Standard Chartered Bank Anti-Money Laundering (“AML”) Workshop 4th December 2013 Yangon, Myanmar In association with Prudential Corporation Asia Anti-Money Laundering 4th December 2013 - Yangon, Myanmar SESSION 1 Setting AML Standards for: - Governments - Regulators - The Financial Sector Mike Trigg Group Financial Crime Risk Advisor What is Money Laundering? Taking the proceeds from crime and moving them through financial institutions to disguise their illegal origin - and then investing them to make them appear legitimate. Proceeds from: Drug trafficking Fraud Corruption Tax evasion 4 Who sets AML standards ? International Government and Regulatory Agencies: • The UN • The Basle Committee • IMF • World Bank • Financial Action Task Force (FATF) International Standards International Industry Groups • Wolfsberg Group • SWIFT 5 What are the minimum standards for governments and regulators? Undertake a country level risk assessment Criminalise Money Laundering and Terrorist Financing – link them to a wide range of predicate criminal offences Implement legal procedures to identify and freeze criminal assets Create a Suspicious Activity Reporting process and a Financial Intelligence Unit to support it 6 What are the minimum standards for governments and regulators? Improve Financial Transparency Strengthen Customer Due Diligence requirements Apply effective supervision and enforcement Facilitate International Cooperation Apply the programme to all relevant sectors – not just banking and insurance 7 Who sets the standards for the financial sector? Regulator's Expectations International Standards Best Practice Country Laws and Regulations Industry Guidance Risk Based or Rule Based? 8 What do standards for the financial sector cover? Customer Due Diligence (‘CDD’) Transaction Monitoring Training and Awareness Audit and Assurance Governance 9 SESSION 2 Establishing a Robust AML Programme Mike Trigg Group Financial Crime Risk Advisor 10 An AML Programme AML Strategy and Risk Assessment AML Policy and Procedures Transaction Screening Client Screening AML Surveillance CDD Reviews Assurance Governance CDD Processes Intelligence and Analytics Organisation and Resources Training 11 1. Risk Assessment R I S K S CONTROLS ASSURANCE Assurance Onboarding Client & Product Servicing Transaction Surveillance Customer Screening Transaction Screening CDD review CONTROL MANAGEMENTGGG G R O S S First line Monitoring RESIDUAL RISKS Audit Risk assessment will act as basis for decisions on AML strategy, priorities and resources 12 2. Customer Due Diligence Indentify and Verify Screen Risk Rate Risk Based Extra Due Diligence Acceptance Periodic Updates 13 3. Transaction Monitoring Establish expected transaction profile at CDD stage Exception Reporting Specialised Systems Reporting and Disclosure Intelligence and Analytics Dynamic Re-Profiling 14 4. Training Identify target population Align to role, product, business E - Learning Classroom based Testing and Tracking 15 5. AML intelligence and analytics is an area of increasing focus Risk identification Optimising screening and surveillance systems AML analytics and intelligence: data-driven decision making Identifying the facts to give a clearer understanding of money laundering risks and providing the knowledge required to manage them. Analytics can significantly improve the ability to provide better focused, better informed and actionable intelligence to manage risks associated with money laundering. 16 6. Governance and Assurance Oversight by senior management – to ensure: AML controls are operating effectively The Programme is aligned with relevant regulations The Programme is Resourced and funded There is future strategy in place That strategy is aligned with evolving best practice It is appropriately resourced and funded 17 SESSION 3 Customer Due Diligence John Gibson Regional Head of Financial Crime Compliance Wholesale Banking Middle East, Africa, Pakistan and Europe 18 Customer Due Diligence (CDD) / Know Your Customer (KYC) WHY IS IT IMPORTANT ? Regulatory Requirement Reputational Risk Operational Risk It’s the right thing to do It’s a key control in combating money laundering and terrorist financing CORE PRINCIPLES Compliance with the relevant AML laws Top management commitment Clear accountabilities & robust controls Risk based Awareness & culture building 19 Customer Due Diligence (CDD) / Know Your Customer (KYC) What does CDD mean? + Who is the customer? + What do they do? + Where do they do it? + When do they do it? + Why do they do it? + How do they do it? = Does it all add up? 20 Customer Due Diligence (CDD) / Know Your Customer (KYC) Who is the customer? Determine the true identity and beneficial ownership of accounts Individual Entity • • • • • • • • • • • • • • Full legal name Residential address Telephone number(s) Date of birth Nationality Unique identifier (passport number, ID card, driving license, etc) Who are they connected to? Retain evidence Keep up to date • • • • Full legal name Registered & operating address Telephone number(s) Incorporation or registration details Owners and controllers details (keep unwrapping the layers as entities and individuals) Who are they connected to? Who are their customers, suppliers, etc? Retain evidence Keep up to date 21 Customer Due Diligence (CDD) / Know Your Customer (KYC) What do they do? Understanding the customer is key What is the account to be used for? What activity is