Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk Assessment A Regulatory Hot-Button

Published byAugustus Page Modified over 7 years ago

Similar presentations

Presentation on theme: "Risk Assessment A Regulatory Hot-Button"— Presentation transcript:

1 Risk Assessment A Regulatory Hot-Button
Understanding, Performing and Using Risk Assessment

2 The Panel Robert (Bob) Mengani, Sr. Compliance Director
Chartwell Regulatory Compliance & Risk Management (Formerly Assistant Deputy Superintendent, NYS Dept. of Financial Services) William Staderman, President, WPS Systems, Ltd. and President, RI Association of Financial Service Centers Richard B. Kelsky, Esq., CAMS President, Tellermetrix, Inc.

3 The Fine Print This workshop is for general informational purposes only and not intended to provide, and should not be relied upon as, legal, accounting, compliance or professional advice of any kind. No representations or warranties are made regarding the content of this workshop. You are advised to contact and seek professional advice from your attorneys, accountants, compliance and other professionals.

4 Goals Understanding of “Risk Assessment”
Relationship of “Risk Assessment” to AML Program Value of “Qualified Compliance Professional” Implementation, Testing and Updates Part of Something Much Bigger

5

6 Risk Assessment Measures Risk of: Does NOT Measure Risk of:
Money Laundering Terrorist Financing Does NOT Measure Risk of: Bad Checks Fraud Burglary Robbery

7 QUALIFIED COMPLIANCE PROFESSIONAL
Experience Compliance Certification Other Credentials Industry Involvement Hands On vs.

8 QUALIFIED COMPLIANCE PROFESSIONAL
FFIEC Examination Manual (Federal Financial Institutions Examination Council) QUALIFIED COMPLIANCE PROFESSIONAL Independent Testing & Updating

9 The IRS Manual AKA “Bank Secrecy Act/Anti-Money Laundering Examination Manual for Money Services Businesses” Roadmap for IRS Examiners Published 2008 153 Pages 465 References to “Risk”

10 What the IRS Manual Says . . .
“Each MSB’s AML program must be commensurate with the risks posed by the location and size of the particular MSB, and by the nature and volume of the financial services it offers. Each MSB should identify and assess the money laundering risks that may be associated with its unique combination of products, services, customers, geographic locations, etc. Regardless of where the risks arise, MSBs must take reasonable steps to manage them. Each MSB should focus resources on the areas of its business that management believes pose the greatest risks.”

11 . . . What it Says “Although MSBs are not required by regulation to create a written risk assessment, management is encouraged to document its risk assessment in writing in order to provide a clear basis for the MSB’s policies and procedures. If the MSB does not have a written risk assessment, the examiner will generally need to conduct more in depth interviews in order to determine the MSB’s risk profile.”

12 Four Major Areas - #1 Product Risk - Assessing risk by product or service to determine which provide the greatest anonymity, highest dollar volumes and greatest risk of terrorist financing and money laundering. Walk-ins Aggregate Reporting Transaction Type Anonymity

13 Discussion - Product Risk
Which of your products pose the greatest risks of money laundering and terrorist financing? Do you analyze each product for dollar volume and walk-in percentage?

14 Four Major Areas - #2 Customer Risk - Assessing risk by nature of customer: business, occupation, method of payment and transaction activity.  Business/Occupation vs. Method of Payment and Transaction Activity High-Risk Business Business with No Business Being in Your Store Cash in a Non-Cash Business Transactions Not Related to Business

15 Discussion - Customer Risk
Do you have customers which are “high risk”?

16 Four Major Areas - #3 Geographic Risk - Assessing risk by community served, country of origin or destination, customer location, and related sanctions lists. OFAC Community Served Prepaid Loads/Unloads Payments Wire Transfers Origin Destination Direction

17 Discussion - Geographic Risk
Do you consider geography a risk factor in your business? Are you located in an HIDTA? Are you located in an HIFCA?

