NEWBRAND - ACAMS CAMS6 VC - 5 - Slides For Student Use v5.1 23JUN2020

CAMS Virtual Classroom
Series
Session 5
AML/CFT Compliance Program
ACAMS CAMS6 VC - 5 - Student PDF v5.1
What we will cover today
Introduction:
1. Assessing risk and developing a risk

Introduction
scoring model
2. Pillars of an AML/CFT Program
3. Culture of Compliance
AML/CFT 4. CDD, CIP, KYE
Program Agenda
5. Monitoring and Red Flags
Practice Questions and Q&A
Wrap Up
© 2020 ACAMS. All Rights Reserved. 2
1
AML RBA FATF
Anti-Money Laundering Risk-Based Approach Financial Action Task Force
CDD/EDD
Customer Due Acronyms used STR
Diligence/Enhanced Due in this course Suspicious Transaction Report
Diligence
CIP
KYC KYE
Customer Identification
Know Your Customer Know Your Employee
Program
Introduction:

Introduction
scoring model
Program Agenda
Wrap Up
2
Assessing Risk and Developing a Risk Scoring Model
o Risk-based AML controls are key and required in many countries
o Increases the chances of avoiding criminals and government sanctions and penalties
Risk-Based Approach – RBA
A risk-based approach requires institutions to have systems and controls that are commensurate with the
specific risks of money laundering and terrorist financing. Assessing these risks is, therefore, one of the
most important steps in creating a good AML/CFT compliance program.
Levels of Risk
Company will not tolerate any dealings of any kind.
Examples:
Prohibited Prohibited transactions: Involving countries subject to sanctions
Prohibited customers: shell banks.
The risks are significant, but not necessarily prohibited. To mitigate the heightened risk, the
firm should apply more stringent controls.
High Risk Examples:
PEPs, correspondent banking, private banking
Medium risks are more than a low- or standard-risk of money laundering, and merit
additional scrutiny, but do not rise to the level of high-risk.
Medium Risk Examples:
Local company exporting some goods to Canada
Baseline risk of money laundering; normal business rules apply. FATF member countries and
domestic retail customers are frequently, but not always, considered to be standard- or
Low Risk low-risk.
Examples:
School teacher
3
Risk Types/Factors
Geographical
Customer Products/Services
Summary: Risk Factors
1
Sanctions, countries lacking adequate AML/CFT controls,
GEOGRAPHICAL terrorist funding countries, corruption, etc.
Casinos, offshore corporations, banks located in tax havens,
2
leather good stores, currency exchange houses, money
CUSTOMER remitters, check cashers, car/boat/plane dealers, travel
agencies, gem dealers, import/export, cash intensive businesses,
etc.
3
Private banking, offshore international activity, deposit-taking
facilities, wire transfer and cash management functions,
PRODUCT/SERVICE
transactions in which beneficiary is undisclosed, travellers checks,
money orders, etc.
4
FATF: CDD and Risk-Based Approach
USA PATRIOT Act Section 326:
CDD measures:
1. Identifying customer and verifying identity
2. Identifying beneficial owner, and verifying identity
3. Obtaining information on business relationship
4. Conducting ongoing due diligence on business relationship and scrutiny of transactions
The Financial Institution should determine the extent of such measures on a risk sensitive basis depending
on the type of customer, business relationship or transaction.
Risk Assessment Links to the AML Management Program

Risk Assessment Link to the AML Risk Management Programme
Risk Assessment Internal Controls
Identify & Measure Risk: Develop Applicable:

• Products • Policies
• Services • Procedures
• Customers • Systems
• Geographic locations • Controls
Source: Basel Committee on

Banking Supervision Working
Group on Cross Border Banking
Risk-Based Compliance Programme:
• Internal controls
Audit
• Audit programme
Previews the risk
assessment and • Compliance
adequacy of internal • Training
controls. Also reviews the
controls’ effectiveness
through a risk-based
audit programme
5
Introduction:
Introduction
scoring model
Program Agenda
Wrap Up
Four Pillars of AML/CFT Compliance Program

