49960 v3a Combating Money Laundering and the Financing of Terrorism A Comprehensive Training Guide Workbook 1. Effect on Economic Development and International Standards 3 Workbook 2. Legal Requirements to Meet International Standards 71 Workbook 3a. Regulatory and Institutional Requirements for AML/CFT 151 Workbook 3b. Compliance Requirements for Financial Institutions 255 Workbook 4. Building an Effective Financial Intelligence Unit 347 Workbook 5. Domestic (Inter-Agency) and International Cooperation 439 Workbook 6. Combating the Financing of Terrorism 503 Workbook 7. Investigating Money Laundering and Terrorist Financing 605 Combating Money Laundering and the Financing of Terrorism: A Comprehensive Training Guide 3 Regulatory and a Institutional Requirements for AML/CFT Workbook Combating Money Laundering and the Financing of Terrorism: A Comprehensive Training Guide 3 Regulatory and a Institutional Requirements for AML/CFT Workbook © 2009 The International Bank for Reconstruction and Development / The World Bank 1818 H Street NW Washington DC 20433 Telephone: 202-473-1000 Internet: www.worldbank.org E-mail: feedback@worldbank.org All rights reserved 1 2 3 4 12 11 10 09 This volume is a product of the staff of the International Bank for Reconstruction and Development / The World Bank. The findings, interpretations, and conclusions expressed in this volume do not necessarily reflect the views of the Executive Directors of The World Bank or the governments they represent. The World Bank does not guarantee the accuracy of the data included in this work. The boundaries, colors, denominations, and other information shown on any map in this work do not imply any judgement on the part of The World Bank concerning the legal status of any territory or the endorsement or acceptance of such boundaries. Rights and Permissions The material in this publication is copyrighted. Copying and/or transmitting portions or all of this work without permission may be a violation of applicable law. The International Bank for Reconstruction and Development / The World Bank encourages dissemination of its work and will normally grant permission to reproduce portions of the work promptly. For permission to photocopy or reprint any part of this work, please send a request with complete information to the Copyright Clearance Center Inc., 222 Rosewood Drive, Danvers, MA 01923, USA; telephone: 978-750-8400; fax: 978-750-4470; Internet: www.copyright.com. All other queries on rights and licenses, including subsidiary rights, should be addressed to the Office of the Publisher, The World Bank, 1818 H Street NW, Washington, DC 20433, USA; fax: 202-522-2422; e-mail: pubrights@worldbank.org. ISBN: 978-0-8213-7569-3 eISBN: 978-0-8213-7570-9 DOI: 10.1596/978-0-8213-7569-3 Library of Congress Cataloging-in-Publication Data Combating money laundering and the financing of terrorism : a comprehensive training guide. p. cm. "A World Bank and International Monetary Fund publication." Includes bibliographical references. ISBN 978-0-8213-7569-3 -- ISBN 978-0-8213-7570-9 (electronic) 1. Money laundering. 2. Terrorism--Finance. 3. Terrorism--Prevention. I. World Bank. II. International Monetary Fund. HV8079.M64C56 2009 332.1068'4--dc22 2009009952 About the Training Modules Combating Money Laundering and the Financing of Terrorism: A Comprehensive Training Guide is one of the products of the Capacity Enhancement Program on Anti­Money Laundering and Combating the Funding of Terrorism (AML/CFT), which has been co-funded by the Governments of Sweden, Japan, Denmark, and Canada. The program offers countries the tools, skills, and knowledge to build and strengthen their institutional, legal, and regulatory frameworks to successfully implement their national action plan on these efforts. This workbook is one of the following training course modules: MODULE 1: EFFECTS ON ECONOMIC DEVELOPMENT AND INTERNATIONAL STANDARDS Module 1 introduces the fundamental concepts of money laundering and terrorist financing; their implications for development from economic, social, and governance perspectives; and existing international standards and key international players in the fight against money laundering and terrorist financing. MODULE 2: LEGAL REQUIREMENTS TO MEET INTERNATIONAL STANDARDS Module 2 covers satisfying the international standards on AML/CFT and the legislative action that this usually requires. In exploring those implications and possible legislative needs, this workbook answers the following questions: · What are the international conventions and treaties that deal with AML/CFT? · What legal and institutional arrangements satisfy international standards? · What are the legal issues related to international cooperation? · Where can one find model laws? MODULE 3A: REGULATORY AND INSTITUTIONAL REQUIREMENTS FOR AML/CFT Module 3a introduces the regulatory and institutional requirements for AML/CFT and addresses the following issues: · Responsibility for effective supervision · Institutions subject to AML/CFT compliance · The principal regulatory and institutional requirements · Internal audit and compliance programs · Professional associations and their roles · Enforcement of AML/CFT requirements MODULE 3B: COMPLIANCE REQUIREMENTS FOR FINANCIAL INSTITUTIONS Module 3b considers AML/CFT from the perspective of a bank or other financial institution and provides the necessary information for employees of such institutions who deal with a wide range of AML/CFT issues. It also provides additional inputs for compliance officers of financial institutions. A separate section of the workbook deals with some issues that are more pertinent to compliance officers. iii iv | Module 3a MODULE 4: BUILDING AN EFFECTIVE FINANCIAL INTELLIGENCE UNIT Module 4 examines the financial intelligence unit (FIU) and its role in the national AML/CFT regime and addresses the following issues: · Basic concepts of the FIU, suspicious transaction reports, and how they fit into AML/CFT regimes · Building FIU functionality · Coordination and cooperation at the policy and operational levels · Skills, integrity, and security of FIU personnel MODULE 5: DOMESTIC (INTERAGENCY) AND INTERNATIONAL COOPERATION Module 5 introduces the importance of interagency and international cooperation in the fight against money- laundering activities. MODULE 6: COMBATING THE FINANCING OF TERRORISM Module 6 focuses on combating the financing of terrorism (CFT), a new area for many countries compared to the anti-money laundering (AML) effort. The workbook starts with a brief review of the CFT issues raised in the previous workbooks, addresses some general questions related to CFT, and then discusses the FATF Nine Special Recommendations on Terrorist Financing in combination with the international obligation of states. MODULE 7: INVESTIGATING MONEY LAUNDERING AND TERRORIST FINANCING Module 7 introduces the practice of investigating activities that involve laundering of the proceeds of crime and discusses investigations of terrorist financing activities. Acknowledgments The initial work for this training program was provided by Emiko Todoroki and Azuma Miura, the World Bank. Module 3a was further written and developed by Manuel Vasquez, International Monetary Fund. The draft was reviewed by John McDowell, the World Bank and Thomas Grahn, Financial Supervisory Authority of Sweden. Pedagogical guidance was provided by Sheila Jagannathan, and peer review was conducted by Emiko Todoroki, the World Bank. In 2007 and 2008, updates and review were provided by Klaudijo Stroligo, Cedric Mousset, Paul Allan Schott, and Emiko Todoroki, the World Bank. Key sources for this