***FAQ in KYC Interviews***
1. What is KYC ?
Ans: Know Your Customer or Client. it is a process of identifying & verifying the client’s details.
2. Why KYC is required ?
Ans: to prevent the money laundering or terrorist financing or fraud related issues.
3. What is Money Laundering ?
Ans: it is a process of converting illicit money (black money) into legitimate money (white
money)
4. What are the stages in money laundering ?
Ans: 3 stages.
Placement
Layering
Integration
5. What is terrorist financing ?
Ans: providing finance to the terrorist people or terrorist organizations called terrorist financing.
It can be legitimate (white) or illicit (black) money.
6. What is AML ?
Ans: Anti-Money Laundering. It is a process of preventing the Money laundering.
7. What is CTF ?
Ans: Counter Terrorist Financing. It is a process of preventing the Terrorist financing activities.
8. What are the various process steps under AML ?
Ans:
A. KYC (Know Your Customer)
- On-boarding
- Periodic Reviews
- Trigger Events
B. Transaction Monitoring
C. Suspicious Activity Reporting.
9. What are the main key parties in KYC teams?
Ans:
Maker (Analyst / Senior Analyst)
Checker (QC – 4 eye)
SME (Subject Matter expert)
QA (Quality Assurance – 6 eye)
Compliance
Business Unit / FO (Front Office)
RM (Relationship Manager)
10. What is Onboarding?
Ans: Onboarding is the process of opening an account with our Bank for the first time.
11. What is periodic review ?
Ans: Once onboarding is completed; Periodical review will be started based on the client’s risk
rating. (need to review the all KYC docs once again for the existing clients)
- Low risk clients (3 years once)
- Medium risk clients (2 years once)
- High risk clients (annually)
*tenure depends on bank to bank.
12. What are the process steps under KYC ?
Ans: KYC = IDD + CDD + EDD
13. What is IDD ?
Ans: Initial Due Diligence - It is also called the Gap analysis. Analyzing the initial documents
available in public source and identify the Gaps to complete the KYC checks.
14. What is CDD ?
Ans: Customer Due Diligence. It is a process of identifying and verifying the client details and
assessing the risks of the client.
It includes:
- Documents analysis
- Screenings
- Risk rating of the client.
15. What is EDD ?
Ans: Enhanced Due Diligence. This step only required if client risk rating turns as High. (we
required to collect some information or additional docs from the client.
16. What are the additional docs or information required for EDD ?
Ans:
- Ownership threshold is 10% or more.
- Source of funds of the client.
- Source of wealth of UBOs
-
ID & Address copies of UBOs
Compliance Approvals on KYC checks
17. What are the various Client types?
Ans:
- Banks
- Corporates
- NBFIs (Non-Banking Financial Institutions)
- Funds (Hedge Fund & Mutual Funds)
- Trusts
- SPVs
- State owned entities
- Foundations... etc.,
18. What are the main (common) requirements to be obtained from client?
- Full legal name
- Registered address
- Business address
- Registered number and date
- Nature of business.
- Completed ownership
- List of directors & controllers.
- Financial data (Revenue and assets)
- Tax related information… etc.,
19. Who are the common connected parties to the client ?
- Directors
- Controllers
- Shareholders
- Auditors
- Authorized signatories.
20. Who are the controllers ?
Ans: Chairman, CEO – Chief Executive Officer, CFO- Chief Financial Officer, COO - Chief Operating
Officer...etc.,
21. What is Fund (Mutual Fund / Hedge Fund) ?
Ans: Please check in Google for general definitions (no standard definitions).
22. Who are the main connected parties to the fund ?
Ans:
- Feeder funds (if it is master-feeder structure)
- Directors
- Administrators
- Asset Managers
- Advisors
- Legal Advisors & Auditors… etc.,
23. What are the main documents for the funds?
Ans:
- Prospectus
- Offering memorandum
- Investment Management Agreement
- Memorandum & Articles of Association
- Fund representation & AML letter
24. What is Bank and various documents for Bank ?
Ans: Bank is a Financial Institution.
- Banking License
- Regulation proof
- Wolfsberg Questionnaire
- Bankers almanac.
25. What is Correspondent banking ?
Ans: A bank is providing products / services to another bank customer is called correspondent
banking.
26. What is NBFI and what comes under it ?
Ans: Asset Managers, Insurance Companies, Brokers and dealers & Wealth Management
services.
27. What are the connected parties to the Trust ?
Ans: Trustor, Settler or Grantor, Trustees, Beneficiaries, Directors, Auditors, Administrator...etc.,
28. What are the main required documents for the Trust ?
Ans: Trust Deed; Trust Agreement, Regulation proof (if regulated)...etc.,
29. What is State owned or Government owned entity ?
Ans: Any entity which is more than 50% owned by any government it is called SOE.
30. What are the Primary sources?
Ans:
- Registry Extracts
- Regulation Proofs
- Stock Exchange Websites
-
Annual Reports
Client Documents...etc.,
31. What are the secondary sources ?
Ans:
- Bloomberg
- Thompson Reuters
- Avox Data
- Bankers almanac
- Mint Global
- Client Websites.
32. What are the Screening tools and uses ?
Ans:
- World Check – PEPs Identification; Regulatory and imprisonment news.
- Lexis Diligence / RDC – Negative News & Adverse Media.
33. What are main discounting factors in Screenings hits ?
Ans:
- Name Mismatch
- DOB / Age Mismatch
- Country Mismatch
- Biography Mismatch
- Gender Mismatch...etc.,
34. List of few sanction countries ?
Ans: (It may change, try searching in Google)
Iran
Syria
Venezuela
Cuba
North Korea
Turkey
35. What is FCCR and why it is required ?
FCCR is the risk calculator for the client and it is required to know the client risk rating while onboarding or periodic review stage.
36. What is the required ownership threshold for various risk clients ?
Ans:
Low & Medium – 25% or more.
High – 10% or more.
37. What are the key risk indicators (or risk deciding factors) ?
Ans:
- Country risk
- Nature of business of the client
- Ownership type
- Products & Services provided by bank
- Negative News, sanction news & PEPs … etc.,
38. What are the various ownership types ?
Ans:
- Public ownership (listed)
- Partnership
- Family Ownership
- Trust / Foundation... etc.,
39. What is IBO & UBO ?
Ans:
- IBO is the Intermediate Beneficial Owner
- UBO is the Ultimate Beneficial Owner.
For Eg., Infosys BPM Limited is wholly owned by Infosys Limited, which is wholly owned by
Mr. Narayana Murthy.
Here, Infosys Limited is IBO and Narayana Murthy is UBO
Note: UBO should be an individual or Government (It can’t be an entity).
40. What are the Various client risk types ?
Ans: Low, Medium & High.
41. Who is PEP ?
Political Exposed Person (various banks have different definition for PEPs), please check the
general definition for PEP in Google.
42. Source of Funds ?
Ans: Source of the funds is that how the client is running the business (working capital) (day to
day activities)
43. Source of Wealth ?
Ans: Source is wealth is the initial capital to start a business.
44. List of few tax forms in International KYC ?
Ans:
-
US incorporated client : Form W-9
Non-US clients : Form W8-BEN-E or W8-IMY
CRS form (All locations)
45. List out few Products and services provided to the client ?
Ans:
- Custody
- Foreign Exchange
- Correspondent Banking
- Trade Finance
- Debt Securities
- Bonds
- Stocks… etc.,
46. List of few High-risk industries ?
Ans:
- Money Service Businesses
- Pharma Industries
- Mining and Petroleum
- Real Estate
- Gold and Precious metals…etc.,
47. List of few regulators ?
Ans:
USA : Securities & Exchange Commission ; National Futures Association ; & Federal Bank.
Hong Kong : Securities & Futures Commission; Insurance Authority; & Monetary Authority.
UK: Financial Conduct Authority.
Singapore : Monetary Authority of Singapore.
48. List some common KYC documents?
Ans:
- Registry Extracts
- Regulation Proofs
- Listing Proof
- LEI Proof
- Annual Reports
- Prospectus (Funds)
- Trust Deed (Trust)
- MOA & AOA
- Passport copies of connected parties
- Tax forms
- Ownership Charts… etc.,
49. Who are the Authorized Signatories ?
Ans: There are the people, who can sign the Bank related documents on behalf of clients (there
are might be directors also). Generally, this info can be found in Board resolutions.
50. Please Explain full KYC process ?
Ans : Pick any of case for an example Infosys, start with document analysis and end with risk
rating.
- IDD:
o Step 1: Gap Analysis.
o Step 2: Client outreach
- CDD
o Step 1: Full document Analysis
o Step 2: Screenings
▪ World Check
▪ Lexis Diligence
o FCCR (Risk Rating)
- EDD (if client risk rated as High only).
Note: These are very common FAQ in various Interview’s.
Money Laundering:
Converting of illegal money to legal money through financial transactions
Eg: Drug trafficking, Illegal Arms sales, Smuggling, Gambling
Live examples: Common wealth Games scam 2010 70,000 crore fraud
Money laundering Stages:
Placement-depositing the criminal proceeds into financial system
Layering- conceal the criminal origin of proceeds
Integration- Use criminal proceeds to personal benefit
Anti Money Laundering (AML)
It is a Transaction monitoring software allows banks and other financial institutions to monitor customer
transactions on a daily basis on in real time for risk.
