Fighting Money Laundering Seven sound practices

penredheadΔιαχείριση

18 Νοε 2013 (πριν από 3 χρόνια και 6 μήνες)

87 εμφανίσεις

Fighting Money Laundering

Seven sound practices

Frederick E. Curry III

Deloitte Financial Advisory

Services LLP

October 2, 2013

Crime Stoppers International


Copyright ©
2013 Deloitte
Development LLC.
All rights reserved.

1


1.
Understand the quantity of money laundering risk at your organization


2.
Confirm that policies, procedures, and controls address all products

and services that you offer


3.
“Know
Your Customer”


4.
Commit sufficient resources to AML compliance


5.
Customize employee training to address money laundering risks


6.
File
required regulatory reports


7.
Test
your
compliance program regularly

Seven sound practices

Copyright ©
2013 Deloitte
Development LLC.
All rights reserved.

2


The Board and senior management should know the quantity of money
laundering risk within your organization



The U.S. Federal Sentencing Guidelines establish that risk assessments
are a foundational element of a compliance program



Products, services, customers, delivery channels, and geographies
served should have a risk classification



Relationships posing higher risks should be reviewed more closely at
the inception of the relationship and frequently throughout the term of
their relationship



Key business stakeholders should be involved in the risk assessment
process

Understand your money laundering risk

Copyright ©
2013 Deloitte
Development LLC.
All rights reserved.

3

Risk assessment

Geographies

Channels

Products & Services

Customers



International Wires



Internet Banking



Large Cash/Large Dollar transactions



Private Banking



Int’l Correspondent Banking



Face

-

to

-

Face Banking



Internet Banking



Agents



OFAC



Areas of Primary ML Concern



FATF Non
-
Cooperative Countries



Typical Daily/Monthly Volume



Politically Exposed Person



Industry / Occupation




Customer Geographic Location




Length of Relationship

EXAMPLES OF RISK MEASURES

RISK



Areas identified in the annual
International Narcotics Control
Strategy Report


Institutions should identify, measure and consider four main risk measures


Based on the extent and the combination of the given risk measures, the overall risk of a
customer can be quantified and differentiated through calibrated scales from Low to High

Copyright ©
2013 Deloitte
Development LLC.
All rights reserved.

4

Risk assessment matrix


Risk Factor

Low

Medium

High

Customer Base
Inherent Risk

Stable, known
customer base

Customer base
increasing due to
branching, merger, or
acquisition

A large and growing
customer base in a
wide and diverse
geographic area

Product / Account Type
Inherent Risk

Limited or no private
banking, trust or
asset management
accounts

Limited domestic
private banking, trust
or asset management
services

Significant domestic
and international
private banking, trust
or asset management
services

Transactional Inherent
Risk

Limited number of
funds transfers, third
party transactions,
and foreign fund
transfers

Moderate number of
funds transfers,
limited international
funds transfers with
typically lower risk
countries

Large number of funds
transfers incl.
noncustomers, PUPID
transactions and high
risk jurisdictions

Geography Inherent
Risk

No transactions with
high risk jurisdictions

Limited transactions
with high risk
jurisdictions

Significant volume of
transactions with high
risk jurisdictions

Inherent money laundering risk is assessed across four main risk areas.
Multiple risk factors are evaluated within each to determine the overall inherent
money laundering risk.

Copyright ©
2013 Deloitte
Development LLC.
All rights reserved.

5

Residual risk illustration

High

Medium

Low

Weak

High

Medium

Low

Moderate

High

Medium

Low

Strong

Medium

Low

Low

Final AML

Controls

Assessment

Final Inherent Risk Assessment

Copyright ©
2013 Deloitte
Development LLC.
All rights reserved.

6


Policies and procedures should be written, up to date and reviewed and
approved by Board of Directors or other authority



Policies and procedures should cover all products and services



Policies and procedures should be commensurate with levels of
compliance risks



Policies and procedures should be implemented



Policies and procedures must be effective!

Establish detailed policies, procedures,

and controls

Copyright ©
2013 Deloitte
Development LLC.
All rights reserved.

7


KYC is the basic tenet of an
effective AML compliance
program



KYC procedures help protect the institutions good name



KYC is an essential part of sound risk management



KYC procedures should articulate customer acceptance standards



KYC provides the basis for identifying unusual or suspicious activity

Know Your Customer (“KYC”)

Copyright ©
2013 Deloitte
Development LLC.
All rights reserved.

8


Senior management is responsible
for establishing an effective
compliance function



The compliance executive should
be a member of senior management



The board and senior management
is responsible for ensuring the
compliance function has the
resources to carry out its
responsibility effectively



The compliance function should
establish an annual compliance plan

Commit sufficient resources to compliance

Copyright ©
2013 Deloitte
Development LLC.
All rights reserved.

9


Education is essential in managing compliance
risks



Training should be based on a formal training
needs assessment



Training should be tailored to the institution’s
risk profile



Leading practice is to train all employees at
least annually



The board and senior management should also
receive compliance training

Customize employee training

Copyright ©
2013 Deloitte
Development LLC.
All rights reserved.

10


Reports establish a paper trail for criminal investigations



Regulatory reporting has been highly useful in warding off criminal
prosecutions



Regulatory reports must be accurate and filed timely

File required regulatory reports

Copyright ©
2013 Deloitte
Development LLC.
All rights reserved.

11


It is important to independently
assess the effectiveness of the
compliance program



Leading practice is to test the

program annually



The scope of testing should include
all products and services



A written report summarizing the
findings should be provided to senior
management and the board



Compliance deficiencies should be
logged and tracked to resolution



Test your compliance program regularly

Copyright ©
2013 Deloitte
Development LLC.
All rights reserved.

12


Insufficient resources dedicated to compliance



Inadequate KYC procedures



Employees have not received relevant compliance training



Unqualified compliance staff



Failure
to identify and periodically monitor high risk
accounts or activity



Lack
of automated transaction monitoring procedures



Poor
record keeping



Failure
to file timely and accurate
required regulatory reports

Most common compliance weaknesses

Copyright ©
2013 Deloitte
Development LLC.
All rights reserved.

13

Frederick E. Curry III

Principal

Deloitte Financial Advisory Services LLP

555 12th Street, Suite 500

Washington, DC 20004
-
1207

+1 202 378
-
5171

fcurry@deloitte.com

Deloitte Financial Advisory Services LLP

This publication contains general information only and Deloitte Financial Advisory Services LLP is not, by means of this publ
ica
tion, rendering
accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a
sub
stitute for such professional
advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making
any

decision or taking any
action that may affect your business, you should consult a qualified professional advisor.


Deloitte Financial Advisory Services LLP shall not be responsible for any loss sustained by any person who relies on this pub
lic
ation.

About Deloitte

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its
network of member firms, each of which is a legally separate and independent entity. Please see
www.deloitte.com/about

for
a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Please see
www.deloitte.com/us/about

for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain
services may not be available to attest clients under the rules and regulations of public accounting.


Copyright © 2011 Deloitte Development LLC. All rights reserved.

Member of Deloitte Touche Tohmatsu Limited