workbook include Financial Action Task Force on Money Laundering, "The Forty Recommendations" (2003) and "Special Recommendations on Terrorist Financing" (2005); and Paul Allan Schott, Reference Guide to Anti­Money Laundering and Combating the Financing of Terrorism, Second Edition, the World Bank, 2004. CAPACITY ENHANCEMENT PROGRAM ON ANTI­MONEY LAUNDERING AND COMBATING THE FINANCING OF TERRORISM Program Director: Latifah Merican Cheong Task Team Leader: Emiko Todoroki Instructional Design: Sheila Jagannathan Production: Miguel Nicolas De La Riva, Jr. Illustrations: James Quigley Design: Naylor Design, Washington, D.C. Composition: Precision Graphics, Champaign, Illinois Regulatory and Institutional Requirements for AML/CFT Module 3a introduces the regulatory and institutional requirements for anti­ money laundering and combating the financing of terrorism (AML/CFT). While the module primarily focuses on financial institutions, it also tries to adderess relevant requirements of designated non-financial businesses and professions (DNFBPs). The module addresses the following issues: 1. Responsibility for effective supervision 3 2. Institutions subject to AML/CFT compliance 8 2.1 What types of institutions? 8 2.2 Should other businesses or professions be covered by AML/CFT requirements? 10 3. The principal regulatory and institutional requirements 11 3.1 Impediments and gateways for disclosure of information 13 3.2 Customer identification and due diligence 15 3.3 Record-keeping requirements 24 3.4 Monitoring and reporting suspicious transactions 27 3.5 Risk-based approach 29 3.6 Suspicious transaction reporting (STR) 30 3.7 Cash transaction reports (CTRs) 35 4. Internal audit and compliance programs 36 4.1 The role of the board/senior management 36 4.2 What should the board/senior management do? 37 4.3 Appointment of AML/CFT compliance officer/money laundering reporting officer 37 4.4 Ongoing employee training program 38 4.5 Compliance and internal audit to test the system 39 5. Professional associations: what are their roles? 40 5.1 Providing training 40 5.2 Develop cooperation and understanding 40 2 | Module 3a 6. Enforcement of AML/CFT requirements 42 This module mainly, though not exclusively, discusses the following Financial Action Task Force (FATF) Recommendations: · AML/CFT institutional measures by financial institutions, and non- financial businesses and professions (DNFBPs) to prevent money laundering and terrorist financing, including suspicious transaction/ activity reporting: Recommendations 4­25 · Necessary institutional and follow-up measures for combating money laundering and terrorist financing: Recommendations 28 and 29 · Reporting suspicious transactions related to terrorism: Special Recommendation IV At the end of Module 3a, you should be able to · explain the powers and responsibilities the supervisory authorities should have to supervise effectively financial and non-financial institutions, and what types of supervisory arrangements exist; · identify financial institutions, non-financial institutions, and professionals that should be subject to AML/CFT laws and regulations; · describe the necessary systems and controls that allow financial institutions to comply with AML/CFT laws, regulations, and guidelines; and · explain what should be reported to the FIU and the financial supervisory authorities. 1 Responsibility for effective supervision How much do you know? QUESTION 1. Choose the correct word to complete the sentence: The FATF Recommendations are the ________________ standards that the countries should adopt. a) Minimum b) Maximum QUESTION 2. What types of institutions are subject to AML/CFT compliance? a) Financial institutions b) Designated non-financial businesses and professions (DNFBPs) c) Both QUESTION 3. The FATF Recommendations do not allow any discretion to the countries in terms of selection of their financial institutions for AML/CFT compliance. a) True b) False QUESTION 4. The FATF has recommended the same level of due diligence for all customers. a) True b) False QUESTION 5. Suspicious transaction/activity reports (STRs/SARs) should be filed by all institutions and persons covered by the local AML/CFT law. a) True b) False Who determines the agencies responsible for supervision? The laws and regulations of each country determine the competent authority, or authorities, responsible for the supervision of financial institutions' compli- ance with AML/CFT requirements. In some cases, this responsibility is shared between the financial sector supervisory agencies and other authorities, such as 3 4 | Module 3a the country's financial intelligence unit (FIU), particularly in nonprudentially regulated sectors like DNFBPs. Irrespective of the agencies involved, supervisory authorities should have adequate powers and resources, including, where appro- priate, the authority to conduct inspections and impose and enforce sanctions for noncompliance with the applicable AML/CFT requirements. How many agencies are required? In light of the widening scope of financial institutions and other non-financial businesses and professions now subject to AML/CFT requirements, more than one body is usually needed to supervise AML/CFT compliance. However, each country's degree of economic sophistication determines the structure and orga- nization of the AML/CFT supervisory regime. Where multiple organizations are involved, close coordination and collaboration are mandatory. How should such supervision begin? Supervision of financial institutions for compliance with the AML/CFT sec- tor should start at the licensing or authorization to engage in business stage for financial institutions. Authorization to conduct financial and other relevant businesses should be provided after stringent due diligence that determines that the owners and controllers of financial institutions are "fit and proper" persons. A review of the integrity of existing financial institutions should also be conducted to determine if the organization is fit and proper to continue to engage in busi- ness. This will hinder criminal ownership or control of financial institutions and ensure that honest and competent persons hold these sensitive positions. Ongo- ing, risk-focused supervision (detailed in FATF Recommendations 23 and 24) of AML/CFT risk management systems should follow periodically to make cer- tain that internal policies, controls, and procedures are adequate. Such policies and controls should apply on a consolidated basis in cases of financial/business groups, including cross-border operations. For a discussion of these issues, please refer to the Consolidated KYC Risk Management, issued by the Basel Committee on Banking Supervision (October 2004). What are the powers and resources that the financial supervisory authorities should have? · Legal authority to license and supervise financial institutions on an ongoing basis · Ability to conduct AML/CFT supervision that is risk focused · Not to be restricted by secrecy laws from access to information under the control of supervised institutions · Authority to cooperate and share information with competent domestic and international authorities · Adequate staff and budget to conduct periodic inspections of financial institutions Regulatory and Institutional Requirements for AML/CFT | 5 · Authority to enforce effective, proportionate, and dissuasive sanctions against financial institutions · Protection against legal and administrative liability when discharging their functions in good faith · Proper training for staff on supervisory skills The above list is not exhaustive and will vary according to the legal framework