Chapter 3 Flashcards Preview

ACAMS 6 > Chapter 3 > Flashcards

Flashcards in Chapter 3 Deck (37)
Loading flashcards...
1

MAINTAINING AN AML/CFT RISK
MODEL
Why is it important to continue to
update and revisit risk assessments?

Risk is dynamic and needs to be continuously managed.
It should also be noted that the environment in which
each organization operates is subject to continual
change. Externally, the political changes of a jurisdiction
or whether economic sanctions are imposed or removed
may impact a country-risk rating. Internally, organizations
respond to market and customer demands by introducing
new products and services and implementing new
delivery systems.
The combination of these changes makes it critical that
the ML/TF risk model is subject to regular review. In some
countries, there is a legislative obligation for such reviews
to be undertaken on a regular basis — usually annually or
when new products, delivery channels or customer types
are introduced.

2

AML/CFT RISK SCORING
What does FATF recommend
considering when assessing risk?

When assessing risk, FATF recommends considering:
• Customer risk factors such as non-resident customers,
cash-intensive businesses, complex ownership
structure of a company, and companies with
bearer shares.
• Country or geographic risks such as countries with
inadequate AML/CFT systems, countries subject
to sanctions or embargos, countries involved with
funding or supporting of terrorist activities, or those
with significant levels of corruption.
• Product, service, transaction or delivery channel
risk factors such as private banking, anonymous
transactions, and payments received from unknown
third parties.)

3

ASSESSING THE DYNAMIC RISK
OF CUSTOMERS
What are some factors an institution
should consider when assessing the
dynamic risk of its customers?

As every financial institution develops transaction history
with customers, it should consider modifying the risk
rating of the customer, based on:
• Unusual activity, such as alerts, cases and suspicious
transaction report (STR) filings.
• Receipt of law enforcement inquiries, such
as subpoenas.
• Transactions that violate economic
sanctions programs.
• Other considerations, such as significant volumes
of activity where it would not be expected, such as
a domestic charity engaging in large international
transactions or businesses engaged in large volumes
of cash where this would not normally be expected.

4

AML/CFT RISK IDENTIFICATION –
GEOGRAPHIC LOCATION
What are some sources of identifying
countries that pose heightened
geographic risk?

• The US State Department issues an annual
“International Narcotics Control Strategy Report”
rating more than 100 countries on their money
laundering controls.
• Transparency International publishes a yearly
“Corruption Perceptions Index,” which rates more
than 100 countries on perceived corruption.
• FATF identifies jurisdictions with weak AML/CFT
regimes and issues country-specific Mutual
Evaluation Reports.
• In the United States certain domestic jurisdictions
are evaluated based on whether they fall within
government-identified higher-risk geographic
locations such as High Intensity Drug Trafficking
Areas (HIDTA) or High Intensity Financial Crime
Areas (HIFCA).

5

SYSTEM OF INTERNAL POLICIES,
PROCEDURES AND CONTROLS
What are some examples of internal
controls, outside of policies and
procedures?

While policies and procedures provide important
guidance, the AML/CFT program also relies on a variety
of internal controls, including management reports and
other built-in safeguards that keep the program working.
These internal controls should enable the compliance
organization to recognize deviations from standard
procedures and safety protocols.
A matter as simple as requiring a corporate officer’s
approval or two signatures for transactions that exceed
a prescribed amount could be a critical internal control
element that if ignored seriously weakens an institution’s
AML/CFT program and attracts unwanted attention from
supervisory authorities.

6

THE COMPLIANCE FUNCTION
What factors should be considered
when determining the sophistication
of a compliance function within an
institution?

The sophistication of the compliance function should
be based upon the institution’s nature, size, complexity,
regulatory environment, and the specific risk associated
with the products, services, and clientele. No two
institutions will have exactly the same compliance
structure because the risk facing each institution is
going to be different, as identified in their respective
risk assessments.

