Mitigating International Money Laundering Risks 13th Annual FIBA Anti-Money Laundering Compliance Conference February 13 – 14, 2013 Ellen Zimiles Managing Director Head of Global Investigations & Compliance

D I S P U T E S & I N V E S T I G AT I O N S • E C O N O M I C S • F I N A N C I A L A D V I S O RY • M A N A G E M E N T C O N S U LT I N G

Table of Contents I.

International Money Laundering

1

II.

Latest International AML Vulnerabilities

2

III.

Recent Enforcement Actions

4

IV.

Effective Risk Assessment

5

V.

Effective CDD Process

9

VI.

Lesson Learned

10

Biography

13

-i-

I. International Money Laundering All financial institutions with a U.S. presence must take steps to identify and mitigate the risks of money laundering across national borders. The approaches taken to launder money, as well as finance illicit activities, are continuously evolving. financial institutions can and should seek guidance through the laws, regulations, and enforcement actions assessed by U.S. and multi-national regulatory agencies, which reflect the most recent and ongoing money laundering and terrorist financing concerns. Examples of some ongoing international money laundering concerns: A. B. C. D. E.

Unregistered Money Services Businesses Banking of Mexican drug money Transfers of money through Iran Bribery and Corruption Human Smuggling and Trafficking

-1-

II. Latest International AML Vulnerabilities A financial institution's efforts to monitor and report suspicious activity should include a focus on mitigating traditional money laundering risks, along with new areas vulnerable to criminal abuse and areas subject to increased regulatory scrutiny. A.

Unregistered Money Services Businesses FinCEN released guidance in September 2011 revising the definition of an MSB and clarifying that certain businesses not located in the U.S., but conducting business in the U.S. through U.S. customers may meet the definition of an MSB. Banks should monitor customer activity to ensure their customers are not operating as unregistered MSBs.

B.

Banking of Mexican Drug Money The activities of a financial institution’s subsidiaries are representative of the entire firm, therefore, a financial institution must be acutely aware of the dangers these affiliates, especially in high risk jurisdictions such as Mexico, pose when reviewing its risk profile.

-2-

II. Latest International AML Vulnerabilities (cont’d) C.

Transfers of Money Through Iran The U.S. has been tightening its sanctions on Iran for more than 20 years, while at times allowing certain exceptions, such as U-turn transactions. As the use of sanctions evasion practices increases, regulators and banks must be even more aware of with whom and where their customers conduct business.

D.

Bribery and Corruption Recent high profile cases indicate that regulators are bringing more Foreign Corrupt Practices Act (“FCPA”) cases and seeking larger penalties for FCPA violations. These cases often deal with corrupt activities within South America, Russia and the Middle East and may engender the international movement of illicit money.

E.

Human Smuggling and Trafficking Given the high profitability of smuggling human beings, criminals are increasingly turning to these practices. Banks should monitor transaction activity to identify the illicit proceeds from human smuggling and trafficking, and report such activity to facilitate the seizure of these assets. -3-

III. Recent Enforcement Actions Recent enforcement actions have echoed common themes of deficiencies in financial institutions’ Bank Secrecy Act (“BSA”)/anti-money laundering (“AML”) compliance programs, including: A.

Inadequate risk assessment processes to identify, manage and control risks

B.

Failure to adequately conduct customer due diligence (“CDD”) and enhanced due diligence (“EDD”) processes to assess and monitor client relationships, resulting in a failure to identify potentially suspicious activity.

C.

Ineffective internal controls with respect to Office of Foreign Assets Control (“OFAC”) compliance.

-4-

IV. Effective Risk Assessment A.

Purpose of a Risk Assessment

A risk assessment tests the effectiveness of a bank’s risk-based AML internal controls, and allows a bank to understand its risk exposure so that it may tailor its risk mitigation processes to its unique risk profile. Risk categories a bank should focus on include: 1.

Products and services;

2.

Customer types;

3.

Entity types and

4.

Geographic locations.

-5-

IV. Effective Risk Assessment (cont’d) B.

The Risk Assessment Process

1.

Identifying Inherent Risks Include an analysis of business lines individually and across business lines to identify inherent AML risks across all activities and product categories.

2.

Mitigating Inherent Risks with Internal Controls Mitigate inherent risks with robust internal controls, such as policies and procedures. It has been noted in recent enforcement actions that banks have failed to implement adequate procedures for customer due diligence, suspicious activity monitoring and independent testing.

3.

Residual Risk and Effective Transaction Monitoring Understand residual risks within the institution, enabling the bank to allocate the appropriate guidance and resources to its transaction monitoring program. A bank must have acute knowledge of its own risk profile in order to effectively monitor its customer’s ongoing activity. -6-

IV. Effective Risk Assessment (cont’d) C.

Risk Based Approach

The FFIEC BSA/AML manual mandates that a bank have an adequate and effective BSA compliance program capable of identifying suspicious activity. This program should focus on higher risk areas identified within the risk assessment, such as: 1.

Higher risk customers who may pose a reputational risk to the bank A bank must consider, among other things, the nature of a customer’s business, and even where and with whom the customer itself does business, when assessing the risk of a new or existing customer.