expected? (personal account with salary in and payments out, savings account, business account, etc) What monies are expected to come into / go out of the account What products / services are needed? If business, what kind of business activity are they involved in? Are any of these high risk? 22 Customer Due Diligence (CDD) / Know Your Customer (KYC) Where do they do it? Where is the customer based? Where are they from? Where are they operating? Where are they transacting with? Where is their income from? When do they do it? When are transactions expected? Salaries? Monthly, weekly, etc? Bonuses Regular payments Seasonal business 23 Customer Due Diligence (CDD) / Know Your Customer (KYC) Why do they do it? Why does the customer want a specific product or set of products? Why is a company structured the way it is? How do they do it? How will payments be made? How will payments be received? 24 Customer Due Diligence (CDD) / Know Your Customer (KYC) Does it all add up? Does the information given make sense? Can it be corroborated? Does documentary evidence confirm it? Is it in line with previous experiences or similar customers? Ask yourself – would you give them your own money? 25 Customer Due Diligence (CDD) / Know Your Customer (KYC) Customer due diligence never ceases Rolling plan required to constantly keep due diligence updated Every customer touch-point is an opportunity to confirm due diligence is still up to date, however practicality suggests mix periodical reviews with certain event based reviews, e.g. Material change to customer, such as change of name, address, business line, employer, etc Change in products, perhaps from standard product to higher risk products, such as financial trade instruments Sudden change in transactional Ongoing business through account New information come to light, such as a link to a PEP Etc. 26 Customer Due Diligence (CDD) / Know Your Customer (KYC) Example 1 Personal account for single mother in UK Current Account only, to be used for state benefits coming in, cash out, and payments for utilities, etc Mobile telephone number given Red flag – the same mobile number was found on 18 different individual current accounts Result – the woman was found to be committing benefit fraud with multiple fictitious names Morale – Not everyone is who they say they are 27 Customer Due Diligence (CDD) / Know Your Customer (KYC) Example 2 Business account gold bullion trader in Europe Only required current account and trade instruments Customer needed account only for one major transaction with one country Purpose was to assist Malaysian government to offload some of its gold reserves Expected volume of activity was Letters of Credit in and out to the value of $6 billion Red flag – the entire gold reserves of Malaysia at the time were worth only a quarter of this amount Result – the business was found to have been duped into believing there was a legitimate deal, when in fact it turned out to be a massive money laundering scheme Morale – If it sounds too good to be true, it probably is 28 Customer Due Diligence cont. Presenter: Wesley Tam Head of Anti-Money Laundering, Asia Know Your Customer / Customer Due Diligence KYC/CDD Requirements Group AML Policy remains at a high level Local AML Policy are more specific Main distribution models for insurance: 1. Tied agency 2. Bancassurance 3. Direct marketing 4. Brokers 5. Corporate agency KYC/CDD Requirements (cont’d) Tied Agency (Face-to-Face) KYC/CDD standards Full compliance with local laws Adopt a higher standard (if Group requirements are more stringent) KYC/CDD documents are obtained directly from customers Sanctions screening is performed on a daily basis Periodic re-screening is performed KYC/CDD documents are retained according to the local AML requirements KYC/CDD Requirements (cont’d) Bancassurance (Face-to-Face) Full compliance with local laws Reliance is placed upon business partners Business Agreement, Reliance Letter and/or AML Questionnaire are in place KYC/CDD documents obtained by either bank/Prudential staff KYC/CDD documents are usually disseminated to Prudential; or disseminated to Prudential upon specific request Sanctions screening (including re-screening) is performed by both the bank and Prudential KYC/CDD documents are retained according to the local AML requirements KYC/CDD Requirements (cont’d) Direct Marketing/Telemarketing (non Face-to-Face) Full compliance with local laws KYC/CDD documents are obtained either during customer take on or must be obtained prior to any payout Sanctions screening (including re-screening) is performed by Prudential before any payout KYC/CDD documents are retained according to the local AML requirements KYC/CDD - Rules of Thumb Local Units must comply with all local AML laws and regulations When local laws conflict with Group requirements, the more stringent or higher standard will apply In case a Local Unit cannot meet the minimum requirements of the Group AML Policy, an exemption should be applied PCA cannot grant exemptions if the Local Unit is in breach of any local AML legislations KYC/CDD - The Principles We Follow Not to enter into or maintain relationships with customers whose conduct gives rise to suspicion of involvement in illegal activities Seek to terminate any customer relationship where the customers’ conduct gives reasonable cause to believe or suspect involvement in illegal activities Before doing business with any