18 High Intensity Drug Trafficking Areas

19 High Intensity Financial Crime Areas

20 HIFCAs By Region/County
Area Jurisdiction by Counties California Northern District Monterey, Humboldt, Mendocino, Lake, Sonoma, Napa, Marin, Contra Costa, San Francisco, San Mateo, Alameda, Santa Cruz, San Benito, Monterey, Del Norte California Southern District Los Angeles, Orange, Riverside, San Bernardino, San Luis Obispo, Santa Barbara, Ventura Southwest Border Arizona - All Counties  Texas - Counties Bordering, and adjacent to those bordering, the US and Mexico Boundary Chicago Cook, McHenry, Dupage, Lake, Will, Kane New York New York - All Counties New Jersey - All Counties Puerto Rico Puerto Rico - All Areas U.S. Virgin Isles - All Areas South Florida Broward, Miami-Dade, Indian River, Martin, Monroe, Okeechobee, Palm Beach and St Lucie

21 Four Major Areas - #4 Operational Risk - Assessing risk of potential failure to detect or prevent money laundering or terrorist activity due to inadequate systems, recordkeeping, management, training, and scope of business. Systems Reporting Management Oversight Training Size and Scope of Operations

22 Discussion - Operational Risk
Hardest component to assess Natural reactions are denial and self-defensiveness Resistance to change Employee issues often avoided Management and training quality placed in question Actual program implementation vs. bookshelf program

23 Bespoke, Not Ready-To-Wear
Risk Assessment by Qualified Compliance Professional Custom for Your Business Products Locations Customers Transactions Volumes Operations

24 The 2015 Treasury Reports National Money Laundering Risk Assessment
National Terrorist Financing Risk Assessment Basis of Reports Analyzed 5,000 Enforcement Cases How to Read and Use Them Owners Compliance Professionals

25 Treasury’s View “These assessments should be used by industry and other stakeholders to help inform a risk-based approach to identify, assess, and manage risks in compliance with their obligations under the Bank Secrecy Act and sanctions laws. It is the view of the Treasury Department that financial institutions that establish and maintain appropriate risk-based anti-money laundering programs will be well positioned to effectively manage accounts, prevent illicit transactions, and avoid enforcement action. The assessments published today should be used as one additional tool in evaluating risk, but should not be read in isolation. Additionally, these assessments can help financial institutions determine how best to effectively allocate resources to combat money laundering and terrorist financing.”

26 A Global Problem Financial Action Task Force (FATF) Guidance
Basel Index: World Ranking for Money Laundering and Terrorist Financing Risk Most Countries Have Adopted Risk Protocols

27 Financial Action Task Force

28 FATF Chart Translated (Risk Assessment) – (AML Program) = AML Weaknesses

29 Basel Index: 149 Countries

30 15 Highest Risk Countries

31 Lowest Risk Country Finland

32 (Higher Number = Lower Risk)
United States 97/149 (Higher Number = Lower Risk)

33 “Squishy” Standards Risk Assessment Know Your Customer (“KYC”)
KYC Driven by Risk Assessment Opportunity for Avoidance or Easy Enforcement?

34 Agent Risk Most Check Cashers/Lenders are Agents (Wires, MO, Payments, Prepaid) FinCEN Guidance on Existing AML Program Rule Compliance Obligations for MSB Principals with Respect to Agent Monitoring (March 2016) “FinCEN expects MSB principals and agents to tailor their AML programs to reflect the risks associated with their particular business services, clients, size, locations, and circumstances.” “Principals must periodically reassess risks associated with their agents and update the principals’ programs to address any changing or additional related risks.” (US v. Haider) In short, not only do you as an MSB have direct risk assessment and response obligations, you will also be subject to risk-related obligations as an agent – with pressure from your principals to address risk.