and institutional capacity of each country. Below are examples of authorities with AML/CFT supervisory responsibility in the financial sector in some countries. FATF Recommendation 23 requires that financial institutions be subject to adequate regulation and supervision. In this regard, Recommendation 29 states that supervisors are required to have adequate powers to conduct inspections and request information. In addition, Recommendation 25 suggests that the competent authorities provide guidelines and feedback to financial institutions and DNFBPs. For more information on FATF Recommendation 23, see Appen- dix B. For more information on FATF Recommendation 29, see Appendix C. For more information on FATF Recommendation 25, see Appendix D. In addition to the FATF Forty Recommendations, the International Organiza- tion of Securities Commissions (IOSCO) and the International Association of 6 | Module 3a Insurance Supervisors (IAIS) have also issued various standards, guidelines, and/ or papers relating to AML/CFT. In all of these standards and papers, supervi- sors are required to play a key role in safeguarding against criminal abuse of the financial sector. These standards complement the FATF Recommendations and, in the case of IAIS Core Principle 28, make specific reference to compliance with the FATF Recommendations. International standard setters Banking Sector: Basel Committee Securities Sector: International on Banking Supervision (Basel Organization of Securities Commissions Committee)--Core Principles for (IOSCO)--Objectives and Principles for Effective Banking Supervision Securities Regulation Core principle (CP) No. 18 (one of 25 core principles for effec- According to the IOSCO, securities regulators should consider tive banking supervision issued by the Basel Committee) spe- the sufficiency of domestic legislation to address the risks of cifically deals with AML controls in the banking sector and the money laundering. Regulators should also require that market role of regulators. The Basel Committee has issued guidelines intermediaries have in place policies and procedures designed for banks and their supervisors on AML and customer due to minimize the risk of the use of an intermediary's business diligence (CDD) processes. It also has issued a detailed paper as a vehicle for money laundering. For more information, on CDD for use in screening existing and prospective banking please refer to: clients. Both documents have influenced in some respects the · A Resolution on Money Laundering (October 1992) development of the preventive measures contained in the · Initiatives by BCBS, IAIS, and IOSCO to combat money revised FATF Recommendations. laundering and the financing of terrorism (June 2003) According to the Basel Committee, national supervisors · Principles on Client Identification and Beneficial Ownership should play a key role in promoting sound ethical banking for the Securities Industry (May 2004) practices that prevent money laundering. In particular, they should ensure that banks have adequate policies, Insurance Sector: International Association controls, and procedures in such areas as customer accep- tance, customer identification, record keeping, ongoing of Insurance Supervisors (IAIS)--Insurance monitoring of customer transactions (particularly for high- Supervisory Principles risk accounts), and risk management. For further informa- IAIS seeks to establish international standards on insurance tion on the Basel Committee with respect to AML/CFT, supervision and conducts training seminars for insurance please refer to: supervisors from emerging markets. It also seeks to coordinate its efforts with other global financial regulators, particu- · Prevention of Criminal Use of the Banking System for the larly those from the banking and securities industries. IAIS Purpose of Money Laundering (December 1988) encourages members to comply with its insurance supervi- · Core Principles for Effective Banking Supervision (Sep- sory principles and has developed a self-assessment program tember 1997) for members. Insurance CP 28 on AML/CFT states that "the · Core Principles Methodology (October 1999) supervisory authority requires insurers and intermediaries, · CDD for Banks (October 2001) at a minimum those insurers and intermediaries offering life insurance products or other investment related insurance, to take effective measures to deter, detect, and report money laundering and the financing of terrorism consistent with the Recommendations of the Financial Action Task Force on Money Laundering (FATF)." Regulatory and Institutional Requirements for AML/CFT | 7 Knowledge check QUESTION 6. Briefly describe what supervisors need at their disposal to carry out effective supervision of financial institutions for AML/CFT. Provide your answer in the space below. Supervision of DNFBPs Supervision of DNFBPs on AML/CFT is a new requirement under the revised 40 Recommendations issued by the FATF in 2003. Thus, many countries including FATF members have been figuring out the best way to supervise and monitor DNFBPs. Casinos (including Internet casinos) are subject to a compre- hensive regulatory and supervisory regime concerning AML/CFT requirements, similar to that for financial institutions. For example, casinos should be licensed, supervised, and monitored by a designated competent authority that should have enforcement powers. On the other hand, other DNFBPs should be subject to effective systems for monitoring and ensuring compliance with AML/CFT requirements and this could be performed on a risk-sensitive basis. Monitoring and supervision of other DNFBPs could be undertaken either by a designated competent authority or self-regulatory organization. 2 Institutions subject to AML/CFT compliance 2.1 What types of institutions? The categories of financial institutions, businesses, and professions covered under national AML/CFT regimes vary from country to country. There is broad coverage in some countries, but in others the coverage may be limited. For instance, in countries where only limited financial activities are being under- taken in securities markets, regulators may decide, based on risk measurement, how much AML/CFT compliance should be required of securities brokers and dealers to be in line with the FATF Recommendations. Since the revised FATF Recommendations were adopted in 2003, the definition of "financial institution" and, thereby, the institutions covered by FATF requirements, has been broad- ened. In addition, DNFBPs are now subject to specific FATF Recommendations. The FATF Recommendations allow countries to consider the degree of risk of money laundering and terrorist financing in deciding to what extent the FATF Recommendations should be applied for particular types of financial institutions or for particular types of customers, products, and transactions. Such determina- tions, however, require the national authorities to have an adequate mechanism by which to assess those risks. Lists of the types of financial institutions and other businesses and persons required to comply with AML/CFT measures appear below; please refer to the following: FINANCIAL INSTITUTIONS "Financial institutions" means any person or entity that conducts as a business one or more of the following activities or operations for or on behalf of a customer: · Acceptance of deposits and other repayable funds from the public · Lending · Financial leasing · The transfer of money or value · Issuing and managing means of payment (e.g. credit and debit cards, cheques, traveller's cheques, money orders and bankers' drafts, electronic money) · Financial guarantees