In an ever-changing environment such as the financial sector, it is important to identify the risks and how to combat them in order to be compliant.
But why is being compliant and combatting financial crimes important?
Financial crime has a significant impact on society, globally and domestically, and as financial institutes, such as banks, there is a pivotal role for these to play in helping to prevent financial crimes.
Criminals are constantly developing innovative tactics in order to stay ahead of the game, and regulatory authorities and the financial sector must be ever so vigilante to combat them.
This training material will help you to identify the risks, and the different measures to counter them.
Firstly, let us briefly go through the various types of financial crimes, seen in the financial sector:
Money laundering is usually divided into three stages:
In this stage, criminal seeks to introduce the illegally funds into the legitimate financial system.
For instance, this can be done by paying a person (either through persuasion or through deception) into depositing funds and then transferring the funds onwards. Commonly known as using “money mules”.
Another way is funneling the illegal funds through various legitimate businesses that have heavy cash transactions, such as beauty salons, hair salons, etc.
Once the illegal funds are “placed”, the second stage, Layering, begins.
This involves turning the funds into another form and creating complex layers of financial transactions to disguise the money trail and distance the funds from the original source.
Examples of layering transactions are:
After the illegal funds is disguised through the network of various transactions, and the funds appears to be legal, the final stage of money laundering, known as Integration, begins.
During this stage, the funds are likely to be used to make high-value purchases, such as real estate and/or luxury goods.
Here are some examples of red flags that might indicate money laundering:
1: The customer is an entity, where its name and purpose/line of trade is not consistent with its transactions.
2: Reluctance to give information on intended use of an account, product and/or expected activity associated with these.
3: The customer gives different or complicated explanations for source of funds etc.
4: The customer does not wish to use the simplest way of carrying out a transaction.
5: The customer gives the impression that it is urgent to complete a transaction without natural reason.
Well-maintained due diligence records play an important role in tackling terrorist financing. They are important resources for law enforcement authorities when it comes to tracking down and disrupting terrorist organizations.
In the aftermath of an attack, bank records can be extremely helpful in tracing the attackers back to the networks that could be organizing the attacks.
Proper due diligence also helps to make unusual activities easier to identify and report.
Still, terrorist financing is extremely hard to detect. This is due to the fact that the origin of the money involved can be legal, the sums might seem small and not distinguishable from day to day activities, and terrorist attacks may even be self-funded with regular income.
On the other hand, knowing these differences can help fight it. For instance, the aspects of an investigation can include looking into ties with regions with known terrorist activity, unexplained high volume of small transactions in the account, or even signs of sympathizing with radical ideology.
Here are some examples of red flags that might indicate terrorist financing:
1: Frequent domestic and international ATM activities, particular in areas of conflict or neighboring regions.
2: Dormant accounts which suddenly becomes active.
3: Charitable activities located in or addressed to areas of conflict (non-profit organizations/charities).
4: Transfer of funds into areas known for terrorism activities, or where terrorist entities are known to have substantial presence.
5: Conducting uncharacteristic purchases, such as camping/outdoor equipment, weapons, ammonium nitrate, hydrogen peroxide, acetone, propane etc.
Financial sanctions are a significant part of the global fight against financial crime.
For financial institutions, this means that they either are prohibited from providing any products or services directly or indirectly, or can only provide limited services to sanctioned parties.
In certain cases, financial institutions might even have an obligation to freeze assets of the sanctioned parties involved.
Sanctions are usually backed by serious civil and criminal penalties, which can reach several billion EUROS, in case of a breach of the US sanctions, or the consequences can be dire as exclusions from the USD clearing. There are also individual accountability for an employee within the financial sector to comply with sanctions.
To help adhere to sanctions regimes and determine who the subject of financial sanctions is, financial institutions employ transaction and customer screening. The screening is conducted against the sanctions lists, which contain available identifying information on sanctioned parties (for instance, the name of the targeted person, the place and date of birth or incorporation, ID number and so on.
Here are some examples of red flags that might indicate sanctions evasion:
1: The customer or its address is similar to one of the parties found on a sanctions list.
2: The end destination is Iran, Sudan, North Korea, Cuba or another country with restrictions applied in a sanctions list.
Bribery and corruption is another type of financial crime that needs to be taken into consideration by financial institutions.
Both the person who offers and gives a bribe, and the person who demands and accepts it are considered liable and can be prosecuted. The bribe does not actually have to be given – just offering it, even it not accepted, could be sufficient to constitute bribery.