Policies and
Procedures
Internal Controls
Compliance
Officer
Training
Independent
Audit/Review
6
Policies and Procedures
o Must be in writing
o Endorsement of management
o Overview of laws and regulations
o What constitutes suspicious activity and how to deal with it
o Procedures when reporting suspicious activity
o How to deal with regulatory or law enforcement requests
While policies and procedures provide important guidance, the AML/CFT Program also relies on a variety
of internal controls, including management reports, and other built-in safeguards that keep the program
working.
Should include:
o Identify high risk operations
o Make sure board or committee of the board/senior management is informed of compliance

initiatives, corrective actions, suspicious activity
o Assign clear accountability to persons for performance of duties
o Provide for program continuity
o Meet regulatory requirements
o Provide for periodic review
7
o Use a risk-based approach
o Provide sufficient controls and monitoring systems for timely detection of suspicious activity/large
currency transactions
o Provide for dual controls and segregation of duties
o Comply with all record keeping requirements
o Adequate supervision of employees who handle large currency transactions, complete records,
grant exemptions
o Train employees to be aware of their responsibilities
o Implement screening programs to ensure high standards when hiring employees
o Test effectiveness of the program
Designation & Responsibilities of a Compliance Officer

o Qualifications
o Responsibilities
o Communication
Should be responsible for designing and implementing
o Organization the program, making necessary changes and
disseminating the information about the program’s
o Delegation of Duties success and failures to key staff members, constructing
AML/CFT related content for staff training programs
and staying current on legal and regulatory
developments in the field.
8
Role of Compliance
The role of compliance should be to take the lead in identifying and managing the significant regulatory
and reputational risks to which the business is exposed
1. Designing and supporting a regulatory risk framework for the business
2. Supporting and challenging business line management on the completeness and accuracy of
compliance risk management activities
3. Advice to business units on regulatory obligations/expectations and the creation and implementation
of compliance policies
4. Monitoring and reporting
Role of Compliance
Key Questions to Consider
Do you have a formally stated, clearly articulated vision/role for compliance?
Has the board approved the strategy for compliance to meet its objectives and does it have an
adequate budget?
Does the business have clear mechanisms for measuring the performance of compliance versus
strategy?
Is there a clear allocation of responsibilities between the first line and compliance. Is this
understood? Does it work?
9
AML/CFT Training
o Why?
o Who?
Document all training, even informal training at staff meetings, etc.
o What?
Ensure training is appropriate for target audience.
o Where?
Provide training for the AML/CFT officer and staff conducting independent
o When? audit and testing.
Train senior management and board of directors on AML/CFT risks to the

institution.
Maintain detailed records of attendance and publish metrics.
AML/CFT Training
o AML/CFT compliance programs are not static
o Policies and procedures and internal controls need to evolve
o Systems and procedures need to be tested, tuned and refined
o Risk assessments need to be reevaluated
o Senior management needs to be knowledgeable about the changes to the AML/CFT Program and
approve them periodically
o Audit and regulatory findings should be tracked and reported to senior management
10
Independent Review
o Are proper records being maintained?
o Are SARs/STRs properly filled out and filed in a timely fashion?
o Is proper identification being requested from customers and verified?
o Are “high risk” accounts being reviewed regularly?
o Is the program being followed?
o Do all employees understand the program?
o Are the proper procedures in place?
o Are employees of the institution using the procedures as required?
o Are customers subjected to sanctions screening?
o What processes are used for transaction monitoring?
o Are employees being trained adequately?
Homework Exercise: AML Compliance Program
Submit your answers via the poll questions on the right.
11
Introduction:
Introduction
scoring model
Program Agenda
Wrap Up
Compliance Culture
o Embedding a compliance culture into the overall institutional culture is key to an effective AML/CFT
program
Strong Culture of Compliance – Setting the Tone at the Top
Guides and reinforces employees as they make decisions and choices each day. Raising awareness, to
the point where everyone in the organization feels compelled to deter and detect money laundering, is
vital.
12
FinCEN: Culture of Compliance
FinCEN, the US FIU, issued an advisory on how
financial institutions can ensure they maintain a
culture of compliance:
1. Leadership actively supports compliance
2. Mitigation of AML/CFT risk is not compromised

