anti-money - afma€¦ · anti-money laundering intensive masterclass december 2008 obligations...

The International TradeIntegrity Act wreaksmajor changes on theDFAT List landscape

IS AUSTRAC COMING YOUR WAYFOR A CUP OF TEA?

THE INTERNET – TOOL OF CHOICE FOR TERRORISTS AND INVESTIGATORS

ARE THERE PEPS UNDER YOUR BED?

anti-money launderingCOMBATING MONEY LAUNDERING IN FINANCIAL SERVICES

SEPTEMBER 2008

EDITORIAL

ANTI-MONEY LAUNDERING 3SEPTEMBER 2008

F ORGET what the cynics might tell you about the ennui of numbercrunching and the doldrums of data

processing. Data is dynamic stuff. When we control and understand data, and learn tolisten to its stories, data can open up a worldof narratives and insights. Good data, afterall, holds meaning. And for those who under-stand the language, data can offer us a worldof insights. Perhaps it's an insight into a syndicate that's laundering drug moneythrough the black market peso exchange in South America. It could be a fresh-airinvoicing scam operating out of Singapore.In both of these instances, the data thatfinancial institutions hold could turn out tobe the Rosetta stone that AUSTRAC or thelaw enforcement agencies use to decrypt thecase. Of course, at an operational level, datamanagement also allows us to stay onsidewith the aforementioned agencies and toavoid any regulatory breaches.

This edition has one recurring theme –data; AML/CTF is all about data, one way or another. Having, and then being able to manage the right data sets seems to beemerging as the key challenge for manybusinesses as they move towards the nextwave of obligations in December.

In the AUSTRAC column we see itscontrol of its data holdings through the provision of some raw figures about thosethat have not yet reported as required by 31 March 2008. AUSTRAC has observedthat the mainstream financial servicesproviders that previously reported to it under the Financial Transaction Reports Act 1988(FTR Act) have responded relatively well, as would be expected. AUSTRAC goes onto say that “the new industry segments andindividual reporting entities that have beenbetter resourced, accustomed to regulation

and skilled in risk management, or haveengaged closely with their industry associa-tion, a service provider or the regulator, have also been generally well advanced”. It is interesting that these factors are showing through the reporting data thatAUSTRAC is receiving.

As the AML/CTF regime gathersmomentum, it is predicted that the nature ofcompliance reporting to AUSTRAC will leadreporting entities to require more internal supporting data demonstrating that KYC andongoing customer due diligence controls areworking. In short, data will be needed todemonstrate to senior management that thesecontrols are working before they will sign offcompliance reports.

Getting ready for an AUSTRAC site visit is, in part, a data management process.Businesses need to be on top of their records,on top of their documents and able to meetAUSTRAC’s requests for information acrossa broad spread of areas. AUSTRAC has beenundertaking visits in the bigger capital citiesand we have used discussions with some of those who have had visits to provide achecklist of things to consider ahead ofAUSTRAC’s arrival in your lift lobby.

The impact of the International TradeIntegrity Act (Cth) 2007 is a significant datamanagement issue – forcing much greaterattention to the quality of scanning of namesof customers, counterparties, beneficial

owners, beneficiaries, controllers, directors and agents against lists of persons and countries subject to sanctions and embargoes. The strict liability nature of aspects of this new legislation has placed renewed pressure on theneed to have robust screening systems in placefor both customers and transactions. Someorganisations may even contemplate screeningtheir employees against these lists as well for a greater level of protection against aninadvertent breach. Some feel that screening

has become a little like the Wild West of datamanagement, as the consequences of getting it wrong have become significant under thenew strict liability regime.

Again, in the spirit of yet more on data, hints on how to use the internet as anAML/CTF tool had a natural fit with thisissue. The figures about internet users arestaggering, with the fastest growing languageon the net being Arabic, climbing by 1,576 per cent since 2000. The message ofthe article on using the internet as anAML/CTF tool is singular – “doing basicresearch online is a mandatory skill-set”.

By Joy Geary EDITOR

Please write to me about the subjects that you wish to have aired in the remaining issues for this year. The magazine is the industry’s magazine and the readership is invited to drive its content through letters.E-Voice

�

Electronic needlesand digital haystacks

FORGET WHAT THE CYNICS MIGHT TELL YOU ABOUT THE ENNUI OF NUMBER CRUNCHING AND THE DOLDRUMS OF DATA PROCESSING. DATA IS DYNAMIC STUFF.

EDITORIAL

The vexed subject of the long reach ofthe U.S. Office of Foreign Assets Control(OFAC) is canvassed in London Calling,highlighting the difficulties that non-USfinancial institutions have in performing adequate screening of customers, counter-parties and transactions to avoid contravention of the OFAC requirements.

Finally, answering the question ofwhether there are really any PEPs under the bed in Australia leads us again to data.There is not yet enough visibility of whether any significant populations of PEPs have been located in the customerdatabases of Australian institutions, with the exceptions of those that are

part of global private banking businesses.The December 2008 obligations

will bring the biggest data challenge to thefore. Reporting entities will be confrontedwith the need to identify where the highML/TF risk is within their businesses andapply the enhanced customer due diligenceprocess required by Chapter 15 of theAML/CTF Rules. Guessing that AUSTRACmeans high ML/TF risk customers in Rule15.9(1), reporting entities will need to be able to determine who in their existing customer base is high ML/TF risk, accordingto what has been defined as high ML/TF risk in the original risk assessment. Many businesses simply do not have

the data available to identify these customersbecause they did not collect it at the time of original customer acceptance or during the relationship. The monitoring challengegrows exponentially where there is little data held about an existing customer.

It has always seemed to me thatAML/CTF is a lot like looking for the electronic needle in the digital haystack, but the digital haystack of data suddenlyseems to be getting a lot larger as understanding of the risk-based regime deepens. These challenges mean that thestrengthening of the overall AML/CTFframework in Australia will take more timethan has been previously thought. ■

SEPTEMBER 2008 ANTI-MONEY LAUNDERING4

�

Anti-money LaunderingLunchtime Briefing Series

Synthesising key points from a wide number of sessions at the 26th Cambridge InternationalSymposium on Economic Crime

Briefing 1: Developments in the riskbased approach in AML/CTF

1 October 2008 l Sydney 12:00pm – 2:00pm

Briefing 2: The threat that financialcrimes pose to financial institutions:reputation, fraud and balance sheet risks as well as new risks that are emerging


Briefing 3: Developments in the electronic world: electronic crime,monitoring and profiling


Anti-money LaunderingIntensive Masterclass

December 2008 Obligations

Session 1: Monitoring

12 November 2008 l Sydney 9:00am – 12:00pm

Session 2: Suspicious Matter Reporting

26 November 2008 l Sydney 9:00am – 12:00pm

Anti-money LaunderingWorkshop

Responsibilities of an AML/CTFCompliance Officer

29 October 2008 l Sydney 9:30am – 11:30pm

25 November 2008 l Sydney 3:00pm – 5:00pm

UPCOMING EVENTS

For more information or to register contact Diana Zdrilic on 02 9776 7923 or [email protected]

CONTENTS


FEATURES

3 EDITORIAL

6 NEWS

14 THE ITIA HAS CHANGED THE DFAT LIST LANDSCAPE

18 LONDON CALLING THE LONG ARM OF UNCLE SAM

19 AUSTRAC COLUMNAUSTRAC’S PRELIMINARY OBSERVATIONS REGARDING COMPLIANCE REPORTING

20 AUSTRAC – ARE THEY COMING YOUR WAY?

22 SO YOU DREW THE SHORT STRAW AND YOU’RE AN AML/CTF COMPLIANCE OFFICER ...

24 E-VOICE

26 THE INTERNET IS THE TOOL OF CHOICE OF TERRORISTS AND INVESTIGATORS ALIKE

28 VOO-DUE DILIGENCE

30 RECONCILING CONFLICTING INTERESTS

34 ARE THERE PEPS UNDER THE BEDS OF AUSTRALIAN FINANCIAL INSTITUTIONS?

36 CASE STUDY

EDITORIAL

EDITOR: Joy [email protected]

SUB-EDITOR: Ros Holcombe

CONTRIBUTORS: AUSTRAC, Brett Wolf, Chris Hamblin (UK), Michelle Hannan, Kenneth Rijock (USA)

PRODUCTION AND DESIGN

CREATIVE DIRECTOR: Jo Fuller

COVER DESIGN: Elly Walton, Elly Walton Illustrations (UK)

PUBLISHINGNATIONAL MANAGER, MARKETING: Diana Zdrilic – Tel: + 61 2 9776 [email protected]

ANTI-MONEY LAUNDERING MAGAZINE IS PUBLISHED SIX TIMES A YEAR BY

AFMA – Level 3, 95 Pitt Street, Sydney NSW 2000.GO Box 3655, Sydney NSW 2001 Tel: + 61 2 9776 4411 Fax: + 61 2 9776 4488

www.afma.com.au

Disclaimer: This publication is designed to provide accurate and authoritative information inregard to the subjects covered. It is distributed with the understanding that the AFMA is notengaged in rendering legal, accounting or other professional service. If legal advice or otherexpert assistance is required, the services of competent professional persons should be sought.AFMA Anti-money laundering magazine presents the views of a range of commentators onAML issues for the benefit of readers and AFMA does not necessarily endorse these views.

anti-money laundering

ANNUAL SUBSCRIPTIONS: $595 +GST Tel: + 61 2 9776 7923

This publication is copyright. Other than for the purposes of, and subject to the conditions prescribed under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system, or transmitted without prior permission. Enquiries should be addressed to AFMA.

NEWS


Powered by

IN US v Santos, the court stripped prosecutorsof the right to punish criminals for payingbills with dirty money. In Cuellar v US, meanwhile, the court cut down the types of cash seizure that highway police can make. Neither case affects the job of theAmerican compliance officer, who has toreport suspicious activity whatever the prosecutorial consequences.

The US v Santos ruling deals with thethings that can be classified as the proceedsof crime. Efrain Santos ran an illegal lotteryin Indiana and, as part of that operation, usedlosers’ money to pay the winners and hiscouriers. This activity earned him a “promo-tional” money laundering conviction underTitle 18 US Code, Section 1956(a)(1)(A)(i)because he was using illicit gambling pro-

ceeds to support the criminal organisation. The Seventh Circuit Court of Appeals

upheld Santos’s conviction. Later the District Court threw it out. The precedent it cited was United States v Scialabba, 282 F.3d 475, in which the Circuit Courtruled that “1956(a)(1)(A)(i) applies only to transactions involving criminal profits, not criminal receipts.”

In other words, the ruling stated that only the net profits of a criminal organisationare “proceeds” of crime that can be “laundered”. A criminal organisation’s use of dirty money to pay bills cannot be considered money laundering, accordingto the Circuit Court ruling.

The Supreme Court agreed. Judge Scalianoted that Congress repeatedly used the term

“proceeds” when drafting American moneylaundering law, but did not define it.

“From the face of the statute, there is no more reason to think that “proceeds”means “receipts” than there is to think that“proceeds” means “profits.” Under a long line of our decisions, the tie must go to the defendant. The rule of lenity requiresambiguous criminal laws to be interpreted in favour of the defendants subjected tothem,” Scalia wrote.

By Brett WolfUS ANTI-MONEY LAUNDERING

EDITOR, COMPLINET

Only in America

�

American police and prosecutors are still dealing with the fallout from two decisions that the Supreme Court made more than a month ago.

NEWS


Powered by

THE AUSTRALIAN anti-money launderingregime will have a range of flow-on benefitsfor firms that look beyond the basic cost of compliance, according to a leading criminologist. Dr Russell Smith, principalcriminologist at the Australian Institute of Criminology, told the IFSA “Innovate 08”conference in Queensland that the AMLregime would introduce new rigour in areas such as fraud prevention and reputationalrisk management.

Australian firms spent around $206 mil-lion on compliance with the country’s anti-money laundering regulation during the lastfinancial year, Smith said. He predicted thatthe annual AML spend was likely to continue

at this level — around 0.02 per cent of grossdomestic product — based on overseas numbers. His figure of $206 million relates to the ongoing annual cost of AML/CTF compliance and excludes the upfront cost ofrolling out new systems, which would inflatethe figure for 2007/8 significantly.

Smith said that AUSTRAC’s budget of $54 million for the coming year wouldbring the overall figure for the AML/CTFregime well beyond the $250 million mark.He added that the AIC was conducting a survey into how this spending would affectbusiness profitability.

There was a widespread view within thefinancial services industry that the AML/CTF

regime had displaced the responsibility for policing from the government to the business sector, according to Smith. He stressed, however, that there were a range of associated benefits for firms thatembraced the opportunities of the newregime. These included the reduced risk offraud and reputational damage as a result of screening out undesirable clients.

“The benefits of the regime include the use of electronic monitoring tools thatmight in fact reduce costs to the business in other areas. So there’s a diffusion of some of the benefits of using this softwareand, ideally, there will be a reduction in fraud and dishonesty within the organisation.So it could in fact have a range of benefits for businesses,” Smith said.

There was some truth, however, in the argument that the government had successfully shifted the burden of surveil-lance onto the private sector with the newAML/CTF regime, he said. “Certainly it’sworth having a philosophical discussion about how much cost the industry should bear for public policy — one could arguethat’s what we pay taxes for.” ■

This ruling must have shocked federalprosecutors, who are in the habit of pressing“promotional” money laundering charges on criminals who use dirty money to furthercriminal schemes. Drug traffickers who purchase boats to ship narcotics, and securities fraudsters who use victims’ money to print fraudulent glossy brochures for use in soliciting more victims have traditionally been charged in this manner.

The Supreme Court seems to have given criminals free reign to spend dirtymoney as long as they write off the expenditure as illicit business “expenses”. The law enforcement lobby has not wel-comed the judgment.

Another Supreme Court judgment in the news recently was Cuellar v US. Here, the justices ruled that a person cannot be convicted of money laundering for simplyconcealing and transporting bundles of cash.Humberto Cuellar was arrested after a search of the car he was driving throughTexas towards Mexico uncovered nearly$81,000 in plastic bags in a compartmentunder the floorboards.

Cuellar was convicted of internationalmoney laundering under Title 18 US Code, section 1956(a)(2)(B)(i), for trying to “conceal or disguise the nature, the location,

the source, the ownership, or the control” ofthe money. The Fifth Circuit Court ofAppeals upheld the conviction and a desper-ate Cuellar appealed to the Supreme Court,which charged to his rescue.

“Although section 1956(a)(2)(B)(i) does not require proof that the defendantattempted to create the appearance of

legitimate wealth, neither can it be satisfiedsolely by evidence that the funds were concealed during transport. The statutory text makes clear that a conviction requiresproof that the transportation’s purpose – not merely its effect – was to conceal or disguise one of the listed attributes: thefunds’ nature, location, source, ownership, or control,” the Supreme Court stated.

This decision has been unpopular withpolice. Law enforcers want the courts to interpret “money laundering” as any furtive

activity that involves money or wealth, making it a catch-all crime. In the US it has so far been the perfect crime with whichto charge people: the prosecution has to do very little to send someone to jail; and it can do so for a maximum of 20 years.

