Bovill - the UK financial services regulatory consultancy - runs regular briefings. These are the slides from the February briefing on anti-money laundering. For more information visit http://www.bovill.com/FinancialCrime.aspx.
Information on the event is below:
Taking a company-wide approach to money laundering
“The FCA has made it very clear that responsibility for the overall culture of firms sits at the top. We need leaders and senior managers within the industry to set the tone for how their staff behave.”
Tracey McDermott, Director of Enforcement and Financial Crime, FCA
The regulator has recently reiterated their intention to carry out further thematic and enforcement work in financial crime. However, many firms still have a fragmented approach to managing the risks of money laundering.
The responsibility for preventing financial crime is shared across the firm from the back office to the boardroom. Firms need to take a company-wide approach to tackling money laundering to ensure they are complying with regulation and managing risks effectively.
Bovill’s briefing looked at Anti-Money Laundering (AML), covering:
• Governance arrangements: as the foundation for effective communication and issue resolution
• Risk management: the difficulties of negotiating the right level of due diligence for higher risk customers and what tools can be used to help with this process
• Systems and controls: ensuring that these are fit for regulatory purpose and are appropriately maintained within your firm.
2. • Themes
• Moving beyond tick the box
• Bringing regulatory compliance to the heart of the
business
OR
• Keeping the CEO out of trouble
• Content
• Governance
• Risk Management
• Monitoring
• Updates
Introduction
2
3. A comprehensive framework for AML compliance
3
Governance
Operations
Risk
Management
Awareness
Monitoring
4. Good governance relates to:
• Leadership
• Strategic
• Risk appetite
• Culture
• Management
• Policies
• Guidance
• Processes
• Clarity of scope
• FCA’s Handbook
• Senior Management Arrangements, Systems & Controls (SYSC)
Governance is the process of decision-making and control
4
Governance
5. Governance models
5
A - Divisional Framework
B - Federal Framework
C - Enterprising
Governance
6. • Board executive responsibility
• Global minimum policy
• Risk appetite articulated to Divisions, Business Units
• Oversight resource allocation proportionate to extent of
delegated risk appetite
• Delegated risk managed at regional level
• Mechanisms for assurance on adequacy of controls
• Good management information
• Eliminate duplication / leverage synergies to reduce costs
The best model takes a number of these features
6
Governance
7. 1. Adopt formal Financial Crime / AML Policies
2. A defined governance and oversight structure
3. Defined AML roles and responsibilities
• Designated MLRO
• Designated Nominated Officer
4. Defined clear approval/ escalation process (CDD / SARs)
• Defined internal path
• Established governing body roles and responsibilities
5. Defined AML training & awareness strategy
For AML, your best governance model must include…
7
Governance
8. Overlay the Three Lines of Defence Model
8
First line of defence
Second line of
defence
Third line
of defence
Increasing
regularity of
review
Governance
9. The Financial Crime governance model in practice
9
Financial Crime
Committee
AML Sanctions Bribery Fraud
Market
Abuse
Data
Security
Shared
Services
Intelligence
• Larger organisations are more likely to have more complex organisational
structures
• Amalgamation of Financial Crime areas may provide efficiencies
• Centralised / holistic organisation recommended
Audit Committee
Group / Board
Executive
Committee
Risk Committee
Compliance
Committee
Governance
How are
outputs
shared?
10. Committee meetings should include the following topics
10
Agenda items will be
driven by:
• Business type
• Activity
• Key risks
• Issues
• Regulatory horizon
• FCA thematic reviews
• Emerging risks
• Hot topics
• MI
• Strategic activities which may
impact Financial Crime
• Oversight / Assurance / Audit
plans
• Projects (e.g. remediation)
• Intelligence
Governance
Attendance
Active Engagement
Challenge
11. Getting the policy and procedures right
11
Group Policy
& Risk Appetite
Statement
Guidance
Procedures
Desktop Manuals
Governance
12. • Due diligence is determined via a Risk Based Approach
• This allows for focused time and effort on the highest risk
customers
Due diligence effort is determined by risk rating
12
Risk
Management
Low risk ‘Simplified’ or lesser amount of due diligence
Medium risk ‘Standard’ due diligence (i.e. more than ‘Low’)
High risk ‘Enhanced due diligence’ (EDD)
13. Customer due diligence should drive risk management
13
IndividualsLegalEntities
• Verify identity
• Identify sources of
income / wealth
• Identify proposed
use of the account
• Identify legal structure
• Identify type of business
• Identify beneficial owners
• Identify source of funds /
client’s own customer
base
• Identify intended use of
the account
• Where is the money
coming from?