by revenue interests
3. Internal information sharing
4. Adequate resources for the AML/CFT program
5. Independent testing by competent party
6. Understand how STR reporting is used
Board Responsibility
Ultimate responsibility for the AML/CFT program rests with the board of directors
Reviewing and approving the overall AML/CFT program and ensuring that there is on-going oversight.
Make sure the program is adequately implemented and maintained by staff.
Responsibility
Does not mean that board members are expected to become AML/CFT experts themselves, or that they
are responsible for day-to-day program management.
13
Board Responsibility - During Audit/Exam
The board’s oversight role also extends to the supervisor’s examination process:
o Examiners/auditors interview board and management to gauge the board’s commitment to

compliance, its understanding of the law, and knowledge of how the institution operates
o Ensure that any necessary corrective action is taken in respect of deficiencies found during the audit
process. Specific duties can be delegated, but the board will be responsible if problems, cited by the
examiner or the auditor, are not corrected
Board of Directors - Showing Commitment
o Establishing a strong compliance plan that is approved by the board of directors and is fully
implemented
o Insisting that it be kept informed of compliance efforts, audit reports and any compliance failures,
with corrective measures instituted
o Communicating compliance expectations to the institution personnel
o Employment is conditional on regulatory compliance
14
Independence of AML/CFT Compliance Team
o Compliance staff should generally also be sufficiently independent of the line of business they support
so that potential conflicts of interest are minimized.
o No incentive based on the profitability of the line of business they support, to avoid a conflict of
interest.
o Compliance staff may sit within the line of business and report to line management, but it should have
the ability to escalate issues without fear of recrimination to a compliance or risk management
function outside the line of business.
Introduction:

Introduction
scoring model
Program Agenda
Wrap Up
15
Customer Due Diligence
Main Elements:
o Full Identification
o Development of transaction and activity profiles
o Risk assessment
o Acceptance
o Monitoring
o Investigations
o Documentation of findings
Account Opening, Customer Identification and

Verification
A sound CDD program should have reliable customer identification and account opening procedures.
Institutions should adopt account opening procedures that allow them to determine the true identity of
customers.
Institutions should set identification standards tailored to the risk posed by particular customers.
Specific regulations and laws that set out what institutions are required to do regarding customer
identification.
16
Verification
Basel CDD Paper – Account Opening
Each customer should be asked:
o Name
o Address
o Telephone number etc. ALSO: When appropriate, obtain

VERIFY THE information about the source of
o Date and place of birth
INFORMATION wealth, source of funds and the
o Nationality customer’s line of business.
o Occupation
o Personal ID number (tax/passport number)
o Type of accounts and nature of relationship with FI
o Signature