Various steps under AML:
A. KYC (Know Your Customer)
- On-boarding
- Periodic Reviews
- Trigger Events
B. Transaction Monitoring
C. Suspicious Activity Reporting.
Counter Terrorist Financing (CTF):
It is a process of preventing the Terrorist financing activities.
Terrorist Financing:
Providing financial support to individual terrorists or terrorist organizations. It can be legitimate (white)
or illicit (black) money.
Difference b/w Money Laundering & Terrorist Financing
Differences
Source of Funds
Motivation/Intention
Type of Activity
Unlawfulness of Funds
Amount involved
Money Laundering
Criminal activities
Financial Profit, Monetary gain
Occurs after the criminal act
Source/Origin of dirty funds
Huge
Terrorist Financing
Criminal or May be Legitimate
Ideology, Publicity, Political Power
Supports future illegal acts
Ultimate aim intended to use
Smaller or Minimal
What is Transaction monitoring?
Monitoring of the customer a/c transactions including current and historical data of customer to get a
clear picture of customer activity
Shell Companies
A shell company is an incorporated company that possesses no significant assets and does not perform
any significant operations. To launder money, the shell company purports to perform some service that
would reasonably require its customers to often pay with cash.
Front Companies
These front companies enable these criminal organizations to launder their income from illegal
activities. As well, the front companies provide plausible cover for illegal activities such as illegal
gambling, extortion, drug trafficking, smuggling, and prostitution.
Screening:
Necessary checks before opening a new account so as to ensure that the identity of the customer does
not match with any person with known criminal background or with banned entities such as terrorist
individuals or terrorist organizations
Screening tools:
- World Check – PEPs Identification; Regulatory and imprisonment news.
- Lexis Diligence / RDC – Negative News & Adverse Media.
-RDC – Regulatory Data Corp.
Screenings hits Individuals/Entities
- Name Mismatch
- DOB / Age Mismatch/Date of incorporation
- Country Mismatch
- Biography Mismatch
- Gender Mismatch
FCCR(Financial Crime Risk Calculating Model):
It is the risk calculator for the client and it is required to know the client risk rating while on-boarding or
periodic review stage.
Difference between Bribery and Corruption:
Bribery means offering money
Corruption means misusing the power
Tipping Off:
Informing the customer about the investigation of AML offence to the client
Bearer Shares:
No Ultimate Beneficiary owner
No shares in Bearer form
Traded without any records and physical possession of the security
Structuring:
Making bank deposits in a specific pattern to avoid triggering an alert
Smurfing:
Breaking up a transaction involving a large amount into smaller transactions below the threshold
PEP(Politically exposed person)
In financial regulation, a politically exposed person is one who has been entrusted with a prominent
public function. A PEP generally presents a higher risk for potential involvement in bribery and
corruption by virtue of their position and the influence that they may hold.
Sanctions:
Restriction imposed on either country or person
Types of sanctions: Individuals, Economic, Diplomatic, Military, Sanctions on Environment, Sports,
Sanction Policy: it outlines how the organization will adhere to sanction laws, both inside and outside,
Forms an essential part of our fight against financial crime.
Types of Sanctions: International, Trade, Economic, Sports, Military Sanctions
Sanctioned Countries:
Balkans, Belarus, Burma, Cote D'Ivoire (Ivory Coast), Cuba, Democratic Republic of Congo, Iran, Iraq,
Liberia, North Korea, Sudan, Syria, and Zimbabwe.
UN sanctioned Countries: Afghanistan, Central African, The Republic Democratic Republic of the Congo,
Democratic People’s Republic of Korea, Iran, ISIL and Al-Qaida, Libya, Mali, Somalia, Sudan, Yemen.
High risk industries: Banking Industry, Currency Exchange (MSB),Money Transfer (Remittance),Payment
Industry, Casinos & Gaming Industry, Investment Industry, Real Estate/Construction Industry, Insurance
Industry, Precious Metals
Red Flags:







Creation of complex ownership structures when there is no legitimate or economic cause.
Unexplained changes in instructions, especially in last minute
Parties or their representatives are located in a high risk country
Relatives and Close Associate with PEP
If the asset Purchased in cash and then quickly used as a guarantee for the loan
If the funding source is unusual
Refuse to provide information, Data and the necessary documents
OFAC (Office of Foreign Control)-Is the Regulatory of US:
Administrates, Enforces trade and Economic Sanctions
FATCA (Foreign Account Tax Compliance Act):
To avoid tax evasion by the US citizens who holds assets in Foreign Financial institutions
FINCEN (Financial Crimes Enforcement Network):
It is a bureau of US Department of the Treasury, that collects and analyses information financial
transaction in order to combat Domestic and international money laundering, terrorist financing and
other financial crimes
US Patriot Law
Officially Uniting and Strengthening America by providing appropriate tools required to Intercept and
Obstruct Terrorism Act
Section 312 USA Patriot Act:
Requires US financial institution to perform due diligence and in some cases enhanced due diligence,
with regard to Correspondent accounts established or maintained for foreign financial institutions and
private banking accounts or maintained for non-US persons
BSA ( Bank Secrecy Act):
It requires all US Financial institutions have to keep record of cash purchase of negotiable instruments
and report transaction which are more than 10000 US Dollars
FATF (Financial Action Task Force)
It designs and promotes policies to combat ML/TF Eg: Works to stop funding for weapons of mass
destruction, They make standards, to ensure a coordinated global response to prevent organized crimes
Wolfsberg Group:
It is an association of thirteen global banks which aim to develop frameworks and guidance for the
management of financial crime risks. Wolfsberg group promoting engagement b/w public and private
sectors in the fight against financial crime.
Egmount Group:
Egmount group promoting engagement b/w public and private sectors in the fight against financial
crime.
AML typologies:
 Currency exchanges/Cash Conversion
 Cash couriers/Cash Smuggling
 Smurfing/Structuring
 Use of Credit cards, Cheques, Promissory notes, etc
 Purchase of portable valuable commodities(gems , precious metals)
 Purchase of Valuable assets ( Real estates, Luxury vehicles , Race horses etc)
 Use of wire transfers
 Hawala/Hundi
 Gaming activities( Casinos, internet gambling)
 Non Profit organizations
 Shell Companies/Front Companies
 Offshore Bank Accounts
 Identity fraud
 Use of gate keepers like Lawyers, Auditors, Brokers etc
SAR (Suspicious Activity Report):
It is a document that financial institutions must file with the FINCEN following a suspected incident of
money laundering or fraud
STR (Suspicious Transaction Reporting):
It is filed by a financial institution to the local Financial Intelligence Unit, if they have a transaction
related to criminal activity. STR has to file within & 7 days of transaction
CTR (Cash Transaction Reporting):
Bank is required to submit the details of, All the cash transactions which involves a transaction more
than $10000. CTR has to file within 15days of transaction.
KYC (Know your Customer/Client):
It is the process by which banks or financial institutions obtain information about the identity and
address of the customers.
Why KYC is important? To avoid the following risks
 Reputational Risk-danger to name
 Operational risk- bcz of failed internal processes
 Legal risk-breach of laws
 Regulatory risk-failed to comply with regulatory standards
 Liability risk-threat on the company
 Financial risk-cost
 Concentration risks-all eggs in one basket
Types of KYC:
 On boarding
 Periodic/Regular review
 Event driven review - Any Change in Client Corporate structure or Ownership or Top
Management./ Adverse Negative news on Media./ Business & Geographical Expansion.
 Off boarding
KYC Components/ Policy:
 Customer Acceptance Policy
 Customer Identification Policy (CIP)
 Monitoring of transactions
 Risk Management
Key parties in KYC teams:
Maker (Analyst / Senior Analyst)
Checker (QC – 4 eye)
SME (Subject Matter expert)
QA (Quality Assurance – 6 eye)
Compliance
Business Unit / FO (Front Office)
RM (Relationship Manager)
Risk Pillars/Appetite/Factors to consider risk:
 Geography
 Industry
 Customer
 Product
 Channel
Risk indicators (or risk deciding factors):
- Country risk
- Nature of business of the client
- Ownership type
- Products & Services provided by bank
- Negative News, sanction news & PEPs … etc.,
Process steps under KYC:
KYC = CIP(Customer Identification policy) + CDD + EDD
Onboarding:
Onboarding is the process of opening an account with our Bank for the first time.
Periodic review:
Once onboarding is completed; Periodical review will be started based on the client’s risk rating. (need
to review the all KYC docs once again for the existing clients)
- Low risk clients (3 years once)
- Medium risk clients (2 years once)
- High risk clients (annually)
*tenure depends on bank to bank.
Full KYC process:
- IDD:
 Step 1: Gap Analysis.
 Step 2: Client outreach
- CDD
 Step 1: Full document Analysis
 Step 2: Screenings
▪ World Check
▪ Lexis Diligence
▪ FCCR (Risk Rating)
- EDD (if client risk rated as High only).
CIP (Customer Identification Program):
It is a first phase in KYC.
It is process of gathering primary information regarding client before we on-board them. (Pre-Onboarding).
Due diligence types:
SDD(Simplified due diligence):
Every 5 years due diligence is done, normally on very low risk customers
CDD(Customer Due Diligence):
It is the process of identifying customers and checking they are who they say they are. It includes:
- Documents analysis
- Screenings
- Risk rating of the client.