35 Agent Risk – Bank Implications
Legal professionals, such as the prominent law firm Vedder Price, have read the FinCEN guidance regarding agent monitoring as being “instructive for all banks who serve or wish to serve MSB customers.” In its March 22, 2016 Newsletter, that firm noted: “In deciding whether to serve a MSB customer, a bank should conduct an assessment that identifies the AML risks associated with that particular MSB customer.  A bank needs to know and understand its MSB customer, which requires adequate levels of due diligence. Regardless of the risks associated with a MSB customer, a bank should understand the MSB’s business model and the MSB’s customer base.  However, where a bank’s risk assessment shows a heightened AML risk, more thorough and in-depth due diligence may be required.  In making a decision, a bank must consider whether the identified customer risks can be managed and controlled. If a bank chooses to serve a MSB customer, the bank should establish risk-based policies, procedures and internal controls that are reasonably designed to ensure the effective ongoing monitoring of the MSB’s ongoing compliance with AML obligations If the MSB is not performing its AML/BSA obligations in at least a satisfactory fashion, the bank needs to understand the extent to which it is accountable for the AML/BSA failures of its MSB customer.  Using FinCEN’s guidance, a bank should review its current AML program to ensure it has in place an effective monitoring program for MSB customers’ compliance with current AML/BSA obligations.” (emphasis added)

36 Banks and Credit Unions
Whether you have a relationship with a Bank or a Credit Union, keeping them happy is a very good reason to focus on your risk assessment. First Bank of Delaware – FinCEN assessment of civil money penalty. FinCEN made several findings, including: “First Bank did not effectively perform individual risk assessments of its MSB customers. For instance, the Bank completed an initial risk assessment of its check casher business line in 2009, but subsequently did not undertake necessary risk reviews despite rapid growth of the business line. BSA/AML risk analyses were not provided to appropriate Bank personnel, negating the effectiveness of the materials. The Bank also failed to perform on-site visits for out-of-state, high-risk MSB customers, several of which were located in High Risk Drug Trafficking Areas (“HIDTAs”) and High Intensity Financial Crimes Areas (“HIFCAs”).” (emphasis added) Without admitting or denying the findings, First Bank agreed to a $15M civil money penalty. NCUA Supervisory Letter on Money Service Business – NCUA guidance. Among other things, suggests that a CU “Conduct a BSA/AML risk assessment to document the level of risk associated with the account and whether greater due diligence is necessary.” The letter also notes that “Not all money services businesses pose the same level of risk. Each will require a different level of due diligence based on the credit union’s review and assessment.” (emphasis added)

37 What Not To Do IRS MSB Examinations Manual makes it the obligation of an examiner to conduct interviews and perform a risk assessment if the MSB’s risk assessment is absent or inadequate. Do not force the examiner to prepare their own risk assessment. Not having a risk assessment – or having an one that is obviously inadequate – will draw the auditor’s attention and expose you to enhanced scrutiny. Not having a risk assessment can trigger a proctological examination of your entire business, your customers, your transactions and your operations. There is no reason to send out an invitation to conduct this intrusive and time-consuming process when you can take the high road and engage your independent reviewer to prepare a comprehensive – and data supported – risk assessment – and adjust your compliance program and policies and procedures to your risks.

38 Scope of Audit In many cases, the risk assessment will drive the scope of the audit – with emphasis placed on the areas of highest risk. IRS examiners are specifically directed to start with the AML Program, BSA Management Structure, Risk Assessment and Independent Review. Based upon the risk assessment for the business, the examiner can then elect an appropriate examination plan – including transaction testing and analysis – as appropriate for the risk.

39 Examination Trends If you have multiple locations, you may find an IRS examiner in your main office - not necessarily doing traditional, basic transaction analysis. These home office examinations can involve the bigger picture of risk assessment – understanding and analyzing all of the factors listed above, then reviewing your compliance program, policies and procedures, employee training and the like to determine whether your compliance program (and its actual implementation) properly reflect the risks posed in your business.

40 The New New York Regulations
If your business is in New York, your examination will now include the new set of “risk-based” transaction monitoring and filtering rules (effective 1/1/17) – as well as a “compliance finding” certification requirement by your board or a senior officer confirming that you actually have transaction monitoring and filtering programs that comply with the new Superintendent’s Regulations. Filtering “Interdiction,” Not After-the-Fact Risk-Based, Means Based on Your Risk Assessment Updating, Review and End-to-End Testing

41 Other States If you are in not located in New York, stay in your seat.
The New York regulations are intended to be “more granular” guidance on the Federal requirements. In every state, as an MSB, you are subject to at least the Federal requirements. As a licensed entity in a state, you are also subject to that state’s regulatory requirements – many of which refer to risk-based AML programs. New York is a bellwether state for regulatory activity.

