Standard Chartered Bank
Anti-Money Laundering
(“AML”) Workshop
4th December 2013
Yangon, Myanmar
In association with
Prudential Corporation Asia
Anti-Money Laundering
4th December 2013 - Yangon, Myanmar
SESSION 1
Setting AML Standards for:
- Governments
- Regulators
- The Financial Sector
Mike Trigg
Group Financial Crime Risk Advisor
What is Money Laundering?
Taking the proceeds from crime and moving them through
financial institutions to disguise their illegal origin - and then
investing them to make them appear legitimate.
Proceeds from:




Drug trafficking
Fraud
Corruption
Tax evasion
4
Who sets AML standards ?
International Government and
Regulatory Agencies:
• The UN
• The Basle Committee
• IMF
• World Bank
• Financial Action Task Force (FATF)
International
Standards
International Industry Groups
• Wolfsberg Group
• SWIFT
5
What are the minimum standards for
governments and regulators?

Undertake a country level risk assessment

Criminalise Money Laundering and Terrorist Financing –
link them to a wide range of predicate criminal offences

Implement legal procedures to identify and freeze
criminal assets

Create a Suspicious Activity Reporting process and a
Financial Intelligence Unit to support it
6
What are the minimum standards for
governments and regulators?

Improve Financial Transparency

Strengthen Customer Due Diligence requirements

Apply effective supervision and enforcement

Facilitate International Cooperation

Apply the programme to all relevant sectors – not just
banking and insurance
7
Who sets the standards for the
financial sector?
Regulator's
Expectations
International
Standards
Best
Practice
Country
Laws and
Regulations
Industry
Guidance
Risk Based or Rule Based?
8
What do standards for the
financial sector cover?

Customer Due Diligence (‘CDD’)

Transaction Monitoring

Training and Awareness

Audit and Assurance

Governance
9
SESSION 2
Establishing a Robust
AML Programme
Mike Trigg
Group Financial Crime Risk Advisor
10
An AML Programme
AML Strategy and Risk Assessment
AML Policy and Procedures
Transaction
Screening
Client
Screening
AML
Surveillance
CDD Reviews
Assurance
Governance
CDD Processes
Intelligence and Analytics
Organisation and Resources
Training
11
1. Risk Assessment
R
I
S
K
S

CONTROLS
ASSURANCE
Assurance
Onboarding
Client & Product Servicing
Transaction Surveillance
Customer Screening
Transaction Screening
CDD review
CONTROL MANAGEMENTGGG
G
R
O
S
S
First line
Monitoring
RESIDUAL
RISKS
Audit
Risk assessment will act as basis for decisions on
AML strategy, priorities and resources
12
2. Customer Due Diligence
Indentify
and
Verify
Screen
Risk
Rate
Risk
Based
Extra
Due
Diligence
Acceptance
Periodic
Updates
13
3. Transaction Monitoring

Establish expected transaction profile at CDD stage

Exception Reporting

Specialised Systems

Reporting and Disclosure

Intelligence and Analytics

Dynamic Re-Profiling
14
4. Training

Identify target population

Align to role, product, business

E - Learning

Classroom based

Testing and Tracking
15
5. AML intelligence and analytics is an area
of increasing focus
Risk
identification
Optimising
screening and
surveillance
systems
AML analytics and
intelligence: data-driven
decision making
Identifying the facts to give a
clearer understanding of
money laundering risks and
providing the knowledge
required to manage them.
Analytics can significantly
improve the ability to provide
better focused, better
informed and actionable
intelligence to manage risks
associated with money
laundering.
16
6. Governance and Assurance
Oversight by senior management – to ensure:






AML controls are operating effectively
The Programme is aligned with relevant regulations
The Programme is Resourced and funded
There is future strategy in place
That strategy is aligned with evolving best practice
It is appropriately resourced and funded
17
SESSION 3
Customer Due Diligence
John Gibson
Regional Head of
Financial Crime Compliance
Wholesale Banking
Middle East, Africa, Pakistan and Europe
18
Customer Due Diligence (CDD) /
Know Your Customer (KYC)
WHY IS IT IMPORTANT ?