EDD(Enhanced Due Diligence):
EDD goes beyond/in depth CDD, It is additional information collected for higher-risk customers (PEP) to
provide a deeper understanding of customer activity to mitigate associated risks. It will be done Every
year. It includes:
- Ownership threshold is 10% or more.
- Source of funds of the client.
- Source of wealth of UBOs
- ID & Address copies of UBOs
- Compliance Approvals on KYC checks
IDD (Initial Due Diligence) :
It is also called the Gap analysis. Analyzing the initial documents available in public source and identify
the Gaps to complete the KYC checks.
Correspondent banks :
These are domestic banks that have been established to provide services to a bank or financial
institution in another nation. Money transfers, currency exchange, trade paperwork, and commercial
transactions are all services provided by a correspondent bank.
Offshore bank
It is a bank regulated under international banking license (often called offshore license), which usually
prohibits the bank from establishing any business activities in the jurisdiction of establishment. Due to
less regulation and transparency, accounts with offshore banks were often used to hide undeclared
income.
Main (common) requirements/documents to be obtained from client:
- Full legal name
- Certificate of Incorporation
- Registered address
- Business address
- MOA & AOA
- Source of funds/Source of Wealth
- Registered number and date
- Nature of business.
- List of Directors and Key controllers and Authorised Signatories with ID & V
- Complete ownership
- List of directors & controllers.
- Tax related information
-Audited Financial reports
Products and services provided to the client:
- Custody
- Foreign Exchange
- Correspondent Banking
- Trade Finance
- Debt Securities
- Bonds
- Stocks
Common connected parties to the client:
- Directors
- Controllers
- Shareholders
- Auditors
- Authorized signatories.
Controllers:
Chairman, CEO – Chief Executive Officer, CFO- Chief Financial Officer, COO - Chief Operating
Officer...etc.,
Types of Customers
 Individuals- Photo, ID ,address
 Proprietorship/Sole Trader- Registration certificate, License under shop and establishment act,
Tax returns, VAT certificate, utility bills for address
 Partnership-Registration certificate, Partnership deed, ID and address proof of partners,
Attorney granted to a partner to transaction for business
 Corporate firms/Companies-Certificate of Incorporation, MOA & AOA, Resolution of board
directors, telephone bill, power or attorney
 PIV(Private Investment vehicle) SPV(Special Purpose Vehicle): ADV form, IAPD (Investment
Advisor Public disclosure)document, Investment managers details
 Funds- Fund Prospectus, Offering Memorandum(people involved-Fund Manager, Fund
Administrator, Board of Directors, Marketing or Distribution company
 TRUSTS/ASSOCIATION/CLUB/SOCIETY: Trust Deed, Certificate of Registration, if registered,
Copy of TAX id of Trust / Association / Club / Society, Power of Attorney granted to transact
business on its behalf, if any, Any document listing out the names and addresses of the trustees,
sellers, beneficiaries and those holding power of Attorney, and other key officials involved in the
day to day management of the trust to the satisfaction of the bank, Resolution of the managing
body of the foundation, Declaration of Trust/Bye Law of society/Bye-law of Association/Bye-law
of club, Attach the Proof of name and address of the founder, Manager/director and the
beneficiaries, telephone/fax number, Telephone bill, Utility bill apart from the above(bills not
older than 3-6 months).
Connected parties to the Trust:
Trustor, Settler or Grantor, Trustees, Beneficiaries, Directors, Auditors, Administrator...etc.,
 NPO-Voluntary certificate, Registered address
 NBFI & Banks-License issued by financial institution ,Regulation proof ,Wolfsberg Questionnaire,
PAC(Patriot Act Certificate)
 Govt/State owned body
 Mutual funds/Chit Funds
State owned or Government owned entity:
Any entity which is more than 50% owned by any government it is called SOE.
Basic Docs required for the entity:
 Certificate of Incorporation
 MOA & AOA
 Source of funds
 List of Directors and Key controllers and Authorized Signatories with ID & V
 Ownership structure
 Audited Financial reports
 Nature of Business with NACE code
Primary sources for KYC:
-Registry Extracts
- Regulation Proofs
- Stock Exchange Websites
- Annual Reports
- Client Documents
Secondary sources:
- Bloomberg
- D&B
- Orbis
-Lexis Nexis
- Avox Data
- Bankers almanac
- Mint Global
- Client Websites.
MOA(Memorandum of Association):
It is one of the document which has to be filed with the registrar of the companies at the time of
incorporation of the company.it contains the fundamental conditions upon which the company has to
be incorporated.
AOA(Articles of Association):
It’s a form document that specifies the regulations for a company's operations and defines the
company's purpose. The document lays out how tasks are to be accomplished within the organization,
including the process for appointing directors and the handling of financial records
Ownership threshold for various risk clients:
Low & Medium – 25% or more.
High – 10% or more.
Ownership types:
- Public ownership (listed)
- Partnership
- Family Ownership
- Trust / Foundation... etc.,
IBO & UBO:
- IBO is the Intermediate Beneficial Owner
- UBO is the Ultimate Beneficial Owner.
For Eg., Infosys BPM Limited is wholly owned by Infosys Limited, which is wholly owned by Mr. Narayana
Murthy.
Here, Infosys Limited is IBO and Narayana Murthy is UBO
Note: UBO should be an individual or Government (It can’t be an entity).
UBO(Ultimate beneficial ownership)
Is an individual who, either by himself or with others, directly or indirectly through persons (resident or
non-resident) including trusts holds beneficial interests of at least 10% in EDD case 25% in CDD case.
Authorized Signatories:
There are the people, who can sign the Bank related documents on behalf of clients (there are might be
directors also). Generally, this info can be found in Board resolutions.
Power of Attorney:
A legal document that gives someone the right to make financial or business decisions for someone else.
Tax Heavens
It provides Offshore banking services to foreign individuals and businesses that allow them to avoid
paying income taxes in their country of residence.
 Switzerland
 Panama
 Luxembourg
 The Cayman Islands
 Bermuda
 The British Virgin Islands
 the Netherlands
Tax forms:
- US incorporated client : Form W-9
- Non-US clients : Form W8-BEN-E or W8-IMY
- CRS form (All locations)
TI CPI(Transparency International Corruption Perceptions Index):
by their perceived levels of public sector corruption, as determined by expert assessments and opinion
surveys
Source of Wealth: the origin of their entire wealth including the volume of wealth the customer would
be expected to have accumulated and how the customer acquired that wealth. Eg: Inheritance, Winning
Lottery, Investors-dividends, Bank Interests, proceeds from sale of property, Overall Assets (Total net
worth)
Source of funds: Refers to the origin of the particular funds or any other monetary instrument which are
the subject of the transaction between a Financial Institution and the customer. Eg: Salary, Commission,
Fees, Wages (funds used in a transaction originated).
Registries:
A centralized repository of KYC records. Once the KYC documents are submitted by an individual/entity
they are registered in the repository with a unique number/Registration number.
Regulators: Who aim to prevent financial crimes by regulations and laws. Regulations require you first
to KYC check your customers during the onboarding process and then follow their financial transactions.
Companies that meet this Know Your Customer (KYC) requirement will ensure compliance.
Regulator Entity:
Regulated by the financial regulator of that particular country to carry out financial activities. Eg: UKCompanies House, India-Ministry of Corporate Affairs
Regulators of USA:


The Federal Reserve Board.
Office of the Comptroller of the Currency.






Federal Deposit Insurance Corporation.
Office of Thrift Supervision.
CFTC- Commodity Futures Trading Commission
FINRA- Financial Industry Regulatory Authority
State Bank Regulators.
State Insurance Regulators.
Regulators of India:
RBI- Reserve Bank of India
SEBI- Securities and Exchange Board of India
IRDA- Insurance Regulatory and Development Authority of India
PFRDA- Pension Fund Regulatory & Development Authority
NABARD-National Bank for Agriculture and Rural Development
Regulators of UK:







Financial Conduct Authority (FCA)
Financial Reporting Council.
Institute of Chartered Accountants in England and Wales.
Office of the Regulator of Community Interest Companies (ORCIC)
Payment Systems Regulator (PSR)
Pensions Regulator.
Prudential Regulation Authority (PRA)
Regulators of Australia:




The Australian Prudential Regulation Authority (APRA);
The Australian Securities and Investments Commission (ASIC);
The Reserve Bank of Australia (RBA); and.
The Australian Treasury.
Regulators of Germany:

The Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht, BaFin
Regulators of Netherland:
The Netherlands Authority for the Financial Markets (Dutch: Autoriteit Financiële Markten)
Regulators of Hongkong:



Securities & Futures Commission
Insurance Authority
Monetary Authority
Line of Defense:

1st line of Defense: Client facing business staff, Onboarding or CDD team


2nd Line of Defense: AML compliance staff
3rd Line of Defense: Internal Audit
SPV (Special Purpose Vehicle):
A special purpose vehicle is an orphan company created to isolate risks and reallocate assets to
investors. Property investments are typically held in special property vehicles. Companies can transfer
property ownership to an SPV and sell off that entity, paying (lower) capital gains tax instead of property
sales tax.
PIV (Private Investment Vehicle):
Investment vehicles are assets offered by the investment industry to help investors move money from
the present to the future, with the hope of increasing the value of their money. These assets include
securities, such as shares, bonds, and warrants; real assets, such as gold; and real estate.
