Chapter 3 Flashcards Preview

CAMS (6th Edition) flashcards from ACAMS > Chapter 3 > Flashcards

Flashcards in Chapter 3 Deck (37)
Loading flashcards...
1

AML/CFT RISK SCORING - What does FATF recommend considering when assessing risk?

When assessing risk, FATF recommends considering:
1. Customer risk factors such as non-resident customers, cash-intensive businesses, complex ownership structure of a company, and companies with bearer shares,
2. Country or geographic risks such as countries with inadequate AML/CFT systems, countries subject to sanctions or embargos, countries involved with funding or supporting of terrorist activities, or those with significant levels of corruption,
3. Product, service, transaction or delivery channel risk factors such as private banking, anonymous transactions, and payments received from unknown third parties.

2

THE COMPLIANCE FUNCTION - What factors should be considered when determining the sophistication of a compliance function within an institution?

The sophistication of the compliance function should be based upon the institution's nature, size, complexity, regulatory environment, and the specific risk associated with the products, services, and clientele. No two institutions will have exactly the same compliance structure because the risk facing each institution is going to be different, as identified in their respective risk assessments.

3

AML/CFT RISK IDENTIFICATION -- GEOGRAPHIC LOCATION - What are some sources of identifying countries that pose heightened geographic risk?

1. The U.S. State Department issues an annual "International Narcotics Control Strategy Report" rating more than 100 countries on their money laundering controls.
2. Transparency International publishes a yearly "Corruption Perceptions Index," which rates more than 100 countries on perceived corruption.
3. FATF identifies jurisdictions with weak AML/CFT regimes and issues country-specific Mutual Evaluation Reports.
4. In the United States certain domestic jurisdictions are evaluated based on whether they fall within government-identified higher-risk geographic locations such as High Intensity Drug Trafficking Areas (HIDTA) or High Intensity Financial Crime Areas (HIFCA).

4

MAINTAINING AN AML/CFT RISK MODEL - Why is it important to continue to update and revisit risk assessment?

Risk is dynamic and needs to be continuously managed. It should also be noted that the environment in which each organization operates is subject to continual change. Externally, the political changes of a jurisdiction may impact a country-risk rating. Internally, organizations respond to market and customer demands by introducing new products and services and implementing new delivery systems.

The combination of these changes makes it critical that the ML/TF risk model is subject to regular review. In some countries, there is a legislative obligation for such reviews to be undertaken on a regular basis -- usually annually or when new products, delivery channels or customer types are introduced.

5

SYSTEM OF INTERNAL POLICIES, PROCEDURES AND CONTROLS - What are some examples of internal controls, outside of policies and procedures?

While policies and procedures provide important guidance, the AML/CFT program also relies on a variety of internal controls, including management reports and other built-in safeguards that keep the program working. These internal controls should enable the compliance organization to recognize deviations from standard procedures and safety protocols.

A matter as simple as requiring a corporate officer's approval or two signatures for transactions that exceed a prescribed amount could be a critical internal control element that if ignored seriously weakens an institution's AML/CFT program and attracts unwanted attention from supervisory authorities.

6

ASSESSING THE DYNAMIC RISK OF CUSTOMERS - What are some factors an institutions should consider when assessing the dynamic risk of its customers?

As every financial institution develops transaction history with customers, it should consider modifying the risk rating of the customer, based on:
1. Unusual activity, such as alerts, cases and suspicious transaction report (STR) filings.
2. Receipt of law enforcement inquiries, such as subpoenas.
3. Transactions that violate economic sanctions programs.
4. Other considerations, such as significant volumes of activity where it would not be expected, such as a domestic charity engaging in large international transactions or businesses engaged in large volumes of cash where this would not normally be expected.

7

DESIGNATION AND RESPONSIBILITIES OF A COMPLIANCE OFFICER -- DELEGATION OF AML DUTIES - What controls should a Compliance Officer consider over an AML duty that has been delegated?

The compliance function may establish risk-based quality assurance reviews and monitoring and testing activities to ensure the functions are being performed appropriately. This may include a review of the CDD collected to ensure completeness, monitoring reports of CDD completeness or defects to ensure the systems are working as expected, and performing testing to assess whether the monitoring and the business performance are satisfactorily measuring and ensuring compliance.

8

KNOW YOUR CUSTOMER/CDD - According to FATF, when should an institution conduct CDD?

FATF recommends that financial institutions should be required to undertake CDD measures when:
1. Establishing business relationships.
2. Carrying out occasional transactions under certain circumstances.
3. There is a suspicion of money laundering or terrorist financing.
4. The financial institution has doubts about the veracity or adequacy of previously obtained customer identification data.

9

AML/CFT TRAINING -- HOW TO TRAIN - Why is it important to have a test at the end of a training session?

Tests should be considered as a means to evaluate how well the training is understood with a mandatory passing score.

