Anti-Money Laundering/Counter-Terrorist Financing Compliance Programs

1. Factors for drafting an AML/CFT Policy

A. Understanding what is legally required of your institution, employees and customers is
essential to a successful program
B. It is also important to understand the expectations of the relevant AML/CFT
C. Regulators and/or supervisory authorities.
D. Assessment of Risk-Risk based approach

2. Risk-based approach is preferable to a more prescriptive approach in the area of AML/CFT

because it is more:
Flexible
Effective
Proportionate
3. While Assessing risk, FATF recommends considering:
Customer risk
Country or geographic risks
Product, service, transaction or delivery channel risk factors

4. As every financial institution develops transaction history with customers, it should consider
modifying the risk rating of the customer, based on:
• Unusual activity, such as alerts, cases and suspicious transaction report (STR) filings.
• Receipt of law enforcement inquiries, such as subpoenas.
• Transactions that violate economic sanctions programs.
• Other considerations, such as significant volumes of activity where it would not be expected,
such as a domestic charity engaging in large international transactions or businesses engaged
in large volumes of cash where this would not normally be expected
Page(146)
5. High Risk customers for AML CFT
 Banks
• Casinos
• Offshore corporations and banks located in tax/banking havens
• Embassies
• MSBs, including currency exchange houses, money remitters, check cashers
Virtual currency exchanges
• Car, boat and plane dealerships
• Used-car and truck-dealers and machine parts manufacturers;
• Professional service providers (attorneys, accountants, investment brokers, and other third
parties who act as financial liaisons for their clients)
• Travel agencies
• Broker/dealers in securities
• Jewel, gem and precious metals dealers

1
 • Import/export companies
• Cash-intensive businesses (restaurants, retail stores, parking)
6. How to identify countries with inadequate AML/CFT Controls ( page 149)
7. Factors for Product Risks( page 150)
8. specific banking functions or products are considered high-risk.( page 150)
9. The Elements of an AML/CFT Program-4 pillars(Page 151)
10. Elements of AML /CFT –Fifth pillar- CDD( Fincen)
11. Important procedures in CDD( page 151)
 Understanding the nature and purpose of customer relationships for the purpose of
developing a customer risk profile
 Conducting ongoing monitoring to identify and report suspicious transactions
 Maintaining and updating customer information
12. AML/CFT Policies, Procedures and Control-First pillar(Page 151)
 three parts define and support the entire AML/CFT program
 act as a blueprint that outlines how an institution is fulfilling its regulatory requirements
 All three parts should be designed to mitigate the identified AML/CFT risks,
 should take into account the applicable AML/CFT laws and regulations that the financial
institution must comply with.
 should clearly indicate the risk appetite-what risks the business is prepared to accept
and those it is not.
13. Every employee throughout a financial institution, at all levels of an organization, must
contribute to the creation, maintenance, and overall success of the AML/CFT program.
14. For larger financial institutions, there is a critical need to adopt an enterprise-wide approach
that allows for consistency in the manner in which the financial institution manages its ML/TF
risk.(page 151)
15. However, there is also a need to accommodate regional and/or business line-specific
requirements. For example, enterprise-wide ML/TF risk models in financial institutions that
operate in multiple regions and/or countries will need to reflect the local regulatory
requirements. This may be achieved by having a different version of the AML/CFT program or by
having country-specific addendums to the global AML/CFT program.
16. AML/CFT policies should be established and approved by executive management and the board
of directors, and should set the tone for the organization.
17. While the organization’s policy may be a high-level statement of principles, it serves as the basis
for procedures and controls that provide details as to how lines of business will achieve
compliance with laws and regulations, as well as with the organization’s AML/CFT policies.
18. The standard AML/CFT operating procedures should be drafted at the operational level in the
financial institution. These procedures must be modified and updated, as needed, to reflect
changes in law and regulation, products, and organizational changes. These procedures are
more detailed than the corresponding AML/CFT policies; they translate policy into acceptable
and workable practices. The procedures also form the basis of an important component of
AML/CFT training and for compliance monitoring programs. There should also be a process to
support and facilitate effective implementation of procedures, and that process should be
reviewed and updated regularly.