prospective customer, all Local Units must obtain appropriate CDD information to ensure that we know with whom we are doing business Enhanced Due Diligence (“EDD”) applied on a risk-sensitive basis in any situation which presents a higher risk Samples of Minimum Customer Information Requirements Timing Customer Information to be collected, verified and retained When business relations are established Including, but not limited to: Periodically Ensure it is kept up-to-date, especially for higher risk customers For XX years following the termination of business relations Keep the customer identification information and other documents relating to the establishment of business relations, as well as policy files and business correspondence • Full name • Unique identification number • Residential address, registered or business address and contact telephone number(s) • Date of birth, incorporation or registration • Nationality or place of incorporation or registration • Directors (if a company) • Partners (if a partnership) • Persons with executive authority Questions? SESSION 4 Transaction Monitoring John Gibson Regional Head of Financial Crime Compliance Wholesale Banking Middle East, Africa, Pakistan and Europe 39 Transaction Monitoring WHY IS IT IMPORTANT ? Regulatory Requirement Reputational Risk Operational Risk It’s the right thing to do It’s a key control in combating money laundering and terrorist financing CORE PRINCIPLES Compliance with the relevant AML laws Automation Clear rule based scenarios Effective case management Awareness & culture building – quick responses 40 Transaction Monitoring Overview One of the keys to AML is effective and regular monitoring of transactions The purpose of this transaction monitoring is to be able to identify an abnormal or unusual transaction It is also used to maintain a watch on higher risk accounts As it is a legal obligation to report suspicious activities, it is a vital control to assisting an organisation in identifying such activity With the large volumes of transactions going through any financial institution it is impossible to rely on manually spotting these However, automation should be considered as the last line of defence. It will not pick up everything, and it will also pick up transactions that turn out to be legitimate Staff need to be encouraged to be vigilant as well – this does not replace a staff member’s obligation, but acts as a safety net for the organisation 41 Transaction Monitoring Expectations Transaction monitoring requires rules; a set of variables designed to alert when thresholds are crossed An institution must regularly review the output of rules, and measure their success The purpose of variables is to allow an institution amend rules to help reduce “false positives” No system can capture every suspicious transaction Systems will generate alerts that then need to be reviewed The majority of these alerts will in all likelihood turn out not to be suspicious (“false positives”) Rules should be based on industry standards, regional intelligence, and a banks own experiences 42 Transaction Monitoring Sample Rules Monies coming into the account far exceed what has come in previously in a similar month, or over a period Monies come into an account, and within short period, majority has gone straight back out Large volume of inwards and outwards traffic Large volumes or values of cross border payments for mainly local companies Transfers to and from higher risk countries Values just below certain internal or external thresholds Round figure amounts Large number of refunds etc 43 Transaction Monitoring Specific Example of Variables Where incoming funds is greater than 150% of incoming funds via electronic means in the previous 1 month This sample rule could be used to look for accounts with a sudden increase in volumes of deposits. The areas in red are variables. Reviews of the alerts generated by this rule may suggest : 150% is too high, and that no alerts are generated at this setting, whereas setting it at 105% is too low, and it generates too many alerts to be reviewed The focus on electronic means may miss out cash transactions coming into an account, but the inclusion of cash may result in amounts being very varied, resulting in too many alerts In the previous 1 month may suit personal accounts which are salaried, but for business accounts, where turnover may not be as similar each month, it may be beneficial to set at previous 12 months 44 Transaction Monitoring Transaction Monitoring never ceases It will be run constantly, although various different rules may be set to run daily, weekly or monthly Ongoing Every alert must be reviewed Requires a collaborative approach – often best to utilise designated team to review alerts, however, they will not have specific knowledge of customers. Therefore vital that they reach out to specific branch or employee who has most knowledge of a customer, as they may be aware of a reason behind something that a system may view as suspicious In these scenarios, quick responses are essential 45 Transaction Monitoring Example 1 Business account in Germany Manufacturer of religious items Alert – Sudden increase of turnover, threefold, compared with previous four months Result – the customer was legitimate. The keystone of the customer’s business was the sale of good relating to Christmas. Large orders would com in around June / July / August to ensure retailers had