Professional Documents
Culture Documents
Series
Session 5
AML/CFT Compliance Program
ACAMS CAMS6 VC - 5 - Student PDF v5.1
Introduction:
3. Culture of Compliance
AML/CFT 4. CDD, CIP, KYE
Program Agenda
5. Monitoring and Red Flags
Wrap Up
1
AML RBA FATF
Anti-Money Laundering Risk-Based Approach Financial Action Task Force
CDD/EDD
Customer Due Acronyms used STR
Diligence/Enhanced Due in this course Suspicious Transaction Report
Diligence
CIP
KYC KYE
Customer Identification
Know Your Customer Know Your Employee
Program
Introduction:
3. Culture of Compliance
AML/CFT 4. CDD, CIP, KYE
Program Agenda
5. Monitoring and Red Flags
Wrap Up
2
Assessing Risk and Developing a Risk Scoring Model
o Increases the chances of avoiding criminals and government sanctions and penalties
A risk-based approach requires institutions to have systems and controls that are commensurate with the
specific risks of money laundering and terrorist financing. Assessing these risks is, therefore, one of the
most important steps in creating a good AML/CFT compliance program.
Levels of Risk
Company will not tolerate any dealings of any kind.
Examples:
Prohibited Prohibited transactions: Involving countries subject to sanctions
Prohibited customers: shell banks.
The risks are significant, but not necessarily prohibited. To mitigate the heightened risk, the
firm should apply more stringent controls.
High Risk Examples:
PEPs, correspondent banking, private banking
Medium risks are more than a low- or standard-risk of money laundering, and merit
additional scrutiny, but do not rise to the level of high-risk.
Medium Risk Examples:
Local company exporting some goods to Canada
Baseline risk of money laundering; normal business rules apply. FATF member countries and
domestic retail customers are frequently, but not always, considered to be standard- or
Low Risk low-risk.
Examples:
School teacher
3
Risk Types/Factors
Geographical
Customer Products/Services
1
Sanctions, countries lacking adequate AML/CFT controls,
GEOGRAPHICAL terrorist funding countries, corruption, etc.
2
leather good stores, currency exchange houses, money
CUSTOMER remitters, check cashers, car/boat/plane dealers, travel
agencies, gem dealers, import/export, cash intensive businesses,
etc.
3
Private banking, offshore international activity, deposit-taking
facilities, wire transfer and cash management functions,
PRODUCT/SERVICE
transactions in which beneficiary is undisclosed, travellers checks,
money orders, etc.
4
FATF: CDD and Risk-Based Approach
CDD measures:
The Financial Institution should determine the extent of such measures on a risk sensitive basis depending
on the type of customer, business relationship or transaction.
5
What we will cover today
Introduction:
1. Assessing risk and developing a risk
Introduction
scoring model
2. Pillars of an AML/CFT Program
3. Culture of Compliance
AML/CFT 4. CDD, CIP, KYE
Program Agenda
5. Monitoring and Red Flags
Wrap Up
Compliance
Officer
Training
Independent
Audit/Review
6
Policies and Procedures
o Must be in writing
o Endorsement of management
While policies and procedures provide important guidance, the AML/CFT Program also relies on a variety
of internal controls, including management reports, and other built-in safeguards that keep the program
working.
Should include:
7
Policies and Procedures
o Provide sufficient controls and monitoring systems for timely detection of suspicious activity/large
currency transactions
o Adequate supervision of employees who handle large currency transactions, complete records,
grant exemptions
o Responsibilities
o Communication
Should be responsible for designing and implementing
o Organization the program, making necessary changes and
disseminating the information about the program’s
o Delegation of Duties success and failures to key staff members, constructing
AML/CFT related content for staff training programs
and staying current on legal and regulatory
developments in the field.
8
Role of Compliance
The role of compliance should be to take the lead in identifying and managing the significant regulatory
and reputational risks to which the business is exposed
2. Supporting and challenging business line management on the completeness and accuracy of
compliance risk management activities
3. Advice to business units on regulatory obligations/expectations and the creation and implementation
of compliance policies
Role of Compliance
Has the board approved the strategy for compliance to meet its objectives and does it have an
adequate budget?
Does the business have clear mechanisms for measuring the performance of compliance versus
strategy?
Is there a clear allocation of responsibilities between the first line and compliance. Is this
understood? Does it work?
9
AML/CFT Training
o Why?
o Who?
Document all training, even informal training at staff meetings, etc.
o What?
Ensure training is appropriate for target audience.
o Where?