Transaction Monitoring Alerts:
Based upon typologies and scenarios (sequence of event) alert will get triggered/generated
3 categories of alerts
1. Rule based Alerts
2. Behavioral Based Alerts
3. List Checking Alerts
Different type of Alerts
1. Structuring (Rule based)
Manipulation of currency transactions in such a way as to evade filing required reports. In other words
doing multiple Transactions in consecutive days in order to avoid the reporting threshold
2. Velocity: (Rule based)
Incoming transfer quickly followed by outgoing transfer
Money launderers may sometime use an account as a pass through to facilitate the layering phase of
money Laundering process
3. Unusual account Activity (Behavioral based)
This Activity is triggered if there is high turnover or Unusual amount of account activity in a month which
is Unusual for that particular customer
This alert begins to generate once the account age is greater than 4 months
4. Unusual specific Transaction Activity
Eg: Unusual international wire Activity, Unusual domestic wire Activity, Unusual ATM or cash Activity,
Unusual debit axed Activity etc..
5. Monetary Instruments Alerts
A. Purchaser: this alert triggers when a customer purchases multiple monetary instruments which
exceeds the threshold and quantity threshold
B. Beneficiary: this Alerts triggers when multiple monetary instruments are purchased made to the same
payee which exceed a dollar threshold and quantity threshold
6. Transaction from high risk country and fiscal Paradise
Trigger When customer sending currency to or receiving the currency from high risk country or tax
heaven country
7. Expected Behavior
Triggers when customer actual Activity exceeds the Expected Activity.
Know Your Customer Checklist: 4 Steps to Effective Know Your Customer Compliance
The Know Your Customer (KYC) process is an integral part of anti-money laundering (AML)
regulation around the world, helping banks and financial service providers understand their
customers’ financial behaviors and report criminal activity quickly. Accordingly, firms must
‘know their customer’ before they start doing business with them, and throughout the lifetime
of that relationship. This means asking for detailed information from a customer in order to
build an understanding of the level of criminal risk that they pose – specifically the likelihood
of them being involved in money laundering and terrorism financing.
The term ‘KYC’ is sometimes used interchangeably with AML, but while AML refers specifically
to compliance rules and regulations, KYC is a set of tools that firms can use to enforce them.
KYC actually underpins guidance from the Financial Action Task Force (FATF), which sets out
a series of fundamental AML/CFT requirements for member states such as conducting
customer due diligence (CDD) and establishing effective record-keeping systems – all of which
must be transposed into domestic legislation. With that in mind, financial service providers
must understand how to implement effective KYC by building suitable data collection and
monitoring processes into their AML solutions. Stay ahead of your AML/CFT obligations, and
ensure your organization is capable of combating financial criminals, with our Know Your
Customer checklist:
1. Collect Basic Information
The first step of the KYC process is to conduct appropriate customer due diligence (CDD) –
which refers to the collection of basic identifying information about the customer. Ideally,
firms should use digital CDD tools to capture and log the relevant data accurately and
efficiently – while minimizing the potential for human error. The basic customer data
required for the KYC process includes:
Names
Addresses
Dates of birth
Social security numbers
Company incorporation documents
The information that firms collect at this first stage of the KYC process will inform a
subsequent risk assessment, and define the firm’s AML/CFT compliance response.
2. Verify Customer Information
Firms must ensure that the basic data they collect as part of their KYC process is accurate and
up to date. Accordingly, when firms obtain information such as names and addresses, they
should corroborate that data with official documents such as driving licenses, passports, and
birth certificates. Similarly, once firms have obtained identifying data, they must compare it
to a range of relevant official lists which may affect the customer’s risk profile. These include:
High-risk jurisdictions
Global sanctions and watch lists
Politically exposed persons (PEP) lists
Criminal registries, including lists of participants involved in bribery and corruption
3. Assign a Customer Risk Rating
The information collected and verified as part of the customer due diligence process
represents the foundation of a customer’s KYC risk rating. The risk rating is a calculation that
takes into account a range of factors, including the likelihood that an individual customer is
involved in financial crime, and the wider operational compliance risk that a firm faces.
In jurisdictions that mandate a ‘risk-based approach’ to AML, firms assign a KYC risk rating
by performing a risk assessment of each customer. Where the assessment determines a high
compliance risk, firms should deploy more intensive AML/CFT measures, including enhanced
due diligence (EDD), source of wealth inquiries, and adverse media searches. By contrast,
lower-risk customers may be subject to simpler AML/CFT measures, which optimize the speed
and efficiency of onboarding and transaction experiences (in contexts where that is possible).
4. Ongoing Risk Review
KYC is not just a ‘box checking’ task to complete during onboarding, but instead an ongoing
process that extends throughout the lifetime of a customer relationship. When a customer
changes their behavior or begins a new financial venture, effective KYC enables firms to
detect any change in AML/CFT risk. With that in mind, firms must ensure they conduct
ongoing reviews of their customers’ compliance risk ratings – and may implement the following
processes in order to do so:
Payment screening: Firms should screen their customer’s transactions for indications that
they are sending money to high-risk counterparties. Those counter-parties might include
customers on PEP lists and sanctions lists.
Customer monitoring: When a customer’s risk profile changes – by designation on a sanctions
list, for example, or election to political office – ongoing KYC allows a firm to capture that
information and adjust their risk rating. Similarly, firms might conduct ongoing adverse
media checks to capture customers’ involvement in negative news stories.
Transaction monitoring: Ongoing transaction monitoring is a way of checking whether
customers’ financial behavior meets the expectations of their risk assessment. Where behavior
diverges from expectations, it may be necessary to adjust their risk rating.
Throughout: Evaluate KYC Automation Tools
Given the scope of the administrative challenge, and the regulatory requirements of most
jurisdictions, it’s important that firms automate the KYC compliance process. KYC automation
should be constantly re-evaluated as the risk landscape changes. In practice, KYC software
offers the following benefits:
Speed: Automated CDD, monitoring, and screening processes mean less administrative friction
and enhanced customer experiences. Similarly, compliance employees may be informed more
quickly when an AML alert is generated.
Accuracy: By automating KYC, firms reduce the potential for human error and costly
compliance penalties. Further, by incorporating algorithmic analysis and machine learning
systems, they may be able to account for unexpected customer behaviors and reduce the
likelihood of false positive AML alerts.
Adaptability: Automated KYC systems enable firms to implement horizon scanning, becoming
more agile in adapting to new regulations and to emerging technologies. Horizon scanning
techniques may also allow firms to adjust to new risks and more sophisticated criminal
methodologies.
Whitelisting: Customers that often trigger false positive AML alerts as a result of similarities to
high-risk individuals (on sanctions lists, for example) may be added to whitelists. Firms may
automate whitelist scanning to pre-verify their customers against whitelist databases and
speed up the transaction processes.
INTRODUCTION TO CONCURRENT AUDIT
KYC & AML COMPLIANCES
Concurrent Audit
Part of a bank’s early warning system to ensure timely
detection of irregularities & lapses to prevent fraud.
Attempts to shorten the interval between a transaction & its
examination by an independent person
Checking is contemporaneous or immediately post the
transaction is completed.
Emphasis on substantive or in depth checking
Management process integral to a sound internal controls
Scope & Objectives
Supplements bank’s efforts in carrying out simultaneous internal check
of the transactions & other verifications & compliance as per laid down
procedures.
Scope focused to cover fraud prone areas like
• Handling of cash
• Deposits
• Advances
• Foreign exchange business
• Off-balance sheet items
• Credit-card business
• Internet banking
Identification of high risk areas & improve branch functioning leading to
risk mitigation & fraud.
Principles
Ensure observations are seriously attended & closed to improve
overall branch functioning.
Hold monthly meetings to create “awareness”
Adopt constructive, corrective & practical approach.
Adopt helpful & positive attitude & not be guided by impulsive
or hostile attitude.
Good understanding of job profile, analytical capacity & sound
knowledge of existing banking procedures & practices.
Sufficient knowledge & skill to work in CBS / computerized
environment.
Accountability
Responsible for material omission or commission in respect of
transactions.
As per RBI guidelines, accountability is failure to comment on –
Fraud
KYC adherence
Income leakage
Frequent recurrence of deficiencies in successive audits
Any other serious irregularities
Which could have been ascertained by exercise of due diligence.
In a serious case of omission or commission in working of audit,
bank can consider termination & report to RBI & ICAI.
Areas to be Covered
Cash
Investments
Deposits
Advances
FX Transactions
Housekeeping
Other Items
Audit Compliance
Customer Complaints
Verification of HO & Statutory returns
Items Eligible for 100% Checking
Off-Balance Sheet Items (LC & BG)
Investment Portfolio
Foreign Exchange Transactions
Fraud prone/sensitive areas
Advances with outstanding balance > Rs.500000
Checkpoints - Advances
Loans disbursed before the compliance of pre-sanction conditions.
Follow-up of post disbursement sanction terms.
Mechanism for monitoring of weak accounts.
Advances to defaulters in other banks.
Ratification/approval of higher authorities wherever necessary.
Justification of repayment capacity of borrower.
Tracking of penal interest – manual or automated.
Timely submission of financial statements where required.
Mechanism for monitoring fund diversion.
Checkpoints - Housekeeping
Debits to income heads
Transactions in staff accounts
Detection & prevention of revenue leakage
Reconciliation of ledgers
No. of cheques bounced & cases under Section 138 of NI Act
FX
100% checking of Bills of Entry
Monitoring debits & credits in FCNR & NRO A/c’s.
