Presentation on theme: "Risk Management & Internal Controls – KYC for banks Michael J Lesser, Managing Director, Supervision Qatar Financial Centre Regulatory Authority 1 st Annual."— Presentation transcript:
Risk Management & Internal Controls – KYC for banks Michael J Lesser, Managing Director, Supervision Qatar Financial Centre Regulatory Authority 1 st Annual Compliance & AML Seminar – Riyadh 24-25 th March 2009
Qatar Financial Centre Regulatory Authority1 RISK MANAGEMENT - IDENTIFYING AND DOCUMENTING YOUR AML RISK PROFILE Assess and identify the AML/CFT vulnerabilities posed by your organisations: –Products, services and delivery channels –Customers –Geographic area of operation Establish and implement effective policies, procedures, systems and controls to mitigate the risks identified. Embed the controls into day to day operating procedures. Continue to monitor, review and update AML risk profile. Document the risk profile, the mitigating controls. Obtain senior management approval of the AML Risk Profile.
Qatar Financial Centre Regulatory Authority2 RISK MANAGEMENT - IDENTIFYING AND DOCUMENTING YOUR AML RISK PROFILE Products, services and delivery channels –Document your product range and services against the perceived attraction for them to be used by ML/TF –Consider new and developing technologies (m banking etc), be involved in product development –Riskier products and services (wire transfers, correspondent banking, e-banking)
Qatar Financial Centre Regulatory Authority3 RISK MANAGEMENT - IDENTIFYING AND DOCUMENTING YOUR AML RISK PROFILE Customers –Consider the risk that different types of customers pose in relation to the threat that they will launder proceeds or crime, fund terrorist activity or be involved in other types of illicit activities. –Riskier types of customer could include: PEPS, those will complex legal or trust structures, use of intermediaries, those from particular jurisdictions
Qatar Financial Centre Regulatory Authority4 RISK MANAGEMENT - IDENTIFYING AND DOCUMENTING YOUR AML RISK PROFILE Geographic area of operation –Risks posed by different countries and territories. –Consider in relation to where customers are resident or incorporated and where they are trading or doing business. –Consider whether the jurisdiction has a stringent or equivalent AML/CFT framework and whether it seen as a jurisdiction of high corruption, terrorist activities, drug trafficking or crime.
Qatar Financial Centre Regulatory Authority5 RISK MANAGEMENT - IDENTIFYING AND DOCUMENTING YOUR AML RISK PROFILE Mitigating the risks / implementing controls –Robust and documented AML policies, produces and controls including: Risk based KYC policies and procedures; Establish customer profiles: –Identification and verification of identity and location; –allocate AML risk rating; –Identify nature of business, source of wealth and funds; –transaction profile - expected types, levels of business. Risk based monitoring over customer accounts and activity Level of due diligence based upon level of risk identified. Increased KYC and monitoring for higher risk customers.
Qatar Financial Centre Regulatory Authority6 RISK MANAGEMENT - IDENTIFYING AND DOCUMENTING YOUR AML RISK PROFILE Mitigating the risks / implementing controls –Effective identification of suspicious activity, analysis and reporting. –Regular management reporting on AML matters. –Staff training and awareness. –Remain vigilant and aware of changes to your organisation: be involved in product development, the firms business plan and strategy to identify the AML/CFT risks and update the risk profile and implement appropriate controls..
A CASE STUDY - ABN AMRO The ABN AMRO case study illustrates an example of how actions taken in one jurisdiction can create problems in another. Relevant to any financial institution, even those that only operate in a single jurisdiction, Need to understand the requirements of your correspondents in other jurisdictions Qatar Financial Centre Regulatory Authority7
ABN AMRO Case Study: Overview In December 2005 ABN AMRO agreed to a Cease and Desist Order covering a variety of Anti-Money Laundering weaknesses and violations of OFAC sanctions. The use of special procedures to obfuscate source and/or beneficiary information on payment instructions and thereby facilitate payments relating to Iran and Libya through the NY branchs US dollar clearing was the most serious matter ABN AMRO paid an $80 million penalty The order involved an unprecedented level of cooperation between US federal, state and international bank supervisors, as well as numerous US law enforcement agencies
Chronology Previous Supervisory Action at another bank in NY relating to US dollar clearing, led to Examiners following the money trail of US dollar transactions for some of the same names Examiners noted that similar transactions were being cleared through the ABN AMRO NY branch Exams conducted in 2003 and 2004 at ABN AMRO NY branch included transaction reviews of the US dollar clearing activity of these and similar accounts, noting suspicious patterns of activity
Chronology (contd) In July 2004 a Written Agreement (WA) was entered into with ABN AMRO covering deficiencies relating to compliance … relating to anti-money laundering policies and procedures … (and) … the suspicious activity reporting requirements Among other requirements, the bank had to engage an qualified independent firm to do a two year look-back of account and transaction activity to determine whether suspicious activity was being properly identified and reported
Chronology (contd) As a result of the look-back requirements ABN AMRO discovered … a pattern of previously undisclosed unsafe and unsound practices warranting further enforcement action ABN AMRO had implemented special procedures designed to circumvent the (US) Branches compliance with OFAC regulations Failed to follow-up on negative audit findings and provide them to US supervisors Failed to follow-up on inquires on US law from non-US offices
Chronology (contd) Misrepresented the extent of due-diligence efforts undertaken by non-US branches In December 2005 ABN AMRO agreed to an Order to Cease and Desist Penalties in the amount of $80 million were paid by the bank to the US federal and state governments The cost of legal fees and investigation expenses relating to the two actions was much more The C&D Order was lifted in September 2008
Agencies Involved: 2004 Written Agreement Parties to the Written Agreement: –New York State Banking Department –Federal Reserve Bank of New York –Federal Reserve Bank of Chicago –State of Illinois Department of Financial and Professional Regulation Other parties involved: –FinCEN –The US Department of Justice –Manhattan District Attorneys Office
Agencies Involved: 2005 Cease and Desist Parties to the Order: –De Nederlandsche Bank NV –New York State Banking Department –Federal Reserve Board, also on behalf of: Federal Reserve Bank of New York Federal Reserve Bank of Chicago –State of Illinois Department of Financial and Professional Regulation Additional parties to Order of Assessment of Penalty: –OFAC –FinCEN Other parties involved, but not on the Orders –The US Department of Justice
Qatar Financial Centre Regulatory Authority15 A CASE STUDY - ABN AMRO July 2004 Written Agreement http://www.banking.state.ny.us/ea040726.pdf December 2005 Order to Cease and Desist http://www.banking.state.ny.us/ea051219b.pdf December 2005 Order of Assessment of a Civil Money http://www.treas.gov/offices/enforcement/ofac/civpen/penalties/am rocmp.pdf