Identifying High Risk Customers
and Managing Their AML
Vulnerabilities



The Anti-Money
Laundering
Association
Winter Park, Florida
January 21, 2009 • 8:30 a.m. to
10:30 a.m.
Peter G. Djinis • AML Compliance •
4370 S. Tamiami Trail • Suite 320
• Sarasota, FL 34231 • 941-9262915 • djinis@djinislaw.com
Agenda







Value of risk assessment
Need for front-end customer
evaluation
How to identify high risk customers
Measures to mitigate specific high
risk customers
High risk transactions
External factors that increase risk
What to do with customers with
recurring risk activity
Identifying New AML Risks


Risk Assessment is core standard
Also, regularly review:





New products/services
SARs filed
Changes in geographic vulnerabilities
World events
Regulatory enforcement actions
One Approach


Establish a risk rating for each
customer
Assign weights by
combination of categories





NAICS code (for businesses)
Citizenship (for individuals)
Zip code
Financial products used
Account opening questionnaire
Specific Customers:
possible measures


Lottery Customers /ATM
Review 6 months of activity
Lotteries
 ACH debits to state lottery
 Are these commensurate with cash
deposits?

ATMs
 ACH credits from known ATM
payment processors
 E.g., RBS, Coredata, First Data,
 Debits from account in form of cash
withdrawals or cashed checks
Specific Customers:
possible measures





ATM/Lottery Customers
Confirm the account is business,
not personal
For ATMs, confirm with store that
cash withdrawals are in ATM
standard ATM amounts, i.e.,
$10s/20s
Document these steps
Repeat on annualized basis and
compare with previous results
Specific Customers:
possible measures






Embassy Accounts
Require approval by senior
officer
Follow procedures used to
identify/validate PEP
customers
Monitor at least quarterly
Investigate all suspicious
and/or unusual activity
Document these steps
Specific Customers:
possible measures

Non-Resident Alien
 Process through back office, not branch
 Customer to provide
o
o
Valid passport
Signed W-8 form
 Assign a special code to identify account
 Regularly determine if NRA accounts
opened without proper documentation

Non-U.S. Addresses
 Establish program to identify all such
accounts
 Assign increased weight; i.e., make sure
your AML policies contain specific due
diligence provisions
Specific Customers:
possible measures



Charitable Organizations
Identify by NAICS code (NGO)
Use commercial database to
match customer with known
charities (e.g., Guidestar) &
confirm






Tax ID numbers
Nonprofit status
IRS 990 forms
Officers
Income
Other key factors
Specific Customers:
possible measures




Charitable Organizations
Form 990 (but not required for
contributions under $25,000 and certain
churches)
IRS Publication 78 – Cumulative list of
organizations
This may help identify improper NAICS
coding (e.g., homeowners associations
& sports clubs
Retail customers


Work with business units to
understand nature of account and
anticipated activity
Ask the customer!
Obtain evidence of business
Age of business/size and locations
Anticipated volume
Anticipated financial services needed
If high cash activity, inquire into
source of cash if other than retail
 Compare to peer customers
Establish manual or automated process to
identify and investigate inconsistencies






Specific Customers:
possible measures


Trade Finance
(International)
Risk weight each financial service
sought
 E.g., import or export letters of
credit; import or export documentary
collections

Four potential categories:




Product
Country
Knowledge of customer
Amount of transactions
Specific Customers:
possible measures


PEP/Embassy Customers
PEP (senior foreign political
figures/family/associates)
 PEP identified at account opening
 AML compliance officer notified
 Private bank to determine customer’s
financial services and estimated
activity
 This information is reviewed quarterly
 Each account is reviewed for SAR
activity
Specific Customers:
possible measures






Embassy Accounts
Require approval by senior
officer
Follow procedures used to
identify/validate PEP
customers
Monitor at least quarterly
Investigate all suspicious
and/or unusual activity
Document these steps
Riskier Transactions




Wire Transfers
Limit to customers of bank
Limit or prohibit wires paid in cash
Value of automated systems:
 Identify money in/money out
transfers
 Compare current and historical
activity
 Look for structured wires (e.g.,
between $ 7500 and $10,000)
 Examine high volumes/high amounts
 Review transfers to and from high
Riskier Transactions


Monetary Instruments
 Aggregate cash purchases at some
amount below $3,000
 Look for redemptions in similar
amounts
 Chief risk is structuring
Stored value or gift cards:
 Sell only to customers
 Do not exchange for cash
 Consider prohibiting reloading of
cards
 Require additional approval to exceed
certain values (e.g., $500)
 Restrict number of cards a customer
may purchase
High Risk Business Type