and commitments 8 Regulatory and Institutional Requirements for AML/CFT | 9 · Trading in · money market instruments (cheques, bills, CDs, derivatives, etc.); · foreign exchange; · exchange, interest rate, and index instruments; · transferable securities; or · commodity futures trading. · Participation in securities issues and the provision of financial services related to such issues · Individual and collective portfolio management · Safekeeping and administration of cash or liquid securities on behalf of other persons · Otherwise investing, administering or managing funds or money on behalf of other persons · Underwriting and placement of life insurance and other investment-related insurance · Money and currency changing DESIGNATED NON-FINANCIAL BUSINESSES AND PROFESSIONS "Designated non-financial businesses and professions" means: · Casinos (and internet casinos). · Real estate agents. · Dealers in precious metals. · Dealers in precious stones. · Lawyers, notaries, other independent legal professionals and accountants. This refers to sole practitioners, partners or employed professionals within professional firms. It is not meant to refer to "internal" professionals that are employees of other types of businesses, nor to professionals working for government agencies, who may already be subject to measures that would combat money laundering. · Trust and Company Service Providers refers to all persons or businesses that are not covered elsewhere under these Recommendations, and which as a business, provide any of the following services to third parties: · acting as a formation agent of legal persons; · acting as (or arranging for another person to act as) a director or sec- retary of a company, a partner of a partnership, or a similar position in relation to other legal persons; · providing a registered office, business address, or accommodation; corre- spondence or administrative address for a company, a partnership or any other legal person or arrangement; · acting as (or arranging for another person to act as) a trustee of an express trust; or · acting as (or arranging for another person to act as) a nominee share- holder for another person. 10 | Module 3a 2.2 Should other businesses or professions be covered by AML/CFT requirements? FATF Recommendation 24 stresses that DNFBPs should be subject to certain FATF regulatory measures. That recommendation also specifies that there should be appropriate supervision for all DNFBPs FATF Recommendation 20 encourages countries to consider other businesses and professions, in addition to DNFBPs listed above, that should be subject to the FATF Recommendations when they pose a money laundering or terrorist financing risk. It will be a tremendous challenge for the authorities to identify areas and sectors that pose critical risks and should be, therefore, subject to AML/CFT require- ments and supervision. Unfortunately, not all countries have systems in place to allow for this kind of risk identification. And even where the AML/CFT require- ments cover sectors outside the traditional financial and DNFBP sectors, there will be questions as to what agency is responsible for compliance supervision. For more information on FATF Recommendation 24, see Appendix E. For more information on FATF Recommendation 20, see Appendix F. Knowledge check QUESTION 7. Where applicable, identify the three principal sectors covered by the FATF Recommendations and your country's AML/CFT laws. Provide your answers in the space below. QUESTION 8. For those sectors that are covered by the AML/CFT laws in your country, describe briefly the agency responsible for supervision of compliance with AML/CFT requirements. In your opinion are supervision and compliance successful? 3 The principal regulatory and institutional requirements The revised FATF 40 Recommendations (June 2003) specify the measures that financial institutions and DNFBPs are required to take to prevent, detect, and report money laundering and terrorist financing. These measures require, in certain cases, that supervisory authorities take a compliance monitoring and enforcement role with respect to the persons and institutions they supervise for AML/CFT. The following table outlines the key areas covered by the FATF Recommendations. Summary of regulatory and institutional requirements Module reference Required measures FATF & other references 3.1 Impediments and Countries' financial secrecy laws should not inhibit the implementation of FATF Recommendation: 4 gateways for disclosure the FATF Recommendations. This means, inter alia, that where legitimate IAIS ICP: 1, 2, 3, 4, 5, 10, 16, 28 of information privacy laws exist restricting access to or disclosure of information, appropri- IOSCO CP: 8.2, 8.3, 8.4, 9.3, 9.4, 11 ate gateways should be in place to facilitate investigations and prosecution of money laundering/financing terrorism offenses. There should be a legal base that allows unfettered access to information by financial supervisors, FIUs, and other competent authorities. 3.2 Customer iden- Financial institutions should obtain and verify the identity of clients includ- FATF Recommendation: 5, 6, 7, 8, tification and due ing, where necessary, information on their business, profession, and source 9, 12, 18, 21, 22 diligence of funds and wealth. For higher-risk clients, financial institutions should apply Basel Committee CDD paper and enhanced due diligence, for example, for politically exposed persons (PEPs). CP Methodology: 18.4; 18.5 CDD should extend to those persons acting on behalf of customers or IAIS ICP: 10, 28 otherwise intermediary clients. IOSCO CP: 12.5 3.3 Record-keeping Maintaining records of customer identity and transactions for a minimum of FATF Recommendation: 10, 12 requirements five years is an important requirement for the prevention and detection of Basel Committee CDD paper and money laundering and terrorist financing. Such records should be sufficient CP Methodology: 18.4 to provide supervisors, FIUs, investigators, and/or prosecutors with a financial IAIS ICP: 10, 28 trail to investigate and prosecute financial crime, and to facilitate the seizure and confiscation of illicit property. The commencement of the retention IOSCO CP: 12.5 period should be clearly defined, which could be the date when an account is closed, the date of the last transaction, or the date a relationship was terminated. There may be situations where records should be kept for longer periods, such as when the competent authorities so request to facilitate an investigation or prosecution. In addition, contractual obligations, for example, for life insurance policies, may already require longer retention periods. --continued 11 12 | Module 3a Summary of regulatory and institutional requirements--continued Module reference Required measures FATF & other references 3.4 Monitoring and Financial institutions have an obligation to report suspicious activities where FATF Recommendation: 8, 11, 13, reporting of suspicious there are reasonable grounds to believe that funds are the proceeds of crime 14, 16, 19, and Special Recommen- transactions or may be linked to terrorist activity. Reporting of suspicious activity is made dation IV to the FIU. There could also be instances where the supervisor of the report- Basel Committee CDD paper and ing institution may also be informed of cases that are material to the safety CP Methodology: 18.3, 18.4, 18.10 and soundness of the institution. It is important that the laws, regulations, and guidelines provide clear directions on the obligations to report suspicious activities to differentiate between unusual and suspicious activities, and reporting of large cash trans- actions (so-called "benchmark reporting"). Guidance on avoidance of tipping off subjects of reports should also be provided. 