42 NYSDFS – Part 504 “Risk-Based.” Requires monitoring and filtering programs “based on the Risk Assessment of the institution.” Created to provide “more granular guidance” on Federally mandated monitoring and filtering, the regulations expand the list of factors to be considered in developing a risk assessment, detail required activities and add an annual certification requirement. “Transaction Monitoring.” Requires regular review, updating and analysis, end-to-end testing, funding, management oversight, understanding and documentation of your monitoring program. “Filtering.” Requires application of Office of Foreign Assets Control (“OFAC”) economic sanctions regulations as well as interdiction of transactions, in addition to most of the requirements related to monitoring. “Records Retention.” Requires retention of five (5) years of records and data supporting the annual certification. “Annual Board Resolution or Senior Officer Compliance Finding.” Requires that the board of directors or senior officer submit an annual “Compliance Finding, certifying that: (1) they have reviewed relevant documents to enable the Compliance Finding to be made; (2) they have taken all steps necessary to confirm that the financial institution has a transaction and monitoring program that complies with Part and (3) to the best of their knowledge, the program complies with Part (“Senior Officer” is defined as a “senior individual or individuals responsible for the management, operations, compliance and/or risk of” an institution subject to Part 504.)

43 NYSDFS – Risk Assessment
Requires “an enterprise wide BSA/AML risk assessment, that takes into account the institution’s size, staffing, governance, businesses, services, products, operations, customers, counterparties, other relations and their locations, as well as the geographies and locations of its operations and business relations.”

44 NYSDFS – Annual Certification
_______________________ (Regulated Institution Name) APRIL 15, 20____ Annual Board Resolution or Senior Officer(s) Compliance Finding For Bank Secrecy Act/Anti‐ Money Laundering and Office of Foreign Asset Control Transaction Monitoring and Filtering Program Whereas, in compliance with the requirements of the New York State Department of Financial Services (the “Department”) that each Regulated Institution maintain Transaction Monitoring and Filtering Program in compliance with Section 504.3; and Whereas, Section requires that the Board of Directors or a Senior Officer(s), as appropriate, adopt and submit to the Superintendent a Board Resolution or Senior Officer Compliance Finding confirming its or such individual’s findings that the Regulated Institution is in compliance with Section of this Part 504; NOW, THEREFORE, the Board of Directors or Senior Officer certifies: (1) The Board of Directors(or name of Senior Officer(s)) has reviewed documents, reports, certifications and opinions of such officers, employees, representatives, outside vendors and other individuals or entities as necessary to adopt this Board Resolution or Senior Officer Compliance Finding; (2) The Board of Directors or Senior Officer(s) has taken all steps necessary to confirm that (name of Regulated Institution) has a Transaction Monitoring and Filtering Program that complies with the provisions of Section 504.3; and (3) To the best of the (Board of Directors) or (name of Senior Officer(s)) knowledge, the Transaction Monitoring and the Filtering Program of (name of Regulated Institution) as of ___________ (date of the Board Resolution or Senior Officer(s) Compliance Finding) for the year ended ________ (year for which Board Resolution or Compliance Finding is provided) complies with Section Signed by each member of the Board of Directors or Senior Officer(s) (Name)_____________________________ Date:

45 Annual Opportunity Independent Review Shop Quality, Not Price
Make Sure it Starts with a Real Risk Assessment Performed by Qualified Compliance Professional Custom for Your Business Compliance Program to Match Risk Assessment Policies and Procedures to Match Risk Assessment Operations and Management to Match Risk Assessment Systems and Reporting to Match Risk Assessment Training to Match Risk Assessment Tested and Updated Regularly

46 Wrap-Up Risk Assessment is the Core of any Compliance Program
Risk Assessment Must be Custom to Your Business Risk-Based AML Program Test and Update Regularly New NY Regulations Mean Business Always Engage Qualified Compliance Consultants

47 Questions? Please raise your hand.

48 Suggested References

49 Thank You Panel Contact Information: Robert (Bob) Mengani William Staderman Richard B. Kelsky

Download ppt "Risk Assessment A Regulatory Hot-Button"

Similar presentations

The New Anti-Money Laundering Regulations

The New Anti-Money Laundering Regulations
Seven sound practices Understand the quantity of money laundering risk at your organization Confirm that policies, procedures, and controls address all.