Regulatory Requirement
Reputational Risk
Operational Risk
It’s the right thing to do
It’s a key control in combating money laundering and terrorist financing
CORE PRINCIPLES





Compliance with the relevant AML laws
Top management commitment
Clear accountabilities & robust controls
Risk based
Awareness & culture building
19
Customer Due Diligence (CDD) /
Know Your Customer (KYC)
What does CDD mean?
+ Who is the customer?
+ What do they do?
+ Where do they do it?
+ When do they do it?
+ Why do they do it?
+ How do they do it?
= Does it all add up?
20
Customer Due Diligence (CDD) /
Know Your Customer (KYC)
Who is the customer? Determine the true identity and
beneficial ownership of accounts
Individual
Entity
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Full legal name
Residential address
Telephone number(s)
Date of birth
Nationality
Unique identifier (passport number, ID
card, driving license, etc)
Who are they connected to?
Retain evidence
Keep up to date
•
•
•
•
Full legal name
Registered & operating address
Telephone number(s)
Incorporation or registration details
Owners and controllers details (keep
unwrapping the layers as entities and
individuals)
Who are they connected to?
Who are their customers, suppliers, etc?
Retain evidence
Keep up to date
21
Customer Due Diligence (CDD) /
Know Your Customer (KYC)
What do they do? Understanding the customer is key





What is the account to be used for?
What activity is expected? (personal account with salary in and
payments out, savings account, business account, etc)
What monies are expected to come into / go out of the account
What products / services are needed?
If business, what kind of business activity are they involved in? Are
any of these high risk?
22
Customer Due Diligence (CDD) /
Know Your Customer (KYC)
Where do they do it?





Where is the customer based?
Where are they from?
Where are they operating?
Where are they transacting with?
Where is their income from?
When do they do it?

When are transactions expected?

Salaries? Monthly, weekly, etc?
 Bonuses
 Regular payments
 Seasonal business
23
Customer Due Diligence (CDD) /
Know Your Customer (KYC)
Why do they do it?


Why does the customer want a specific product or set of products?
Why is a company structured the way it is?
How do they do it?


How will payments be made?
How will payments be received?
24
Customer Due Diligence (CDD) /
Know Your Customer (KYC)
Does it all add up?





Does the information given make sense?
Can it be corroborated?
Does documentary evidence confirm it?
Is it in line with previous experiences or similar customers?
Ask yourself – would you give them your own money?
25
Customer Due Diligence (CDD) /
Know Your Customer (KYC)

Customer due diligence never ceases

Rolling plan required to constantly keep due diligence updated

Every customer touch-point is an opportunity to confirm due
diligence is still up to date, however practicality suggests mix
periodical reviews with certain event based reviews, e.g.





Material change to customer, such as change of name, address,
business line, employer, etc
Change in products, perhaps from
standard product to higher risk products,
such as financial trade instruments
Sudden change in transactional
Ongoing
business through account
New information come to light,
such as a link to a PEP
Etc.
26
Customer Due Diligence (CDD) /
Know Your Customer (KYC)
Example 1



Personal account for single mother in UK
Current Account only, to be used for state benefits coming in, cash
out, and payments for utilities, etc
Mobile telephone number given

Red flag – the same mobile number was found on 18 different
individual current accounts

Result – the woman was found to be committing benefit fraud with
multiple fictitious names

Morale – Not everyone is who they say they are
27
Customer Due Diligence (CDD) /
Know Your Customer (KYC)
Example 2





Business account gold bullion trader in Europe
Only required current account and trade instruments
Customer needed account only for one major transaction with one country
Purpose was to assist Malaysian government to offload some of its gold
reserves
Expected volume of activity was Letters of Credit in and out to the value of
$6 billion

Red flag – the entire gold reserves of Malaysia at the time were
worth only a quarter of this amount

Result – the business was found to have been duped into believing
there was a legitimate deal, when in fact it turned out to be a
massive money laundering scheme