4. Internal audit and Institutions covered by AML/CFT laws should establish and maintain internal FATF Recommendation: 15, 16 compliance programs policies, procedures, and controls to prevent themselves from being used for Basel Committee CDD paper and purposes of money laundering and terrorist financing. This should include CP Methodology: 18.8 an appropriate compliance function and an audit function, including the appointment of an AML/CFT compliance officer. It is the responsibility of the designated supervisors to monitor compliance with AML/CFT laws, policies, and controls in the applicable institutions, businesses, and professions and to take appropriate enforcement action for noncompliance. Regulatory and Institutional Requirements for AML/CFT | 13 3.1 Impediments and gateways for disclosure of information IMPEDIMENTS Although most financial laws contain provisions protecting the confidentiality of information held by financial institutions, they should not act as an impedi- ment to access and disclosure by supervisors, FIUs, law enforcement, and other competent authorities. Supervisors and other competent authorities should have sufficient and, in the case of financial sector supervisors, unfettered access to customer information and all other relevant information required for the proper discharge of their functions. Such information should be handled with utmost care by the recipients to preserve confidentiality and should be safeguarded against unauthorized use. Efficient gateways should exist in law, or through other mechanisms, to allow for cooperation and information sharing among competent authorities domestically and internationally, including supervisory agencies. In some countries, infor- mation sharing among financial institutions may also be allowed or required. Financial institutions and staff that provide information to the authorities and file suspicious activity reports to the FIUs should be provided legal protection against criminal, civil, and administrative liability when they act in accordance with the law and in good faith. Similar protections should be extended for supervisory agencies and their staff when they share information. FATF Recommendation 4 requires that financial institution secrecy laws should not inhibit implementation of the FATF Recommendations. Recommenda- tion 28 also requires that countries should have powers to be able to compel the production of transaction records; identification data obtained through the CDD process; account files and business correspondence; and other records, documents, or information held or maintained by financial institutions and other businesses or persons when conducting investigations of money laundering, financing of terrorism, and other underlying predicate offenses. For more infor- mation on FATF Recommendation 4, see Appendix G. For more information on FATF Recommendation 28, see Appendix H. 14 | Module 3a Case study Disclosure of information Country X is fast becoming a major tourist destination, particularly for world-class div- ers who explore its vast coral reefs and offshore islands. The authorities are concerned that the expansion in tourism could also attract criminals and money launderers; invest- ments in the booming hotel and casino industry will be attractive to these criminals. General elections are planned to take place within the next three months and the minister of finance, under whose portfolio the Central Bank and the FIU fall, would like to make crime fighting a main issue in his political campaign. The minister is particu- larly concerned that some political opponents may be associated with certain criminal groups and is determined to prevent drug traffickers and money launderers from taking control of the country's government. The minister has therefore called on the governor of the Central Bank and the head of the FIU for any information they may have on two political opponents and their business associates, whom it is believed may have criminal connections. The minister of finance also wants these institutions to request and pro- vide bank account information on these individuals. Regulatory and Institutional Requirements for AML/CFT | 15 Knowledge check Based on the preceding case study, please provide appropriate responses to the following questions using the space provided: QUESTION 9. Should the governor of the Central Bank or the head of the FIU, or neither, provide the desired information about the two individuals to the minister of finance? QUESTION 10. If neither the Central Bank nor the FIU has the requested infor- mation, should they obtain it from the banks? If not, why? QUESTION 11. What are the possible consequences of providing the information to the minister? What if the information is not provided? 3.2 Customer identification and due diligence Customer identification and due diligence are perhaps the most important con- trols in preventing criminals from entering the legitimate economy and financial system. The creativity and increasing sophistication of money launderers and the financiers of terrorism require financial institutions and DNFBPs to constantly review and upgrade their preventive systems; this generally starts with effective CDD policies and controls. Evolving international best practices require that CDD controls be risk-based, with higher-risk customers and services screened rigorously before they are accepted as customers. FATF Recommendation 5 deals with CDD. For more information on FATF Recommendation 5, see Appendix I. 16 | Module 3a 3.2.1 HOW TO DETERMINE THE REQUIRED LEVEL OF DUE DILIGENCE Some customers, such as those requiring one-off transactions, may necessitate less diligence, unless the amount of the transactions is large or there is reason- able basis for suspicion. Businesses that establish long-term business relation- ships may need more stringent CDD procedures and information requirements and should be monitored during the course of the relationship. Depending on the customer's category and risk profile, complete and up-to-date information, such as address, background, profession, and sources of funds and wealth, plays a vital role in preventing and detecting money laundering and terrorist financing. The purpose and projected use of financial services and accounts should also be documented. All this information prepares a predictable background for com- parison with inconsistent or unusual customer activity. This, in turn, allows the reporting institution to identify suspicious behavior for the FIU. "Know Your Customer (KYC)" principles new international standards now also require enhanced due diligence for PEPs and in relation to cross-border correspondent The basic KYC principles are well established in the relevant banking and other similar relationships. Similar processes should international standards and papers, such as those issued by the also be applied to high-risk products and services, especially FATF, the Basel Committee, IOSCO, and IAIS. Depending on where there is no face-to-face contact with the clients. Clients the nature of their activities, reporting institutions are required who are involved in complex transactions that are not trans- to obtain and record appropriate and verifiable information parent (as to the underlying promoters or beneficiaries, for about their customers' identity, as well as on their business and example) could also present higher money laundering/terrorist financial activities. An institution's KYC policy