Provide training for the AML/CFT officer and staff conducting independent
o When? audit and testing.
AML/CFT Training
o Senior management needs to be knowledgeable about the changes to the AML/CFT Program and
approve them periodically
o Audit and regulatory findings should be tracked and reported to senior management
10
Independent Review
11
What we will cover today
Introduction:
1. Assessing risk and developing a risk
Introduction
scoring model
2. Pillars of an AML/CFT Program
3. Culture of Compliance
AML/CFT 4. CDD, CIP, KYE
Program Agenda
5. Monitoring and Red Flags
Wrap Up
Compliance Culture
o Embedding a compliance culture into the overall institutional culture is key to an effective AML/CFT
program
Guides and reinforces employees as they make decisions and choices each day. Raising awareness, to
the point where everyone in the organization feels compelled to deter and detect money laundering, is
vital.
12
FinCEN: Culture of Compliance
FinCEN, the US FIU, issued an advisory on how
financial institutions can ensure they maintain a
culture of compliance:
Board Responsibility
Ultimate responsibility for the AML/CFT program rests with the board of directors
Reviewing and approving the overall AML/CFT program and ensuring that there is on-going oversight.
Responsibility
Does not mean that board members are expected to become AML/CFT experts themselves, or that they
are responsible for day-to-day program management.
13
Board Responsibility - During Audit/Exam
The board’s oversight role also extends to the supervisor’s examination process:
o Ensure that any necessary corrective action is taken in respect of deficiencies found during the audit
process. Specific duties can be delegated, but the board will be responsible if problems, cited by the
examiner or the auditor, are not corrected
o Establishing a strong compliance plan that is approved by the board of directors and is fully
implemented
o Insisting that it be kept informed of compliance efforts, audit reports and any compliance failures,
with corrective measures instituted
14
Independence of AML/CFT Compliance Team
o Compliance staff should generally also be sufficiently independent of the line of business they support
so that potential conflicts of interest are minimized.
o No incentive based on the profitability of the line of business they support, to avoid a conflict of
interest.
o Compliance staff may sit within the line of business and report to line management, but it should have
the ability to escalate issues without fear of recrimination to a compliance or risk management
function outside the line of business.
Introduction:
3. Culture of Compliance
AML/CFT 4. CDD, CIP, KYE
Program Agenda
5. Monitoring and Red Flags
Wrap Up
15
Customer Due Diligence
Main Elements:
o Full Identification
o Risk assessment
o Acceptance
o Monitoring
o Investigations
o Documentation of findings
A sound CDD program should have reliable customer identification and account opening procedures.
Institutions should adopt account opening procedures that allow them to determine the true identity of
customers.
Institutions should set identification standards tailored to the risk posed by particular customers.
Specific regulations and laws that set out what institutions are required to do regarding customer
identification.
16
Account Opening, Customer Identification and
Verification
Basel CDD Paper – Account Opening
o Name
o Address
o Signature
o Name of institution
o Names of primary contact people or those authorized to use the account, Contact people’s telephone and
fax numbers
o Some form of official identification number, if available (e.g., tax identification number)
o Board of Directors resolution to open an account and identification of those who have authority to operate the
account, including beneficial owners
17
Customer Identification Program
o Identifying information
o Covering the institution’s reliance on other financial institutions or third parties, if applicable.
o Obtaining the approval of the board of directors, either separately or as part of AML/CFT program
o Conducting audit and training programs to ensure that the CIP is adequately incorporated
o Verifying that all new accounts are checked against government lists
o According to the Basel Committee, a global risk management program for CDD should incorporate
consistent identification and monitoring of customer accounts globally across business lines and
geographical locations, as well as oversight at the parent level
o Appliance of customer acceptance policy, procedures for customer identification, process for
monitoring and risk management framework on a global basis
o CLASH? Where the minimum CDD standards of the home and host countries differ, offices in host
jurisdictions should apply the higher standard of the two. Where this appears not to be possible, the
institution should confer with its home office and attorneys
18
List Screening
o Sanctions
o PEPS
o Determine whether customer may currently or previously maintained a government position that
meets a statutory or organizational PEP definition
o Negative Media
o Determine whether customer appears in media publications in negative manner, that a financial
institution may consider risk relevant
o Having equal programs for know your customer and for know your employee are essential.
o A criminally co-opted bank employee might facilitate money laundering (insider abuse/”enemy within”)
o Goal: Allows firm to understand an employee’s background, conflicts of interest and susceptibility to money
laundering complicity.