7

DESIGNATION AND
RESPONSIBILITIES OF A
COMPLIANCE OFFICER –
COMMUNICATION
Why is it critical that the
Compliance Officer have good
communications skills?

The compliance officer must also have the means to
communicate at all levels of the organization — from
front-line associates all the way up to the CEO and Board
of Directors. It is critical for a compliance officer to be
capable of articulating matters of importance to senior
and executive management, particularly significant
changes that may present risk to the organization,
such as a sudden or substantial increase in STRs or
currency transaction reports (CTRs).
Other items of concern that need to be escalated to
management may include changes to laws or regulations
that may require immediate action. A compliance officer
must have the skills necessary to be able to analyze and
interpret these ongoing changes, determine what effect
they may have on the institution, and suggest an action
plan when appropriate.

8

DESIGNATION AND
RESPONSIBILITIES OF A
COMPLIANCE OFFICER –
DELEGATION OF AML DUTIES
What controls should a Compliance
Officer consider over an AML duty
that has been delegated?

The compliance function may establish risk-based quality
assurance reviews and monitoring and testing activities to
ensure the functions are being performed appropriately.
This may include a review of the CDD collected to ensure
completeness, monitoring reports of CDD completeness
or defects to ensure the systems are working as expected,
and performing testing to assess whether the monitoring
and the business performance are satisfactorily measuring
and ensuring compliance.

9

AML/CFT TRAINING –
WHO TO TRAIN
What are some of the target
audiences for training?

• Customer-facing staff
• Operations personnel
• AML/CFT compliance staff
• Senior management and board of directors
• Independent testing staff

10

AML/CFT TRAINING –
HOW TO TRAIN
Why is it important to have a test
at the end of a training session?

Tests should be considered as a means to evaluate
how well the training is understood with a mandatory
passing score.

11

AML/CFT TRAINING –
WHEN TO TRAIN
When should an institution
conduct training?

An institution’s training should be ongoing and on a
regular schedule. Existing employees should at least
attend an annual training session. New employees should
receive appropriate training with respect to their job
function and within a reasonable period after joining
or transferring to a new job. Situations may arise that
demand an immediate session.
For example, an emergency training session may be
necessary right after an examination or audit that
uncovers serious money laundering control deficiencies.
A news story that names the institution or recent
regulatory action, such as a Consent Order, might also
prompt quick-response training. Changes in software,
systems, procedures or regulations are additional triggers
for training sessions.

12

KNOW YOUR CUSTOMER/CDD
According to FATF, when should an
institution conduct CDD?

FATF recommends that financial institutions should be
required to undertake CDD measures when:
• Establishing business relationships.
• Carrying out occasional transactions under
certain circumstances.
• There is a suspicion of money laundering or
terrorist financing.
• The financial institution has doubts about the
veracity or adequacy of previously obtained
customer identification data.

13

EDD
According to FATF, when should an
institution conduct enhanced due
diligence on a customer?

FATF indicates that when there are circumstances where
the risk of money laundering or terrorist financing is
higher, enhanced CDD measures should be taken.

14

EDD FOR HIGHER RISK CUSTOMERS
What are some examples of
enhanced due diligence for higher
risk customers?

A financial institution should consider obtaining
additional information from high-risk customers such as:
• Source of funds and wealth.
• Identifying information on individuals with control over
the ccount, such as signatories or guarantors.
• Occupation or type of business.
• Financial statements.
• Banking references.
• Domicile.
• Proximity of the customer’s residence, place of
employment, or place of usiness to the bank.
• Description of the customer’s primary trade area
and whether international ransactions are expected
to be routine.
• Description of the business operations, the anticipated
olume of currency and total sales, and a list of major
customers and suppliers.
• Explanations for hanges in account activity.

15

ACCOUNT OPENING, CUSTOMER
IDENTIFICATION AND VERIFICATION
According to FATF, when should the
identity of a customer be verified?

