Managing Risk Governance and Streamlining Reporting ProcessesStreamlining Reporting Processes
Presenters:Nathaniel Cole, CAMS, Chief Executive Officer, Forensics & Compliance Institute
Eric Nii Boi Quartey, MICA, DipFM, ACIB, Head of Compliance & Anti-Money Laundering Reporting Officer, Merchant Bank Ghana Ltd
Exploring new ideas for governing the risk assessment
process, from senior-level oversight to project-level
Managing Risk Governance and Streamlining Reporting Processes
&
Identifying options for tailoring reports to the needs of
the business and senior management
Nathaniel Cole, CAMS, CPA, FCA, CFE, FCA, CFC, Cr.FA, CFF, SIRM
CEO, Forensics & Compliance Institute
Regional Director Nigeria- Professional Risk Managers International Association
(PRMIA)
process, from senior-level oversight to project-level
management
• Determining how to effectively communicate risk
Managing Risk Governance and Streamlining Reporting Processes
• Determining how to effectively communicate risk
assessment results to your institution’s Board
• Integrating internal audit findings on risk
assessment process
Nathaniel Cole, CAMS, CPA, FCA, CFE, FCA, CFC, Cr.FA, CFF, SIRM
CEO, Forensics & Compliance Institute
Regional Director Nigeria- Professional Risk Managers International Association
(PRMIA)
Managing Risk Governance and Streamlining Reporting Processes
Risk Assessment
• Risk Assessment is the foundation for all other AML/CFT Compliance
Process.
• The starting point for having a good handle in understanding the AML/CFT
faced by organizations is to have a good and effective risk assessment.
• Risk assessment is not an end by itself neither is it the beginning of an end.
43rd Annual AML & Financial Crime Conference, Africa
• Risk assessment is not an end by itself neither is it the beginning of an end.
• Risk Assessment is very fundamental to understanding the risk that entities
face in terms of risks.
• Risk assessment is an evaluation of the likelihood of an adverse event
occurring and the magnitude of impact should it occur.
• Risk assessment usually tries to answer the following three questions :
• - What can go wrong?
• - How likely is that to happen?
• - What would the consequences be if things went wrong?
Managing Risk Governance and Streamlining Reporting Processes
THE FOUR AML/CFT RISK PILLARS
• Establishment and Implementation of Internal Controls
• Independent Testing of AML/CFT Program To Verify
Compliance
53rd Annual AML & Financial Crime Conference, Africa
• Designated Compliance Officer for AML/CFT
• Adequate AML/CFT Training
Managing Risk Governance and Streamlining Reporting Processes
State of Risk Assessment Process In Africa
• In Africa the state of risk assessment process for financial institutions is in a very poor state and still relatively undeveloped as most organizations do not have a good handle on their risk assessment.
• In 2012 the Deputy Governor, Financial System Stability, Central Bank of Nigeria (CBN), Dr. Chiedu K. Moghalu, spoke on “Risk-Ability: Risk Management Knowledge and Infrastructure for Nigeria’s Financial Services Industry,” at a Chief Risk Officers’ retreat.
63rd Annual AML & Financial Crime Conference, Africa
• His conclusion in respect of Risk Management in respect of Nigerian Financial Institutions in regard to all risks management functions including AML/CFT Risk Management is that “
“RISK MANAGEMENT STILL AT RUDIMENTARY STAGE IN NIGERIA”
This sums up the state of overall risk management in Africa in general. When this is now taken to AML/CFT Risk Management, we can easily infer that it will be in the same state if not worse as it represents part of the risk universe faced by Financial Institutions in Africa.
Managing Risk Governance and Streamlining Reporting Processes
How We View Risk Management and AML/CFT Risks
• Risk management is sometimes seen as a purely defensive strategy
• Risk management as a balance between Risk and Rewards
• The third way is the technical way of looking at risks by understanding the difference
between risk and uncertainty which in most cases can be quantified and sometimes
the variability cannot be quantified.
• In respect of AML risks some unfortunately sees them as purely a compliance issue
which to some is just a cost center that creates no value when in fact their
73rd Annual AML & Financial Crime Conference, Africa
which to some is just a cost center that creates no value when in fact their
organizations strategy should account for all types of risks including AML/CFT Risks
which is now taking a toll on the financial community everywhere including Africa as
regulators are getting very serious in respect of managing and controlling the
AML/CFT Risks they face.
Managing Risk Governance and Streamlining Reporting Processes
The AML/CFT Risk Assessment Process
• An assessment of the risk associated with the client and his/her potential vulnerability to being used for money laundering purposes.
• An assessment of the risk associated with the type of customer and the nature of their business or source of wealth.
83rd Annual AML & Financial Crime Conference, Africa
• An assessment of the anticipated volume of activity (i.e. thresholds)
• A review of the relevant KYC information for all customers against PEP / Warning list databases.
• Local assessment criteria to reflect any money laundering risks specific to the operating environment in the country concerned.
Managing Risk Governance and Streamlining Reporting Processes
Risk Assessment Quantitative Issues
• A well developed AML/CFT and documented risk based AML/CFT risk
assessment will assist Financial Institutions in identifying and measuring
their AML/CFT Risk Profile.
