STUDY GUIDE
Introduction
Welcome to ACAMS—
The Global AML Association
ACAMS – the Association of Certified Anti-Money Laundering Specialists –
is the premier organization in recruiting and training people who are
interested in combating money laundering, terrorist financing, and
financial crime throughout the world.
This Study Guide is designed to give you an
overview of money laundering and terrorist
financing and the efforts to combat these
two criminal activities. We hope that after
successfully completing ACAMS AML
Foundations, you will consider the
next step in your AML career journey—
the CAMS Certification.
2
Study Guide v1.0
TABLE OF CONTENTS
Basics of AML/CTF
4
Stages
4
Consequences
5
Methods: Banks
6
Methods: Non-Bank
8
Terrorist Financing
12
Laws & Regulations
13
US Legislation
13
Financial Action Task Force
16
European Legislation
17
United Nations, International Monetary Fund, and World Bank
19
Wolfsberg Group
20
Basel Committee
21
Egmont Group
22
Protection
23
Risk Assessment
23
AML/CTF Programs
26
Reporting
30
Investigations
34
Investigation Basics
34
Investigation Outcomes
37
External Investigations
39
Interviewing
39
International Cooperation
40
Study Guide v1.0
3
Basics of AML/CTF
Money Laundering
A common definition of money laundering is the
process by which criminals transform ill-gotten
gains into funds that appear to be legitimate. It is
the process whereby “dirty” money is “laundered”
and made to appear to be “clean.”
As an example, with regard to drug trafficking,
money laundering would entail taking the
proceeds from street sales, depositing the funds
into the banking system and transferring the funds
through multiple accounts or jurisdictions and
making investments, such as in stocks, houses, or
boats. All of these acts are designed to disguise
the source of the money and make it appear that
the money is derived from legitimate commerce.
The purpose of money laundering it to hide
the existence of the underlying crime that
generated the tainted money and to funnel the
money through various stages so that it can be
used in commerce without raising suspicions and
without people realizing that the funds are from
illegal means.
It should be noted that money laundering is
not the same as, for instance, tax evasion. In the
former situation, one, by definition, is dealing with
proceeds of a crime. In the latter, the source of
the funds may well be legitimate; one is simply
trying to hide the existence of the income in
order to illegally avoid paying taxes. Both may
involve similar methods, but the two relate to
different purposes.
A more official definition of money laundering
(meaning, in essence, the same thing as the
informal statement set out above) can be obtained
from a statement issued by the United Nations in a
money laundering-related treaty:
4
Study Guide v1.0
The conversion or transfer of property,
knowing it is derived from a criminal offense,
for the purpose of concealing or disguising
its illicit origin or of assisting any person who
is involved in the commission of the crime to
evade the legal consequences of his actions.
The concealment or disguising of the
true nature, source, location, disposition,
movement, rights with respect to, or
ownership of property knowing that it is
derived from a criminal offense.
The acquisition, possession or use of property
knowing that at the time of its receipt it, it
was derived from a criminal offense or from
participation in a crime.
In other words, money laundering includes not
only the cleansing of ill-gotten funds, but also its
receipt, if the person knows that the funds are from
the proceeds of a crime.
The Three Stages of Money
Laundering
Money laundering is commonly described as
occurring in three stages. Some money laundering
transactions can arguably fall within more than one
stage, but it is important to understand the flow
of money through the money laundering process
which is designed to transform the dirty money into
clean, usable funds.
First Stage – Placement
The first stage of money laundering is typically
referred to as the placement stage. This is the
stage during which the illegal funds are “placed”
into the financial system. An example of this
would be when the drug trafficker deposits a large
amount of cash or negotiable instruments into
a bank account. Please keep in mind that this is
only one of numerous possible examples and
that the placement stage is not restricted to
cash or currency.
As a result of the placement stage, the illicit funds
are introduced into the financial system, but are by
no means fully laundered at this point. The simple
process of depositing funds into the banking
system – by, for instance, breaking the funds into
relatively small amounts in order to avoid suspicion
or detection – is only the beginning of the money
laundering process.
Placement Case Study
The very first bank to be prosecuted for failing
to identify and to report deposits of illicit
funds being deposited was a small bank in
New York City. In that case, several different
groups of people came into the bank on a
regular basis and deposited cash, often just
under the reporting thresholds. The people in
each group would go up to separate tellers,
and would frequently use different accounts,
but it was fairly evident that they came into
the bank together and were working together
and that the accounts were related – the
accounts having similar names.
One particular money launderer, Alfred
Dauber, made regular cash deposits far in
excess of the reporting thresholds into 12
different accounts and had the bank wire the
funds to the country of Colombia. Dauber
became the bank’s largest customer and his
cash deposits overwhelmed the tellers of the
bank, but the bank was heedless of the risk
or purpose of Mr. Dauber’s accounts. It was
estimated that Dauber made 250 deposits at
the bank, totaling $46 million.
Overall, approximately $123 million was
laundered through the bank by various
people. The bank ended up pleading guilty to
criminal charges and paying a criminal fine of
$4 million.
Second Stage – Layering
The second stage of money laundering is known
as layering and involves the money launderer
engaging in numerous transactions designed to
make it difficult to trace the illicit funds back to
their origin.
Layering typically involves a series of complex
transactions through several financial accounts;
sending wire transfers between banks and
countries; converting deposited cash into monetary
instruments, such as traveler’s checks; and buying
and selling high-value goods, stocks or real estate
– anything to distance the money from its true
source, to make the funds appear to be involved in
legitimate commerce and to confuse the audit trail.
Third Stage – Integration
The third stage of money laundering is called
integration and is focused on making it appear
that the illicit proceeds are part of legitimate
commerce through investment in normal
transactions. Hence, after the placement and
layering stages, the money launderer will invest
in property, businesses or other financial ventures
to make it appear that the investments are
from personal wealth or legitimate business
income. At this point, once the investments are
made, it is very difficult to determine that the
underlying funds are from illegal sources rather
than normal business transactions. However,
financial institutions and other businesses have
an obligation not to be “willfully blind” to
monies that may be derived from illegal funds.
To that end, there are systems available to
monitor transactional activity and compliance
responsibilities to know your customer. It all
centers on knowledge of the derivation of the
source of funds.
The Economic and Social
Consequences of Money Laundering
In addition to the fact that successful money
laundering enables the criminal to evade
prosecution and punishment and to use his illgotten gains, it has clear and serious ramifications
to a country’s economic and social structure.
Study Guide v1.0
5
For instance, money laundering tends to feed upon
itself and generate increased crime. If a particular
country is known as being vulnerable to money
laundering – because of corruption, inadequate
laws and/or lax enforcement – criminals will tend to
recognize it as a haven and will gravitate to it.
Money laundering also undermines the private
sector of a country in that illegal front companies
involved in money laundering have an unfair
competitive advantage because they are more
focused on laundering funds than making a
legitimate profit. If a money launderer were to
operate an artificial business at a loss in order to
simply have a mechanism for laundering money,
then legitimate companies – trying to make a profit
and to avoid losses – could not compete on an
equal footing.
The safety and soundness of financial institutions
can be threatened by money laundering that takes
undue advantage of the institution and subjects it
to undue risk.
Financial Institution Case Study
There are a number of banks that have been
harmed by money laundering and noncompliance with anti-money laundering laws.
However, the Riggs Bank, NA, in Washington,
D.C., stands out as a particularly bleak
example. In addition to having poor antimoney laundering policies and procedures
and internal controls, the bank was actively
laundering funds for several dictators,
including Theodoro Obiang, the President of
Equatorial Guinea, and Augusto Pinochet, the
former dictator of Chile. The bank was directly
involved in transferring ill-gotten money for
both of these individuals with the help of
corrupt and poorly supervised officers of the
bank. The resulting reputational damage led,
in effect, to the bank’s demise and its forced
sale to PNC.
6
Study Guide v1.0
Money laundering can also have an adverse
effect on the economic policies and even stability
of countries--in particular, small, emerging
countries. In those situations, rampant money
laundering can upset the integrity of monetary
data, the equilibrium of currencies and the interest
rates earned on investments because, again,
money launderers are more concerned about
cleansing their funds than engaging in legitimate,
competitive commerce.
Further, there is typically a loss of tax revenue
when there is an influx of money launderers who,
in addition to laundering funds, usually do not
pay taxes. The loss of revenue can result in
higher tax rates imposed on the honest taxpayers
in the jurisdiction.
There is an overriding reputational risk to any
jurisdiction permitting money laundering – or
not prohibiting money laundering strongly and
effectively enough – which can lead to increased
crime rates, corruption and political instability.
In terms of the social costs of money laundering,
there is, of course, the effect the underlying crime
– especially drug trafficking and human smuggling
– can have on a society. These crimes result in
disrupted and damaged lives, law enforcement
costs, health and rehabilitation costs, broken family
structures, etc.
Common Methods of Money
Laundering: Banks
There are myriad ways of laundering money
through the financial system of any country. Here
is a very high-level overview of some of the more
common methods of money laundering. It is a
listing of some of the types of institutions and
industries that are particularly vulnerable to money
laundering and a listing of some of the methods
used within these institutions and industries to
launder money.
Financial institutions, particularly banks, have
historically been vulnerable to money laundering.
Banks are a primary entry point to the financial
system and can be used for nefarious purposes
if they are not careful. To quote Willie Sutton,
the infamous bank robber – when asked why he
robbed banks, he responded that banks are where
the money is. In addition, it is where customers
can deposit money, hold accounts, transfer funds,
invest their money, conduct international business
transactions and otherwise have access to the
international financial world. For money launderers
it is a world of opportunity; for banks it is rife with
risk and needs continual monitoring.
There are several bank-related products and
services that are especially vulnerable to money
laundering, including the following:
Bank Accounts
As we saw in the Broadway Bank case study, illict
funds can be deposited into normal, everyday bank
accounts and, from there, funds can be wired most
anywhere in the world.
Structuring
Structuring is perhaps the most well-known
form of money laundering. It involves taking
a large amount of cash and breaking it into
smaller amounts so it can be deposited into
financial institution without triggering reporting
requirements. This activity is illegal in the United
States and many other countries.
Electronic Funds Transfer
Electronic funds transfer is the electronic transfer of
money from one account to another. Electronic funds
transfer, most commonly wire transfers, operate with
such speed and volume that international transfers
of laundered money can frequently be disguised
by blending into the millions of other legitimate
transfers that occur every day. Wire transfers to or
from high-risk countries are particularly susceptible
to being used for money laundering.
Correspondent Banking
Correspondent banking services are another
avenue of banking that is vulnerable to abuse
by money launderers. Correspondent banking
occurs when one bank acts as the agent of another
bank in a foreign country. A local “respondent
bank” will contract a “correspondent bank” to
provide banking services for its customers in
another country. Unfortunately, it is also a risky
area in that the correspondent bank does not
know the customers of the respondent bank and
has little control over or ability to monitor that
customer’s transactions.
Local respondent banks often advertise their
network of foreign correspondent banks.
Of particular concern are those correspondent
banking relationships that permit – either
knowingly or through a lack of adequate controls
– the respondent bank to provide banking services
for shell banks. (A shell bank is a financial entity
that has no physical presence in any country. See
more details elsewhere in this study guide.) In
the United States, the USA Patriot Act contains
provisions to guard against this risk by requiring
the U.S. bank to take certain steps to ensure that
it is not indirectly providing correspondent
banking services to a shell bank. The Act also
requires certain fundamental due diligence reviews
prior to establishing a foreign correspondent
banking relationship.
Of further concern is the fact that the supervisory
regime of the country where the respondent
bank is located may not be very strong and the
enforcement of anti-money laws may not be
very effective. A bank should study and analyze
these issues before it gets involved in a foreign
correspondent banking relationship.
Correspondent Banking Case Study
In the 1990s, Lucy Edwards, a Vice President
of the Bank of New York (BONY), with
the help of her husband, Peter Berlin,
Study Guide v1.0
7
established several accounts at the bank on
behalf of an unlicensed New York branch of
a foreign bank. These were illegal foreign
correspondent bank accounts through which
the couple sent billions of dollars in wires over
a period of three and one - half years.
As a result, there were numerous
investigations and BONY agreed to a nonprosecution agreement with the Department
of Justice. The bank paid $38 million in
penalties and victim compensation.
