Sound Management of Risks Related to Money Laundering and Financing of Terrorism

Sound Management of Risks Related to Money Laundering and Financing of Terrorism

After completing this reading, the candidate should be able to:

  • Explain best practices recommended by the Basel Committee for the assessment, management, mitigation and monitoring of money laundering and financial terrorism (ML/FT) risks.
  • Describe recommended practices for the acceptance, verification and identification of customers at a bank.
  • Explain practices for managing ML/FT risks in a group-wide and cross-border context, and describe the roles and responsibilities of supervisors in managing these risks.
  • Explain policies and procedures a bank should use to manage ML/FT risks in situations where it uses a third party to perform customer due diligence and when engaging in correspondent banking.

In recent years, banks have taken center stage in the management of increasingly destructive criminal activities, particularly money laundering and financial terrorism. Multiple banks have been fined for their failure to identify or report suspicious transactions. The Basel Committee has responded by introducing a raft of supervisory measures aimed at:

  • Preventing and deterring the use of banks to launder illicit proceeds or to raise or move funds in support of terrorism, thereby protecting the reputation of banks and the banking system as a whole
  • Preserving the integrity of the international financial system

Essential Elements of Sound ML/FT Risk management

The Core Principles for Effective Banking Supervision (2012) requires banks to:

“have adequate policies and processes, including strict customer due diligence (CDD) rules to promote high ethical and professional standards in the banking sector and prevent the bank from being used, intentionally or unintentionally, for criminal activities”.

The guidelines are as follows:

Assessment and Understanding of Risks

It is the responsibility of every bank to identify and evaluate money laundering (ML) and Financial terrorism (FT) risks it faces and develop commensurate defense policies. The assessment should sweep across all levels and business lines. At the core of this endeavor lies customer due diligence (CDD) – a comprehensive guide on how the bank should interact and treat its customers to ensure that all transactions meet the required level of integrity. The bank should design policies for customer acceptance, due diligence, and continuous monitoring of all transactions processed through the bank and/or its affiliates.

Proper Governance Arrangements

The board of directors plays an integral role in the identification and management of various risks, including ML and FT. As such, the board should have a clear understanding of these risks so as to be in a position to make informed decisions. In this regard, the board should regularly be furnished with the relevant risk reports.

It’s also the responsibility of the board to delegate roles and responsibilities in the most efficient and practical manner. In addition, the board should appoint a well-qualified chief AML/CFT (anti-money laundering (AMT) and Countering Financing of Terrorism) officer to oversee the entire AML/CFT function.

The Three Lines of Defense

To properly manage the AML/CFT function, there should be three lines of defense:

Line 1: Business units

Business units should be charged with identifying, assessing, and controlling the ML/FT risks inherent in their business. All the relevant personnel in direct contact with clients should be furnished with clear policies and procedures that outline their obligations and instructions in various situations.

Also part of the first line of defense is the staff recruitment process. All incoming staff should be screened and vetted accordingly.

Line 2: Chief Officer in charge of AML/CFT, the compliance function, and human resources or technology

The chief AML/CFT officer should be in charge of the continuous monitoring of all ML/FT objectives. They should be the face of all AML/CFT operations and the individual to interact with all internal and external authorities.

Line 3: Internal audit

The office of internal audit should regularly perform an independent assessment of the AML/CFT policies and procedures and seek to find out whether such policies are being followed to the letter.

Adequate Transaction Monitoring System

Every bank should have a monitoring system that tracks the activity of each and every account opened at the bank. The system should be designed such that it can be able to detect changes in customer transactions or flag suspicious activity.

Recommended Practices for the Acceptance, Verification, and Identification of Customers at a Bank

Customer Acceptance Policy refers to the general guidelines followed by banks in allowing customers to open accounts with them.