their supplies in time for the run up to December Morale – Not every alert is suspicious; good due diligence up front will save a large amount of effort at the back end 46 Transaction Monitoring Example 2 Business account in Nigeria Main supplier in UK Alert – large volumes of payments received back from main supplier Result – the customer was overpaying the supplier in the UK in exchange for a rebate. They were sent the overpayment back, plus a further small discount for their trouble. The UK supplier was then sending refunds back using drug money. The refunds were used to disguise the illicit money from the UK as appearing legitimate, being linked to an actual business transaction, and the legitimate funds from Nigeria were used to disguise the criminal funds in the UK. Morale – Know your customer’s customer 47 Transaction Monitoring Cont. Presenter: Wesley Tam - Head of Anti-Money Laundering, Asia Suspicious Transaction Monitoring Suspicious Transaction Monitoring If a financial institution (“FI”) suspects or has reasonable grounds to suspect that funds are the proceeds of a criminal activity, or are related to terrorist financing, it should report its suspicions to the applicable Financial Intelligence Unit or local authority An STR is a way of alerting authorities to the possibility that a particular transaction could involve money laundering or terrorist financing and should be investigated In most cases, the reporting FI will not have evidence that the transaction represents the proceeds of crime Most likely, the FI will not be aware of the source of funds or the reason for the transaction and cannot inquire of the customer without the risk of tipping-off the customer In these cases the FI should submit an STR and leave it to the authorities to further investigate Suspicious Transaction Monitoring (cont’d) When filing suspicious transaction reports (“STRs”), FIs should not, under any circumstances, notify a customer that his/her behaviour has been reported to the authority “Safe harbour” laws help to encourage FIs to report all suspicious transactions. Such laws protect FIs and employees from criminal and civil liability when reporting suspicious transactions to competent authorities in good faith Regional Requirements Standard Transaction Monitoring Review of red flags for ALL customers 1 to 3 monthly basis Review ALL transactions for the previous 6 months at least Special Monitoring of Medium / High Risk Customers Review of transactions for ALL medium / high risk customers despite hitting red flags or not Review ALL transactions monthly (on a 6 month rolling cycle at least) Red Flags No apparent purpose or which make no obvious economic sense Incompatible with the normal activities of the customer Not commensurate with the customer’s apparent financial means Overpayment of premium by a customer without apparent cause Transfers to and from high-risk jurisdictions without reasonable explanation Structured just below a regulatory reporting or identification threshold Red Flags (cont’d) Unusual number of new (and cancelled) business (NTU) and/or withdrawal (and partial withdrawal) transactions over a short period of time Agents who have consistently high activity levels of single premium business far in excess of any average company expectation Unusual sources of funds or income Unusual number of policy loans CASE STUDIES Case Study 1 Policy Details Profile of a Policyholder • Traditional Endowment • Annual Premium : $200,000 • Bank Transfer lump sum of $1,000,000 for 5 years advance premium payment - Age 53, Female - Declared Occupation: Business owner - Annual declared income: $36,000 NTU No reason given Within 1 week full refund Source of funds Premium payable does not commensurate with declared income Cancellation with no purpose / reason Case Study 1 (cont’d) The policy was escalated by the Operation Team Due to the premium amount refunded exceeded the pre-defined reporting threshold STR raised to local authority Tagged for continuous monitoring on customer’s portfolio. Case Study 2 Abnormal Transaction Pattern by a high performing agent Self and Family Policies Policy Holder A Prudential Policy Holder B Policy Loan / Policy Surrendered FC Policy Holder C .. . Secretary A Secretary B One of agent’s personal secretaries is from National Tax Service Secretaries' salary is 5 times higher than market average 20 policyholders with 64 high premium contracts Policyholders include agent’s family, secretaries, and secretaries’ family Frequent policy loans are taken out Frequent policies cancellation Case Study 2 (cont’d) It is “POSSIBLE” that… 1. The agent and his family/secretaries are involved in money-laundering. Given that 1) purchasing high premium policies, 2) drawing policy loans and 3) frequent surrendering of premium, we felt suspicious for money laundering and agent being a front person of money-laundering for 3rd parties OR 2. Agent is making these transactions in order to achieve sales target and maintain ‘top agent status’ thus enjoying various benefits. There is a high chance that premiums are paid by the agent himself for those policies of his and secretaries’ relatives. Case Study 2 (cont’d) This case was detected by these red flags: ① Surrender shortly after a series of loans ② Make repeated partial withdrawal and top-up in a short period of time ③ Buy multiple policies in a short period of time Collected various data & analyzed transactions