The two decisions might be reversed by legislation. US lawmakers, after all, have

taken a keen interest over the years in ways to make convictions quick and easy. Thiscould be the most compelling reason why one in every 32 American adults is in prison,on probation or on parole. ■

Editor's Note: The word "proceeds" appearsthrough US AML statutes and until there islegislative change all money laundering casesare limited by these decisions. The electionlater this year is causing delay to passage ofthe required legislative changes.

AML flow-on benefits

�

THE SUPREME COURT SEEMS TO HAVE GIVEN CRIMINALS FREE REIGN TO SPEND DIRTY MONEY AS LONG AS THEY WRITE OFF THE EXPENDITURE AS ILLICIT BUSINESS “EXPENSES”.

AUSTRALIAN FIRMS SPENT AROUND $206 MILLION ON COMPLIANCE WITH THE COUNTRY’S ANTI-MONEY LAUNDERINGREGULATION DURING THE LAST FINANCIAL YEAR.

NEWS


Powered by

THE AUSTRALIAN Federal Police (AFP)has teamed up with the country’s banks toissue an alert about the growing number oflaundering syndicates that are targeting“mules”. The AFP says launderers are increasingly looking for individuals to assistwith the layering stage of their operations.

People are being enticed into launderingoperations under the guise of “work fromhome” employment offers. The AFP notes that syndicates are increasingly using theinternet to make contacts, either via email,instant messaging or even by advertising on legitimate employment websites.

The launderers attempt to build a networkof individuals who will transfer funds to a designated domestic or offshore account using a money-remitting service or electronicfunds transfer. In return for participating in a laundering scheme, often inadvertently, themules get a percentage of the funds transferred.

James McCormack, the director of theAFP’s high-tech crime centre, said that thelure of easy money was too much for somepeople to resist. They needed to be made

aware that the maximum penalty for assistinga laundering operation was a 20-year prisonsentence, in addition to financial penalties.

“You would be very suspicious if someone you didn’t know asked you to carry a package or money overseas, and similarly, you should be very suspicious about someone asking you to transfer money in and out of your bank account toother accounts,” McCormack says.

David Bell, the chief executive of theAustralian Bankers’ Association (ABA), says laundering syndicates have a range of strategies to attract mules. As such, the bank-ing industry is keen to help the AFP publicisethe problem and alert people who might inadvertently get roped into a criminal act.

“Usually, criminals send out millions of fraudulent job offer emails to random email addresses, in the hope of involvingunsuspecting, innocent persons in their criminal activity,” Bell says.

He adds that some syndicates useromance scams to lure individuals to transferfunds. Some people have been convinced to

transfer money to a nominated account underthe pretence of paying for airfares to “enablethe singles to meet”.

He says participants in these schemesleave themselves open to becoming victims of crime through identity theft. “The customers who respond to [these schemes]also leave themselves at risk of identity theft, as the criminals ask for confidentialbank account details.”

The Australian Federal Police have produced the following graphic outlining how a money transfer scam works and kindlyprovided their permission for its reproductionwith this article. ■

Mules for fools

Anti-money Laundering BriefingSynthesising key points from a wide number of sessions at the 26th Cambridge International Symposium on Economic Crime

The Cambridge International Symposium on Economic Crime is in its 26th

year and is a vehicle for promoting, at an international level, the real and

practical issues involved in preventing and controlling economic crime,

corruption and abuse. Economic crime, corruption and abuse are of course

predicate crimes to money laundering.

The Symposium takes place from August 31 to September 6 2008 at the

Jesus College Cambridge and regularly attracts over 900 participants from

80 different countries

The Symposium seeks to involve speakers and panellists with practical

knowledge and experience from around the world to share their expertise

and act as catalysts to promote awareness and discussion at all levels within

the Symposium.

AFMA is pleased to announce that Joy Geary, Editor of Anti-money Laundering

magazine, has been invited to attend the Symposium as a panel member for a

session on Responding to the threat of fraud and fi nancial crime and to run

a workshop with Dr. Nick Ridley from the London Metropolitan University on

Typologies – the missing link in the risk based approach.

Following Joy Geary’s attendance at the Symposium, AFMA is pleased to

present three lunchtime briefi ngs at which Joy will present on the key themes

emerging from the Cambridge Symposium.

briefi ng 1: Developments in the risk based approach in AML/CTF

1 October 2008 | Sydney | 12:00 – 2:00pm

briefi ng 2: The threat that fi nancial crimes pose to fi nancial institutions:

reputation, fraud and balance sheet risks as well as new risks that are

emerging


briefi ng 3: Developments in the electronic world: electronic crime,

monitoring and profi ling


registration fee member non-member

single briefi ng $235 + gst $280 + gst

all 3 briefi ngs $560 + gst $675 + gst

for further information

visit www.afma.com.au tel + 61 2 9776 7923 email [email protected]

Anti-money Laundering Lunchtime Briefing Series advert.indd 1Anti-money Laundering Lunchtime Briefing Series advert.indd 1 29/08/2008 10:04:29 AM29/08/2008 10:04:29 AM

NEWS


Powered by

JENSEN SAID that the regulator stillbelieved around 2,000 firms had failed toheed its requests to register and lodge reportsby March 31. The anti-money launderingcompliance reports are a statutory require-ment for “tranche one” reporting entitiesunder the Anti-Money Laundering andCounter-Terrorism Financing Act 2006.Tranche one includes the bulk of the financialservices industry — including banks, buildingsocieties, credit unions, asset managementcompanies, financial planners that issue products, life insurers, superannuation fundmanagers and securities dealers.

An Australian AML consultant toldComplinet recently that AUSTRAC was likely to use the compliance reports as anopportunity to demonstrate its enforcementpowers to the industry. Jensen indicated yesterday, however, that the regulator woulduse a range of tools to encourage compliancebefore resorting to enforcement action. These tools included direct phone calls to reporting entities and onsite visits in cases where firms repeatedly ignoredAUSTRAC’s requests.

The agency estimates that around 15,000tranche one entities have reporting obligationsunder the act. So far AUSTRAC has receivedaround 10,000 registrations and 8,000 compli-ance reports. It is working with another 3,000firms that are in the process of registeringwith AUSTRAC and filing belated compli-ance reports for 2006-07. Jensen said that the remaining 2,000 firms had simply failed to respond to the regulator’s approaches.

AUSTRAC was now experimenting witha number of different strategies to encouragecompliance, he said. These included sendingout final notices, making direct calls and conducting onsite visits.

Earlier this month AUSTRAC took asample of 10 per cent of the remaining 2,000 firms that had failed to respond to theregulator’s requests. The regulator then sentthese entities final notices to request animmediate response. Since then, only 50 percent of those 200 firms have responded.

“These entities would so far havereceived probably three letters from us aswell as receiving other information throughthe media,” Jensen explained.

Working relationship AUSTRAC has been extremely careful to foster a positive working relationship with the industry and has done its best to encourage voluntary compliance, according to Jensen. “It’s all been about voluntary compliance — getting in touchwith us and working with the industry, supporting entities to resolve any of the issues.”

At this point, however, the agency isbeginning to consider the sharper tools in its regulatory toolkit.

Jensen said that the 100 firms in the sample that had still failed to respond wouldbe used as a test case for AUSTRAC’s regulatory approach.

AUSTRAC is hoping that the direct calls will generate a response; failing that, it will look at onsite visits. Eventually, if these strategies fail, AUSTRAC will consider taking enforcement action. Despite the 15-month transition period for civil penalties, the government has indicated that AUSTRAC should takeenforcement action in cases where firms have not made “reasonable attempts to comply” with the act.

“We don’t want to take enforcementaction against anyone but, if they’re beingrecalcitrant, then it may well be that we’lltake enforcement action for failing to provide a compliance report,” the AUSTRACchief noted. ■

THE AUSTRALIAN Transaction Reports and Analysis Centre has produced a riskassessment toolkit to help small and medium-sized businesses comply with the country’smoney laundering laws. Under the Anti-Money Laundering and Counter-TerrorismFinancing Act 2006, reporting entities have to manage the business and regulatory risksassociated with their operations.

AUSTRAC said that firms had two principal obligations in this area: to identifythe risks relevant to their business and then to develop strategies to minimise and manage those risks. It stated that the first point required firms to “identify, prioritise, treat (deal with), control and monitor risk exposures”. These included risks relating to customers, products or services, business practices and the jurisdictions in which they operate.

When designing strategies to managethese risks, reporting entities need to considerboth the likelihood of a risk occurring and the severity — “amount of loss or damage” —that this would have. AUSTRAC said that regulatory risk essentially related to an entity’sobligations under the AML/CTF Act.

“Examples of regulatory obligations thatmay be breached include reporting certaintransactions such as international funds transfer instructions, verifying the identity of your customers and having an AML/CTFprogramme,” the risk assessment stated.

Standard risks AUSTRAC has endorsed Australian standard4360:2004, the “Standard for risk manage-ment”, as a basis for reporting entities’ com-pliance programmes. In the risk assessmentkit, the regulator has set out its modifications

to AS4360:2004 including the steps that AUSTRAC believes are integral to anAML/CTF risk management programme.

AUSTRAC’s risk framework covers thefollowing four core steps:• Risk identification. • Risk assessment/measurement. • Risk treatment. • Risk monitoring and review.

In terms of the risk assessment and measurement process, AUSTRAC has developed a strategy to calculate the likeli-hood and impact of any risk event. Its riskmatrix involves multiplying the likelihood rating by the impact rating to reach a riskscore. The report explained: “The risk scoremay be used to aid decision making and help in deciding what action to take in view of the overall risk.”

AUSTRAC the enforcerAUSTRAC will consider taking enforcement action against firms thatfail to submit compliance reports for 2006-07, which are now almostfour months overdue, according to chief executive Neil Jensen.

AUSTRAC risk assessment ‘toolkit’

�

Risk treatment AUSTRAC said that the risk treatment stagewas about identifying and testing methods to manage the risks that firms had identified.It said that typical responses could include the following:

• Setting transaction limits for high-riskproducts.

• Having a management approval processfor higher-risk products.

• Placing customers in different risk categories and applying different identification and verification methods.

• Turning away customers who want to dotransactions with high-risk countries.

The regulator said that reporting entitiescould also use a combination of risk groups to modify the overall risk of a transaction.“You may choose to use a combination ofyour customer, product/service and countryrisk to modify an overall risk. For example, in the case of a remitter, for a low-risk customer you may decide to only use a bank account to bank account service(assessed as low risk by you) to a certaincity/province (assessed as a high risk area by you) in a certain country (assessed as low risk by you).”

AUSTRAC stressed that identifying a customer, transaction or country as high riskdid not mean that money laundering or terrorism were necessarily involved. Byimplication, the opposite was also true; just because a customer or transaction was rated as low risk did not exclude the possibility of money laundering or terrorismfinancing. “Experience and common senseshould be applied to your risk managementprocess,” the regulator said.

Monitor and review Reporting entities need to maintain adequaterecords and evaluate their risk plan andAML/CTF programme regularly, AUSTRACsaid. It noted that risk plans were not staticdocuments and needed to change over time— for example, with changes to the firm’scustomer base, products and services, or business practices.

“Once documented, your business should develop a method to regularly checkon whether your AML/CTF programme isworking correctly and well. If not, you needto work out what needs to be improved andput changes in place. This will help keep your programme effective and also meet the requirements of the AML/CTF Act,”AUSTRAC explained. ■

NEWS


�

Powered by

NEIL JENSEN, AUSTRAC’s chief execu-tive, has expanded on the regulator’s latestpublic legal interpretation (PLI) documentfollowing claims that it had created uncertainty for reporting entities. RichardBatten, a partner at law firm Minter Ellison,told Complinet recently that the PLI had introduced confusion over the regulation of non-core activities. The PLI appeared tocast doubt over an exemption for non-corelending activity, which had originally beenset out in the explanatory memorandum to the Anti-Money Laundering andCounter-Terrorism Financing Bill.

Batten said that the original explanatorymemorandum had led reporting entities to believe that their incidental lending activities would not be captured under theAML/CTF Act. Last week’s PLI appeared to downplay these concessions, however,and suggested that the regulator would take a more legalistic reading of theAML/CTF Act. Under this interpretation of the law, AUSTRAC indicated that non-core lending activity could indeed be subject to AML/CTF regulation.

Batten said that this had introduced a significant amount of uncertainty forsome reporting entities. “It seems to be saying that you can’t simply treat some-thing as not being regulated because it isnot a core business activity. Prior to thePLI, I think people were drawing somecomfort from the observation in theexplanatory memorandum that it had to bea core business activity,” he explained.

Clearing the air Jensen explained that while the PLI outlined AUSTRAC’s legal view of theAML/CTF Act, the agency was still boundto take a regulatory approach that was consistent with the object of the act and the explanatory memorandum.

“The AUSTRAC PLI series providesAUSTRAC’s legal interpretation of the legislation it administers. It is based onAUSTRAC’s legal interpretation of the relevant legislation and has no legal statusor effect,” he said. “Hence, others may take a different view.”

“AUSTRAC’s regulatory approach will be consistent with the objects of theAML/CTF Act and … take into account arange of factors, including the effect of thecommentary in the explanatory memoran-dum on core and non-core activities.”

He said that “carrying on a (specific)business” was the differentiating factorused in the AML/CTF Act to determinewhether it was a core or non-core activity.This was illustrated in respect to item six of the act, where the requirement was to be making a loan in the course of carryingon a loans business.

“As [the PLI] explains, there are anumber of factors that will go towardsdetermining whether a business is beingcarried on in respect to a particular activity,and the conclusion will vary depending on the particular circumstances,” Jensensaid. “Parliament has also seen fit to provide a wide definition of ‘business’ consistent with the objects of the AML/CTFAct. Against this context, the AUSTRACchief executive will consider all relevantfactors in deciding on any enforcementaction in any particular case.”

Jensen added that the regulator wouldconsider making rules in circumstanceswhere its interpretation of the act capturedactivities that the explanatory memorandumimplied might not be caught.

“For instance, in relation to corporatetreasuries, which were raised by Mr Batten,AUSTRAC is in the process of developingrules to exempt corporate treasuries in certain circumstances. These rules will beavailable for public consultation, as isAUSTRAC’s usual practice.”

Better safe than sorryCommenting on Jensen’s clarification,Batten said that he applauded the regulator’s efforts to clear up any industryconfusion relating to non-core activities. He warned that reporting entities and potential reporting entities should apply for relief from AUSTRAC, however, if there was any uncertainty as to whethertheir activities were regulated.

“It appears that companies may onlyhave certainty in this area if AUSTRAC hasmade a ruling on either a private or publicbasis,” he said. “This will pose challengesfor both industry and AUSTRAC if it leadsto multiple applications for clarification.”