Verification
o Apply equally effective customer identification procedures for non-face-to-face customers as for those available for
interview.
o For corporate entities:
o Name of institution
o Principal place of its business operations, Mailing address.
o Names of primary contact people or those authorized to use the account, Contact people’s telephone and
fax numbers
o Some form of official identification number, if available (e.g., tax identification number)
o The original or certified copy of the Certificate of Incorporation, etc.
o Board of Directors resolution to open an account and identification of those who have authority to operate the
account, including beneficial owners
o Nature and purpose of business, and its legitimacy
17
Customer Identification Program
o Identifying information
o Complying with recordkeeping requirements
o Checking new accounts against prescribed government lists, if applicable
o Providing adequate notice about customer identification requirements
o Covering the institution’s reliance on other financial institutions or third parties, if applicable.
o Determining whether and when suspicious transaction reports should be filed
o Conducting a risk analysis of customers
o Opening new accounts for existing customers
o Obtaining the approval of the board of directors, either separately or as part of AML/CFT program
o Conducting audit and training programs to ensure that the CIP is adequately incorporated
o Verifying that all new accounts are checked against government lists
Consolidated Customer Due Diligence
o According to the Basel Committee, a global risk management program for CDD should incorporate
consistent identification and monitoring of customer accounts globally across business lines and
geographical locations, as well as oversight at the parent level
o Appliance of customer acceptance policy, procedures for customer identification, process for
monitoring and risk management framework on a global basis
o CLASH? Where the minimum CDD standards of the home and host countries differ, offices in host
jurisdictions should apply the higher standard of the two. Where this appears not to be possible, the
institution should confer with its home office and attorneys
18
List Screening
o Sanctions
o Determine customer does not appear on designated lists provided by a government or

international body
o PEPS
o Determine whether customer may currently or previously maintained a government position that
meets a statutory or organizational PEP definition
o Negative Media
o Determine whether customer appears in media publications in negative manner, that a financial
institution may consider risk relevant
Know Your Employee (KYE) Program
o Having equal programs for know your customer and for know your employee are essential.
o A criminally co-opted bank employee might facilitate money laundering (insider abuse/”enemy within”)
o Goal: Allows firm to understand an employee’s background, conflicts of interest and susceptibility to money
laundering complicity.
o Background screening - a minimum, reveals information on a job applicant’s criminal convictions. When
applying for a job and on an ongoing basis.
o Policies, procedures, internal controls
o Code of conduct/ethics
o Levels of authority
o Compliance with personnel laws and regulations
o Accountability,
o Monitoring,
o Dual controls
19
Homework Exercise: Case Scenarios
Submit your answers via the poll questions on the right.
Introduction:
Introduction 1. Assessing risk and developing a risk
scoring model
AML/CFT
4. CDD, CIP, KYE
Program Agenda
Wrap Up
20
Monitoring of Suspicious or Unusual Transactions
o No hard and fast rules as to what constitutes suspicious activity.
o Watch for activity that is not consistent with a customer’s source of income or regular business.
Reports to Discover Possible Money Laundering
o Daily cash activity in excess of the country’s reporting threshold
o Daily cash activity just below the country’s reporting threshold (to identify possible structuring)
o Cash activity aggregated over a period of time (e.g., individual transactions over a certain amount,
or totaling more than a certain amount over a 30-day period) to identify possible structuring
o Wire transfer reports/logs (with filters using amount and geographical factors)
o Monetary instrument logs/reports
o Significant change reports
o New account activity reports
o Check kiting/drawing on uncollected funds (significant debit/credit flows)
21
Check Kiting
o Very common form of check fraud
o Occurs when a person takes advantage of the “float time,” or the time it takes one institution to
collect payment from another. Basically, a person who was two or more accounts writes checks
between the accounts knowing that there are insufficient funds to cover those transactions
Mr. A Step 2: Mr. A goes to Bank B and says he

Fraudster/Account holder wants to deposit the check into account B….
Account 1 give me $400 in cash now.
Bank A Step 3: Bank B

Bank B
Account 1 finds out that
Step 1: Mr. A writes check on Account 2
Account Balance = $5 check bounced
account 1 at Bank A for $500 Account Balance $5
Suspicious Activity Reporting Process
Identification and Procedures to identify potential suspicious transactions or activity, and a formal
evaluation evaluation of each instance, and continuation, of unusual transactions or activity.
Documentation of the suspicious transaction reporting decision, whether or not

Documentation
filed with the authorities.
Procedures to periodically notify senior management or the board of directors of