Remittance forms (A-1,A-2)
Checkpoints – Other Areas
Correctness of data entry in CBS
Exceptional Transaction Reports
ATM Complaints & redressal
Written declaration of beneficiary or remitter for large
RTGS amounts
Availability of adequate copies of BCSBI code & other
information manuals at the branch.
Information security & BCP
Need for Paradigm Shift
Shift from transactional audit to risk based audit
Purpose of concurrent audits is to find gaps in processes & suggest
solutions.
In depth study of procedures.
Take measures to prevent gaps between queries raised by
concurrent auditors & RBI/statutory/internal auditors
Do not base conclusions on INQUIRY.
Data – Information – Knowledge -Wisdom
Hindsight – Insight – Foresight
‘Best practices are always a moving target’
Know Your Customer (KYC)
Most underrated area in a concurrent audit is compliance of
KYC & AML norms.
Is this area emphasized on with the same rigor as credit
monitoring? Are we considering Money Laundering Risk ?
Is there a mechanism in place which monitors accounts
requiring enhanced due diligence?
KYC means Making reasonable efforts to determine –
True identity & beneficial ownership of accounts;
Sources of funds
Nature of customers’ business
Reasonable account activity
Customer’s customer
Customer
Who maintains an account,
Establishes business relationship,
On whose behalf account is maintained
Beneficiary of accounts maintained by intermediaries,
Who carries potential risk through one-off transaction
What you should know?
True identity & beneficial ownership of accounts
Permanent, Registered & Administrative address
Core KYC Elements
Customer Acceptance - Ensure that only
legitimate & bona fide customers are
accepted.
Customer Identification- Ensure that
customers are properly identified to
understand the risks they may pose.
Transactions Monitoring- Monitor
customers accounts & transactions to
prevent or detect illegal activities.
Risk Management- Implement processes
to effectively manage the risks posed by
customers trying to misuse facilities.
Guidelines issued by RBI, SEBI & IRDA
Risk Rating Methodologies
At the account opening level classify customer based on the RISK attached to him into
following 3 ratings keeping in mind the profile of the customer being rated
Low Risk
Medium Risk
High Risk Customers
• well defined salary
structure
• Businessman / Traders
with well defined
activities & transactions
commensurate with
business
• Low balances / Turnover
in accounts
• NBFC, brokers, Travel
agents, Tele-marketers
• Sole practitioners,
Advocates (small- little
known)
• Importers/ Exporters etc.
• Cash intensive business
e.g. Retail stores,
Restaurants, 2nd hand car
dealerships etc.
• Dot-com companies
• Venture Capital
Companies
• NRIs, HNIs, PEP
• Property dealers /
builders
• Co’s with close family
shareholding
• NPOs
• Firms with sleeping
partners
• Non face to face
customers
• Embassies/ Consulates
• Client A/cs managed by
professional service
providers Eg. law firms,
accountants, agents,
brokers, fund managers,
trustees, custodians
Risk Rating Review As per RBI guidelines review of risk categorisation of
customers should be carried out at least once in 6 months.
It will ascertain customers who need enhanced due diligence
An ideal system Updating parameters for review in the current AML system
Exploit the existing thresholds.
Movement in Risk Rating of A/c’s as we do NPA’s
Parameters for Review
Business Intelligence
Transaction Type
• Customer Constitution
• Business Segment/Occupation
• Country of residence/nationality
• Product subscription
• Account status
• Cash
• Clearing
• Transfers/Remittances
Transaction Trend
AML Alerts/
Signals
Periodical Updation of KYC
Continue carrying on-going due diligence
Closely examine the transactions to ensure
Consistency with client knowledge,
Nature of business
Risk profile
Source of funds
Full KYC exercise will be required to be done every:
2 years for high risk accounts
8 years for medium risk
10 years for low risk
Accounts NOT to be opened by Banks
Benami or anonymous accounts
Accounts of known criminals or banned entities
Shell banks
Pooled accounts on behalf of clients by Lawyers &
Accountants who are bound by customer
confidentiality
Types of Customers
Non Face to Face
Customers
Accounts of Politically
Exposed Persons (PEPs)
• Apply Enhanced procedures
to mitigate the higher risk
• First payment to be effected
through the customer’s
account with another bank
• Presents a greater money
laundering or terrorist
financing risk - inherently
difficult to ascertain the
identity of the person.
• Gather sufficient information
available in public domain.
• Seek information about
sources of funds.
• Decision to open the A/c to
be taken at senior level &
mentioned in the form
• A/c subject to enhanced
monitoring
• Same process to be applied
to family members of PEPs
Financial Corridors
Remittances to high risk jurisdictions are sent through other
countries.
Transactions should be treated in the same way as high
risk jurisdiction
For eg:-Yemen may be sent through UAE before being finally
sent to Yemen.
Beneficial Owner(BO)
Person behind the customer-owns/controls the customer
On whose behalf a transaction is carried out
Be alert while analyzing the transactions in accounts by
identifying the Beneficial owner
Understand the true nature of the A/c’s maintained by the
intermediary
Eg: Tailor/Maid/ Servant depositing cash or cheques of high
amount, huge turnover in a minor’s account etc
Gaps in KYC
The problem is not with KYC, but its implementation.
Industry Regulator- Improve frequency & quality of inspection
Government- Need to speed up Aadhar to eliminate multiplicity
of documents
Banks- Aggressive sales culture
What is Money Laundering ?
Money Laundering is the process by which illegal funds & assets
are converted into legitimate funds & assets.
Investments
Purchases
Placement: Illegal funds or assets
are first brought into the financial
system
Layering: Use of multiple
accounts, banks, intermediaries,
corporations, trusts, countries to
disguise the origin.
Integration: Laundered funds are
made available as apparently
legitimate funds.
Important: All money laundering transactions need not go through this three-stage process.
Money Laundering Risks
•
•
•
•
All risks are inter-related & together can potentially cause
serious threat to the survival of the bank
Reputational risk
Legal risk
Operational risk (failed internal processes, people & systems &
technology)
Concentration risk (either side of balance sheet)
‘Is this risk considered for a customer with the same rigor as a
credit risk is considered for a borrower?’
Legislative & Regulatory Framework
Prevention of Money Laundering Act, 2002 (PMLA, 2002)
Recent Amendments in Prevention of Money Laundering Act
(PMLA) & PML (Maintenance of Records) Rules
Unlawful Activities (Prevention) Act, 1967
Financial Action Task Force (FATF)
Reserve Bank of India (RBI)
Financial Intelligence Unit – India (FIU-IND)
Indian Banks Association(IBA)
Reporting Requirements
Prevent
banks/FIs from being used, intentionally or
unintentionally, by criminal elements for money laundering or
terrorist financing activities
In terms of the Rule 3 of the PML (Maintenance of Records) Rules, 2005,
Banks are required to furnish following to the Director, FIU-IND
CashTransaction Report (CTR)
Counterfeit Currency Report (CCR)
Suspicious Transactions Report (STR)
Not for Profit Organization Transaction Report (NTO)
Cross Border Wire Transfer (CBWT/EFT)
Report
Periodicity
Description
CTR
15th day of
succeeding month
a) Cash transactions above Rs. 10 lakhs or its equivalent in
foreign currency
b) Cash transactions integrally connected to each other below
Rs. 10 lakhs or its equivalent in foreign currency in a
month
CCR
15th day of
succeeding month
a) Cash transactions where forged or counterfeit currency
notes or bank notes have been used as genuine
b) Forgery of a valuable security or a document has taken
place facilitating transactions
NTR
15th day of
succeeding month
Receipts by NPOs of more than Rs. 10 lakhs or its equivalent in
foreign currency
STR
Within 7 working
days on the
transaction being
determined
suspicious
a)
b)
c)
d)
CBWT
15th day of
succeeding month
All cross border wire transfers of more than Rs. 5 lakhs or its
equivalent in foreign currency where either the origin or
destination of fund is in India
Based on 54 Red Flags issued by IBA
Based on Law Enforcement Queries received by Bank
Based on Media Reports & Public Complaints
Monitoring by employees
SUSPICIOUS TRANSACTION
Transaction whether or not made in cash which, to a
person acting in good faith –
Gives rise to a reasonable ground of suspicion
that it may involve the proceeds of crime
Appears to be made in circumstances of unusual
or unjustified complexity
appears to have no economic rationale or
bonafide purpose
Grounds for Suspicion
Activity in accounts
Unusual activity compared with past transactions
Sudden activity in dormant accounts
Activity inconsistent with what would be expected from declared business
Identity of client
False documents
Identification documents which could not be verified within reasonable time
Accounts opened with names very close to other established business entities
Background of client
Suspicious or links with known criminals
Multiple accounts
Large number of accounts having a common account holder, introducer or
authorized signatory with no rationale
Unexplained transfers between multiple accounts with no rationale
Nature & value of transactions
Alerts for Identifying Suspicious
Transaction
Alerts through AML Package
Behavioral Alerts
Notice/Letter from Law Enforcement Agency
Adverse Media News
54 Red Flag Indicators by IBA
CTRs & NTRs
Monitoring Accounts of Multi Level Marketing Firms
Beneficial Owner
Trade Finance
Overseas Forex Trading through Electronic /Internet Trading Portals
Demat A/cs
Locker Transactions
IBA Customer Behavioral Indicators
Reluctancy to provide information
Unusual curiosity
Giving confusing details
Refuse to give reason for a transaction
Numerous deposits & withdrawals
Avoiding contact with branch
Unexpected repayment of loan
Account with multiple institutions
54 Red Flags by IBA
The AML software is programmed to generate alerts based on
thresholds which relate to the 54 Flags
Red Flags can be broadly divided into four categories:
Watch List (WL): The customer details matched with watch lists -
UN list, Interpol list etc.