Batten also said that Jensen’s comments on rules for corporate treasurieswere good news for the industry. “It will be very interesting to see in what circumstances the rule will apply,” he said.“Hopefully it will exempt all transactionsbetween related companies.” ■

Core and non-core

NEWS

INDONESIA HAS MADE significantprogress since its first evaluation by the Asia-Pacific Group on Money Laundering in 2002,but still has a good way to go, the APG saidin its latest evaluation report on the country. It is clear that there is a strong political will to fight money laundering in Indonesia,although challenges remain on several fronts,the APG said, including a lack of progress in combating terrorist financing.

“While the Indonesian government hasnot done a formal assessment of the risks ofmoney laundering in Indonesia, it is clear thata range of significant money laundering andvery significant terrorist financing risks existin Indonesia,” the report stated.

Since the last APG report on Indonesia in2002, the country has improved its use of anti-money laundering tools to fight corruption andto trace and seize the proceeds of corruption,the APG said, noting that the country also had made strong gains in implementing knowyour customer principles and building theAML/CFT capacities of regulatory agencies.

The APG hailed the establishment ofIndonesia’s financial intelligence unit, the PPATK, as well as the new specialist anticorruption agency, the KPK. It saidIndonesia’s FIU is receiving suspicious transaction reports and authorities are beginning to systematically prosecute moneylaundering. The country is also opening up to international co-operation for pursuing anti-money laundering.

The country still faces challenges in further implementing comprehensive customer due diligence measures, however,the report said.

The APG highlighted a number of factors that increase Indonesia’s vulnerability

to money laundering and terrorist financing,including: • the lack of comprehensive AML/CFT

controls in some sectors, in particular inrelation to wire transfers and non-profitorganisations;

• endemic corruption in both the public and private sectors;

• the Indonesian financial system is heavilycash-based, which facilitates money laundering. Large cash transactions are common;

• Indonesia has a very porous border andweak capacity to patrol and police allentry points; and

• a lack of capacity and AML/CFT experience with key enforcement andprosecution agencies.

The terrorist problemA number of terrorism organisations have asignificant presence and have been raisingfunds and carrying out activities in Indonesiaand other jurisdictions in South East Asia and beyond over the past 10 years, the reportsaid. A number of these groups are linked to Al-Qaeda and the Taliban and have beenlisted by the UN 1267 Committee, with their members listed as designated entities. A number of those entities hold significantassets in Indonesia, the report claimed.

The APG pointed to Indonesia’s successin apprehending terrorists as a scale of the terrorism financing risk that exists in thecountry. So far, Indonesia has arrested 423suspected terrorists, of which 367 have beenconvicted. However, the country has onlymanaged to secure one conviction on a terrorism financing charge. This was in relation to financing the bombing of the

Jakarta Marriott Hotel in 2003; the defendantreceived a four-year sentence.

In a number of terrorism financing-relatedcases, Indonesian prosecutors have insteadopted to charge suspected terrorism financiersof terrorism offences, as they carry highersentences. Individuals could face from threeto 15 years’ imprisonment on the offence,while companies and other legal persons areonly liable to a fine of up to $100 million.

Another problem the APG found in itsevaluation was that the offence of terrorismfinancing seems to require that funds are actu-ally used to carry out or attempt a criminal actof terrorism. The activity of collecting fundsfor terrorists or terrorism organisations (eitherfor the purpose of committing a terrorist act orany other purpose) is not clearly criminalised,the report warned.

Indonesia’s suspicious reporting regime isbroad, although the obligation to report terror-ism-related matters is not sufficiently directand does not clearly cover funds to be used byterrorist organisations, the report added.

The fixIndonesia should revise its terrorist financingoffences to ensure that they are in keepingwith the relevant UN and FATF standards, theAPG said. In particular the offence shouldclearly cover: • all required terrorist acts as outlined in

the TF convention; • the widest range of assets; • direct and indirect collection and

provision of assets; • funding to individual terrorists; • provision of assets to terrorist

organisations; and • the ability for the knowledge element

to be able to be proven by objective factual circumstances. The country’s anti-terrorism law should

also be amended to include effective, propor-tionate and dissuasive sanctions, includingmonetary sanctions for natural persons andeffective administrative sanctions for corpora-tions, the report said. It suggested that the lawbe amended to remove the obligation thatfunds for the terrorist financing offence mustbe linked to a specific terrorist act.

The APG also said the authorities should consider adopting an approach where all indictments of terrorist financingoffences should be cumulative indictments,which require a verdict on the terrorist financing offence. ■


Powered by

Poor CTF progress in Indonesia

Subscribe to anti-money laundering magazine, the definitive source of information for the financial services sector on anti-money laundering and counter-terrorist financing.

Call our subscription department today on 02 9776 7923

Don’t get taken to the cleaners

INTERNATIONAL TRADE INTEGRITY ACT

The International Trade Integrity Act (Cth)2007 (‘ITIA’) makes changes to several commonwealth acts covering the enforcementof UN sanctions and bribery of foreign officials in order to implement the Australiangovernment’s response to certain recommen-dations of the Cole Inquiry relating to the UN Oil-for-Food Programme.1

Summary of the amendmentsImportant changes made by the ITIA include:

• Introduction of the new offences of con-travening a commonwealth law thatenforces United Nations Security Councilsanctions, and of providing false or mis-leading information in connection withthe administration of a UNSC sanctionenforcement law;

• Increasing existing penalties for acting incontravention of UNSC sanctions, includ-ing terrorism financing sanctions;

• Introduction of an investigatory power foragencies administering UNSC sanctionsin Australia, such as DFAT;

• The requirement to retain, for five years,documentation in connection with permitapplications and compliance with permitconditions; and

• Amendments to the Criminal Code andIncome Tax Assessment Act relating tobribery of foreign officials.

Contravening a commonwealth law that enforces UN sanctions

A corporation will now commit an offence if it engages in conduct contravening a UNsanction enforcement law, or engages in conduct2 contravening a UN sanction enforcement law and that conduct contravenesa condition of a licence, permission, consent,authorisation or approval under a ‘UN sanction enforcement law’.3

The minister has designated 12 regulations made under the United NationsAct (effecting sanctions against countries such as Iran, North Korea and Sudan) and two regulations made under the Customs Act (Cth) 1901 as ‘UN sanction enforcement laws’4.

A defence is available against the offenceof contravening a UN sanction enforcementlaw where the person can prove that it tookreasonable precautions, and exercised duediligence, to avoid contravening the relevantUN sanction enforcement law.

This offence is a strict liability offence5 in relation to corporations (but notindividuals). The only defences available tocorporations for breach of this section aremistake of fact6; and the reasonable precautions defence outlined above.

The penalties for this offence are significant, being a fine not exceeding threetimes the value of the transaction, or$1,100,000, whichever is greater.7 This is five times the penalty for an individual.

Providing false and misleading information

An individual or corporation will commit anoffence if they give information or a documentto a commonwealth entity8 in connection withthe administration of a UN sanction enforce-ment law; where the information or documentis false or misleading in a material particular,or omits any matter or thing without which theinformation or document is misleading in amaterial particular.9


FEATURE

The ITIA has changed the DFAT List landscape

�

•1 Report of the Inquiry into Certain Australian Companies in relation to the UN Oil-for-Food Programme (2007). The Cole Inquiry investigated the dealings between Australian companies AWB Limited,Alkaloids of Australia Pty Limited, and Rhine Ruhr Pty Ltd and the Iraqi government. •2 To “engage in conduct” includes both the doing of an act and omitting to do an act; item 26, schedule 1, InternationalTrade Integrity Act 2007 (Cth). Parallel offence provisions apply to individuals as well as corporations •3 Section 27 Charter of the United Nations Act 1945 (Cth); item 26, schedule 1, International TradeIntegrity Act 2007 (Cth). Parallel offence provisions apply to individuals as well as corporations. •4 Schedule 1, Charter of the United Nations (UN Sanction Enforcement Law) Declaration 2008•5 As a general rule, under the Criminal Code, for a criminal offence to be committed, the prosecution needs to establish that both the physical and the mental (or fault) elements of the offence are made out.However when an offence is one of strict liability, it is only necessary to show that the physical element (the prohibited conduct) has occurred, sections 3.2 and 6.1. Criminal Code Act 1995 (Cth). For example,to be guilty of theft, it must be shown that the person both took unauthorised possession of an item of property (the physical element), and also intended to do so (the fault element.•6 Section 9.2 of the Criminal Code Act 1995 (Cth) •7 Section 27(9) Charter of the United Nations Act 1945 (Cth); item 26, schedule 1, International Trade Integrity Act 2007 (Cth).•8 A Commonwealth entity is either an agency within the meaning of the Financial Management and Accountability Act 1997 (Cth) or a Commonwealth authority within the meaning of the CommonwealthAuthorities and Companies Act 1997 (Cth). •9 Section 28(1) Charter of the United Nations Act 1945 (Cth); item 26, schedule 1, International Trade Integrity Act 2007 (Cth).

Cheng Lim and Peter Delaney of Mallesons and Joy Gearycollaborated on an overview of the International TradeIntegrity Act and its impact on Australian financial institutions.This article is in two parts – the overview by Cheng Lim andPeter Delaney, and the impact analysis by Joy Geary.

CHENG LIM

PETER DELANEY


FEATURE

An individual or corporation will alsocommit an offence if they provide informationor documents that are false or misleading, to someone, and are knowing or reckless as to whether that person will provide it to a commonwealth entity in relation to a UN sanction enforcement law.10

If an individual or corporation commitseither of these offences, the penalty is either 10 years’ imprisonment, or a fine of $275,000, or both.

New information gathering powers for certain agencies

To determine whether a UN sanction enforcement law has been or is being complied with, the CEO of a designated commonwealth entity has been given thepower to require an individual or corporationto provide information or documents in accordance with the notice.11

Designated commonwealth entities will include DFAT12 and the Department of Defence.13.

A failure to comply with a notice fromthe CEO of a designated commonwealth entity will be punishable by 12 months’imprisonment.14

A person cannot seek to rely on the factthat disclosing the information or documentsmight incriminate an individual or corporationto limit its obligations to provide informationor documents in accordance with a notice.However, it will be able to rely on legal professional privilege.15

�

�

•10 Section 28(2) Charter of the United Nations Act 1945 (Cth); item 26, schedule 1, International Trade Integrity Act 2007 (Cth). The amendments also state that if a licence or authorisation under the UnitedNations Act was granted on the basis of false or misleading information, that licence or authorisation will be taken to never have been granted. •11 Section 30(1) Charter of the United Nations Act 1945 (Cth);item 26, schedule 1, International Trade Integrity Act. •12 Charter of the United Nations (Designated Commonwealth Entity) Declaration (Cth) 2008 •13 Explanatory Memorandum, International TradeIntegrity Act 2007 (Cth). •14 Sections 32 and 33 Charter of the United Nations Act 1945 (Cth); item 26, schedule 1, International Trade Integrity Act 2007 (Cth). •15 Explanatory Memorandum, InternationalTrade Integrity Act 2007 (Cth).


FEATURE

Record keeping requirementsIf a corporation or individual applies for alicence or on authorisation under UN sanctionenforcement laws, it must retain any recordsrelating to that application and to their compliance for five years.16 If an individualreceives a request to produce compliance documents and refuses, he or she could face up to 12 months’ imprisonment.

Amendments to other legislationThe ITIA also amends a number of other acts,including

• The United Nations ActThe penalties for dealing with a freezableasset or dealing with proscribed persons under Part 4 of the United Nations Act have been significantly increased. The penalty for individuals is now 10 years inprison or a fine (the greater of three times the value of the transaction, or $275,000), or both. The penalty for corporations is now a fine, being the greater of three times the value of the transaction, or $1,100,000.17

In relation to corporations, these are strict liability offences. Accordingly, the only defences available to a corporation are mistake of fact18, and a reasonable precautions defence (ie that the corporationtook reasonable precautions and exercised due diligence, to avoid contravening the relevant provisions).

• The Criminal Code: bribery of foreign officials

A person may now be convicted of bribing aforeign public official without the need toprove that a business benefitted from that person making a payment. Furthermore, anindividual will not be able to escape liabilityfor bribing foreign public officials on thebasis that a bribe is, or is perceived to be, customary, necessary or required.19

• Income Tax Assessment ActThe Income Tax Act has been amended toclarify that a payment or benefit provided will not be a bribe (and therefore notdeductible) if it is acceptable under the writtenlaw of a country, or the value of the benefit is minor in nature and the amount is incurredfor the sole or dominant purpose of securingperformance of a routine government actionof a minor nature.20

CommencementWhile the changes to the Criminal Code and Income Tax Assessment Act commencedon 25 September, 2007, the changes to theUnited Nations Act only became operative on 25 March, 2008.21

The 12 regulations effecting sanctionswere all passed on 10 April, 2008, and took immediate effect. The Charter of the United Nations (Dealing with Assets)Regulations 200822, also came into operation on 25 March, 2008. ■

�

•16 Section 37(2) Charter of the United Nations Act 1945 (Cth); item 26, schedule 1, International Trade Integrity Act 2007 (Cth). •17 Sections 20 and 21 Charter of the United Nations Act 1945 (Cth); items 16and 22, schedule 1, International Trade Integrity Act 2007 (Cth). •18 Section 9.2 of the Criminal Code Act 1995 (Cth) •19 Section 70.2 Criminal Code Act (Cth) 1995, items 1 and 2 schedule 2, InternationalTrade Integrity Act 2007 (Cth). •20 Section 26-52 Income Tax Assessment Act (Cth) 1997, items 6 and 7 2, International Trade Integrity Act 2007 (Cth) •21 Section 2 International Trade Integrity Act 2007(Cth) •22 These regulations set out permissible dealings under the sanctions regulations, as well as grounds for listing persons, entities or assets and authorised dealings under the Charter of the UnitedNations Act 1945 (Cth).

IF AN INDIVIDUAL RECEIVES A REQUEST TO PRODUCE COMPLIANCE DOCUMENTS AND REFUSES, HE OR SHE COULD FACE UP TO 12 MONTHS’ IMPRISONMENT.

FEATURE

THE PASSAGE OF THE ITIA brings newfocus on a range of existing sanctions andembargoes that apply to Australian businesses,including financial institutions. And theycome with a sting – strict liability. Foremostof these are those that arise under the Charter of the United Nations Act 1945 (Cth) (COTUNA), which is the legislativemechanism that Australia uses to implementits obligations under UN law. UN SecurityCouncil sanctions can include arms embar-goes, travel sanctions, restrictions on the provision of financial services, import/exportbans on certain commodities and civil aviation restrictions. The only defences to offences for dealing with a freezable asset or dealing with proscribed persons under COTUNA available to corporations are mistake of fact, and a reasonable precautions defence.