Morale – If it sounds too good to be true, it probably is
28
Customer Due Diligence cont.
Presenter:
Wesley Tam
Head of Anti-Money Laundering, Asia
Know Your Customer /
Customer Due Diligence
KYC/CDD Requirements
 Group AML Policy remains at a high level
 Local AML Policy are more specific
 Main distribution models for insurance:
1. Tied agency
2. Bancassurance
3. Direct marketing
4. Brokers
5. Corporate agency
KYC/CDD Requirements (cont’d)
Tied Agency (Face-to-Face)
 KYC/CDD standards
Full compliance with local laws
Adopt a higher standard (if Group requirements are more stringent)
KYC/CDD documents are obtained directly from customers
Sanctions screening is performed on a daily basis
Periodic re-screening is performed
KYC/CDD documents are retained according to the local AML
requirements
KYC/CDD Requirements (cont’d)
 Bancassurance (Face-to-Face)
Full compliance with local laws
Reliance is placed upon business partners
Business Agreement, Reliance Letter and/or AML Questionnaire
are in place
KYC/CDD documents obtained by either bank/Prudential staff
KYC/CDD documents are usually disseminated to Prudential; or
disseminated to Prudential upon specific request
Sanctions screening (including re-screening) is performed by both
the bank and Prudential
KYC/CDD documents are retained according to the local AML
requirements
KYC/CDD Requirements (cont’d)
 Direct Marketing/Telemarketing (non Face-to-Face)
Full compliance with local laws
KYC/CDD documents are obtained either during customer take on
or must be obtained prior to any payout
Sanctions screening (including re-screening) is performed by
Prudential before any payout
KYC/CDD documents are retained according to the local AML
requirements
KYC/CDD - Rules of Thumb
 Local Units must comply with all local AML laws and regulations
 When local laws conflict with Group requirements, the more
stringent or higher standard will apply
 In case a Local Unit cannot meet the minimum requirements of
the Group AML Policy, an exemption should be applied
 PCA cannot grant exemptions if the Local Unit is in breach of any
local AML legislations
KYC/CDD - The Principles We Follow
 Not to enter into or maintain relationships with customers whose
conduct gives rise to suspicion of involvement in illegal activities
 Seek to terminate any customer relationship where the
customers’ conduct gives reasonable cause to believe or
suspect involvement in illegal activities
 Before doing business with any prospective customer, all Local
Units must obtain appropriate CDD information to ensure that we
know with whom we are doing business
 Enhanced Due Diligence (“EDD”) applied on a risk-sensitive
basis in any situation which presents a higher risk
Samples of Minimum Customer Information Requirements
Timing
Customer Information to be collected, verified and retained
When business
relations are
established
Including, but not limited to:
Periodically
Ensure it is kept up-to-date, especially for higher risk customers
For XX years
following the
termination of
business relations
Keep the customer identification information and other documents
relating to the establishment of business relations, as well as policy
files and business correspondence
• Full name
• Unique identification number
• Residential address, registered or business address and contact
telephone number(s)
• Date of birth, incorporation or registration
• Nationality or place of incorporation or registration
• Directors (if a company)
• Partners (if a partnership)
• Persons with executive authority
Questions?
SESSION 4
Transaction Monitoring
John Gibson
Regional Head of
Financial Crime Compliance
Wholesale Banking
Middle East, Africa, Pakistan and Europe
39
Transaction Monitoring
WHY IS IT IMPORTANT ?





Regulatory Requirement
Reputational Risk
Operational Risk
It’s the right thing to do
It’s a key control in combating money laundering and terrorist financing
CORE PRINCIPLES

Compliance with the relevant AML laws
 Automation
 Clear rule based scenarios
 Effective case management
 Awareness & culture building – quick responses
40
Transaction Monitoring
Overview







One of the keys to AML is effective and regular monitoring of
transactions
The purpose of this transaction monitoring is to be able to identify an
abnormal or unusual transaction
It is also used to maintain a watch on higher risk accounts
As it is a legal obligation to report suspicious activities, it is a vital
control to assisting an organisation in identifying such activity
With the large volumes of transactions going through any financial
institution it is impossible to rely on manually spotting these
However, automation should be considered as the last line of
defence. It will not pick up everything, and it will also pick up
transactions that turn out to be legitimate
Staff need to be encouraged to be vigilant as well – this does not
replace a staff member’s obligation, but acts as a safety net for the
organisation
41
Transaction Monitoring
Expectations