• This serves as the Foundation of the a risk based AML/CFT Compliance
Program that will support the identified Four Pillars.
• A subset of AML\CFT risk Assessment is now the country risk assessment
and quantitative values and the same rating used risk assessment should
93rd Annual AML & Financial Crime Conference, Africa
and quantitative values and the same rating used risk assessment should
be used for country risk assessment.
• This will allow easy combination or consolidation of the Financial Institutions
combined AML/CFT and Sanctions Risk Rating.
• The methodology used in applying or maintaining an AML/CFT Risk
Assessment should be looked at in the context of building a business plan
for a new business in which several factors must be considered including
benchmarking. The same should be used for risk assessment.
Managing Risk Governance and Streamlining Reporting Processes
Current Risk based Approach To KYC
• In most jurisdictions in Africa the most prevalent practice is to assign risk categories to clients (for example)
• Level 1 (representing low risk)• Level 2 (representing medium risk)• Level 3 (representing special or high risk
103rd Annual AML & Financial Crime Conference, Africa
• Level 3 (representing special or high risk customers or accounts)
• The risk will determine the KYC information required and the subsequent intensity of management and monitoring of the account (Enhanced Due Diligence)
• The risk will also determine the account monitoring (risk-based account/transaction monitoring)
Managing Risk Governance and Streamlining Reporting Processes
Flaws with Current Approach and Addressing the Flaws
• The traditional buckets of low, medium or high risk customer in some
quarters represent or present only a one-dimensional view of risk which is
not satisfactory in properly addressing the risks faced by Financial
Institutions.
• This one dimensional view of risk provides no differentiation in respect of
degrees of risks.
113rd Annual AML & Financial Crime Conference, Africa
degrees of risks.
• A better approach is exploring other ways of dealing with these risks and to
have a more accurate view of ranking these risks, there should be a
process that will allow the analysis of an individual profile.
Managing Risk Governance and Streamlining Reporting Processes
Exploring Ways To Address the Flaws in Bucket Risks Approach
• The individual risk profile should be combined or matched with the
individual’s social network. This is who are these individuals linked to and
how they are linked to the customer or client.
• In addition, which negative media are these linked individuals connected
with that is of interest to the Financial Institution.
• This negative media could be a direct or indirect link to the customer or
individuals.
123rd Annual AML & Financial Crime Conference, Africa
individuals.
• This approach or methodology requires we assign value to measure the
degree of risk and it easier to focus on the highest risk first and down the
line in that order.
• Normally if the current RBA is used it will account for the typical assessment
criteria such as products, geography, historical transaction amounts etc.
and this can lead to erroneous classification or categorization of the
customer as low risk when in fact they should be classified as high risks
when their links and news issues are factored into the risk profile.
Managing Risk Governance and Streamlining Reporting Processes
Exploring Dynamic Risk Management
• Requires Technical solutions to risk assessment and management
• It usually requires a daily risk surveillance model
• Optimal balance of risk mitigation required
• Alert Management issues would need to be addressed
133rd Annual AML & Financial Crime Conference, Africa
• Alert Management issues would need to be addressed
• Introduction of classification or prioritization hierarchy into the screening
process or technology.
• Requires ordering alerts by risk and accuracy of the marching effort
• Provides a transparent framework which allows thresholds to be drawn and
provides an objective way to decide what the Financial Institution should
review and in what order based on the institutions requirements or risk
profile or risk appetite.
Managing Risk Governance and Streamlining Reporting Processes
Way Forward To Dynamic Environment
• Financial Institutions must re-evaluate their AML/CFT programs and
address their weaknesses. This process can be jumpstarted by doing the
following:
- Understand the benefits of shifting from a static to a dynamic risk
management
- Do a cost benefit analysis to assess the viability for your financial institution
143rd Annual AML & Financial Crime Conference, Africa
- Consider if rules based is best for you or maybe the more dynamic
principles based would be the better option.
- Implement solutions that will provide you with a more interconnected view of
risk with features such as link analysis
- Link monitoring features is also a good one to consider
- News monitoring is also another feature to consider
Managing Risk Governance and Streamlining Reporting Processes
US Office of the Superintendent of Financial Institutions
(OSFI) Directive To Consider In Exploring New options
• Design EDD to Ensure more focus and attention is paid to higher risk
customers and the attention is also commensurate with the risk level
• Build an Enterprise-Wide Risk Assessment methodology and EDD
approach across all business lines for consistent and appropriate
identification and monitoring of high-risk clients
• Perform enhanced monitoring not just when on boarding but also at
transaction level and project level.
153rd Annual AML & Financial Crime Conference, Africa
transaction level and project level.
• Make sure that EDD measures apply to all high risk situations and that they
address and mitigate the risk factors identified.
• Update customer information and changes to products etc. in a timely
fashion.
• Implement Effective CAMLO Oversight.
Managing Risk Governance and Streamlining Reporting Processes
Exploring Ways To Conduct RBA Without The Country Risk
Assessment When Not Currently Available
We have offshore activities going on without the country risk
assessment as required by the Revised FATF RBA. We
therefore need to enhance the processes we use for such
assessment in the absence of the country risk assessment
which most countries are just starting to address.