The most well known of the COTUNAsanctions is the Department of Foreign Affairsand Trade List. These are the persons andentities designated under the UNSC sanctionsregime. It is a criminal offence under COTUNA to:• use or deal with funds, other financial

assets and economic resources that areowned or controlled by designated persons or entities; or

• give funds, financial assets or economicresources to designated persons or entities. Less well known are the names published

by the Reserve Bank of Australia. The RBAadministers sanctions implemented via theBanking (Foreign Exchange) Regulations1959. Restrictions apply to certain financialtransactions relating to the following:• Supporters of the former government of

the Federal Republic of Yugoslavia • Ministers and senior officials of the

Government of Zimbabwe • Certain entities associated with the

Democratic People’s Republic of Korea(North Korea)

• Individuals associated with the Burmese regime Indeed, it was the presence of the names

of the ministers and senior officials of theGovernment of Zimbabwe on the RBA listthat lead to a decision to require the exit ofcertain family members in Australia who werehere for study purposes in 2007. Inflow ofsubstantial funds was detected through thepolicing of the RBA list.

Section 102 of the Anti MoneyLaundering and Counter Terrorism FinancingAct (2006) (the AML/CTF Act) allows for themaking of regulations that may prohibit or regulate the entering into of transactions withpeople from other countries. There are no reg-ulations currently in force under section 102.

The ITIA also contemplates that newsanctions and embargoes might arise underdifferent legislative instruments.

To a financial institution, all of thismeans a changing landscape that requires at least two key streams of activity:• A monitoring capability to acknowledge

and respond to all changes in legislationand regulation that introduce new sanc-tions and embargoes or amend or expandexisting sanctions and embargoes; and

• An internal capability to ensure that customers, counterparties and transactionsdo not offend sanctions and embargoes.This internal capability should cover the

following matters:• Filtering of international payments to

ensure that inbound and outbound pay-ment instructions do not involve a desig-nated person. Those financial businessesthat instruct banks to perform their inter-national payments cannot necessarily relyon them to perform this scanning func-tion. Potentially, even the giving of theinstruction to the bank may constitute anoffence under COTUNA unless they haveoutsourced this screening responsibility incarefully documented arrangements.Batch payments may not necessarilyreveal beneficiary and remitter informa-tion in the message and it is necessary tohave other processes in place to collectthis information to allow the batch pay-ment to be properly scrutinised.

• Gathering sufficient information aboutcustomers, beneficial owners, controllers,agents, beneficiaries, trustees and otherrepresentatives of customers to permittheir names to be scanned regularlyagainst lists such as the DFAT List, theRBA List and any other relevant list ofdesignated persons. Financial institutionswill quickly discover that collecting aname only is rarely sufficient and moreinformation is required to differentiateone name from all other names withindatabases as time passes. Typically thismight include date of birth and address.

• Periodic review of customers domiciled,registered or associated with countriesthat are regarded as high risk in the areasof money laundering, terrorism financingor are the subject of sanctions and embargoes. This review needs to extendbeyond the customer to its beneficialowners, controllers, agents, beneficiaries,trustees and other representatives.

• Financial institutions involved in tradefinancing need to perform due diligenceon the parties involved in a transaction to ensure that they are not designated persons, as well as the nature of thegoods or services that are the subject of the transaction, before they can becomfortable that their trade financingdoes not breach sanctions and embargoes.

• Where a transaction is the subject of alicence or permit, a financial institutionshould satisfy itself that sufficient information was provided to support the issue of the licence or permit. The institution may also need a licence or permit to provide the financial servicesassociated with the transaction.

• Some financial institutions, because ofthe specific nature of their business, may wish to screen their employees’names against the proscribed personslists, particularly those with permanentestablishments overseas in high-riskcountries. Establishing this internal capability poses

particular challenges for financial institutions,including:• Engaging people with sufficient sanctions

and embargo experience. Analysing tradetransactions and performing due diligenceon licences and permits requires expertise.

• Training employees in sanctions andembargoes and the financial institution’scontrol processes. This training will need to be differentiated according to thedifferent roles and responsibilities acrossbusiness lines and delivered by experts.

• Changing customer database structures so that the names of beneficial owners,controllers, agents, beneficiaries, trusteesand other representatives of customerscan be scanned. The Australian Bankers Association is

developing guidance for its members on theITIA and management of the COTUNA sanctions and embargoes. ■


Impact analysis

Detect Inspect Resolve

TransWatchTM

introducing the smart way to protect

yourself and your assets

Key Benefits include:

US

UK

UAE

Australia

TransWatch™ is a rule-based financial crime solution for detecting,

investigating and resolving suspicious activities as part of a firm’s

AML process.

T

ransTTTrTintroducing t

yourse

s atatWthe smartrt wayay t

elf and your ass

chTM

to protecct

sets


COMPLINET COLUMN

S OME REPORTS even have themarguing that those institutions shouldstop trading with Cuba, a country the

Europeans have never treated as a pariah and against which the UN has never issuedblanket bans. As late as September 2005, theOffice of Foreign Assets Control was devotingsix times more manpower to Cuban sanctionsthan to the fight against Al-Qaeda.

The mechanism by which OFAC, or itsallies from the Treasury’s Office of Terrorismand Financial Intelligence, is threateningWestern institutions is simple and legitimate. It owes an obvious debt to the USA Patriot Act2001, section 319, which empowers theTreasury to impound monies located in the USin the stead of monies beyond its reach abroad.

Imagine, for instance, that OFAC wants tosue reinsurance company X, an institution situ-ated entirely abroad with no money in the US,in the US federal courts for breaking US sanc-tions – and nobody else’s sanctions – againstCuba. It cannot do this, and it cannot even lift money from company X’s subsidiary inCalifornia, unless company X – the main, non-US company – processes a dollar-denominateddeal with Cuba through the US banking sys-tem. Even under the extra-territorial reach ofUS law, there has to be an effect in America.

Let us assume, however, that company Xdoes go ahead with a banned deal of this sortand some related payment goes through theNew York Clearing House. The US Treasurycan then impound property belonging to thesubsidiary, even though the subsidiary hasstuck religiously to US rules throughout. The US can also freeze monies held in inter-bank accounts on behalf of foreignfinancial institutions in the US. Most British

institutions have business in the US, and forsome that business is essential. What bank or securities brokerage or large insurance“carrier” can operate without using the USclearing system? This is why British moneylaundering reporting officers fear OFAC morethan the Financial Services Authority. Theirfear is shared by money laundering reportingofficers in every advanced nation.

So the Americans can punish foreignfinancial institutions that operate only outsidethe US, as long as some of their transactionshave gone through the US at some point.Despite the reassurances from large financialfirms, this is exactly what is happening.

Many British financial institutions do nothave sufficient anti-terrorism software toweed out everything on an OFAC list.Institutions are regularly doing inadvertentbusiness with “specially designated nationals”via payments that go through the NYCH.OFAC knows this. It does not feel able topress the “nuclear button” and invoke s311 of the USA Patriot Act, which allows it toblackball a non-US financial institution. Civilaction over OFAC violations on US soil, however, is a different matter. The Americans

can pick and choose who to sue. This includesOFAC violations in Society for WorldwideInterbank Financial Telecommunication(SWIFT) messages that pass through.

OFAC therefore has the whip hand. The hoops through which some British institutions have to jump to please the US authorities are scarcely believable.Agreements to stop doing business with

Iranians are just the beginning. Hundreds of accountants are being drafted in to siftthrough all transactions going back in somecases to 2000. It is not inconceivable thatsome institutions have processed about 1,000 breaches apiece since that year.Probably all of these would have been quitelegitimate outside the US, but unfortunatelythey did not stay outside the US.

In yielding to the Americans, some insti-tutions are handing over personal data abouttheir customers. A lot of this traffic is illegalin their home countries, but they are doing itin the hope they will not have their lucrativeUS subsidiaries’ assets – or their own assets in the US – frozen. Foreign policy – and theworld of compliance – seldom gets darker ordirtier than this. ■

The long arm of Uncle Sam

LONDON CALLING

By Chris HamblinCOMPLINET

London is aflutter as American Treasury officials visit the majorfinancial institutions, threatening them with dire repercussions if theyrefuse to give up their perfectly legal banking business with Iran.

THE US CAN ALSO FREEZE MONIES HELD IN INTER-BANK ACCOUNTS ON BEHALF OF FOREIGN FINANCIAL INSTITUTIONS IN THE US.

AUSTRAC COLUMN


A LL REPORTING ENTITIES underthe Anti-Money Laundering andCounter-Terrorism Financing Act

2006 ( the AML/CTF Act) were required tosubmit a compliance report to the AustralianTransaction Reports and Analysis Centre(AUSTRAC) by March 31, 2008. Compliancereports give AUSTRAC an indication ofreporting entities’ progress in implementingtheir obligations under the AML/CTF Act.

AUSTRAC consulted extensively withindustry bodies and reporting entities in 2007as to what questions would be asked in thecompliance report, which covered the reportingperiod from December 13, 2006, to December31, 2007. Industry feedback was incorporatedinto the final compliance report, which wasreleased in October 2007, five months before itwas due, to allow reporting entities plenty oftime to prepare for the due date.

In December 2007, AUSTRAC sent letters to reporting entities that it consideredmay have had reporting obligations under the

AML/CTF Act. These letters were designed to encourage businesses that provided ‘designated services’ under the AML/CTF Act to enrol with AUSTRAC’s informationportal, AUSTRAC Online.

AUSTRAC followed up with letters,emails and outbound call campaigns to specif-ic industry sectors, reminding reporting enti-ties of their obligations to submit a compli-ance report by the March 31 deadline. It alsoran advertisements in national and metropoli-tan newspapers in capital cities, as well as keybusiness/financial magazines. Advertisementswere also run in ethnic newspapers to targetremittance service providers in particular.

AUSTRAC also conducted a mediaawareness campaign through various mediainterviews, updated its web site to includeinformation on lodging compliance reports,and provided presentations, seminars andbrochures to reporting entities. Where there

was an industry association, AUSTRACsought their involvement and referred report-ing entities to the association for assistance.

Determining the regulatory populationwas an inexact science. It was originally estimated that about 19,000 reporting entitiesmay have had obligations under theAML/CTF Act. However, after outreach andcompliance efforts, this figure was refined tomore than 15,000.

More than 10,000 entities have identifiedthemselves as reporting entities under the new legislation by enrolling with AUSTRACOnline. Nearly 8,000 of these have lodgedcompliance reports.

There were two key groups of reportingentities that were not required to submit acompliance report this year and possiblytherefore have not enrolled. More specifically,these were Australian financial serviceslicence (AFSL) holders who make arrange-ments for a person to receive a designatedservice, and businesses that issued an interest

in a managed investment scheme (prior toJanuary 31, 2008). They number about 2,000.

In terms of industry compliance, it isalready clear that compliance progress duringthe transition period ranges widely across theregulated population.

The mainstream financial servicesproviders that previously reported to AUSTRAC under the Financial TransactionReports Act 1988 (FTR Act) have respondedrelatively well, as would be expected.Additionally, industry segments and individual reporting entities that have beenbetter resourced, accustomed to regulation and skilled in risk management, or haveengaged closely with their industry associa-tion, a service provider or the regulator, have also been generally well advanced.

Many reporting entities caught by theAML/CTF Act were micro-businesses, soletraders and small businesses that don’t have

the compliance experience of larger prominentreporting entities. Despite AUSTRAC’sefforts to educate these reporting entities, alarge proportion has failed to respond. AUS-TRAC is continuing to work with thosereporting entities that have identified them-selves. Those that have not should immediate-ly contact the AUSTRAC Help Desk.

At this stage of the AML/CTF Act imple-mentation timetable, AUSTRAC’s approach isfocused on voluntary compliance. We want togive businesses offering designated servicesevery chance to comply with the law.Consequently, AUSTRAC is working with anexpected 3,000 remittance service providersand gambling venues to assist them inenrolling and providing their reports. Thereare, however, about 2,000 reporting entitiesrequiring further follow-up.

The Policy (Civil Penalty Orders)Principles 2006, set by the former Minister forJustice and Customs, provide that AUSTRACwill not take civil penalty action where areporting entity has taken ‘reasonable steps’ to comply with its obligations during the 15-month period following each key date of the staggered implementation of theAML/CTF Act. A reporting entity’s compli-ance report response assists AUSTRAC inensuring they are taking reasonable steps for compliance on the specific requirements of the AML/CTF Act by the required date ofthe staggered implementation period.

AUSTRAC considers that ‘reasonablesteps’ in relation to compliance report obliga-tions include submission of the AML/CTFcompliance report by March 31, 2008. A com-pliance report must be provided now, even if a reporting entity has missed the March 31deadline, in order to avoid civil penalties.[m1]

AUSTRAC is planning the next stage of action for those reporting entities that have not yet provided a compliance reportincluding, as appropriate, the necessity forthem to demonstrate why enforcement actions should not proceed. ■

The easiest way for reporting entities to submittheir compliance report is via AUSTRAC Online(www.AUSTRAC.gov.au/online). For furtherinformation, contact the AUSTRAC HELP DESKon 1300 021 037.

AUSTRAC’s preliminary observationsregarding compliance reporting

A COMPLIANCE REPORT MUST BE PROVIDED NOW, EVEN IF A REPORTING ENTITY HAS MISSED THE MARCH 31DEADLINE, IN ORDER TO AVOID CIVIL PENALTIES.

FEATURE

D ESPITE the differences in businesssector and the relative sizes of thosewe spoke to, we were able to distill

some common themes in the way they eachprepared for the site visit.

One business had been involved in quarterly discussions with AUSTRAC sinceDecember 2006 and its visit was an extensionof ongoing compliance dialogue. Most entitiesin the financial services sector would not havethe same level of engagement with AUSTRAC.

The process AUSTRAC used to set up asite visit followed broadly the same format,namely:• A telephone call to the AML/CTF compli-

ance officer advising of the proposed visit;• A pre-visit letter requesting documents

relevant to areas that would be the subjectof the visit;

• Following delivery of the documents, aproposed agenda set out the topics AUS-TRAC wished to discuss during the visitand the amount of time it would take;

• At the end of the visit a list was preparedof the outstanding items or actions;

• An exit interview occurred within twoweeks; and

• A final report was prepared in six to eight weeks.This process may change with the size

and complexity of the business of the entity.We have developed the following check-

list to help entities prepare for a visit. Wehave focused on smaller entities that have nothad direct contact with AUSTRAC via theprevious legislative regime. The preparationsare similar to those any financial institutionshould do when being visited by a regulator.

The general conclusion of those we spoketo was that AUSTRAC wanted to meet withthe people who were working on AML/CTFactivities rather than senior management. The visit was focused on operational mattersrather than oversight, so the visit teams were

selected accordingly. The visits seem to havebeen information gathering exercises ratherthan formal presentations on each topic iden-tified by AUSTRAC as points of interest.

You can expect that AUSTRAC willreview documents recording policies and procedures that show compliance with the

AML/CTF Act. For example, in correspon-dent banking, AUSTRAC would expect to see documents relating to:• The policy and processes for performing

due diligence on new and existing corre-spondent banking relationships;

• The matrices in use for managing moneylaundering/TF country risk within thecontext of correspondent banking;

• The approval process for acceptance of anew correspondent bank;

• The bank’s policy on shell banks.


AUSTRAC – are they coming your way?We have been speaking to several reporting entities that havealready completed an AUSTRAC site visit. Thanks are given to those entities involved and their AML/CTF managers forassisting with background information for this article.

Does senior management know that the visit has been requested by AUSTRAC?