2
19. AML/CFT program also relies on a variety of internal controls, including management reports
and other built-in safeguards that keep the program working. These internal controls should
enable the compliance organization to recognize deviations from standard procedures and
safety protocols. A matter as simple as requiring a corporate officer’s approval or two signatures
for transactions that exceed a prescribed amount could be a critical internal control element
that if ignored seriously weakens an institution’s AML/ CFT program and attracts unwanted
attention from supervisory authorities.(page 152)
20. Requirements of AML CFT Compliance Programs/ Important component of Compliance
Program(page 153)
i. Identify high-risk operations (products, services, delivery channels, customers, and
geographic locations) provide for periodic updates to the institution’s risk profile;
ii. Inform the board of directors (or a committee of the board) and senior management of
compliance initiatives, known compliance deficiencies, suspicious transaction reports
filed and corrective action taken.
iii. Develop and maintain a system of metrics reporting that provides accurate and timely
information on the status of the AML/CFT program, including statistics on key elements
of the program, such as the number of transactions monitored, alerts generated, cases
created, suspicious transaction reports (STRs) filed.
iv. Assign clear accountability to persons for performance of duties under the AML/CFT
program
v. Provide for program continuity despite changes in management or employee
composition or structure.
vi. Meet all regulatory requirements and recommendations
vii. Provide for periodic review as well as timely updates to implement changes in
regulations (this should be done at least on an annual basis).
viii. Implement risk-based CDD policies, procedures and processes.
ix. Provide for dual controls and segregation of duties.
x. Comply with all recordkeeping requirements, including retention and retrieval of
records.
xi. Provide sufficient controls and monitoring systems for the timely detection and
reporting of potentially suspicious activity and large transaction reporting. This should
also include a procedure for recording the rationale for not reporting activity as a
result of the findings of any investigation.
xii. appropriate and effective oversight of staff who engage in activities which may pose a
greater AML/CFT risk
xiii. Establish training requirements and standards
xiv. Process for reporting Suspicious transactions
xv. What tipping off means in real life
xvi. the requirement to comply at all times with anti-money laundering policies and
procedures
xvii. Develop and implement screening programs to ensure high standards when hiring
employees.

3
 xviii. Develop and implement quality assurance testing programs to assess the effectiveness
of the AML/CFT program’s implementation and execution of its requirements. This is
separate from the independent audit requirement
21. Three lines of defense
22. The Designation and Responsibilities of A Compliance Officer(Page 155)
23. DELEGATION OF AML DUTIES-Subgroups( Page 156)
24. Components of AML/CFT Training Program( page 158-162)
Who, what, when, where, how
25. Independent Audit-EVALUATING AN AML/CFT PROGRAM-(Page 162-164)
26. Establishing a Culture of Compliance-FinCEN’s six guidelines for strengthening AML/CFT
compliance culture in financial institutions ( Page 165)
27. New York State Department of Financial Services (DFS) issued Final Rule Part 504 on June 30,
2016, requiring regulated institutions o maintain “Transaction Monitoring and Filtering
Programs” (TMPs)-
28. The Final Rule, which goes into effect on January 1, 2017, also requires boards of directors or
senior officer(s) of regulated institutions to make annual certifications to the DFS confirming
that they have taken all steps necessary to comply with the Transaction Monitoring and Filtering
Program requirements.
29. eight minimum requirements for the Transaction Monitoring and Filtering Program as per New
York Law
a. Identification of all data sources.
b. Validation of the integrity, accuracy and quality of data.
c. Data extraction and loading processes to ensure a complete and accurate
transfer of data.
d. Governance and management oversight.
e. Vendor selection process if a third-party vendor is used.
f. Funding to design, implement and maintain a program.
g. Qualified personnel or outside consultant.
h. Periodic training.
30. CDD- When CDD is required –FATF Recommendation 10 ( page 168)

31. FATF –Main 4 elements of CDD Program( page

a. Identifying the customer and verifying the customer’s identity
b. Identifying beneficial owner
c. Purpose and nature of relationship-Profile
d. On-going due diligence
32. 7 Elements of CDD Program ( Best Practice)( page 169)
Customer Identification
Profiles
Customer Acceptance
Risk rating
Monitoring
Investigation
Documentation

4
33. Risk factors where enhanced CDD measures have to be taken include( Page 170)
Customer risk factors:
Country or geographic risk factors:
Product, service, transaction or delivery channel risk factors:
( Check detailed risk factors for EDD)
34. ENHANCED DUE DILIGENCE FOR HIGHER-RISK CUSTOMERS-obtaining additional information
 Source of funds and wealth
 Identifying information on individuals with control over the account, such as signatories
or guarantors.
 Occupation or type of business.
 Financial statements.
 Banking references.
 Domicile.
 Proximity of the customer’s residence, place of employment, or place of business to the
bank.
 Description of the customer’s primary trade area and whether international transactions
are expected to be routine.
 Description of the business operations, the anticipated volume of currency and total
sales, and a list of major customers and suppliers.
 Explanations for changes in account activity.

