Post on 07-Mar-2018
Asia Full Day SeminarsAsia Pacific Region - 4th Annual Enhanced AML/CTF Tools and Techniques
1
Fortifying Your AML Audit with International Best Practices
Hue Dang, CAMSHead of Asia, ACAMS
1 February 2013
Asia Pacific Region –4th Annual Enhanced AML/CTF Tools and Techniques
AgendaRegulatory Framework: BSA/AML ExamOptimizing your audit practices to meet
stringent regulatory expectations and regional standards Implementing a risk-based approach to AML
auditsLeveraging audit findings to improve AML
department processes Applying the latest techniques to streamline
testing and reporting procedures
2
Asia Pacific Region –4th Annual Enhanced AML/CTF Tools and Techniques
Regulatory Framework: BSA/AML Key Components
AML Risk AssessmentStep 1: Risk categories: products, services, customers,
entities, transactions, and geographic locations Step 2: detailed analysis of the data identified to
better assess the risk within these categories AML Compliance Program Written policies, procedures, and processes System of internal controls to ensure ongoing
compliance (CIP Program) Independent Testing Designation of Compliance Officer Training
3
Asia Pacific Region –4th Annual Enhanced AML/CTF Tools and Techniques
Regulatory Framework: BSA/AML Key Components (cont’d)
Suspicious Activity Monitoring & Reporting SystemsReview correspondence with primary regulatorCheck for STR, CTR errors and exemptions
Level and Extent of Automated SystemsVolume of activity commensurate w/ customer
occupation or type of business Number & Volume of high-risk customers Volume of STRs/CTRs in relation to exemption Volume of STRs/CTRs in relation to bank size,
asset or deposit growth, and geographic location4
Asia Pacific Region –4th Annual Enhanced AML/CTF Tools and Techniques
Implementing a risk-based approach to AML audits
STARTING POINT 1. What are the Key Elements of a Good AML Program?
Statement of Objective AML Organization Structure - Identification of Roles & Responsibilities AML Regulatory Framework Outline of the AML/Compliance/Risk Governance Structure Risk assessment of Clients/Products/Geographies /Transactions On-boarding Procedures - CIP + KYC On-going Monitoring + Periodic Review Escalation - Investigation-Suspicious Activity Reporting Cooperation with Law Enforcement, other financial institutions Sanction Screening MIS Record Retention AML Training Review and Auditing/Testing of the AML Program
5
Asia Pacific Region –4th Annual Enhanced AML/CTF Tools and Techniques
1. Management Oversight
2. AML Policies/Procedures
3. AML Monitoring
4. SAR/STR Reporting, Sanction Screening
5. Testing
6. Training
2. Derive the Key AML Risks and Controls from an Effective AML Program
6
Asia Pacific Region –4th Annual Enhanced AML/CTF Tools and Techniques
Testing AML Controls :
Some Common Flaws in AML Risks and Controls Management Oversight Lack of Business Participation/Buy-in (No
‘Culture of Compliance’) Weak AML Governance Structure (i.e. Senior
(AML) Management not aware of AML issues and their resolution)
AML Policies Fragmented procedures/processes Not robust enough – in mitigating certain High Risks Not timely in addressing regulatory changes (Gaps &
Remediation)
Asia Pacific Region –4th Annual Enhanced AML/CTF Tools and Techniques
AML Monitoring Parameters/Thresholds not optimized: Noise
vs Productive Alerts Inefficient disposition of Alerts: Too many non-
productive Alerts Inexperienced AML Analysts – to detect
unusual activity Insufficient resources Failure to document the rationale for closing
an alert/investigation
Testing AML Controls :Some Common Flaws in AML Risks and Controls
8
Asia Pacific Region –4th Annual Enhanced AML/CTF Tools and Techniques
SAR/STR Reporting, Sanction Screening Lack of clarity in the Escalation Process Too much time taken to determine possible
suspicious/unusual activity (Delay in reporting) Poor SAR/STR Narratives - Failure to clearly state
why the activity is suspicious (or NOT suspicious) Failure to take (or track) action post-SAR/STR
filing Search request and result reporting are not