Have you identified all the documents that are relevant to the areas requested by AUSTRAC in the pre-visit letter?

Have you reviewed all the documents that are relevant to the areas requestedby AUSTRAC in the pre-visit letter before delivering them to AUSTRAC?

Have you checked all documents to be released to AUSTRAC for customerdata and reviewed your legal obligations regarding that data which are owed to the customer?

Have you received approval from legal counsel that it is permissible torelease the identified documents to AUSTRAC?

Has legal counsel considered the need for a notice under section 167 of the AML/CTF Act, for example regarding documents that contain referencesto customers?

Have you kept a register of all the documents provided to AUSTRAC pursuant to its request?

On review of the proposed agenda for the visit, have you identified key staffyou expect will be needed for the visit to ensure their availability?

Have you selected a key person to sit in on all sessions with AUSTRAC?

Will internal audit attend any of the meetings with AUSTRAC?

Have you considered the need to run through some of the topic areas internally before the AUSTRAC visit?

Have you discussed with AUSTRAC who you plan to have at the meetings so that you know they are comfortable with the arrangements?

Have you arranged for a minute taker to be present in all meetings?

Have you reviewed your March 2008 compliance report before the visit?

Have you looked at the value or repeating the AUSTRAC self-assessment as part of your visit preparation?

Have you prepared a post-visit report for senior management?

Site visit preparation checklist: YES NO

�

FEATURE

If you reported to AUSTRAC in March2008 that you completed activities in relationto a current obligation, AUSTRAC is likely toask you for documentary evidence of thisbefore the visit.

Reporting entities should reviewAUSTRAC’s powers under the AML/CTF Act,particularly section 167, when consideringhow to respond to requests for documents.Section 167 refers to information or documents relevant to the operation of theAML/CTF Act, the AML/CTF regulations or the AML/CTF rules.

The AUSTRAC monitoring policy shouldalso be reviewed by anyone preparing for asite visit, including the following statements,which appear on page 4:

“Again, AUSTRAC expects to conduct themajority of its monitoring activity on the basisthat entities will be open and co-operative,and to invoke its formal enquiry and enforce-ment powers only in unusual circumstancesand on infrequent occasions.

AUSTRAC will exercise monitoring powers appropriate to the perceived level ofrisk of the entity. AUSTRAC’s risk assessmentsystem for this purpose will take a number ofrelevant factors into account, including anentity’s business type, size and complexity, and its previous compliance history.

The type of monitoring conducted (forexample field or remote), the frequency, and

the focus of the monitoring will be determinedby AUSTRAC, having regard to the potentialimpact of the identified risk on the integrity ofthe financial system, and the likelihood of that

impact materialising in practice.”The best advice is to follow the no sur-

prises principle and be open and transparentabout your AML/CTF activities. ■


NEWS

�

“... AUSTRAC expects toconduct the majority of its monitoring activity on thebasis that entities will be open and co-operative,and to invoke its formalenquiry and enforcementpowers only in unusualcircumstances and oninfrequent occasions.”

LONDON – Citibank has suspended the opening of new UK accounts and is reviewingits anti-money laundering (AML) processesand resources with the Financial ServicesAuthority (FSA), the UK’s financial regulator.The FSA has asked the bank to provide weekly updates until the risks are resolved.

The bank said it made the decision to suspend new account openings itself after aninternal review revealed process and resourceproblems. The affected unit of the US bankinggroup, which caters for 170,000 affluent customers globally, has frozen new accountopenings in the UK.

“The business has grown 70% over thepast 12 months and is taking a pause withregard to new accounts while we ensure adequate resources are in place,” said a statement from Citibank. “It is business asusual for all existing customers. This is aprocess and resource issue.” ■

Citi suspends new accounts amid AML reviewBy David Benyon OpRisk & Compliance http://www.opriskandcompliance.com

FSA requests weekly anti-money laundering reports from Citi after an internal review reveals process and resource risks

FEATURE

Did you lobby to get this roleor just draw the short straw?

I N A RECENT workshop I ran withAML/CTF compliance officers, most felt they got the position by default

because it followed on the heels of other com-pliance and operational risk responsibilities.Whichever way you came to it, the first pieceof news to give you is that it is a role that has expectations attached. And those expecta-tions are, not surprisingly, the expectations of AUSTRAC.

What are these expectations? Paragraph3.5 of AUSTRAC’s guidance on theAML/CTF compliance officer says that “when conducting a compliance audit of a reporting entity or designated businessgroup, AUSTRAC would consider, amongother factors, the overall internal systems and controls of the reporting entity. Thiswould include whether there is appropriateoversight by boards and senior management,independent review and appropriate appoint-ment of an AML/CTF compliance officer.Considerations would include the effectiveness of the compliance officer in fulfilling their responsibilities as set out in the AML/CTF program or other documentation. The appointment of a compliance officer will be viewed in the wider context of how adequate a contribution this person makes to thereporting entity or designated business group’sefforts to identify, mitigate and manage themoney laundering and terrorism financing(ML/TF) risks it may reasonably face.”

So every AML/CTF compliance officerfaces the prospect that AUSTRAC will assess:• How effective they are in fulfilling their

responsibilities as set out in the AML/CTFprogram or other documentation;

• How adequate a contribution they havemade to overall efforts to identify, mitigate and manage ML/TF risk.

Are there other liabilities or obligationsflowing from the role of an AML/CTF compliance officer? It would seem that thereis nothing specific that is different from theliabilities and obligations that apply to allemployees and agents of reporting entitiesunder the AML/CTF Act. An AML/CTFCompliance Officer that:• Gives information to AUSTRAC

under the AML/CTF Act that is false or misleading;

• Produces documents to AUSTRAC under the AML/CTF Act that is false or misleading;

• is exposed to criminal or civil offencesunder the act. In practical terms an AML/CTF compli-

ance officer who is involved in activities thatare in breach of the AML/CTF Act, either

through intentional actions or neglect, wouldsuffer adverse impacts in terms of their rela-tionship with AUSTRAC in their current andfuture employment.

Some tips for survival as an AML/CTF compliance officer • Establish achievable

responsibilitiesEstablish responsibilities that are achievablein your organisation – for example, would youagree to be responsible for “ensuring continu-ing compliance with the obligations of theAML/CTF Act and AML/CTF Rules, subjectto the ongoing oversight of the reporting entity’s board and senior management” as


So you drew the short strawand you’re an AML/CTF compliance officer ...

�

FEATURE

suggested by the AUSTRAC guidance note.There are many factors outside your controlthat prevent you from ensuring continuingcompliance. You can of course be responsiblefor designing and implementing proceduresthat meet the requirements of the AML/CTFAct, which is a more sensible formulation ofyour scope of accountability.

• Get some knowledgeIf you are to meet tests like “effective” and“adequate” then make sure you understand the subject. Attend conferences, subscribe tonews websites, read guidance material fromAUSTRAC and overseas. Contact AML/CTFcompliance officers at peer organisations and establish a network. Include some money in your budget for access to externalinformation sources. Develop a thoroughunderstanding of the AML/CTF Act, the registered AML/CTF Rules and AUSTRACguidance material.

• Stay on top of geographic and country risk

Monitor international materials that relate tothe measurement of ML/TF risk for othercountries. Make sure these are distributed to relevant business areas and incorporatedinto your AML/CTF country risk controls.Ensure you are up to date with current viewson the ML/TF risks of countries where newbusiness opportunities are being considered.

• Protect yourselfDesign your AML/CTF procedures in collaboration with the people who will usethem. Test the success of your implementa-tion. Design ongoing assurance controls to check that these procedures are workingcorrectly. Review your procedures to verifythat they are achieving the required outcomesand are meeting changes in ML/TF risks.

• Motivate the businessAML/CTF compliance is an enterprise-wideactivity. Select champions in the businessareas and use them to improve attention toAML/CTF compliance. Motivate them tolook for money laundering in their businessand use that information to drive wider motivation. The business people know their area, know their procedures and are best positioned to fine tune this process.Motivated people are usually prepared to follow AML/CTF procedures.

• Be a successful trainerYou will rely on the people in the business toexecute procedures correctly. They need good

quality training to achieve this outcome.AML/CTF training is role-based – differentroles need different training and managersneed to understand the breadth of the trainingtheir people do. Do not scrimp on yourAML/CTF training budget as it is one of thebest pathways to a successful and defensibleAML/CTF program. Think carefully aboutwhen and how you assess training outcomes:delayed assessment is a good benchmark ofthe success of your training.

• Management reportingUse management reporting to make seniormanagers aware of their responsibilities under the AML/CTF Program. Business unit heads should know how many higher-risk customers have been accepted in the reporting period; operational risk should be aware of how many suspiciousactivity reports have been lodged; operationsand business unit heads should know howmany customer identification procedures have been completed wrongly in a reportingperiod. Any reporting entity that is not sampling critical AML/CTF processes is missing key opportunities to satisfy itself ofthe adequacy of its activities and to embedaccountability where it belongs.

• Operating assurance controlsEvery critical AML/CTF procedure youdesign should also include an assurance mechanism. The best assurance controls areself-generating ones that create compliancedata for you whenever they are used. Forexample, the number of suspicious matterreports filed in a month should equal the number of enhanced customer due diligenceprocedures completed. The more you canautomate these assurance controls, the moreopportunity you have to demonstrate the costeffectiveness of your AML/CTF program.

• Get involved in industry lobbyingUse your industry association to furtherdebate. If you need typologies for your industry, use the voice of your association.

If you cannot keep up with documents being posted on the AUSTRAC website, use your industry association to push forimprovements in the AUSTRAC websitemanagement. Your industry association will also be working at the interface betweenyour business sector and other financial services sectors so leverage your knowledgeby getting involved.

• Cover your absencesMake sure that your role is covered when you are on leave or unavailable. Some events might be time-critical, such as suspicious matter reporting (worst-case scenario, a terrorism financing event). Some businesses might like to create emailaddresses that are not linked to a person, suchas [email protected] and a genericphone number that can be forwarded to theperson on duty in the role from time to time.

• Self assessReview the AUSTRAC Guidance Note on AML/CTF compliance officers and determine which elements you satisfy andwhere there are gaps. Some gaps you may be able to close and some gaps might not beappropriate to be closed.

• Think aheadAML/CTF knowledge in Australia is at anearly stage. Within two years AML/CTFpractices will have matured. Spend sometime considering the likely direction ofchanges in AML/CTF practices so that thesedevelopments can be factored into other business changes. Make sure that the business understands that this wave ofAML/CTF implementation is only the beginning of change in this arena. ■

Joy Geary is the founder of AML Master. AFMA is presenting her class on the Role of the AML/CTF compliance officer in Melbourne and Sydney in October andNovember. For further information, email [email protected]


�

SPEND SOME TIME CONSIDERING THE LIKELYDIRECTION OF CHANGES IN AML/CTF PRACTICESSO THAT THESE DEVELOPMENTS CAN BE FACTORED INTO OTHER BUSINESS CHANGES.

Responsibilities of an AML/CTF Compliance Officer Workshop

registration fee AFMA Members $390 + gst

Non-Members $470 + gst

about the workshop The AML/CTF Rules require reporting entities to appoint an AML/CTF Compliance Offi cer. This

two hour workshop will focus on the key responsibilities of an AML/CTF Compliance Offi cer in:

Transferring knowledge and awareness within an organisation

Developing AML/CTF procedures that work

Developing and delivering AML/CTF training

Designing and using AML/CTF controls

Meeting reporting obligations to AUSTRAC

learning objectivesBy the end of this session you will be able to set your priorities as an AML/CTF Compliance Offi cer including:

How to develop and maintain knowledge of AML/CTF

The importance of spreading awareness within an organisation

Techniques to develop effective AML/CTF procedures

Designing and conducting effective AML/CTF training

Managing assurance of AML/CTF controls

Delivering management information reporting

Preparing for a visit from AUSTRAC

workshop dates 29 October 2008 | Sydney

9:30am – 11:30am

25 November 2008 | Sydney

3:00pm – 5:00pm

for further informationvisit www.afma.com.au tel + 61 2 9776 7923 email [email protected]

Responsibilities of an AML Compliance Officer aml mag-advert.indd 1Responsibilities of an AML Compliance Officer aml mag-advert.indd 1 29/08/2008 10:07:03 AM29/08/2008 10:07:03 AM

eVOICE


Dear Editor

I am taking you up on your invitation to use letters to the editor to identify areaswhere the industry could benefit from discussion. One challenge we have at Macquarie is the situation where we utilise the services of a share registry for customer on-boarding. Where this is the case there are interesting questions to consider regarding who will be responsible for monitoring, particularly transaction monitoring, how it will be done, deciding on red flags, what to do in the case of an SMR, whether reliance on the registry is appropriate, sanction checking investor names etc. Given share registries are servicing so many reporting entities, they are bound to be facing many challenges in relation to AML at the moment as each reporting entity starts to impose requirements on them. An article that addressed these matters from the perspective of the share registry, and perhaps how this has been managed in other countries, would be most helpful.

Thanks

Sharon McKennaSenior Manager, Risk Management Group Macquarie Group

eVoice: have your say – write to the Editor on topics of interest for future issues or better still if you have a view that is different from what we have published.

Dear Editor,

I think that your eVoice proposal is a really good idea.

One issue that we would like to raise is related to making a decision on anAML/CTF system solution. It is certainly one of the biggest, if not the biggestdecision that is made as part of an AML/CTF project.

Whilst the banks all seem now to have selected a vendor, fund managers seem to be holding off on making a decision, or seeking to avoid a system solution.This does raise the question as to whether a manual solution is realistically a sustainable solution in a lower risk environment.

Given that the major vendors provide integrated solutions that cover riskassessment, watch list checking, transaction monitoring and case management, the decision significantly impacts upon the path to meeting the 12 December 2008obligations. Whilst it is possible to separate the system requirements for the KYCobligations from the transaction monitoring obligations, this does not seem wise if the end outcome is an integrated solution.

An article on some of the key things to consider in selecting a vendor andwhere to go for advice on this exercise would be really valuable.

I am happy to discuss this in more detail if you would like further background.

Many thanks,AML/CTF ManagerManaged Fund business(name withheld)

Dear Editor

Thank you for the opportunity to make suggestions. At Westpac, we see the followingissues are making for interesting debate as knowledge is developing across the industry. In no particular order, we would find articles that dealt with the following issues useful for many reporting entities as they come to understand that AML/CTF is a broader and deeper operational issue than perhaps was first understood.

1. We are interested in the qualities of anAML/CTF expert, and AML/CTF consultingfirms and consultants? Australia is in shortsupply of people with operational and strategic experience in AML/CTF controls of the kind that this legislation calls for. This throws up questions like what sort ofbackground should AML/CTF experts have,what characteristics should a reporting entityuse to identify those that can provide practicalassistance from theoretical experience.

2. Related to the issue of AML/CTF experts,how are organisations addressing the challenge of finding staff who have experience in AML/CTF when the legislationis relatively new to Australia in its current format, and those that exist have been servicing a much smaller market.