Payable-Through Accounts
This type of account allows the customer of a
respondent bank in a correspondent banking
relationship to conduct transactions directly
through the correspondent account. When
this happens, the correspondent bank cannot
determine – and may not even know – whether
it is the respondent bank or its customer that
is conducting the transaction. This raises the
money laundering risk because the correspondent
bank cannot perform adequate due diligence
to determine the nature and purpose of the
transaction or even who is conducting it.
Concentration Accounts
A concentration account is a deposit account
used to aggregate funds from several locations
into one centralized account. Concentration
accounts are used by institutions to process and
settle internal bank transactions. Concentration
accounts are typically used for fund transfers,
private banking transactions, trust and custody
accounts, and international transactions. The
money laundering risk occurs when a bank allows
a customer to conduct a transaction through the
bank’s concentration account. In those instances,
the transaction appears to be the bank’s own
transaction and, thus, the audit trail for the
customer’s transaction is disguised, if not lost.
8
Study Guide v1.0
Concentration Account Case Study
Between 1991 and 1993, Citibank Private
Banking Officer Amy Elliott moved tens
of millions of dollars for Raul Salinas, the
brother of Carlos Salinas, the then President
of Mexico. The money was transferred to
the Cayman Islands, in Swiss banks and in
accounts with fraudulent names. Many of
the transactions were conducted through
Citibank’s concentration accounts in order
to avoid detection. When the scheme was
uncovered, considerable adverse publicity
resulted for the bank and U.S. Senate
hearings were held on the matter.
Private Banking
Private banking has been a particular area
vulnerable to money laundering. Riggs Bank and
other banks have run afoul in this area, allowing
high-net-worth individuals and political figures (also
known as “Politically Exposed Persons” or “PEPs”)
to engage in money laundering. The problem is
that a bank can be attracted to the high fee income
that can be generated in the private banking
area and the private banking representatives
within the bank can become too close to and
supportive of the rich clients. The result could
be less vigorous enforcement of AML policy and
law. In the case of Riggs, the account relationship
managers deposited millions of dollars in cash
for Theodora Obiang, the President of Equatorial
Guinea, disguised the names of Augusto Pinochet’s
accounts and even hand-carried almost $2 million
in cashier’s checks to Pinochet in Chile so he could
convert the checks into cash.
Common Methods of
Money Laundering:
Non-Bank Financial Institutions
There are many types of non-bank financial
institutions and non-financial businesses and
professions (involved in the financial arena, but not,
per se, financial institutions) that can be vulnerable
to money laundering. What follows is a quick
overview of some of these entities or industries and
their respective money laundering risks.
Credit and Debit Cards
The credit and debit card industry is not very
vulnerable to the placement stage of money
laundering, but credit cards can be used in the
layering and integration stages. For instance, a
person can prepay – or overpay – a credit card
bill and ask for a refund, which will have all the
earmarks of a legitimate payment from a reputable
company.
Further, once funds are deposited into the financial
system, credit cards and debit cards can be used
to access the funds in other countries. Also, such
cards can be used to load money and the cards can
then be transported out of the country, possibly
avoiding detection.
Money Remitters and Money
Exchange Houses
Money remitters and money exchange houses are
recognized as high-risk entities because they deal
extensively with cash. While these entities provide
legitimate services, especially to the unbanked
and under-banked, they can be abused by money
launderers given the ease with which these entities
accept cash and transmit funds overseas. In
addition, especially historically, this industry has not
been subject to the same rigorous supervision as is
imposed on commercial banks.
Insurance Companies
The insurance industry is vulnerable to money
laundering in several ways. For instance, many life
insurance policies provide a “free-look” period;
launderers can thus use illegal cash to purchase a
policy and then quickly turn it back in, receiving
a legitimate check for the funds from a reputable
company. In this way, the launderer has the image
of having received legitimate funds.
Life insurance policies that have a surrender value
or an investment or annuity component can also be
used for laundering funds. By redeeming a policy
in return for a lump sum payment or by leveraging
the policy into a stream of payments, the launderer
can successfully convert his own funds for those
from a known insurance company.
In contrast, insurance policies for health, property,
title or casualty do not readily lend themselves to
money laundering abuse because they do not have
investment or borrowing features, an ability to
build up cash, or an option for transferring funds.
Securities Broker-Dealers
While little currency is involved with securities
broker-dealers, there are certain aspects of
the industry that make it vulnerable to money
laundering. These include its international nature;
the speed at which the transactions are conducted;
the ease of converting one type of security into
another type of security; and the ability to use
securities to transfer funds around the world.
Further, securities accounts placed under the
control of a trustee can serve to conceal the
identity of beneficial owners. This, of course, has to
be guarded against.
Casinos
Casinos are obvious focal points for money
laundering. While gambling is the heart of the
industry, the vast amount of cash involved presents
a great opportunity for laundering funds. For
instance, a person can purchase a large quantity
of gambling chips with cash, make the appearance
of gambling a little bit, and then cash the chips
in for a casino-issued check or voucher. Such
checks issued by a casino can be explained away
as “winnings,” as opposed to illicit funds derived
from criminal pursuits. In addition, the gambler can
request that the “winnings” be transferred to an
affiliated casino in another country, thus spiriting
the funds out of the country.
Study Guide v1.0
9
Due to the substantial amount of cash in the
gambling industry, related money laundering
efforts are usually associated with the placement
stage of money laundering.
Dealers in High-Value Items
Any industry that involves a large amount of money
can be vulnerable to money laundering and dealers
in high-value items, such as precious metals, jewelry
and art are no exception. Specifically, such items can
be bought, sold and traded easily and for a lot of
money, making it convenient for launderers to blur
the source of the funds, making the audit trail more
difficult to follow and assisting in the conversion of
the illicit funds into acceptable forms of commerce.
In addition, some items, like jewelry, can be
transported easily, thus making cross-border
transfers relatively simple.
Vehicle Sellers
Similarly, vehicle sellers can be vulnerable to money
laundering in that vehicles are expensive, and can
be bought and sold and transported relatively
easily. If the launderer is able to pay for a vehicle
with cash – typically through structured payments
over time – or negotiable instruments and then sell
the vehicle for funds in the form of a check or wire
transfer from a recognized, reputable entity, the
launderer will have successfully converted his money
into commercially acceptable funds. In addition, the
person might trade vehicles multiple times, making
the audit trail difficult to follow. A person might also
trade a more expensive vehicle for a vehicle of lesser
value, receiving a commercially acceptable check to
make up the difference.
Travel Agencies
Travel agencies can also be used to launder
money in various ways. This might include paying
for an expensive trip to a resort – paying for the
flight, hotel, rental car, and tour package – then
cancelling the trip and receiving a refund in the
form of a check from a reputable company.
10
Study Guide v1.0
Other Non-Financial Industries
The space here is too limited to go into many
of the other entities or lines of business that
can be used for money laundering, but a few of
them include “gatekeepers” (such as notaries,
accountants, auditors and attorneys); investment
and commodity advisors; trust and company
service providers; real estate brokers; trade
financing firms; and people engaged in the Black
Market Peso Exchange. These topics are explained
in detail in the ACAMS Study Guide for the CAMS
Certification Examination, Fifth Edition.
Internet Banking
With the speed and potential anonymity of internet
banking, funds can be transferred multiple times
between accounts and countries with ease. This
makes tracing the funds more difficult. And the
lack of face-to-face contact makes it harder to
identify and interdict such transactions. While there
is extensive use of passwords and there is usually
adequate customer due diligence when opening
a bank account that can be accessed through the
internet, identities and passwords can be hacked
or stolen. Consequently, it is important for financial
institutions and customers to exercise great caution
in this area.
Internet Casinos
Similarly, with regard to internet casinos, money
launderers can take advantage of the internet to
transfer funds quickly under the cover of engaging
in gambling activity. In addition, the offshore
location of many internet gambling operations
makes it more difficult to obtain information
about underlying transactions and to support
prosecutions. These offshore locations often have
weak regulatory regimes that provide inadequate
supervision.
Internet Casino Case Study
In 2003, PayPal became the subject of a
criminal case relating to its processing the
payments of online gambling companies.
It was alleged that PayPal was violating
the prohibition against the international
transmission of money derived from criminal
activity. PayPal paid a fine of $200,000 and
forfeiting its profits related to the online
gambling activity. It also ceased processing
any payments for online gambling companies.
Pre-Paid Cards and E-Cash
Pre-paid cards and e-cash, including mobile
payments, are another potential avenue for
money launderers to use. Pre-paid cards are
especially vulnerable because they are portable,
transferable and anonymous and, frequently, can
be loaded with large amounts of money. They are a
convenient alternative to bulk cash or cross-border
transfers of funds. Further, in many places, they are
poorly regulated.
E-cash and mobile phone transfers and payments
are also vulnerable to money laundering due to the
speed of these types of transactions and the lack of
face-to-face contact that is required of many other
types of banking transactions.
Shell Companies
A shell company is a company that at the time
of incorporation has no significant assets or
operations. Shell companies are primarily designed
to hide the beneficial or true ownership of a
company. Frequently, they are “incorporated”
offshore in jurisdictions that have little to no
regulation – jurisdictions that simply make money
by providing certificates of incorporation for these
entities. Shell companies are typically created by
agents in the foreign jurisdiction for a small fee. In
addition, in order to further disguise the ownership
of the shell company, the shares are often in
nominee form and even officers and directors can
be “rented” – using people who have nothing to
do with the company.
Through the use of shell companies, the launderer
can anonymously funnel transactions into the
financial system, making it very hard for law
enforcement to detect the transactions and
prosecute the true owners of the companies.
In addition, the shell companies can serve
the purpose of projecting the perception of a
legitimate company which is transacting business
on a sound basis.
Trusts
Trusts are very useful, legal instruments. They can be
used in estate planning and for many other legitimate
purposes. However, they can also be used to hide
beneficial ownership. Further, unlike commercial
enterprises, expenditures do not have to be tied to
a profit-generating function. A disbursement can
be for most any purpose, so long as it is generally
authorized by the terms of the trust. Coupled
with the fact that trusts are private instruments,
it is difficult to determine during an investigation
whether a transaction is legitimate or who or what
might be behind the trust. This provides a number of
opportunities for surreptitious transactions that can
promote the goal of laundering money.
Bearer Instruments
Bearer instruments – including bearer shares in a
company – consist, by definition, of documents that
are owned and controlled by the “bearer.” There is
no registry of ownership; rather, ownership of the
instrument can simply be transferred by handing
the document to someone else. Due to this
transferability and lack of registration, launderers
can transfer the ownership of a check or other
financial instrument – and even the ownership of a
company – to anyone at a moment’s notice without
any record. The financial instrument or check can
theoretically be negotiated without identification;
legally, it just needs presentment.
All of this makes determining the true owner of
an instrument or a company near impossible and
facilitates the ability of the launderer to obfuscate
the true source of the funds or the true ownership
of a company.
Study Guide v1.0
11
Terrorist Financing
Terrorist financing is, very simply, the financing
or financial support of terrorist activity. Since
the tragic events of September 11, 2001, there
has been a much greater focus on terrorism and
terrorist financing than ever before. Without
financial support and the use of the financial
system, terrorist activity is hard to undertake.
Consequently, it becomes extremely important for
the financial sectors throughout the world to guard
against transactions that could serve to support
terrorist activity.
Differences and Similarities between
Terrorist Financing and Money Laundering
The first primary difference between terrorist
financing and money laundering is that the source
of funds for terrorist financing can be either legal
or illegal. Many terrorists fund their activity through
the proceeds of crime. However, a great deal of
terrorist financing also comes from legitimate
channels. In many cases, unsuspecting people
contribute to various charities not knowing that
the money is being funneled to support terrorism
rather than the stated humanitarian goals. On the
other hand, by definition, the funds involved in
money laundering are always illegal.
The second primary difference between terrorist
financing and money laundering is that the course
of events for the former is linear (rather than
circular as is the case for money laundering). The
funds for terrorism come from a legal or illegal
source, are laundered to disguise their origin and
connection with the terrorist activity and then are
used for the purpose of supporting the terrorist
activity. In the case of money laundering, the flow
of funds is circular – in that the funds come from an
illegal source and are laundered in such a way that
the funds are returned for the use of the launderer
(or the person the launderer may be working for).