  • Every bank should establish Know Your Customer (KYC) policies and procedures to help establish the profile of customers and identify those likely to pose a higher risk.
  • Some of the facts that should be established at the point of contact with the customer include their background, occupation (including politically exposed persons), country of origin, source of income, and residence.
  • No accounts should be opened under anonymous or fictitious names or when the identity of the customer matches that of any person with known links to criminal activities.
  • The customer acceptance should not be too restrictive such that it denies the general public access to banking products.
  • Account monitoring should be commensurate with the level of risk. For example, the bank should adopt enhanced due diligence when dealing with politically exposed persons or some other individuals with large account balances/cross-border transactions.
  • Due diligence should apply to customers as well as appointed representatives, proxies, and beneficial owners.
  • The best documents for verification of customer identity should be those most difficult to obtain illicitly. Additional requirements such as a written declaration of identity may be used. The bank should keep copies of all the documents used in the verification process.
  • From the onset, it is important to establish a customer’s profile and behavior from the moment they open the account. That way, any suspicious activity can be easier to detect.
  • Genuine suspicious transactions should promptly be reported to the relevant authorities.
  • Once a customer or suspicious activity has been flagged, the bank should take additional steps to mitigate the risk of the bank being used for criminal activity. That may include freezing an account, a review of the customer’s identity and overall activity profile, and cooperation with law enforcement.

Know Your Customer (KYC)AML/CFT in a Group-Wide Context

  • In a group-wide context, both local and cross-border AML/CFT requirements should be met. Group-wide policies should be observed at the branch or subsidiary levels and still pay homage to host country policies and procedures.
  • In case of conflict between the group’s requirements and local/host requirements, the latter takes precedence. It’s the responsibility of the group to ensure that local policies do not negatively impact its ability to identify and mitigate ML and FT risks.
  • There should be constant sharing of information among subsidiaries and the head office.
  • Where the minimum regulatory or legal requirements of the home and host countries differ, offices in host jurisdictions should apply the higher standard of the two
  • The bank should keep group-wide customer profiles and transaction history. All customer details should be updated regularly.
  • The bank’s compliance department and the chief AML/CFT officer should ensure that the group’s policies and procedures are applied across the board. They should also ensure that the different subsidiaries constantly share information.
  • When liaising with other banks or groups on business matters, the group should ensure that it adheres to its own standards particularly when the standards of the business partner are less strict.

 The Role of Supervisors

  • The Committee expects supervisors to apply the Core principles for effective banking supervision to banks’ ML/FT risk management in a manner consistent with and supportive of the supervisors’ overall supervision of banks.
  • Supervisors should adopt a risk-based approach to supervising banks’ AML/CFT functions. To do that successfully, they should have a deep understanding of all the risks in their jurisdiction and their potential impact
  • For higher-risk lines, supervisors should apply specialized expertise and additional procedures to ensure effective review. They should come up with a supervisory schedule for each bank guided by each bank’s risk profile.
  • Supervisors have a mandate to ensure that banks in their jurisdiction maintain sound ML/FT risk management to protect the integrity of both the banks and the financial system as a whole.
  • When monitoring groups, the supervisor should ensure compliance across all branches and subsidiaries. They should also ensure that all subsidiaries pay homage to both group and jurisdictional laws, and that where there’s a conflict between the two, the stricter law applies.
  • Supervisors have a duty to safeguard customer confidentiality throughout

Using Another Bank, Financial Institution or Third Party to Perform Customer Due Diligence

In certain situations, banks may be allowed to rely on third parties with regard to customer due diligence (CDD). In these circumstances, the third party will most likely have an already established business relationship with the customer. A bank can rely on a third party for the following aspects:

  • Customer identification and verification
  • Identification and verification of the beneficial owner
  • Information pertaining to the nature of the intended business relationship

However, it is important to note that not all third parties are eligible for such reliance. In some jurisdictions, banks can only rely on CDD from fellow banks and financial institutions. In certain scenarios, the magnitude and size of transactions built upon third-party CDD may be limited.

Relevant criteria for assessing reliance include:

  • The third party should be subject to the same level of supervision and regulation as the bank
  • There should be a written document acknowledging the bank’s reliance on the other party’s CDD processes.
  • The bank should document its reliance and establish a review process for such a relationship
  • The bank could request the third party to demonstrate that its AML/CFT programme is as strict at least as that of the bank.
  • The bank must give due consideration to adverse public information questioning the third party’s AML/CFT processes or history
  • Reliance on a third party should be viewed as a potential risk factor
  • The bank should conduct periodical checks to ensure that the third party’s CDD process is as comprehensive as the bank’s
  • The bank should reserve the right to terminate a CDD reliance with a third party if the third party fails to apply adequate CDD on their customers.