Although corruption can occur in both private and public sectors, Politically Exposed Persons (PEPs) is one of the most vulnerable groups in terms of bribery and corruption.
PEPs are natural persons (including their close associates and family members), who hold or have previously held, a high political position or a prominent public function.
Examples of PEPs can be:
It is important to note that corruption is not just large-scale, where business entities offer bribes to higher political, decision-making levels, but can also be small scale, where low level officials get bribes from ordinary citizens in return for access to basic goods and services, such as hospitals, schools and other agencies.
Here are some examples of red flags that might indicate bribery and corruption:
1: Public officials receive loan guarantees from a public corporation or government body, or a loan under favorable conditions, which normally would not be applied.
2: Public officials have purchased assets in a total amount higher than their legally declared income.
Fraud are split into two groups: internal fraud and external fraud.
The most common examples of internal fraud are:
This typically includes transferring funds from vulnerable customers’ accounts, such as elderly persons and dormant accounts, or taking over a customer’s identity in order to submit new lending applications.
This could, for instance, be billing for travel and other expenses that never materialized (cancelling airline tickets, training, etc.)
An employee in the financial sector may utilize their position and knowledge of the workplace to authorize credit either for themselves, or for those they knew. The intention is not to defraud their workplace of money, but rather it is an abuse to of their position to give unauthorized credit.
Regarding external fraud, the most common scenarios may include:
Providing falsified information to get a loan application approved. The applicant may use falsified tax assessment notices, payslips, or fabricated documentation of fixed expenses or assets/debts.
This is a method where criminals uses a sophisticated email to trick employees into transferring money or providing confidential company information.
In regards to fraud against the customers of a financial institute, the two categories are:
Examples of unauthorized payments could be:
Fraudsters might send unauthorized emails, messages or makes calls to customers or employees within the financial sector asking for customer account information, or asking to update their bank records. Stolen information is then used for misappropriating funds.
These are fraudulent internet transactions using stolen payment card information without using the physical card. The card information can be illegally obtained from webshops, hotels, fake mobile apps, etc.
Examples of authorized payments could be:
An investment scam is when someone offers a fake – but very convincing – opportunity to make a profit, after a person hands over money to the scammer. There are 3 main types of investment scams:
Romance scammers create fake profiles on dating sites, or contact their targets through popular social media sites. Scammers strike up a relationship with their targets to build their trust, and then make up a story to rationalize their request for financial support.
Here are some examples of red flags that might indicate fraud:
1: Applicant’s home or business address is not in the same geographical region as the financial institution.
2: Applicant is over 25 years old, but with no previous financial institution history.
Examples of tax evasion could be:
Some tax evasion may actually be qualified as tax fraud, if it is performed deliberately on a large scale.
In cases where it is not clear or straightforward, a tax analysis should be done on a case by case basis, as to take the various circumstances into account for the specific customer.
Now that we have discussed the various types of financial crimes, let’s talk about what the financial sector does to combat them.
In the financial sector, employees are legally obliged to follow the anti-money laundry process, as it is important to:
I.e. when onboarding a new customer, it is, among other things, important to verify the customer’s identity.
I.e. monitoring and recording the customer’s transactions.
I.e. submitting a UAR (Unusual Activity Report), which may result in a SAR/STR (Suspicious Activity Report/Suspicious Transactions Report) to the authorities.
During the onboarding of a new customer, proper processes within the KYC process (Know Your Customer) and CDD (Customer Due Diligence) must be followed.
The KYC process is where the customer journey begins – onboarding the customer into the financial institute, e.g. a bank.
The KYC process is used to gather the information needed from the customer to enable a risk score to be generated and to monitor the customers’ activities on an ongoing basis.
It is therefore important to keep this information accurate and up to date.
For natural persons, this means obtaining, for instance, customer’s full name, citizenship and address. For legal entities, this means obtaining the registered name, address, legal form, incorporation date, and registration number.
Determining the beneficial ownership of legal entities, i.e. companies, the verification of this can be done by using documents such as organizational charts, lists of owners etc.
As a financial institute, it is important to understand the business relationship, which the customer is entering with us, and therefore, in order to predict and detect potential behavior of a customer, it is important to know:
The completion of the KYC is to understand the full relationship between the customer and for instance a bank.
Customer Due Diligence is the next step, which follows after the KYC process, as its involvement is more than just verifying new customers’ identities, etc. on a one-off basis.