Thus, in money laundering, the flow of funds forms
a circle, rather than a straight line.
12
Study Guide v1.0
The similarities, as alluded to, are that, with both
money laundering and terrorist financing, the funds
need to be laundered in order to separate and
disguise the source of the funds from the ultimate
use or purpose of the funds. The techniques for
laundering the funds in either situation are similar,
if not identical. The principal distinction is that
usually the sums of money involved in connection
with terrorist activity are smaller than those
involved in money laundering. It is evident that the
proceeds from drug trafficking and other crimes
can be extensive, while most terrorist activity does
not require the expenditure of significant amounts
of money.
Detecting Terrorist Financing
Due to the fact that terrorist activity usually does
not require much money, it is correspondingly
more difficult to detect and, thus, interdict. When a
financial institution receives hundreds of thousands
of dollars – if not millions – going through its
accounts, it is relatively easy to detect, monitor and
interdict. On the other hand, if there is only a few
thousand dollars, it is much harder to determine
that it is unusual or suspicious.
9/11 Case Study
In the case of the hijackers on September
11, 2001, it was later determined that their
accounts were opened with only $3,000 to
$5,000 and that their transactions were below
reporting requirements. Some potential red
flags, however, were that the hijackers often
used the same address and phone numbers
and the addresses were mail boxes which
were frequently changed. While there were
some international incoming wires and
immediate withdrawals, there was no overall
discernible pattern in the accounts.
Laws & Regulations
Combating money laundering and terrorist
financing has been a worldwide struggle for over
40 years. Most countries are involved in the effort
and actively coordinate and collaborate with one
another, along with a number of international
bodies. This section provides an overview of some
of this progress.
US Legislation
Starting in 1970, the United States passed a
series of laws, commonly referred to as the Bank
Secrecy Act, with additional laws and regulations
added in the 1980’s and 90’s. These laws, and
the implementing regulations, provide a broad
overview of what banks and most other financial
institutions must do to combating money
laundering and terrorist financing. The most recent
piece of legislation, in 2001, was the USA Patriot
Act which provides for a number of additional
requirements on the part of financial institutions.
USA Patriot Act
The USA Patriot Act was passed on October 26, 2001,
shortly after the tragic events of September 11, 2001.
The Act contained a number of important AML/CTF
provisions, some of which are detailed below:
Section 311
Section 311 of the Act enables the United States
– after a series of required internal Government
reviews and consultations – to designate a foreign
jurisdiction, bank, account or even transaction as
a “primary money laundering concern.” Once the
designation is made, there are various sanctions
– or special measures – that can be imposed,
which range from requiring the reporting of
certain information to prohibiting activity with the
entity or country. Use of § 311 sanctions has been
considered 21 times and actually used six times,
and, each time, it has required cessation of activity
with the entity or jurisdiction.
Section 312
Section 312 of the Act is a very complicated
provision which actually has two parts – one
directed toward foreign correspondent banking
accounts and a second directed at private banking
accounts for non-U.S. persons.
Regarding foreign correspondent banking,
the section requires U.S. banks to undertake
certain due diligence reviews before opening a
correspondent account for a foreign bank. If, as
the result of this review, it is determined that there
is an enhanced risk, the U.S. bank must undertake
additional due diligence steps, including enhanced
scrutiny of transactions, obtaining information
about the foreign bank’s AML program,
determining whether the account is being used
by yet other foreign banks and determining the
ownership of the foreign bank.
Regarding the private banking accounts for a nonU.S. person, the section requires the U.S. bank to
determine the beneficial owners of the account;
determine whether the owner is a “politically
exposed person”; ascertain the source of the funds;
determine the purpose of the account; and monitor
the account. If the institution determines that the
owner of the account is a PEP, the institution is
obligated to conduct enhanced scrutiny in order
to try to determine if the source of funds for the
account are derived from corruption.
The enhanced due diligence required for foreign
private banking accounts, and especially for foreign
PEPs, underscores the fact that this is a very riskladen area and banks need to be careful.
Section 313
Section 313 of the Act prohibits U.S. banks from
dealing with “shell” banks – that is any bank that
does not have a “physical presence” somewhere
and that is not duly licensed and supervised.
Section 314
Section 314(a) of the Act requires banks in the U.S.
Study Guide v1.0
13
to respond to requests from the U.S. Government
about the existence of any accounts or transactions
for certain named individuals. Section 314(b) of
the Act permits U.S. banks, on a voluntary basis, to
share anti-money laundering-related information
concerning accounts and transactions. This sharing
process, however, requires registration by both
institutions with the Financial Crimes Enforcement
Network (FinCEN) of the Department of Treasury.
Section 319
Section 319 of the Act does several things.
First, it permits the U.S. Government to seize
money laundering-related funds in a U.S.-based
correspondent account which are held by a foreign
bank. In other words, if illegal or laundered funds
are deposited into the foreign bank in a foreign
country, the U.S. can effectively reach those funds
by seizing a comparable amount of money in the
U.S.-based correspondent account that the foreign
bank maintains.
The account opening requirements of §326
obligate the institution to obtain the following
information:
• Name of the account holder;
• Date of birth of the account holder (if the
account holder is an individual);
• Address; and
• Federally issued identification number
(which is usually the person’s Social Security
Number or the company’s Employer
Identification Number (EIN)).
Second, §319 permits the U.S. banking agencies to
require a U.S. bank to produce certain information
about its AML program or an account at the bank –
including account opening documentation – within
five days.
The institution is then obligated to use
documentary or non-documentary means to verify
the collected information so that the institution has
a reasonable basis for believing that it knows the
true identity of the account holder.
Third, §319 permits the U.S. Government to
subpoena information about a foreign bank that
maintains a correspondent account in the U.S.
– even if the information is located overseas.
The penalty for non-compliance by the foreign
bank with such a subpoena is having its U.S.
correspondent account closed.
U.S. Banking Agencies
Fourth, §319 requires the foreign bank maintaining
a correspondent account in the U.S. to designate
an agent located in the United States who is able
to accept service of process on behalf of the
foreign bank.
Section 326
Section 326 of the Act is extremely important as it
sets out the minimum requirements a bank must
14
adhere to in opening a new account for a customer.
Prior to 9/11, the banking agencies tried to pass
a regulation that would have set forth similar
requirements, but it failed due to coordinated
opposition from the banking industry. After 9/11,
this provision passed relatively easily, with strong
industry support.
Study Guide v1.0
The United States has three nationwide banking
supervisory agencies at the federal, or national,
level. They are the Office of the Comptroller of the
Currency (OCC), which regulates national banks;
the Federal Deposit Insurance Corporation (FDIC),
which regulates some states banks; and the Federal
Reserve System, which regulates the state banks not
regulated by the FDIC. These agencies work together
and in conjunction with FinCEN to write AML/
CTF regulations and to ensure that the banks they
supervise adhere to all AML/CTF laws and regulations.
States also have banking agencies that may enforce
state chartered financial institutions’ compliance
with AML and other laws.
FinCEN
The Financial Crimes Enforcement Network,
also known by its acronym FinCEN, is primarily
responsible for the issuance of BSA and AML
regulations. It is a bureau within the U.S. Treasury
Department and works closely with the banking
agencies to ensure compliance with AML measures.
OFAC
The Office of Foreign Assets Control (OFAC) is
also part of Treasury and is responsible for the U.S.
sanctions regime that prohibits, for instance, trade
with Cuba and North Korea. OFAC, working closely
with the Department of Justice and the banking
agencies, has assessed extremely large fines for
violations of these rules.
HSBC Case Study
The case involving HSBC is an example of
what can happen when a bank allegedly
ignores prudent AML/CTF practices and
violates OFAC rules. In this particular case,
the bank allegedly:
• Rated the country of Mexico as lower
risk than was clearly the case;
• Failed to designate PEPs as high-risk;
• Failed to perform adequate due
diligence on affiliates and on foreign
correspondent banks;
• Failed to have adequate internal
controls;
• Failed to adequately monitor billions
of dollars worth of banknotes sent to
the U.S. from Mexico;
• Failed to adequately monitor billions
of dollars worth of wire transfers sent
between various countries;
• Failed to address adverse audit
findings concerning HSBC’s affiliate
in Mexico;
• Failed to have adequate staff to
monitor wire transfers, banknotes
and other transactions (at one
time, the bank had only one or two
employees monitoring 600 banknote
customers and had four employees
reviewing 13,000 to 15,000 alerts per
month); and
• Allowed drug traffickers to use
specially designed boxes to fit the
precise dimensions of the teller
windows so cash deposits in Mexico
could be made more easily.
With regard to OFAC issues, the bank
allegedly disguised the origin of wire
transfers, directing a bank in Iran to be
described as “one of our clients.” In addition,
there were allegedly instructions within the
bank not to mention Iran in wire transactions.
When the U.S. affiliate of HSBC directed this
activity to stop, other HSBC affiliates allegedly
ignored this directive because the business
was too lucrative. There were allegedly other
numerous violations of OFAC rules involving
such countries as Cuba, Libya, Sudan and
Myanmar (Burma).
As the result of this activity, the bank
was subjected to a Deferred Prosecution
Agreement, forfeited $1.256 billion to the
Department of Justice, and paid a civil money
penalty of $665 million to the Office of the
Comptroller of the Currency, the Federal
Reserve, FinCEN and the U.K.’s Financial
Services Authority.
In all, the forfeitures, fines and penalties
totaled a record $1.9 billion. This, of course,
more than wiped out any profits HSBC might
have made in connection with this various
Study Guide v1.0
15
activity. In addition, in 2011 the bank paid
approximately nine times more in anti-money
laundering compliance measures than it did
in 2009. It should be noted that since that
time, HSBC has aggressively changed and
improved their AML policies and procedures.
This is proof that institutions are best advised
to spend the money on compliance up front to
avoid the adverse publicity, fines and penalties
that can result.
The Financial Action Task Force
The Financial Action Task Force (FATF) is an
international organization that was created in 1989
and is headquartered in Paris. It comprises 34
jurisdictions and two regional organizations. It also
has eight FATF-Style Regional Bodies (FSRBs) that
support and supplement the work of FATF. These
eight bodies are as follows:
• Asia/Pacific Group on Money Laundering
(APG);
• Caribbean Financial Action Task Force
(CFATF);
• Eurasian Group (EAG);
• Eastern and Southern Africa Anti-Money
Laundering Group (ESAAMLG);
• Financial Action Task Force on Money
Laundering in South America (Grupo
de Acción Financiera de Sudamérica)
(GAFISUD);
• Inter-Governmental Action Group against
Money Laundering in West Africa (Groupe
Intergouvernemental d’Action contre
le Blanchiment d’Argent en Afrique de
l’Quest) (GIABA);
• Middle East and North Africa Financial
Action Task Force (MENAFATF); and
16
Study Guide v1.0
• Council of Europe Committee of Experts on
the Evaluation of Anti-Money Laundering
Measures and the Financing of Terrorism
(MONEYVAL).
(These organizations are described in detail in the
ACAMS Study Guide for the CAMS Certification
Examination, Fifth Edition and of course on the
FATF website.)
The primary work of FATF has been to establish
international standards for fighting money
laundering and terrorist financing. As set forth on
FATF’s website:
The objectives of the FATF are to
set standards and promote effective
implementation of legal, regulatory and
operational measures for combating
money laundering, terrorist financing and
other related threats to the integrity of
the international financial system. Starting
with its own members, the FATF monitors
countries’ progress in implementing the
FATF Recommendations; reviews money
laundering and terrorist financing techniques
and counter-measures; and promotes the
adoption and implementation of the FATF
Recommendations globally.
In 1990, FATF first issued its set of 40
Recommendations that became the international
standard for AML efforts throughout the world.
After the events of September 11, 2001, FATF
issued nine Special Recommendations dealing
with terrorist financing. In 2012, FATF revised
the 40+9 Recommendations by reducing them
back down to 40 and incorporating the counterterrorist financing measures in with the anti-money
laundering provisions.
These recommendations establish standards for
countries to follow throughout the world. FATF,
with the assistance of the IMF and the World Bank,
conducts periodic reviews of its member countries
to determine how well the country is adhering to
the FATF recommendations. It should be noted
that all members must decide whether to amend
their laws or regulations to coincide with FATF
recommendations—there is not an immediate
requirement for member countries upon release of
FATF recommendations.