Transaction monitoring requires rules; a set of variables designed to
alert when thresholds are crossed
An institution must regularly review the output of rules, and measure
their success
The purpose of variables is to allow an institution amend rules to
help reduce “false positives”
No system can capture every suspicious transaction
Systems will generate alerts that then need to be reviewed
The majority of these alerts will in all likelihood turn out not to be
suspicious (“false positives”)
Rules should be based on industry standards, regional intelligence,
and a banks own experiences
42
Transaction Monitoring
Sample Rules









Monies coming into the account far exceed what has come in
previously in a similar month, or over a period
Monies come into an account, and within short period, majority has
gone straight back out
Large volume of inwards and outwards traffic
Large volumes or values of cross border payments for mainly local
companies
Transfers to and from higher risk countries
Values just below certain internal or external thresholds
Round figure amounts
Large number of refunds
etc
43
Transaction Monitoring
Specific Example of Variables

Where incoming funds is greater than 150% of incoming funds via
electronic means in the previous 1 month

This sample rule could be used to look for accounts with a sudden
increase in volumes of deposits. The areas in red are variables.
Reviews of the alerts generated by this rule may suggest :

150% is too high, and that no alerts are generated at this setting, whereas setting
it at 105% is too low, and it generates too many alerts to be reviewed
 The focus on electronic means may miss out cash transactions coming into an
account, but the inclusion of cash may result in amounts being very varied,
resulting in too many alerts
 In the previous 1 month may suit personal accounts which are salaried, but for
business accounts, where turnover may not be as similar each month, it may be
beneficial to set at previous 12 months
44
Transaction Monitoring

Transaction Monitoring never ceases

It will be run constantly, although
various different rules may be set to
run daily, weekly or monthly
Ongoing

Every alert must be reviewed

Requires a collaborative approach –
often best to utilise designated team to
review alerts, however, they will not have
specific knowledge of customers. Therefore vital that they reach
out to specific branch or employee who has most knowledge of a
customer, as they may be aware of a reason behind something that a
system may view as suspicious

In these scenarios, quick responses are essential
45
Transaction Monitoring
Example 1


Business account in Germany
Manufacturer of religious items

Alert – Sudden increase of turnover, threefold, compared with
previous four months

Result – the customer was legitimate. The keystone of the
customer’s business was the sale of good relating to Christmas.
Large orders would com in around June / July / August to ensure
retailers had their supplies in time for the run up to December

Morale – Not every alert is suspicious; good due diligence up front
will save a large amount of effort at the back end
46
Transaction Monitoring
Example 2

Business account in Nigeria
Main supplier in UK

Alert – large volumes of payments received back from main supplier

Result – the customer was overpaying the supplier in the UK in
exchange for a rebate. They were sent the overpayment back, plus a
further small discount for their trouble. The UK supplier was then
sending refunds back using drug money. The refunds were used to
disguise the illicit money from the UK as appearing legitimate, being
linked to an actual business transaction, and the legitimate funds
from Nigeria were used to disguise the criminal funds in the UK.