Notification
suspicious transaction filings.
Training Employee training on detecting suspicious transactions or activity.
22
Red Flags
o Suspicious customer behavior o Suspicious employee activity

o Suspicious customer identification circumstances o Suspicious activity in money remitter, insurance,
o Suspicious cash transactions Broker Dealer
o Suspicious non-cash deposits o Black Market Peso Exchange

o Suspicious wire transfer transactions
o Suspicious safe deposit box activity
o Suspicious activity in credit transactions
o Suspicious commercial account activity
o Suspicious trade financing transactions
o Suspicious investment activity
Automated AML/CFT Systems
o Various capabilities and systems:
o Customer verification
o Fraud detection and prevention
o Watchlist filtering and screening
o Transaction monitoring
o Automated regulatory reporting
o Public domain information screening
o Case management
o Need to determine:
o Appropriateness for financial institution
o Rules/functionality are risk-based
23
Introduction:
Introduction
scoring model
Program Agenda
Wrap Up
CAMS Virtual Classroom

Series - Practice
Questions
Session 5
48
24
Question 1
As part of the four-prong compliance program, financial institutions should:
A. Refuse small cash deposits just below the cash reporting threshold
B. Designate an anti-money laundering compliance officer
C. Depend on the government for risk assessments
D. Refuse business relationships with entities from non-compliant jurisdictions
Question 2
Audrey is reviewing her life insurance firm's AML/CFT risk assessment. She noticed that the key criteria that
the firm used to determine the risk are "customer type" and "geography".
Which key factor should be added to complete the risk assessment?
A. Policy holders’ prior banking relationships
B. Policy holders' employment and immigration status
C. Products and services used by the policy holder
D. Amounts involved in the premium payments
25
Question 3
Steven is preparing an AML/CFT training for new employees working in a medium-sized law firm in an EU
member country. Which are the most important aspects to cover during the training?
A. Detection of red flags of money laundering, the importance of AML/CFT efforts and the penalties for
non-compliance under national law
B. Importance of Wolfsberg membership, importance of spreading the AML/CFT message worldwide,

and penalties for non-compliance under EU Directive
C. Detection of red flags of money laundering, EU consumer protection issues in case of filing a
suspicious transaction report, notifications to customers after filing a large cash transaction report
D. Importance of international best practices under the USA PATRIOT Act, OFAC compliance and
escalation of issues to the EU Commission
Question 4
What is “safe harbor” in the context of STR filing?
A. To file a STR even though you could not determine for sure that the customer was involved in any
suspicious activity
B. To file a STR without tipping off or notifying the customer subject of the report
C. Legal protection from liability for disclosing sensitive customer information when filing an STR
D. Documenting in writing the reasons for not filing an STR
26
Question 5
What are “split deposits”? A series of deposits
A. In which the customer splits a sum of money and makes deposits into two or more accounts that
add up to the original amount
B. Where the customer exchanges large bills for small bills and then deposits the smaller bills just under
the local reporting threshold
C. That are made by both an employee and the account holder into a customers account
D. In which the customer deposits in the ATM just before and after closing time to avoid unusual time
stamps
Question 6
During a recent board of directors meeting of Bank X, an external director inquired with the Bank’s
compliance officer on ways for the Bank to demonstrate a culture of compliance. Which of the following
is an example the compliance officer can provide to the director?
A. Board approval of the Bank’s AML/CFT procedures
B. Utilize a team of business line compliance officers to test the Bank’s AML/CFT program
C. The last annual Audit report on the effectiveness of the AML/CFT program
D. Pilot a new product externally to support an underperforming business line
27
Question 7
What are the three lines of defense?
A. Training, compliance officer, and independent review
B. Internal controls, know your customer, and transaction monitoring
C. Know your customer, STR filing, and independent review
D. Line of business, AML compliance, and audit
Question 8
Which of the following customers are considered by many supervisory authorities to maintain an inherent
higher risk of money laundering?
A. Casinos, embassies, and accountants
B. Accountants, private transportation services, and precious metal dealers
C. Precious metal dealers, embassies, and regional airports
D. Casinos, embassies, and online concierge services
28
Question 9
What risk factors should be considered when a global financial institution performs an AML/CFT risk
assessment?
A. Geographic, product, and foreign exchange
B. Product, customer, and geographic
C. Customer, foreign exchange, and geographic
D. Product, geographic, and online
Question 10
XYZ Bank maintains an internal reporting system for customer facing employees to report unusual
activities. A report and its contents do not feed into the transaction monitoring system. A branch
manager filed a report stating a customer counted out $15,000 cash at the teller window, then only
deposited $8,500 cash the same day and returned the following day to deposit $6,500 cash. What
activity may be indicative of money laundering?
A. The internal report does not feed into the transaction monitoring system
B. The teller saw the customer count the money and permitted the customer to make two separate
deposits on consecutive days
C. The customer broke down the cash deposit into two different amounts
D. The transaction monitoring system did not alert on the $15,000 cash
29
Thank you
30

