Risk Management in Action

SESSION

PRACTICAL APPLICATION OF A

Risk Based Approach

Bob Upton
International AML/CFT Consultant

Kiev Adriana Consultancy Consortium

May 2016
 Session Objectives

 Provide a Practical Overview

 Describe How to Conduct a Risk Assessment

 Highlight Key Risk Factors

 Summarise Best Practice Points

Kiev, May 2016 - Adriana Consultancy Consortium

 Context

 Established Concept

 Evolutionary Approach

 Essential Compliance Risk Management

 Previous and Present FATF Standard

 Perceived as Challenging to Implement

Kiev, May 2016 - Adriana Consultancy Consortium

 Approach (1) Context

National Risk Assessment

Sectoral Risk Assessment

Firm Specific Risk Assessment

Kiev, May 2016 - Adriana Consultancy Consortium

 Approach (2)

Step 1: Undertake Risk Analysis

Step 2: Assess Product Vulnerabilities

Step 3: Highlight Country Risk Exposure
Step 4: Identify Customer Risks

Step 5: Utilise Results

Step 6: Refine and Test

Kiev, May 2016 - Adriana Consultancy Consortium
 Risk Analysis / Threat Assessment (1)

 Understand Threats and Vulnerabilities

Group / Home / Host Country Level

 Document, Describe and Assess:

 Your Bank’s Profile

 It’s Vulnerability to Exploitation
 Systems and Controls in Place
 Standards of Compliance
 Level of Effectiveness
 Gaps/Weaknesses in Control Environment
Kiev, May 2016 - Adriana Consultancy Consortium
 Risk Analysis / Threat Assessment (2)

 Bank’s Strategy and Market Position

 Nature, Scope and Volume of Activities
 Products and Services
 Customer Base
 Geography of Customers and Transaction Levels
 Relevant Statistical Data
 Description of Key Controls – Results of Reviews
 Compliance Resources
 Contact with Supervisor / FIU

Kiev, May 2016 - Adriana Consultancy Consortium

 Scope

 Staff Training and Awareness

 Customer Due Diligence

 Internal Controls and Audit Programme

 Alignment of Transaction Monitoring Systems

Kiev, May 2016 - Adriana Consultancy Consortium

 Product Vulnerabilities (1)

Influencing Factors:
 Type of Product and Facilities Provided
 Product Features
 Distribution Method
 Customer Base
 Own Experience

 Mandatory /STR Volumes

 Fraud Attacks
 Credible External Sources
 Emerging Trends

Kiev, May 2016 - Adriana Consultancy Consortium

 Product Vulnerabilities (2)

Risk Classification
Low Medium / Standard High

Loans Current Accounts Trust Accounts

Mortgages Business Banking Bearer Shares
Insurance Corporate Banking Wealth Management
Child Savings Plans Credit Cards Private Banking
Accounts for Public Bodies

 Rationale for Classification

 Consistent Approach – Group Standard
 Review
 New Products should be Risk Classified
Kiev, May 2016 - Adriana Consultancy Consortium
 Country Risk Factors

 UN, EU or Local Financial Sanctions plus others

 US PATRIOT Act
 Corruption (TI Index), Drug Source / Transiting Countries
 Certain Off-Shore Jurisdictions
 Countries:
 FATF Public Statement (19.02.16)
 Failing / Weak States – Brooking Institute Index
 FATF/MONEYVAL Mutual Evaluation Reports
 Countries Providing Support for Terrorist Activities
 High Volume of Non-Bank International Remittances
 Cash Intensive Economies
 Local Knowledge via Branches / Subsidiaries etc
 Others

Kiev, May 2016 - Adriana Consultancy Consortium

 Country Risk Classification

Risk Classification
Low Medium High

Denmark Greece Afghanistan

New Zealand China Cayman Islands
Sweden Hungary Somalia
France UAE Yemen
Germany

 Rationale for Classification

 Consistent Approach – Group Standard
 Review
 Impact of Neighbouring Jurisdictions

Kiev, May 2016 - Adriana Consultancy Consortium

 Customer Risk (1) – Higher Risk Relationships

Enhanced Due Diligence

 Higher Risk Relationships (R10)

 Business Relationships with PEPs (R12)

 Higher Risk Countries (R19)

 Additional Measures:
 Correspondent Banking
 MVTS
 New Technologies
 Wire Transfers
Kiev, May 2016 - Adriana Consultancy Consortium
 Customer Risk (2) - Classifications

Occupation / Profession / Type of Business

Source of Funds /Wealth
Nationality / Country of Residence – Incorporation / Tax Domicile
Business Segment – Private Banking / NPO
Legal Form – Corporation / Trust
PEP Status
Account Activity – Transactions with Other Countries
Duration of Existing Relationship
Other Factors
 Rating can be Allocated to Each Element
 Should Reflect True Risk
 No Universal Standard Approach
Kiev, May 2016 - Adriana Consultancy Consortium
 Customer Risk (3) - Classifications

Key: L = Low M = Medium H = High

Information Customer A Customer B
Occupation Teacher – L Unclear – H
Employment Local School – L Self Employed – L
Income Source Salary – L Trading Activities – L
Nationality / Residence Ukrainian - L Turkey – H
Business Segment Personal – L Business – L
Legal Form Natural Person – L Natural Person – L
Account Activity Low Volume – L High Volume / High Value H
Overseas Transfers Low Level – L High Volume / Mexico – H
Existing Customer 10 Years - L 1 Year – H
Other Factors None – L Evasive – H
Overall Rating Low Risk High Risk

Kiev, May 2016 - Adriana Consultancy Consortium

 Customer Risk (4) - Classifications

Simplified Version
Identify Higher Risk Relationship EDD

Identify Very Low Risk Relationships SDD

Balance will be Standard Risk CDD

 Marginal Situations will Arise

 Apply FATF and Local Criteria – Group Standard
 Best Fit Approach to be Adopted

Kiev, May 2016 - Adriana Consultancy Consortium

 Customer (5) - Unacceptable

 Subject to UN and Other Sanctions

 Anonymous Accounts
 Fictitious Names
 Identity Cannot be Verified
 Involved in Financial Crime
 Shell Banks
 Unlicensed or Unregulated Banks
 Money Service Businesses?
 Home Country Requirements*
 Others – Risk Appetite
* Branches / Subsidiaries of Foreign Banks
Kiev, May 2016 - Adriana Consultancy Consortium
 Deployment (1)

Risk Analysis Internal Policies & Procedures

Systems & Controls
Resources
Audit and Internal Monitoring
Staff Awareness

Product Risk Analysis Internal Procedures (CDD/EDD)

Focused Staff Training
Transaction Monitoring

Kiev, May 2016 - Adriana Consultancy Consortium

 Deployment (2)

Country Risk Alignment of Transaction -

Monitoring
Correspondent Banking

Customer Risk Nature & Extent of CDD/EDD

Frequency of Ongoing CDD
Focus & Extent of Transaction –
Monitoring
Decision to Open – Decline -
or Close Relationship
Kiev, May 2016 - Adriana Consultancy Consortium
 Best Practice Points

 Understand Threats and Vulnerabilities

 Adopt Consistent Approach to Risk Assessment
 Engage Senior Management – Manage Expectations
 Critically Review Internal Policies
 Revise and Refine Processes and Controls
 Ensure Changes are Correctly Focused and Effective
 Document Approach and Criteria. Is it Credible?
 Monitor to Ensure they Remain Effective
 Review in Light of Evolving Threats and Experience

Kiev, May 2016 - Adriana Consultancy Consortium