-7-

IV. Effective Risk Assessment (cont’d) 2.

Higher risk products and services Certain products offer a customer relative anonymity combined with the availability to transact large volumes of currency in a short period of time. Examples include Remote Deposit Capture, Bulk Cash and Monetary Instruments.

3.

Geographic locations known for illicit activities Evaluating customers and their affiliates’ geographic location is an important part of assessing risk within an institution. For U.S. financial institutions, this geographic risk can come from areas both domestic and abroad.

One of the key pre-requisites to attaining a meaningful assessment of risk within an international financial institution is having accurate and current customer information. Recent enforcement actions have identified customer due diligence and enhanced due diligence as areas where banks are failing to meet the standards set out in regulatory guidelines. -8-

V. Effective CDD Process An effective customer due diligence program provides the financial institution with the adequate information to assess the risks and expected activity of a customer. The lack of appropriate due diligence information inhibits the bank’s ability to determine the risk of the customer, and monitor and identify potentially suspicious activity. A. CDD information should include a customer’s relationship across all lines of business within the bank, including all bank subsidiaries or affiliates in all regions and countries, to permit customer transactions to be monitored and evaluated in aggregate. B. The CDD processes should be applied to all customers, including subsidiaries or affiliates of the bank, to mitigate concealment of suspicious activity occurring through such affiliates. C. A periodic review process should be implemented to determine whether due diligence information is current and customer risk rating is accurate. The time period of the review should be based on the customer’s risk.

-9-

VI. Lessons Learned A. Emphasize BSA/AML Compliance to All Employees Regulators have criticized some financial institutions for non-compliance with BSA/AML and OFAC regulatory guidelines due to emphasizing business strategy over compliance risk and insufficient knowledge of OFAC laws among employees.

Senior management should set a tone at the top that compliance with BSA/AML and OFAC laws and guidelines are important and all relevant employees should receive specific training, informing them specifically on activity and practices that are prohibited. B. Internal Controls Regarding OFAC Filters Many financial institutions involved in recent sanctions cases were criticized for lacking internal controls to prevent circumvention of OFAC filters, and in one case a bank was accused of turning off a process in the OFAC filtering software. Internal controls should be in place preventing circumvention of OFAC filters and establishing a system of checks and balances for individuals with authority to make adjustments to OFAC filtering software. -10-

VI. Lessons Learned (cont’d) C. Manage AML and OFAC Alerts Effectively Regulators have criticized financial institutions for mismanaging alerts generated by OFAC and transaction monitoring software. An effective AML and OFAC compliance program should ensure that all transactions are filtered through the relevant software. All alerts should be thoroughly researched to identify true matches and false positives, and results should be documented and maintained to ensure a proper audit trail. D. Testing the Compliance Program In several of the recent cases, financial institutions did not implement effective independent testing of their compliance programs. Independent testing, whether performed internally or externally, should be performed regularly and thoroughly, and should be documented to ensure identified deficiencies are followed to resolution. Internal audit should ensure that issues identified are remediated promptly and effectively. -11-

VI. Lessons Learned (cont’d) E. Falsifying and Stripping Transactional Data Several financial institutions have been accused of stripping identifying information from transactions involving U.S. sanctioned countries (i.e., Iran), falsifying wire instructions and concealing these practices from regulators.

Banks should implement internal controls and procedures requiring employees to maintain accurate transactional data regarding parties involved in transactions and payment instructions. Alteration of any transactional data to conceal identifying information should be prohibited. F. United States Senate Permanent Sub-Committee on Investigations report There will be less regulatory forbearance going forward. Regulators will be less tolerant of repeat issues or insufficient resources allocated to a financial institution’s AML compliance program. Substantial resources can and will be dedicated to investigating and prosecuting similar cases. -12-

Biography Ellen Zimiles

Ellen Zimiles Managing Director Head of Global Investigations and Compliance Navigant Consulting, Inc. 90 Park Avenue New York, NY 10016 Tel: 212-554-2602 Fax: 646-227-4299 [email protected]

Ellen Zimiles, head of Navigant’s Global Investigations and Compliance practice, has more than 25 years of litigation and investigation experience, including 10 years as a federal prosecutor. Before coming to Navigant, Ellen co-founded Daylight Forensic & Advisory, an international consulting firm, where she served as the Chief Executive Officer, prior to Daylight being acquired by Navigant. Ellen was a principal at a "Big Four" accounting firm, where she coordinated the forensic practice across all industry segments and was practice leader for the financial services industry. She is a leading authority on anti-money laundering programs, corporate governance, regulatory and corporate compliance, fraud control and public corruption matters. Ellen has worked with a multitude of financial institutions preparing for regulatory exams, developing remediation programs and assisting organizations as a regulatory liaison. She has also served as a monitor on numerous occasions and provided investigative and advisory service to many public entities. Before her Big Four experience, Ellen was an Assistant United States Attorney in the Southern District of New York for more than 10 years. She served in the civil and criminal divisions and was chief of the forfeiture unit for more than six years. Ellen was responsible for many high-profile money laundering, fraud and forfeiture cases. In recognition for her contributions as a federal prosecutor, Ellen received the United States Department of Justice’s John Marshall Award for Outstanding Service and the United States Department of Health and Human Services’ Integrity Award. Ellen earned a bachelor's degree at Brooklyn College and a law degree at Syracuse University College of Law, where she served as an editor of the law review.

-13-