Some of the more important provisions in the 40
Recommendations include measures for:
• Criminalizing money laundering and the
financing of terrorism;
• Providing laws for the confiscation of funds
related to money laundering and terrorist
financing;
European Legislation
The European Union (EU) has been integrally
involved in the fight against money laundering and
terrorist financing. Its first foray into the area was in
1991, when it issued what is known as the First EU
Directive.
First EU Directive
The First EU Directive was limited to drug
trafficking and called for the identification of
customers, appropriate recordkeeping, training
and the reporting of money laundering.
• Requiring customer due diligence;
One of the more important aspects of the Directive
was not its scope, but the fact that it required the
EU community to pass legislation to implement the
Directive. So, unlike the recommendations issued
by FATF, the First EU Directive (and the subsequent
Directives) had, in effect, the force of law.
• Requiring adequate recordkeeping;
Second EU Directive
• Requiring suspicious activity reporting;
The Second EU Directive was issued in 2001, and
addressed a much broader spectrum of crimes
and entities. Specifically, it expanded the scope
of the First EU Directive to include not just drug
trafficking, but also the activities of organized
crime; all serious fraud; corruption; and crimes
punishable by a severe sentence of imprisonment.
In addition, the Second EU Directive covered a
wider array of entities, including:
• Ensuring that financial secrecy does not
inhibit implementing AML/CTF measures;
• Prohibiting money launderers and other
criminals from maintaining positions of
ownership or control in financial institutions;
• Establishing Financial Intelligence Units
(FIUs);
• Fostering international cooperation and
exchange of information;
• Ratifying anti-money laundering and antiterrorist financing treaties;
• Prohibiting accounts for shell banks;
• Requiring enhanced due diligence
regarding Politically Exposed Persons
(PEPs); and
• Detecting and monitoring cross-border
currency transactions.
• Currency exchange offices and money
transmission/remittance offices (now
commonly referred to as money services
businesses);
• Auditors, accountants and tax advisors;
• Real estate agents;
• Notaries and legal professionals when
assisting clients (or acting on behalf
of clients) in real estate or financial
transactions;
Study Guide v1.0
17
• Dealers in high-value goods; and
• Casinos.
The Second EU Directive called for the
identification of customers; cooperation with law
enforcement authorities; filing of reports on money
laundering; and furnishing of documents and
necessary information to the proper authorities.
In connection with this reporting requirement,
the Second EU Directive provided a safe harbor
for institutions that reported instances of money
laundering in good faith.
Third EU Directive
The Third EU Directive was issued in 2005, and
was the most expansive of the three EU Directives.
Most importantly, this Third EU Directive defined
money laundering and terrorist financing as
separate crimes and addressed the latter for the
first time. It provided more specific Customer
Identification requirements and extended the
coverage of the Directive to:
• Life insurance intermediaries;
• Trust company service providers; and
• Dealers in high-value goods greater than
15,000 Euros.
The Third EU Directive also addressed beneficial
owners; large cash transactions; PEPs; the
establishments of Financial Intelligence Units; the
prohibition of shell banks and anonymous accounts;
and the need for a risk-based approach.
Council of Europe
The Council of Europe, which, along with the
EU Parliament, issued the three EU Directives
discussed above, has also issued the following
Guidelines and Convention.
Guidelines of the Committee of Ministers of
the Council of Europe on human rights and
the fight against terrorism
18
Study Guide v1.0
These Guidelines were issued in 2002 and set forth
the following principles:
• The proposition “that terrorism seriously
jeopardises human rights”;
• The “need for States to do everything
possible, and notably to cooperate so that
the suspected perpetrators, organisers and
sponsors of terrorist acts are brought to
justice”; and
• The need for “reaffirming States’ obligation
to respect, in their fight against terrorism,
the international instruments for the
protection of human rights.”
Among its specifics, the Guidelines set forth
countries’ obligations to protect people against
terrorism and noted that, while extradition is an
essential part of effective international cooperation
in the fight against terrorism, extradition should
not be allowed if the person faces punishment
by death.
Convention on Laundering, Search, Seizure
and Confiscation of the Proceeds from Crime
In 1990, the Council of Europe issued this
Convention, which is also known as the
“Strasbourg Convention,” due to the fact that
it was signed there.
The preamble of the Convention noted that the
aim of the Council was to “achieve a greater
unity between its members”; that there was a
need to pursue a common policy against crime;
that serious crime was becoming an increasingly
international problem; and that, for the attainment
of the Council’s goals, there needs to be the
establishment of “a well-functioning system of
international co-operation.”
The body of the document called for parties to the
Convention to:
• Have effective confiscation measures;
• Have effective investigative measures;
• Have laws making money laundering a
crime; and
• Provide international cooperation “to
the widest extent possible,” including
investigative assistance.
In 2005, the Council modified the Convention,
expanding its scope to encompass the financing
of terrorism and changing the name of the
Convention to “Council of Europe Convention on
Laundering, Search, Seizure and Confiscation of
the Proceeds from Crime and on the Financing of
Terrorism.”
In the body of the 2005 Convention, the Council
specifically stressed the need to adopt legislation
to focus on the financing of terrorism and to ensure
that States are able to “search, trace, identify,
freeze, seize and confiscate property . . . used
or allocated to be used . . . for the financing of
terrorism, or the proceeds of this offence, and to
provide co-operation to this end to the widest
possible extent.”
United Nations, International
Monetary Fund, and World Bank
United Nations
The United Nations (UN) has issued a number
of documents pertaining to the fight against
money laundering and terrorist financing.
Specifically, it issued two conventions, known
as the Vienna Convention and the Palermo
Convention, again named by virtue of where
they were originally signed.
The Vienna Convention was issued in 1984 and
is officially known as the “Convention against
Illicit Traffic in Narcotic Drugs and Psychotropic
Substances.” This treaty recognized the links
between drug trafficking and related organized
criminal activities and calls for the signatory
parties to establish drug trafficking as a criminal
offense, including the conversion of drug trafficking
proceeds into other property. One shortcoming,
however, with the treaty is that it was restricted
to drug trafficking and did not sufficiently address
other sources of money laundering.
The Palermo Convention was issued in 2000 and is
formally known as the United Nations’ “Convention
Against Transnational Organized Crime.” It was
focused on organized crime and is designed “to
promote cooperation to prevent and combat
transnational organized crime more effectively.”
The treaty also called for measures to detect and
monitor the movement of cash and negotiable
instruments across borders and to promote
“global, regional, sub regional, and bilateral
cooperation among judicial, law enforcement and
financial regulatory authorities in order to combat
money-laundering.”
Similar to the Vienna Convention, but on a much
broader basis, the Palermo Convention called for
the identification, tracing, freezing, seizure and
eventual confiscation of the proceeds of crimes
referred to by the Convention.
The Convention closed with a recommendation for
the further prevention of the spread of organized
crime by stating that parties should “establish and
promote best practices and policies aimed at the
prevention of transactional organized crime” and
by “strengthening of cooperation between law
enforcement agencies or prosecutors and relevant
private entities, including industry.”
International Monetary Fund and World Bank
The International Monetary Fund’s (IMF’s)
primary purpose is to ensure the stability of the
international monetary system—the system of
Study Guide v1.0
19
exchange rates and international payments that
enables countries (and their citizens) to transact
with each other.
The World Bank (WB) is a vital source of financial
and technical assistance to developing countries
around the world. They are not a bank in the
ordinary sense but a unique partnership to reduce
poverty and support development. The World Bank
Group comprises five institutions managed by their
member countries.
The International Monetary Fund and the World
Bank have actively supported the fight against
money laundering and terrorist financing. Since
2001, the two institutions have required countries
that receive aid or assistance from these two
organizations to implement effective anti-money
laundering programs.
On April 26, 2001, IMF and World Bank issued
a joint paper entitled “Enhancing Contributions
to Combating Money Laundering,” in which they
detailed steps that should be taken to strengthen
the global fight against money laundering. In this
paper, the two organizations recommended five
specific steps:
• Publicizing the need to put in place the
necessary economic, financial and legal
systems designed to protect against money
laundering;
• Recognizing the FATF 40 as the standard for
AML that is applicable to IMF’s and World
Bank’s operational work;
• Intensifying the focus on AML issues when
performing financial sector assessments;
• Working more closely with the major
international AML groups; and
• Increasing the provision of technical
assistance by IMF and World Bank in the
area of AML.
20
Study Guide v1.0
In 2002, IMF and World Bank developed a
“Reference Guide to Anti-Money Laundering
and Combating the Financing of Terrorism” in
an effort to provide practical steps for countries
implementing AML/CTF programs in accordance
with international standards.
Wolfsberg Group
The Wolfsberg Group was created in 2000 when a
group of large, global banks met at the Wolfsberg
Castle in Switzerland to draft AML guidelines for
private banking. There are currently 11 banks that
make up the membership of the Wolfsberg Group.
Over the years, the Wolfsberg Group has issued
approximately 15 papers on money laundering.
Here is a very short synopsis of four of them.
Private Banking
The first publication the Wolfsberg Group issued
was in 2000, and was entitled “Global Anti-Money
Laundering Guidelines for Private Banking.” It was
revised in 2002, and was renamed “Wolfsberg AML
Principles on Private Banking.” Among the items
suggested by this issuance are:
• reasonable steps to establish the identity of
clients and beneficial owners;
• Establishing the purpose of the private
banking account and its anticipated account
activity; and
• Determining the source of wealth, the
source of funds and the net worth of the
customer.
One of the specific 2002 amendments was to
address the prohibition of the use of concentration
accounts (or internal bank accounts) for the benefit
of individual clients. This was one of the issues
cited above in the Citibank case study
(See page 8).
Correspondent Banking
In 2002, the Wolfsberg Group issued the
“Wolfsberg Anti-Money Laundering Principles
for Correspondent Banking.” As part of this
issuance, the Wolfsberg Group recommended,
among other things, that there be a risk-based due
diligence approach to establishing and maintaining
correspondent banking relationships.
Monitoring
In 2003, the Wolfsberg Group issued a paper
entitled the “Wolfsberg Statement on Monitoring
Screening and Searching.” In the paper, the Group
discussed the need for monitoring transactions and
customers to identify unusual or suspicious activity
and to report them to the appropriate authorities.
Managing Money Laundering Risks
In 2006, the Wolfsberg Group issued a Statement
entitled “Guidance on a Risk Based Approach for
Managing Money Laundering Risks.” In this paper,
the Wolfsberg Group addressed the need for a
“reasonably designed risk based approach [that]
will provide a framework for identifying the degree
of potential money laundering risks associated
with customers and transactions and allow for
an institution to focus on those customers and
transactions that potentially pose the greatest risk
of money laundering.”
Basel Committee
The Basel Committee on Bank Supervision seeks
to achieve its aims by setting minimum supervisory
standards; by improving the effectiveness of
techniques for supervising international banking
business; and by exchanging information on
national supervisory arrangements. And, to engage
with the challenges presented by diversified
financial conglomerates, the Committee also works
with other standard-setting bodies, including those
of the securities and insurance industries.
The Committee’s decisions have no legal force.
Rather, the Committee formulates supervisory
standards and guidelines and recommends
statements of best practice in the expectation
that individual national authorities will implement
them. In this way, the Committee encourages
convergence towards common standards and
monitors their implementation, but without
attempting detailed harmonization of member
countries’ supervisory approaches.
The Basel Committee on Bank Supervision was created in
1974 by the central bank governors of the G-10 countries.
Over the course of the years, the Basel Committee has
issued a number of AML-oriented papers.
The Prevention of Criminal Use of the
Banking System for the Purpose of Money
Laundering
In 1988, the Basel Committee issued a paper titled
“The Prevention of Criminal Use of the Banking
System for the Purpose of Money Laundering.” The
paper was designed to focus on the fact that banks
need to look not just at safety and soundness
issues, but also to concentrate on the risks of
money laundering and the need to be alert to the
importance of combating money laundering.
The Committee attached a Statement of Principles
to the paper which encourages bank management
to ensure:
• That all persons conducting business with
the bank are properly identified;
• That transactions that do not appear
legitimate are discouraged; and
• That cooperation with law enforcement
agencies is achieved.
The Statement of Principles was designed to be
general in nature and to ensure that the business
of all banks is “conducted in conformity with high
ethical standards and that laws and regulations
pertaining to financial transactions are adhered to.”