Typology (TY): Common typologies of money laundering,
financing of terrorism or other crimes - structuring of cash deposits
etc.
Transaction Monitoring (TM): Transaction monitoring alert unusually large transaction, increase in transaction volume etc.
Risk Management System (RM): Risk management system based
alert - high risk customer, country, location, source of funds,
transaction type etc.
Working of a Decentralized AML Cell
At the central level
constitute a Principal
Officer & other
members.
Reviewed by the branch
Two employees at the
branch level are
nominated as AML
officers.
Transactional alerts are
initiated at the branch
which are –
Suspicious alerts are
forwarded to the Cell
Cell assesses the
transaction & takes a call
whether to report it as a
STR or not
STRs are reported to
FIU which initiates
further action
Money Mules
Used to launder the proceeds of fraud schemes (e.g. phishing &
identity theft) by criminals who gain illegal access to deposit
accounts by recruiting 3rd parties to act as “money mules.”
3rd parties may be innocent or have complicity with the criminals.
Recruited by a variety of methods, Eg: spam e-mails, advts on
genuine recruitment web sites, social networking sites, instant
messaging & advts in newspapers.
An individual is
recruited to receive
cheque deposits/wire
transfers
Transfer these funds to
A/cs held on behalf of
another person or to
other individuals,
For a certain
commission payment
Gaps in the system
AML software throws numerous transactional alerts.
For monitoring non-automated parameters Training to be imparted to staff at the branch level
Documentation of reasons for classifying a transaction as
normal & not reporting is as STR
Maintenance of audit trail to be in place for auditors to assess
whether the process laid down on paper is being followed
Gaps in KYC - AML
• Poor quality of data - false positives & less time to focus on the real risks
Data scale is massive & diverse -Single view of client transaction missing
Understaffed & Untrained Human Resources & lack of incentives to blow the
whistle on black money
Lack of support from strong processes & technology – use of data analytics
Check Box approach
Revenue generation pressure forcing dilution of norms
Profit maximization drives banks beyond core tasks, to hawk products such as
equities, insurance & mutual funds.
No verification of customer’s address or job. Risk assessment mostly re-actionary
Absence of robust & ongoing due diligence process – especially risk profiling
Processes not implemented strongly during modifications
Security around creation/ modification of client – account master not strong
enough.
Communication gaps between Marketing – Sales & Risk / Compliance – Centralized
decentralized operations
Identification & Assessment of Risk
Adoption of a Risk Based Approach in
implementing
customer acceptance policy,
customer identification procedures,
transaction monitoring &
risk management
Customer Risk
Product & Service Risk
Geographic Risk
Responsibilities of Banks
By law, bank employees have authority to ask a customer for
details of transactions not consistent with customer's profile.
Onus is on the bank to ensure that the account is not being
used to launder money.
Former RBI governor Bimal Jalan says:
"We should learn from the current experience & see how we can
improve our ethical governance system in implementing the banking
guidelines."
Measures to Deter Money Laundering
Zero tolerance for KYC – AML breaches
Tone at The Top – Walk the Talk Consider ML risks in daily operations, develop new financial
products, establish new business relationships & changes in
customer profiling.
Screening of employees before hiring & those accessing
sensitive information
Appropriate quality training to staff
Quick & timely reporting of suspicious transactions
Complaint resolution / Whistle Blower system
Banking Frauds
Deloitte Indian banking fraud survey Edition II April
2015 states - frauds in the Banking sector have increased by
more than 10% in the last 2 years.
The average fraud loss was 2 lakhs in the retail segment & 2
crores in the non retail segment.
In majority of the cases recovery of fraud was less than 25%
of the fraud value
Concurrent audit system prevalent in banks as a part of the
recommendations of the Ghosh committee was a direct fallout
of the Harshad Mehta scam- It was set up to serve as an early
warning signal to prevent serious irregularities & frauds.
Banking Frauds
The root cause of all Banking Frauds - failure to know 3 vital entities that it deals with in
the banking business.
To prevent Fraud 3 KYs to be considered:
Know Your Customer
Know Your Partner
Know Your Employee
The top 3 fraud risks that are the highest concern for banks are –
Internet banking
ATM fraud E banking (Debit & Credit card)
Identity fraud.
‘If you see fraud & do not say fraud, you are a fraud’
Nassim Nicholas Taleb
Frauds Listed By RBI
As per yearly master circular issued on 1st July –
Mis-appropriation & criminal breach of trust
Fraudulent encashment through forged instruments, manipulation of books of
accounts or through fictitious accounts & conversion of property.
Unauthorized credit facilities extended for illegal gratification or reward
Negligence & cash shortages – over Rs 10,000/- & over Rs 5,000/- if detected
by inspecting officials or auditors & not reported on the day of occurrence by
the persons handling cash
Cheating & Forgery
Irregularities in Foreign Exchange Transactions
Any other Fraud not coming under the above specific heads.
RBI-Frauds by Borrowers
(A)Fraudulent
discounting of
instruments or
kite flying in
clearing effects
(B)Fraudulent removal of
pledged stocks / disposal
of hypothecated stocks
without the knowledge of
the bank / inflating the
value of the stocks in the
stock statements &
drawing excess bank
finance.
(C )1) Diversion of funds
2) Lack of interest
3) Criminal neglect in adhering to
financial discipline
4) Managerial failure with mala
fide intent leading to the unit
becoming sick
5) Laxity in effective supervision
over the operations rendering the
advance difficult for recovery &
resulting in financial loss to the
bank.
Frauds typical to Banking Industry
Cheque frauds – alteration / impersonation
Accommodation Bills – These are drawn & accepted without any consideration passed or
received.
Ever greening or Window Dressing of NPA accounts –The purpose is to show lesser
NPA an consequentially higher profits by reduced mandatory provisioning.
Auction frauds –Low bids are accepted & the difference with the market price is shared to
agreed extent.
Debt Restructuring frauds – hiding or transferring asset before filing for bankruptcy by
knowingly concealing or mis-stating the assets, the debtor abuses the process to escape
financial liabilities
Rogue Traders – engages in unauthorized trading to recoup the loss he incurred in earlier
trades. Out of fear & desperation, he manipulates the internal controls to circumvent
detection to buy more time.
ATM – Debit / Credit card frauds
Bank robberies
Unauthorized Operations in dormant accounts / Pay-orders / Demand drafts –
Use of suspense a/c’s / old reconciliation balances to adjust unauthorized entries.
Willful Defaulters
RBI in it’s Master Circular on Willful Defaulters has defined
Willful Default as –
Defaulting in repayment obligations despite having the capacity
to honor the same.
Criminal Action will be taken against borrowers diverting
funds with mala fide intent.
Wrong certification of end use of funds will also attract
criminal action against the borrowers.
Prevention of Frauds
An annual review of the frauds to consider whether Systems are adequate to detect frauds
Frauds are examined from staff angle & action taken without delay
Deterrent punishment is meted out to the persons found guilty.
Frauds have taken place because of laxity or loopholes in systems
& procedures or loopholes in the system.
If so, whether effective action has been taken
Frauds are reported to the local police for investigation
Case Study 1 – Gaps in KYC/AML
What happened?
A Bank received Rs. 110 crs from a Trust through RTGS for Fixed
Deposit.
Due to pending KYC compliances the amount was parked in
Sundry Deposit a/c
Before an FD could be created instructions were received by FAX
from the trust to transfer the amount to a 3rd party XYZ
International.
Another amount of Rs.70 Cr was transferred in a similar manner.
Meanwhile a reminder from the trust was received for the FD
receipts.
This is when the Bank realized a fraud had taken place.
What went wrong?
The Bank appeared to be eager & too pleased to receive a big amount
towards FD as new business.
The Bank did not complete KYC formalities immediately upon receipt
of Rs.110 Cr for Fixed Deposit or soon thereafter.
It was a grave mistake on the part of the Bank to accept the instruction
sent through fax.
Since the Bank did not have any record of KYC with them, they should
have refrained from allowing any transaction against purported Fixed
Deposit.
Even in the normal circumstances, instructions by FAX are accepted
only after proper safeguard including undertaking, indemnity etc. by the
account holder.
Case Study 2 - Gaps in AML
An ongoing scam came to light after officials pointed out the
suspicious transactions to the investigating agencies.
Lapses at Bank’s end ??
Banks are expected to raise exceptional transaction reports
(ETRs) & suspicious transaction reports (STRs) with the RBI in
case of discrepancies.
delay in pointing out these discrepancies resulted in the scam
gaining momentum.
Case Study 3– Money Mules
Fx transactions carried in newly-opened current accounts
where heavy cash receipts observed, but no red flags raised.
Current a/c opened in names of rickshaw-pullers,
street vendors, domestic helps who were made
‘directors’ in fake companies.
These persons paid Rs.10,000 to 15000 p.m for lending their
IDs.
Black money sent to shell companies in Hong Kong through
these fake companies.