streamlined (resulting in untimely responses/incomplete coverage)
Testing AML Controls :Some Common Flaws in AML Risks and Controls
9
Asia Pacific Region –4th Annual Enhanced AML/CTF Tools and Techniques
Testing No Independent; only Self-testing Lack of Transparency in Testing and Results Poorly defined Corrective Action Plans (Root Causes not
identified/addressed) Failure to track Follow-up Actions – Corrective Action
Plans/Remediation Training Failure to identify correct target-audience(s) within the Firm Failure to track and follow-through on non-completion of
mandatory training New Training vs Refresher Training (same modules/contents) Failure to train to regulatory requirement
Testing AML Controls :Some Common Flaws in AML Risks and Controls
10
Asia Pacific Region –4th Annual Enhanced AML/CTF Tools and Techniques
11
CASE STUDY:
Testing KYC/CDD Controls
Asia Pacific Region –4th Annual Enhanced AML/CTF Tools and Techniques
STARTING POINT: Appreciate the importance of an effective KYC /CDD program
Effective KYC/CDD Program
Identifies the ML/TF risk that the prospect / client may pose
Tailors the Due Diligence required to be performed on the prospect /client
ML/TF risk to the your FI /Bank Managed
Satisfies that the prospect / client does NOT pose a ML/TF risk
12
Asia Pacific Region –4th Annual Enhanced AML/CTF Tools and Techniques
Key components of an effective KYC/CDD program
OBTAINClient Identity Information & Documentation
VERIFYClient Identity Information & Documentation
Written Customer Identification Program / Procedures
Customer Due Diligence
Name Screening
Sanctions Lists
Do-not-do Business Lists
Due Diligence or Enhanced Due Diligence (EDD)
Object: To enable the bank to form a reasonable belief that it knows the true identity of each customer.
Object: To enable the bank to verify facts about the client, including his reputation.
Object: To ensure that the bank does not establish a relationship with a sanctioned person, or with someone that the bank ought not to do business (e.g. previously rejected, or terminated clients, known criminals), etc.
Record Retention
13
Asia Pacific Region –4th Annual Enhanced AML/CTF Tools and Techniques
KYC/CDD Controls Testing:What are some of the common flaws /problems with a KYC/EDD program?
KYC Policy / Procedures No written CIP / CDD / Name Search procedures
/ Records Retention procedures. Unclear procedures Fragmented procedures/processes (i.e. not
consolidated or centrally located) Not robust enough – in identifying and/or
mitigating certain High Risks Clients PLEASE REFER TO NEXT SLIDE Not timely in addressing regulatory changes
(Gaps & Remediation)14
Asia Pacific Region –4th Annual Enhanced AML/CTF Tools and Techniques
KYC/CDD Program Regulatory Expectation - Enhanced Due Diligence for Higher-Risk Customers
The bank should consider obtaining, both at account opening and throughout the relationship, the following information on the customer:
• Purpose of the account. • Source of funds and wealth. • Individuals with ownership or control over the account, such as beneficial owners,
signatories, or guarantors.• Occupation or type of business (of customer or other individuals with ownership or
control over the account). • Financial statements. • Banking references. • Domicile (where the business is organized). • Proximity of the customer’s residence, place of employment, or place of business to the
bank. • Description of the customer’s primary trade area and whether international transactions
are expected to be routine. • Description of the business operations, the anticipated volume of currency and total
sales, and a list of major customers and suppliers. • Explanations for changes in account activity.
Source: FFIEC BSA/Aml Examination Manual http://www.ffiec.gov/bsa_aml_infobase/pages_manual/manual_online.htm
Asia Pacific Region –4th Annual Enhanced AML/CTF Tools and Techniques
KYC/CDD Program assessment Common flaws in KYC/CDD Programs – SUMMARY (cont’d)
Training Business does not appreciate the ML/TF risks Bankers do not know how to complete a KYC Profile.