Morale – Know your customer’s customer

47
Transaction Monitoring Cont.
Presenter:
Wesley Tam
- Head of Anti-Money Laundering, Asia
Suspicious
Transaction Monitoring
Suspicious Transaction Monitoring
 If a financial institution (“FI”) suspects or has reasonable
grounds to suspect that funds are the proceeds of a criminal
activity, or are related to terrorist financing, it should report its
suspicions to the applicable Financial Intelligence Unit or local
authority
 An STR is a way of alerting authorities to the possibility that a
particular transaction could involve money laundering or
terrorist financing and should be investigated
In most cases, the reporting FI will not have evidence that the
transaction represents the proceeds of crime
Most likely, the FI will not be aware of the source of funds or the
reason for the transaction and cannot inquire of the customer
without the risk of tipping-off the customer
In these cases the FI should submit an STR and leave it to the
authorities to further investigate
Suspicious Transaction Monitoring (cont’d)
 When filing suspicious transaction reports (“STRs”), FIs
should not, under any circumstances, notify a customer
that his/her behaviour has been reported to the authority
 “Safe harbour” laws help to encourage FIs to report all
suspicious transactions. Such laws protect FIs and
employees from criminal and civil liability when reporting
suspicious transactions to competent authorities in good
faith
Regional Requirements
 Standard Transaction Monitoring
Review of red flags for ALL customers
1 to 3 monthly basis
Review ALL transactions for the previous 6 months at least
 Special Monitoring of Medium / High Risk Customers
Review of transactions for ALL medium / high risk customers
despite hitting red flags or not
Review ALL transactions monthly (on a 6 month rolling cycle at
least)
Red Flags
 No apparent purpose or which make no obvious economic sense
 Incompatible with the normal activities of the customer
 Not commensurate with the customer’s apparent financial means
 Overpayment of premium by a customer without apparent cause
 Transfers to and from high-risk jurisdictions without reasonable
explanation
 Structured just below a regulatory reporting
or identification threshold
Red Flags (cont’d)
 Unusual number of new (and cancelled) business (NTU) and/or
withdrawal (and partial withdrawal) transactions over a short period of
time
 Agents who have consistently high activity levels of single premium
business far in excess of any average company expectation
 Unusual sources of funds or income
 Unusual number of policy loans
CASE STUDIES
Case Study 1
Policy Details
Profile of a Policyholder
• Traditional Endowment
• Annual Premium : $200,000
• Bank Transfer lump sum of
$1,000,000 for 5 years
advance premium payment
- Age 53, Female
- Declared Occupation:
Business owner
- Annual declared income:
$36,000
NTU
 No reason given
 Within 1 week full
refund
 Source of funds
 Premium payable does not commensurate
with declared income
 Cancellation with no purpose / reason
Case Study 1 (cont’d)
The policy was escalated by the Operation Team
 Due to the premium amount refunded exceeded the
pre-defined reporting threshold
STR raised to local authority
Tagged for continuous monitoring on customer’s
portfolio.
Case Study 2
Abnormal Transaction Pattern
by a high performing agent
Self and Family Policies
Policy Holder A
Prudential
Policy Holder B
Policy Loan /
Policy Surrendered
FC
Policy Holder C
..
.
Secretary A
Secretary B
 One of agent’s personal
secretaries is from
National Tax Service
 Secretaries' salary is 5
times higher than market
average
 20 policyholders with 64
high premium contracts
 Policyholders include
agent’s family,
secretaries, and
secretaries’ family
 Frequent policy loans are
taken out
 Frequent policies
cancellation
Case Study 2 (cont’d)
It is “POSSIBLE” that…
1. The agent and his family/secretaries are involved in money-laundering.

Given that 1) purchasing high premium policies, 2) drawing policy loans and 3) frequent
surrendering of premium, we felt suspicious for money laundering and agent being a front
person of money-laundering for 3rd parties
OR
2. Agent is making these transactions in order to achieve sales target and
maintain ‘top agent status’ thus enjoying various benefits.

There is a high chance that premiums are
paid by the agent himself for those policies
of his and secretaries’ relatives.
Case Study 2 (cont’d)
This case was detected by these red flags:
① Surrender shortly after a series of loans
② Make repeated partial withdrawal and top-up in a short period
of time
③ Buy multiple policies in a short period of time
Collected various data &
analyzed transactions
Agent and his
customers are
filtered out due to
suspicious
transactions
Even though the agent
is not with Prudential,
his policies are being
closely monitor
Reported the result to CEO
and CAO
Reported to FIU
CAO indirectly warned the
agents for his abnormal
transactions
Agent left Prudential for
unknown reason
Another report to FIU
has been filed on one of
his customer’s
transaction for pattern ②
above
Case Study 3
Illegal Money Lender & Loan Shark
 Illegal money lenders, are unlicensed (lending without a
credit license) and operate outside the law
 Loan shark is a person or body that offers loans
at extremely high interest rates
Case Study 3 (cont’d)
Screening
Premium
Prudential
policy
Case Study 3 (cont’d)
TWO MONTHS
LATER……
v
Case
Study 3 (cont’d)
Suspicious
Transaction Found!!
System has detected and alerted for this
customer’s transaction due to:
1.Aggregate transactions amount over
threshold
Result
2. Money incoming and outgoing are not In
line with customer profession
3.Frequent cash withdrawal in a short
period of time
•Policyholder
avoid calls
Case Study 3 (cont’d)
Customer Transaction
Summary
Cash withdrawal over the counter
Cash withdrawal after short period
Request of transfer to unknown 3rd parties
Case Study 3 (cont’d)
Actions
Taken
On-site
Visit
The customer is an
illegal money lender
Terminate
policy
Case Study 4
Abnormal high frequencies of policy
loans spotted from some
policyholders and agents via regular
transaction monitoring
Loan Repayments
Usually made on the
same day or within
just a few days
Policy Holders
Loan Disbursements
No cash involved. The majority of the loan
repayments were paid by policyholders’
credit cards
Prudential
Case Study 4 (cont’d)
 Investigation confirmed that the purpose of such high
frequency transactions was to earn bonus points from credit
card;
 The case was promptly disclosed to local enforcement
agency; and
 Prudential management have implemented measures to stop
these abusing activities.
Questions?
SESSION 5
Effective Employee
Training and Awareness
John Gibson
Regional Head of
Financial Crime Compliance
Wholesale Banking
Middle East, Africa, Pakistan and Europe
70
Effective Employee Training & Awareness
WHY IS IT IMPORTANT ?