should be part of financing risks and form part of a risk-based policy. an integrated AML/CFT control policy that is focused on the Additional information on KYC can be found at: principal ML/FT risks facing that institution. Therefore, it should take into account not only the individual clients' risk profile, · Basel Committee on Banking Supervision, "Customer Due but other risk factors, such as the business sector, geographic Diligence for Banks," October 2001 region, and jurisdiction where clients live or conduct business. · IOSCO, "A Resolution on Money Laundering," October The policy should also consider special types of clients, such 1992 as intermediaries, introducers, and other regulated entities. The · IAIS, Insurance Core Principles 28 on AML/CFT Knowledge check QUESTION 12. Who are we referring to when we talk about a "customer"? Regulatory and Institutional Requirements for AML/CFT | 17 QUESTION 13. A lawyer wants to open a deposit account at a bank in the name of company XYZ Ltd. What questions should the bank ask to determine the type of customer identification and due diligence procedures to apply? QUESTION 14. Assume the lawyer mentioned above is acting in the capacity of trustee: what questions can be asked and what due diligence procedures should apply? 3.2.2 CUSTOMER ACCEPTANCE AND IDENTIFICATION PROCEDURES The thoroughness of customer identification and due diligence should depend on the risks involved. The regulatory regimes of a country may allow its finan- cial institutions to apply reduced or simplified measures of CDD for customers who fall in low-risk categories. However, when an institution is allowed to apply reduced or simplified due diligence procedures, it must be able to justify to the regulators and/or other competent authorities that there are adequate mecha- nisms in place to identify, measure the level of, and manage such risk. Absence of such risk evaluation mechanisms may expose institutions to undue ML/FT risk, and subject it to regulatory or legal action by the authorities. A basic customer acceptance and identification policy should provide the fol- lowing at a minimum: · Procedures for acceptance and approval of new customers · Identification and verification of identity for new and, when necessary, exist- ing customers · Identification and verification of any beneficial owner, including reason- able measures to understand the ownership and control structure of legal persons and arrangements · Enhanced due diligence for higher-risk customers, sectors, products, and services Read the following sections for further discussion of the above. 18 | Module 3a Procedures for acceptance and approval of new customers Clear procedures should be in place for new client acceptance. Those procedures should include approval by senior officers for higher-risk client relationships and trans- actions. Enhanced due diligence is also required for such clients. Identification and verification of identity for new and, when necessary, existing customers Financial institutions should verify a new customer's identity by requesting official documents issued by appropriate authorities (passport, driver's license, personal iden- tification, or tax identification document). Accounts in anonymous or fictitious names must not be allowed. Identification and verification of any beneficial owner, including reasonable measures to understand the ownership and control structure of legal persons and arrangements Where a customer is representing a third party or beneficiary (as with trusts, nominees, fiduciary accounts, corporations, and other intermediaries), financial institutions need to take reasonable measures to verify the identity and nature of the persons or organi- zations on whose behalf an account is being opened or for whom a transaction is being completed. Financial institutions can verify the identities of such entities by collecting the following information: · Name and legal form of customer's organization · Address · Names of directors · Principal owners or beneficiaries · Provisions regulating the power to bind the organization · Persons having the power to bind or to act on behalf of the client · Information of the purpose and intended nature of the business relationship Enhanced due diligence for higher-risk customers, sectors, products, and services To identify high-risk customers, use standard risk indicators, such as · Industry sector of business activity · Complexity of proposed business/account activity · Political position or affiliation and high net worth · Country of origin or business location · Complex structures and multiple account relationships Regulatory and Institutional Requirements for AML/CFT | 19 National supervisors are strongly encouraged to issue industry guidelines to assist institutions in developing customer acceptance and identification proce- dures. However, basic identification and verification may include: For individuals: · Identification documentation: official documentation, which is gener- ally more difficult to falsify or reproduce (e.g., passports, driver's licenses, national identity cards, etc.) · Evidence of address--utility and telephone bill payment records, rental pay- ment records, property tax documents, trade licenses, etc. · Bank and professional references (these should be originals, and where nec- essary, sent directly to the institutions and verified by calling the referring institution or person) · Copies of salary or wage checks and receipts including, where necessary, employment contracts · Tax returns · Other information based upon national custom or practice For private companies: · Copies of incorporation certificates and other relevant information, regis- tered office, etc. · Names of directors, principal shareholders, officers, and anyone authorized to act on behalf of or to bind the company · Identity of the beneficial owners · Business purpose · Where appropriate, copies of current financial accounts (audited if avail- able), tax returns, etc. · Other information based upon national custom or practice Please note that it may be necessary for the financial institution, in the case of a company or legal person or entity, to conduct individual CDD on some or all of the directors, principal shareholders, beneficial owners, officers, and anyone authorized to act on its behalf. For publicly traded companies, there should be suf- ficient public information available to KYC; less-stringent identification and due diligence procedures would be needed compared with unlisted private companies. There may also be situations where local legislation or regulations allow for a financial institution to rely on the CDD of others, such as a prospective client who is a client of, or is introduced by, an affiliate of the financial institution. The national authorities should describe circumstances under which such reli- ance would be acceptable and provide clear guidelines for these purposes. In addition, national regulations or guidelines may require the financial institution to obtain the CDD information promptly from the service provider for AML/ CFT supervision or to support ML/FT investigations and prosecutions. 