Money Service Businesses (MSBs)
 Banks are not expected to be the de
facto regulators of MSBs
 Identifying MSBs at your bank
 FinCEN guidance
 Transparency

Transactions will go underground if MSBs
are not banked
 MSBs, like other “high risk
businesses,” do not always present
the highest risk
MSB Due Diligence



Visit the MSB
Request/evaluate the independent
review
Review
 AML policies and procedures
 Prior regulatory enforcement actions
if any
 License and registration
 AML Training program and
attendance log
MSB Due Diligence

Review
 Agent list, agent review process
and agent files
 Financial information, including
tax returns
 Account statements from other
financial institutions
 Average cash deposits and ACH
activity
 Compliance with BSA reporting
and recording keeping
requirements
MSB Due Diligence




Meet with the President and/or CEO,
compliance officer, CFO, IT officer, AML
investigation supervisor
Determine the type MSB services –
types of products offered
Request any prior regulatory
enforcement actions
Review BSA/AML software
 How are transactions aggregated?
 Does the MSB have an OFAC
screening tool?
 Number of SARs filed (MSB can not
disclose the SARs to their bank)
Other High Risk Business
Types





Not all businesses in any high risk
business type are high risk
The business may only use a low risk
product
May identify High Risk Business types
with NAICs/SIC codes
Determine methods of identifying
historical potentially high risk
businesses
Conduct due diligence
 Benefits of an effective due diligence
program
Private Banking




Implement specific AML procedures
Work closely with AML unit and related
business units
Assign AML coordinator
Develop targeted training program to
augment corporate training
 Off-site training on periodic basis
 Staff meetings to stress AML duties
 Track training attendance/proficiency
Private Banking




Install monitoring system to oversee
new accounts and identify high-risk
customers
Enlist help of compliance to review,
improve, and ensure consistency in AML
procedures
Distribute/document internal procedures
as updated
For new customers:
 Two types of ID
 Pre-established customer profiles
 Complete background check
 PRIME/OFAC or related check
Customers with recurring SARs

Should you close the account?

Filing a SAR might not be enough

A decision should be reached and
documented whether to continue doing
business with a customer on which a
suspicious activity report or multiple
reports have been filed, or when and
how to terminate the relationship.
Account Termination

Depending on the nature of the
suspicious activity,
• You can continue the client relationship
• But monitor activity closely.

Systems to track and regularly review
any other unusual or suspicious activity.

Policies and procedures before the
customer is notified of termination
• If you know the case is under investigation
– work closely with law enforcement
Account Termination Policies





Policies and Procedures
The prompt referral to compliance officer or
other appropriate legal and compliance
personnel.
The communication of the decision to terminate
and the anticipated date for notifying the
customer of that decision to appropriate
government authorities.
Such information may be communicated in a SAR
to be filed or to augment SARs filed previously.
Certain circumstances may warrant contacting
U.S. Attorney’s Office or other appropriate
government authority.
Account Termination

Written Requests from Law
Enforcement

Seek written request from government to
keep account open

Keep the request on file

Make sure the request is from a senior officer
•
•
•
•
•
Supervisory agent
Assistant U.S. Attorney
Official with Dept. of Justice
Supervisor of state or local law enforcement agency
Attorney with state or local prosecutor’s office
Requests to keep account open

Written requests should:
• Confirm that law enforcement has
requested that an account remain
open and state the purpose for such
request.
• Indicate the duration the account
should remain open,
• Provide for written request to keep
account open after that period (e.g.,
six months).
Coordination with law
enforcement





Follow up is Key
Follow-up with appropriate law
enforcement agency on an ongoing
basis.
Document cooperation
Continue to comply with all applicable
BSA recordkeeping and reporting
requirements
Continue to file SARs, if applicable
When to Consider Retaining Outside Help

Variety of situations: short to
long-term
 Independent review of your AML
policies
 Opinion/advice on a potentially
suspicious customer relationship
 Cooperating with criminal
investigators
 Developing policies to conform
to new regulatory requirements
When to Consider Retaining Outside Help






Implementing significant program
changes
Selecting external compliance tools
(e.g., CIP or AML surveillance
programs)
Reviewing/resolving AML issues
identified prior to exam
Preparing for an AML exam
Responding to AML issues identified
during exam
Handling an AML enforcement action
When to Consider Retaining Outside
Help
•
•
•