Regulatory Requirement
Reputational Risk
Operational Risk
It’s the right thing to do
It’s a key control in combating money laundering and terrorist financing
CORE PRINCIPLES

Compliance with the relevant AML laws
 Relevant and targeted
 Tested to ensure effective knowledge transfer
 Mandatory
 Technical knowledge transfer as well as awareness &
culture building
71
Effective Employee Training & Awareness
Overview






Bank staff are often the best control in the fight against money
laundering and terrorist financing
The purpose of training is to enable staff to be able to identify
suspicious activity
It is also used to embed awareness of money laundering in to
everyday activity
As it is a legal obligation to report suspicious activities, it is a vital
control to enable staff to meet their obligation
Like all training, it needs to be engaging – staff must remember the
key messages
It needs to be relevant, so consideration needs to be given to
multiple training materials to cover different aspects
72
Effective Employee Training & Awareness
Challenges



It needs to be interesting and engaging
It needs to be cost effective
Consideration to method of delivery

Face to face more expensive, but better interaction
 Paper based cheap to deliver, but difficult to record and retain
 Online interactive, easier to deliver and record, but not as effective, and lose
value of discussion
 One to one more focused, but in groups better discussion


The point is there is no one method that is best – consideration
should be given to use of more than one approach
It must be mandatory and it must be tested - this means pass mark
and fail mark

Everyone must have some sort of training
 Re-sit for failure
 What to do with repeat offenders
73
Effective Employee Training & Awareness
Training Content








Understand the basics of money laundering
Understand the predicate offences
Understand the reasons behind money laundering and terrorist
financing, the scale of it, and the impact
Understand the basics of legislation, and the impact on the organization
as well as on themselves personally
Understand some key typologies, so as to be able to identify suspicious
activity
Understand the banks own controls and requirements to ensure they are
met
Understand what to do in the event that they find something suspicious
Understand what they can and cannot do once something has been
reported
74
Effective Employee Training & Awareness

Training never ceases

It will be run continuously, giving staff reminders, and updating them
on new trends, regulations, typologies, etc.

It must be regularly reviewed to ensure it is up to date, relevant and
still effective

Requires a collaborative approach –
often best to utilise a mix of
designated training teams who
understand knowledge transfer,
with AML specialists, who can
ensure technical knowledge
is accurate.
Ongoing
75
Effective Employee Training & Awareness
Example 1







Financial institution in the UK
Diverse range of products
11,000 staff - training adopted in a modular approach
Every staff member was given at least a basic training
A member of staff employed solely as a driver within the Asset
Finance Division was sent to repossess a vehicle
He found a number of chequebooks in different names in the back of
the car
Having completed a basic training, was unsure exactly what this
meant, but reckoned he should report it anyway, as it didn’t seem legal

Result - It turned out that the chequebooks were all forgeries, and the
previous hirer of the vehicle was involved in a major forgery ring

Morale – everyone in your organisation has the potential to see
something suspicious
76
Effective Employee Training & Awareness
Example 2