A bank should not establish a banking relationship,
or carry out any transactions, until the identity of the
customer has been satisfactorily established and verified
in accordance with FATF Recommendation 10.

16

CONSOLIDATED CDD
How should a global financial
institution address the performance of
CDD across its various operations?

Financial institutions should aim to apply their customer
acceptance policy, procedures for customer identification,
process for monitoring higher risk accounts and risk
management framework on a global basis to all of their
offices, branches and subsidiaries. The firm should clearly
communicate these policies and procedures through
ongoing training and regular communications, as well as
conduct monitoring and testing to ensure compliance
with the policies and procedures

17

ECONOMIC SANCTIONS
What are the three primary categories
of economic sanctions?

Sanctions can generally fall into one of the following
categories:
• Targeted Sanctions – aimed at specifically named
individuals, such as key leaders in a country or territory,
named terrorists, significant narcotics traffickers and
proliferators of weapons of mass destruction. These
sanctions often include the freezing of assets and
travel bans where possible.
• Sectoral Sanctions – aimed at key sectors of an
economy to prohibit a very specific subset of financial
dealings within those sectors to impede future growth.
• Comprehensive Sanctions – generally prohibit all
direct or indirect import/export, trade brokering,
financing or facilitating against most goods,
technology and services. These are often aimed
at regimes responsible for gross human rights
violations, and nuclear proliferation.

18

ECONOMIC SANCTIONS – US
What is the Office of Foreign Assets
Control’s (OFAC) list of sanctions
persons known as?

The Specially Designated Nationals and Blocked
Persons (SDN) list.

19

SANCTIONS LIST SCREENING
When should institutions conduct
economic sanctions screening?

Before a financial institution starts doing business with
a new customer or engaging in certain transactions
(e.g., international wire payments), it should review the
various country sanction program requirements as well as
published lists of known or suspected terrorists, narcotics
traffickers, and other criminal actors for potential matches.

20

POLITICALLY EXPOSED
PERSONS SCREENING
What are some of the limitations on
screening customers against lists of
Politically Exposed Persons?

The information contained in them – and the ability to
positively match your customer with a PEP on a database
– can be a challenge. These lists do not always provide
all relevant information related to PEPs that would assist
in identifying them. For instance, there is no unique
identifier, such as a date of birth or address.

21

ASSESSING RISK AND DEVELOPING
A RISK-SCORING MODEL
Why is the risk-based approach more
preferable than a prescriptive approach
in the area of anti-money laundering
and counter-terrorist financing?

• Flexible – as money laundering and terrorist financing
risks vary across jurisdictions, customers, products and
delivery channels, and over time,
• Effective – as companies are better equipped than
legislators to effectively assess and mitigate the
particular money laundering and terrorist financing
risks they face, and
• Proportionate – because a risk-based approach
promotes a common sense and intelligent approach
to fighting money laundering and terrorist financing as
opposed to a “check the box” approach. It also allows
firms to minimize the adverse impact of anti-money
laundering procedures on their low-risk customers.

22

THE ELEMENTS OF AN AML
PROGRAM – CONTROLS
What are the basic elements of
financial institution’s anti-money
laundering program?

• A system of internal policies, procedures and controls,
• A designated compliance officer with day-to-day
oversight over the AML program,
• An ongoing employee training program, and
• An independent audit function to test the
AML program

23

THE ELEMENTS OF AN AML
PROGRAM – COMPLIANCE OFFICER
Identify the responsibilities of the antimoney
laundering compliance officer.

A person should be designated as the anti-money
laundering compliance officer. This individual should be
responsible for designing and implementing the program,
making necessary changes and disseminating information
about the program’s successes and failures to key staff
members, constructing anti-money laundering-related
content for staff training programs and staying current on
legal and regulatory developments in the field.

24

THE ELEMENTS OF AN AML
PROGRAM – TRAINING
What are some characteristics of a
successful anti-money laundering
compliance training program?

