only identifies transactions fitting criteria. - **Challenge:** Can generate false positives. - **Mitigation:** Regular review of scenarios, adaptation to evolving ML methods. #### 26.3 The Inference Approach - **Method:** Identifies high-risk transactions based on likelihood from historical data. Parameterizes customer/transaction profiles. - **Challenges:** Requires high level of data, can generate false positives. #### 26.4 The Choice is Yours! - **Scenario Modeler:** Good for specific transactions. - **Inference Modeler:** Requires more data, ranks transactions by likelihood of ML. - **Firm Decision:** Choose based on purpose and business practice. Larger firms use inference software. #### 26.5 The Effectiveness of Money-Laundering-Deterrence Software - **Debate:** Effectiveness is debated. Systems depend on data input and programming. - **Benefit:** Analyzes large volumes of data. - **Manual vs. Software:** Software essential for large volumes/multiple locations. - **MLRO:** Difficult to operate without such systems. #### 26.6 Transaction Monitoring - **Importance:** Ongoing responsibility to monitor transactions. Requires adequate/up-to-date documentation. - **Systems:** Transaction monitoring systems are beneficial. - **Effectiveness:** - Analyze system performance (rule-by-rule). - Avoid setting systems to generate fewer alerts. - Allocate resources for analysis. - Consistent monitoring. - Measure performance against comparators. #### 26.7 What Types of Actions Will Be Monitored by the Software? - **Types:** - Transaction monitoring (products, customer, value). - Dormant accounts becoming active. - Customer transaction volume changes. - Inconsistent KYC information. - Accounts requiring EDD. - Identification verification gaps. - Country/business risk ratings. - PEPs. - Financial sanctions monitoring. - Disqualified directors. - Customer activity changes linked to ML cases. #### 26.8 The Perceived Benefits of Anti-Money-Laundering Software - **Documentation:** Easy to document compliance with regulations. - **Defence:** Provides defence against fines/reputational damage. - **Referrals:** Increases referrals to investigation authorities. - **Cost Reduction:** Streamlines investigation, frees resources. - **Efficiency:** Improves business control, comprehensive view of risks. #### 26.9 What Type of Software is Currently on the Market? ##### 26.9.1 Transaction-monitoring Software - **Focus:** Individual transactions. Useful for large volumes. - **Techniques:** Risk rating analysis, watchlist matching (PEP, OFAC), hidden relationships, known ML scenarios, transaction data analysis. - **Types:** Scenario approach, inference products. ##### 26.9.2 Electronic Identification Software - **Purpose:** Verify identity (documents, electronic authentication). - **Providers:** Experian, Complinet, Norkom. ##### 26.9.3 Sanctions and PEP-screening Software - **Purpose:** Screen customer lists against national/international sanctions lists. - **Benefits:** Minimizes false positives, full audit trail. #### 26.10 Selecting Your Software - **Process:** Understand differences, meet vendors, consult users. - **Key Stage:** Constructing a comprehensive long list of potential suppliers. - **Capabilities:** Transaction monitoring, automated risk assessment, KYC/CDD, link analysis, integration with legacy systems. #### 26.11 What About the Smaller Firm? - **Challenge:** Software may be too expensive/data may be insufficient. - **Solution:** Manual monitoring process, employee training. - **Documentation:** Document procedures to demonstrate firm is not a target for launderers.

Related Cheatsheets

Yoga Student Handbook Class XI

56 views

Create Your Own AI Cheatsheet

Generate comprehensive study cheatsheets from your notes, textbooks, or lecture materials using AI.