o Background screening - a minimum, reveals information on a job applicant’s criminal convictions. When
applying for a job and on an ongoing basis.
o Code of conduct/ethics
o Levels of authority
o Accountability,
o Monitoring,
o Dual controls
19
Homework Exercise: Case Scenarios
Introduction:
Introduction 1. Assessing risk and developing a risk
scoring model
2. Pillars of an AML/CFT Program
3. Culture of Compliance
AML/CFT
4. CDD, CIP, KYE
Program Agenda
5. Monitoring and Red Flags
Wrap Up
20
Monitoring of Suspicious or Unusual Transactions
o Watch for activity that is not consistent with a customer’s source of income or regular business.
o Daily cash activity just below the country’s reporting threshold (to identify possible structuring)
o Cash activity aggregated over a period of time (e.g., individual transactions over a certain amount,
or totaling more than a certain amount over a 30-day period) to identify possible structuring
o Wire transfer reports/logs (with filters using amount and geographical factors)
21
Check Kiting
o Occurs when a person takes advantage of the “float time,” or the time it takes one institution to
collect payment from another. Basically, a person who was two or more accounts writes checks
between the accounts knowing that there are insufficient funds to cover those transactions
Identification and Procedures to identify potential suspicious transactions or activity, and a formal
evaluation evaluation of each instance, and continuation, of unusual transactions or activity.
22
Red Flags
o Customer verification
o Transaction monitoring
o Case management
o Need to determine:
23
What we will cover today
Introduction:
1. Assessing risk and developing a risk
Introduction
scoring model
2. Pillars of an AML/CFT Program
3. Culture of Compliance
AML/CFT 4. CDD, CIP, KYE
Program Agenda
5. Monitoring and Red Flags
Wrap Up
48
24
Question 1
As part of the four-prong compliance program, financial institutions should:
A. Refuse small cash deposits just below the cash reporting threshold
Question 2
Audrey is reviewing her life insurance firm's AML/CFT risk assessment. She noticed that the key criteria that
the firm used to determine the risk are "customer type" and "geography".
25
Question 3
Steven is preparing an AML/CFT training for new employees working in a medium-sized law firm in an EU
member country. Which are the most important aspects to cover during the training?
A. Detection of red flags of money laundering, the importance of AML/CFT efforts and the penalties for
non-compliance under national law
C. Detection of red flags of money laundering, EU consumer protection issues in case of filing a
suspicious transaction report, notifications to customers after filing a large cash transaction report
D. Importance of international best practices under the USA PATRIOT Act, OFAC compliance and
escalation of issues to the EU Commission
Question 4
What is “safe harbor” in the context of STR filing?
A. To file a STR even though you could not determine for sure that the customer was involved in any
suspicious activity
B. To file a STR without tipping off or notifying the customer subject of the report
C. Legal protection from liability for disclosing sensitive customer information when filing an STR
26
Question 5
What are “split deposits”? A series of deposits
A. In which the customer splits a sum of money and makes deposits into two or more accounts that
add up to the original amount
B. Where the customer exchanges large bills for small bills and then deposits the smaller bills just under
the local reporting threshold
C. That are made by both an employee and the account holder into a customers account
D. In which the customer deposits in the ATM just before and after closing time to avoid unusual time
stamps
Question 6
During a recent board of directors meeting of Bank X, an external director inquired with the Bank’s
compliance officer on ways for the Bank to demonstrate a culture of compliance. Which of the following
is an example the compliance officer can provide to the director?
B. Utilize a team of business line compliance officers to test the Bank’s AML/CFT program
C. The last annual Audit report on the effectiveness of the AML/CFT program
27
Question 7
What are the three lines of defense?
Question 8
Which of the following customers are considered by many supervisory authorities to maintain an inherent
higher risk of money laundering?
28
Question 9
What risk factors should be considered when a global financial institution performs an AML/CFT risk
assessment?
Question 10
XYZ Bank maintains an internal reporting system for customer facing employees to report unusual
activities. A report and its contents do not feed into the transaction monitoring system. A branch
manager filed a report stating a customer counted out $15,000 cash at the teller window, then only
deposited $8,500 cash the same day and returned the following day to deposit $6,500 cash. What
activity may be indicative of money laundering?
A. The internal report does not feed into the transaction monitoring system
B. The teller saw the customer count the money and permitted the customer to make two separate
deposits on consecutive days
C. The customer broke down the cash deposit into two different amounts
D. The transaction monitoring system did not alert on the $15,000 cash
29
Thank you
30