NEWBRAND - ACAMS CAMS6 VC - 5 - Slides For Student Use v5.1 23JUN2020

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NEWBRAND - ACAMS CAMS6 VC - 5 - Slides For Student Use v5.1 23JUN2020

Uploaded by

Copyright:

Available Formats

CAMS Virtual Classroom

What we will cover today

1. Assessing risk and developing a risk

Practice Questions and Q&A

© 2020 ACAMS. All Rights Reserved. 2

© 2020 ACAMS. All Rights Reserved. 3

What we will cover today

1. Assessing risk and developing a risk

Practice Questions and Q&A

© 2020 ACAMS. All Rights Reserved. 4

o Risk-based AML controls are key and required in many countries

Risk-Based Approach – RBA

© 2020 ACAMS. All Rights Reserved. 5

© 2020 ACAMS. All Rights Reserved. 6

© 2020 ACAMS. All Rights Reserved. 7

Summary: Risk Factors

Casinos, offshore corporations, banks located in tax havens,

© 2020 ACAMS. All Rights Reserved. 8

USA PATRIOT Act Section 326:

1. Identifying customer and verifying identity

2. Identifying beneficial owner, and verifying identity

3. Obtaining information on business relationship

4. Conducting ongoing due diligence on business relationship and scrutiny of transactions

© 2020 ACAMS. All Rights Reserved. 9

Risk Assessment Links to the AML Management Program

Risk Assessment Internal Controls

Identify & Measure Risk: Develop Applicable:

Source: Basel Committee on

© 2020 ACAMS. All Rights Reserved. 10

Practice Questions and Q&A

© 2020 ACAMS. All Rights Reserved. 11

Four Pillars of AML/CFT Compliance Program

© 2020 ACAMS. All Rights Reserved. 12

o Overview of laws and regulations

o What constitutes suspicious activity and how to deal with it

o Procedures when reporting suspicious activity

o How to deal with regulatory or law enforcement requests

© 2020 ACAMS. All Rights Reserved. 13

Policies and Procedures

o Identify high risk operations

o Make sure board or committee of the board/senior management is informed of compliance

o Assign clear accountability to persons for performance of duties

o Provide for program continuity

o Meet regulatory requirements

o Provide for periodic review

© 2020 ACAMS. All Rights Reserved. 14

o Use a risk-based approach

o Provide for dual controls and segregation of duties

o Comply with all record keeping requirements

o Train employees to be aware of their responsibilities

o Implement screening programs to ensure high standards when hiring employees

o Test effectiveness of the program

© 2020 ACAMS. All Rights Reserved. 15

Designation & Responsibilities of a Compliance Officer

© 2020 ACAMS. All Rights Reserved. 16

1. Designing and supporting a regulatory risk framework for the business

4. Monitoring and reporting

© 2020 ACAMS. All Rights Reserved. 17

Key Questions to Consider

Do you have a formally stated, clearly articulated vision/role for compliance?

© 2020 ACAMS. All Rights Reserved. 18

Train senior management and board of directors on AML/CFT risks to the

Maintain detailed records of attendance and publish metrics.