anti-money laundering
Transkript
anti-money laundering
anti-money laundering NOVEMBER 2008 COMBATING MONEY LAUNDERING IN FINANCIAL SERVICES Pulling back the covers on counterfeiting Be careful – there is fraud and corruption everywhere out there CONTROLS FREAKS AND THE DECEMBER 2008 OBLIGATIONS CINDERELLA CRIMES MISSED THEIR INVITATION TO THE AML BALL MONITORING IN SECURITIES FIRMS MADE EASIER 2 Australia The nd tranche is coming... Understand your obligations. Baker & McKenzie’s experienced team can help you: • Interpret and respond to the requirements of the AML/CTF Act and Rules. • Draft and review AML programs, compliance plans, policies and procedures. • Manage an AUSTRAC audit. • Deal with AUSTRAC enforcement actions. Our international team can also ensure compliance across jurisdictions. Stephen Watts Partner stephen.watts@bakernet.com Sydney +61 2 9225 0200 Melbourne +61 3 9617 4200 www.bakernet.com Georgie Farrant Partner georgie.farrant@bakernet.com Bill Fuggle Partner bill.fuggle@bakernet.com Shamil Sharma Senior Associate shamil.sharma@bakernet.com Emma Hunter Associate emma.hunter@bakernet.com Baker & McKenzie International is a Swiss Verein with member law firms around the world. In accordance with the common terminology used in professional service organizations, reference to a “partner” means a person who is a partner, or equivalent, in such a law firm. Similarly, reference to an “office” means an office of any such law firm. EDITORIAL Pulling back the covers on predicate crime and controls freaks Money laundering gets everyone’s attention. Why? People are fascinated by the underlying crimes and the vision of millions of dollars flowing seamlessly through bank accounts and off to safe havens in exotic destinations. Everyone seems to have a natural interest in crime, criminals and the whole universe of ill-gotten gains. S O THE AML/CTF magazine is going underground — into the dark side of money laundering. We thought it was time to bring predicate crimes to the forefront of the discussion of anti-money laundering/counter terrorism financing in Australia. This issue focuses on intellectual property rights (IPR) theft as the financial and social dimensions of this predicate crime are staggering. The OECD has put the annual value of the international physical trade in counterfeited consumer goods at US$200 billion, equivalent to 2 per cent of world trade and higher than the gross domestic product of 150 countries. Other sources, such as the International Counterfeiting Commission, have indicated that a figure of US$500 billion may not overstate the problem. It has been estimated that nearly 7 per cent of the goods in the global marketplace are counterfeit. From a social perspective, the risks that flow to consumers range from minor to catastrophic — particularly when the US Federal Aviation Administration has estimated that 2 per cent of the 26 million airline parts installed each year are counterfeit. IPR theft makes the global narcotics trade, estimated at more than US$322 billion annually, pale into insignificance. IPR theft is a predicate crime to money laundering and the Australian AML/CTF regime expects that financial institutions will be looking at risk indicators for IPR theft in the same way that they will be looking for the risk E-Voice indicators of tax avoidance and drug smuggling. In this issue Nick Kochan explores what some of the risk indicators of persons engaged in IPR theft might be during the money-laundering phase. My recent attendance at the 2008 Cambridge International Symposium on Economic Crime also adds to the focus on predicate crimes. It was a welcome relief to By Joy Geary EDITOR ML/TF risk is definitely in the eye of the beholder because that was not how these entities perceived themselves. Ever mindful that December 2008 is fast approaching, it is timely to spend some time in this issue on the upcoming obligations from a business-process perspective, as well as examine monitoring in the securities industry. The availability of good quality IPR THEFT MAKES THE GLOBAL NARCOTICS TRADE, ESTIMATED AT MORE THAN US$322 BILLION ANNUALLY, PALE INTO INSIGNIFICANCE attend a conference which dealt with crime — with hardly a mention of know your customer (KYC), monitoring, enhanced customer due diligence or record-keeping. The original title of the symposium was ‘Banking on Trouble’, which in hindsight was easily recast to ‘Banking in Trouble’. This issue publishes the first of a number of articles arising from the symposium’s program. Of particular interest throughout the symposium was the role of in-service criminals (employees) in fraud and financial crime. Of equal interest was hearing from a number of higher risk jurisdictions and businesses about their perception of the money-laundering risks that they pose to others. It seems that higher data about customers and their activities will continue to be a major issue for most financial institutions as they contemplate what Chapter 15 of the AML/CTF Rules might oblige them to do. Ongoing customer due diligence becomes a case of chicken and egg, as the absence of appropriate data about pre-commencement customers will hinder monitoring and enhanced customer due diligence controls from being implemented. The alternatives to approaching customers for this information in most cases will fall short of the desired mark for many financial institutions. The relief from conducting KYC on pre-commencement customers is not turning out to be all that was expected. ■ Please write to me about the subjects that you wish to have aired in the last issue for this year. The magazine is the industry’s magazine and the readership is invited to drive its content through letters. ANTI-MONEY LAUNDERING NOVEMBER 2008 3 CONTENTS FEATURES 3 EDITORIAL 6 NEWS 10 COUNTERFEITING – THE $650b CHALLENGE 16 SO YOU ARE A CONTROLS FREAK – UNBUNDLING THE DECEMBER 2008 OBLIGATIONS 20 LONDON CALLING PROFILE OF A MODERN TERRORIST FINANCIER 21 BE CAREFUL OUT THERE – THERE’S FRAUD AND CORRUPTION EVERYWHERE 25 NEW YORK, NEW YORK PROSECUTORS TAKING A SWIPE AT PREPAID DEBIT CARDS 26 MONITORING IN SECURITIES TRADING FIRMS MADE EASIER 30 AUSTRAC COLUMN CUSTOMER IDENTIFICATION: ITEM 54 REPORTING ENTITIES AND PRODUCT PROVIDERS 31 SOME NEWS FOR ITEM 54 PROVIDERS 33 CHINA AND THE CRIMINAL PROCEEDS OF ‘CINDERELLA’ CRIMES 35 AML SKILLS – IS THERE REALLY A DROUGHT? 38 THE INVESTIGATION AND DETECTION OF CLIENT TAX EVASION 40 CASE STUDY EDITORIAL PRODUCTION AND DESIGN EDITOR: Joy Geary jgeary@afma.com.au CREATIVE DIRECTOR: Jo Fuller SUB-EDITOR: Roger Balch COVER DESIGN: Elly Walton Illustrations (UK) CONTRIBUTORS: AUSTRAC, Jun Claravell, Chris Hamblin (UK), Nick Kochan (UK), Dr. Nick Ridley (UK) Kenneth Rijock (USA), Marie Sullivan, Mark Turkington, Stephen Watts, Brett Wolf PUBLISHING NATIONAL MANAGER, MARKETING: Diana Zdrilic – Tel: + 61 2 9776 7923 dzdrilic@afma.com.au anti-money laundering ANTI-MONEY LAUNDERING MAGAZINE IS PUBLISHED SIX TIMES A YEAR BY AFMA – Level 3, 95 Pitt Street, Sydney NSW 2000. GO Box 3655, Sydney NSW 2001 Tel: + 61 2 9776 4411 Fax: + 61 2 9776 4488 www.afma.com.au Disclaimer: This publication is designed to provide accurate and authoritative information in regard to the subjects covered. It is distributed with the understanding that the AFMA is not engaged in rendering legal, accounting or other professional service. If legal advice or other expert assistance is required, the services of competent professional persons should be sought. AFMA Anti-money laundering magazine presents the views of a range of commentators on AML issues for the benefit of readers and AFMA does not necessarily endorse these views. This publication is copyright. Other than for the purposes of, and subject to the conditions prescribed under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system, or transmitted without prior permission. Enquiries should be addressed to AFMA. ANTI-MONEY LAUNDERING NOVEMBER 2008 5 NEWS Powered by AUSTRAC makes clear its expectations regarding monitoring transactions from 12 December 2008 The following is an extract from material posted by AUSTRAC to its website on the Ongoing Customer Due Diligence Rules. The bolding and underlining added below has been added by the Editor for emphasis. Visit the AUSTRAC website for more details – http://www.austrac.gov.au/ongoingcustomerduediligence.html F OR REPORTING ENTITIES who find they will be non-compliant with OCDD obligations when they commence on 12 December 2008, AUSTRAC’s view on this matter is: • • • The OCDD-related AML/CTF Rules were finalised and communicated to industry in December 2007, providing reporting entities with 12 months to develop and implement their systems and controls. The Policy (Civil Penalty Orders) Principles 2006 (the Principles) and associated guidance note do not alter the commencement date of Part 2 of the AML/CTF Act. Reporting entities are obliged to comply with Part 2 irrespective of the Principles. To avoid the possibility of enforcement action – including civil penalty orders – in respect of Division 6 of Part 2 of the AML/CTF Act, a reporting entity must: • by 12 March 2010, at the very latest, be compliant with Division 6 of Part 2; and • have applied their transaction monitoring program from 12 December 2008. This applies regardless of the date during the 15-month period at which the reporting entity reached full compliance with these requirements. • Notwithstanding the application of the Principles and the guidance note, AUSTRAC has a number of regulatory powers available to it beyond the application of civil penalty orders. Where a reporting entity fails to implement any transaction monitoring program on 12 December 2008, AUSTRAC will require those entities to apply their transaction monitoring program, once implemented, to those transactions that occurred between 12 December 2008 and when the entity began complying with the transaction monitoring requirements. This may require the reporting entity to carry out additional KYC and/or enhanced customer due diligence measures. This must be completed no later than 12 March 2010. ■ AUSTRAC e-news AUSTRAC expects reporting entities who are implementing complex OCDD tools including computerised transaction monitoring systems and will not be fully functional on 12 December 2008, to utilise manual or other existing technological tools during the interim period. If you have not already subscribed to AUSTRAC e-news then visit http://www.austrac.gov.au/newsletters.html and subscribe. AUSTRAC e-news is a monthly newsletter providing updates on the anti-money laundering and counter-terrorism financing environment for Australian reporting entities. Reach out to the market Advertising solutions Over 4,500 qualified industry practitioners, including 350 AML project managers from the retail, wholesale, funds management and insurance sectors, read Anti-money laundering magazine. To reach the industry’s key decision makers, contact our advertising team on 02 9776 7923 6 NOVEMBER 2008 ANTI-MONEY LAUNDERING NEWS Powered by AUSTRAC report highlights firms’ failure to register October 17, 2008 T HE AUSTRALIAN Transaction Reports and Analysis Centre received 10,000 registrations from reporting entities and 7500 anti-money laundering/ counter terrorism financing (AML/CTF) compliance reports last financial year, according to its latest annual report. Neil Jensen, Chief Executive of AUSTRAC, told Complinet earlier this year that the regulator believed there were around 15,000 reporting entities in Australia. The figures in the annual report indicate that at the end of 2007-08 there were still around 5000 entities that had failed to register with AUSTRAC and another 2500 that had registered but failed to file compliance reports. Jensen said in the report that one of AUSTRAC’s main challenges was to identify the entities that were subject to the AML/CTF regime. It had contacted more than 19,000 potential reporting entities, delivered presentations to an estimated 6500 industry attendees and launched AUSTRAC Online, which led to around 10,000 enrolments. After liaising with the industry, the estimated number of reporting entities had fallen by 4000 to 15,000, he said. As a result, AUSTRAC still believed that there were around 5000 firms that had simply failed to report. ‘In 2007-08, there was a significant expansion in AUSTRAC’s efforts to assess entities’ compliance with the Financial Transaction Reports Act and AML/CTF Act obligations. To prepare for its expanded supervisory role, AUSTRAC increased the number of personnel in its compliance and enforcement branches, and supported this growth with a comprehensive training and development program to build on the skills and expertise of its supervisory personnel,’ Jensen stated. AUSTRAC also developed new supervision and compliance assessment tools to support its on-site assessments. In the 2007-08 financial year it conducted 139 on-site assessments of regulated entities — a 121 per cent increase from the previous year. The regulator also issued 798 orders for firms to improve their AML/CTF programs. ‘An important priority for the agency is getting to know and understand our expanded regulated population. Under the FTR Act 1988, AUSTRAC’s responsibilities were related to specific industries and fewer than 4000 cash dealers. Under the AML/CTF Act we deal with a wide range of new entities which offer ‘designated services’,’ the AUSTRAC chief stated. The report indicated that AUSTRAC’s main regulatory focus was to encourage voluntary compliance from the industry, rather than resorting to enforcement. Jensen added that for the industry and AUSTRAC, the risk-based regulatory framework was still a relatively new concept. He said that the challenge for AUSTRAC was to provide reporting entities with the support that they needed to comply. He did not feel that there was a need at this stage to focus unnecessarily on enforcement action to bolster compliance. Jensen stated: ‘Throughout the year, AUSTRAC employed a variety of means to work with industry associations, groups and individual entities to assist them to understand and implement the AML/CTF reforms. As part of our extensive outreach effort we provided electronic learning products, an expanded telephone helpline, a seminar program, various education tools and advisory visits to regulated entities.’ ■ Crime institute warns of laundering risk in stored-value cards October 2, 2008 T HE AUSTRALIAN Institute of Criminology has issued a paper highlighting the money laundering risks posed by stored-value cards, which have become more popular in recent years. In its latest issue of Trends and Issues in Crime and Criminal Justice, the AIC said the stored-value cards offered new opportunities for illicit financial transactions, money laundering and bulk cash smuggling by organised criminals. The AIC publication highlighted some of the ways that the stored-value cards could be used to disguise criminal transactions. According to the paper, each stage of the money laundering process provided a potential role for the use of such cards: ANTI-MONEY LAUNDERING • Placement – illegal funds are introduced into the financial system, or converted into monetary instruments (for example, stored-value cards); • Layering – the illegal origins of funds are disguised (depending on the type of stored-value card used during the placement stage, value can either be redeemed for merchandise or sent overseas); and • Integration – disguised funds are made available for investment in legitimate or illegitimate businesses (stored-value cards can be used as a means of payment by criminals. The chemicals used in the production of illegal drugs could be bought using stored-value cards). ‘There are various types of stored-value cards, from limited value cards which can be used at limited vendors, to cards with a large amount of value attached to them, redeemable at numerous merchants and service providers,’ said Judy Putt, general manager of research at the AIC. ‘Each sort of card can be used in money laundering operations.’ ‘In the same way that legitimate businesses look at market forces and new opportunities for stored-value cards, criminals will also explore new areas that can be exploited to maximise profits, and evade the scrutiny of law enforcement agencies and regulators,’ Putt said. ‘The widespread availability of stored-value cards, particularly at non-financial outlets, the high credit limits of some types of cards, and the fact that in many cases customers need not prove their identity to obtain stored-value cards, can all be abused by organised criminals for illicit financial transactions and to disguise their activities.’ ■ NOVEMBER 2008 7 NEWS Powered by New Zealand pushes ahead with plans for AML reform October 13, 2008 T HE CONSULTATION PERIOD on New Zealand’s proposed anti-money laundering laws has closed, which leaves the government with a five-month window to introduce legislation into parliament prior to the Financial Action Task Force’s ‘mutual evaluation’ exercise. Gary Hughes, principal of law firm Chapman Tripp, said that the government needed to ensure that the Bill was in parliament prior to the FATF’s visit in April 2009 or risk becoming a ‘pariah’ in international terms. The government had originally committed to passing the legislation prior to the FATF visit but set back its timetable to allow a costbenefit analysis to take place. Earlier this year it commissioned Deloitte to produce a report on the likely cost of the AML regime. The consulting firm estimated that the compliance costs would stand at around NZ$111.8 million up-front and around NZ$42.7 million per annum in ongoing spending. The government said that it would take into account Deloitte’s costing estimates when it finalised the Anti-Money Laundering and Countering Financing of Terrorism Bill 2008. Cabinet expects to make a final policy decision on the AML/CFT Bill in February 2009. It will then introduce the bill to parliament in April 2009, with the aim of passing legislation before the end of next year. In the next few months, the government will issue further information releases and drafts of the detailed regulations that will address the technical matters covered in broad-brush by the statutory obligations, according to Tripp. He noted that the Bill had broad bipartisan political support and was driven by offshore pressure rather than domestic politics. As such, he said that it was unlikely that the Bill’s progress would be affected by the result of the upcoming New Zealand election. The government’s one-month window for consultations on the draft AML/CFT Bill was described within the industry as too tight, considering the scope and complexity of the reforms. There was some concern among industry figures that the consultation period was being treated as a formality, rather than a genuine two-way discussion. Tripp explained: ‘A view has already been expressed to the ministry that this is a very short timeframe for a bill of 131 clauses and over 80 pages in length. But the ministry is adamant that it is on a very tight timeline. Let us hope the degree of consultation is to be more than token.’ Need for reform Tripp also said that the AML/CFT Bill would involve major changes for regulated firms. He said that they would have to ‘pour considerable energy and resource into getting their business systems sorted out to comply with the rigours of the new law’. He added that some firms, and possibly the new regulators themselves, would be ‘scrambling’ to deal with the scale of change. He noted that when Australia introduced its AML laws the major banks had between 40 and 60 staff working on AML implementation for around 12 months. Despite the costs, Tripp said that the new laws were necessary to keep New Zealand in line with other FATF members. He explained: ‘Make no mistake; this new regulation is driven from offshore. Multilateral co-ordination of efforts to eradicate money-laundering – and to ostracise countries who are complacent about it – is led through the FATF. ‘In 2003 the FATF reviewed New Zealand’s compliance with international obligations to combat money laundering and terrorist financing. It found our law, principally the Financial Transactions Reporting Act 1996, wanting.’ He said that the FATF’s next mutual evaluation visit would be a testing time for the jurisdiction. ‘The best practice espoused by FATF’s 40+9 recommendations has got more stringent since our last review. This is the sharp end of the international peer pressure to conform with global 9 APG to assess Vietnam and South Korea’s AML systems September 18, 2008 T HE ASIA-PACIFIC Group on Money Laundering has announced that it will conduct on-site visits to Vietnam and South Korea in November this year. The visits are to be conducted in co-operation with the Financial Action Task Force and will evaluate the two jurisdictions for compliance with the 8 NOVEMBER 2008 global anti-money laundering and countering the financing of terrorism standards set down by the FATF. The AML/CTF assessment of a country by APG is conducted by experts experienced in the legal, financial and law enforcement sectors. These evaluations are based on the FATF’s 40+9 recommendations. The evaluation of a country consists of two major components: the on-site visit involves meetings with key governmental and private sector agencies – including banks, other financial institutions and the real estate, legal and accountancy professions. Later, the report is examined by the full APG plenary. To qualify as an expert, assessors must undertake an intensive training course offered by the APG or the FATF in the FATF methodology 2004. ■ ANTI-MONEY LAUNDERING NEWS Powered by Offshore regulators toughen stance on AML September 09, 2008 R EGULATORS in many offshore jurisdictions have stepped up their pressure on monitoring anti-money laundering compliance in an effort to shed the traditional image of offshore tax havens as hideaways for dirty money. It has become very difficult to open an offshore account, said Duncan Smith, partner at law firm Ogier in Hong Kong, with regulators in places such as the Cayman Islands and the British Virgin Islands now applying very stringent know your customer (KYC) measures. With a majority of Hong Kong-listed firms registered in either of the two Caribbean jurisdictions, this was an important point to consider, he said. conference in Hong Kong, Smith said that offshore jurisdictions had come a long way from the early years of this decade, when several Caribbean jurisdictions were placed on the Financial Action Task Force on Money Laundering’s list of non-cooperative countries. Smith said this was quite impressive, given that offshore regulators had little choice but to be light-touch regulators to not turn away business from their jurisdictions. ‘Given that normally, neither the money nor the investors are physically present in the country,’ offshore regulators have little choice but to be light touch, and rely on onshore regulators to be more heavy handed, he said. Of the two Caribbean jurisdictions, the Cayman Islands were perceived to have a “ANYONE CAN WRITE RULES. IT’S THE APPLICATION OF REGULATIONS THAT IS MOST IMPORTANT.” Caymans compared to nearly 900,000 in the British Virgin Islands, Smith said. A former favourite jurisdiction for hedge funds, Bermuda, had nearly ‘regulated itself out of existence’, he added. Regulation in both jurisdictions was ‘pretty good’ for hedge funds, he said. The key to running an effective regulatory regime, however, was in the way that the regulator applied regulations. ‘Anyone can write rules. It’s the application of regulations that is most important.’ Turning to Asia, he said that Singapore and Hong Kong had thrived on a light-touch regime but had become tighter on regulations since the Asian financial crisis of 1997. He noted that regulations in Hong Kong were ‘a bit behind on KYC’, but also called into doubt the general usefulness of stringent KYC rules. ‘At the end of the day it only proves that I am who I say I am,’ he said, noting that the best a firm could do was to ‘check the boxes’ and run potential clients through a screening service to see if they score against any sanctions lists. It could often be difficult for firms, however, to verify where a client’s money was derived from, he said. ■ ‘These days, if you are thinking of embezzlement you’d be better off hiding the money in Miami, New York or London,’ Smith said. Speaking at the Hedge Funds World Asia higher level of regulation than the British Virgin Islands, he noted. This could be seen in the number of corporate vehicles domiciled in the two territories, with only 65,000 in the 8 – NEW ZEALAND ... Indian banks move towards automated AML systems best practice – largely, US best practice – to combat money laundering and terrorism financing. The government acknowledges that New Zealand will still not pass the ‘compliance’ aspect of the FATF review because the new Bill will not be in force by April, but draft laws may at least earn us a tick in the ‘commitment and willingness to implement’ box.’ Tripp concluded that it would be a ‘political disaster’ if the new AML/CFT Bill was not at least introduced to parliament by the time of the FATF review. ‘Overall, it will not pay to be too complacent about implementing AML reforms in the longer term. Any developed nation that does so runs the risk of garnering financial pariah status, losing international confidence and credibility in its markets and ratings, and perhaps facing higher fund-raising costs.’ ■ ANTI-MONEY LAUNDERING October 08, 2008 T HE INDIAN BANKS Association and 10 of the country’s largest financial institutions have joined forces to develop an industry standard to encourage the use of customer identification and transaction monitoring software solutions. The IBA established a working committee to revise the anti-money laundering guidance notes to encourage greater use of automation and software tools to identify potential laundering activity. The new standards will focus on encouraging the use of automated KYC and transaction monitoring tools and moving away from manual filtering. The move to develop the new standards was a recognition that software platforms were essential to deal with the volumes of transactions and customers that Indian banks managed, the IBA said. The new standards will complement the Reserve Bank of India’s recent guidelines on wire transfers, transaction monitoring and usage of AML monitoring software. Participants in the committee include representatives from major banks such as the State Bank of India, ICICI bank, Standard Chartered and HSBC. The Indian government, meanwhile, is making a visible effort to comply with the Financial Action Task Force’s 40+9 recommendations on AML and CTF. The country hopes to join the FATF this year, according to reports. India currently has FATF observer status. ■ NOVEMBER 2008 9 FEATURE Counterfeiting – the $650b challenge By Nicolas Kochan Counterfeiting: a money laundering challenge that goes beyond banks C OUNTERFEITING is a crime that thrives in recessionary times. Counterfeiters will find a growing consumer willingness to risk buying and owning an illegal copy or product rather than make do with an own-brand product or without the product altogether. At the same time, the ranks of the counterfeiters are likely to swell with people who have lost their livelihoods as a result of factory closures and who see counterfeiting as a comparatively easy and risk-free way of earning a living. Those who have formerly worked in factories making brands (and whose factories have been closed down) will be lured by organised criminals to set up illegal production facilities. For these reasons, the counterfeiting threat has never been greater. 10 NOVEMBER 2008 This threat takes three broad forms: the scale of financial damage that counterfeiters wreak is considerable; the threat to the good reputation of free trade is massive; and counterfeiters create a range of physical and other dangers to consumers who buy counterfeit goods. The criminality involved in counterfeiting is coupled with the danger caused by organised criminals laundering counterfeiting proceeds through banks and other financial institutions. The OECD has put the annual value of international physical trade in counterfeited consumer goods at US$200 billion, equivalent to 2 per cent of world trade and higher than the GDP of 150 countries. Other sources, such as the International Counterfeiting Commission, have indicated a figure of US$500 billion may not overstate the problem. According to an Interpol report, the global narcotic trade, estimated at more than US$322 billion annually, has been surpassed by the combined global piracy and counterfeit trade, which clears more than US$650 billion. It has been estimated that nearly 7 per cent of the goods in the global marketplace are counterfeit. Counterfeiting has a further dimension, which makes the task of the financial and commercial community in tackling counterfeiting that much more pressing. Terrorist groups have long used counterfeiting as a cash cow for sourcing funds. The quantity of money that can be made quickly and with relatively low technology attracts criminal and terrorist groups with international links. Counterfeiters typically manufacture their goods in countries with plentiful cheap labour, says Steve Rucker, an investigator at Kroll. ‘These goods are shipped to prosperous countries. Mingled with the counterfeit goods may be other criminal goods such as drugs and even weapons. This is a highly international and dangerous activity.’ Terrorist groups with known counterfeiting expertise include the Tamil Tigers of Sri Lanka, the IRA and Spanish terrorists. In terms of regions harbouring strong commercial counterfeiting industries, China tops the list. The International Chamber of Commerce estimates that more than 60 per cent of the counterfeit products seized by US authorities in 2005 were produced in China. ANTI-MONEY LAUNDERING FEATURE The counterfeiting industry is also well established in Eastern and Central Europe, where many former state factories have been turned over to counterfeiting components as sensitive as aircraft parts and armaments. Law enforcement in these emerging markets regards counterfeiting as a low priority. The range of legitimate industries hit by counterfeit goods is as disturbing as the scale of the problem. The US Federal Trade Commission and the Motor and Equipment Manufacturers Association estimate that counterfeiting costs the global automotive spare parts industry US$12 billion annually, of which US$3 billion is in the US. The US Federal Aviation Administration estimates that 2 per cent of the 26 million airline parts installed each year are counterfeit, which has major safety repercussions. The Gieschen Consultancy has reported that US$8.5 million of counterfeited food and alcohol products were seized worldwide during the first half of 2005, while the International Chamber of Commerce has said that the apparel and footwear industries lose US$12 billion in revenue each year from counterfeiting. The speed with which counterfeiting has risen up the ladder of commercial threat is extraordinary. Twenty years ago, counterfeiting was regarded as a problem chiefly for the makers of luxury goods, and 70 per cent of firms affected by counterfeiting were in this sector. But by 2006, not only was the scale of counterfeit luxury goods multiplying, but far more sensitive counterfeit goods were being intercepted at national borders. For example, members of the European Union reported that its customs officials had intercepted fake airplane parts, electrical appliances and toys. More than 2.7 million items of counterfeit medicine were intercepted at EU borders in 2006. This was reckoned to account for almost 10 per cent of world trade in medicines. Most of these fake drugs are headed for the world’s poorest countries. Each year intellectual property rights (IPR) theft erodes the market and available returns for genuine goods and services. Local companies, multinational corporations and governments lose billions of dollars and innovation suffers. Similarly, there is a cultural loss from the impact of piracy on the viability of the entertainment and arts industry. Serious health and safety risks are posed by counterfeit pharmaceuticals, auto parts and aviation parts. Historically, IPR theft has been treated as a commercial issue for trade negotiators to haggle over, although it increasingly poses a security threat to countries. Much of ANTI-MONEY LAUNDERING the production and distribution is under the control of organised crime groups with profits rivalling, and in some cases surpassing, that of narcotics. The penalties are low when compared to drug trafficking and the high-profit, low-risk appeal of IPR theft attracts terrorist organisations. According to an article entitled, ‘A New Front – IPR Theft, Money Laundering and Terrorist Financing’ published by ICPVTR, IDSS Singapore in September/October 2005 (360 per cent) and cocaine (1000 per cent). Asian governments have woken up to this and taken action; in 2004, 74 per cent of worldwide DVD seizures were executed in Asia. Commonplace DVD/VCD pirate retail outlets are only the tip of the iceberg and larger piracy enterprises are similar to the Fortune 500 companies they steal from. These syndicates are also best placed to endure the costs of seizure and confiscation, and finding new ways to evade customs and police. THE INTERNATIONAL CHAMBER OF COMMERCE HAS SAID THAT THE APPAREL AND FOOTWEAR INDUSTRIES LOSE US$12 BILLION IN REVENUE EACH YEAR FROM COUNTERFEITING and co-authored by Rohan Bedi, ‘In China, Indonesia and Pakistan alone, more than 90 per cent of the music and movies sold are pirated. Counterfeiting is very diverse, ranging from backstreet sweatshops to full-scale factories. Counterfeiters steal company secrets with the help of corrupt employees or licensed suppliers and manufacturers who overrun production lines and sell the extra goods on the sly.’ The article also says that distribution networks can be ‘as simple as a stall in the street, or a shop on the other side of the world. The internet has helped with details on which goods to copy, and links to consumers and suppliers with ease and relative anonymity. The complex distribution network required by the larger counterfeiters has attracted organised crime.’ Optical disc piracy (ODP) is one of the newer forms of IPR theft that, in recent years, has flooded Asian and worldwide markets. The trade has become so lucrative that the mark-up on a pirated DVD (1150 per cent) outpaces the differential profits of heroin Counterfeiting is regarded as a key part of the portfolio of organised criminal groups. Hong Kong police have picked up triad members implicated in local and export piracy operations that now contribute a major source of their income. Elsewhere, ODP has become a key source of funding for the Malay and Taiwanese triads, the Japanese Yakuza, the Italian La Cosa Nostra, and the Russian Red Mafiya. While there can be little doubt of the financial damage done by those who steal the intellectual property rights in goods to both corporations and members of the public, the perception remains in some quarters that IPR theft is a victimless crime. The US has a Special 301 Watch List. Special 301 is a law designed to monitor, and in extreme cases sanction, countries that fail to adequately protect intellectual property. Names on the priority watch list in Asia include China, India, Indonesia, Pakistan, the Philippines; the watch list includes Korea, Malaysia, Taiwan, Thailand and Vietnam. NOVEMBER 2008 11 FEATURE IPR risk information sources Organisations hitting counterfeiting: The International Anti-Counterfeiting Coalition (IACC) The International Anti-Counterfeiting Coalition (IACC) is the largest international organisation devoted solely to combating product counterfeiting and piracy. The IACC develops and conducts training for domestic and foreign law enforcement officials, submits comments on intellectual property enforcement laws and regulations in the United States and abroad, and participates in regional and international programs aimed at improving intellectual property enforcement standards. US Special 301 Watch List This highlights countries that fail to adequately protect IPR. http://www.ustr.gov International Chamber of Commerce (ICC) This has an extensive anti-counterfeiting/antipiracy database that holds names of individuals and firms that have been investigated for possible copyright violations http://www.icc-ccs.org/ US IPR search This is a web-accessible database that houses contact information for the owners of 30,000 of the world’s largest trademarks. http://iprs.cbp.gov/ Other bodies Organisations such as the MPA may be willing to share their high-risk lists with banks through secure channels. http://www.mpaa.org/ 12 NOVEMBER 2008 Specific to ODP the list of countries leading the export of pirated goods in Asia include Malaysia, Pakistan, China, Indonesia, and the Philippines. The two trans-shipment hubs of Asia, Singapore and Hong Kong, may be exploited for shipping such pirated goods and customs have to be vigilant. In some countries on the US’s Special 301 Watch List (and others not on this list), members of the judiciary/law enforcement agencies believe IPR theft is unworthy of prosecution or sentencing, and adequate resources are not invested in investigations. The perception of IPR theft as a victimless crime also makes it susceptible to easier influence from corrupt public figures who interfere with the enforcement process. The importance of the policeman role of the financial community has been stressed by the Financial Action Task Force since 2003, when the FATF listed ‘counterfeiting and piracy of products’ in its revised 40 principles for money laundering as one of Hong Kong, which amended its AML law in 2000, has successfully prosecuted several high-profile optical piracy cases with money laundering charges. In August 2004, Hong Kong Customs and Excise (HKC&E) neutralised a money laundering scheme that turned over HK$4 million in an 18-month period from the proceeds of pirated films. Those who have responsibilities under AML laws to monitor suspicious activity need to understand the size, scale and financial needs of the counterfeiting and piracy industry. Using effective know your customer (KYC) databases is a key aspect of this monitoring role. The money laundering risks from ODP are derived from the business practices of the ODP piracy syndicates. There are three broad groupings of piracy operations (large, medium and small), with each engaging financial services with different needs. The large and medium-sized piracy enterprises have transnational businesses covering both manufacturing and distribution; they frequently use e-commerce to facilitate IN AUGUST 2004, HONG KONG CUSTOMS AND EXCISE NEUTRALISED A MONEY LAUNDERING SCHEME THAT TURNED OVER HK$4 MILLION IN AN 18-MONTH PERIOD FROM THE PROCEEDS OF PIRATED FILMS. the 20 minimum predicate crimes for money laundering. This category covers a range of businesses impacted by IPR theft from tobacco, apparel, pharmaceuticals, and software industries and presents a new dimension of AML compliance for financial institutions (FIs). A spokesman for the FATF said that ‘Those who break the law do not simply use ordinary banks to deposit their ill-gotten gains. They launder their money, depriving countries and IPR holders of their legitimate benefits. The FATF 40 + 9 Recommendations impose obligations on all of us to stop such behaviour.’ So the pressure on banks and financial institutions to play their part in excluding the proceeds from the sale of these dangerous goods, and to seek to spot those who seek to pass off the proceeds of these sales has now intensified. Six out of 13 major Asian markets have amended their anti-money laundering (AML) laws to specifically include IPR theft. Some of the other countries are on their way to do this. Others cover IPR theft under separate laws, albeit with different scopes and enforcement capacities. transactions. Large enterprises have turnovers of more than US$10 million a year, mediumsized enterprises have turnovers of between US$5 million and US$10 million and small enterprises have less than US$5 million. Counterfeiters and pirates are also difficult to spot as many of their businesses are quasi-legitimate and produce both genuine and counterfeit goods. Organisations perpetrating piracy and counterfeiting make use of different techniques, according to their size and competence. The financial services used by large and medium-size piracy enterprises include: • Letters of credit for container shipments; • Insurance on shipping, building/facilities and manufacturing equipment; • Loans for purchasing new equipment, supplies etc; • Corporate accounts to execute payroll and manage overhead costs; and • Money transfer facilities to remit funds to beneficiaries in multiple countries. ANTI-MONEY LAUNDERING FEATURE In addition to AML regulatory risk, some of the risks to financial institutions servicing large enterprises engaged in counterfeiting are: • Large piracy enterprises are sophisticated/ organised and undertake many placement and layering strategies to launder their proceeds, including the use of numerous front businesses and the full suite of financial services, exposing FIs to serious reputation and financial risks; • Convicted pirates can default on loans when served with asset forfeiture and confiscation orders; and • Insurance services are ripe for fraudulent claims to offset losses from enforcement seizures elsewhere in the world. In addition to AML regulatory risk, some of the risks to financial institutions servicing medium-sized enterprises engaged in counterfeiting are: • Medium-sized piracy enterprises will share many of the same transnational money laundering strategies employed by their larger counterparts, but on a smaller scale as they do not have as many front businesses to facilitate placement transactions; and • The risk of delinquency and fraud on financial products is greater as they cannot afford to wait out periods of heightened IPR enforcement. Financial institutions servicing small enterprises engaged in counterfeiting face heightened AML regulatory risk as follows: • Small piracy enterprises reflect the risks associated with typical cash-intensive businesses and cash deposits/money transfers are the key facilities to watch; and • These enterprises may use informal money transfer systems and money services businesses to move money. Prevention strategy: AML risk models The earlier article published in 2005 by ICPVTR, IDSS Singapore, stresses the importance for FIs of taking a ‘holistic risk-based approach in designing their AML program’. Its authors say that one of the keys for financial institutions is ‘to build layers of IPR theft, including ODP, linked intelligence into their existing AML risk models.’ Case study: Counterfeit cigarettes Cigarettes have proved a favourite target for counterfeiters all across the world. ACCORDING TO the World Customs Organisation, ‘in China, 190 billion counterfeit cigarettes are produced each year, making it a major source country for European-destined fakes’. It has been argued that ‘the production of fake cigarettes with world-famous brand names such as ‘Mild Seven™’ and ‘Marlboro™’ has been rampant since 2000’. Published news reports state that in the first six months of 2002 alone the Chinese authorities dealt with 159,000 cases involving the production and sale of counterfeit cigarettes and that government authorities in China have spent over US$190 million fighting counterfeit in recent years, seizing more than 5000 cigarette-making machines, but that their efforts are still failing. Counterfeiting factories have been discovered in various countries throughout Europe, Asia and Latin America. Customs authorities across the EU seize several million packs of counterfeit cigarettes every year. In November 2003, the European Commission noted what appears to be a significant increase in the volume of counterfeit cigarettes seized at the EU’s external border in 2002. Some recent statistics reflect that the total number of counterfeit cigarettes produced annually is larger than the genuine production of all but the largest tobacco companies. The people who suffer from this criminal trade are legion. They include: • Governments: counterfeit products almost always escape taxation because goods are either smuggled into Europe or come in with forged or invalid documents; • Workers: they suffer because counterfeit products result in fewer jobs in the legitimate manufacturing and retailing sectors; • Consumers: they suffer because they are duped into buying an inferior copy of the legitimate product, which may present serious and unforeseen health risks; and • Societies: affected societies suffer because counterfeiting supports other activities of organised crime, ■ including terrorism. ANTI-MONEY LAUNDERING NOVEMBER 2008 13 FEATURE Geography and country risk The Special 301 Watch List should be used in the same way as Transparency International, Freedom House, OECD indicators, membership of FATF and INCSR data is already used in country risk models to assess money laundering risk of countries. Customers, people who control corporations and trusts and transactions can involve countries on the 301 Watch List. Business and entity risk The following steps may be useful for KYC purposes to improve the chances of detecting circumstances where a customer has made false representations: • Seeking proof of manufacturing licence (where required); • Validating manufacturing licence from relevant authority issuing the licence; • Requesting written evidence of licences from copyright holder to sell or reproduce the copyright goods; • Contacting relevant industry body (eg, the Motion Picture Association and the International Federation of the Phonographic Industry) to verify status of the licence from their member; • Searching public records for prior conviction records of the associated individuals, company or other regulatory actions; • Checking for listings on high-risk databases such as that of the ICC and other online databases such as that of Interpol (searches possible on ‘counterfeiting’); and • Media searches. Such information will be difficult to obtain unless the customer is seeking a relationship with the financial institution that allows for this kind of information, such as a credit relationship. However, if the business is a semi-legitimate one and records its legitimate business to establish its relationship with the financial institution, then traditional AML controls have to be used to spot suspicious activity like payments that are not in line with the financial institution’s understanding of the client’s operations, (geographies, parties, amounts), cash deposits for a business that declares its markets as being located primarily overseas etc. • • 14 Other IPR risk indicators: Large piracy enterprises often operate through nominees, including lawyers and company incorporation agents, and use offshore banking and private banking services; and Other services used including remittances that involve unrelated third parties to facilitate transactions. NOVEMBER 2008 Responses to the counterfeit problem Manufacturers – product manufacturers have responded in many different ways, including setting up specialised brand or product integrity departments within their organisations, building special websites to educate and warn the public about counterfeits, instituting legal actions against those responsible, and lobbying governments to force authorities in source countries to adopt and enforce stricter laws. Governments – in addition to the adoption and enforcement of strict anti-counterfeiting laws, some governments have recognised the need to improve existing systems to prevent the movement of counterfeit goods. Some customs authorities are using new technologies to achieve that goal. Modern X-ray container-scanning equipment is an example of new technology being used to thwart the transport of illegal goods. These machines can be installed in ports to allow non-intrusive inspections of a container’s contents. While the initial investment cost is high, it has been found that even the most expensive container scanners quickly become self-financing. Examples of tools used to track down counterfeit cigarettes included: • A €12.5 million container scanner in the port of Hamburg between September 1996 and 2002 which led to the discovery and seizure of illegal drugs with a selling value of over €257 million and excise goods (cigarettes and alcohol) representing a total duty loss of over €66 million; and • a €14 million container scanner in Rotterdam led to the recovery of more than €20 million in lost revenue in the first six months of use. These are encouraging results. However, the International Counterfeiting Commission has recognised that ‘the successful use of container scanners at some European ports has led to the diversion of container traffic to other ports/airports/border posts’. The European Parliament has therefore urged that modern scanning equipment ‘be made as widely available as possible’. Future initiatives which can help financial institutions manages the money laundering risks associated with IPR theft: • Online KYC database vendors like World-Check, IntegraScreen Online, Factiva, and Complinet, whose KYC products are subscribed to by thousands of FIs around the world, could expand their focus to include IPR theft in a more direct and proactive manner. KYC database vendors need to work with leading industry organisations concerned with IPR theft to make sure their databases highlight key players and their links; and • The Anti-Counterfeiting Trade Agreement (ACTA) is a proposed agreement that would impose strict enforcement of IP rights related to internet activity and trade in information-based goods. The agreement is being negotiated by the governments of the US, Japan, Switzerland, Australia, New Zealand, Canada, Mexico and the European Commission. If adopted, the treaty would establish an international coalition against copyright infringement, imposing strong, top-down enforcement of copyright laws in developed nations. The proposed agreement would allow border officials to search laptops, MP3 players and mobile phones for copyright-infringing content. It would also impose new co-operation requirements upon internet service providers (including perfunctory disclosure of customer information) and restrict the use of online privacy tools. ACTA is part of a broader ‘forum shifting’ strategy employed by the trade representatives of the US, EC, Japan, and other supporters of rigid intellectual property enforcement: similar terms and provisions currently appear in the World Customs Organisation draft SECURE Treaty. Conclusion: public/private co-operation The counterfeit problem has reached such epidemic and global proportions that no single body or entity can tackle it. Instead, a multifaceted approach including co-operation between manufacturers and governments is required. The global AML regimes in place are moving to risk-based models which depend on extensive information about predicate crime indicators, as well as indicators about how counterfeiters and pirates launder their funds through the financial system. ■ The author acknowledges that this article extensively references and builds on an earlier paper authored by Rohan Bedi entitled “A New Front – IPR Theft, Money Laundering and Terrorist Financing”, Sept/Oct 2005 published by ICPVTR, IDSS Singapore. ANTI-MONEY LAUNDERING FEATURE So you are a controls freak – unbundling the December 2008 obligations T HE DECEMBER 2008 Anti-Money Laundering/Counter Terrorism (AML/CTF) Obligations require reporting entities to establish controls in response to risks identified through diagnostic and assessment processes. These controls are partly prescriptive in that the regulator expects that a reasonable risk assessment will lead to actions which may include (but not be limited to) monitoring, enhanced customer due diligence and additional know your customer (KYC) requirements. It is through these actions that a reporting entity (RE) controls ML/TF risk within their business. By Mark Turkington What does this mean in practice? The danger with risk controls however, is that they can be illusory. Establishment of a control can be mistaken for action when in fact, through poor design, it is both inappropriate and ineffective. An effective AML/CTF control is directly linked to risks identified by the RE. For instance, KYC, is a control process. The generic steps in identifying KYC risk are: 1. Determine a threshold for customer profiles based on acceptable risk to the RE; 2. Assess customers based on where they fit against the profile; 3. Provide each customer with a risk rating; and 4. Develop processes for managing customers with different risk ratings that minimise risk to the RE. 16 NOVEMBER 2008 In this approach, outcomes from the first step assume a reason why one customer attribute poses a greater risk than others. As the RE moves through to Step 4, it must demonstrate how processes for managing higher risk ratings directly address reasons for the risk rating in the first place. Example: A reporting entity determines that customers who trade in cash are a higher risk than those who only trade electronically. Why? Customers who trade in significant cash transactions present an increased risk that they may be conducting placement and/or integration activities associated with ML/TF processing. Once the RE makes this determination, it rates customers against assessment criteria to determine if they are dealing in significant cash transactions. What happens next will determine the effectiveness (or otherwise) of the AML/CTF program. The RE must establish appropriate controls for mitigating or managing risk attributes assigned to the customer. In our example, it is not enough to rate customers and then identify when they transact. Possible actions the RE can adopt in this example will vary according to the nature of its business. Whichever approach they choose though, they must be in a position to understand who the customer is and what legitimate business reason requires them to deal in significant cash transactions. ANTI-MONEY LAUNDERING FEATURE 15.7 The transaction monitoring program should have regard to complex, unusual large transactions and unusual patterns of transactions, which have no apparent economic or visible lawful purpose. What does this mean for December 2008? AUSTRAC has provided some direction for December 2008 by outlining components of ongoing customer due diligence. These components are categorised as KYC, monitoring and enhanced customer due diligence; and are actually high-level control processes that REs must address through implementation of their AML/CTF program. Additional KYC controls What do the AML/CTF Rules say? 15.2 An RE must put in place appropriate risk-based systems and controls to determine whether any further KYC information should be collected in respect of customers for ongoing customer due diligence purposes. 15.3 An RE must put in place appropriate risk-based systems and controls to determine whether, and in what circumstances, KYC information should be updated or verified in respect of its customers for ongoing customer due diligence purposes. What does this mean for the RE? Although these rules are similar, they may have a different meaning for a RE depending on the customer. Essentially, the RE must complete risk profiling on all customers to assign a ML/TF risk rating and assess if the available KYC information is appropriate. There will generally be two outcomes from this profiling: 1. Customer KYC information held by the RE is deemed appropriate for the level of risk within a client profile. No further KYC action is required; or 2. The customer profile requires a higher level of KYC information than the RE holds. In this situation, the RE must source additional information to bring it into line with requirements for the customer risk profile. The RE must also verify this new information using due diligence processes as applicable for new customers. In addition, the RE must have in place processes for identifying and managing changes to a customer risk profile. Where a customer changes circumstance, an assessment must be conducted to determine whether this constitutes an increase or decrease in ML/TF risk. Failure to adequately manage changes in customer risk may result in creating ineffective control measures. It may also mean that customers who have reduced ANTI-MONEY LAUNDERING their risk (through moving to a lower risk jurisdiction for instance) are subject to unnecessary controls. What is the business impact of this? Perhaps the greatest impact to a reporting entity is that it must have in place appropriate systems and processes for assessing all customers, including those that had a pre-existing relationship prior to December 2007 obligations. This assessment is truly risk based and does not allow for time-based exemptions. To enable this assessment and generate appropriate risk profiles, the RE must have access to data on ‘grandfathered’ customers. This is a challenge for many REs, as data quality (and in some cases quantity) for pre-December 2007 customers is often less than adequate to complete effective profiling. In this case, the RE may decide to base its assessment on an aggregated view of customers by assessing product, channel and jurisdiction to form a total view of risk exposure. It may also decide to group customers into common profiles and define risk ratings based on common behaviour patterns. Whatever approach is adopted, the RE must be able to demonstrate a link between controls established and the risk of ML/TF activity. Once an RE has established a starting position for customers, it must still ensure it has effective processes and systems in place for assessing changes to customer status and reprofiling based on these changes. Monitoring What do the AML/CTF Rules say? 15.4 A reporting entity must include a transaction monitoring program in Part A of its AML/CTF program. 15.5 The transaction monitoring program must include appropriate risk-based systems and controls to monitor the transactions of customers. 15.6 The transaction monitoring program must have the purpose of identifying, having regard to ML/TF risk, any transaction that appears to be suspicious within the terms of Section 41 of the AML/CTF Act. What does this mean for the RE? KYC controls focus on knowing who the customer is; ML/TF activity however, cannot occur until a customer interacts with a designated service. This means that the RE must also know what the customer does. This is defined as customer behaviour. To track customer behaviour, AUSTRAC has focused on the use of transaction monitoring as a control process. Section 36 of the Act speaks of monitoring customers, and the above rules have narrowed this requirement to monitoring transactions. This appears to be a lesser scope than monitoring customer behaviour, but an RE should remember that a transaction is deemed to be where a customer interacts with a designated service. This definition therefore incorporates almost all activity a customer will be involved in, and when included with effective KYC controls covers many aspects of ML/TF risk. To comply with these control requirements, REs must establish processes and systems to monitor for suspicious transactions with ‘regard to complex, unusual large transactions or unusual patterns of transactions, which have no apparent economic or visible lawful purpose’. To do this, the RE must first have a clear definition of usual behaviour across customer profiles and designated services. Having defined usual behaviour, the RE is then in a position to assess patterns outside this definition and categorise based on an assessment of ML/TF risk. This is the foundation of the risk-based approach. An effective assessment is likely to include a two-stage process, where the behaviour is firstly deemed to be unusual and secondly, the behaviour appears to have no ‘economic or lawful purpose’. It should be noted however that AUSTRAC has suggested in the Regulatory Guide that monitoring is required for all transactions. This is not what AML/CTF Rule 15.5 says, so the RE should look to the application of its risk-based assessment to determine an appropriate response to manage and/or mitigate identified risk. What is the business impact of this? The definition of monitoring is somewhat vague as each RE will have defined its own requirements based on an internal assessment of risk. Monitoring must therefore be seen as an appropriate response to the ML/TF risk identified. It is this linking of risk to a specific NOVEMBER 2008 17 FEATURE monitoring control that forms the difficult task for a reporting entity. For example, an RE identifies that one of its designated services involves high liquidity and is offered mostly to customers with complex structures where beneficial ownership is difficult to verify. Internal assessment assigns this service a high level of ML/TF risk. The RE establishes a monitoring program to define transaction patterns and generates a ‘normal’ behaviour profile. The monitoring program is also able to report on variations to these patterns. For this program to be effective, the RE must demonstrate why a normal behaviour pattern is an acceptable ML/TF risk and why variations may increase this risk beyond defined tolerance levels. Once it has successfully demonstrated that ‘normal v unusual’ patterns are appropriate, the RE must then show how monitoring controls are correctly adjusted to spot variations and initiate additional control or due diligence responses. This scenario can become complicated where a customer has multiple dealings with an RE. The regulator is interested in all customer activities, not simply those related to a specific designated service. This requires some form of aggregated view of customer activity across the RE and extends the monitoring question from ‘what is the customer doing?’ to ‘what else is the customer doing?’. It is difficult to see how any RE with complex business structures and relationships can manage this view of customer activity without some form of electronic monitoring. The information necessary to understand these relationships is generally only available through the study and assessment of aggregated data across customers and designated services from all areas of the RE’s business. Many REs will not have this aggregated or composite view of customers and must therefore determine how to ensure they are capturing all customer activity within their business. In addition, AUSTRAC has been clear that it requires the RE to monitor transactions which occur after 12 December 2008. For an RE that is not compliant by 12 December 2008 the regulator expects that retrospective monitoring of transactions will be included in the monitoring program. Non-compliant REs are then expected to approach the regulator prior to 12 December with a proposal covering the reasons for non-compliance and the impact of this across their business (i.e. what AML/CTF risk this will create). This proposal must also include the steps being taken to reach a compliant state within the 15-month ‘assisted implementation’ period. 18 NOVEMBER 2008 This expectation of retrospective assessment is most likely based on the premise that an RE will establish monitoring controls with a historic view of customer activity (to assist in establishing patterns of behaviour). The ability for the RE to monitor against all transactions from December 2008 should What does this mean for the RE? Where KYC controls focus on who the customer is, and monitoring controls track what the customer does, enhanced customer due diligence draws these together to understand ‘what can we find out about this customer?’. Enhanced customer due diligence is required FOR A REPORTING ENTITY THAT IS NOT COMPLIANT BY 12 DECEMBER 2008 THE REGULATOR EXPECTS THAT RETROSPECTIVE MONITORING OF TRANSACTIONS WILL BE INCLUDED IN THE MONITORING PROGRAM. therefore be built into the design and implementation of the monitoring program. This will be difficult for a RE to do without first pooling customer and transaction data (dating from at least December 2008) and making it available for pattern analysis. Finally, the RE must demonstrate that it has a review process in place to ensure the level of monitoring is appropriate at any given time relative to identified ML/TF risk. New products, new customers and changing behaviour patterns will all require the RE to recalibrate ‘usual’ behaviour so that monitoring is always aligned with changing definitions of risk. Enhanced customer due diligence What do the AML/CTF Rules say? 15.8: A reporting entity must include an enhanced customer due diligence program in Part A of its AML/CTF program. 15.9: The reporting entity must apply the enhanced customer due diligence program when: (1) it determines under its risk-based systems and controls that the ML/TF risk is high; or (2) a suspicion has arisen for the purposes of section 41 of the AML/CTF Act. 15.10: The enhanced customer due diligence program must include appropriate riskbased systems and controls so that, in cases where enhanced customer due diligence is applied, a reporting entity gives consideration to a series of possible actions set out in the rule. where risk assessments and other control processes have established that ML/TF risk is higher than the tolerance level. The important aspect of an enhanced customer due diligence program is that it creates an obligation to identify when risk thresholds are exceeded and then to consider taking certain steps. AUSTRAC guidelines suggest that higher ML/TF risk exists in situations where: • ‘the customer is engaged in business that involves a significant number of cash transactions or amounts of cash; • the customer uses a complex business ownership structure for no apparent commercial or other legitimate reason, especially if the beneficial owners of the legal entity cannot be determined; • the customer is based in, or conducts business through or in a high-risk jurisdiction; • the customer’s source of funds cannot be verified or is difficult to verify; • the customer requests an undue level of secrecy in relation to a designated service; and • the customer is a politically exposed person.’ This guideline means that the regulator reasonably expects an RE to establish processes and systems that detect the existence of higher ML/TF risk. Once this trigger capability is in place, the RE must initiate appropriate actions in accordance with the level of risk. The guidelines suggest that these actions should include seeking further information on the customer, verify or reverify customer KYC information and access additional information from other sources. ANTI-MONEY LAUNDERING FEATURE In addition, the RE should undertake more detailed customer analysis including: • What other business the customer does with the RE? • What other relationships the customer has within the RE (other clients, third parties, etc)? • What past and future activity is associated with the customer? and • What likely controls will be appropriate to manage/mitigate ML/TF risk? What is the business impact of this? Through KYC or monitoring controls, the RE will become aware of an ML/TF risk that exceeds a risk-tolerance threshold. The RE will then commence enhanced customer due diligence to access more detailed information. A valid ECDD program will therefore need to have: • processes for identifying when risk threshold is exceeded; • processes in place to source additional information; • access to an aggregated view of customers within the RE (where they came from, who else they do business with, what else they do within the RE); • processes for managing the flow of information with approvals and ‘gating’ (case management); and • processes for managing the records for each ECDD so that a customer history is maintained. As with other controls, this program needs to be linked to the risk being addressed. For example, if ECDD processes are initiated because a customer has a complex business ownership making transparency of beneficial ownership difficult, then the ECDD process must directly address this issue. Finally, the availability of adequate information on pre-existing customers is likely to cause concern for reporting entities as they increase their level of scrutiny. An effective ECDD process may first require the collection and verification of additional KYC details (as discussed above) prior to the conduct of further analysis and investigation. The overall process may therefore include a quality check on available information before other activities can be commenced. Controlling business as usual The final stage of a business as usual life-cycle for AML/CTF controls must link the operation of the control to the reporting requirement of the regulator. Once risk controls have identified increased ML/TF ANTI-MONEY LAUNDERING risk, a process is needed to determine if this unusual activity is in fact a suspect matter. If the customer or their behaviour is deemed to be a ‘suspect matter’ (as defined under Section 41 of the Act) then the RE must lodge the SMR with appropriate information and within the required time. It should be noted that there is a difference between identifying unusual activity and lodging an SMR. Many organisations will have unusual circumstances surrounding their customers. Some of these will satisfactorily pass additional scrutiny under the ECDD program and some will not. It is not until the RE has tried to resolve the unusual nature of the customer or activity that matters can be deemed to be ‘suspicious’ and must be reported. Regulatory controls The December 2008 Obligations also include IFTI and threshold reporting requirements. In simple terms, these are industry controls that the regulator has passed on to reporting entities. In many ways this is a monitoring program conducted by the regulator at the higher end of the industry spectrum. It also represents data generation used for analytical purposes and to assess potential risk across the industry. Threshold transaction reporting What does the AML/CTF Act say? All transactions which involve $10,000 or more in cash must be reported within 10 business days of the transaction taking place. What does this mean for the RE? A reporting entity that handles cash must have a process to detect transactions of $10,000 or more in cash, and complete and lodge the required reports. Reporting entities should also consider having processes that look for customers trying to structure cash transactions to avoid being reported. Where an anti-structuring control is established, the RE may also vary the threshold search parameters according to observed behaviour patterns within its customer base. However, if the cash goes into the RE’s bank account (it not being a bank) then the bank reports this, not the RE. The problem for an RE is that if it is consistently being reported as receiving above-threshold transactions, but the RE is not monitoring these for suspicion, then its monitoring program might be seen as ineffective. AUSTRAC monitors across all threshold transactions and so is aware of which customers are dealing in cash. IFTI reporting What does the AML/CTF Act say? All inbound and outbound international transactions undertaken by banks, ADIs, credit unions and building societies irrespective of value must be reported within 10 business days of the transaction taking place. What does this mean for the RE? This responsibility continues obligations under the FTRA. To make this regulatory control effective, reporting entities should consider having processes that look for customers sending transactions overseas or receiving funds from overseas. Where a RE instructs a bank to send/receive money to/from overseas, the IFTI report is lodged by the bank. These transactions however should still be scrutinised by the RE to determine if they are unusual or suspicious in some way. Failure to do this may mean that their monitoring program is deemed ineffective. The final word The purpose of AML/CTF controls is to identify, mitigate and/or manage the risk of ML/TF activity though the provision of a designated service. To demonstrate control effectiveness a reporting entity must establish a link between risks identified and actions taken to control risk. These actions must be both appropriate and effective to the specifics of the risk. Reporting entities must also recognise that control-based obligations for December 2008 include ‘precommencement’ customers. The requirement to rate these customers for ML/TF risk and assign appropriate controls means that the RE must have access to appropriate information to make the assessment. This can create a problem for many reporting entities where they may need to engage with the customer to source additional information. This problem should not be underestimated, as the administrative costs and potential relationship impact will require careful consideration. Lastly, a RE must deliver effective ongoing customer due diligence controls, including monitoring of customer behavior, from 12 December 2008. Where a RE is non-compliant with this obligation, they must design their program to retrospectively implement these controls and submit a proposal to AUSTRAC outlining their status, the reasons and impact for this, and details of their program to achieve full compliance within the assisted implementation period (i.e. by March 2010). ■ NOVEMBER 2008 19 Detect Inspect Resolve TM TransWatch T rrans sWatch introducing the t smart rt way ay to t protec protect ct yourself yourse elf and your ass assets sets TransWatch™ is a rule-based financial crime solution for detecting, investigating and resolving suspicious activities as part of a firm’s AML process. Key Benefits include: 6DYHWLPHDQGUHVRXUFHVZLWKDXWRPDWHGNH\ WDVNVDQGOLPLWHGPDQXDOLQWHUYHQWLRQ )XOO\VFDOHDEOHZLWKWKHDELOLW\WRPRQLWRUIURPD IHZWKRXVDQGXSWRPLOOLRQVRIDFFRXQWVHDFKGD\ &RQWDFWFOLHQWVXSSRUW#FRPSOLQHWFRPIRUPRUH LQIRUPDWLRQDERXWPRQLWRULQJWUDQVDFWLRQVZLWK &RPSOLQHW¶V7UDQV:DWFKVROXWLRQ US 5DSLGGHSOR\PHQWDQGFXVWRPL]DWLRQZLWKRYHU SUHEXLOWDQGSUHWHVWHGGHWHFWLRQUXOHV SURYLGHGDVVWDQGDUG UK '\QDPLFDQGLQWXLWLYHZRUNÀRZDOORZVIXOO FRQWUROWRUHVWZLWKWKHFRPSOLDQFHWHDP WKURXJKRXWWKHLQYHVWLJDWLRQSURFHVV UAE 3RZHUIXOUHSRUWLQJWKDWGHOLYHUVFULWLFDOLQIRUPD WLRQRQFXVWRPHUDFFRXQWVTXLFNO\DQGHDVLO\ WKURXJKSUHEXLOWUHSRUWV Australia COMPLINET COLUMN LONDON CALLING Profile of a modern terrorist financier By Chris Hamblin COMPLINET T HE AGE OF NAIVETY among terrorist financiers in the Western world is drawing to a close, as evidenced by the meteoric career of one UK-based online fraudster. The case points towards the types of terrorist financing cases that we will inevitably see more of — in the UK, US, Australia and beyond. Most money laundering reporting officers are already aware that terrorists are becoming dab-hands at mortgage fraud and even VAT ‘carousel’ frauds; this case offers proof that a new generation of terrorist financiers is learning to earn and disguise its blood money online. A band of brothers Mirsad Bektasevic, a 19-year-old Swede of Bosnian origin, and Abdul Cesur, a 21-yearold Dane of Turkish heritage, were a pair of untrained conspirators who wanted to do their bit for the Jihad in Scandinavia. They came to the attention of British authorities purely because they established contact with people who the authorities were already watching. As far as is known, Bektasevic and Cesur had no direct command structure or superiors or even affiliations with organised terrorists — they merely wanted to ‘set up Al Qaeda in Europe’. Bektasevic’s mother told the press how her son had been radicalised at the local mosque: ‘He was not religious before. Some people frightened him and talked to him about Hell, and told him he would be tortured in Hell if he did not believe.’ They set up a cell in Scandinavia, which raised funds, but they were short of explosives. Somebody suggested that they should go abroad and buy them. The pair duly arrived in Bosnia, which straddles a gun-running route, three weeks before their arrest on October 23, 2005. When arrested, they were living in a suburb of Sarajevo and in possession of suicide vests, about 65lb of high explosive, a training video 20 NOVEMBER 2008 showing them how to use ball-bearings, exploding bullets and a machine pistol. The radicalised fraudster This story is unusual because of Tariq Al Daour. Bektasevic, using the pseudonym of Maximus, was linked to three men in the London area and Al Daour was one of them. This 21-year-old biochemistry student eventually pleaded guilty to a charge of using the internet to incite murder, which is now illegal even if the perpetrator mentions no targets by name. More importantly, he ended up being convicted of receiving money and assets while knowing that they may be used for terrorism. At Al Daour’s house the police found a pile of computer material. He was a loner, meeting people, including Bektasevic and Cesur, online. Indeed, Al Daour never actually met his partners in crime. They came together online and communicated by internet telephony. Al Daour encoded their correspondence with Pretty Good Privacy encryption software. Al Daour was downloading extremist material, but was also perpetrating large amounts of fraud in sophisticated ways. He was the first British example of a criminal who had been radicalised by Islamic ideology. He was a member of Shadow Crew, a forum for fraudsters. Entrants had to prove their fraudulent credentials before they could join. Al Daour took fraud master-classes in various chatrooms and paid £75 for batches of compromised British card details. In the end, he had the details of 37,000 compromised cards. How he earned money for terrorists Al Daour earnt about £1.6 million in fraudulent trades without leaving home. There are 74 known Jihadist websites and on these he met terrorists in need of funding, both for atrocities and for training camp equipment. He bought 262 mobile telephone payments and 194 flight tickets. He routed money through 21 countries — a process that typically took him 24 hours whenever he did it. He used e-gold (virtual bullion which comes out the other end in cash). A policeman told Complinet: ‘He used online gaming. Trying to trace that money through all those jurisdictions is virtually impossible. He used online websites not just as a revenue stream but to launder the money. He did take a 50-50 chance on bets. Actually he won more than most people. He used compromised card details to join all the players around the poker table. He couldn’t lose! ‘Now he’s spending 19 years in Belmarsh [Prison] with about 72 terrorists telling them all how he did it. This is high yield, it is low risk. He was using all sorts of electronic devices. We traced him through Bektasevic, luckily. The big problem is websites in different countries. We currently have about 50 operations running and we really could do with greater international co-operation. ‘The Financial Action Task Force talk about terrorist finance in very generic terms. They’re preparing a set of case studies. Their publications are fairly bland and anodyne and they don’t have anyone trying to model what the risk is.’ British authorities are good at the traditional methods of waylaying terrorists — using surveillance and debriefing arrested suspects. Al Daour gave them their first experience with online crime as a means of terrorist finance. The UK’s anti-terrorist police look at only 90 or 100 suspicious transaction reports a year and do not have the resources to winnow through the whole galaxy of STRs. It must always be true, however, that well-researched and well-aimed STRs can make a real difference to at least some of their efforts. ■ ANTI-MONEY LAUNDERING FEATURE Be careful out there – there’s fraud and corruption everywhere The Cambridge International Symposium on Economic Crime is held at Jesus College in Cambridge (UK) and is in its 26th year. It is a vehicle for promoting, at an international level, the real and practical issues involved in preventing and controlling economic crime, corruption and abuse. Economic crime and corruption are of course predicate crimes to money laundering. The Symposium seeks to involve speakers and panellists with practical knowledge and experience from around the world to share their expertise and act as catalysts to promote awareness and discussion at all levels. The theme of the 2008 Symposium was ‘Banking on Trouble’ and at the time of writing, the more appropriate title might have been, in hindsight, ‘ Banking in Trouble’. AFMA Anti Money Laundering Magazine’s editor, Joy Geary, was invited to speak at this year’s Symposium which was held between 31 August and 7 September. This article is the first of two parts focusing on developments in the risk-based approach. You can obtain more information about the Symposium, which is held annually, by visiting the website www.crimesymposium.org. ANTI-MONEY LAUNDERING Developments in the risk-based approach T HE SYMPOSIUM focuses on economic crime. This year the attendees were predominantly law enforcement, regulators (financial intelligence units and central banks), academics and government. Surprisingly few financial institutions were represented, a sign of the times for the finance sector even at the end of August 2008, before the extraordinary events of October 2008. The most substantive development in the anti-money laundering/counter terrorism financing (AML/CTF) risk-based approach is always going to be in the area of the risk itself – emerging crimes, old crimes dressing themselves up in new clothing, forgotten crimes and the trends towards globalisation of crime. Indeed it was refreshing to hear very little about the regulatory side of the risk-based approach, such as know your customer, ongoing customer due diligence or monitoring in the six days of the Symposium. Each day comprised of an introductory session (two to three speakers) then three or four panels each sitting for two hours with eight or so speakers each speaking for 15 minutes. Workshops were held on two of the six days late in the afternoons in place of panel sessions. Several sessions were run simultaneously but most of the time, all attendees were present in the main marquee, often to the tune of torrential rain. ■ 7.3 per cent of the UK population has experienced fraud. Individuals have experienced fraud to the estimated value of £2.75 billion per annum. Businesses and organisations have experienced fraud to the estimated value of £1 billion per annum. The UK Government spends £13.9 billion on dealing with fraud annually. One of the top three areas for concern for the Serious and Organised Crime Agency in the UK is fraud perpetrated on financial institutions. NOVEMBER 2008 21 FEATURE In this article on developments in the risk-based approach we look at what speakers said about: • Corruption, fraud and money laundering • Politically exposed persons • Employees Corruption, fraud and money laundering The underlying theme of the conference emerged as one of fraud and corruption. On a broad view of corruption, it is either just a version of fraud, or it is inextricably linked to the commission of fraud and money laundering.1 Interestingly, corruption was used by speakers to characterise the behaviour of There was some discussion around the accountability of those that do the corrupting as well as those who are corrupted. It has not always been the case that both sides to an act of corruption have been held equally accountable. Many references were made to the Government inquiry into the BAE/Saudi Arabian corruption case which was shut down by the Blair Government in December 2006. A court challenge ensued which led to a House of Lords decision upholding the decision to suspend the enquiry because of the threat to public safety in the UK were the Saudis to follow through with a threat to withdraw cooperation in vital anti-terrorism intelligence processes. Other examples were provided of cases where pursuit of alleged corruption failed in the face of greater political and social pressures. And finally, there was a certain cynicism about asset recovery actions that returned corrupt funds to a corrupt government. Some markets such as tobacco or gambling were described as “criminal-geneic” – i.e. their nature invited the involvement of organised crime and corruption. Argentina described a version of corruption that it has with insurance fraud. Groups of lawyers, doctors and organised criminals collude to injure people, treat them, advise them, recover from the insurance company and share the proceeds, presumably also with the injured person. This phenomenon is called “bone breaking” and accounts for perhaps 20 per cent of insurance claims for personal injury in Argentina. In India, 30 per cent of families have to pay bribes to get water connected and to keep it connected. These numbers supported the view stated by one speaker that corruption causes and institutionalises poverty. Politically exposed persons IN INDIA, 30 PER CENT OF FAMILIES HAVE TO PAY BRIBES TO GET WATER CONNECTED AND TO KEEP IT CONNECTED. insiders (‘in-service criminals’) who facilitated the perpetration of fraud or money laundering. Such persons might be bank employees, they might be those who issue passports, provide authentication or identification services, are involved in procurement processes for government departments or large companies or who provide information technology services. There is no limit to the range of possibilities of insiders who are in a position to be corrupted and facilitate the commission of fraud or money laundering. Thus a client relationship manager that colludes with a client to submit a completed client acceptance procedure despite the fact that the client cannot meet the requirements of the procedure could be regarded, among other things, as corrupt. The example of the current charges against former South African Deputy President Jacob Zuma in South Africa threw up the real pressures that a small FIU might face when in possession of suspicious matter reports about an act of corruption by a political leader in a heavily charged political environment. It was observed that, in the commercial world, the cost of the penalty if corruption is detected is often less than the profit made from the opportunity and usually less than the loss sustained if the opportunity is not secured. Corruption is often factored into the price which multiplies the crime being perpetrated. Scandals were seen as having short life spans for corporations, thus they think they can afford the reputational risk. One thing was universally clear amongst attendees – it was not regarded as reasonable to rely on a client’s assertion as to their politically exposed persons (PEP) status without making other checks. This view was generally shared by most speakers who dealt with PEPs as their topic and is relevant to the PEP identification practices developing in the Australian AML/CTF arena. As would be expected, there was much discussion around the vexed question of the definition of a PEP. A strong, and perhaps controversial view, was put forward by Hans Peter Bauer, from Switzerland (former head of regulatory relations at UBS) who opened his presentation by suggesting that PEP risk should be looked at from a perspective of materiality. By this he meant that financial institutions should be concentrating on those who are in a position to defraud significant amounts of money such as Marcos, Suharto and Abacha. Dr Bauer presented a simple table based on 200 countries with two leaders, 20 cabinet members, 200 members of parliament and 200 family members and associates per PEP producing 444,400 names. He used this table to support his view that the fight against corrupt PEPs was being diluted by the breadth of what is being treated as a PEP. He appeared to be suggesting that the definition 1 Wikipedia defines ‘corruption’ as a general concept describing any organised, interdependent system in which part of the system is either not performing duties it was originally intended to, or performing them in an improper way, to the detriment of the system’s original purpose. The Corruptions Perceptions Index defines corruption for the purposes of the Index as ‘as the abuse of public office for private gain’. 2 Wikipedia defines the yellow press as ‘journalism that downplays legitimate news in favor of eye-catching headlines that sell more newspapers. It may feature exaggerations of news events, scandal-mongering, sensationalism, or unprofessional practices by news media organisations or journalists’. 