Regulations and laws require financial institutions to have
formal, written AML compliance programs that include
“training for appropriate personnel.” A successful training
program not only should meet the standards set out in
the laws and regulations that apply to an institution, but
should also satisfy internal policies and procedures and
should mitigate the risk of getting caught up in a money
aundering scandal. Training is one of the most important
ways to stress the importance of anti-money laundering
efforts, as well as educating employees about what to do
if they encounter potential money laundering.

25

THE ELEMENTS OF AN AML
PROGRAM – TRAINING
Identify the basic elements behind
the development of an effective
anti-money laundering compliance
training program.

• Who to train,
• What to train on,
• How to train,
• When to train, and
• Where to train.

26

THE ELEMENTS OF AN AML
PROGRAM – AUDIT
Describe how the independent audit
should review Suspicious Transaction
Reporting (STR) systems.

The independent audit should review Suspicious
Transaction Reporting (STR) systems, which should
include an evaluation of the research and referral of
unusual transactions. Testing should include a review of
policies, procedures and processes for referring unusual
or suspicious activity from all business lines (e.g., legal,
private banking, foreign correspondent banking) to the
personnel or department responsible for evaluating
unusual activity.

27

THE ELEMENTS OF AN AML
PROGRAM – AUDIT
What steps should the independent
audit take to evaluate the bank’s
transaction monitoring software’s ability
to identify unusual activity?

• Reviewing policies, procedures, and processes for
suspicious activity monitoring,
• Evaluating the system’s methodology for establishing
and analyzing expected activity or filtering criteria,
• Evaluating the appropriateness of the monitoring
reports, and
• Comparing the transaction monitoring typologies to
the AML/CFT risk assessment for reasonableness.

28

WHAT RISKS DO YOUR PRODUCTS
OR SERVICES POSE?
What banking functions or products
are considered high-risk?

• Private banking,
• Offshore international activity,
• Deposit-taking facilities,
• Wire transfer and cash-management functions,
• Transactions in which the primary beneficiary
is undisclosed,
• Loan guarantee schemes,
• Travelers checks,
• Official bank checks,
• Money orders,
• Foreign exchange transactions,
• Trade-financing transactions with unusual
pricing features, and
• Payable Through Accounts (PTAs).

29

WHAT RISKS DO YOUR
CUSTOMERS POSE?
When categorizing risks, what are the
four general levels of risk?

• Prohibited – The company will not tolerate any dealings
of any kind given the risk. Countries subject to economic
sanctions or designated as state sponsors of terrorism,
such as Sudan or Iran, are prime candidates for prohibited
transactions. Prohibited customers would include shell
banks,
• High-Risk – The risks here are significant, but are not
necessarily prohibited. To mitigate the heightened risk
resented, the firm should apply more stringent controls to
reduce the risk, such as conducting nhanced due diligence
and more rigorous transaction monitoring. Countries that are
noted for corruption or rug trafficking are generally deemed
high risk. High-risk customers may include PEPs; high-risk
products and services may include correspondent banking
and private banking,
• Medium-Risk – Medium risks are more than a low- or
standard-risk of money laundering, and merit additional
scrutiny, but do not rise to the level of high-risk, and
• Low- or Standard-Risk – This represents the baseline risk of
money aundering; normal business rules apply.

30

WHAT RISKS DO YOUR
CUSTOMERS POSE?
What types of customers might
be considered high-risk for money
laundering?

• Casinos,
• Offshore corporations and banks located in tax/
banking havens,
• MSBs, including currency exchange houses, money
remitters, check cashers,
• Car, boat and plane dealerships,
• Used-car and truck-dealers and machine parts
manufacturers,
• Travel agencies,
• Brokers/dealers in securities,
• Jewel, gem and precious metals dealers,
• Import/ export companies, and
• Cash-intensive businesses (restaurants, retail
stores, parking).