In fact, CDD must not only apply after the accepting of new customers, but throughout the entire business relationship with the customer and the financial institute.
Let’s look at the CDD requirements in detail.
The risk-based approach is the first principle of CDD, and risk assessments is the essential first step in the CDD process.
This takes into account the level of money laundering risk that each customer poses for the financial institute.
A risk score will be assigned to the customer, when they are on boarded into the financial institution:
This score, usually known as the AML Risk Score, may change during the lifecycle of the customer’s relationship within the financial institution, depending on the customer’s account activities, trigger events, or when the KYC is updated.
The degree of risk posed by a customer depends on various issues:
For most customers within the financial sector, these are straightforward questions. Others need closer examination, and may require Enhanced Due Diligence (EDD).
There are 5 AML Risk Factors:
This concerns the purpose of the business relationship, residency of the customer, nature of the business relationship/activity, ownership structures and the customer category (i.e. business customers engaged in high risk industries, PEP’s etc.)
This concerns the domicile of the customer/business and the jurisdictions, which the customer intends to deal with. Some countries are deemed High Risk countries by the Financial Action Task Force1
Certain types of transactions present a higher risk. Examples of this could be:
Delivery Channel Risk:
Some delivery channels or servicing methods have higher financial crime risk due to less visibility of the identity and the activities of the customer, for instance, a non-face-to-face account opening (via online registration) or providing services through third parties, such as leasing through car dealerships.
Currency accounts and Trade Finance products are also considered as delivery channels with a higher financial risk.
Enhanced due diligence is performed to gain and document an understanding of the customer and their activities with regards to the factors that can create a high money-laundering risk.
EDD should be conducted in the following circumstances for high risk customers:
At the on boarding stage
When complex or unusually large transactions or a series of transactions takes place
As part of Ongoing Due Diligence (ODD).
The Ongoing Due Diligence allows the financial institute to:
The ODD process allows the financial institution to focus on higher risk customers and to ensure that each customer remains within the financial institution’s risk appetite.
ODD can be split into two types – Event Driven and Periodic ODD.
Event/Trigger Driven ODD:
Event/Trigger Driven ODD is initiated as a result of a particular event, for instance, a change in the beneficial ownership.
In contrast, periodic ODD occurs regularly at specific intervals. Based on different practices, periodic ODD is performed at least every one, three and five years, depending on the customers’ risk score and the individual financial institute’s internal process.
An example for a periodic ODD schedule could be:
Annually or at a trigger event.
Every 3 years or at trigger event.
Every 5 years or at trigger event.
Any financial institution may identify customers with an unacceptably high level of risk in regards to AML, Counter Terrorist Financing and/or Sanctions.
These customers are known as Prohibited Customers, and may not be provided with any products or services, and therefore must not be on boarded as new customers. Any existing customers that falls within the category of Prohibited Customers may have their current business relationship with the financial institution terminated.
Prohibited customers could include:
There is also a category of customers within the financial sector, whom are deemed to pose a higher level of risk, but can still be customers within a financial institution, though they may have limited access to products and services and be subject to more frequent EDD screening.
These customers are known as Restricted Customers, and could include the following:
A financial institution must comply with the financial sanctions that apply to its operations.
Financial sanctions are restrictive measures imposed on individuals, entities and countries in an effort to curtail their activities and to exert pressure and influence on them.
These restrictive measures could for instance be trade sanctions, restriction on travel or civil aviation restrictions.
Sanction measures are enacted by national and international bodies to prohibit or restrict certain dealings, trades and transactions.
They have their focus on:
Protecting civilians from harm, including human rights protection.
The financial sector is obliged to screen payments for sanctions. It is also obliged to ensure that no sanctioned individuals or legal entities are on boarded.
If an existing customer in a financial institution is sanctioned, the institution must ensure that steps are taken to avoid breaches according to relevant financial sanctions.
If an individual or legal entity is designated by the EU and subject to an asset freeze, a financial institution must ensure that current and/or future funds are blocked and reported to the relevant authority.
It is therefore important for any financial institutions to note high risk countries, where sanctions are in place.
For instance, most financial institutions prohibits transactions with Iran and North Korea.
As an employee in a Nordic financial institution, I am obliged to follow the Bribery Act 2010, which defines bribery as giving someone a financial or other advantage to encourage that person to perform their functions or activities improperly or to reward that person for having already done so.