Study Guide v1.0
21
Core Principles of Effective Banking
Supervision
In 1997, the Basel Committee issued a paper called
“Core Principles of Effective Banking Supervision.”
The paper focused on prudential issues in general,
but also addressed the issue of money laundering.
For instance, it discussed at length the
importance of having “know your customer” rules.
In addition, the paper called on bank supervisors
to ensure that banks report suspicious activity,
engage in enhanced due diligence with regard to
correspondent bank accounts and have sufficient
controls and systems for preventing the bank from
being abused, including by money launderers.
Customer Due Diligence for Banks Paper
In 2001, the Basel Committee issued its paper
entitled “Customer Due Diligence (CDD) for
Banks.” In issuing this paper, the Committee
noted that:
Supervisors around the world are increasingly
recognizing the importance of ensuring
that their banks have adequate controls
and procedures in place so that they know
the customers with whom they are dealing.
. . [However,] [i]n reviewing the findings of
an internal survey of cross-border banking
in 1999, the Basel Committee identified
deficiencies in a large number of countries’
know-your-customer (KYC) policies for banks.
Judged from a supervisory perspective, KYC
policies in some countries have significant
gaps and in others they are non-existent.
The resulting CDD paper noted that:
The Basel Committee’s approach to KYC is
from a wider prudential, not just [an] antimoney laundering perspective. Sound KYC
procedures must be seen as a critical element
in the effective management of banking risks.
KYC safeguards go beyond simple account
opening and record-keeping and require
22
Study Guide v1.0
banks to formulate a customer acceptance
policy and a tiered customer identification
program that involves more extensive due
diligence for higher risk accounts.
In its paper, the Committee set forth the following
four “Essential elements of KYC standards”:
• Customer acceptance policy;
• Customer identification;
• On-going monitoring of high-risk accounts;
and
• Risk management.
In closing, the CDD paper noted that:
Supervisors around the world should seek,
to the best of their efforts, to develop and
implement their national KYC standards fully in
line with international standards so as to avoid
potential regulatory arbitrage and safeguard
the integrity of domestic and international
banking systems.
General Guide to Account Opening and
Customer Identification
As an attachment to the CDD paper, the Basel
Committee issued a paper entitled the “General
Guide to Account Opening and Customer
Identification.” In this paper, the Committee set
forth a series of guidelines with regard to account
opening and customer identification procedures.
Egmont Group
The Egmont Group is an international group
created to enhance mutual cooperation among
countries and to share information concerning
detecting and combating money laundering
and terrorist financing. It was created in June,
1995, when a group of government agencies and
international organizations gathered at the EgmontArenberg Palace in Brussels to discuss ways to fight
the global problem of money laundering.
The Group came up with the idea of creating
“Financial Intelligence Units” (FIUs) in each country
to receive financial disclosures and to share
financial information across borders. The Egmont
definition of an FIU, issued in 1996 and amended in
2004, is as follows:
A central, national agency responsible for
receiving (and, as permitted, requesting)
analyzing and disseminating to the competent
authorities, disclosures of financial information:
(i) concerning suspected proceeds of crime
and potential financing of terrorism, or
(ii) required by national legislation or
regulation,
in order to combat money laundering and
terrorist financing.
In 2001, the Egmont Group issued a document
entitled “Principles for Information Exchange
Between Financial Intelligence Units for Money
Laundering and Terrorism Financing Cases,” which
sets out guidelines for sharing information among
FIUs. In 2004, the group issued “Best Practices for
the Exchange of Information Between Financial
Intelligence Units.”
As of year-end, 2013, the Egmont Group had 139
members and represents an “international network
designed to improve interaction among FIUs in the
areas of communications, information sharing and
training coordination.”
Protection
An essential part of fighting money laundering and
terrorist financing is for financial institutions to have
strong, comprehensive AML/CTF programs.
These programs should be designed on a riskbasis; it should be understood that no program
can identify and interdict all instances of money
laundering and terrorist financing. What is
expected is that the programs be carefully
thought-out, applicable to the institution’s
situation and effective in identifying most
suspicious or unusual activity.
Risk Assessment
A risk assessment is the process of evaluating the
potential risks involved in a projected undertaking.
Prior to creating and implementing an effective
AML/CTF program a financial institution must
perform a comprehensive risk assessment. The
risk assessment should be designed to determine
how the institution operates and what its risks
are. A good risk assessment should look at issues
pertaining to the institution’s geography, clients,
and products.
Geography
This is perhaps the most obvious part of a
comprehensive risk assessment. Specifically, with
regard to this issue, a financial institution should
examine all geographic areas in which it has an
office or in which it does business. In addition, the
institution should analyze all of the geographic
areas where its major clients are located and where
they are doing business. This is necessary because,
even if an institution is strictly a domestic entity,
if it is catering to offshore clients that are doing
business in high-risk jurisdictions, the financial
institution needs to know that and needs to take
this fact into consideration when determining the
institution’s own AML/CTF risk.
Study Guide v1.0
23
The idea behind a geographic risk assessment is
to determine what the institution’s AML/CTF risk
is from a geographic perspective. If, for instance,
the institution is a small, domestic entity that does
not do business outside of a 10-20 mile radius
and deals only with similarly situated customers,
the AML/CTF risk is going to be very low. If,
on the other hand, the financial institution is a
large, international organization with offices and
customers throughout the world, its AML/CTF risk
profile is going to be very different.
In order to determine its geographic risk, an
institution should carefully list all of the cities and
countries where it is located and where it conducts
business. The institution should also determine
where its major clients are located and where they
do business. Then, the institution should analyze
the inherent risk posed by these locations.
Obviously, this is not always an easy assignment.
However, in order to conduct the risk assessment,
the institution should analyze available public
reports that address the AML/CTF risk of each
location. Such reports should include, for instance,
issuances from the U.S. State Department – such
as its annual International Narcotics Control
Strategy Report (INCSR), and the report from the
organization Transparency International, which,
among other things, rates the level of corruption in
countries across the globe in its annual “Corruption
Perceptions Index.” Also, OFAC, the UN, the
United Kingdom’s Financial Services Authority,
the European Union and other entities issue lists
pertaining to the risk posed by various countries.
In addition, the financial institution should seriously
consider consulting people in the particular
country at issue, especially if the institution does
significant business there. There is no substitute for
people “on the ground” who are familiar with the
institution and with its type of business, as well as
the AML/CTF reputation and regulatory regime of
the particular country.
24
Study Guide v1.0
Once the AML/CTF risk posed by a country is
determined, a risk rating should be assigned to
it. If the risk posed by the country is too great,
the institution should seriously consider not doing
business with or in that country.
After each country is given a risk rating, the
institution should arrive at a composite overall
rating pertaining to its geographic risk.
Customers
Financial institutions should perform the same
analysis on its customers. The various factors an
institution should consider are the number of
customers it serves, how large they are, what kind
of business they engage in, where they are located,
where they do business, and who their major
customers are. The permutations are, perhaps,
endless, but – as noted above – this analysis
should be done on a risk basis. In other words, the
institution should concentrate the customers that
pose the greatest risk due to the size and nature of
their business and their location.
Obviously, high-risk customers, such as politically
exposed persons, money services businesses,
casinos, offshore companies, etc., should get the
most attention. Other such high-risk customers
include:
• Car and boat dealerships;
• Travel agencies;
• Brokers and dealers in securities;
• Jewel and precious metal dealers;
• Import/export companies;
• Cash intensive businesses; and
• Internet-based companies.
The institution is ultimately responsible for coming
up with an appropriate list of high-risk entities.
If the risk posed by any of these customers is too
great for the institution to manage – due to the
institution’s lack of size, lack of expertise, lack of
staffing, and so on – the institution should strongly
consider not doing business with those customers.
As with the geographic risk component, the
institution should risk rate its customers after
completing its analysis of them. Then, the
institution should arrive at an overall risk rating for
its customers on an aggregate basis.
Products
As with geographic locations and customers, a
financial institution should make a comprehensive
list of all of its products and analyze them to
determine the level of AML/CTF risk they pose.
Obviously, some products and services are going to
represent a higher risk than others. Some examples
of high-risk products and services include:
• Foreign correspondent banking;
• Private banking;
• Money orders;
• Stored-value cards
• Traveler’s checks;
• Other cash-oriented products;
• Internet banking;
• Wire transfers;
• Trade financing; and
• Payable through accounts.
Some questions that an institution should ask
itself in analyzing its products is whether the
products facilitate the international transfer of
funds; enable a customer to convert cash to other
forms of funds; allow for high speed or anonymous
transfers of funds; involve third parties who are not
customers of the bank; are unusually complex; or
are difficult to monitor. The overriding question
an institution should ask, though, is how and to
what extent can the product be used to facilitate
money laundering or terrorist financing and is the
institution capable of mitigating that risk through
policies, procedures, controls, staff reviews, etc.?
If the resulting risk is still too high, then, again, the
financial institution should consider not offering
that product or service.
Once the analysis of products and services is
complete, the financial institution should risk-rate
them and determine not only the risk posed by
the individual products and services, but what is
the aggregate risk for all of the products, when
considered on a collective basis.
Overall Risk Assessment
The next step in performing the risk assessment
is to come up with a combined overall risk
assessment rating representing the confluence
of all three areas; and the institution must then
determine whether it can handle that level of
risk. Does it have the staffing, the expertise,
the software, the knowledge of each area, the
training, and the review capability to identify the
actual suspicious activity that might arise in the
various high-risk areas and to mitigate or interdict
that risk? If not, the institution needs to make
serious changes to its operations, if not to its AML/
CTF program.
In addition to all the foregoing, a financial
institution should update its overall risk assessment
whenever there is a significant change – a new
office; a new country served; a new customer; and,
especially, a new product. In fact, with regard to
these developments, the analysis should be done
before the significant change is adopted and
implemented. Further, the institution should revisit, review and update its overall risk assessment
on at least an annual basis.
Study Guide v1.0
25
AML Programs
Once the risk assessment is completed, the
financial institution can put together its AML
program designed to mitigate and control the
identified risks, especially the high-level risks. It
should be comprehensive, but risk-based and
capable of being implemented and sustained. In
addition, like the risk assessments, it should be
reviewed and updated on at least an annual basis.
Pursuant to BSA regulations in the United States,
most financial institutions are required to have an
AML program designed to cover, at a minimum,
four areas: internal controls; designation of an
AML compliance officer; training; and audit. These
requirements constitute an apt standard for all
financial institutions to follow. In the United States,
Board of Directors approve the program—an
approach that other jurisdictions may wish
to follow.
Internal Controls
The internal controls should set forth what the staff
of the bank should do in avoiding issues related
to money laundering and terrorist financing – such
as not dealing with certain jurisdictions or types of
clients. They should also set forth what procedures
and precautions the staff should take when dealing
with various customers and geographies.
For instance, the internal controls should set forth
exactly what steps should be taken in opening
an account and determining the identity of a
customer. As set forth above, the USA Patriot
Act requires financial institutions to take certain
measures in reaching a good faith belief that it
knows the real identity of its customers.
These controls should be implemented carefully
and periodic reviews should take place to ensure
that the staff of the financial institution is following
them and that they are effective. This latter
aspect is, in effect, a monitoring component
that is extremely important. Not only should
the procedures and the staff be reviewed and
26
Study Guide v1.0
monitored for compliance and effectiveness, the
on-going transactions conducted in the institution
– the accounts and activity within the accounts
– should be monitored on a constant, riskoriented basis. In that way, the institution should
be able to identify unusual or suspicious activity
that may be indicative of money laundering or
terrorist financing and, at a minimum, reviewed or
investigated for potential reporting or interdiction.
In this regard, the procedures should set forth the
steps the institution should take in addressing a
potentially suspicious or unusual activity
or transaction.
Many institutions have sophisticated software
programs to assist them in conducting this type
of monitoring. Of course, any such software, no
matter how good, needs to be tuned to fit the
situation and needs of the institution. In addition,
it should be kept in mind that the continuous
hands-on review by the staff of potential money
laundering and terrorist financing activity is
also essential.
The overall AML policy of an institution can be
relatively short and should set forth the aspiration
and goal of the institution of complying with
sound, risk-based AML standards. It should
typically emanate from the Board of Directors of
the institution – so that the staff of the institution
will recognize that it is important and must be
followed. In this sense, the “tone from the top” is
an extremely important concept that the institution
should take to heart and should implement.