Case Study 4 - Beneficiary Owners
Transfer of thousands of crores to Hong Kong through a
single branch of a Bank had benami or anonymous actors.
XYZ from the mining town of Chibasa in Jharkhand is ‘small’
coal trader-A FAKE FRONT
Owns a company ABCD Ltd. in Hong Kong to which
millions of dollars were transferred, was controlled by a
beneficiary.
Case Study 5 - Money Laundering
A bank was involved in laundering money for Mexican drug cartels &
moving the same to Saudi Arabian banks with ties to terrorists.
It also flouted US law by transferring money through its American
subsidiary for sanctioned nations, including Iran, Sudan & North
Korea.
Issues:
• No monitoring of transactions
• Lack of compliance officers to check suspicious transactions
• No reporting of suspicious transactions
• No KYC compliances
Penalty:
It paid a penalty of $665 million, ( INR 4000 Crores) highest paid
penalty ever recorded .
Case Study 6 - Fraud
M/s X a proprietary concern opened a Current A/c.
Business Profile- Import of cutlery items
Turnover of Rs. 716.75 Lacs in a span of 3 months
He had a balance of Rs.68 Lacs in the CA.
The credit proceeds were by way of inward remittances through RTGS
which were then remitted abroad to Hong Kong & China against import
of goods.
In order to verify the HTR a visit was made by branch officials at his
business address & it was revealed that the office has shifted. Thereafter a
visit to residential address revealed that the building was under
redevelopment.
Though he submitted fresh KYC documents, the officials verified the
authenticity of Bill of Entry from ICE-GATE website where no entry
was found.
Case Study 7- Identity Theft
HUF account in the name of Mr. X was opened.
A cheque of Rs.28 Lacs was deposited drawn by ABC Hsg Finance upon clearance
the entire amount was withdrawn in cash.
Subsequently a police inquiry asking whether accounts were opened in the name of
a Mr.X & Mr.Y .The police station had received a complaint from one Mr. X staying
in their jurisdiction.
On investigation it was revealed that the HUF account was opened by impersonating
the name of Mr.X by submitting a fudged PAN.
What went wrong:
Branch did not question the withdrawal in cash.
Cash withdrawal by the party was thrown as an alert by the AML software. The
branch rejected the transaction being suspicious citing the nature of business as real
estate & construction.
No proper mechanism in place to verify the authenticity of the Proofs of identity &
address.
Case Study 8 - STR
Mrs. A, a housewife opens a SB a/c which is later converted
into a joint bank a/c with her husband a taxi driver.
A sudden spurt of income in the current year noted -.
2014-15 Rs.0.50 lacs
Current Year Rs.35 lacs
This does not match with the income profile of the customer
in the bank’s record.
The transaction was reported as a STR by the Bank.
Case Study 9 - Cobrapost magazine
An online magazine Cobrapost conducted a sting on 3 country’s
leading banks who were found to advise customers on moneylaundering.
shows bankers asking for easily available KYC documents, advising
them not to submit PAN to stay off the tax radar.
Submission of lease agreement & rent receipts as address proof.
These are suspicious cases, where bank should do a periodic re-check
whether the customer still has the same residence or job.
Cobrapost expose shows bankers allegedly marketing insurance
products to convert black money into white because bank earns a
high first-year commission on the premium. Bank official rewarded
for high sales with foreign junkets.
Best practices
Begin with the End in mind
Determine customer risk in terms of propensity to commit money
laundering, terrorist finance, or identity theft – develop ability to
predict with reasonable certainty of the type of transaction likely to be
engaged.
Create expectation of a customer's transactional behaviour
Monitor a customer's transactions against the expected behaviour &
recorded profile as well as that of the customers peer.
Independent verification of data / information provided by the
customer.
Having a data base of Do not Do Business Clients
Never failing to meet refresh schedules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Why Banks do KYC?
The KYC procedure is used when bank customers open accounts. ... The
purpose of KYC is to reduce the risk of identify theft, money laundering,
financial fraud, and the financing of criminal organizations. KYC helps
manage risks and helps to understand customer behaviors.
What is the basic understanding of KYC?
KYC” refers to the steps taken by a financial institution (or business) to:
Establish customer identity. Understand the nature of the customer's
activities (primary goal is to satisfy that the source of the customer's funds is
legitimate
What all documents you see for KYC?
As part of the KYC process you will also need to request as verification copies of these KYC
documents: Certificate of Incorporation (for Companies, LLP, Trusts) GST/company tax number.
Confirmation of company address (Telephone bill/Electricity Bill) Passport/Driver's License of
Primary Contact and Directors.
What is AML and how it impacts the financial institution?
Anti-Money Laundering (AML) is a set of policies, procedures, and
technologies that prevents money laundering. It is implemented within
government systems and large financial institutions to monitor potentially
fraudulent activity.
What all basic you see that AML is correct or Not?
Inherent BSA/AML risk falls into three main categories: (1) products and services, (2) customers
and entities, and (3) geographic location.
What type of risks do we have under KYC?
“KYC” guidelines require classification of a/cs under “High Risk”,
Medium Risk” and “Low Risk” depending on the risk factors underlying
customer profile. This enables monitoring of the transactions on a regular
basis and make necessary enquiries clarifying the doubts.
Do you know the 3 types of Risk ratings are given for customers? (High,
Medium & Low).
Classification of the customers is done under three risk
categories viz. ... low, medium and high. Customer's identity, Social/financial
status, Nature of business activity, Information about the client's business and
their location etc.
Do you know what is CDD & EDD? Why does this come into KYC aspect?
CDD aims at collecting data about customers' identity and contact
information as well as measuring their risk. EDD is used for high-risk
customers, aka those who are more likely to implement related to money
laundering and terrorism financing activities due to the nature of their
business or transactions.
Whenever u have low customer profile then we do basic KYC check,
mid risk customer we do customer due diligence on them, high risk
customer we do Enhance due diligence.
Who comes under EDD framework? . What is your understanding of
Money Laundering?
EDD is used for high-risk customers, aka those who are more likely to implement related to money
laundering and terrorism financing activities due to the nature of their business or transactions.
Enhanced Due Diligence means an advanced KYC due diligence process that provides further risk
investigation. EDD is designed to handle high-risk customers and large transactions. Risky
customers and transactions pose a greater risk to the financial sector and cannot be detected by
CDD procedures.
OFAC, FATCA, and Different recommendations FATCA has?
In general, the regulations that OFAC administers require banks to do the following:
Block accounts and other property of specified countries, entities, and individuals.
Prohibit or reject unlicensed trade and financial transactions with specified countries, entities, and
individuals.
The Office of Foreign Assets Control ("OFAC") of the US Department of the Treasury administers and
enforces economic and trade sanctions based on US foreign policy and national security goals
against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those
engaged in activities.
The Foreign Account Tax Compliance Act (FATCA) is a US law, designed to prevent tax evasion by
US citizens using offshore banking facilities. It requires FIs outside the US to provide information to
the US tax authorities regarding financial accounts held by US nationals.
The 3 stages of Money Laundering are in the same order or in the other
order also?
Methods and Stages of Money Laundering
There are three stages involved in money laundering; placement, layering and integration.
Placement –This is the movement of cash from its source. On occasion the source can be easily
disguised or misrepresented. This is followed by placing it into circulation through financial institutions,
casinos, shops, bureau de change and other businesses, both local and abroad. The process of
placement can be carried out through many processes including:
1.
Currency Smuggling – This is the physical illegal movement of currency and monetary
instruments out of a country. The various methods of transport do not leave a discernible audit
trail FATF 1996-1997 Report on Money Laundering Typologies.
2.
Bank Complicity – This is when a financial institution, such as banks, is owned or controlled by
unscrupulous individuals suspected of conniving with drug dealers and other organised crime
groups. This makes the process easy for launderers. The complete liberalisation of the financial
sector without adequate checks also provides leeway for laundering.
3.
Currency Exchanges – In a number of transitional economies the liberalisation of foreign
exchange markets provides room for currency movements and as such laundering schemes can
benefit from such policies.
4.
Securities Brokers – Brokers can facilitate the process of money laundering through structuring
large deposits of cash in a way that disguises the original source of the funds.
5.
Blending of Funds – The best place to hide cash is with a lot of other cash. Therefore, financial
institutions may be vehicles for laundering. The alternative is to use the money from illicit
activities to set up front companies. This enables the funds from illicit activities to be obscured
in legal transactions.
6.
Asset Purchase – The purchase of assets with cash is a classic money laundering method. The
major purpose is to change the form of the proceeds from conspicuous bulk cash to some
equally valuable but less conspicuous form.
Layering – The purpose of this stage is to make it more difficult to detect and uncover a laundering
activity. It is meant to make the trailing of illegal proceeds difficult for the law enforcement agencies.
The known methods are:
1.
Cash converted into Monetary Instruments – Once the placement is successful within the
financial system by way of a bank or financial institution, the proceeds can then be converted
into monetary instruments. This involves the use of banker’s drafts and money orders.
2.
Material assets bought with cash then sold – Assets that are bought through illicit funds can be
resold locally or abroad and in such a case the assets become more difficult to trace and thus
seize.
Integration – This is the movement of previously laundered money into the economy mainly through
the banking system and thus such monies appear to be normal business earnings. This is dissimilar to
layering, for in the integration process detection and identification of laundered funds is provided
through informants. The known methods used are:
1.