35. account opening and customer identification guidelines from Annex IV General Guide to
Account Opening, issued in February 2016, as an attachment to the Basel Committee publication
Two Kinds of persons- Natural persons and legal persons (
Information to be obtained for EDD(page 172-174)
36. Beneficial ownership Case study ( page 175- 176)
37. CONSOLIDATED CUSTOMER DUE DILIGENCE
a. Each office, branch or subsidiary should be in a position to comply with minimum
identification and accessibility standards applied by the parent. However, some
differences in information collection and retention may be necessary across
jurisdictions.
b. Where the minimum CDD standards of the home and host countries differ, offices in
host jurisdictions should apply the higher standard of the two.
c.
38. Economic Sanctions ( page 177)
Economic sanctions are a way to financially isolate a target. Increasingly, countries are using
economic sanctions instead of military force as an instrument of foreign policy.
Three types of sanctions
Targeted
Economic
Comprehensive

5
39. Entities that impose sanctions
UN
European Union
US Treasury’s Office of Foreign Assets Control’s (OFAC) Specially
Designated Nationals and Blocked Persons (SDN) list.

40. Under sanctions programs administered by OFAC, financial institutions are prohibited from:
 Providing property, or an interest in property, to a sanctions target (i.e., someone
subject to a sanctions program).
 Depending on the particular program, this might mean blocking (or freezing) the
transaction
 or it might mean rejecting (or returning) the transaction.
 The sanctions programs are governed by a number of laws and regulations and are
subject to change; hence, sanctions compliance requires a specialized skill set and
constant attention to the changing nature of sanctions.

41. Examiners and OFAC may take actions against Financial institutions, including, but not limited to
the following, for not having adequate OFAC Controls( page 178)
 issuing monetary penalties
 criminal penalties, and
 regulatory actions (e.g., Written Agreements and Matters Requiring Attention).

42. Sanctions List Screening( page 179)

43. PEPS Screening(179)

44. Employee screening- A Know Your Employee (KYE) program means that the institution has a
program in place that allows it to understand an employee’s background, conflicts of interest
and susceptibility to money laundering complicity. Policies, procedures, internal controls, job
descriptions, codes of conduct and ethics, levels of authority, compliance with personnel laws
and regulations, accountability, monitoring, dual control, and other deterrents should be firmly
in place.

45. Background screening of prospective and current employees, especially for criminal history, is
essential to keeping out unwanted employees and identifying those to be removed. The Federal
Deposit Insurance Corporation (FDIC) has provided guidance on employee screening in its paper,
“Pre-Employment Background Screening: Guidance on Developing an Effective Pre-Employment
Background Screening Process,” issued in June 2005.

46. Background screening can be an effective risk-management tool, providing management with
some assurance that the information provided by the applicant is true and that the potential
employee has no criminal record. Used effectively, the pre-employment background checks
may: reduce turnover by verifying that the potential employee has the requisite skills,
certification, license or degree for the position; deter theft and embezzlement; and prevent

6
 litigation over hiring practices. An institution should also verify that contractors are subject to
screening procedures similar to its own.

47. Suspicious or Unusual Transaction Monitoring and Reporting-

 There are no hard and fast rules as to what constitutes suspicious activity, financial
institution employees should watch for activity that may be inconsistent with a
customer’s source of income or regular business activities.
 a firm’s system for monitoring and reporting suspicious activity should be risk-based,
and should be determined by factors such as the firm’s size, the nature of its business,
its location, frequency and size of transactions and the types and geographical location
of its customers.
 Some possible reports- page 182

48. STR reporting process-Page 182

49. Automated AML/CFT Solutions-(page 184)

 Automated customer verification:
 Watch list filtering: screening new accounts, existing customers, beneficiaries and
transaction counterparties against terrorist, criminal and other blocked-persons
sanctions and/or watch lists.
 Transaction monitoring:
 Automation of regulatory reporting: filing suspicious transaction reports (STR)
 Case management: providing a dashboard feature to view customer KYC, transaction
history, and any investigations undertaken or regulatory filings filed on a customer.
 Audit trail: documenting steps taken to demonstrate compliance efforts to auditors and
supervisory authorities.