Seven sound practices Understand the quantity of money laundering risk at your organization Confirm that policies, procedures, and controls address all.
At Hyderabad December 29, 2010 Kunnel Prem. ICP 27 on Insurance Frauds and ICP 28 on AML/CFT.

At Hyderabad December 29, 2010 Kunnel Prem. ICP 27 on Insurance Frauds and ICP 28 on AML/CFT.
Anti Money Laundering (AML) An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.

Anti Money Laundering (AML) An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
Managed Funds Association’s Sound Practices for Hedge Fund Managers 2009 Edition.

Managed Funds Association’s Sound Practices for Hedge Fund Managers 2009 Edition.
Anti-Money Laundering and OFAC Compliance for Transfer Agents SSA Annual Conference July 25, 2008.

Anti-Money Laundering and OFAC Compliance for Transfer Agents SSA Annual Conference July 25, 2008.
Areti Moularas, Senior Manager

Areti Moularas, Senior Manager
Anti-Money Laundering (AML)

Anti-Money Laundering (AML)
1 Supplement to the Guideline on Prevention of Money Laundering Hong Kong Monetary Authority 8 June 2004.

1 Supplement to the Guideline on Prevention of Money Laundering Hong Kong Monetary Authority 8 June 2004.
This tool can be found in the Banker Tools section of BankersOnline.com. www.bankersonline.com 1 Bank Secrecy, Anti-Money Laundering & OFAC Director Education.

This tool can be found in the Banker Tools section of BankersOnline.com. 1 Bank Secrecy, Anti-Money Laundering & OFAC Director Education.
Nature of an Integrated Audit

Nature of an Integrated Audit
V. Conferencia Internacional Antilavado de dinero y Contra el Financiamiento al Terrorismo Anti-Money Laundering Compliance for Broker/Dealers Current.

V. Conferencia Internacional Antilavado de dinero y Contra el Financiamiento al Terrorismo Anti-Money Laundering Compliance for Broker/Dealers Current.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Top 10 Things a New BSA Officer Must Know. What is Associated Risk Group? Premier provider of BSA/AML regulatory best practices to financial institutions.

Top 10 Things a New BSA Officer Must Know. What is Associated Risk Group? Premier provider of BSA/AML regulatory best practices to financial institutions.
Compliance System Validation - An Audit Based Approach December 2012 Uday Gulvadi, CPA, CIA, CISA, CAMS Director - Internal Audit, Risk and Compliance.

Compliance System Validation - An Audit Based Approach December 2012 Uday Gulvadi, CPA, CIA, CISA, CAMS Director - Internal Audit, Risk and Compliance.
Compliance and Regulation for Mobile Solutions Amanda J. Smith Messick & Lauer, P.C. May 16, 2013.

Compliance and Regulation for Mobile Solutions Amanda J. Smith Messick & Lauer, P.C. May 16, 2013.
Global Treasury Services Latin America Operating Risk.

Global Treasury Services Latin America Operating Risk.
Risk Management Reconstructed Implementing fraud risk intelligence practices July 2011 KPMG FORENSIC SM.

Risk Management Reconstructed Implementing fraud risk intelligence practices July 2011 KPMG FORENSIC SM.
Eimer O’Rourke Head of Retail Banking Anti-Money Laundering 3 rd time lucky ICAI – 18 October 2007.

Eimer O’Rourke Head of Retail Banking Anti-Money Laundering 3 rd time lucky ICAI – 18 October 2007.
ANTI-MONEY LAUNDERING TRAINING FOR LENDERS Bill Heyman Offit Kurman 301.575.0393.

ANTI-MONEY LAUNDERING TRAINING FOR LENDERS Bill Heyman Offit Kurman

Similar presentations

Ads by Google