10

DESIGNATION AND RESPONSIBILITIES OF A COMPLIANCE OFFICER -- COMMUNICATION - Why is it critical that the Compliance Officer have good communication skills?

The compliance officer must also have the means to communicate at all levels of the organization -- from front-line associates all the way up to the CEO and Board of Directors. It is critical for a compliance officer to be capable of articulating matters of importance to senior and executive management, particularly significant changes that may present risk to the organization, such as a sudden or substantial increase in STRs or currency transaction reports (CTRs).

Other items of concern that need to be escalated to management may include changes to laws or regulations that may require immediate action. A compliance officer must have the skills necessary to be able to analyze and interpret these ongoing changes, determine what effect they may have on the institution, and suggest an action plan when appropriate.

11

ECONOMIC SANCTIONS -- US - What is the Office of Foreign Assets Control's (OFAC) list of sanctions persons known as?

The Specially Designated Nationals and Blocked Persons (SDN) list.

12

CONSOLIDATED CDD - How should a global financial institution address the performance of CDD across its various operations?

Financial institutions should aim to apply their customer acceptance policy, procedures for customer identification, process for monitoring higher risk accounts and risk management framework on a global basis to all of their offices, branches and subsidiaries. The firm should clearly communicate these policies and procedures through ongoing training and regular communications, as well as conduct monitoring and testing to ensure compliance with the policies and procedures.

13

EDD - According to FATF, when should an institution conduct enhanced due diligence on a customer?

FATF indicates that when there are circumstances where the risk of money laundering or terrorist financing is higher, enhanced CDD measures should be taken.

14

AML/CFT TRAINING -- WHEN TO TRAIN - When should an institution conduct training?

An institution's training should be ongoing and on a regular schedule. Existing employees should at least attend an annual training session. New employees should receive appropriate training with respect to their job function and within a reasonable period after joining or transferring to a new job. Situations may arise that demand an immediate session.

For example, an emergency training session may be necessary right after an examination or audit that uncovers serious money laundering control deficiencies. A news story that names the laundering control deficiencies. A news story that names the institution or recent regulatory action, such as a Consent Order, might also prompt quick response training. Changes in software, systems, procedures or regulations are additional triggers for training sessions.

15

AML/CFT TRAINING -- WHO TO TRAIN - What are some of the target audiences for training?

1. Customer-facing staff
2. Operations personnel
3. AML/CFT compliance staff
4. Senior management and board of directors
5. Independent testing staff

16

EDD FOR HIGHER RISK CUSTOMERS - What are some examples of enhanced due diligence for higher-risk customers?

A financial institution should consider obtaining additional information from high-risk customers such as:
1. Source of funds and wealth
2. Identifying information on individuals with control over the account, such as signatories or guarantors
3. Occupation or type of business
4. Financial statements
5. Banking references
6. Domicile
7. Proximity of the customer's residence, place of employment, or place of business to the bank
8. Description of the customer's primary trade area and whether international sanctions are expected to be routine
9. Description of the business operations, the anticipated volume of currency and total sales, and a list of major customers and suppliers
10. Explanations for changes in account activity

17

SANCTIONS LIST SCREENING - When should institutions conduct economic sanctions screening?

Before a financial institution starts doing business with a new customer or engaging in certain transactions (e.g.international wire payments), it should review the various country sanction program requirements as well as published lists of known or suspected terrorists, narcotics, traffickers, and other criminal actors for potential matches.

18

ECONOMIC SANCTIONS - What are the three primary categories of economic sanctions?

Sanctions can generally fall into one of the following categories:
1. Targeted Sanctions - aimed at specifically named individuals, such as key leaders in a country or territory, named terrorists, significant narcotics traffickers and proliferators of weapons of mass destruction. These sanctions often include the freezing of assets and travel bans where possible.
2. Sectoral Sanctions - aimed at key sectors of an economy to prohibit a very specific subset of financial dealings within those sectors to impede future growth.
3. Comprehensive Sanctions - generally prohibit all direct or indirect import/export, trade brokering, financing or facilitating against most goods, technology and services. These are often aimed at regimes responsible for gross human rights violations, and nuclear proliferation.

19

ACCOUNT OPENING, CUSTOMER IDENTIFICATION, and VERIFICATION - According to FATF, when should the identity of a customer be verified?

A bank should not establish a banking relationship, or carry out any transactions, until the identity of the customer has been satisfactorily established and verified in accordance with FATF Recommendation 10/

20

POLITICALLY EXPOSED PERSONS SCREENING - What are some of the limitations on screening customers against lists of Politically Exposed Persons (PEPs)?

The information contained in them -- and the ability to positively match your customer with a PEP on a database -- can be a challenge. These lists do not always provide all relevant information related to PEPs that would assist in identifying them. For instance, there is no unique identifier, such as a date of birth or address.