22 NOVEMBER 2008 ANTI-MONEY LAUNDERING FEATURE should not include associates and family members, although a risk-based approach would potentially lead a financial institution to want to do background checks to look for associations between names in client databases and PEPs. One controversial part of his discussion was a suggestion that a critical characteristic of a PEP was the ability to move money. However, many PEPs have no direct access to money but are able to influence decisions that deliver favour to those who are corrupting them. There was no common agreement on the principle ‘Once a PEP, always a PEP’ although there was general consensus that domestic PEPs are as important to identify and manage as overseas PEPs. Dr Bauer proposed that management of PEP risk requires: • A single global definition of what a PEP is; • This definition should include domestic and overseas PEPs; • Each country should be required to provide a current list of their PEPs so that all countries could incorporate these lists into their risk-based approach. Thomas Spies, formerly Global Head of AML/CTF at Deustche Bank and now with KPMG, stressed the importance of monitoring the yellow press 2 for references to clients, including those who are PEPs. Negative media screening is a common tool in private and investment banking, and is clearly relevant to those with clients who are PEPs or controllers of listed corporations. The World Bank suggested similar steps to manage corruption in the context of PEPs: • A self-disclosure requirement to be imposed on PEPs by law; • PEP information to be made publicly available by governments. Employees and third parties Consistent with the focus on the link between corruption, the commission of economic crimes and money laundering, employee risk was the subject of many presentations. Internal agents were seen as in-service criminals (employees) and data was quoted that 20 per cent of employees involved in fraud or other corrupt behaviour were re-employed in the same industry. It is estimated that 35 per cent of all fraud is committed by in-service criminals. In-service criminals were not seen as having a particular profile – they could be any age, either gender and have one or more of many motives. Sometimes they were the subject of threats by others, internal or external to the organisation. Those making threats were often immediate managers and supervisors. In-service criminals may be simply providing data for use in ID frauds, or assisting with account takeovers (by changing names, addresses and telephone numbers of existing accounts) or involved at a more complex level (property valuation fraud for mortgages). The key weaknesses in management of employee risk were threefold: • High turnover of staff (25 per cent plus per annum in the UK financial services sector); Reduce the motive CIFAS is a not for profit organisation that services five sectors (asset financing, banks, mortgage providers, card merchants and telecommunications). It is the world’s largest data sharing scheme and it shares data about employees who have been engaged in lying on applications, false disclosure regarding previous positions, frauds, falsifying records, disclosure of commercial data and theft or deception. Data is only recorded about a person if it is factual, accurate, shows clear evidence of wrongdoing and the CIFAS member making the report must be willing to go to the police. Similar schemes have been set up in South Africa and Germany. For further information visit www.cifas.org.uk • Poor recruitment and vetting procedures (because of the recurring cost through high staff turnover); • Poor supervision of controls over employees. Frequent use of a four-eyes procedure for key tasks was cited as a good example of a strong supervisory control against the risk of in-service criminals. Rotating the second pair of eyes is a key element of a strong control because of the tendency for lower level employees to be subject to threats from managers and supervisors. Law enforcement recommended the following approach to management of employee risk: (see below) Create a strong positive culture which makes your business a preferred place to work to reduce the chance that employees want to defraud the business. This might address a range of benefits going beyond salary and bonuses. Vet and revet staff regularly against available databases associated with criminal events and employees of financial institutions. Conduct regular credit checks against employees to match credit obligations against salary. This may give rise to privacy consent requirements and does not cover credit obligations of family members. Reduce the opportunity Reduce the opportunity for employee fraud by strong supervision (e.g. four-eyes procedures) and effective authority levels for expenditure and approvals. Use strong reporting systems to monitor completion of procedures using peer profiling. Reduce the rationale Provide good education to staff about the costs of employee fraud and the reasons for controls. Provide clear and unambiguous rules about consequences. Establish an effective whistleblower process which employees feel safe to use. ANTI-MONEY LAUNDERING NOVEMBER 2008 23 FEATURE The chief executive of CIFAS (Ann Sheady) recounted a story of a woman who ran a reference service for anyone who care to choose to pay her, operating a bank of telephone numbers, ready and willing to provide cover for people alleging they were employed by XYZ company in the financial services sector. Interestingly enough, despite the extensive use of her service over a number of years, she was never called by a prospective employer. The mortgage fraud stories from the US presenters recorded widespread trends of lenders failing to perform any due diligence on those providing them with services, for example, mortgage brokers. A telling photograph was the valuation report provided for a property containing a photo of a house taken from the street. Subsequent investigation on default showed that the entire back of the house was missing and all that had existed at the time finance was provided was the front wall (as shown in the photograph supplied with the substandard valuation provided through the broker). Stories from the New York prosecutors present about scanning devices attached to computers brought to mind the necessity to consider vetting cleaning contractors and their staff. It is easy for cleaners and other subcontracted staff with out of hours access to business premises to attach devices to seldom moved computer equipment at the request of others who may be threatening them or rewarding them. An example of poor due diligence was a power of attorney provided in Spanish which, on translation by law enforcement well after the fraud had been perpetrated, proved to be nothing more than a shopping list. Employees in the mass media, printing firms, accounting firms and investment banks were seen as high risk for insider trading crimes. On several occasions during the Symposium the UK FSA made very clear that insider trading and market abuse will no longer be tolerated in London. These crimes have been made the current priority of the FSA and London financial institutions can expect to see the full force of criminal, civil and regulatory powers in play over the coming months. And on a twist to employee risk, bonus schemes came under broad attack. The manner of calculation of bonuses was regarded as encouraging senior management to engage in fraud through various reporting devices which massaged results and thus 24 NOVEMBER 2008 ONE EMINENT SPEAKER SUGGESTED THAT DESPITE WHAT HE REGARDED AS THE FALLING ETHICAL STANDARDS OF THOSE THAT MANAGE GLOBAL FINANCIAL INSTITUTIONS, REGULATORS HAVE LITTLE CHOICE BUT TO HELP THESE “BEHEMOTHS” BECOME MORE PRUDENT. their bonuses. It was asserted that the mispricing of certain products by one global financial institution which lead to a £5.6 million fine from the FSA occurred primarily to protect bonuses of certain senior employees. Rogue traders in its investment banking division deliberately mispriced the asset-backed securities. The consensus from a number of speakers was around the need for correction of weaknesses in compensation schemes to make them more aligned with the long term interests of shareholders and the profitability of the enterprise and to reduce the opportunity for fraud. One eminent speaker suggested that despite what he regarded as the falling ethical standards of those that manage global financial institutions, regulators have little choice but to help these “behemoths” become more prudent. He went on to suggest that these types of organisations should behave in a way that makes them too good to fail since the consequences to the economies they operate in are massive when they do fail. There was little dissent to this proposition among Symposium attendees. The government support provided across the globe to major financial institutions in the first half of October and the merger of a number of global organisations brings to life these issues. Summary Fraud on financial institutions is the focus overseas in the UK, Europe, Asia and the US. It is a predicate crime for money laundering in Australia. Financial institutions may be one of or both innocent and active participants in the chain of activity that completes the fraud and then the subsequent money laundering. In-service criminals are a key risk either as the perpetrator of the fraud or as a corrupted party facilitating the path for the fraudster. Reasonable controls for employee risk have to go well beyond screening new employees at the time of hire. These days they include bonus schemes that do not encourage manipulation of results for private gain. Financial institutions can mitigate employee risk through strengthening a range of controls, including AML/CTF controls. Part II of developments in the risk-based approach Part II of this article will appear in the December issue of the magazine and will look at what speakers said about: • Offshore financial centres and the UAE Free Zones • Informal payment systems and money services businesses • The bank as a victim of economic crimes. ■ ANTI-MONEY LAUNDERING COLUMN NEW YORK NEW YORK Prosecutors taking a swipe at prepaid debit cards In recent weeks there has been a surge in the number of federal court cases involving defendants who relied on network-branded prepaid debit cards to execute credit card fraud schemes and launder the proceeds. T HESE CASES CHALLENGE the prevailing notion that drug-money laundrymen pose the greatest threat to prepaid card systems. They also indicate that transactions involving the use of credit cards to fund and recharge prepaid cards might help money launderers and terrorist financiers to an even greater extent than recharge transactions involving cash. To take a recent example, Rhoan McCalla, 25, of Maryland in the US, pleaded guilty to ‘conspiracy to commit access fraud’. He started off using cash to buy people’s social security numbers and other personal data from an employee of a medical clinic, according to his federal plea agreement. Taking a brand name in vain McCalla passed the data to accomplices who used it to obtain credit cards fraudulently in the names of the people whose identifying details had been stolen, according to a superseding indictment. McCalla and his partners in crime then used the credit cards to buy MasterCard-branded prepaid debit cards from a local convenience store. How the money flowed Other conspirators registered and activated the prepaid debit cards using stolen identities and used the fraudulently obtained credit cards to fund them. Once the conspirators had transferred thousands of dollars in illicit ANTI-MONEY LAUNDERING credit card funds to the prepaid cards, they took them to ATMs and withdrew the funds as cash. As the scheme wore on, McCalla even gave the medical clinic employee a prepaid card to facilitate his payment of bribes for additional data. All told, losses totalled more than $US580,000. In another recent case, an Oregon man was sentenced to more than three years in prison after pleading guilty to social security fraud and money laundering charges. Behcet Alkis, 45, used six false identities to obtain 183 credit cards and bilk issuers out of more By Brett Wolf COMPLINET prepaid cards as useful tools with which to ply their trade and launder the proceeds. When one considers that terrorists are known to rely on credit card fraud schemes to fund their operations, the dire nature of this global threat becomes even more apparent. Anti-money laundering personnel at banks that have issued, or plan to issue, networkbranded prepaid debit cards would be wise to keep this in mind. That said, prepaid card anti-money laundering systems are designed to detect efforts to launder money from illicit drug sales and other dirty cash. Unfortunately, prepaid card experts have said that nobody has yet produced a reliable list of ‘red flags’ to help financial institutions detect transactions aimed at layering the electronic proceeds of credit card fraud. The Financial Crimes Enforcement Network — which has not issued a single advisory to expose the ways UNFORTUNATELY, PREPAID CARD EXPERTS HAVE SAID THAT NOBODY HAS YET PRODUCED A RELIABLE LIST OF ‘RED FLAGS’ TO HELP FINANCIAL INSTITUTIONS DETECT TRANSACTIONS AIMED AT LAYERING THE ELECTRONIC PROCEEDS OF CREDIT CARD FRAUD. than $US800,000. He also transferred the credit card funds to network-branded prepaid debit cards in order to launder and cash-out his ill-gotten gains. Ultimately, he deposited the money into bank accounts — that he used stolen identities to open — and wired it to his relatives in Turkey. A troubling trend These cases clearly demonstrate that credit card fraudsters, who bilk financial institutions out of billions of dollars each year, view laundrymen are abusing prepaid cards — must assume a leadership role if this insidious threat is to be contained. FinCEN might start by unpacking and analysing the prepaid card-related suspicious activity reports made by issuing banks and prepaid processors. Of late, the latter have improved the quantity and quality of the SARs they produce, according to sources. FinCEN ought to dedicate itself to this kind of vital analytical work rather than focusing its limited resources on the rote regurgitation of Bank Secrecy Act data. ■ NOVEMBER 2008 25 FEATURE Monitoring in securities trading firms made easier By Jun Claravell Please note that the opinions expressed in this article are those of the author and do not necessarily reflect those of the author’s previous or current employers. I N THIS ARTICLE, I would like to share some techniques, methodologies and strategies in anti-money laundering (AML) monitoring which may help provide reporting entities in the securities trading business with some ideas to consider as part of their preparation for the December 2008 Rules on ongoing customer due diligence. The central theme of this article revolves around three key points. 1. AML monitoring is an integral part of a strong AML compliance chain. All securities trading businesses need to conduct monitoring. 2. AML monitoring is more than just transaction monitoring. Some of the most effective monitoring procedures have nothing to do with looking at a client’s transaction activity. 3. Transaction monitoring does have its place, and securities trading businesses, or any other business that involves the movement of cash, securities and other financial assets in large volumes, have to take a risk-based approach to this process. Why is AML monitoring important? • AML monitoring addresses regulatory requirements and expectations. This is probably one of the main reasons why some reporting entities feel compelled to have one in the first place, but it is not necessarily the best reason. 26 NOVEMBER 2008 • AML monitoring serves as an early warning mechanism to spot money laundering red flags. It is more preferable that you spot an issue first and file a suspicious matter report to AUSTRAC rather than AUSTRAC informing you that there is a money laundering or terrorist financing issue with your client. The latter will lead to regulatory pressures and perhaps unwanted publicity causing reputational damage. What is end-to-end AML monitoring? End-to-end AML monitoring is the process of identifying and implementing the appropriate level of AML monitoring of client activity (not just transactions) in each of the three stages of a client life cycle (client take-on, ongoing relationship, client off-boarding) with the aim of reducing money laundering risk to an acceptable level. Stage 1 – Client take-on It’s at this point that financial institutions try to make it difficult for undesirables to get their foot in the door. Experienced AML professionals will agree that it is far preferable and relatively easier and less painful to apply the controls at this stage than to try and look for the undesirables once they’re inside and then have to weed them out. It is at stage 1 where financial institutions, from a business point of view, prospect and hopefully sell products and services to clients. AML monitoring starts at this stage. Remember, one of the objectives of AML monitoring is to spot ML red flags which act as early warning mechanisms during client acceptance. Examples of red flags at client acceptance are: • • • • • • material negative information about the client; behavioural red flags such as a client’s reluctance to co-operate in the know your customer (KYC) process; a client asking probing questions around record keeping and regulatory requirements, perhaps with the intent to avoid them; inconsistencies between what the customer says and what their documentation shows; the appearance of a client’s name on a sanctions list (such as DFAT, OFAC, or UNSC); or a client cannot or does not want to provide evidence of its source(s) of wealth. The key AML controls that can be applied at this stage include client identification and verification procedures, suspension of the account-opening process, tagging clients for targeted transaction surveillance, special KYC reviews, additional background checks on the client, and other enhanced due diligence procedures. Giving training to staff involved in customer acceptance is key to successful detection of these red flags. Staff in these roles are the gatekeepers at the door of the business. They need to be trained on what to look out for in this first stage of the client life cycle. Stage 2 – ongoing client relationship The client relationship begins on client acceptance with the first trade/transaction/ investment and, depending on the nature of ANTI-MONEY LAUNDERING FEATURE the product or service, is usually followed by ongoing trading or transaction activity. In this stage the source of funds that is funding the client’s activity is one of the cornerstones of AML monitoring. Where are the funds coming from, who is paying those funds into the account, which banks are being used to transmit and receive funds from the account, from which jurisdictions are the payments moving to and from, are there third parties involved in sending or receiving money to the client’s account? This information is readily available in payment messages and should be analysed against the client information and activity. Material negative information is likely to be important to monitoring of clients. ‘Material’ means information which is relevant to its financial dealings or circumstances such as allegations of fraud, money laundering, corruption, etc. Material negative information is available through a number of third-party databases, or even simple Google searches may help you perform this monitoring activity. The most efficient mechanism is to set up automated searches conducted on a periodic basis against nominated names. If the client has a trading relationship, look for unusual activity such as trading that consistently deviates from expected/logical trends or trading activity that simulates known layering techniques such as wash trades, cancels and corrections, and money-losing trades. Training again is important. Sales traders, for example, are in a better position to spot whether trading activity looks suspicious or not because (1) they own the relationship and therefore must presumably know their client and the client’s trading history better than anyone else in the business and (2) they know the market and what drives trading activity better than an AML compliance officer could. In training, people in these types of roles must be reminded that they have an obligation to report anything that they find unusual or suspicious and that there are serious consequences if they do not meet these obligations. In some countries those obligations involve criminal offences if not met. It is vital to have clear policies and procedures around third party payments. Depending on the nature of the product or service provided, staff must understand that in businesses like securities trading for example, third party payments should not be allowed except in limited and controlled circumstances. Substantial AML risk is assumed when money is paid to a person or entity that is not the client and that has not been subject to KYC checks. At the very minimum when permitting third party payments, consider performing background checks and sanctions checks on that third party. Another control is ongoing KYC reviews, or KYC reprofiling. The objective is to ensure that the information held about clients is up to date, valid and complete. Particular focus should be on changes that may have occurred in beneficial ownership and control of the client. The frequency of KYC reviews should be aligned to the risk rating assigned to a client (for example, yearly reviews for high risk, three-year reviews for medium, five-year reviews for low). Finally there’s transaction monitoring, which is usually automated in businesses that are involved in reasonable volumes of transactions and trades. Transaction monitoring must be driven primarily by overall money laundering risk and targeted only at certain client types and transaction types. This is important, and the illustration below helps explain this by showing the relationship between trading volume and AML risk. (See figure 1). The overused term ‘risk-based approach’ actually makes sense in the context of AML transaction monitoring. The illustration helps prove this point. In my estimation, and based on my experience, 95 per cent or more of the trades that are monitored come from low and medium-risk clients while only 5 per cent or less come from those of concern (the high-risk clients). This ratio means that all of the time and resources available to do transaction surveillance can first be focused on that high-risk 5 per cent. FIGURE 1 – Stage 2 : Ongoing client relationship ANTI-MONEY LAUNDERING NOVEMBER 2008 27 FEATURE Prioritising or weighting alerts means that more attention should first be paid to the 50 alerts that come from trades of a client who is senior government official from an overseas country known for corruption, and less attention should be paid to 950 AML alerts coming from a highly regulated client. This next illustration focuses on the transactions themselves in a securities trading context. What transactions must be fed into the surveillance system, which areas should AML transaction surveillance efforts be focused on and, lastly, what sort of unusual activities must be monitored for? (See figure 2). First of all, for investment banks, transaction monitoring only makes sense for trading businesses such as equities and fixed income. There is no ongoing transaction activity to monitor in the context of other investment banking services such as financial advisory engagements. Certain types of trades must be excluded in order to reduce the noise level in reports. Proprietary trading is a good example. Monitoring proprietary trading activity from a straight market’s compliance standpoint makes sense (i.e. when you are trying to look for possible front running, insider trading and the like) but does not make sense from an AML standpoint. This is because it’s MATERIAL NEGATIVE INFORMATION IS LIKELY TO BE IMPORTANT TO MONITORING OF CLIENTS. the firm’s own capital that is being used to fund the trades hence there should not be any AML issues, unless of course the firm derives its funding from predicate crimes, in which case there is a much bigger problem to be managed. Hedging trades is another good example of what to exclude from monitoring. If you are able to identify particular trading desks or traders in your firm who do purely hedging trades, then you should consider excluding their trades from the population of trades to be monitored. Hedging trades are essentially offsetting trades in a related security, such as an option. The transaction that created the original position, not the hedge, is the one that is client driven and therefore should be monitored. Trades by low risk, highly regulated entities can also be excluded. In my experience this was more than 95% of the total population. If you are not comfortable excluding them entirely from the surveillance population, then leave them there, but find a way to somehow get them tagged in the system as low risk, so that they can be prioritised accordingly and higher risk alerts reviewed in more detail. FIGURE 2 – Stage 2 : Ongoing client relationship 28 NOVEMBER 2008 ANTI-MONEY LAUNDERING FEATURE After these exclusions, the remaining trades and alerts should be those that come from medium and high-risk clients, and those clients who have been targeted for special monitoring. Focus all your time and resources looking at high-risk alerts first. Do not look at medium risk alerts until there has been a thorough investigation of all the high-risk ones. The fact is, there will never have enough time to look at every alert so make sure that you look at the most important alerts in the most detail. What types of unusual activities should be looked for in a securities trading context? Here are three suggestions: 1. Wash trading – look for sell trades with corresponding buy trades executed in the same account for the same instrument within a three-day period, usually at the same or a higher price. Your focus is on non-economic activity (meaning, shortterm trading profitability does not appear to be an issue for the client); 2. Cancels and corrects – look for specific patterns of cancellations and corrections of key attributes of a transaction (such as price, volume, trading conditions and settlement instructions). Typical patterns that should be detected include a large number of cancellations and corrections for one client, one account or one trader and last minute changes to standard settlement instructions (particularly if it results in a third party payment); and 3. Money losing trades – monitor the top 10 clients (or whatever number you think is appropriate), who consistently have the greatest realised loss based on monthly transactions. Remember money launderers are generally more interested in cleaning the money than they are in making a profit while in the process of cleaning the money (although this is starting to change according to some studies). But assuming this is still the case; a money launderer generally will not care much about losing say up to 40 per cent of the criminal proceeds if it means that the remaining 60 per cent is guaranteed to be successfully washed. Here are some practical tips on how to keep on top of your AML transaction monitoring program. 