The AML procedures are the practical and day-today implementation of the overarching policy. The
procedures should be designed to explain to the
staff of the institution how to deal with the specific
issues that the institution is apt to be confronted
with in combating the risk of money laundering and
terrorist financing.
Specifically, the procedures should at least cover
the following matters:
• Establishment of staffing responsibilities
and accountabilities;
• Supervision of staff;
• Training of relevant staff;
• Requiring adherence to compliance ethics,
including, for instance, incorporating them
into annual job reviews; and
• Screening of applicants for staff positions.
• Ensuring monitoring of regulatory changes;
• Ensuring adequate monitoring of accounts
and transactions;
• Implementation of sound customer due
diligence procedures;
• Implementation of procedures for handling
high-risk accounts or transactions, including
the requirement of dual approval;
• Providing for proper reporting channels;
• Establishment of approval requirements;
The procedures should be drafted – or at least
approved – by senior management of the
institution to ensure that they are sound and
comprehensive and strike the correct risk-based
approach for the institution, given its size, location
and nature of business.
As with everything else, the institution’s internal
controls – its policies and procedures – should
be reviewed and updated on an annual basis at
a minimum, to ensure that they are adequate,
comprehensive and meet with applicable domestic
and international AML standards.
Designation of an AML Compliance Officer
The designation of an AML compliance officer is
the second pillar of an adequate AML compliance
program. Doing so sounds simpler than it is. The
person selected needs to be well-trained and
experienced in the area of AML and CTF. He or she
cannot be selected simply to fill the slot. In fact,
the AML compliance officer is a very important
position and he or she needs to be independent
of the business side of the institution and able to
communicate directly to the Board of Directors of
the institution, or one of its committees.
The designated officer needs to be in charge
of the institution’s day-to-day compliance with
AML matters. He or she needs to ensure that the
institution’s AML policies, procedures and internal
controls are up to date, are functioning and are
being adhered to. The officer also needs to ensure
that on-going AML training is conducted and that
there are adequate reviews or audits of the AML
function of the institution.
With regard to overseeing the day-to-day
compliance of AML, the compliance officer may
need a staff of experienced officers. This, of
course, is especially true in a large institution with
a number of departments, offices and customers.
As noted, the AML staff has to be experienced
and trained. In a large institution, they need
to be dedicated full time to AML. They can be
embedded in particular departments or offices,
but they should be answerable to the AML
compliance officer.
Part of the responsibility of the AML staff is to
investigate or follow up on potential unusual or
suspicious activity that they are alerted to by the
employees or reporting systems of the institution.
This requires training on the part of the AML staff
so they can competently investigate these issues;
know what questions to ask; realize how to ask
these questions of the institution’s staff and its
customers (who may be involved in wrong-doing);
understand what documents to request; know when
to escalate an issue; be able to determine when
to file a suspicious activity report; and understand
when to close an account or prohibit a transaction.
Study Guide v1.0
27
Training
Training is the third pillar of an adequate AML
compliance program. The key element of training
is that almost everyone in an institution needs
to be given AML training to some degree. The
line staff needs to understand the AML internal
controls, policies and procedures of the institution,
how to deal with customers and how to identify
their suspicious activity and transactions. However,
it is equally important to train employees in the
back office, who have the responsibility to review
transactions after the fact. They, too, need to be able
to identify unusual or suspicious activity that might be
indicative of money laundering or terrorist financing.
The Board of Directors of an institution should
typically receive abbreviated, but tailored,
instruction. Since they are ultimately responsible
for AML compliance, they need to be aware of
the issues, the risks and what steps the institution
is taking to combat money laundering and
terrorist financing. Senior management should
also probably get tailored instruction, but more
comprehensive training in light of the fact that
they are more directly overseeing and directing the
institution’s AML program. Both groups need this
background also in order to be able to establish
the proper “tone from the top” in promulgating
the overall AML policy for the institution.
Training can include in-class training, on-line
modules, emails, newsletters, meetings and
anything else that disseminates the necessary
information. If there is a particularly urgent
matter – a case, a transaction, a new regulation
– that has come to light – a staff-wide alert may
be appropriate, followed up with more detailed
information and instruction.
The training should include procedures on to how
to identify unusual or suspicious activity; abnormal
conduct by a customer; red flags of potential
money laundering or terrorist financing; what steps
to take when confronted with such red flags; and
how to escalate matters.
28
Study Guide v1.0
When dealing with particular units or departments
of an institution – like credit or trust – the training
needs to be specially focused on those areas;
how they are vulnerable to money laundering and
terrorist financing; and what the staff needs to
know and how they should react when confronted
with such matters.
The training must also take into account the
geographic location of a particular unit and the
type and nature of their clientele. A private banking
section, for instance, will require particular focus
on the risk of dealing with large amounts of money,
influential clients and politically exposed persons.
Even the audit and compliance staff needs ongoing training – actually, more in-depth training
than others – to ensure that they are up to date
on all laws and regulations; international best
practices; newly discovered techniques or trends of
money laundering and terrorist financing; the most
recent regulatory cases; etc.
Of course, new hires need to receive some
preliminary training before they start to work
and before they can attend a regularly scheduled
training designed for their particular position in
the institution.
Training should be required on an on-going, periodic
basis and failure to take appropriate training should
be the basis for reprimands or remedial actions. No
employee should be allowed to continue to work
at the institution without having received current,
applicable AML training. Maintaining good records
of all training provided is an important part of a best
practice training program.
Audit
The fourth pillar of an adequate AML program is
the audit or testing function.
The audit of an AML program requires specialized
skills – the person or group performing the function
must be trained in auditing and must be very
familiar with AML issues as well.
The audit needs to review the adequacy and the
implementation of the institution’s AML policies,
procedures and internal controls. If there are
problems or deficiencies, the audit group needs
to be able to identify them and the compliance
group needs to be able to remedy the issues. The
audit function, of course, must be independent
and cannot be performed by staff assigned to
the compliance area of the institution. The audit
function should report directly to the Board of
Directors or the audit committee of the Board.
In addition to what is mentioned above, some of
the areas the audit staff should address include
the following:
• The adequacy of the risk assessment;
• The adequacy of the institution’s Customer
Due Diligence procedures;
• Staff compliance with the institution’s AML
policies and procedures;
• Testing of high-risk areas – products, clients
and geographies;
• Compliance with laws and regulations;
• The ability of staff to identify and handle
unusual activity;
• The adequacy of the institution’s monitoring
systems;
• Review of the institution’s SAR/STR filing
process, including the Suspicious Activity
Reports the institution has filed and the
reasons for the institution not having filed
a Suspicious Activity Report in particular
cases;
• The adequacy of AML recordkeeping
procedures;
• The adequacy of Board and senior
management oversight of AML;
• The sufficiency of training; and
• The adequacy of the AML staff
Tone at the Top and the Compliance Culture
Perhaps the most important component of an
institution’s AML compliance program is the “tone
at the top.” This means the degree to which
senior management and the Board of Directors of
the institution are engaged in the process and are
visibly committed to the compliance effort. If the
overall AML policy is issued and is reiterated by the
Board of Directors on a periodic basis, that sends
a message to the staff. The opposite does as well.
It is difficult to fool the staff of an institution – they
will know immediately whether or not the senior
management and the board are really serious
about compliance.
Consequently, the “tone at the top” and the
compliance culture is paramount and cannot be
faked. One way to ensure a proper compliance
culture is not only through statements, issuances
and emails from the Board and the senior staff
emphasizing its importance, but also an evaluation
process which sets forth compliance issues as a
rating component for raises and bonuses.
It is understood that the compliance section of an
institution is not a profit-generating area. However,
if there is a serious shortcoming in this area, the
institution can pay dearly through fines, adverse
publicity and resulting loss of business. No one
wants to deal with an institution that facilitated
money laundering for a foreign dictator known for
human rights violations. That, in essence, caused
the downfall of Riggs Bank, which was once a
prominent and well-regarded banking institution.
In addition, it should be noted that, if there is a
case of serious non-compliance, the institution
will have to pay money – and probably a lot more
than it would have had to pay to begin with – to
remediate its compliance program under agency
or court supervision, and on an urgent basis. So,
ultimately, no money is saved; just the contrary.
Study Guide v1.0
29
While it costs time, money and effort to establish
and maintain a good and comprehensive
compliance and AML program, it is good to have
spent this time and effort up front and to avoid
the negative results that can follow. It should be
noted in this regard that the compliance program
of an institution does not have to be perfect; the
institution is not expected to be able to identify
and interdict all possible instances of money
laundering or terrorist financing. What is expected
is that the institution’s AML program be reasonable
given its size, sophistication, location, clientele and
overall risk. Ultimately, that is not an extremely high
bar, but yet many institutions fail to strive for it or
achieve it. This failure is typically due to a lack of
proper tone at the top and a lack of an adequate
compliance culture. If employees are led to believe
that AML is not important, then they will act
accordingly and the bank will ultimately pay
the price.
Reporting Requirements
The United States, as well as most countries, has
various AML-related reporting requirements. For
instance, there is typically a large cash reporting
requirement, known in the U.S. as the Currency
Transaction Report (CTR). A CTR is required to be
filed whenever there is a transaction in currency
(cash) in excess of $10,000. This requirement, of
course, is designed to track – and deter – the use
of large amounts of cash which are sometimes
indicative of money laundering. Keep in mind,
however, that there are many methods of money
laundering that do not involve the use of cash.
Cross border transportation of cash usually
triggers another currency reporting requirement.
In the United States, the report is known as a
Report of Transportation of Currency or Monetary
Instruments, also referred to as a CMIR. The
requirement to file a CMIR is triggered whenever
someone seeks to transport currency or other
monetary instruments into or out of the U.S. in an
amount exceeding $10,000. The term monetary
30
Study Guide v1.0
instruments is a broader term than currency in that
the former includes cash, traveler’s checks and
all negotiable instruments, including securities in
bearer form.
Reporting requirements also include the obligation
to file reports with law enforcement agencies.
In the United States, this report is known as the
Suspicious Activity Report (SAR). In many other
countries it is known as a Suspicious Transaction
Report (STR). A financial institution is required to
file a SAR/STR whenever it identifies a transaction
or activity (over certain dollar thresholds) which
is unusual, suspicious or indicative of possible
criminal activity. This reporting requirement
is extremely important because it obligates
financial institutions – the proverbial first line of
defense against money laundering and terrorist
financing – to provide essential information to
law enforcement authorities, so they can follow
up on the case and pursue leads involving money
laundering and terrorist financing.
Red Flags
An essential aspect of being able to file STRs/SARs is
being able to identify unusual or suspicious activity –
also colloquially known as “red flags.” Red flags are
as numerous as the different ways in which money
laundering and terrorist financing is conducted. Red
flags can involve unusual transactions and suspicious
behavior, as well as trends that are noted over time.
A financial entity has to be alert to red flags and
needs to investigate them when they arise. However,
as stated a number of times now, no institution can
be expected to identify all potential red flags or
improper activity. It can only hope to take reasonable
measures to do so.
As noted, there are a myriad of red flags and they
can occur in every line of an institution’s business
and with regard to most any client or product.
What follows is a list of some common red flags in
various areas of a financial institution in order to
give the reader an idea of what they can involve.
Suspicious Customer Behavior
This is, perhaps, the most commonly thought of
area of potential red flags. This would include
situations where:
• The customer is overly nervous in
conducting a transaction;
• The customer is hesitant or reluctant to
provide normal information in conducting a
transaction;
• The customer asks a number of questions
concerning the institution’s reporting
requirements;
• The customer tries to persuade (or bribe)
the institution’s employee into not filing a
necessary report;
• The customer is reluctant to proceed with
a transaction once it is understood that a
report must be filed;
• The customer wants to break down a large
cash deposit into smaller amounts that are
under the reporting thresholds;
• The customer’s accounts display a high
degree of movement of funds or an
unusually large number of cash transactions
– not fitting with what is known about the
customer’s line of work or business;
• The customer has a number of accounts
when there does not appear to be any
reason for having a number of accounts;
• The customer engages in a number of
foreign transactions when that does not
seem to be in keeping with the customer’s
line of work or business; and
• The customer seems to be maintaining
accounts established through an unusually
complex trust or other legal process.