Relationship manager in Pakistan
New to the organisation, and therefore had to complete training
Had been given a portfolio of existing customers
Highlighted that one of his customer files contained a note to say the
beneficial owner could not provide evidence of his ownership of the
company, as he was a taxpayer in another country, and therefore
didn’t want to pay more tax on this business in Pakistan
Having completed his training, he was now aware that tax evasion
was a predicate offence in Pakistan
Result – A Suspicious activity report was filed on the customer for
tax evasion
77
Effective Employee Training & Awareness Cont.
Presenter:
Wesley Tam
- Head of Anti-Money Laundering, Asia
Training
Induction and Refresher Training (Internal Staff members)
 Face-to-Face
 Computer Based Training
 Post-Training Assessment with a reasonable pass mark
 Mandatory training i.e. 100% attendance rate
 Human Resource Department to track attendance record for
internal staff
 Disciplinary actions for non-attendance
Induction and Refresher Training (Agents)
 Face to Face
 Computer Based Training
 Paper Based
 Compact Disc
 Post-Training Assessment with a reasonable pass mark
 Mandatory training i.e. 100% attendance rate for active agents
 Agency to track attendance record for tied agents
 Disciplinary actions for non-attendance
SESSION 6
Governance, Assurance
and the Role of
Regulators
Mike Trigg
Group Financial Crime Risk Advisor
82
Effective Governance
Oversight by senior management – to ensure:

the overall AML programme is operating effectively

the programme is aligned with relevant regulations

the programme is appropriately resourced and funded

there is future strategy in place

that strategy is aligned with evolving best practice

and it is appropriately resourced and funded
83
Governance: setting priorities to deliver a clear Strategic
Objective
Develop an integrated
approach to the
management of AML
enterprise-wide
Continue building
execution excellence in the
businesses and
compliance
Gain greater assurance that
controls are well designed
and operating effectively







Ensure staff have the
knowledge and awareness
to manage AML

Build reputation by
contributing to the
reduction of crime through
spreading good practices





Better integrate AML monitoring and intelligence outputs into customer management to drive
informed business decisions.
Use analytics to improve our ability to understand our risks and support controls.
Leverage technology and process design to upgrade customer due diligence in all business.
Integrate appropriate advice from the compliance function into customer due diligence.
Upgrade capabilities for surveillance and screening through technology and specialist skills.
Understand and test the key controls across the three lines of defence.
Have courageous conversations about the risks in the right governance forums.
Build a risk based approach to AML training for employees.
Better equip the compliance function to recognise AML risks.
Learn from our experience and our peers to raise awareness.
Better communicate our policy and approach internally and with our regulators.
Contribute to the development of government policy and regulation for AML compliance.
Influence and spread industry best practices in our markets.
84
Governance: strong oversight of the AML Programme
Board
Board
Risk Committee
Audit Committee
Group
Group Risk Committee
Group Financial Crime Risk
Committee
Business
e.g. Wholesale Banking and
Consumer Banking Risk
Committees
Country
Country AML Risk Committees
(CORCs)
85
e.g. Business Responsibility and
Reputational Risk Committees
Specialist forums e.g. CDD Working Group
85
….and to build a culture of AML compliance
Performance
Objectives
Top
management
behaviour and
communications
Supervisor
behaviour and
communications
Personal beliefs
Culture and
Values of
the
organisation
Employee
behaviour
Policies and
Procedures


Monitoring
and assurance
Rewards
Disciplinary
Management
Culture is shown through the aggregate behaviour of all employees
Need to align all influences on behaviour to achieve desired outcome
86
Money Laundering Prevention Officer (MLPO)








Assist the Group CEO
Advise the Group Board
Report to senior management and Audit Committee
Set policies and standards
Identify/resolve significant breaches and regulatory issues
Foster good relations with the authorities
Liaise with Compliance, Audit and other control functions
Liaise with other Money Laundering Prevention Officers
87
Assurance
 Ensuring all the controls are operating effectively:
 First Line: Business – Key Controls, Key Indicators,
Self Assessment
 Second Line: Compliance Monitoring
 Third Line: Internal Audit
88
Role of Regulators
 Define local requirements in accordance with international
standards
 Work with local institutions to make the requirements
practical and appropriate to local risks and business practices
 Partner institutions in effective implementation
 Apply a risk based approach to AML supervision
 Promote and support international access
 Focus on combating financial crime!
89