KYC / CDD Client Profiles Insufficient information on client’s Source of Wealth or Source of Funds DD /EDD not performed. Or, results not sufficiently documented for the
DD/EDD that was performed No quality control on what client or banker says about the client (i.e. no
independent corroboration / verification) The information is stale; as the client’s profile has not been periodically
reviewed and updated. Too many exceptions / deferrals on client documentation to be
obtained. These deferrals may not be tracked to ensure the documents are received
16
Asia Pacific Region –4th Annual Enhanced AML/CTF Tools and Techniques
Leveraging audit findings to improve AML department processes
17
Review the past finding (s) Review the Corrective Action (s) that were
agreed to address the finding.
Ask: Has the Corrective Action addressed the ROOT CAUSE?
Asia Pacific Region –4th Annual Enhanced AML/CTF Tools and Techniques
Applying the latest techniques to streamline testing and reporting procedures
18
Identify Key AML Risks and their controls Test the Controls – Design and Operating
Effectiveness Don’t just rely on deliverables from the
Auditee. Think how else can we test the Controls – Independent data requests from Technology?
Asia Pacific Region –4th Annual Enhanced AML/CTF Tools and Techniques
AML Audit Cycle: Summary
19
Adequacy of AML Program
AML Policies, procedures, processes
Compliance with AML
obligations by staff
Data testing including
monitoring programs
Review of training records
Record keeping
Measure against prior assessments.
audits
Asia Pacific Region –4th Annual Enhanced AML/CTF Tools and Techniques
20
AML Audit Report Flow
• Scope agreed
Phase 1
• Perform Audit
Phase 2• Report to
Board
Phase 3
• Action plans
Phase 4• Validate
Phase 5
Asia Full Day SeminarsAsia Pacific Region - 4th Annual Enhanced AML/CTF Tools and Techniques
21
Some Cases
Asia Pacific Region –4th Annual Enhanced AML/CTF Tools and Techniques
Hong Kong’s Largest ML Case (24 Jan 2013)
• 22-yr old high school drop-out working as factory delivery man• Chiyu Bank (part of Bank of China (HK)): initial deposit of HK$500
in 2009, within 8 mos, HK$13bil. in transfers by internet (4,800 deposits & 3,500 transfers out)
• VERDICT: 10 ½ yrs imprisonment• KEY QUESTION: What is the consequence to the Bank? 22
HK: Jan to Nov 2012: 136 MLcases prosecuted & 147 people convicted
Asia Pacific Region –4th Annual Enhanced AML/CTF Tools and Techniques
23
Jurisdiction: Hong Kong Indicators: 600 transactions over 2 years, with HKD1 mil in size Deposited HKD1.1 mil. In Jockey Club account, only HKD2K used for
betting Monthly salary of HKD23K
Case description: Wilson Ho Hung-yiu, 36, attached to the Traffic Accident Investigation Unit of Kowloon West, used three bank accounts and a Jockey Club account to manipulate the money between 2007 and 2009. Defendant claimed transactions were for his business, but Inland Revenue Dept records showed he neither owned a property or ran a business, and had not other sources of income.
Verdict: 3 years imprisonment
Living/Salary Standards Test
Asia Pacific Region –4th Annual Enhanced AML/CTF Tools and Techniques
• Securities Fraud • Investment Adviser Fraud, • Mail Fraud • Wire Fraud• False Statements • Perjury• False Filings to the SEC • Theft from an employee
benefit plan • AND three counts of
money laundering
Tying it all together: Ponzi Scheme
“ I am not a banker but I know that $100bn going in and out of a bank account is something that should alert you to something,” Madoff told the Financial Times from his North Carolina prison.
Asia Full Day SeminarsAsia Pacific Region - 4th Annual Enhanced AML/CTF Tools and Techniques
2525
Thank you.
Questions?