Property Dealing – The sale of property to integrate laundered money back into the economy is
a common practice amongst criminals. For instance, many criminal groups use shell companies
to buy property; hence proceeds from the sale would be considered legitimate.
2.
Front Companies and False Loans – Front companies that are incorporated in countries with
corporate secrecy laws, in which criminals lend themselves their own laundered proceeds in an
apparently legitimate transaction.
3.
Foreign Bank Complicity – Money laundering using known foreign banks represents a higher
order of sophistication and presents a very difficult target for law enforcement. The willing
assistance of the foreign banks is frequently protected against law enforcement scrutiny. This is
not only through criminals, but also by banking laws and regulations of other sovereign
countries.
4.
False Import/Export Invoices – The use of false invoices by import/export companies has proven
to be a very effective way of integrating illicit proceeds back into the economy. This involves the
overvaluation of entry documents to justify the funds later deposited in domestic banks and/or
the value of funds received from exports
What do you understand about Regulators and Regulations?
The primary purpose of AML regulations is to prevent money
laundering. Regulators publish a series of procedures to achieve this goal.
Companies have to follow these procedures. One of these procedures is the
"Know Your Customer." Regulators require companies to learn more about
their customers.
Are you aware of any international regulators and any specific
regulations?
US Regulatory authorities:
-OFAC
-FIU
-FinCEN
SEC (security nd exchange commission)
UK:
FCA- financial conduct authority
International org:
FATF
BASEL
EGMONT
EUROPEAN UNION DIRECTIVES
IMF
WORLD BANK
What is FINRA? What do they do?
The Financial Industry Regulatory Authority (FINRA) is an independent,
nongovernmental organization that writes and enforces the rules governing
registered brokers and broker-dealer firms in the United
States. ... FINRA provides resources, such as BrokerCheck, that help to
protect investors.
What is your understanding of Sanctions?
Sanctions are an important tool of governance in the global financial industry.
Most countries have used sanctions or had sanctions placed against either
them or their citizens. States increasingly use sanctions to fight economically,
rather than physically, and as such, sanctions have become a common tool in
foreign relations, peacekeeping and conflict resolution.
Who imposes the Sanctions?
Sanctions can be imposed by the UN Security Council, the European Union (EU) and individual states. In
practice, sanctions are usually first instituted by the Security Council and later adopted by the EU in the
form of Council decisions and regulations. On occasion, however, the EU will impose sanctions on its
own without any prior action on the part of the UN - for example, in connection with the situation in
Syria. In certain cases, the Netherlands will institute sanctions, without any prior action by either the UN
or the EU. In these cases, the target of the sanctions is often an individual connected with terrorism in
the Netherlands.
The purpose of the sanctions is often:
5.
6.
7.
to change undesirable behaviour (e.g. Syria);
to limit opportunities for undesirable behaviour (e.g. Iran, extensive restrictions on
technology/knowledge in the nuclear sector);
to deter other countries from choosing an undesirable course of action.
Can you give an example of Sanction Countries?
As of Aug. 2020, sanctioned countries (either unilaterally or in part) include the
Balkans, Belarus, Burundi, Central African Republic, Cuba, Democratic Republic
of Congo, Hong Kong, Iran, Iraq, Lebanon, Libya, Mali, Nicaragua, North Korea,
Somalia, Sudan, South Sudan, Syria, Ukraine/Russia, Venezuela, Yemen, and
Zimbabwe.
What is secured purpose?
What is a Pvt Ltd Company and Proprietor?
A Private Limited implies a company that offers Limited Liability or legal
Protection to its shareholder. In a Private Limited Company, the liability of a
shareholder is limited to the extent of capital invested by him. A
Sole Proprietorship Firm, on the other hand, is owned, controlled and
managed by a single person.
What is PEP and do you consider Politician as PEP? And do you consider
Politician's close relative as PEP?
A Politically Exposed Person (PEP) is an individual with a prominent public
post or a public function. Members of Parliament, State Assemblies, Judges,
Governors and senior government officers would come within
the PEP category along with their close relatives (people in direct contact).
close associate means a Person who is widely and publicly known to maintain an unusually close
relationship with a senior political figure, including a Person in a position to conduct substantial
domestic and international financial transactions on behalf of such figure
Give an example where we can consider you as a good learner?
Tell me about yourself and your experience.
. What should prompt us to give you this job?
Tell me about your work experience and your educational background
What are the registries which you use?
Foreign entity registration is the process of registering your business in one state to do business in
another state. The only state that your business is not foreign to is the original state you registered
your business in.
SOS(Secretary of State)
Company House
The U. S. Securities and Exchange Commission (SEC) has a three-part mission: Protect investors.
Maintain fair, orderly, and efficient markets. Facilitate capital formation.
The Securities and Exchange Commission is a federal agency that regulates securities markets in
the United States. The SEC is responsible for enforcing securities laws, regulating the securities
markets and related entities and working to ensure investors are treated fairly.
The SEC uses the tools of Registration, Rules Making, Investigation, Monitoring, Enforcements and
Compliance to ensure that all market participants play according to the rules. – Protecting the
integrity of the securities market against all forms of abuses including insider dealing.
Registering your business with SEC is mandatory not only to legitimize its juridical entity but also to
enable it to legally engage in business, issue receipts, trade financial assets, and be entitled to
certain rights under the country's corporate and investment laws.
Tell me about the clubs, do all clubs need to register and where they
will be registered.
What does the Article of Association and Memorandum say or contain?
In short, the memorandum contains the names of all the subscribers (the people who were there at
the founding point of the company e.g. initial shareholders) and the Articles of Association are a set
of rules that govern how the company is run.
The Memorandum
Every company must have a memorandum in place, they will all be in the same format and contain
the same information. This includes:
8.
9.
10.
11.
12.
13.
Company name
Date of incorporation
Type of company
Act under which the company is registered
Names and signatures of all subscribers (original shareholders or guarantors)
Limited liability of shareholders or guarantors
Any person who adds their name to the memorandum during incorporation will become a member of
the company, and will continue to be members until they decide to leave. Details of members will be
made public on the Companies House website under the company details.
The Articles of Association
Most limited companies will use the Model Articles, but it is possible to change them if needed.
These Articles will set out how the company is run, governed and owned by the members. The
Articles can put restrictions on the company's power - which can be useful if the shareholders and
directors do not agree and try pulling the company in different directions. This Model Articles cover
the following:
14.
15.
16.
17.
18.
19.
Directors' powers, responsibilities, decision making, appointment and removal, indemnity
and insurance
Shares, distribution of shares and Dividends
Capitalisation of profits
Shareholders
General meetings
Voting Rights
If you want to change these articles in any way, such as issuing different classes of shares or adding
or removing shares, then you can. However you will have to notify Companies House when applying
to incorporate the company so that they can be reviewed to ensure they are acceptable.
You can do this as part of the incorporation process with Company Wizard. Just select that you wish
to supply your own custom articles when incorporating.
Can I change the Articles after Incorporating?
It is possible to change the Articles after incorporation, however, they must be changed via a special
resolution. In order to do this, the members have to pass the special resolution agreeing to the
changes and the final document (as altered) must be submitted to Companies House within 15
days of the resolution being passed.
What tools are used for screening purpose and how the discounting is
done.
These processes include collection, verification and record keeping of Personally Identifiable
Information (PII); and screening customers against sanctions and Politically Exposed Persons (PEP)
lists, and adverse news to assess the risks associated with each customer.
Name Screening helps you to manage the complexity of sanctions requirements and rapidly
changing lists by automatically screening databases of individuals and entities (e.g. companies and
organisations) against sanctions, Politically Exposed Persons (PEP), Relatives and Close Associates
(RCA), Sanctions Ownership
The 3 steps of a KYC compliance framework
20. Customer Identification. Before checking a customer's identification documents, it's
necessary to verify their and scrutinise all available information for any inconsistencies. ...
21. Customer Due Diligence (CDD) ...
22. Enhanced Due Diligence (EDD)
AML CUBE
COMMON
PLACEMENT
METHODS FOR
MONEY LAUNDERING
by: Anna Stylianou
1/8
AML CUBE
USE OF "SMURFS"
A type of "money mule" often employed
through job ads in social media.
The smurfs are requested to deposit
cash in their accounts and then transfer
them in another account. They receive
commission.
by: Anna Stylianou
2/8
AML CUBE
STRUCTURING
Breaking large amounts of cash in
smaller amount under the reporting
threshold to avoid raising suspicions.
Often structuring is done with the use of
"smurfs"
by: Anna Stylianou
3/8
AML CUBE
REPAYMENT OF
LOANS
People that are at risk of losing their
property are approached by criminals to
repay their loan with cash.
The owner of the loan will have to return
the settled amount on installments on a
high interest fee.
by: Anna Stylianou
4/8
AML CUBE
MOVING CASH
ABROAD
In foreign countries i.e. high risk
jurisdictions that can easily accept the
deposit of cash.
by: Anna Stylianou
5/8
AML CUBE
PURCHASE OF
REAL ESTATE
Use cash to buy a property or use cash
for "under the table" property deals.
by: Anna Stylianou
6/8
AML CUBE
WHAT OTHER
PLACEMENTS
METHODS DO YOU
KNOW?
Feel free to add in comments
by: Anna Stylianou
7/8
AML CUBE
DO YOU LIKE THIS
POST?
Ring the " " on my profile so you don't
lose any future AML posts
by: Anna Stylianou
8/8