21

THE ELEMENTS OF AN AML PROGRAM -- AUDIT - Describe how the independent audit should review Suspicious Transaction Reporting (STR) systems

The independent audit should review Suspicious Transactions Reporting (STR) systems, which should include an evaluation of the research and referral of unusual transactions. Testing should include a review of policies, procedures and processes for referring unusual or suspicious activity from all business lines (e.g., legal, private banking, foreign correspondent banking) to the personnel or department responsible for evaluating unusual activity.

22

THE ELEMENTS OF AN AML PROGRAM -- TRAINING - What are some of the characteristics of a successful AML compliance training program?

Regulations and laws require financial institutions to have formal, written AML compliance programs that include "training for appropriate personnel." A successful training program not only should meet the standards set out in the laws and regulations that apply to an institution, but should also satisfy internal policies and procedures and should mitigate the risk of getting caught up in a money laundering scandal. Training is one of the most important ways to stress the importance of AML efforts, as well as educating employees about what to do if they encounter potential money laundering.

23

THE ELEMENTS OF AN AML PROGRAM -- CONTROLS - What are the basic elements of a financial institution's AML program?

1. A system of internal policies, procedures and controls.
2. A designated compliance officer with day-to-day oversight over the AML program.
3. An ongoing employee training program.
4. An independent audit function to test the AML program.

24

THE ELEMENTS OF AN AML PROGRAM -- TRAINING - Identify the basic elements behind the development of an effective AML compliance training program.

1. Who to train
2. What to train on
3. How to train
4. When to train
5. Where to train

25

ASSESSING RISK AND DEVELOPING A RISK-SCORING MODEL - Why is the risk-based approach more preferable than a prescriptive approach in the area of anti-money laundering and counter-terrorist financing?

1. Flexible - as money laundering and terrorist financing risks vary across jurisdictions, customers, products and delivery channels, and over time.
2. Effective - as companies are better equipped than legislators to effectively assess and mitigate the particular money laundering and terrorist financing risks they face.
3. Proportionate - because a risk-based approach promotes a common sense and intelligent approach to fighting money laundering and terrorist financing as opposed to a "check the box" approach. It also allows firms to minimize the adverse impact of AML procedures on their low-risk customers.

26

THE ELEMENTS OF AN AML PROGRAM -- COMPLIANCE OFFICER - Identify the responsibilities of the AML compliance officer.

A person should be designated as the AMLCO. This individual should be responsible for designing and implementing the program, making necessary changes and disseminating information about the program's successes and failures to key staff members, constructing the AML-related content for staff training programs and staying current on legal and statutory developments in the field.

27

WHAT RISKS DO YOUR CUSTOMERS POSE - What types of customers might be considered high-risk for money laundering?

1. Casinos
2. Offshore corporations and banks locating in tax/banking havens
3. MSBs, including currency exchange houses, money remitters, check cashers
4. Car, boat and plane dealerships
5. Used-car and truck-dealers and machine parts manufacturers
6. Travel agencies
7. Brokers/dealers in securities
8. Jewel, gem and precious metals dealers
9. Import/export companies
10. Cash-incentive businesses (restaurants, retail stores, parking)

28

WHAT RISKS DO YOUR PRODUCTS OR SERVICES POSE - What banking functions or products are considered high-risk?

1. Private banking
2. Offshore international activity
3. Deposit-taking facilities
4. Wire transfer and cash-management functions
5. Transactions in which the primary beneficiary is undisclosed
6. Loan guarantee schemes
7. Traveler's checks
8. Official bank checks
9. Money orders
10. Foreign exchange transactions
11. Trade-financing transactions with unusual pricing features
12. Payable Through Accounts (PTAs)

29

SUSPICIOUS OR UNUSUAL TRANSACTION MONITORING AND REPORTING - Identify several types of internal reports financial institutions may use to discover money laundering and terrorist financing.

1. Daily cash activity in excess of the country's reporting threshold
2. Daily cash activity just below the country's reporting threshold (to identify possible structuring)
3. Cash activity aggregated over a period of time (e.g., individual transactions over a certain amount, or totaling more than a certain amount over a 30-day period) to identify possible structuring
4. Wire transfer reports/logs (with filters using amount and geographical factors)
5. Monetary instruments logs/reports
6. Check kiting/drawing on uncollected funds (significant debit/credit flows)
7. Significant change reports
8. New account activity reports

30

COMPLIANCE CULTURE AND SENIOR MANAGEMENT'S ROLE - Where does the ultimate responsibility for the AML compliance program rest with?

The ultimate responsibility for the AML compliance program rests with the board of directors. Members must set the tone from the top by openly voicing their commitment to the program, ensuring that their commitment flows through all service areas and lines of business, and holding responsible parties accountable for compliance.