Responding to congressional or
similar investigation
Assistance in dealing with media or
public disclosures (e.g., 10-K annual
report)
Conducting an internal investigation
AML training for employees, officers,
board members, agents/vendors
When to Consider Retaining Outside Help
•
New financial products or services
 Determining BSA implications
 Developing and implementing new AML
controls
 Coordinating with regulators and/or law
enforcement
•
Complying with specific supervisory
requirements
 Backfiling requests (CTRs)
 SAR Lookbacks
 Unique AML issues (Sec. 311 relationships,
GTOs, due diligence of foreign correspondent
accounts)
Managing the Outside
Relationship

Who decides within the bank?
 Whether to bring in outside assistance
 Do you have sufficient expertise in
house?
 Whom to select?
 Controlling fees
 Standards for termination
•
•
Identify your project and the desired
role of the outsider
Reviewing vs. preparing materials?
Managing the Outside
Relationship
• Preserving confidentiality
• Identifying who’s in charge of
relationship



AML Compliance Officer
Relationship between in-house and external
counsel
Can external counsel deal directly with the
government?
• Assessing the ongoing value of
assistance
• Should you impose time and/or cost
Reference Material for High
Risk Accounts
1.
2.
3.
4.
The following material offers
guidance for banks that
maintain foreign correspondent
accounts
Intended to help you monitor
the accounts
Guidance also suggests ways to
manage such accounts
This material will not be covered
during the presentation except
to answer questions
Foreign Correspondent Accounts

General Due Diligence Policies, Procedures
and Controls for Foreign Correspondent
Accounts must include each of the
following:
 Determining whether each such foreign
correspondent account is subject to
enhanced due diligence
 Assessing the money laundering risks
presented by each such foreign
correspondent account.

Apply risk-based procedures and controls to
each such foreign correspondent account
reasonably designed to detect and report
known or suspected money laundering
activity, including a periodic review of the
correspondent account activity sufficient to
determine consistency with information
obtained about the type, purpose, and
A Risk Based Approach to Foreign
Correspondent Accounts
Policies, procedures and processes to assess the risks
posed by the FI’s foreign FI customers including, as
appropriate:
 Nature of the foreign FI’s business and the markets it serves
 The type, purpose, and anticipated activity of the foreign
correspondent account
 The nature and duration of the U.S. FI’s relationship with the
foreign financial institution, and if relevant, with any affiliate of
the foreign FI.
A Risk-Based Approach to Foreign Financial
Institution Correspondent Accounts




Additional Relevant Risk Factors to Consider:
The AML supervisory regime of the jurisdiction that issued the
charter or license to the foreign FI, and to the extent available,
the jurisdiction in which any company that is an owner of the
foreign FI is incorporated or chartered.
Information known or reasonably available to the covered FI
about the foreign FI’s AML record, including public information
in standard industry guides, periodicals, and major publications.
Should also consider information issued by the Treasury Dept.
about specific foreign FIs.
The scope and depth of a review will depend on the nature of the
information uncovered and does not require an evaluation of all of
the above factors in every case.
High Risk Banks According to Sec. 312
An Offshore Banking License
A Banking License issued by
an NCCT
A Banking License issued by
a foreign country that has
been designated under Sec.
311 of the Patriot Act
Risk Stratification of the Customer Base
The starting point of an effective general due diligence program
should be a stratification of the money laundering risk based on a
review of the relevant risk factors to determine which accounts may
require increased measures:
 Will have an impact on the initial account opening process
 Will effect on-going periodic reviews of the client, the
client’s documentation and activity
 Will impact monitoring of transactions
and/or accounts
SHELL BANKS
OFFSHORE BANKS &
NCCTs/SEC. 311/NO AML REGS
MSBS & OTHER
HIGH RISK
MEDIUM RISK
LOW RISK
Establishing Levels of Risk
Stratify client base at account opening or the inception of a
business relationship – collect due diligence information and
prioritize accounts for ongoing monitoring based on risk level.
One example might be:

Low risk – might include entities that are “trusted” by the
financial institution

Medium risk – might include entities that are publicly-traded
on an exchange “recognized” by the financial institution

High risk – might include entities that are privately-held, or not
publicly traded on a “recognized” exchange
Risk Scoring for Correspondent
Banking
Business Risk Factors
Product Risk Factors