20 | Module 3a However, it is important to note that ultimate responsibility for CDD rests with the financial institution holding the customer account and not with the third party or intermediary. Such legal responsibility may not be delegated. In addi- tion, the service provider needs to be in a position to provide such information and evidence of identity to the competent national authorities and needs to be able to so promptly on request. FATF Recommendation 9 discusses reliance on intermedeiaries and other third parties for certain elements of the CDD process. For more information on FATF Recommendation 9, please see Appendix J. Knowledge check You are a bank officer. Compare and contrast the CDD procedures and infor- mation requests you would conduct on the following two prospective clients. Identify the specific types of questions and information requirements for each. Identify the different risk factors the bank should consider that should be addressed in the information requests. QUESTION 15. A plumber wishes to open a checking account. The plumber is a private contractor in the residential housing market. QUESTION 16. A company involved in the import and resale of electronic equip- ment for the domestic market and re-export, wishes to open a checking account and a letter of credit facility. 3.2.3 ENHANCED DUE DILIGENCE As mentioned earlier, customer identification and CDD measures depend on the risk attached to a type of customer, product, and transaction. Although countries may allow a reduced or simplified due diligence for customers with a lower-risk profile, enhanced due diligence should be applied to those clients, relationships, products, and services that carry a higher level of risk. FATF Recommendations 6, 7, and 8 identified the following areas that present a higher degree of ML/FT risk: Regulatory and Institutional Requirements for AML/CFT | 21 · Politically exposed persons, their relatives, and affiliates · Payable-through accounts and correspondent banking, especially where respondent banks are from financial centers with weak supervision and where shell and parallel banking structures are permitted · Products and services that permit customer or transactional anonymity and where there is no physical contact with clients Other examples of areas that may present a higher degree of ML/FT risk vary across countries and regions and may include the following: · Complex account, business, and relationship structures, especially where beneficial ownership and control are not transparent · Accounts with transactions and counterparties from jurisdictions known for weak legislation and implementation of controls to combat money laundering and terrorist financing · Customers operating in high-risk industries and businesses, such as casinos, arms and defense, precious metals and stones · Private banking and high-net-worth customers · Nonresident clients · Clients associated with countries and activities that are known to be vulner- able to, or associated with, terrorism and terrorist financing activities--cer- tain types of charities, extreme religious groups, money remitters, informal value transfer systems, etc. The nature, quality, and quantity of client information required should generally reflect the degree of business, money laundering, and financing of terrorism risk inherent in a customer relationship. More information about a customer is not necessarily better, but it is important that the information can be verified and provides reasonable assurance that the client is the person he or she claims to be. In developing a risk-based KYC framework, financial institutions can take a number of risk factors into account. (See section 3.2, Customer identification and due diligence.) Often these risk factors are client related and not focused on financial loss issues. These risk factors may be specific to a country, region, economic sector, client category, product, or service. Typical risk indicators may include those transactions and client relationships relating to · ML/FT typologies, high-risk clients--high-net-worth individuals and politi- cally exposed persons;1 · high-risk country connections, high-risk industries and activities--arms industry, precious gems and art, casinos, shell banks2, bureaux des changes/ 1 The FATF Recommendations define PEPs as those who are or have been entrusted with prominent public functions in a foreign country, for example, heads of state or of government; senior politi- cians; senior government, judicial or military officials; senior executives of state-owned corporations; and important political party officials. Business relationships with family members or close associates of PEPs involve reputational risks similar to those posed by PEPs themselves. The definition is not intended to cover middle-ranking or junior individuals in the foregoing categories. 2 Shell banks are licensed banks that incorporated in a jurisdiction, but have no physical presence there, and no affiliation with a regulated banking or financial group. For a more complete definition, see the Basel Committee paper on shell banks: http://www.bis.org/publ/bcbs95.pdf. 22 | Module 3a casas de cambio, and money remitters, certain charities and foundations, and so on; and · nontraditional and complex financial structures and business relationships, intermediary clients, etc. A number of the FATF Recommendations contain detailed CDD requirements for high-risk customers: · FATF Recommendation 6 (PEPs) · FATF Recommendation 7 (correspondent banking and payable-through accounts) · FATF Recommendation 8 (new and developing technologies, customers with no face-to-face contact) The recommendations require institutions to apply enhanced due diligence on clients that fall under these categories of clients or services. Supervisors and regulators should likewise take a risk-based approach to checking for compli- ance with these recommendations. Other issues that are important to remember include: · FATF Recommendation 9 (introduced business) · FATF Recommendation 11 (complex, unusually large transactions and unusual patterns of transactions) · FATF Recommendation 18 (shell banks) · FATF Recommendations 21 (transactions with persons from countries with weak AML/CFT regimes) Recommendation 12 also requires that CDD and record keeping be applied to DNFBPs; however, at this time we are focusing on the core CDD elements. Record-keeping requirements are discussed below, separately, under section 3.3 Record-keeping requirements. For more information on FATF recommenda- tions, see the following Appendices: Recommendation 6 - Appendix K Recommendation 7 - Appendix L Recommendation 8 - Appendix M Recommendation 9 - Appendix J Recommendation 12 - Appendix N Recommendation 18 - Appendix O Recommendation 21 - Appendix P Recommendation 22 - Appendix Q Recommendation 11 - Appendix R The salient features of CDD are: · Financial institutions and DNFBPs should look to competent authorities of a country for overall policy and framework guidance for dealing with Regulatory and Institutional Requirements for AML/CFT | 23 ML/FT risks, including the circumstances (based on risk assessment) under which AML/CFT measures should be applied, reduced, or enhanced. · Financial institutions are expected to identify and verify the identity of a customer. · Financial institutions may apply reduced or simplified CDD in certain circumstances, but reduced CDD needs to be based on proven low-risk customers. · Enhanced due diligence measures must be ensured in the circumstances mentioned in the FATF Recommendations. · Reporting institutions ensure that all the AML/CFT policies and procedures are communicated to its staff and personnel. Regulatory supervisors determine if financial institutions have adequate policies, practices, and procedures that are consistent with national guidelines in place for combating ML/FT risks. Supervisors also judge the robustness of the risk- assessment systems in financial institutions and determine that customers are categorized consistently based on the findings of risk assessment. Knowledge check QUESTION 17. You are a bank