Practice Question

Bank Z is a mid-sized financial institution that has recently experienced a surge in suspicious transactions. The bank’s internal investigation team has been overwhelmed with the increasing volume of cases to review. Despite having policies and procedures in place for identifying, investigating, and reporting suspicious transactions, Bank Z has struggled to keep up with the workload and maintain compliance with anti-money laundering (AML) and combating the financing of terrorism (CFT) regulations.

In response to the situation, Bank Z’s management is considering implementing changes to improve the efficiency and effectiveness of its suspicious transaction reporting process.

Which of the following measures should Bank Z prioritize to enhance its reporting of suspicious transactions?

A. Streamline the internal investigation process by reducing the number of false positives and promptly reporting genuine suspicious transactions.

B. Reallocate resources from other departments to the internal investigation team to handle the increasing volume of cases.

C. Amend the bank’s policies and procedures to lower the reporting threshold for suspicious transactions to capture more potential cases.

D. Implement an automatic system to report all suspicious transactions directly to law enforcement agencies and the Financial Intelligence Unit (FIU)

Solution

The correct answer is A.

Ongoing monitoring and review of accounts and transactions enable banks to identify suspicious activity, eliminate false positives, and report genuine suspicious transactions promptly. By focusing on streamlining the internal investigation process, Bank Z can improve the efficiency and effectiveness of its suspicious transaction reporting process, ensuring compliance with AML/CFT regulations.

Option B, reallocating resources from other departments, may provide temporary relief but does not address the root cause of the problem, which is the need for an efficient and effective investigation process. Option C, lowering the reporting threshold, could increase the workload and exacerbate the issue by generating more potential cases to investigate. Option D, implementing an automatic system without internal investigation, could compromise the quality of reports and lead to a high volume of false positives being reported to law enforcement agencies and the FIU.

Things to Remember

  • Efficiency is crucial: Ongoing monitoring and a streamlined review process are vital in identifying genuine suspicious activities and ensuring compliance with AML/CFT regulations.
  • Address root causes: Temporary measures, like reallocating resources, might offer short-term relief but won’t solve underlying inefficiencies in the investigation process.
  • Quality over quantity: Lowering the reporting threshold without improving the review process can overwhelm teams and increase the chances of missing genuinely suspicious activities.
  • Automated systems need oversight: Relying solely on automated systems can lead to high false positive rates. Internal investigations are essential to validate suspicions before escalating them.
  • Regulatory compliance: Maintaining adherence to AML/CFT regulations is paramount. Institutions should prioritize solutions that ensure both efficiency and regulatory compliance.
Shop CFA® Exam Prep

Offered by AnalystPrep

Featured Shop FRM® Exam Prep Learn with Us

    Subscribe to our newsletter and keep up with the latest and greatest tips for success
    Shop Actuarial Exams Prep Shop Graduate Admission Exam Prep


    Daniel Glyn
    Daniel Glyn
    2021-03-24
    I have finished my FRM1 thanks to AnalystPrep. And now using AnalystPrep for my FRM2 preparation. Professor Forjan is brilliant. He gives such good explanations and analogies. And more than anything makes learning fun. A big thank you to Analystprep and Professor Forjan. 5 stars all the way!
    michael walshe
    michael walshe
    2021-03-18
    Professor James' videos are excellent for understanding the underlying theories behind financial engineering / financial analysis. The AnalystPrep videos were better than any of the others that I searched through on YouTube for providing a clear explanation of some concepts, such as Portfolio theory, CAPM, and Arbitrage Pricing theory. Watching these cleared up many of the unclarities I had in my head. Highly recommended.
    Nyka Smith
    Nyka Smith
    2021-02-18
    Every concept is very well explained by Nilay Arun. kudos to you man!
    Badr Moubile
    Badr Moubile
    2021-02-13
    Very helpfull!
    Agustin Olcese
    Agustin Olcese
    2021-01-27
    Excellent explantions, very clear!
    Jaak Jay
    Jaak Jay
    2021-01-14
    Awesome content, kudos to Prof.James Frojan
    sindhushree reddy
    sindhushree reddy
    2021-01-07
    Crisp and short ppt of Frm chapters and great explanation with examples.