Specifically identified by
Regulators/Law Enforcement
 Money Laundering Placement
Specifically identified by
Regulators/Law Enforcement
 Favors anonymity or involves third
parties
Risk; such as cash intensive
businesses
 Supports high transaction volumes
 Other authoritative pronounce-
 Involves cross border transactions
ment
 Money Laundering Layering or
Integration Risks
 Involves cash, monetary or bearer
instruments
 Supports high speed movement of
funds
Foreign Correspondent Banks




Enhanced Due Diligence for Certain
Foreign Banks
Conduct enhanced scrutiny of the correspondent
account which requires an FI to obtain and
consider information relating to the foreign
bank’s AML program.
Under appropriate circumstances, monitor
transactions to, from or through the
correspondent account in a manner reasonable to
detect money laundering and suspicious activity
Obtain information about the identity of any
person with authority to direct transactions
through any correspondent account that is a
payable through account
Foreign Correspondent Banks


Enhanced Due Diligence for
Certain Foreign Banks
Determine whether the foreign bank in
turn maintains correspondent accounts
for other foreign banks and take
reasonable steps to obtain information
relevant to assess and mitigate money
laundering risks, including as
appropriate, the identity of those
foreign banks
Foreign Correspondent Banks

Enhanced Due Diligence Ownership
 Determine, for any correspondent
account established or maintained for a
foreign bank whose shares are not
publicly traded, the identity or each
owner of the foreign bank and the
nature and extent of each owner’s
ownership interest.
 Owner means any person who directly
or indirectly owns, controls, or has the
power to vote 10 percent or more of any
class of securities of a foreign bank.
Special Procedures when DD or EDD
cannot be performed



The covered FI’s due diligence program is
required to include procedures to be
followed in circumstances in which a
covered FI cannot perform appropriate
due diligence or EDD with respect to a
correspondent account.
This could include procedures to refuse to
open the account in the first place,
suspend transaction activity, file a
suspicious activity report, or close the
account.
Appropriate action may include a
combination of the above measures.
Foreign Correspondent Banks

Risk factors in dealing with
shell companies
 Inability to determine legitimate
purpose of the shell
 Inability to determine legitimate
purpose of the account that is opened
for the shell
 Use of a company formation agent or
other intermediary
 Involvement of a non-U.S. person or
entity
 Inability to easily determine
beneficial ownership
Foreign Correspondent Banks





Key questions to ask to prevent corporate
vehicle misuse include:
Who are the ultimate beneficial owners of a
company and who are the settlors, trustees and
beneficiaries involved with a trust?
What is the purpose for which the corporate
vehicle was formed?
Why are foreign jurisdictions being used for
creation/administration of the entity?
Why are complex structures being utilized?
Foreign Correspondent Banks

Consider Frequently occurring Risk Factors
associated with corporate vehicle misuse.

What are the corporate vehicle formation
requirements in the source jurisdiction?



Are the adequate regulatory standards or
investigative capacities in the jurisdiction
where the corporate vehicle has been
incorporated/formed/ administered (e.g.
particularly involvement of TSCPs).
How might information on the beneficial
owners be made available or be obtained in
the jurisdiction of incorporation and/or the
country in which the company and trust
administration services are provided.
What is known about the beneficial owner?
Foreign Correspondent Banks



Consider Frequently occurring Risk Factors
associated with corporate vehicle misuse
Is the corporate vehicle a regulated or unregulated
entity?
What is the purpose of the corporate vehicle? Does it
have “real activities” or is it solely involved with
holding/administering the assets of the beneficial
owner?

Why has the corporate vehicle been established in a
foreign jurisdiction?

Can a shell or shelf company be formed in the
jurisdiction of incorporation?

What is known about the source of funds?

What is know about the scale of the business/funds?
Foreign Correspondent Banks

Best Practices may include the
following elements:
 Financial institutions need to apply a
risk-based approach, both to CDD
and ongoing monitoring
 It may be impossible for a financial
institution to dig through layers of
shell companies in every instance –
How far you peel the onion should be
tied to the degree of risk posed by
the potential or actual client.
Identifying High Risk Customers
and Managing Their AML
Vulnerabilities



The Anti-Money
Laundering
Association
Winter Park, Florida
January 21, 2009 • 8:30 a.m. to
10:30 a.m.
Peter G. Djinis • AML Compliance
• 4370 S. Tamiami Trail • Suite
320 • Sarasota, FL 34231 •
941-926-2915 •
djinis@djinislaw.com