Suspicious Customer Identification
Circumstances
The account opening process is a very important
one and provides a financial institution with an
opportunity to learn about its potential customer.
It is also an opportunity to examine the customer’s
behavior during the account opening process.
Here are some red flags to look for:
• The customer is hesitant in providing
typical identification information and
documentation;
• The customer does not want to provide
information about his line of work;
• The customer has no record of current or
previous employment;
• The customer does not want to provide
information about his business, such as
audited financial statements;
• The customer is unwilling to provide
personal information, such as a Social
Security Number;
• The customer does not adequately explain
why he wants to open an account at the
institution;
• Neither the customer’s home nor place of
business is located conveniently close to the
bank;
• The customer’s phone is disconnected; and
• The customer does not want a monthly
bank statement sent to him.
Suspicious Cash Transactions
While not all money laundering involve cash
transactions, large and unusual transfers of
cash can be suspicious. Here are some red flags
pertaining to cash transactions:
Study Guide v1.0
31
• Cash transactions in size or frequency outside
of what would be expected for the particular
customer’s line of work or type of business;
• Large amounts of cash are deposited and
then wired out to foreign countries;
• A series of customers come in with cash
deposits to related accounts going to
different tellers;
• The customer makes frequent cash deposits
or withdrawals under the reporting
thresholds;
• The customer makes frequent purchases
of monetary instruments just under the
reporting thresholds.
Suspicious Wire Transfer Activity
The speed and volume of wire transfers throughout
the world each day make them an ideal method for
transferring illegal funds through many accounts
in numerous jurisdictions in order to disguise the
audit trail and to “layer” the funds. Here are some
examples of red flags pertaining to wire transfers:
• The transfer of funds by wires to
jurisdictions not connected with the
customer’s business;
• The customer sends a volume of wire
transfers that is inconsistent with the
apparent needs of his business;
• The customer sends a series of wires just
below the reporting requirements;
Suspicious Non-Cash Transactions
As stated above, money laundering can occur
through the use of cash and non-cash. Some of
the red flags that can be attributed to non-cash
transactions include:
• The customer deposits a large number of
sequentially numbered traveler’s checks or
money orders;
• The customer deposits a large number of
third-party checks from out of the area;
• The customer sends funds to a foreign
country in a manner that does not seem to
have any legitimate business purpose and
is not in keeping with the customer’s known
line of business;
• The customer deposits a large amount of
funds and immediately wires the funds out
of the country; and
• The customer frequently and seemingly
randomly transfers funds between accounts.
32
Study Guide v1.0
• The customer asks for his identifying
information not be included on the
wire transfer;
• The wire transfers are directed to a
third party that does not seem to have
any connection with the customer’s
legitimate business;
• The wire transfers are sent mostly to
third world countries known as bank
secrecy havens;
• The customer deposits third-party checks
or bearer checks and then quickly wires the
funds elsewhere; and
• The customer tries to send a wire to a
person on the OFAC blocked list.
Suspicious Commercial Account Activity
Due to the fact that commercial account activity
typically involves large amounts of money,
laundered funds can be easily disguised within the
legitimate funds. In addition, there is always a risk
that the commercial enterprise is a “front” for a
money laundering operation and is not a legitimate
commercial enterprise at all. Here are some red
flags pertaining to commercial account activity:
• The customer provides check cashing
services, but does not make cash
withdrawals to fund the check
cashing service;
• The corporate account shows little to
no account activity followed by spurts of
activity that do not seem to correspond to
normal commercial business cycles;
• The customer is unwilling to provide
certified Articles of Incorporation or audited
financial statements;
• The customer presents financial statements
that are not audited and contain entries not
typically seen in financial statements;
• The commercial account involves activity
in countries that are inconsistent with
the known activity and purpose of the
corporation; and
• The customer maintains a number of
different commercial accounts for no
apparent legitimate reason.
Suspicious Trade Financing Transactions
The area of trade finance is a very complicated
and specialized area, but it contains numerous
opportunities for money laundering. Here are some
of the red flags that can be involved in this area:
• Under- or over-invoicing of goods being
shipped – in order to transfer funds from
one country to another (e.g., a shipment
of goods valued at $100,000, but worth $1
million, effectively transfers $900,000 from
one country to another);
• Changes in the beneficiary at the
last minute;
• Shipment of goods through various
countries for no apparent commercial
reason;
• Shipment of goods to a country that has
little demand for such goods;
• Importation of goods from a country that is
not known for producing such goods;
• Shipments without proper documentation;
and
• Trade financing activity with a third
world country that is known as a money
laundering haven.
Suspicious Employee Activity
While customers are usually thought of first when
viewing money laundering or terrorist financing
risks, there can also be a substantial risk from the
institution’s own employees. They can be corrupt to
begin with and still pass the screening procedures
of the institution or, alternatively, can be co-opted
into engaging in illicit activity on behalf of a
customer. Here are some red flags dealing with this
area:
• An employee who has a lavish lifestyle
compared to salary and known sources of
wealth;
• An employee who has exaggerated or
falsified their background;
• An employee who caters to specific
customers who decline to go to other
institution employees for assistance;
• A private banking employee who is overly
close to or solicitous of the customer;
• Changes in letter of credit documentation
just before payment is to be made;
Study Guide v1.0
33
• An employee who frequently overrides
internal controls or who generates a
disproportionate number of internal control
exceptions;
• An employee who avoids taking periodic
vacations; and
• An employee who engages in personal
favors for customers.
Investigations
Investigation Basics
There are a number of issues to be raised and
answered with regard to the investigatory process
in the context of AML/CTF. The issues include:
• When should an investigation
be conducted?
• Why should an investigation be conducted?
• How should an investigation be conducted?
• By whom should an investigation be
conducted?
• What should be the end product of
an investigation?
This section is designed to respond to these issues.
As noted above, one of the first things an
institution should do in developing an AML/
CTF program is to perform a comprehensive risk
assessment, looking at the institution’s location, or
jurisdiction, its clients, and its products. Out of that
comes an understanding of the AML/CTF risks the
institution faces. As an adjunct to that process of
determining what is called the “inherent” risks an
institution has, the institution needs to examine its
internal controls to determine what steps toward
34
Study Guide v1.0
mitigating the inherent risk it has taken and can
take. The result is the “residual” risk. At that time,
of course, the institution has to determine whether
it can handle the residual risk and, if not, how it
can improve its internal controls and/or whether
it needs to discontinue operating in the particular
jurisdiction, serving the particular customer or
offering the particular product.
Once it has determined what risk it is willing to take
and what business it will conduct, the institution
has to determine how and to what extent it can
monitor the risks on a periodic and on-going basis.
Most monitoring processes involve sophisticated
software that can review transactions and trends
and create alerts to be investigated. Issues can
also be raised by the staff of the institution. The
institution needs to determine when, how and to
what extent it needs to investigate these alerts
and issues.
When an Investigation Should Occur
The simple answer is that an investigation should
be conducted whenever there is an internal or
external alert. That means a piece of information
or red flag has indicated that something may
be wrong – that something may be unusual,
suspicious, or indicative of a potential violation of
criminal law. This type of information can come
from the issuance of a Grand Jury subpoena, a
search warrant, a request from a regulatory agency,
a report of examination from the regulatory
agency, an internal monitoring alert, a civil lawsuit,
a news report, etc. It is incumbent in such situations
(potentially over a pre-designated dollar threshold)
for the institution to investigate the matter.
Whenever a concerned employee comes to
senior management and indicates that there
may be something wrong, senior management
should ensure that the matter is investigated – or
have a very good reason not to. The staff of an
institution is too important, too experienced in
detecting situations that are abnormal from what
they ordinarily see day-in and day-out, and too
intelligent to be ignored. Institutions that do
not follow up on employee concerns do so at
their peril.
AmSouth Bank case study
A dramatic example of this maxim, as well as
other issues discussed in this Study Guide,
occurred in a case involving AmSouth Bank.
The evidence in the case indicated that the
bank should have been aware of a Ponzi
scheme that was being perpetrated through
some accounts at the bank. The owners of the
account had an investment venture in which it
was promising investors a return of up to 25%
a month – a virtual impossibility. The bank had
copies of the promotional materials, but did
not seem to focus on them or realize that they
were unusual.
In addition, the bank failed to comply with
various investment directives signed by the
participants in the investment scheme.
In addition, according to the Department
of Justice’s Statement of Facts, the bank –
including, its General Counsel – failed to
properly respond to a Grand Jury subpoena.
According to the Statement of Facts, the
General Counsel failed to even search his own
files and failed to request documents from
other relevant parts of the bank. Further, the
bank’s outside counsel allegedly provided
misleading responses to the Department of
Justice. To the extent this occurred, it is never
a good idea.
Another point, according to the Government’s
documents, is that the bank had inadequate
AML policies and procedures. In fact,
according to the documents, when at least
one bank employee voiced his suspicions
that there might be an illegal scheme being
perpetrated, the bank did not follow up on
his concerns and investigate. This was in
spite of the fact that the employee reported
his concerns to both the bank’s legal
department and to the bank’s Corporate
Security department.
Further, the Government’s documents spelled
out the fact that several other employees
of the bank reported a series of instances
of suspicious transactions involving millions
of dollars that were not followed up on
or investigated, let alone reported to law
enforcement authorities.
As a result of the various alleged missteps
on the part of AmSouth Bank, it became the
subject of a Deferred Prosecution Agreement
and was required to forfeit $40 million and to
pay a civil money penalty of $10 million.
So again, as this case points out, failure
to listen to the concerns of employees is a
grave mistake.
Why Investigations Should Happen
There is a simple answer to this question– why
investigations should be conducted. First, it is
required. In order to be able to file SAR/STRs –
which are required to be filed by regulation – an
institution must first have been able to identify
and to investigate the matter so it has a basis for
reporting it. As noted above with the Broadway
National Bank case, failure to file a SAR/STR
– either due to ineptness, willful blindness or
whatever – can result in administrative and
criminal fines, as well as adverse publicity and
loss of business.
Second, it is appropriate for the institution to
conduct investigations for its own self-preservation.
If the institution can timely identify and investigate
a matter involving potential wrongdoing, it not only
can avoid regulatory and criminal action against
it, it can protect its own assets and those of its
customers who might be the victims of criminal
Study Guide v1.0
35
wrongdoing. Further, failure to uncover a fraud can
easily lead to lawsuits against the institution by the
alleged victims – even if such lawsuits ultimately are
found to be meritless.
Third, an internal investigation can better prepare
the financial institution for a civil, administrative or
criminal investigation or proceeding. It will give the
institution an advanced understanding of what the
matter is all about and an opportunity to deal with
it and to take appropriate remedial action.
Fourth, and most importantly, financial institutions
are designed to be the first line of defense in
fighting money laundering and terrorist financing. It
is frequently in a financial institution where the illicit
activity occurs – either initially or at some subsequent
point in the process. If the financial institutions fail
to monitor for, investigate, and report potential
wrongdoing, we are all at a disadvantage and are
rendered more vulnerable than we already are. We
rely on financial institutions to conduct our financial
transactions for us, but also to keep us relatively safe
from the scourge of money laundering and terrorist
financing. No amount of vigilance can eradicate
these problems, but, without the financial institutions
“standing guard” for us, we would be far worse off.
How an Investigation Should Happen
Information warranting an investigation, as noted
above, can come from within the institution, from
news articles or subpoenas from law enforcement
or requests from banking or regulatory agencies.
The more serious the information, alert or
notification, the more in-depth the investigation
should be. However, that said, the question
remains, how should an investigation
be conducted?
In conducting an investigation – whether simple
or complex – the staff should start by determining
what the case is about. What are the allegations?
How important are the allegations or suspicions?
How did the case arise? Basically, the question
is what is the basis for the preliminary conclusion
36
Study Guide v1.0
that the transaction or activity may be unusual
or suspicious?
Then, the investigator should gather all relevant
documentation, and analyze it carefully,
determining what the documentation means and
to what extent it demonstrates that something is
unusual, suspicious or potentially criminal. If the
investigator needs to obtain documents outside
of the institution, he or she should determine how
best to go about doing that – including using the
sharing provisions of a law like § 314(b) of the USA
Patriot Act discussed above.
The investigator should also look at the past history
of the account and the account holder and examine
any trends that might exist involving, for instance,
the flow of funds through the account or with
regard to the conduct of the customer.