1. Review the coverage of the monitoring program – make sure it is comprehensive (are you capturing all the relevant transactions that need to be monitored?); 2. Review the methodology and approach – make sure they are adjusted to the ANTI-MONEY LAUNDERING 3. 4. changing risk profiles of the clients and the markets. For example, if the high-risk client population is getting bigger and bigger and you can’t get additional resources to manage them, then check your criteria for risk as well as the option of creating another risk category (called higher risk clients) and focus monitoring efforts on them first; Review the monitoring technology – make sure you are on top of the technology issues and don’t forget to The controls are similar to stage 1, and depend on training, the review and approval of third party payments. Consider continuing with sanctions and background checking for a certain period of time after account closure (say six months). Just prior to closing the account, particularly if unusual circumstances or red flags are present, do a quick look-back on all recent transactions of the soon to be ex-client so that you are satisfied that there was nothing unusual that should be reported to AUSTRAC or keep developing the technology, look at creating new reports, tweak existing filter parameters and algorithms; and Review ML trends – make sure you are aware of the hot topics in ML that AUSTRAC is focused on. Studying ML enforcement cases is an excellent way of doing this and so is reading ML typologies. You also need to continually gather intelligence from internal and external sources. It is extremely difficult to spot money laundering from just AML monitoring alone, so obtaining leads or clues from employees, peer businesses, regulators, law enforcement and the media is extremely important. that you need further information from the client before you end the relationship. It is important to secure your key stakeholders’ agreement to the monitoring strategy and be transparent, especially with the regulators, in terms of what the monitoring strategy can and cannot do. Aim to be able to demonstrate that a thorough risk assessment has been completed, that monitoring controls are deployed in a reasonable manner, and document all that you do. There will always be a risk that a suspicious transaction will pass undetected, even if you look at 100 per cent of the alerts. Why? Because the people looking at the alerts are just that, people, and therefore prone to error. Consider assurance processes such as random samplings of alerts and investigation files to underwrite the robustness of the alert management process. Furthermore, money launderers are getting better and better at applying layering techniques which are able to imitate the characteristics of legitimate transactions. What we as AML professionals can do is to continue to share our knowledge and experiences with each other, share what ■ works and what doesn’t. Stage 3 – client off-boarding: If and when the time comes that you have to off-board a client, there are still a few things that should be watched for. Most of which are very similar to the risks and controls talked about during stage 1 – client take on, such as: • The client asks questions around record keeping and reporting requirements; • The client instructs you to settle proceeds with a third party; • There is an issue found with the destination of funds (for example, a request to wire proceeds to sanctioned countries); and • Be alert to any unusual circumstances surrounding the closure of the account. The business person who used to own the relationship is the key person to detect unusual things during this process. Editor’s note: Jun Claravall is a Certified Anti-Money Laundering Specialist (CAMS) and is currently the AML Compliance Director for Australia and New Zealand for a major European global investment bank where he also has, among other things, responsibility for regional transaction surveillance. Previous to this role, he headed up the Asia-Pacific regional monitoring team for one of the largest US investment banks globally. He can be contacted at jun.claravall@gmail.com NOVEMBER 2008 29 AUSTRAC COLUMN Customer identification: Item 54 reporting entities and product providers U NDER THE Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) reporting entities must adopt, maintain and comply with an AML/CTF program if they provide one or more designated services. AML/CTF programs are made up of two parts, Part A (general) and Part B (customer identification). Reporting entities which hold an Australian financial services licence (AFSL) and only arrange for people to receive other designated services (item 54, table 1, section 6 of the AML/CTF Act) are entitled to adopt a special AML/CTF program (consisting of Part B only). A key component of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) is the requirement for reporting entities to carry out applicable risk-based customer identification and verification procedures before providing a designated service to a customer. This requirement applies both to product providers and reporting entities that provide item 54 designated services (for simplicity we will refer to the latter as ‘arrangers’). Requirement for arrangers to conduct a risk assessment[A1] The primary purpose of a special AML/CTF program is to set out a reporting entity’s applicable customer identification procedures as required by Chapter 4 of the Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No.1) (AML/CTF Rules). Some arrangers have formed the view that a special AML/CTF program only involves identifying and verifying the identity of a customer, without considering the money-laundering or terrorism-financing (ML/TF) risk posed by the customer relationship or the services provided. This view is inconsistent with the requirements of Chapter 4 of the AML/CTF Rules. An applicable customer identification procedure involves more than the mere identification and verification of a customer. All reporting entities, even those which have adopted a special AML/CTF program, must have in place appropriate risk-based 30 NOVEMBER 2008 systems and controls to determine whether additional initial ‘know your customer’ (KYC) information should be collected from the customer and/or verified given the ML/TF risk posed by the customer. Public Legal Interpretation No. 2, found on the AUSTRAC website (www.austrac.gov.au) sets out AUSTRAC’s view that when developing its AML/CTF program (whether it be a standard, joint or special AML/CTF program), a reporting entity should consider factors including the type of ML/TF risk it may reasonably face. In identifying ML/TF risk, the reporting entity must consider its customer types, the types of services it offers, delivery methods and any dealings it may have with foreign jurisdictions. Therefore, risk-based systems and controls in an arranger’s special AML/CTF program should be sufficient for the entity to determine to what extent beyond the minimum requirements, the identity details relating to a customer should be verified considering the relevant level of ML/TF risk the entity may reasonably face. Responsibilities of product providers using arrangers to conduct the applicable customer identification procedure[A2] Many product providers rely on arrangers (both internal and external third-party distribution networks), to distribute their products to customers. The questions then arise, when using these distribution networks as to: • what responsibility product providers have where their products are sold via distribution networks, in particular external networks; and • who bears the responsibility to carry out the applicable customer identification procedure? Under section 37 of the AML/CTF Act, where an agency agreement exists between the product provider and the arranger, it may be specified in the agreement that the arranger is responsible for carrying out the applicable customer identification procedure on behalf of the product provider. Such arrangements do not remove the responsibility of the product provider to ensure that appropriate customer identification has been carried out prior to the provision of a designated service. Similarly, it is also the product provider’s responsibility to ensure the applicable customer identification procedure carried out by the arranger can be relied on for compliance with the AML/CTF Act and AML/CTF Rules. This procedure must address any ML/TF risk associated with the product provider’s own product, customer, jurisdiction and channel. Additionally, the deeming provisions in section 38 of the AML/CTF Act and Chapter 7 of the AML/CTF Rules also allow a product provider to rely on the customer identification carried out by the arranger on a number of conditions. When doing so the product provider must: (a) either be provided with a copy of the arranger’s records or have the ability to access the arranger’s records under a contractual arrangement; and (b) have determined that it is appropriate for it to rely upon the applicable customer identification procedures carried out by the arranger, taking into consideration the ML/TF risk faced by the product provider in the provision of the designated service to the customer. Where (amongst other things) (a) or (b) are not satisfied, the product provider is required to perform the applicable customer identification procedure itself, before providing a designated service to the customer. This requirement also applies in the event that the arranger has not conducted the applicable customer identification procedure. Ultimately, the product provider, as a reporting entity, is responsible for ensuring that identification is carried out prior to the provision of a designated service. This responsibility cannot be outsourced or delegated to another reporting entity or third ■ party, whether internal or external. AUSTRAC has developed a number of resources to assist reporting entities, in fulfilling their AML/CTF program obligations. For more information visit the AUSTRAC website or contact the AUSTRAC Help Desk. Website: www.austrac.gov.au Telephone: 1300 021 037 Email: help_desk@austrac.gov.au ANTI-MONEY LAUNDERING FEATURE Some news for item 54 providers Under the provisions of the Anti-Money Laundering and Counter-Terrorism Act 2006 and Rules (AML/CTF Act and Rules), reporting entities that provide Item 54 of table 1 of Section 6 designated services have a number of obligations. By Stephen Watts PARTNER, BAKER AND MCKENZIE By Marie Sullivan SPECIAL COUNSEL, BAKER AND MCKENZIE ANTI-MONEY LAUNDERING I TEM 54 PROVIDERS are typically financial planners, although not always. As an Item 54 in Table 1 designated service provider, as the holder of an Australian Financial Services Licence (AFSL), you make arrangements for a person to receive a designated service. AUSTRAC has pronounced in its Public Legal Interpretation (PLI) No. 2 – which can be found at http://www.austrac.gov.au/files/pli_n2.pdf – that the wording of Item 54 means that if you are the holder of an AFSL and you provide advice, in the capacity of the holder of an AFSL, to a person, and then arrange for a person to receive a designated service that is a ‘financial product’ under the Corporations Act 2001 (Corporations Act), then Item 54 will apply to you. Item 54 designated service providers will be familiar with Chapter 7 in Part 7.1 of Division 3 of the Corporations Act which explains what constitutes a financial product. By way of further explanation, AUSTRAC reiterates that section 911A of the Corporations Act provides that a person who carries on a financial services business must hold anAFSL. Section 761A of the Corporations Act defines financial services business as the business of providing financial services. Section 766A of the Corporations Act sets out when a person provides a financial service they would have to be: • providing financial product advice (Section 766B); or • dealing in a financial product (Section (766C); or • making a market for a financial product (section 766D); or • operating a registered scheme; or • providing a custodial or depository service (Section 766E); or • engaging in conduct of a kind prescribed by the regulations made for the purposes of this paragraph (Paragraph 766A(1)(f)). Conversely, and to cite an example given by AUSTRAC in its PLI No. 2, if you are the holder of an AFSL and you provide advice in the capacity of the holder of an AFSL, to a person, and arrange for a person to receive a designated service that is not a financial service under the Corporations Act, such as a loan, then Item 54 will not apply. AML/CTF program Reporting entities providing only Item 54 services may adopt the less onerous Part B AML/CTF program. This means that from 12 December 2007 Item 54 designated service providers are required to have a special AML/CTF program. A ‘special’ AML/CTF program sets out the entity’s applicable customer identification procedures (Part B) but not the general requirements (Part A) of a standard or joint AML/CTF program. If you are an Item 54 reporting entity, an AML/CTF special program documents the compliance systems you must have in place to meet your AML/CTF obligations. Notably, chapters 4 and 5 of the AML/CTF Rules in Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No.1) are also relevant to providers of Item 54 designated services. Chapter 5 of the AML/CTF Rules requires a reporting entity to implement appropriate risk-based systems and controls as part of its special AML/CTF program. Chapter 5 requires certain aspects of Chapter 4 of the AML/CTF Rules to be incorporated into a special AML/CTF program: Chapter 4 of Schedule 2 of the AML/CTF Rules sets out the specific requirements that are relevant to Part B. In Part B you must set out what procedures you have for checking the identification of your customers. These will include: (a) establishing methods for identifying customers based upon assessments of the ML/TF risk posed by the customer; and (b) reidentification of certain pre-commencement customers where you believe it is necessary. In Part B you can have different procedures based on the type of customer, the designated service being provided and the circumstances in which the service is provided (Section 88). The customer identification procedure you must use will depend on what type of entity the customer is (e.g. individual, company, trustee or partnership). A helpful table and other supporting material can be obtained from us. NOVEMBER 2008 31 FEATURE Your special AML/CTF program will necessarily set out what information you need to collect and the acceptable verification documentation for different types of customers. Financial planners will by now be familiar with the AML content typically found in AML compliant product disclosure statement application forms and will be aware that these forms were workshopped extensively and agreed between IFSA and the FPA in the lead up to the commencement of the AML/CTF Act and Rules know your customer (KYC) requirements last December. They may not, however, be familiar with the need to conduct a risk assessment of ML/TF exposures nor of the need to document any risk assessment undertaken. Among others, risk factors which should be considered include: • governance risks, e.g. inadequate oversight by the board or senior management; • operational risks, e.g. inadequate record-retention procedures; • regulatory risk, e.g. inadequate risk assessment and inadequacies in the AML/CTF compliance plan implementation; and • reputational risk, e.g. inadequacies in the AML/CTF program implementation leading to regulator intervention and bad press. Important things you should note about the AML/CTF Rules governing Part B are: (a) there are simplified (i.e. less stringent) verification procedures for certain companies (domestic listed companies, subsidiaries of domestic listed companies and companies that are licensed and subject to regulatory oversight in their business activities) and trustees (registered managed investment schemes, unregistered managed investment schemes offered only to wholesale clients that do not make small-scale offerings, trusts that are subject to regulatory oversight and government superannuation funds established under legislation); and (b) where there is an agent authorised to act for a customer, you must collect certain information from your customer about the agent and take certain steps to verify the identity of the agent. When you deal with a customer through their agent, the agent must also be subjected to customer identification procedures (Section 89). When your customer is a company or a trust, your customer identification procedures 32 NOVEMBER 2008 must involve persons associated with that company or trust (Section 90). AUSTRAC’s Risk Management and AML/CTF Programs Guidance Note is also very helpful: at Section 9 it details what AUSTRAC expects to see in place with respect to implementing a Part B Program: http://www.austrac.gov.au/files/risk_man_and _amlctf_programs.pdf Importantly, as stated, AUSTRAC will expect to see a compliance plan that not only sets out all identified risks, but which also sets out the controls in place to mitigate risk. AUSTRAC has indicated that this can form part of other compliance plans – for example, the compliance plan you have in place for the purposes of complying with your AFSL obligations. In general, and where applicable to your business, your individual risk assessment (which should be undertaken by an experienced risk assessor and documented), your obligations may include, among other things, the requirement to carry out applicable KYC identification procedures. A special AML/CTF program must be formally approved by the board or senior management: this means it will be necessary for the board or senior management of the reporting entity to resolve to adopt the special program (see Note 1, Section 86 (1) of the AML/CTF Act). What other requirements flow from your obligations to have robust KYC procedures in place? Customer identification procedures, record-keeping obligations A person who undertakes a customer identification procedure must make and retain a record of the procedure and the information that is obtained in the course of that procedure. Keeping a copy of a document produced as part of the process would suffice. These records must be kept for seven years (Section 113 of the AML/CTF Act). Where another reporting entity, such as an Item 54 AFSL holder or financial planner, conducted the relevant customer identification procedure on a current or prospective client and a reporting entity is not required to carry out the procedure on that customer itself, then the reporting entity must be satisfied as to the suitability of the Item 54/other reporting entity’s AML/CTF compliance procedures, be able to access the record upon request and have a written agreement detailing the terms of the arrangements between it and the other reporting entity. When the reporting entity receives a copy of a record, it must keep this record for seven years after the first time at which it is not providing designated services to the customer (Section 114 of the AML/CTF Act). Reports of suspicious matters Section 41, reports of suspicious matters, applies to a designated service covered by Item 54 of Table 1 in Section 6. Effective 12 December 2008, where a suspicious matter reporting obligation arises, all reporting entities are required to give a report to AUSTRAC under the AML/CTF Act about the matter within three business days or within 24 hours if it is suspected that the suspicion relates to the financing of terrorism. AUSTRAC has published samples of the new reporting forms and their explanatory guides are available through AUSTRAC Online: www.austrac.gov.au/online. AUSTRAC may exercise its regulatory powers, including the making of civil penalty orders against those reporting entities that are not compliant and are not taking