Agent and his customers are filtered out due to suspicious transactions Even though the agent is not with Prudential, his policies are being closely monitor Reported the result to CEO and CAO Reported to FIU CAO indirectly warned the agents for his abnormal transactions Agent left Prudential for unknown reason Another report to FIU has been filed on one of his customer’s transaction for pattern ② above Case Study 3 Illegal Money Lender & Loan Shark Illegal money lenders, are unlicensed (lending without a credit license) and operate outside the law Loan shark is a person or body that offers loans at extremely high interest rates Case Study 3 (cont’d) Screening Premium Prudential policy Case Study 3 (cont’d) TWO MONTHS LATER…… v Case Study 3 (cont’d) Suspicious Transaction Found!! System has detected and alerted for this customer’s transaction due to: 1.Aggregate transactions amount over threshold Result 2. Money incoming and outgoing are not In line with customer profession 3.Frequent cash withdrawal in a short period of time •Policyholder avoid calls Case Study 3 (cont’d) Customer Transaction Summary Cash withdrawal over the counter Cash withdrawal after short period Request of transfer to unknown 3rd parties Case Study 3 (cont’d) Actions Taken On-site Visit The customer is an illegal money lender Terminate policy Case Study 4 Abnormal high frequencies of policy loans spotted from some policyholders and agents via regular transaction monitoring Loan Repayments Usually made on the same day or within just a few days Policy Holders Loan Disbursements No cash involved. The majority of the loan repayments were paid by policyholders’ credit cards Prudential Case Study 4 (cont’d) Investigation confirmed that the purpose of such high frequency transactions was to earn bonus points from credit card; The case was promptly disclosed to local enforcement agency; and Prudential management have implemented measures to stop these abusing activities. Questions? SESSION 5 Effective Employee Training and Awareness John Gibson Regional Head of Financial Crime Compliance Wholesale Banking Middle East, Africa, Pakistan and Europe 70 Effective Employee Training & Awareness WHY IS IT IMPORTANT ? Regulatory Requirement Reputational Risk Operational Risk It’s the right thing to do It’s a key control in combating money laundering and terrorist financing CORE PRINCIPLES Compliance with the relevant AML laws Relevant and targeted Tested to ensure effective knowledge transfer Mandatory Technical knowledge transfer as well as awareness & culture building 71 Effective Employee Training & Awareness Overview Bank staff are often the best control in the fight against money laundering and terrorist financing The purpose of training is to enable staff to be able to identify suspicious activity It is also used to embed awareness of money laundering in to everyday activity As it is a legal obligation to report suspicious activities, it is a vital control to enable staff to meet their obligation Like all training, it needs to be engaging – staff must remember the key messages It needs to be relevant, so consideration needs to be given to multiple training materials to cover different aspects 72 Effective Employee Training & Awareness Challenges It needs to be interesting and engaging It needs to be cost effective Consideration to method of delivery Face to face more expensive, but better interaction Paper based cheap to deliver, but difficult to record and retain Online interactive, easier to deliver and record, but not as effective, and lose value of discussion One to one more focused, but in groups better discussion The point is there is no one method that is best – consideration should be given to use of more than one approach It must be mandatory and it must be tested - this means pass mark and fail mark Everyone must have some sort of training Re-sit for failure What to do with repeat offenders 73 Effective Employee Training & Awareness Training Content Understand the basics of money laundering Understand the predicate offences Understand the reasons behind money laundering and terrorist financing, the scale of it, and the impact Understand the basics of legislation, and the impact on the organization as well as on themselves personally Understand some key typologies, so as to be able to identify suspicious activity Understand the banks own controls and requirements to ensure they are met Understand what to do in the event that they find something suspicious Understand what they can and cannot do once something has been reported 74 Effective Employee Training & Awareness Training never ceases It will be run continuously, giving staff reminders, and updating them on new trends, regulations, typologies, etc. It must be regularly reviewed to ensure it is up to date, relevant and still effective Requires a collaborative approach – often best to utilise a mix of designated training teams who understand knowledge transfer, with AML specialists, who can ensure technical knowledge is accurate. Ongoing 75 Effective Employee Training & Awareness Example 1 Financial institution in the UK Diverse range of products 11,000 staff - training adopted in a modular approach Every staff member was given at least a basic training A member of staff employed solely as a driver within the Asset Finance Division was sent to repossess a vehicle He found a number of chequebooks in different names in the back of the