The investigator should also consider interviewing
the relevant staff and, on some occasions, the
customers themselves. The latter should be
reserved for unusual situations because contacting
the customer can sometimes cause the customer to
destroy documents or to have the time to fabricate
a story.
Who Should Conduct the Investigation
The simpler, easier investigations can be
conducted at a lower staff level than the more
serious or sensitive investigations. Accordingly,
it is good to have a triage unit that can quickly
review and separate the more routine cases
from the more serious. The latter should go to
a more highly experienced and trained unit that
can take the necessary time to ensure that the
inquiry or investigation is thorough and complete.
Unfortunately, small or community banks do not
have this flexibility as their staffs are small and
AML officers are likely responsible for a myriad of
compliance responsibilities.
In certain situations, in addition to using more
senior and experienced investigators, it may be
appropriate to use counsel – either internal or
external. Those situations in which the institution
may want to consider contacting counsel arise
when the institution itself might be a target; where
the institution might be at fault or criticized for
not detecting the transaction earlier; where the
transaction may involve a politically exposed
person; a case that is apt to become a sensitive for
whatever reason – local politics, the nature of the
account, the type of activity involved, etc.; where
there may be adverse publicity; or where there is
an unusually large amount of money involved. If
litigation is anticipated, it may be appropriate to
use outside counsel who has particular experience
with regard to litigated cases, financial matters and,
specifically, the AML/CTF issues.
Investigation Outcomes
What Should be the End Result
of an Investigation?
There is no way to predict how an investigation will
turn out or what it might uncover, but there are
certain threads to keep in mind.
First, almost every investigation should result with
a written report, even if it has to be closely held. It
is essential that the institution makes and retains
a record of what was investigated, how it was
investigated, the conclusion arrived at as a result of
the investigation and, most importantly, the basis
for the conclusion. No case is too sensitive not to
keep such a record.
In addition to the concluding report, there needs
to be some decisions made as a result of the
investigation, such as:
• Should a SAR/STR be filed?
• Should the account be closed?
• Is there a need for enhanced training so
that similar situations do not reoccur?
• Are there employees who need to
be disciplined?
• Does the Board of Directors need to be
advised about the case?
If the determination is to file a SAR/STR, there
should be a centralized department in the
institution that reviews and approves the filing
of the SAR/STR so that such decisions are well
founded and uniform. Getting the involvement of
legal counsel may be a good idea so that they can
review the case from a legal perspective.
If the determination is not to file a SAR/STR,
that too needs to documented and justified – in
particular because it might be questioned after the
fact. In most cases, such an analysis or explanation
need not be lengthy.
If a SAR/STR is filed, the institution is not
automatically required to close the account that is
involved in the transaction. One reason for this is
that the filing of a SAR/STR is simply an expression
of concern that there may be unusual or suspicious
activity. It does not represent a finding that there is
criminal activity – that is up to the judicial system
to determine.
The more serious the potential wrongdoing, the
more pressure – and justification – there is to close
the account. However, the determination to close
an account should be done only with the approval
of supervisors, if not legal counsel.
If law enforcement approaches the institution and
asks for it to keep an account open, the institution
should typically accede to the request, but it should
obtain the request in writing under appropriate
letterhead and signed by an appropriate official.
One outcome of any investigation may be that the
policies, procedures, internal controls or training
within the institution are flawed or simply need to
be enhanced. The investigative unit of the institution
should keep this fact in mind and should not hesitate
to recommend changes when deemed appropriate.
Study Guide v1.0
37
Similarly, if there has been improper activity on the
part of an employee – ranging from inattention or
lack of understanding to active complicity – the
investigative unit should be alert to the need to
recommend anything from remedial training to
disciplinary action.
Another issue to keep uppermost in mind,
especially when investigating a potentially serious
or large case is whether – and when – to notify the
institution’s senior management and the Board of
Directors of the case. The investigative unit should
keep in mind that it cannot afford to allow the
Board to be blindsided by not knowing about an
important case within the institution that is under
active investigation. Again, this is an issue that
might warrant obtaining legal counsel and/or
using appropriate escalation of issues up the
chain of command.
Tips
In conducting an investigation, there are certain
things to keep in mind:
• A careful review of the underlying, relevant
documents is always a must;
o The investigator should ensure that he or
she has obtained all relevant documents;
o The investigator should carefully organize
and analyze all of the documents;
o If the investigator does not understand
the meaning or significance of a
document or a statement within a
document, he or she should not hesitate
to ask for clarification;
o The investigator should maintain careful
control and custody of the documents; and
o The investigator should segregate and
keep a separate log of all potentially
privileged documents to ensure that they
do not get inadvertently disclosed;
38
Study Guide v1.0
• The investigator should discuss the case
with the staff who uncovered the problem
to ensure that the investigator fully
understands the case and the underlying
concerns giving rise to the investigation;
• A complicated or sensitive case should be
escalated up the chain of command;
• Interviews – other than preliminary
interviews in order to gather information
from the initial referring employee –
should be done only by experienced staff,
especially when talking to the potential
suspect;
• Supervisors should be kept abreast of all
developments in large or sensitive cases;
and
• Discussion of all cases should otherwise be
kept to a minimum.
Suspicious Activity Reporting
After an internal investigation, a determination
needs to be made regarding next steps. First
and foremost, there should be a written account
and summary of what was investigated, how it
was investigated and by whom. For the simple,
straight-forward cases, this need not be lengthy.
However, in the more complex and sensitive cases,
this accounting should be relatively detailed. It is
important to know what the underlying issues were;
how the matter came to the institution’s attention;
what documents were reviewed; who was talked
to; what they said; etc. It may be necessary to
review and even re-create what was done in order
to establish that the investigation was thorough
and what might have been missed.
The report should also include the findings of the
investigation. If the investigation concludes that
there was no wrongdoing or that the transaction
or activity does not appear to be unusual or
suspicious, then that should be the conclusion and
no SAR/STR should be filed.
If the transaction or activity being investigated
appears to be indicative of criminal activity or,
alternatively, appears to be unusual or suspicious
and there is no reasonable explanation for it, then
a SAR/STR needs to be filed within the specified
time period. An institution should guard against
filing “defensive” STRs/SARs that are designed not
to inform law enforcement of a potential problem,
but, rather, simply to protect the institution from
liability. If the institution has investigated the
matter properly, has come to a reasoned decision
to not file a SAR/STR and maintains a written
explanation and justification of that decision, there
should be no liability. In this regard, it should be
kept in mind that the institution is not required –
nor expected – to get every report correct.
External Investigations
The preceding discussion, of course, pertains to
internal investigations. External investigations
pertain to situations where law enforcement or
regulatory agencies investigate the institution or a
transaction that occurs within the institution.
Dealing first with regulatory agency inquiries, if
the agency has examination or visiting powers
and the ability to look at the books and records
of the institution (as is true in the case with bank
regulators), then it may not always be immediately
apparent that the examiners have found
something. However, when that fact becomes
apparent, or when a regulatory agency sends a
written inquiry to the institution, then, in addition
to responding to it on a complete and timely basis,
the institution should make its own internal inquiry
to determine itself whether something is wrong.
If the institution files a SAR/STR, law enforcement is
entitled to receive and review the documents that
the institution has set aside to support the filing
of the SAR. No Grand Jury subpoena or search
warrant is required in order for law enforcement to
obtain this documentation. If the law enforcement
agency wants additional information – documents
or testimony – typically, it needs to issue a Grand
Jury subpoena based on probable cause It is
usually a good idea to have someone specifically
tasked with the responsibility for monitoring the
effort to comply with the Grand Jury subpoena
and for ensuring that all responsive information
and documentation is gathered and delivered to
the law enforcement agency on a timely basis. This
may involve phone calls and emails to the relevant
divisions or departments of the institution as well
as follow-up inquiries and reminders. Note our
earlier point regarding small institutions.
When law enforcement officials arrive at the
institution with a search warrant, that means
that they are entitled to search for and take the
material or documents that are specified in the
warrant. Again, the institution should do it best
to cooperate with the law enforcement officials to
the fullest extent possible. The institution should,
however, ask for a copy of the search warrant and
see if they can obtain a listing or inventory of what
is taken from the institution.
Interviewing Witnesses
Interviewing witnesses is an integral part of most
any investigation. With respect to interviewing
staff who may have uncovered the unusual
activity or who can direct the investigator to the
applicable books and records, a special skill is
not usually required.
In terms of who to interview, it may vary
with every particular case, but it is usually a
good practice to start with the least involved
individuals who are apt to answer questions in
the most forthright manner and who do not
appear to have anything to hide or any hidden
agenda. Once that category of individuals has
been interviewed and their statements and the
underlying documents have been gathered and
analyzed, then it might be appropriate to move to
individuals who are potentially more involved in the
possible wrongdoing. It should be remembered,
Study Guide v1.0
39
though, that, if these individuals are involved
in wrongdoing, they may be apt to lie to and
otherwise try to mislead the investigator. In these
cases, the interviewer has to be aware of this
possibility and has to know how to respond.
When it comes time for an employee of the
institution to be interviewed by regulatory or law
enforcement officials, it is usually a good idea to
prepare the employee. Most people have not
been interviewed in such situations, so they may
well be nervous and not know what to expect.
Consequently, counsel or a trained individual from
the institution should meet with the employee to
go over the ground rules, discuss what is to be
expected and review their testimony to the extent
possible. The employee should be advised to
always tell the truth.
International Cooperation
When a particular investigation has international
ramifications there are avenues of the possible
cooperation and sharing of information between
countries. While it is not always an easy and quick
process, it can be very fruitful. This type of international
cooperation, though, is done at the government level
and is not available to individual institutions.
International Money Laundering
Information Network
The International Money Laundering Information
Network (IMoLIN) was developed by the United
Nations and serves as a clearinghouse for money
laundering information for AML agencies. It
maintains various databases pertaining to relevant
international contact information, legislation,
events, conferences and current news. However,
only the latter item is available to the public.
Mutual Legal Assistance Treaties
Mutual Legal Assistance Treaties are a very formal
means for countries to exchange information in
order to obtain admissible evidence in court cases.
It is frequently time-consuming and requires a
40
Study Guide v1.0
number of steps, including the issuance of a formal
letter – often known as a “commission rogatoire,”
or Letter Rogatory – requesting the information
and giving requisite background of the underlying
case. The receiving country reviews the request,
sends it to the local jurisdiction for investigation or
response and then obtains authorization to release
the information to the requesting country.
Egmont Group
As discussed earlier, the membership of the
Egmont Group consists of Financial Intelligence
Units from over one hundred countries focused
on AML/CTF issues. In 2001, the Egmont Group
issued a paper entitled “Principles of Information
Exchange Between Financial Intelligence Units.” It
is designed to provide guidance and a mechanism
for sharing information between FIUs. However,
this type of sharing is designed to be informal and
not necessarily lead to the exchange of information
that can be introduced as evidence before a court.
In the document, countries and FIUs are
encouraged to cooperate and to exchange
information to the fullest extent possible. The
paper also encourages spontaneous sharing –
meaning, forwarding information that comes to the
attention of one country that is apt to be of interest
or concern to another country without first being
asked for the information.
The document also stresses that the exchange of
information should occur as rapidly as possible
and that differences in the definition of offenses
by different countries should not be an obstacle to
reciprocal sharing, especially with regard to predicate
offenses for money laundering and terrorist financing.
Supervisory Channel
The so-called “Supervisory Channel” is the system
of sharing between different countries’ banking
supervisors. The sharing can be on the subject of
the financial soundness of a banking group which
crosses country lines. It can also be about the
background of a foreign PEP. It can also focus on
particular transactions or accounts. In other words,
it can be very broadly based.
The basis for sharing between two banking
agencies is frequently memorialized in a
Memorandum of Understanding (MOU) between
the two countries. Unlike an MLAT, it is not
a formal, binding agreement and the shared
information can usually not be used as evidence in
a court proceeding.
Study Guide v1.0
41
Reach us at ACAMS World Headquarters:
ACAMS
Brickell Bayview Centre
80 Southwest 8th Street, Ste. 2350
Miami, FL 33130 USA
Online: acams.org
Email: info@acams.org
Phone: +1 866.459.CAMS (Toll Free)
+1 305.373.0020 (US & International)