• Is the activity consistent
with what is known
about the client (KYC)?
• Is the activity consistent
with the product/
account type?
• Where is the money
going?
• Who owns / controls the
money?
Information Intelligence
Risk
Management
14. Intelligence informs your customer’s risk profile
14
• High risk customer?
• Business type
• Connection to PEPs
• Anticipated activity
• Sanctions targets
• High risk country?
• Country of residence
• Country of prime business
• Connections to sanctions
• Source of funds
• High risk product?
• Service offered
• Product facilities
• Restrictions on the product
• Speed on transaction size
• Delivery channels
• Suspicious activity?
• Meets with Risk Appetite?
Information Intelligence
Risk
Management
15. • Enhanced due diligence is required…
• No face-to-face meeting with the client
• The client is a PEP
• The client is a correspondent
• Any other situation with elevated ML/TF risk
• Enhanced Due Diligence is a more robust level of due
diligence including:
• Enhanced monitoring
• Periodic review
• Negative news searches
• Politically Exposed Person (PEP) searches
• Due diligence on controlling persons and related parties
• Additional documentation gathering
EDD must be applied for higher risk customers/accounts
15
Risk
Management
16. • Legal risk
• Reputational risk
• Regulatory risk
• FCA’s “Thematic Review for High Risk Money Laundering Risk
Situations” and in its “Guide for Firms”
• 4th EU Money Laundering Directive – Domestic PEPs inclusion
• Financial risk
• Recent enforcement action
• Political corruption risk
• Standard Customer Due Diligence (CDD) is not sufficient
• PEPs are becoming more effective in hiding their identity
PEPs are a higher risk category of customer
16
Risk
Management
17. • New client approval
• Identification of existing clients
• Enhanced Due Diligence (EDD)
• Enhanced monitoring
• Reviews – existing PEP clients
• Training and education
Controls are required for PEP risk management
17
Risk
Management
18. An approach to PEP risk management is recommended
18
Screening Decision EDD Approval
Ongoing
Review
Decision based on:
• Discounting
• Judgement
• Profile
• Control
• Public sources
• Adverse media
• Country risk
• Sanctions risk
• Reputation
Management Information (MI)
Risk
Management
19. • PEP profile
• Actual vs. Connected, Current vs. former etc.
• e.g. Actual current PEP = High
• Adverse media
• Money Laundering
• Terrorist Financing
• Fraud, Bribery & Corruption
• Sanctions and Regulatory fine/censure
• Current, recent, historic news
• e.g. Current conviction or charge of money laundering = High
• Country risk association
• Use of Country Risk Ratings
• Based on individual's Country or Residence etc.
• e.g. Individual is a UK ambassador in Syria and has been a
resident of Syria for > 3 years = High
An example of a PEP risk assessment methodology
19
Risk
Management
20. Country risk is relevant to PEP risk management
20
Risk
Management
Country impacts
• Residency (& nationality)
• Client’s place of prime
business
• Business factors
• Source of funds
• Funds destinations
Country risk indicators
For example:
• Membership of FATF
• Membership of regional
FATF
• FATF Strategic deficiencies
• Transparency International
CPI Score
• US INSCR reports
• IMF review status / reports
• OFAC status
Country risk scoring
High risk
Medium risk
Low risk
21. • Methodology output can be used to drive:
• Due diligence requirements
• Frequency and level of ongoing monitoring
• Overall view of PEP risk distribution
• Accurate MI and board reports
• Improved ability to drive business decisions
• Deeper understanding of risks posed
• Ensure customer base aligned to firm’s risk appetite
Benefits of PEP risk assessment include…
21
Risk
Management
22. • Global policy must have clarity on minimum standards
• Documented procedures should reflect business operations
• Golden source of data is used across business and
jurisdictions effectively
• Intelligence (e.g. from SARs) is used effectively in-house
• Processes are owned and over sighted
• Transaction monitoring systems are efficient and effective
• Synergies between relevant processes optimised
• Record keeping is comprehensive
Monitoring of systems and controls is vital
22
Monitoring