car Having completed a basic training, was unsure exactly what this meant, but reckoned he should report it anyway, as it didn’t seem legal Result - It turned out that the chequebooks were all forgeries, and the previous hirer of the vehicle was involved in a major forgery ring Morale – everyone in your organisation has the potential to see something suspicious 76 Effective Employee Training & Awareness Example 2 Relationship manager in Pakistan New to the organisation, and therefore had to complete training Had been given a portfolio of existing customers Highlighted that one of his customer files contained a note to say the beneficial owner could not provide evidence of his ownership of the company, as he was a taxpayer in another country, and therefore didn’t want to pay more tax on this business in Pakistan Having completed his training, he was now aware that tax evasion was a predicate offence in Pakistan Result – A Suspicious activity report was filed on the customer for tax evasion 77 Effective Employee Training & Awareness Cont. Presenter: Wesley Tam - Head of Anti-Money Laundering, Asia Training Induction and Refresher Training (Internal Staff members) Face-to-Face Computer Based Training Post-Training Assessment with a reasonable pass mark Mandatory training i.e. 100% attendance rate Human Resource Department to track attendance record for internal staff Disciplinary actions for non-attendance Induction and Refresher Training (Agents) Face to Face Computer Based Training Paper Based Compact Disc Post-Training Assessment with a reasonable pass mark Mandatory training i.e. 100% attendance rate for active agents Agency to track attendance record for tied agents Disciplinary actions for non-attendance SESSION 6 Governance, Assurance and the Role of Regulators Mike Trigg Group Financial Crime Risk Advisor 82 Effective Governance Oversight by senior management – to ensure: the overall AML programme is operating effectively the programme is aligned with relevant regulations the programme is appropriately resourced and funded there is future strategy in place that strategy is aligned with evolving best practice and it is appropriately resourced and funded 83 Governance: setting priorities to deliver a clear Strategic Objective Develop an integrated approach to the management of AML enterprise-wide Continue building execution excellence in the businesses and compliance Gain greater assurance that controls are well designed and operating effectively Ensure staff have the knowledge and awareness to manage AML Build reputation by contributing to the reduction of crime through spreading good practices Better integrate AML monitoring and intelligence outputs into customer management to drive informed business decisions. Use analytics to improve our ability to understand our risks and support controls. Leverage technology and process design to upgrade customer due diligence in all business. Integrate appropriate advice from the compliance function into customer due diligence. Upgrade capabilities for surveillance and screening through technology and specialist skills. Understand and test the key controls across the three lines of defence. Have courageous conversations about the risks in the right governance forums. Build a risk based approach to AML training for employees. Better equip the compliance function to recognise AML risks. Learn from our experience and our peers to raise awareness. Better communicate our policy and approach internally and with our regulators. Contribute to the development of government policy and regulation for AML compliance. Influence and spread industry best practices in our markets. 84 Governance: strong oversight of the AML Programme Board Board Risk Committee Audit Committee Group Group Risk Committee Group Financial Crime Risk Committee Business e.g. Wholesale Banking and Consumer Banking Risk Committees Country Country AML Risk Committees (CORCs) 85 e.g. Business Responsibility and Reputational Risk Committees Specialist forums e.g. CDD Working Group 85 ….and to build a culture of AML compliance Performance Objectives Top management behaviour and communications Supervisor behaviour and communications Personal beliefs Culture and Values of the organisation Employee behaviour Policies and Procedures Monitoring and assurance Rewards Disciplinary Management Culture is shown through the aggregate behaviour of all employees Need to align all influences on behaviour to achieve desired outcome 86 Money Laundering Prevention Officer (MLPO) Assist the Group CEO Advise the Group Board Report to senior management and Audit Committee Set policies and standards Identify/resolve significant breaches and regulatory issues Foster good relations with the authorities Liaise with Compliance, Audit and other control functions Liaise with other Money Laundering Prevention Officers 87 Assurance Ensuring all the controls are operating effectively: First Line: Business – Key Controls, Key Indicators, Self Assessment Second Line: Compliance Monitoring Third Line: Internal Audit 88 Role of Regulators Define local requirements in accordance with international standards Work with local institutions to make the requirements practical and appropriate to local risks and business practices Partner institutions in effective implementation Apply a risk based approach to AML supervision Promote and support international access Focus on combating financial crime! 89