Some steps to take to address this deficiency in information are:
163rd Annual AML & Financial Crime Conference, Africa
Some steps to take to address this deficiency in information are:
1. Identify and isolate countries of greatest potential AML/CFT
Risk to the FI.
2. Core elements of an effective country risk assessment must
be reviewed.
3. Four key data sets are required and will be briefly addressed.
Managing Risk Governance and Streamlining Reporting Processes
General Framework To Conduct Country Due Diligence
1. Countries of known direct business activity or future anticipated and
immediate anticipated business activity.
2. Countries of known association to the Financial Institution especially
through a counterparty, second or third-party relationships.
173rd Annual AML & Financial Crime Conference, Africa
3. Countries identified as countries of indirect interest to the financial institution
4. Those other countries that may be deemed to have a material indirect
impact on the business conducted by the financial institution.
Managing Risk Governance and Streamlining Reporting Processes
Next Step In Country Risk Identification-Data Gathering
Gather the data relating to the countries identified as presenting risk to the FI through the use of several public resources which are available to facilitate due diligence required to build and maintain the country risk assessment such as :
1. Keystone resources such as FATF, the EU Sanctions List, the USA PATRIOT ACT Section 311 list.
183rd Annual AML & Financial Crime Conference, Africa
the USA PATRIOT ACT Section 311 list.
2. Official Government resources such as US Department of State, CIA, Organization for Economic Development and Co-Operative Development (OECD), IMF etc.
3. Third-party vendors and solutions providers such as Lexis-Nexis.
4. Global Media resources such as Wall Street Journal, the Economist, Financial Times etc.
Managing Risk Governance and Streamlining Reporting Processes
Exploring New Approaches To Employee Risk On Projects
• An important aspect of adopting the Risk Based approach
• Ensure that the correct employee is employed
• Consult any relevant lists of bank employees dismissed that may be maintained
• Risk rate job categories
193rd Annual AML & Financial Crime Conference, Africa
• Risk rate job categories
• Apply the risk-based approach to employee vetting –higher level of vetting for higher risk job categories
• Risk rating job categories allows the bank to structure the level and depth of AML training to be provided to employees
Managing Risk Governance and Streamlining Reporting Processes
OTHER AREAS TO EXPLORE FOR RISK ASSESSMENT INNOVATION
• Integrating AML/CFT Risk Assessment into the FIs traditional
risk areas such as operational Risks is an option to be
explored.
• Each FI should move away from the integrated approach to
risk management and explore the Enterprise Risk
Management (ERM) Framework that cuts across all areas of
203rd Annual AML & Financial Crime Conference, Africa
Management (ERM) Framework that cuts across all areas of
the enterprise risks with a holistic approach.
• If ERM is effectively applied, it will be a holistic approach
that will also cover AML/CFT risk assessments.
Managing Risk Governance and Streamlining Reporting Processes
OTHER AREAS TO EXPLORE FOR RISK ASSESSMENT INNOVATION
Business & Project Risk Assessment Conduct Risk Assessment of the following elements:
• – Bank’s risk appetite;
• – AML/TF Typologies;
• – Customer types;
• – Economic activity;
213rd Annual AML & Financial Crime Conference, Africa
• – Economic activity;
• – Products and services;
• – Delivery channels;
Managing Risk Governance and Streamlining Reporting Processes
OTHER AREAS TO EXPLORE FOR RISK ASSESSMENT INNOVATION
Relationship Risk Assessment
– Assess overall client relationships (including duration, number of accounts,
products and services and activities).
– Conduct on-going risk assessments based on the aggregated risk of a
customer relationship
223rd Annual AML & Financial Crime Conference, Africa
Linking Customer Risk with Due Diligence Requirements
Linking Channel Risk with Due Diligence Requirements
Managing Risk Governance and Streamlining Reporting Processes
IMPLEMENTING A PEP RISK FRAMEWORK
• Using the AML Review Thinking Map, in all cases we need to have considered the following :
– Client Verification and Identification
233rd Annual AML & Financial Crime Conference, Africa
– Client Verification and Identification
– Client Occupation and Business Activity
– Source of Funds
– Destination of Funds
– Product and Transaction Type (Types of
Funds)
Managing Risk Governance and Streamlining Reporting Processes
STREAMLINING REPORTING PROCESSES FOR --DISCUSSION
• Identifying options for tailoring reports to the needs of the business and senior management.
• Purpose
243rd Annual AML & Financial Crime Conference, Africa
• Purpose
• Audience
• Management needs
• Communication & Channels
• Integrating internal audit findings on risk
assessment process
• Independence
• Objectivity
Managing Risk Governance and Streamlining Reporting Processes
STREAMLINING REPORTING PROCESSES FOR --DISCUSSION
253rd Annual AML & Financial Crime Conference, Africa
• Objectivity
• Understanding of AML issues
• Internal Audit Review and Independent Testing
QUESTIONS?
263rd Annual AML & Financial Crime Conference, Africa
Top Related