3. How organisations are dealing with economicand trade sanctions vis-a-vis AML/CTF.

4. What is the real truth – can AML/CTF compliance management provide a competitive advantage?

5. AML/CTF compliance – what is the rightstructure to ensure enterprise compliance – is it to leverage financial crime, should it be treated as operational risk or is it besthoused in compliance?

6. Finally, the role of MLRO – what is this roleaccountable for and what are the risks that this person faces under the AML/CTF Act?

Andrew Smith Head of Fraud and AML Control Westpac

FEATURE

The internet was the glue that held the 9/11 operationstogether and terrorists are using the internet to radicalise followers.

T HESE WERE JUST TWO of the fascinating facts revealed by DavidToddington, an open-source intelli-

gence expert from Toddington International,who took anti-money laundering specialiststhrough the world of online surveillance at arecent conference in Manchester. He wasaddressing the annual gathering of theInstitute of Money Laundering PreventionOfficers and his lecture proved to the serriedranks of investigators that “doing basicresearch online is a mandatory skill-set”.

Some of Toddington’s salient facts andfigures were:• Total data on the planet is growing at a

rate of two-thirds per annum.• Information is growing 10 times faster

than any other commodity, either naturalor man-made.

• The internet is the world’s largest reposi-tory of information, but lacks any Deweydecimal system to help people use it.Some estimates claim that it contains twotrillion web pages; some say 20 trillion.

• The “deep web” or “invisible web” isthought to be about 500 times larger thanthe “surface web”. Its name refers toinformation on web sites that is hidden orgenerally inaccessible through traditionalsearch methods.

The invisible webThe hidden web is largely inaccessible tostandard search engines, which operate fromproprietary web sites, and consequently tomost users. These search engines are Google(55.2 per cent of usage in July 2007), Yahoo!(23.5 per cent), MSN-live (12.3 per cent), Ask(4.7 per cent) and Time Warner (4.3 per cent).Examples of invisible web sites include elec-toral rolls, the filings of the US Securities andExchange Commission and other corporaterecord databases, telephone directories, peo-ple-finders such as 192.com, patent databasesand online dictionaries. A good 95 per cent ofthe invisible web is free.

Toddington mentioned that the Canadianpolice were thinking of allowing the public tocheck vehicle identity numbers. He added:“Put that number in Google and you’re wasting your time.”

Investigative toolsWeb 2.0 is the popular term for advanced inter-net technology and applications. These includeweb logs (i.e., blogs), wikis (web pages thatallow anyone to contribute or modify content),RSS and social bookmarking (a method forinternet users to store and manage bookmarksof web pages online). Web 2.0 relies on collab-oration among users and user-generated con-tent. Toddington looked at ways in which aninvestigator could exploit these phenomena.

Blogs are one of the cornerstones of Web2.0. Toddington says it is not easy to use technology to find out who is writing, for

example, a terrorist financing blog. He saidthat as Wordpress (a blog tool and web logplatform) and Blogger (a free web log pub-lishing tool from Google) were American, the investigator would probably have toinvoke a mutual legal assistance treaty to lift information from them. A new blog is created every half-second.

Then there is information that peopledump on the web to be perused. Wikipedia isthe most famous example. Toddington said:“Any one blog entry by itself won’t teach you much about who the author is. We leave


The internet is the tool of choice ofterrorists and investigators alike

■ A NEW BLOG IS CREATED EVERY HALF-SECOND.

By Chris HamblinCOMPLINET

�

FEATURE

digital detritus behind us on the web too. The English Wikipedia site has two millionarticles and you can edit it in real time or onthe fly. You’d be surprised how accurate it canbe. There is a wiki available on Google Earth,which is very cool. The idiom of mass collab-oration on the internet is very interesting.”

Flickr is a repository of images, with4,000-5,000 being uploaded every minute.Photobucket is another. Facebook uploads 8.5 million images a day. Hundreds of thousands of images are being uploaded every day on moving-picture sites such asYouTube and DailyMotion. MySpace andNexopia are social networking platforms that contain vast amounts of information.Del.icio.us (a social bookmarks manager) and Digg (a web site where people can discover and share content from anywhere on the internet by submitting links and stories etc) are also vital repositories of searchable data.

The tools for such open-source searchesare developing before the eyes of all.Toddington mentioned Google Bot — a web-crawler that can find any words that are on an image. If the investigator finds apicture of a terrorist, for example, he can use this “search [ro]bot” to decipher the words on the shop window behind them.

Toddington added that Polar Rose wasexperimenting with facial recognition. He alsosaid that his agency used Del.icio.us and Diggto find groups of people who were plotting toset up activist protests at the Olympics.

Criminals are no stranger to online inves-tigation techniques. Toddington cited the caseof a Mexican drug cartel whose members

appeared on a blog, showing off their “bling”jewellery. As a consequence, someone shotone of them — whom he had presumablytraced through online searches — and posteda film of the victim’s autopsy on yet anotherblog. Toddington drew the obvious lesson:“Once you’ve lost your privacy, it’s too late.”

Rapid growth in all directionsIn 2000 there were 93 top-level domains (e.g., .com, .edu, .org, .gov, .arpa, .hk, .uk, .ru,.eu) but in 2008 there were 541. Today’s internet has 1.32 billion users, or did while the conference was in progress. The breakdownof user figures is:

• Asia 510 million (14 per cent of all people on that continent).

• Europe 348 million (43 per cent of allEuropeans).

• North America 238 million (70 per centof the population).

• Latin America 126 million (22 per cent).• Africa 44 million (5 per cent).• Middle East 34 million (17 per cent).

English still accounts for 30 per cent ofall internet use. Chinese is catching up, with16 per cent. Spanish is 8.7 per cent andJapanese 6.7 per cent. The fastest-growinglanguage, on 4.2 per cent of world total, isArabic. This has climbed by 1,576 per centsince 2000. Portuguese has climbed by 571 per cent, Chinese by 472 per cent, French by 322 per cent, Spanish by 359 percent, and English by a comparatively stolid167 per cent. Even though investigators ought to welcome the sheer expansion ininformation, its increasing compartmentalisa-tion into foreign languages is likely to call for new translation tools.

The trouble with matchingTo deal with all this information and the dif-ferent languages in which it appears, onewould expect the typical investigator to turnto a search engine. This, however, is notalways possible.

Search engines seek keywords and logthose words and where they are. Toddington

described the problems they posed: “There’sno fuzzy matching for names such asMohammed. That name can be spelt verymany different ways, but the search enginedoesn’t know it’s all the same thing. The samething is on different pages of different searchengines: it can be on page 4 on Yahoo! andpage 24 on Google. The investigator mustthink about how to ask the questions andwhere to ask them.

“Worse, engines are becoming less impor-tant. A decreasing fraction of the web is beingindexed; search engines can’t keep up with it.Also, the information is highly volatile —things disappear. If you find something, save

it, and not just with ‘save as.’ Use Zotero andOnfolio. With them, you get a print of the website at the actual time.

“More than 50 per cent of searches are onGoogle; under a quarter are on Yahoo! Youcan do a live search at Live.com. Metasearchtools are good for starting queries. They dotend to dumb down the search, but ‘quick anddirty’ searches can be superb. Intelways.com

is a good way to access hundreds of web con-tent providers and search tools from one page,just entering your search terms once.”

The privacy of the investigatorThe conference heard that the internet threat-ened the privacy of not only criminals but ofthe investigators themselves. Toddington said:“One of the first things we search for onsomeone’s computer is a cache file. It storeswhat you’ve been looking at on your harddrive. We can even look at the keywordsyou’ve been putting in the search engines.When you visit the US, they have a right tocopy your computer information.

“Your IP address is unique - it has anumeric value. It’s essential for packets ofdata to navigate around the web. A web sitemay record your IP address permanently.Combining an IP address with readily avail-able information about your computer system,the criminals might positively identify you oryour organisation. You need proxy servers togive you privacy as an investigator — onegood one is the-cloak.com. You must have asecurity plan in place when you go aboutdoing police research online.

“Google has a record of every singleword entered and every IP address. Do youthink that that could be compromising?Google knows how you think — you, theinvestigator.”

Join the clubHelp is at hand for busy investigators.Toddington drew attention to an organisationhe belongs to: the Online Research andIntelligence Mailing List. This publishes aregular newsletter and serves as a discussionforum for police, regulators, the military andrelated professionals. Its members discussonline research, how to gather intelligenceand how to analyse and disseminate theresults. It is free to join and prospective members can attempt to sign up throughwww.toddington.com. ■


�

■ THE "DEEP WEB" OR "INVISIBLE WEB" IS THOUGHT TO BE ABOUT 500 TIMES LARGER THAN THE "SURFACE WEB".

■ THE FASTEST-GROWING LANGUAGE, ON 4.2 PER CENT OF WORLDTOTAL, IS ARABIC. THIS HAS CLIMBED BY 1,576 PER CENT SINCE 2000.

FEATURE

Double, Double, Toil and Trouble So you think all is well with your compli-ance/AML system. Your deflector shields areup and on maximum. KYC – check; DFAT –check; PEP – check; Green lights across theboard…check – check – check. You’re sureall is well, perhaps you can even relax, putyour feet up, take off early, have a chardy.Unfortunately, you should have left theBlackBerry at home, as it has started toscream. The world as you know it is about tochange. An employee has been implicated ina major identity theft and money launderingoperation. Uh oh…

It appears that a person who works at a call centre soliciting and developing credit card accounts has compromised yourinstitution to the tune of several million dollars. That, of course, is only the amountthat the authorities are aware of. (There isusually more money involved that goes undetected, unreported or un-noticed.) The news has hit the media and it’s time to circle the wagons and do damage control.Your first thought is: “How could this be?”Well, actually, your first thoughts are: “Why me? What did I do to deserve this? I wonder if that job at X bank is still available? ... and finally, “How can I blamethis on another department?”

As you move into disaster mode you findout some of the facts of the current crisis. Aperson working at a call centre in India has soldcustomer information to an identity theft ring.

But that is only phase one. The ID theft opera-tion also dabbles in credit card bust-outs and,most certainly, it just would not be completewithout being able to launder some of that newfound cash via your own credit card division.

Fire Burn and Cauldron BubbleHow could this have happened? All the boxeson your best practices checklist have beenticked off? You may have been victimised bywhat I refer to as “voo-due diligence.” Voo-due diligence is the magic wielding, spell cast-ing, potion drinking and doll pricking methodof conducting a background investigation.Unfortunately, more realistically, it is limitedand unprofessional attempts at due diligence.If any checks took place at all during this non-investigation, or voo-due diligence, they mayhave been conducted by persons of unknownintegrity, ability and experience.

When you outsource the work to anagent who subcontracts out to someonewho subcontracts out, don’t be surprisedwhen the level of competency is less thanyou expect. In this case, your institutionhired an outside agency to provide customerservices and/or call centre operations. They in turn hired a company from a foreigncountry, who hired a local firm to providestaff. Background checks on the employees?Did you really expect that to happen? What rules do they have to follow in countryX? If someone did conduct some type ofemployee background check, would it have

been completed proficiently? Did you justassume that every employee would bescreened like a visitor to the Kirribilli House?In these days of know your customer rulesand know your customers’ customer rules,you further need to know your contractors andalso know your contractors’ employees.

So, it was cheaper to use a vendor whoset up operations in a foreign country andused their local workers. Is that business casestill reading positively in the light of thisevent? The further away a service provider is from your institution, the greater the chance of things going bad. It certainly does not have to involve a foreign country.This can be sub-contracted out multiple times domestically and be just as big a mess.Your institution loses more control of thesituation with each succession of levels the investigation is away from home base.Data and sensitive information must be strictly controlled. The irony is that you must perform enhanced due diligence on those that would be performing customeridentification procedures and customer due diligence for you. There are often a number of tiers between you and the personwho actually performs an identificationprocess on your behalf. Your ability to control the quality of that person may be compromised through the complexity of the structure between you.


�

By Kevin Sullivan

“Voo-due diligence is the magic wielding, spellcasting, potion drinkingand doll pricking methodof conducting a back-ground investigation. “

Voo-Due Diligence

FEATURE

We Do, You Do, Everybody Voo-due

So how can you avoid the voo-due hex? Complete a money laundering/terrorism

funding (ML/TF) risk assessment on the services you are intending to outsource anduse that to drive your due diligence. Your riskassessment will include issues associated withthe prospective party who will perform theoutsourced services.

Do you perform all your own due dili-gence or do you contract out? Your own unitprovides much more control, however, thatmight not be possible for your institution. Iprefer having the control, but that way I cancreate the guidelines, rules and regulationsand make sure that they are enforced properly.

If you contract out, who are you contract-ing to? Is the owner of the company a retiredlaw enforcement official or somebody withlittle or no background in the law enforcementand/or security field? What’s their reputation?Who are their employees? What backgroundchecks do they do on their employees? Dothey understand ML/TF risks? How are yousupposed to know the answers to these ques-tions, especially when you are three layers removed from the actual worker bees?

In your contract with the vendor, insert astipulation that they cannot subcontract anywork out. At least this prevents more layersin the mix and employees from being furtheraway from your domain.

If the first-level contractor is going tosubcontract the work out, then you must know to whom it is and their qualificationsand work practices. So similar to the due diligence you had to do on the initial contractor, you now have to do again.

Quality control practices. Similar to anindependent audit of your AML/CTF system,I would suggest a process to define, measureand analyse your system and the services youreceive from your vendor. It is vital to testthe vendor’s system as well as your own. In the AML/CTF world, an independent auditis a must for any good program. The sameconcept should apply here. Do a site visit ifpossible. See the operation for yourself. You might be surprised what you find. If there are problems with your due diligence,management must be aware of the implica-tions and make changes to the system.

Performing your own due diligence

Complete a credit report – This will provide an indication of the financial

condition and history of the prospect. Criminal records – Have the manage-

ment or owners been arrested before and for what crime? Were they convicted?Obviously any financial, fraud or drug-relatedhistory would be suspect.

Civil court/bankruptcy – Once againyou are looking for the financial status andwell being of the prospect. Why is thatimportant? The old adage is desperate timesrequire desperate measures. If the prospect isin a bind financially, do you think it would be wise to put them in a tempting situationwhere they may have access to the financialinformation of your customers?

Education history – If you are relying onqualifications and expertise then verify, verify,verify. This is perhaps the most exaggeratedsection on a resume. When you verify, do notuse a phone number and/or address providedto you by the prospect. Look up the numberyourself. Most universities and educationalinstitutions will not release any information

about their students to anyone other than the student, so you will need a release form before you can obtain the informationyou require.

References, reference sites – You wouldthink that a prospect would only provide youwith site references of people that will tell you how wonderful they are. However, that is not always the case. You should contact all those that they provide and some they do not provide.

Internet checks – It is amazing what isavailable on the internet. Learn how to use it properly. You should familiarise yourselfwith the advanced search engine features, the invisible web and the web archives. If you have the chance to take a class in internet use I strongly recommend it.

Commercial databases – These are databases such as LexisNexis that containinformation about most all of us. They are a treasure chest of information that mightreveal something of importance or discreditsomething the prospect has mentioned.