reasonable steps to reach compliance with their AML/CTF Act reporting obligations. Exemptions that apply to Item 54 reporting entities Reporting entities providing designated services that fall within Item 54 have some reduced obligations under the AML/CTF Act regarding customer identification and reporting obligations. Ongoing customer due diligence – exemption for Item 54 reporting entities Under Subsection 36(3) Item 54 reporting entities are exempt from the ongoing customer due diligence requirements prescribed by Subsection 36(1). Reports of threshold transactions Section 44, reports of threshold transactions, does not apply to a designated service covered by Item 54 of Table 1 in Section 6. Lodgment of AML/CTF compliance reports Section 47, requirement to lodge compliance reports to AUSTRAC, does not apply to a reporting entity if all of the designated services provided by the reporting entity are covered by Item 54 of Table 1 in Section 6. What should be done now? If not already done, it is time for Item 54 providers to educate management and all affected employees to ensure that they understand the requirements and their duties, and to ensure that they have adequately resourced the implementation of the AML compliance regime. ■ ANTI-MONEY LAUNDERING DOING THE CRIME China and the criminal proceeds of ‘cinderella’ crimes by Dr. Nick Ridley I N THE POST 9/11 DECADE, a realignment of law enforcement resources occurred in many jurisdictions. Resources and manpower were prioritised to anti-terrorism at national and international level, and also there was a re-emphasis on local policing. Both are laudable and progressive, but have left a ‘middle band’ of certain serious crimes which tend to become – or have always been – comparatively neglected and grown in threat accordingly. Such crime categories have become known as ‘cinderella’ crimes. Certain of these are international in scope and involve a significant Chinese dimension. It is indeed true that the impact of Chinese organised crime is fully recognised in the issues of heroin trafficking and illegal immigration, both controlled by the insidious triad organised crime structures. However China also affords a dimension in other types of less prominent crime. Illegal deforestation is resulting in serious environmental and economic consequences for Indonesia and South America. An area the size of Switzerland is lost every year in South-East Asia due to illegal logging. China is a main factor in this. In 2005, the international NGO – ANTI-MONEY LAUNDERING the Environmental Investigation Agency; and in 2008, Greenpeace, both cited Chinese demand for merbau trees as the principal demand generator for illegal deforestation in Indonesia’s Papua province. Counterfeiting of goods has grown exponentially, partially due to lack of coordinated governmental and law enforcement action. The annual value of counterfeit goods globally is estimated at €450 million, Cigarette smuggling has also grown globally; a World Bank Report estimated over 33% of all cigarettes exported are smuggled and re-exported. China is both a consumer and transit country for smuggled cigarettes. On a regional basis, cigarettes are smuggled in millions into China from Vietnam; on a global scale, 18% of all exported smuggled cigarettes have transited Jiangman, in China’s Guangdong Province. IN THE WORDS OF AN ANONYMOUS CHINESE LAW ENFORCEMENT SOURCE, “... THE LAW IS STRONG AND ADEQUATE ENOUGH, THE PROBLEM IS ENFORCING. ” a 150% increase from half a decade ago. The number of counterfeited goods intercepted on entry to the EU has increased 1000% over the same period. 80% of counterfeit medicines, and 70% of counterfeit household goods entering the EU originate from China. In 2004 Chinese authorities strengthened the laws of arrest and seizure, but there remain significant vested economic interests in the in international counterfeiting of goods. In the words of an anonymous Chinese law enforcement source, “... the law is strong and adequate enough, the problem is enforcing. ” Much of the criminal proceeds from counterfeiting are being laundered within China; intelligence indicators indicate that the proceeds of illegal logging and cigarette smuggling are also being laundered through China. In 2007 and 2008 money laundering cases investigated by Chinese authorities totalled the equivalent of €89 million in suspected criminal proceeds. Only 10% was suspected drug trafficking proceeds; the rest were diverse crimes including the ‘cinderella crimes’ NOVEMBER 2008 33 DOING THE CRIME Criminal proceeds of these ‘cinderella’ crime categories are laundered in China. However, as far as the Chinese authorities were concerned, until comparatively recently money laundering itself appears to have been a ‘cinderella’ crime. In China anti-money laundering measures have only recently made significant advances and effective international money laundering control is still limited. The intense efforts did not start until 2002, the first anti-money laundering law was drafted in 2004, with no less than ten differing judicial, law enforcement and financial agencies involved. In October 2006, China passed anti-money laundering legislation containing basic customer identification provisions. These only came into effect on 1 January 2007. The biggest money laundering case in recent history occurred in China in 2007. The case involved the equivalent of an estimated 633 million US$ over two years and exploiting 68 different bank accounts, The accounts were held at banks in different regions of China and abroad. Monies were moved from account to account in complex and phased groups of simultaneous transactions The Financial Action Task Force 2007 assessment of anti-money laundering and counter-terrorist financing measures in China recorded that China had made significant progress in implementing its AML/CFT system in a short period of time. However, it noted a reluctance to pursue money laundering as a stand-alone offence, and also identified a major vulnerability in the lack of information on beneficial ownership of corporate entities. From the crime trends and the laundering cases dealt with so far within China there are some points worthy of note in terms of international anti money laundering efforts. Firstly, banking institutions remain a principal vehicle for placement of the criminal proceeds, and banks within the Chinese banking system and banks in other jurisdictions, including Australian banks, are essential in layering. Secondly, in funds moving, both within China and on the international transfer dimension, certain account patterns have become apparent. These include bank to second bank transfers in two stages over an 8 day working period, followed by transfers of the majority of the funds from the second bank to third and fourth institutions simultaneously with the remainder being withdrawn from the second bank in cash deposits, and then physically couriered. The third and fourth ‘receiving’ banks are in differing jurisdictions. 34 NOVEMBER 2008 Thirdly, the Chinese experience of laundering the proceeds of smuggled goods in several cases has revealed the increasing use of debit cards as a form of laundering transfer, usually combining transferred deposits into banks and cash withdrawals in another location, or jurisdiction. Globally, the growth of prepaid debit cards is increasing. Within the USA between 2005 and 2008 debit card issuance and use has increased at three times the rate of credit cards. Within the EU between 2006 and 2010 overall spending by use of prepaid cards will be in excess of €75 billion, encompassing a four year period yearly growth rate of 110%. In China there are 1.58 billion credit and debit cards, of which 91% are debit cards. A particular threat is posed from the open systems cards, which enable speedy transfer of monies through replenishing value on an international basis and via international ATM systems. Such cards are not legally defined as monetary instruments either in the USA or in the EU. They can be openly carried, transported or sent across borders. Fourthly, training of bank staff can result in useful monitoring of customer behaviour. In the above money laundering case involving the 633 million US$, alert bank staff in different banks reported several instances of incongruous behaviour by customers (the involved perpetrators). The reports were collated, disseminated to law enforcement and were of value in the investigation. The objective of this article is not to vilify or to isolate China as an expanding criminal hub. Chinese law enforcement authorities have shown the highest commitment to eradicating crime, engage in international criminal co-operation and are deeply conscious of the adverse impact of such trends on their country. However, given the growing economic role of China, and its position regarding the international money flow circulation of capital within the current ailing global financial systems, such ‘cinderella’ crime trends and the accruing criminal proceeds impact globally. In strategic terms, the criminal commodities particularly impact westwards, but the laundering of the proceeds is carried out on an Asian axis. Risk indicators for Cinderella crimes: • • • • • • Connection with countries involved in deforestation; Connection with timber businesses in countries involved in deforestation; Client has businesses that do trade through Jiangman in China; Client imports goods susceptible to counterfeiting from China; Debit card use crossing country borders; and Open system card use where value is replenished on an international basis and ■ via international ATM systems. Dr. Ridley will be making a regular contribution to the AFMA anti money laundering magazine on the theme “Doing the crime.” He is senior lecturer at the John Grieve Centre for Police Studies, DASS, London Metropolitan University. He was a criminal intelligence analyst for just over 22 years, firstly at the Metropolitan Police, New Scotland Yard, in various departments including the Anti Terrorist Branch, and then at Europol, in The Hague, Netherlands At both Scotland Yard and Europol he specialised in organised crime from south east Europe, anti money laundering and terrorism. In 2006-2007 he was a holder of a Research Fellowship from the Airey Neave Trust researching an aspect of terrorist financing, and also occasionally lecturing at the NATO Centre of Excellence – DAT in Ankara Turkey in financing of terrorism. ANTI-MONEY LAUNDERING FEATURE AML skills – is there really a drought? Ever since Australia’s financial services industry woke up to find out it had to implement a risk-based anti-money laundering (AML) regime from the ground up, there was panic. It was widely thought that there would be a critical skills shortage which had to be addressed as soon as possible. A NEW REGIME would require massive cultural change, exorbitant technology expenditure, intensive retraining and education programs, and the adoption of internationally-experienced consultants and technicians. The industry was given a set of staggered deadlines with which to do their own know your customer (KYC) and AML risk management and monitoring – subject, inevitably, to the regulator’s satisfaction. The immediate impulse was to bring in superior and more experienced management, and that had to come from overseas. The thinking was: Australia’s compliance and AML skills were outmoded, formed under the benign but dated auspices of the 20-yearold Cash Transaction Reporting Act. This country has to catch with our more sophisticated brethren in Europe (particularly the UK) and the US, who were way ahead of us. Then, of course, in the space of the past six to 12 months, the jurisdictions from which the expertise has been tapped (and from which Australia has taken its AML compliance cue) have delivered nothing better than confused and half-evolved risk-based regimes. The international risk management industry as a whole has an even less worthy scorecard, failing to foresee the largest credit crisis in history, the result – at least partially – of poor oversight and controls. Australian banks and financial organisations remain relatively aloof and unsullied by the poor judgements which have brought about the credit crunch, but they are not immune to its consequences. The paradox for the industry is that the skills shortage which institutions have feared and made provision for, may very soon become a surplus. The Australian banking industry is now in the midst of a major contraction, resizing itself from the top down. By Adam Courtenay Just this year, the industry has witnessed Westpac’s acquisition of stricken mortgage provider RAMS Home Loans Group, not to mention the bank’s $16.6 billion takeover of St George Bank, which is expected to take place this quarter. Adelaide Bank and Bendigo Bank have merged and Commonwealth Bank of Australia has finalised its $2 billion acquisition of BankWest from its struggling UK parent HBOS. At the time of writing there was much talk of the impending break-up of the banking, wealth and insurance arms of Suncorp. What this means for the so-called skills shortage in the AML arena is as yet unclear, but there are well-known precedents. The so-called ‘synergies’ of these deals tend to mean only one thing – the integration of IT systems and the shedding of large numbers of staff, particularly in the back office. In this climate, there is no room for duplication. ANTI-MONEY LAUNDERING NOVEMBER 2008 35 FEATURE ‘We know that when there are merger talks, there is generally a freeze on compliance personnel at the best, but at worst there’s a reduction,’ says Chris Cass, Deloitte’s lead AML partner. ‘It’s inevitable when you bring together two large risk and compliance teams, there will be casualties. And it’s all happening at a time when good-quality risk management personnel are critical.’ According to press articles, ANZ intends to axe hundreds of middle-management roles and other banks are looking at their cost bases ‘as the lending market cools’. Arguably, most at risk are Westpac and St George workers, whose takeover agreement may result in as many as 5000 job cuts according to union estimates. Westpac has so far declined to provide details about expected job losses under the merger. What about AML? Not surprisingly, Andrew Smith, head of fraud and AML control at Westpac, was unable to comment on the skills fallout which may befall the merger of the two teams. However, it is known that both banks have adopted Norkom Technologies as their main AML transactions monitoring tool. The synergies there, at least, could not be better. In the same vein, Bendigo Bank and Adelaide Bank have recently reported a very successful integration of their AML systems. This of course, is not the same as personnel synergies. Despite the credit crisis and the ensuing banking sector consolidation, there are still skills shortages in AML, which are changing in both type and volume as compliance with the legislation continues to progress. Recruitment firm Hays Legal says it has been used regularly by some large financial services firms to go ‘shopping’ for skilled AML and compliance personnel in the UK, the jurisdiction most closely resembling our own. ‘Often they are hoping to lure back Aussies who have middle-ranking compliance or AML experience in the UK, who might be looking for more senior roles back home,’ says Daniel Sterling, financial services section manager at Hays. “We know that when there are merger talks, there is generally a freeze on compliance personnel at the best, but at worst there’s a reduction.” Chris Cass, Deloitte ‘But the hardest people to find are senior people with decent AML management experience. This area is very specialised and what is needed is people with strong advisory and/or technical capacities.’ While there is still a call for middle and senior-ranking AML experts to come to Australia, some say this demand is slowing as the local firms retrain staff in the midst of fashioning their own local risk-based programs. The immediate needs of banks and wealth management companies are fairly clear and a quick trawl of recruitment agencies shows where they lie – good business analysts and program managers are in short supply. Typical is the need for a program manager for AML roll-out and AML compliance for a major bank; or for good business analysts with credit card fraud-cum-AML experience. Transactional analytics and monitoring customer behaviour is foremost in big and medium players’ minds. The need is very much IT-based and ‘business change’ related. Most of the largest financial organisations are in the midst of rolling out their new transaction monitoring systems and need people to run the programs and analyse the transactions which the technology will require. There is a need for people who can investigate alerts and conduct case management to determine if a firm has to report suspicions. “This area is very specialised and what is needed is people with strong advisory and/or technical capacities.” Daniel Sterling, Hays Legal 36 NOVEMBER 2008 There is an analytics management side as well – skills to determine that the software tool is being used to best effect by an institution. So far big banks such as ANZ, Westpac, NAB and St George have adopted Norkom Technologies as their major transactions intelligence tool. CBA and Bank of Queensland have opted for AML compliance software from SAS. What about the smaller wealth and fund management companies? Phil Anderson, AML/CTF compliance officer at Perpetual, says he doubts many fund managers have given thought to transaction monitoring, and predicts that the demand for program management experts and business analysts will soon become critical. ‘We haven’t yet come to a point where we have the business-as-usual personnel in place,’ says Anderson. ‘It’s an issue I’ve raised at various industry groups – that is, where will people go looking for analysts who will do the work around assessing alerts and investigating potential issues?’ ‘It needs to be done in a short time frame and it will be challenging,’ Anderson says. ‘You can’t go overseas for that level of expertise – analysts simply aren’t paid at that high a level.’ Zoe Lester, group AML/CTF officer at the soon to be merged St George, says the bank has many of its business as usual roles in places. Lester says the initial need for senior overseas recruits with risk-based AML experience was far greater 12 months ago, but that international experience is no longer so critical. ‘A year ago it was more important than it is now – but we’ve seen a concerted upskilling in the past 12 months and it has been a big learning curve for most people,’ Lester says. ANTI-MONEY LAUNDERING FEATURE ‘Having international experience is great – but it’s now becoming no more important than having people with a sound knowledge of the Australian regime.’ All the same, Lester agrees that there are always opportunities for middle-ranking implementation managers from overseas who have been ‘amongst the detail’. ‘It would be easier for them to get a more senior operational position here now,’ Lester says. Anderson at Perpetual says it is difficult to find people who can conform to exact roles required by the new laws. For instance, at one point he was seeking someone with strong corporate trust experience with an AML background, but the combination was almost impossible to find. In both project and business as usual roles, you have to improvise, he says. ‘If your focus is on someone for investigations, does the person you’re seeking also have enough business or pure AML knowledge?’ he asks. ‘Or if you’re putting someone in an analyst’s role, you may find someone who knows the customer service function or who has good business knowledge, but then needs to be reskilled for AML.’ While the big banks tend to say they’re confident in the design of their programs, they are not without skills shortages, not “It’s not rocket science.” Gary Gill, KPMG much towards implementation, and much of that is about getting our data ready for the new software.’ Bell admits the market is short on Norkom expertise and that the bank needs to hire contractors for that work. ‘Even the Norkom contractors are in short supply,’ Bell says. Bell says that in the business as usual roles, he intends not to hire from outside but to train staff internally. ‘There’s going to be a significant training component required,’ he notes. Like Lester at St George, Westpac’s Andrew Smith says the need for overseas expertise has diminished as needs have changed. While they may have the skills to understand things that ‘do and don’t work from a point of view of controls’, it has to be done in a local, risk-based environment. ‘It requires a new level of thinking – you are trying to marry AML compliance with operational risk thinking,’ he says. “...we’ve seen a concerted upskilling in the past 12 months and it has been a big learning curve for most people.” Zoe Lester, St George surprisingly related to their current IT implementation plans. Geoff Bell, ANZ’s general manager of group compliance, says the bank has had to rely on a large number of people and skills from outside ANZ, particularly in the past six months. ‘The Norkom system we’re implementing requires brand-new technology – and that’s true for all the banks,’ says Bell. ‘Up until eight to 12 months ago the program was at a design phase, and we were putting that in to deliver a compliance solution. But since then that has transitioned very ANTI-MONEY LAUNDERING Smith also believes in reskilling the right kind of candidate for the AML context rather than finding a perfect match. Westpac is always looking for people with skills to analyse risk and vulnerability, who can help design the framework the bank will use to identify customers. ‘I do put a premium on risk professionals. Essentially we’ve been looking for people with good risk experience and then bringing them into the game,’ Smith says. The use of consultants has changed. In the lead-up to the legislation – and in its initial phases – many of the larger companies sought out the big four consultancy firms to define parameters and do scoping studies. Many of the big four also had the international experience which was deemed so critical when the AML/CTF law was first enacted. ‘We often used them on an advisory basis to provide us with a sounding board rather than outsourcing an entire project to them,’ says Bell at ANZ. ‘They provided us with key design or compliance interpretations, and we think we used them effectively for that.’ The consultants, of course, tend to think they haven’t been used enough, and that too many financial services firms have opted – from the board-level down – for minimal ‘box-ticking’ rather than good risk-based compliance. KPMG forensic partner Gary Gill believes there’s still a general shortage of good risk-management people across the board who understand AML. He does believe that a good risk manager can adapt without too much difficulty to the AML world. ‘It’s not rocket science,’ Gill says. Gill says that in the end it is the regulator’s attitude which may have the last say on skills and personnel requirements. If AUSTRAC takes a tougher stance than it has hitherto signalled, then a number of people will be caught short. ‘They will have to go back and fill the gaps and where will they go? They will have to use consultants and it will be expensive,’ Gill says. Cass at Deloitte agrees that the skills gap is for people with experience in finding ‘the fault-lines in operational control infrastructure’. These are the ‘skills gaps’ which could leave a company vulnerable to fraud and laundering, he says. Nor is technology the sole answer. Cass says the problem is that too many big firms think transaction monitoring will be the saviour, when in fact it is a secondary control, and less important than putting in a good KYC system. ‘So many people have put their whole strategy into doing minimal work on the KYC end and then hope the technology will find the launderers. This is not a risk ■ management strategy.’ NOVEMBER 2008 37 TAX EVASION The investigation and detection of client tax evasion By Kenneth Rijock FINANCIAL CRIME CONSULTANT FOR WORLD-CHECK G 38 NOVEMBER 2008 Illustration by Elly Walton OVERNMENTAL regulators and compliance officers at financial institutions often encounter unusual patterns and activity when examining financial records, but many are unaware that what they are seeing is often a simple variation of tax evasion, that pedestrian form of financial crime, but one that often escapes detection. Today we examine what indicia, or ‘red flags’ might indicate its presence. First of all, let us profile the common business tax evader; he or she is generally the owner and operator of a cash-intensive business, where payment by credit card or cheque is either an unacceptable part of the industry’s culture, or is traditionally a business that has existed long before modern forms of electro-payment. The evader diverts a portion of the net profits, generally somewhere between 15 and 30%, artfully fails to enter them properly into the accounts of the company, and secretes them, generally but not universally offshore, in a tax haven jurisdiction or in a disguised onshore location. Are all your cash receipt clients then high-risk for tax evasion? Perhaps you may have noticed some of them engaged in suspicious activity. Unfortunately, it is never so simple. The truth is that there are certain sub-classes of these clients who are even more apt to evade the taxman with a substantial portion of their income. Let us examine some of them: • Professionals whose malpractice coverage may not cover their entire range of risk, and who choose to move a large sum of their fees, generally those generated in cash, to an offshore tax haven. Though they compound their crimes by failing to report the cash fees they receive, and then bulk-cash smuggle into a cooperating bank, their tax evasion is accomplished under the excuse of “Asset Protection.” THOUGH THEY COMPOUND THEIR CRIMES ... THEIR TAX EVASION IS ACCOMPLISHED UNDER THE EXCUSE OF “ASSET PROTECTION.” • • • Clients whose ultimate goal is to retire offshore, and who gleefully create accounts there for their “Golden Years,” through profit diversion from their cashintensive businesses. They take liberties with generally accepted accounting principles, and hope they will not be unmasked before they flee to a zero-tax jurisdiction in a warm climate. Affluent, cheating husbands with high incomes, who are contemplating divorce, and re-marriage to the latest flame. Their divorce settlements depend upon a minimization of the profit picture. Crooked partners intent upon defrauding their business associates, who are often absentee investors, and are taking an excessive, an unauthorized, share, and parking it some obscure part of the financial world. All of the above types represent the highest degree of risk, in a class of businessmen and women who have the singular ability to manipulate their above-the-waterline cash receipts and profit picture. So, what us to be done to identify and interdict these illicit funds on a real time basis? We return to the basics, for it is not the departed, covertly-smuggled funds, but what is left behind, that tells the tale for the experienced investigator. ANTI-MONEY LAUNDERING TAX EVASION Look at the following: Conduct inconsistent with their specific trade or business. Hint: look at the competition and compare the operations. Does something not fit? Is there a normal amount of reinvestment of profits into the physical assets? Are they running a successful company on a shoestring? Maybe the string is going elsewhere. International travel, by management or the owners, that is not normal with this type of business. Is he monitoring his offshore accounts? Do the credit card statements show trips to exotic locales, when the company’s market focus is totally domestic? Is there a marked reluctance to divulge details, to your account representative, about suppliers, clients, customers, or other affiliates? One of these may be totally bogus, and a front organization facilitating the movement of substantial cash offshore. Have you satisfied yourself that the companies that the client deals with are not shells? Is the client methodically disposing of his immobile assets, thereby facilitating an easy transition to another jurisdiction? Have his or her ties to the community begun to weaken? Is the business for sale? Have gross and net profits declined in a business that has been expanding exponentially until recently, without any logical reason? If purchases of wholesale or raw materials have not similarly dropped, there may be a diversion of cash. Has the client opened up any new accounts in a city where he had neither business nor customers? Does the owner now make the deposits himself, instead of the employees? Moving away from cash businesses, a business that is involved in import and export may use import transactions to move value offshore through invoices which over-state amounts to be paid to offshore companies who then remit the additional value to a suitable account in an offshore jurisdiction for the business. The business benefits through higher tax deductions for goods imported and retains the value outside its higher taxed country. A similar approach using export transactions for under-stated values keeps domestic income low and allows the funds to be diverted again to tax havens. Businesses that supply consultancy services internationally find it easy to use over stated and under stated invoicing with little risk of detection because establishing the value of such services is in the eye of the beholder (the receiver). Whilst these indicators of possible tax evasion activity are certainly not iron-clad evidence, look carefully at any company whose actions are similar to those appearing above, for you may have uncovered a client who is a tax evader; Happy hunting. ■ Kenneth Rijock is believed to be the only former banking attorney-turned career money launderer who actively consults with law enforcement and the financial community. He has more than 25 years’ experience in the field of money laundering, as a practicing ‘laundryman’, financial institution compliance consultant, and trainer/lecturer to law enforcement and the intelligence services of both the United States and Canada. After serving as a banking lawyer in an international law firm, he spent the decade of the 1980s as a money launderer and advisor to narcotics trafficking organisations operating in North and South America. Whilst serving a federal prison sentence for racketeering and money laundering, he assisted with the first joint Swiss-American money laundering investigation of bankers and lawyers, which resulted in a major seizure of the proceeds of crime. Kenneth writes a daily AML column. For more information visit www.world-check.com Don’t get taken to the cleaners Subscribe to anti-money laundering magazine, the definitive source of information for the financial services sector on anti-money laundering and counter-terrorist financing. Call our subscription department today on 02 9776 7923 ANTI-MONEY LAUNDERING NOVEMBER 2008 39 CASE STUDY Case Study A Are you struggling with making the link between money laundering risk and customer identification procedures? This case study is designed to help. Use the risk indicators to review the quality of your anti-money laundering/counter-terrorism financing risk assessment. And use the AML/CTF controls to consider whether your processes would have identified some of the indicators in this case. Although Bendigo Bank and Adelaide Bank contributed some of the controls and risk indicators in this typology, nothing in this case resembles any transactions or clients handled by Bendigo Bank and Adelaide Bank. For most lenders, the facts in this case would be unlikely to have proceeded past the credit application stage without detection by their risk controls. However, as the two trusts in this case used at least nine financial institutions, it is possible that one or more may have missed key risk indicators. CHINESE NATIONAL aged in her 40s arrived in Australia having secured a permanent residency visa. On her arrival she opened several deposit accounts in the name of a trust which was established in Hong Kong with a bank (FI #1). She was one of two beneficiaries of the trust and supplied her name and address during the account-opening procedures. The trustee of the trust was a professional services company in Hong Kong which provided agency and trustee services. Within six months of her arrival she applied for a mortgage through a mortgage broker for 50 per cent of the estimated value of a small commercial property which had been acquired in the name of a trust at the same time as her arrival. This estimated value aligned with the purchase price stated on the transfer of title. The property had been unencumbered since the trust had acquired it. The funds advanced were provided by a non-bank financial institution (FI #2), deposited in the accounts with FI #1 and then immediately transferred to the Cayman Islands to accounts in the names of third parties. Following this advance and overseas transactions, the trust subsequently sought three more loans over three more properties. Each property had been unencumbered since acquisition by the trust, and the funds sought were for 50 per cent of their estimated value, which again aligned with the purchase price on the transfer of title. The acquisition dates of each property were close to the date of arrival of the Chinese national. The applications were made by the same broker to three separate non-bank financial institutions, one per property (FI #3-5). All lenders relied on the accounts opened at the banks in the name of the trust as supporting information for the verification of the trust’s identity. All the estimates of value were provided by a local valuer to the applicant and discussed verbally with the lenders’ valuers as well as verified against the transfers of title. 40 NOVEMBER 2008 Six months later, after the funds had been advanced on the last of the four properties, the trust then sold the properties for twice the values used to secure the four mortgages to a single purchaser, which also was a trust established in the US. The purchaser operated through a local law firm and used the same mortgage broker to secure funding for 90 per cent of the new value from four separate non-bank financial institutions (FI #6-9). The same valuer provided new valuation reports supporting the doubling in value for each from a valuer that was well respected. The financial institutions relied on these valuation reports and did not conduct their own valuation because the broker implied that the purchaser was prepared to borrow elsewhere if the approval was delayed. The trust paid out the original loans in full and deposited the proceeds into the various accounts the Chinese national had opened on her arrival with FI #1,where the money was then immediately transferred to the Cayman Islands to accounts in the names of third parties. There had been no other funds deposited to these deposit accounts since the opening deposit and the first mortgage advance. The Chinese national stated that the purpose of the transfer was to settle acquisition of property in Hong Kong. The purchaser defaulted on the mortgage payments on all four loans. The four non-bank financial institutions discovered that the purchaser’s identity information was false and that there was a relationship between the valuer, the vendor and the purchaser. The value of the property was commensurate with the original transfer values not with the price paid by the purchaser and the valuations supplied by the US trust were forged. Subsequent investigation showed that the purchase funds for the properties acquired by the trust were all sent from the Cayman Islands to the trust account of the Australian lawyer handling the acquisitions. All Cayman Island accounts were found to be in the names of the same third parties that received the subsequent outbound payments. ANTI-MONEY LAUNDERING CASE STUDY RISK INDICATORS Note – this customer interacted with nine financial institutions, each of which only saw a segment of the customer’s actions, and this is a perennial problem for all financial institutions. Active credit reports existed for four of these lenders in respect of the first four mortgages depending on timing of application, and may have existed for some of the second four mortgages, depending on timing of application. KYC Client is a trust established overseas. Persons associated with the trust and one of the beneficiaries is a Chinese national. The Chinese national has only recently arrived in Australia. Short period of time in Australia on a working visa and no permanent residency papers. Active credit report across various lenders depending on timing of applications. Country Risk Associations with Hong Kong, China and Cayman Islands. CONTROLS Control Type Description of possible controls Regulatory KYC Controls • The combination of an overseas trust and association with a Chinese national should have lead FIs #1-5 to conduct due diligence appropriate to high ML/TF risk customers of this type. This would overlap with the information obtained from the credit applications by FIs #2-5 but would be an expansion for FI#1 who was opening deposit accounts. Chapter 4 AML/CTF Rules requiring consideration of what additional KYC information would be collected at customer acceptance, using a risk based approach. • The type of additional KYC information that would be useful would relate to reason for investment in Australia, source of funds for acquisition of properties, source of income, source of wealth, stronger verification requirements such as certificates of incumbency for the trust, notarised identification papers for the Chinese national, the purpose of the trust, details of other beneficiaries, and value and volume of transactions for the deposit account. • Assessment of the need for Foreign Investment Review Board approval for both trusts to acquire property should be completed. Product Control • The credit risk-assessment processes should be tuned for money laundering risk, including the multiple active credit reports associated with the same trust. • Lenders should always conduct their own valuations and not rely on valuations reflected by transfer documents or on valuation reports supplied by the customer – irrespective of how well respected the valuer’s name is. Chapter 15 of the AML/CTF Rules requiring (from December 2008) consideration of what additional KYC is required from customers during the life of the relationship for ongoing customer due diligence purposes. Sections 84 and 85 of the AML/CTF Act setting out the obligation to identify, mitigate and manage ML/TF risks. • Staff processing applications for overseas payments should be seeking information and documents to support the stated purpose of the payment where higher risk customers or higher risk countries are involved. • International transfers to third parties where higher risk customers or higher risk countries are involved should lead to requests for details of the relationship with the third party. Heightened due diligence could include public domain searching on parties involved in the transaction, fraud and other blacklists etc. Monitoring Controls • The higher ML/TF risk of these customers suggests that the customer relationship should be managed by a relationship manager with a review cycle of three months after drawdown or establishment of the deposit accounts, then annually or on the occurrence of transactions above certain thresholds or with certain characteristics such as payments to the Cayman islands. Chapter 15 of the AML/CTF Rules (from December 2008) monitoring of transactions. • Transaction monitoring would be tuned to look for transactions above certain thresholds or with certain characteristics, and include weightings drawn from the high ML/TF risk ratings. Table continues next page ANTI-MONEY LAUNDERING NOVEMBER 2008 41 CASE STUDY CONTROLS Control Type Description of possible controls Regulatory Broker Controls • Generally, lenders should ensure that the mortgage broker has accreditation with the lender and is a member of MFAA or FPAA and has conducted AML training. These requirements ensure a certain level of probity has been conducted on the broker before establishing a relationship with it. Examples of such probity controls are set out below: Sections 84 and 85 of the AML/CTF Act setting out the obligation to identify, mitigate and manage ML/TF risks. • The MFAA conducts police checks on brokers, which acts as a further level of due diligence. • Requiring the broker to have two referees and professional indemnity insurance. • Establishing a dedicated relationship between the broker and one of the lender’s relationship managers. • Close monitoring and detailed investigation of losses and unusual events involving the broker (including fraud). • Conducting spot file reviews on the broker’s customer files. • Acting on fraud or poor lending practices which involve the brokers. • Reporting the broker to both the MFAA or FPAA and the police as well as AUSTRAC. Valuation Controls • Generally, lenders are likely to have the following valuer controls in place: • All properties might be required to have an independent valuation from a ‘panel’ managed by the lender. Sections 84 and 85 of the AML/CTF Act setting out the obligation to identify, mitigate and manage ML/TF risks. • The valuation assignment is randomly allocated thus avoiding increased exposure to the one valuer who might be corrupt. • Valuations are randomly rechecked as part of the compliance program by way of a check valuation. • Valuations cannot be reassigned and are only valid for three months. • Strict agreements are in place with valuers regarding the way they conduct valuations. • All valuers are reviewed annually. • Valuations that differ markedly from the values provided by the customer lead to immediate detailed investigation of all aspects of the customer’s application and broader relationship with the lender. Training Controls • KYC requirements are documented and training conducted for those that open accounts covering both minimum requirements and the more detailed requirements for higher risk customers. Chapters 8 and 9 of the AML/CTF Rules require role-based training. • Credit assessment staff need to be trained on the money laundering implications of what they look at. Much of this training will focus on red flags and why certain characteristics are indicators of higher money laundering risk e.g. the use of overseas trusts and the involvement of higher risk countries. • Training for relationship managers involved in the different aspects of the trust’s relationships with financial institutions should also focus on red flags and why certain characteristics are indicators of higher money laundering risk e.g. the use of overseas trusts and the involvement of higher risk countries. • Staff processing overseas payments also need red flag training. Fraud Controls 42 • Transaction monitoring rules designed to identify unusual credits/debits and specific rules for mortgage spiking might also act as early detection mechanisms in this case. NOVEMBER 2008 Chapter 15 of the AML/CTF Rules (from December 2008) monitoring of transactions. ANTI-MONEY LAUNDERING Take the bite out of AML and CTF Compliance On June 12 2007, the Australian parliament passed the second phase of its Anti-Money Laundering and CounterTerrorism Financing Act 2006, which introduced correspondent banking provisions. The Australian Transaction Reports and Analysis Centre will carry out more rigorous on-site inspections to examine KRZÀUPVKDYHLPSOHPHQWHGHQKDQFHG AML/CTF programmes, including FXVWRPHULGHQWLÀFDWLRQDQGYHULÀFDWLRQ processes; recordkeeping systems; ongoing customer due diligence; and the regulator’s strict guidance on transaction reporting and in-house training. Complinet Global Screening Complinet’s Global Screening solutions can help to reduce your organisation’s exposure to unacceptable clients and transaction activities. &RPSOLQHW¶VQXPHURXVGDWDVRXUFHVLQWKH$VLD3DFL¿FUHJLRQWRJHWKHU ZLWKXSWRGDWHLQWHUQDWLRQDOVDQFWLRQVDQGZDWFKOLVWVSURYLGHDWRWDO AML solution. Complinet’s Global Screening delivers a smarter end-toHQGSURFHVVWKDWUHGXFHVIDOVHSRVLWLYHVPD[LPLVHVHI¿FLHQF\DQGFXWV your operational screening costs. Find out more about Complinet’s Global Screening solutions at www.complinet.com/connected/solutions/global-screening/ Complinet AML training and e-learning Complinet combines expert content with cutting-edge design capability to help organisations meet all their AML training needs. Our market-ready FRXUVHVLQFOXGH$QWL0RQH\/DXQGHULQJ)UDXG$ZDUHQHVVDQG0DUNHW Abuse and Insider Dealing. The new obligations will create immense Find out more about Complinet’s e-learning solutions at FKDOOHQJHVIRUWKH$XVWUDOLDQÀQDQFLDO www.complinet.com/connected/solutions/regulatory-insight/e-learning/ VHUYLFHVÀUPVDQGUHSRUWLQJHQWLWLHVWKDW have only one year to implement the To register for a free trial, visit www.complinet.com or reforms and become fully compliant. contact us on clientsupport@complinet.com tel: +61 +44 (0)870 042 6400| | fax: fax: +61 +44 (2) (0)870 6405| | email: email:clientsupport@complinet.com clientsupport@complinet.com tel: (2) 9994 8099 9994042 8008 www.complinet.com