This could include trying to influence a decision maker by giving them something that goes beyond legitimate commercial practice or needs.
It is an offence to:
As a financial institute in the Nordics, we could become liable, if a person in our organization commits a bribery offence. That person’s activities could be attributed to the financial institute.
The financial institute could also be liable, if someone performed services for it, like an employee, pays a bribe to get business, keep business or gain an advantage for the financial institution.
The importance of adequate procedures:
Even if no-one within a financial institute was aware of the bribe, it could be prosecuted for failing to prevent it.
However, a financial institution may avoid prosecution for this offence, if it can show that it has adequate procedures in place to prevent bribery.
Corruption is defined as “abuse of power for private gain” by the Global Program against Corruption run by the United Nations2.
The same definition is used by Transparency International3 and the EU4.
Politically Exposed Persons (PEP’s) are considered high risk customers from a bribery and corruption perspective. They have historically been known for abuse of entrusted power. This abuse varies of course from country to country.
Wealthy customers are associated with heightened risk of corruption and bribery due to high net worth characteristics of this customer type, and the type of products and services available to them, which are attractive for laundering proceeds of bribery. Products and services such as asset protection, cross-border transactions and investments services.
Business customers operating in sectors particularly susceptible to the risk of bribery and corruption can include real estate, oil and gas, public construction work, and the military sector.
What can the financial sector do to prevent bribery?
Breaching the Bribery Act 2010 can lead to an unlimited fine, imprisonment, or both.
Other possible consequences could include:
We have now covered the Preventing and Detecting aspects of the various financial crimes, so lastly we will look into the Reporting aspect.
Proper customer onboarding and ongoing dialogue with the customers play an important role in preventing financial crime.
However, what happens when we notice that a customer’s behavior is indeed unusual? This is where the final step of the financial crime prevention measures begins – potential reporting.
So, why are some activities seen as unusual in the first place? To determine if the situation is unusual, we should ask the following questions:
In order to properly answer these questions, we must:
Know our facts:
Evaluate the data surrounding the situation, for instance, date and time of the transaction, the location, the amounts involved etc.
Understand the context:
Figure out if a particular transaction or customer behavior seems odd or questionable in the specific situation, for instance, the customer shows nervous behavior, uses several bank branches to perform the same type of transactions during a short amount of time, etc.
Evaluate if we can identify any financial crime indicators:
See if the specific situation matches any known financial crime patterns, red flags and risk indicators.
It is important to note that not all situations that looks atypical at first glance will end up being unusual, which is why it is crucial to have an ongoing dialogue with the customers.
If the financial institutes puts in the effort to understand the customers right from the beginning of the customer journey, the financial institutes may save a lot of time and resources on investigations.
A financial institution must report any suspicious activity related to financial crime to the local Financial Intelligence Unit (FIU) without delay.
Suspicious activity is defined as a transaction or activity that could indicate a committed or an attempted financial crime.
What is a valid suspicion in regards of transactions? Your suspicion should be based on some evidence or indication.
Most suspicious activities involve changes in transactions patterns, illogical decisions, unusual requests, or events or inconsistencies in the customer’s business.
However, though procedures and computer systems help us detect potential money laundering, tax evasion and terrorist financing, most suspicious activities are uncovered by your day to day employee within the financial sector, may that be an employee in a branch, financial advisor or accountant. People who uses their experience and common sense.
Staying vigilance and using your common sense is just as important as having procedures and systems for detecting financial crimes.
Once a customer’s behavior is deemed suspicious, a Unusual Activity Report (UAR) is created and sent to the Money Laundering Reporting Office (MLRO) or Suspicious Activity Reporting Office (SARO) within a financial institution, for further investigation.
If the investigation performed by the MLRO/SARO do in fact support the UAR, a Suspicious Activity Report (SAR) or Suspicious Transactions Report (STR) is sent to the Financial Intelligence Unit (FIU) for further investigation, which at the end may result into prosecution of the involved parties.
It is clear to see that financial crime has a huge impact on both the economy and the society, meaning that such crime could also impact our own lives or the lives of our friends and families.
The consequences for the financial institutions themselves can be long reaching and can range from a damaged reputation (which will be extremely difficult to restore) to huge fines, loss of a banking license or even bankruptcy.
The combined efforts to fight financial crime are always important.
The author of the lesson: Keng Lam, Compliance Officer at Danske Bank, Denmark