This is far from a comprehensive list, as the purpose of this article was not how to conduct a due diligence investigation.However, these tips should be enough to atleast get you thinking about what can be done, should be done and what resources are available. If you are not doing thesethings yourself, is the company that you hired performing them? Good luck. ■

Kevin Sullivan is an investigator with the New York State Police and state investigationsco-ordinator at the NY HIFCA El Dorado TaskForce. He is the principal of AML Trainer.co.This is his first contribution to the AFMA Anti Money Laundering Magazine.


Here’s a case that I handled when I was working in the squad just before my money laundering days. (No names revealed to protect the honour of the victim)

HOMICIDE – The perpetrator’s car breaks down (which by the way was stolen) and hegoes looking for a replacement. He finds an elderly female working in her garden and he pushes her into her house where he stabs her repeatedly with a large carving knife. She died at the scene. The perpetrator is caught several days later. Our investigationrevealed that the perpetrator was on probation and living in a halfway house. He had a job working at a call centre. In fact just about everyone working at this call centre was on the rebound from some intimate, close up and personal experience with the correctionalsystem. The call centre had many different clients, some banks, some department storesand a slew of others which quite frankly, I don’t recall. Did any of these companiesinquire into the background of the call centre employees? Did these companies knowexactly who they were contracting with? Consequently, all of these call centre employeeswere asking callers or receiving from callers some form of personal data and information. By the way, the crimes that sent my perpetrator to prison before they allowed him out onparole was drug possession and credit card fraud. The moral of this story is that there was a complete and total breakdown of any sense of due diligence with reference to hiringemployees who had access to sensitive data. This is an example of voo-due diligence. ■

�


INSIDE STORY

T HE RELATIONSHIP between thecompliance department, on one side,and new accounts staff and client

relationship management on the other side, is symbiotic. Each has a separate and distinct,but complementary, function to perform, in order that the business of the bank operatesefficiently, but these departments do notalways see eye to eye.

New accounts facilitates the growth of the bank through acceptance of new customers, and relationship managers assistthe bank’s high net-worth clients, ensuringthat this profitable sector continues to be an important component.

Compliance is charged with oversight anda degree of control over customer identifica-tion, and information verification. It providesnew accounts with the go-ahead on prospec-tive clients through the design of customeridentification procedures and specific clear-ances for higher ML/TF risk customers.

Conflicts occur when, in the practice ofthe compliance function, potentially profitablenew business, or an expansion of existingbusiness, is declined on the grounds of unsuit-ability, or that the risk assessment shows anunacceptable level of risk for the bank.

How does this conflict manifest itself?Perhaps some of my experiences illustrate theproblems faced by compliance: • A banker travels up the bank’s chain of

command to reverse a compliance deci-sion. Often, new accounts trumps a nega-tive finding on a potential client by goingto senior management, or even a director,and causing the compliance decision to beoverruled on purely business grounds.

• Using proprietary information about compliance policies and procedures to gain an advantage for the client. A relationship manager, upon learningthat shareholders who own 10% or more in a company must be vetted bycompliance, instructs a valued client inadvance to lower the holdings of the otherowners to 9%, thus evading complianceinvestigation and due diligence.

• Disputing the due diligence methods and the results obtained. New accountsofficers dispute a compliance conclusionby minimising the negative information,and after obtaining additional references,go to the most senior compliance officer,who is possibly intimidated into approv-ing a new client.

• The new accounts people improperlychange the facts themselves. Newaccounts “creatively” edit the client’s personal information, changing thosedetails that could make a potential cus-tomer unacceptable, to untrue statementsthat help them gain approval from compliance. This may even be performedwithout the client’s knowledge.

• Use of the privacy and confidentialitycard to evade customer identificationprinciples. A client relationship managerforces a low-level compliance officer toaccept less than acceptable proof of beneficial ownership of a client’s offshorecompany, citing their wealthy client’sneed for privacy and anonymity. All of the above: (1) reduce the efficiency

and effectiveness of the compliance division,(2) allow clients who pose unacceptable levelsof risk to be accepted, or existing clients toexpand their business in violation of soundcompliance policies, and (3) sow distrustbetween compliance and the bank’s customeracquisition and development staff.

In seeking a fair solution to this problem,we must not only balance the equities, but weshould also remember that financial servicesbusinesses are, after all, commercial enterpris-es that are at risk for reputation damage, whichis far more important than any single client.

Here are some suggestions for developingan amicable relationship between complianceand those who generate new or expandedclient business:• Hold a mandatory lecture for new

accounts and client representative staff, at which you discuss not only the possiblepersonal legal (criminal) consequences

of failing to stop money laundering insidethe bank, but also reputational damage.This should be illustrated with the worstof the bank nightmares.

• Find a co-operative member of the boardof directors, acquaint this director withthe clear and present dangers, and enlisttheir help in disputes with new accountsstaff and client managers.

• Socialise with new accounts staff so thatall sides of the issues are understood and appreciated.

• Strengthen your compliance department,through additional training, attendance atoutside conferences, certificates earned,and make AML material available to thebusiness generators who frequently clashwith your staff on AML issues.Above all, seek to understand how

you can defuse the hostility and adversarialrelationship that persists between complianceand new accounts/client relationship managers, but work with them without compromising your compliance goals. ■

Kenneth Rijock is believed to be the only formerbanking attorney-turned career money laundererwho actively consults with law enforcement and the financial community. He has more than 25 years’ experience in the field of moneylaundering, as a practicing ‘laundryman’, financial institution compliance consultant, and trainer/lecturer to law enforcement and theintelligence services of both the United Statesand Canada. After serving as a banking lawyerin an international law firm, he spent thedecade of the 1980s as a money launderer andadvisor to narcotics trafficking organisationsoperating in North and South America. Whilstserving a federal prison sentence for racketeeringand money laundering, he assisted with the first joint Swiss-American money launderinginvestigation of bankers and lawyers, whichresulted in a major seizure of the proceeds ofcrime. Kenneth writes a daily AML column. Formore information visit www.world-check.com

By Kenneth RijockFINANCIAL CRIME CONSULTANT

FOR WORLD-CHECK

Reconciling conflicting interests


SPONSORED FEATURE

M UCH HAS CHANGED as the world progressestowards further integration and interdepend-ency. In this unprecedented scale of global

trade liberalisation, organised crime prospers silently.Traditional concepts of organised crime must be reconsidered – clichéd images of shady characters boundby underworld codes no longer hold true in current day realities. Criminal syndicates of today are highly efficient organisations that rival multinational corpora-tions. Geography, among other previously limiting factors, is irrelevant today as pan-global alliances andjoint ventures are made daily. As a result, organised crimeis the world’s fastest growing industry.

With few exceptions, organised crime is primarily an enterprise motivated by financial benefit and the global reduction of trade barriers has made available awide array of opportunities both licit and illicit. With the global annual income of organised crime estimated at approximately $2 trillion and growing, the world is experiencing an explosion of economic criminality. Criminal networks today manage global markets in thecounterfeiting of consumer goods and pharmaceuticals,and have established highly profitable participation in theinternational labour supply chain while still maintaining a stronghold in traditional criminal enterprises such as narcotics trafficking and the sex trade.

While recent global economic developments aremajor contributing factors in this pan-global surge in eco-nomic criminality, organised crime has been a persistent phenomenon. Like any other well managed multinationalcorporation, organised crime is preoccupied with two essential components – long-term profitability and sustainability. While not necessarily characterised bylongevity, organised crime does strive to prolong its profitable enterprises. The pinnacle requirement for

long-term sustainability of any criminal organisation isunderstood to be dependent on its ability to infiltrate thepolitical structure and cultivate an environment conduciveto criminal operations. This concept, better known as thePolitical-Criminal Nexus (PCN) is thought to sustain thepan-global persistence of organised crime.

Achieved though a mixed approach of corruptionand intimidation, organised crime elements forge arrange-ments where politicians, senior civil administrators andenterprising businessmen stand to be well compensated.Ranging from direct compensation to highly profitable

partnerships – PCN is highly enticing to the often modestsalaried public servant. For example, in 2003, a seeminglynormal multi-government joint operation that broughtdown a Chinese narcotics trafficking syndicate responsiblefor having smuggled more than US$100 million worth of heroin into the US from the Golden Triangle, uncoveredone of China’s worst political scandals. The syndicate managed to employ Chen Kai, who was a member of the Chinese People’s Consultative Congress, to oversee thelaundering of the criminal proceeds. Further investigationsexposed a complex money laundering web that implicatednumerous senior officials in law enforcement and statefinancial institutions. Laundered criminal proceeds were

Organised crime and the political-criminal nexus: know the risks

By B.C. Tan, Head of World-Check’s Organised Crime Research Unit

�

Organised crime is preoccupied withtwo essential components – long-termprofitability and sustainability.


SPONSORED FEATURE

even successfully translated into highly profitable real estateand business investments. Altogether, more than fifty government officials were found to be on the payroll of thesyndicate leader, Wong Kin-cheung.

Essentially, PCN seeks to provide criminal organisationswith the ability to influence policies and law enforcement initiatives that would interfere with their operations. In addition, it provides access to advanced warnings of targetedinvestigations and the ability to influence legislation that maythreaten their survivability. Though PCN may appear to bemore prevalent an issue in developing countries, it is not aproblem exclusive to developing nations.

Once criminal proceeds are successfully cleaned, thereis a pronounced motivation to reintegrate that wealth intoestablished financial markets which will make any futuremovement of the funds substantially easier. And as such,despite regional disparity in crime rates, geography is never a limiting factor. For instance, prominent member ofthe Goryo-kai Japanese Yakuza group, Susumu Kajiyama,who was convicted in 2005 for loan sharking and money laundering, managed to successfully launder and move theproceeds from his highly profitable loan shark operations.Following his 2005 conviction, US$58.3 million stashed in

Swiss bank accounts was seized. As the investigation laterrevealed, despite global heightened awareness in anti-moneylaundering affairs, Kajiyama was able to reintroduce his criminal proceeds through casinos in Las Vegas. Additionally,he was successful in moving his criminal proceeds throughmultiple major international banks based in Japan and Hong Kong, and terminating in Swiss bank accounts. Theunfortunate reality was that Know-your-customer validationshould have identified these criminal transactions asKajiyama’s genuine identity was utilised in most of theaccount opening procedures and transactions.

In another example the former governor of theMexican state of Quintana Roo, Mario Ernesto VillanuevaMadrid, who was eventually convicted on cocaine traffickingand money laundering charges, was found to have utilized a reputable New York Stock Exchange listed firm to launder his questionable proceeds. Convicted in 2007, investigationsrevealed that Madrid received US$30 million in payment from

the Mexican Southeast Cartel, essentially US$500,000 per narcotics shipment that he protected. In 2005, his New Yorkbased investment manager that represented the reputableglobal investment bank pleaded guilty to money-launderingcharges for having facilitated the laundering of US$11 millionin drug proceeds for Madrid.

Raul Salinas de Gotari, brother of former President ofMexico Carlos Salinas de Gortari, was also able to successfullymove illegal bribes received from narcotics trafficking cartelsto bank accounts in Switzerland. In 1998 Swiss authoritiesidentified over US$100 million in criminal proceeds linked toSalinas, deposited in a Swiss bank account. Utilising reputableUS banks, Salinas was able to transfer his questionable assetsfrom Mexico to Switzerland through New York and London.Despite more rigid banking regulatory enforcement, a disproportional number of Mexican PEP scandals haveinvolved reputable US banks.

In recent times, an increasingly pronounced develop-ment in PCN is the exploitation of privileged access to eco-nomic information that provides criminal organisations with unfair advantages. As former closed economies undergo economic and trade liberalisation, criminal organisationshave been highly successful in exploiting privileged information and their political connections to ensure anunfair advantage in the bidding of privatisation offerings.Moreover, PCN relationships are increasingly evolving intohighly sophisticated partnerships that bring together theopportunistic nature of criminal elements and the politicalauthority to result in preferential import-export duties,exchange rates, taxation, and access to government contracts.In many countries, it has become exceptionally difficult to discern between the criminal, politician and the businessman.

The Japanese recession of the 1990s exemplified theinherent risks of PCN in the stability and wellbeing of aneconomy. Colloquially known as the Yakuza recession, theeconomic downturn saddled Japanese banks with monolithicamounts of unrecoverable loans. As investigations laterrevealed, Japanese banks were found to have advancedapproximately 50 per cent of their outstanding loans to companies either connected to the Yakuza or apparent frontcompanies of the Yakuza. The lack of better business judge-ment witnessed prominent Yakuza figures such as SusumuIshii of the Inagawa-kai criminal syndicate successfully receiving loans that totalled US$300 million during that period. The unfortunate murders of several senior bankersinvolved in attempts to recover these loans exposed the genuine dangers involved in business dealings with the criminal underworld. During the period prior to the recession,the Yakuza were able to permeate their influence into thehigher echelons of the legislative, judicial and financial

�

�

A disproportional number ofMexican PEP scandals have involved reputable US banks.


SPONSORED FEATURE

hierarchy. This high risk collusion is increasingly observed inmany emerging economies today.

In Russia organised crime elements have infused mutually beneficial personal relationships with key membersof the political structure. Russian criminal organisations arenow known to extensively utilize state security apparatus toprotect and promote their criminal activities. Colombian andMexican narcotics trafficking cartels now openly hire militarypersonnel and law enforcement agents to execute groundoperations. The Los Zetas group affiliated to the Gulf Cartelis alleged to comprise primarily of renegade members of theMexican Airborne Special Forces Group. The economies ofRussia and the other former Soviet states, dominated by oligarchs propelled to wealth by PCN, are equally susceptibleto the regrettable outcome of the Japanese economic collapse. In 1994, the Russian Ministry of Interior Affairs in an unprecedented move made public its assertion that anestimated 80 per cent of all private businesses and 40 per centof the national wealth was linked to organised crime.

In vast and highly profitable transnational criminal enterprises, the ability to successfully launder criminal proceeds and reintroduce these funds into the legitimateeconomy remains a crucial factor in the criminal motivation.With an increasing number of developing countries fallingprey to the lure of the PCN, coupled with the new environ-ment of unprecedented economic interconnectivity globally,access to just one economy is necessary to ensure a globaleffect. Inadvertently, financial institutions have become the vanguard gatekeepers of this new global economic order. However the sheer volume and international natureof transactions exposes financial operators in an ever increasingly precarious position of abuse. Geography nolonger provides barriers of protection in this highly globalisedworld of increasing liberalised trade. Furthermore, the higher levels of disposable income in developed nations willalways be appealing to criminal organisations. Sex workers,narcotics and other forms of contraband will invariably findtheir way to wealthier nations through the facilitation oforganised criminal elements.