50. The objective of an automated system /RFP

 is to select a system that may assist the institution in completing its responsibilities
under applicable money laundering regulations
 . The system(s) may help identify potentially high-risk customers,
 accounts and transactions and
 may aid in conducting, managing and documenting any resulting investigations,
 as well as streamlining the completion and filing of any required STRs.

51. Capabilities of an automated system

a. Ability to monitor transactions and identify anomalies that might indicate suspicious
activity.
b. Ability to gather CDD information for new and existing customers, score customer
responses, and store CDD data for subsequent use.

7
 c. Ability to conduct advanced evaluation and analysis of suspicious/unusual transactions
identified by the monitoring system in the context of each client’s risk profile and that of
their peer group.
d. Ability to view individual alerts within the broader context of the client’s total activity at
the institution.
e. Workflow features, including the ability to create a case from an alert or series of alerts,
to collaborate (simultaneous or serial) among multiple interested parties to view and
update information, and to share AML/CFT-related information across monitoring and
investigating units and throughout the bank as needed
f. Ability to use data from the institution’s core customer and transaction systems and
databases to inform/ update monitoring and case management activities.
g. Ability to store and recall at least 12 months’ data for trend analysis.
h. Ability to manage the assignment, routing, approval and ongoing monitoring of
suspicious activity investigations.
i. Automated preparation and filing of STRs to the financial intelligence unit.
j. Standard and ad-hoc reporting on the nature and volume of suspicious activity
investigations and investigator productivity for management and other audiences.
k. Enhanced ability to plan, assign and monitor the caseload per employee of AML-related
investigations.
l. Ability to provide comprehensive and accurate reporting of all aspects of AML
compliance, including reporting to management, reporting to regulators, productivity
reporting and ad-hoc reporting
m. • User-friendly updating of risk-parameter settings without the need for special
technical computing skills.
n. Tiered user-rights access for users, managers, and auditors.

52. Other features of automated system

a. Ease of use of the application
b. Ease of data integration, system implementation and configuration
c. Scalability of application
d. Extent to which the system can be supported with internal resources.
e. User satisfaction with hardware and software support
f. Price

53. Money Laundering and Terrorist Financing Red Flags ( pages 186- 199)
UNUSUAL CUSTOMER BEHAVIOR
UNUSUAL CUSTOMER IDENTIFICATION CIRCUMSTANCES
UNUSUAL CASH TRANSACTIONS
UNUSUAL NON-CASH DEPOSITS
UNUSUAL WIRE TRANSFER TRANSACTIONS
UNUSUAL SAFE DEPOSIT BOX ACTIVITY
UNUSUAL ACTIVITY IN CREDIT TRANSACTIONS
UNUSUAL COMMERCIAL ACCOUNT ACTIVITY
UNUSUAL TRADE FINANCING TRANSACTIONS

8
UNUSUAL INVESTMENT ACTIVITY
OTHER UNUSUAL CUSTOMER ACTIVITY
UNUSUAL EMPLOYEE ACTIVITY
UNUSUAL ACTIVITY IN A MONEY REMITTER/
CURRENCY EXCHANGE HOUSE SETTING
UNUSUAL ACTIVITY FOR VIRTUAL CURRENCY
UNUSUAL ACTIVITY IN AN INSURANCE COMPANY SETTING
UNUSUAL ACTIVITY IN A BROKER-DEALER SETTING
UNUSUAL REAL ESTATE ACTIVITY
UNUSUAL ACTIVITY FOR DEALERS OF PRECIOUS METALS AND HIGH-VALUE ITEMS
UNUSUAL ACTIVITY INDICATIVE OF TRADE-BASED MONEY LAUNDERING
UNUSUAL ACTIVITY INDICATIVE OF HUMAN SMUGGLING
UNUSUAL ACTIVITY INDICATIVE OF HUMAN TRAFFICKING
UNUSUAL ACTIVITY INDICATIVE OF POTENTIAL TERRORIST FINANCING