The stark reality of this subject requires the under-standing that political and criminal elements are inseparable factors in the overall compliance risk. Virtually all legislation written on the subject of organised crime includesindispensible articles and protocols that specifically address

the PCN phenomenon. The sobering truth is that there is justtoo much at stake for financial operators in the global economy of today. Even though financial operators are obligated to fulfil regulatory requirements set forth by Anti-Money Laundering laws, few can afford the reputational cost inflicted by unflattering media attention from exposedbusiness dealings with corrupt PEPs or prominent criminalelements. With oligarchs commanding economies in EasternEurope, governments outgunned by cartels in South Americaand Chinese Triad chiefs becoming prized investors; the business of knowing who you really are dealing with is notgetting any easier.

About B.C. Tan

B.C. Tan is the global head of organised crime research for World-Check. A former senior research analyst of theWorld-Check Terrorism & Insurgency Research Unit, he is a specialist in transnational organised crime networks, Anti-Money Laundering, Counter-Financing of Terrorism, illicit arms trade, Political-Criminal Nexus and Crime-TerrorNexus. His research has been cited at several keynote addresses that included the International Institute forStrategic Studies – Shangri-La Dialogue, in addition to publications in Jane’s Intelligence Review, the Consortium onCounter-Financing of Terrorism and the S.Rajaratnam Schoolof International Studies.

B.C. Tan is a graduate in Political Science andInternational Security and Intelligence from the Ohio StateUniversity. He can be reached at [email protected]

About World-Check’s Organised CrimeResearch UnitEstablished in June 2008, the OCRU is a specialist researchunit dedicated solely to researching organized crime andcounterfeiting. The Unit identifies and maps the structures ofcrime organisations, their areas of operations and activities,and the individuals and entities that make up their organisa-tional structures. The unit’s output represents an up-to-dateknowledge hub of crime networks and syndicates worldwide,by providing objective and risk relevant intelligence for global business operations and compliance units. ■

�

Visit www.world-check.com or email [email protected] for more information.

Find out more about World-Check’s one-stop intelligence

Access to just one economy is necessary to ensure a global effect.

TRENDS IN MONEY LAUNDERING

PEP Risk – to check or not to check?

Rules 4.1.3, 8.1.4 and 9.1.4 of the AML/CTFRules require reporting entities to consider the risks posed by their customers, includingany politically exposed persons (PEPs). A reporting entity, in the course of designingits customer identification procedures and its AML/CTF Program must first ask, whatPEP risks it is exposed to. The answer isentirely derived from the nature of the entity’s business.

No decision-making framework has beenprovided in the legislation or rules to help afinancial institution decide when and how toapply a PEP check and how to then build that into its AML/CTF risk assessment and

management framework. Other than a reference to corruption, the risk assessmenttool for small to medium-sized businessesmakes no reference to PEPs.

The AUSTRAC Guidance on RiskManagement for AML/CTF Programs goesmuch further than the obligation that is contained in the AML/CTF Rules when it discusses PEPs. Although the AML/CTFRules require a reporting entity only to consider the risk posed by its customer types,including PEPs, the guidance material goesbeyond the ambit of the rules and says inparagraph 6.6 that:

“A reporting entity must put appropriaterisk-based systems and controls in place toidentify customers who may be PEPs and todetermine whether specific customers should

be subject to additional checks to identifywhether they are a PEP.”

Can a reporting entity say that it believesit has little or no risk of having a customerwho is a PEP because, for example, its customers are all financial institutions or regulated superannuation funds, or becausePEPs do not acquire its products and services(for example leasing of telecommunicationsequipments for businesses)? Can a reportingentity decide, because of the nature of its customer base, to replace PEP checking with stronger monitoring of value and volume on the basis that PEPs will be expected to be moving larger amounts offunds than other customers who are usuallylow value investors? The essence of the risk-based approach is that reporting entitiesshould be able to take this stance.

In reality, few reporting entities inAustralia are doing any PEP checking unlessthey are foreign owned, mostly due to thecost. This means cost seems to be the primarydriver of their risk based approach on PEPs.

PEP checking needs to cover the existingcustomer base, new customers, and changes in PEP lists across all customers. Data needs to be held about beneficial owners, controllers, agents, beneficiaries, trustees and other representatives of customers and then also PEP checked. This is often practically impossible.

Reporting entities cannot rely on PEPchecking being performed by their banksbecause confidentiality restraints prevent abank from disclosing information about itscustomers. Being a PEP does not make thePEP un-bankable or unable to invest in financial products – it may simply lead tochanges in their ML/TF risk profile.


Are there PEPsunder the beds ofAustralian financialinstitutions? By Michelle Hannan

FINANCIAL CRIME CONSULTANT

�

TRENDS IN MONEY LAUNDERING

If a reporting entity decides to PEP check,the next question is whether the PEPs it ischecking are overseas or Australian. LimitingPEP checks to offshore clients overlooks twokey fundamental points. The first is the global nature of PEPs, their related criminalactivity (such as corruption) and commonmethods for money laundering and terrorismfinancing. The second is that Australia-basedPEPs are just as likely to be involved in criminal activity, such as money launderingand terrorism financing, as offshore PEPs andthat it is naïve to believe that only offshoreclients are involved in criminal activity. Bothof these aspects of PEPs have the potential toimpact a financial institution’s risk profile andthe risk management strategies it might build.

As seen recently, Australian PEPs andpeople of influence can be involved directlyor facilitate all sorts of criminal activities inAustralia and offshore. There have been anumber of high-profile police corruption casesin Victoria and NSW that highlight the ration-ale for PEP checking. Checks are performedbecause PEPs are a class of persons exposedto the potential for corruption. A corrupt PEPmoves to launder the funds from their corrup-tion. To assume that Australian nationals donot constitute a PEP risk is naïve and over-looks the global nature of criminal activity, in particular the global nature of money laundering and terrorism financing.

There is also another PEP subset thatwould be overlooked if just offshore PEPchecking was undertaken – overseas nationalsbased in Australia or with residency or evencitizenship in Australia with connections orrelatives offshore. For instance, where children of offshore government officials live or study in Australia.

Case StudyIn August 2007, the Australian governmentrevoked an initial eight Zimbabwean student visas and a further two in response to discovering the students were the children of political leaders in Zimbabwe.The government also introduced measurespreventing Zimbabwean government ministers from transferring money to or from Australia using relatives’ accounts.

It is believed that these students were relatives of persons named in a Reserve Bank List under the Banking (ForeignExchange) Regulations 1959. If the relatives were named on the RBA list then,any transactions involving the transfer offunds or payments to, by the order of, or on behalf of these persons would have been prohibited without prior approval from the Reserve Bank.

It is also believed that particular payments were detected through international fund transfer instructions that were routinely reported to AUSTRAC.

A PEP check of Australia-based clientsmay have identified these students if they were named as associated with their PEP relatives. International Funds TransferInstructions screening for PEPs would alsohave detected any remitters who were PEPs.

One of the key client risk groups is over-seas nationals based in the local jurisdictionwith connections to their original country. As a common money laundering and

movement of terrorism-related fundingmethod is to use relatives’ or associates’accounts to move money, to not identifypotentially higher than average risk accountswould appear to be contradictory to the aim of the AML/CTF legislation and general riskmanagement approach. The only way theseaccounts would be identified is through a PEP check of national-based clients as well asoffshore clients. In other words, if a financialservices provider is to have an effectiveAML/CTF risk identification and manage-ment approach, then the key risks need to be identified across all lines of business.PEPs are one of those key risks.

ConclusionPEP checking, if done, is more than just com-plying with the legislation and the regulations.It is one of the key components of an effectiveAML/CTF (and other financial criminal activity) risk assessment. Where PEP riskexists, a PEP checking process allows a financial institution to identify higher-riskclients for involvement in domestic and globalcriminal activity, and in particular, possibleinvolvement in or facilitating money laundering and terrorism financing. To ignore Australia-based clients undermines the effectiveness of an otherwise robustAML/CTF risk management approach. This gap could also potentially be exploitedby the money launderers and terrorism financiers that the AML/CTF legislation andefforts of financial institutions are trying todetect and deter.

Reporting entities must ask whether they can substantiate a conclusion that theyhave little PEP risk and therefore justify not checking. ■


�

IN REALITY, FEWREPORTING ENTITIES IN AUSTRALIA AREDOING ANY PEP CHECKING UNLESSTHEY ARE FOREIGNOWNED, MOSTLY DUE TO THE COST.

Anti-Money Laundering Intensive Masterclass

masterclass dates

session 1: Monitoring

November 12 2008 | Sydney

9:00am – 12:00pm

session 2: Suspicious

Matter Reporting

November 26 2008 | Sydney

9:00am – 12:00pm

registration fee

session 1:AFMA Member $590 + gst


session 2:AFMA Member $590 + gst


session 1+2:AFMA Member $1050 + gst


session 1: Monitoring

The new Chapter 15 AML/CTF Rule highlights

the inter-relationships between:

The ML/TF risk assessment of customers

The existing customer base prior to 13

December 2007

Trigger events (doubt about identity and

forming a suspicion about a customer or

transaction)

KYC controls

Monitoring controls

learning objectives

By the end of this session you will:

Have an understanding of the requirements

of Chapter 15 of the AML/CTF Rules as they

apply to your business

Know how to use typologies to improve your

AML/CTF controls

session 2: Suspicious Matter Reporting

Of the three types of reporting that begin in

December 2008, suspicious matter reporting

is the one which will require the most attention.

Financial businesses will need to consider:

How to identify unusual matters

Investigation and case management

workfl ows

Security of information

Tipping off controls

Feedback loops to controls including training

learning objectives

By the end of this session you will:

Be able to design and implement your

suspicious matter reporting procedures

Know how to use typologies to improve your

AML/CTF controls

December 2008 Obligations

visit www.afma.com.au

December 2008 Obligations advert-v2.indd 1December 2008 Obligations advert-v2.indd 1 29/08/2008 10:09:11 AM29/08/2008 10:09:11 AM

CASE STUDY


Case StudyAre you struggling with making thelink between money launderingrisk and customer identificationprocedures? This case study is designed to help. Use the riskindicators to review the quality of your anti-money laundering/counter-terrorism financing riskassessment. Use the AML/CTFcontrols to consider whether your customer identification procedures obtain enough information from your clients tohelp you evaluate product usageand customer behaviour.

Case Study 200804

A TEAM OF senior government representatives from a Middle Eastern country has flown into your city and approach you as a wholesale fund manager to discuss the establishment of a large separately managed account. You had met one of the team at a roadshow your fund had conducted in London 12 months previously. Your fund has been specificallytargeting investment vehicles associated with theMiddle East, Indian sub-continent and Asia and this will be the first major result from six months of intense marketing efforts.

As far as you can ascertain, the team represents an investment fund that involves both the national

government of the country and a number of privatecompanies. It is alluded to that these companies are ultimately controlled by, or associated with, prominent individuals of that country but the precisenature of that control was not disclosed.

The relationship between the investment fund, the government and the private companies was also not clear. During the two-day meeting with the team it was made clear that pursuing information about the relationship between the involved parties and the ultimate controllers of the companies would not be conducive to your firm securing the mandate for the funds.

The team let you know that they are a favouredclient of a well-known investment manager in theUnited Kingdom with whom you are familiar and thatthis should assure you that everything is above board.

The source of funds for the investment was not disclosed during the two-day meeting.

“ ... it was made clear that pursuing information about the relationshipbetween the involved parties ... would not be conducive to your firmsecuring the mandate for the funds.”

CASE STUDY


RISK INDICATORS

KYC This client is potentially associated with politically exposed persons

The beneficial ownership and control of the client is not clear

The relationship and beneficial ownership and control of those associated with the client is not clear

The source of funds which will be the basis of the investment is unknown

The client’s representatives are reluctant to provide information that should be readily available and of no consequence to disclose

Country Risk This client is associated with a higher-risk country with has a heightened risk both for money laundering and terrorism financing

CONTROLS

Control Type Description of possible control Regulatory

KYC Controls The higher ML/TF risk posed by this client should lead your fund to require more information from the client and the persons associated with it before accepting the mandate and opening the investment account.

In particular, you should be seeking:

• Proof of the authority that the investment team has from the client to enter into the mandate;

• Authority from the government regarding this proposed mandate;

• Details of the other individuals who hold the balance of beneficial ownership of the client, covering much more than their names (example, occupation, the industries they are involved in, source of wealth, association with PEPs in the country concerned);

• Verification of the identity of the individuals who hold the beneficial ownership of the client;

• Business activity of the client;

• Source of funds for this investment;

• Intended value and volume of additional funds for investment;

Your verification controls will need to consider the additional risks associated with dealing with entities where it is difficult to get independent documentary evidence to verify assertions of identity. This may call for notarised documents and letters of authority executed before a notary for example.

As part of your client acceptance process you would complete PEP searching and then complete negative media searches on all individuals and organisations that have been detected through the client acceptance process.

You should consider whether this client needs to be accepted by senior management of your company, given the ML/TF risk that they represent.

Monitoring Controls You should check the course of the funds when they arrive to establish the account.

You should review the operation of this account regularly, including examination of all sources of funds flowing into the account. If funds are being redeemed then you should investigate the beneficiary of the redemptions where the beneficiary differs from the client.

You should consider reviewing with this client all of their KYC information annually.

Training Controls Your client relationship management training should cover the extensive nature of due diligence required for this class of client.

Chapter 4 AML/CTFRules requiring consideration of what additional KYCinformation would becollected at customeracceptance, using a risk based approach.

Chapter 15 of theAML/CTF Rules requiring (fromDecember 2008) consideration of what additional KYC is required from customers during the life of the relationship for ongoing customer due diligence purposes.

Chapter 15 of theAML/CTF Rules (from December 2008)monitoring of transactions.

Chapters 8 and 9 of theAML/CTF Rule requirerole-based training.

Take the bite out of AML and CTF Compliance

Complinet Global ScreeningComplinet’s Global Screening solutions can help to reduce your organisation’s exposure to unacceptable clients and transaction activities.

AML solution. Complinet’s Global Screening delivers a smarter end-to-

your operational screening costs.

Find out more about Complinet’s Global Screening solutions at www.complinet.com/connected/solutions/global-screening/

Complinet AML training and e-learningComplinet combines expert content with cutting-edge design capability to help organisations meet all their AML training needs. Our market-ready

Abuse and Insider Dealing.

Find out more about Complinet’s e-learning solutions at www.complinet.com/connected/solutions/regulatory-insight/e-learning/

On June 12 2007, the Australian parliament passed the second phase of its Anti-Money Laundering and Counter-Terrorism Financing Act 2006, which introduced correspondent banking provisions.

The Australian Transaction Reports and Analysis Centre will carry out more rigorous on-site inspections to examine

AML/CTF programmes, including

processes; recordkeeping systems; ongoing customer due diligence; and the regulator’s strict guidance on transaction reporting and in-house training.

The new obligations will create immense

have only one year to implement the reforms and become fully compliant.

www.complinet.comtel: +44 (0)870 042 6400 | fax: +44 (0)870 042 6405 | email: [email protected]

To register for a free trial, visit www.complinet.com or contact us on [email protected]

tel: +61 (2) 9994 8099 | fax: +61 (2) 9994 8008 | email: [email protected]

anti-money - afma€¦ · anti-money laundering intensive masterclass december 2008 obligations...

Documents