officer in charge of private banking for high-net- worth individuals from your country and neighboring jurisdictions. Most of your clients have long-established business relationships with your bank and include some of the most prominent business persons and politicians in the region. One of the most popular services provided by your private banking department is investment portfolio management and advice. Traditional banking services, such as deposit and credit card accounts, are also provided to these clients, but are not the main profit drivers. A prospective client from a neighboring country, Utopia, has requested a meet- ing with you to discuss establishing a substantial investment account and other services. The prospective client has indicated there are others, well known to him, who are also interested in similar services. A "long-standing" customer of the bank introduced this prospective client to the bank. After a brief discussion with the prospective client, you discover he has been the minister of finance in Utopia for the past 3 years. In the past, Transparency International has rated Utopia poorly for corruption. You are interested in acquiring new business. Your bank's financial year ends in two months and you need to book at least five more customers to receive the sizable financial bonus and "Private Banker of the Year" award that has eluded you since you joined the bank 10 years ago. You are aware of your banks new anti­money laundering policy, enacted six months ago by the Central Bank, requiring scrutiny for new accounts. 24 | Module 3a In preparing to meet the prospective client, please identify all possible risk factors and prepare a list of documents and information you will need from the client. Also, identify other sources of information that will help you decide whether or not to accept this new client. 3.3 Record-keeping requirements Under FATF Recommendations 10 and 12, financial institutions and DNFBPs should maintain customer identity and transaction records for a minimum of five years, or longer if authorized by legislation, regulation, or court order. The five-year period generally commences with the completion of a transaction, the closing of an account, or the termination of a business relationship. Records should be sufficient to permit the reconstruction of individual transactions and be made available promptly on request by the competent authorities. Records provide an important audit and paper trail for regulators, the FIU, police, and and prosecution authorities. Consequently, identification and transaction records should be complete and readily available to institutions, for immediate response to requests for data from the competent authorities. 3.3.1 COMMON TYPES OF DOCUMENTS REQUIRED · Copies of customer identification and due diligence records, including evi- dence of verification · Account files · Transaction records · Business correspondence · Any other information that would be necessary to trace and identify the beneficiaries of accounts or property and that could serve as evidence for the prosecution of criminal activity Regulatory and Institutional Requirements for AML/CFT | 25 3.3.2 INFORMATION INCLUDED IN TRANSACTION RECORDS · Customers' names (including documentation related to the beneficial owner) · Address or other identifying information · Nature and date of the transaction · Type and amount of currency involved · Type of financial instrument used: checks, drafts, wire transfers, credit/debit cards, etc. · Type and identification number of accounts involved in a transaction, and so forth Some of the industry-specific record-keeping requirements are discussed in the following sections: Banking sector record-keeping requirements The following information is needed to record a customer's transaction · Name of the customer and/or beneficiary · Date and nature of the transaction · Type and amount of currency involved in the transaction · Type and identifying number of account · Other relevant information typically recorded by the financial institution Insurance sector record-keeping requirements IAIS maintains its own set of record-keeping requirements. Insurance entities must adhere to the IAIS requirements in addition to the FATF Recommendations. Information needed: · Identity, address, and so on · Location completed · Client's financial assessment · Client's need analysis · Benefits description · Copy of documentation used to verify customer's identity · Post-sale records associated with the contract through its maturity · Details of maturity processing and claim settlement · Benefits payment records and receipts 26 | Module 3a Securities sector record-keeping requirements IOSCO has set its own set of record-keeping requirements. "Authorized securities service providers" are required to maintain appropriate records for at least five years after the business relationship has ended. The required information includes: · Identities of clients and beneficial owners · All necessary records on transactions, both domestic and international, sufficient to permit reconstruction of individual transactions · Records must be sufficient to permit reconstruction of individual transactions · CDD data on clients of trusts (Source: "Principles on Client Identification and Beneficial Ownership for the Securi- ties Industry," OICV-IOSCO, 2004, p. 10. http://www.iosco.org/library/pubdocs/pdf/ IOSCOPD167.pdf) FATF Recommendation 10 addresses record-keeping requirements for financial institutions, and Recommendation 12 specifies the record-keeping requirements that are applicable to DNFBPs. For more information on FATF Recommendation 10, see Appendix S. For more information on FATF Recommendation 12, see Appendix N. Knowledge check Distinguish between the types of records that should be maintained for the fol- lowing two types of customers and transactions: QUESTION 18. A bank customer with an established business relationship of five years who wishes to buy a foreign currency draft to pay for imports. QUESTION 19. Two separate walk-in customers who do not have an established business relationship but wish to buy foreign currency drafts as follows: 1) US$1,000 for vacation travel 2) A series of 10 drafts of US$9,700 each Regulatory and Institutional Requirements for AML/CFT | 27 3.4 Monitoring and reporting suspicious transactions 3.4.1 WHO SHOULD REPORT? Under FATF Recommendations 13 and 16, financial institutions and DNFBPs have an obligation to report suspicious transactions and activities to the FIUs. Often reports of suspicious transactions or activity, commonly referred to as STRs or SARs are the combined result of CDD and monitoring processes within an organization. SARs are generated whenever a financial institution knows, sus- pects, or has reasonable grounds to suspect that funds are the proceeds of crime or are related to terrorist financing activities. Once a suspicion is formed, STRs/ SARs should be filed promptly in accordance with domestic law or regulations. Secrecy laws shall not inhibit such reports and the financial institutions and their staff shall be provided legal protection when reporting in good faith. It is also very important that processes be established and staff training provided to prevent tipping off, whether inadvertent or intentional, the subject of a STR/SAR. This is an unauthorized disclosure under FATF Recommendation 14. Tipping off is a criminal offense under a compliant legal system and may, inter alia, include pun- ishment of fines and/or imprisonment for staff and their institutions. 3.4.2 HOW TO IMPROVE REPORTING CAPACITY Institutions' ability to report suspicious activity, however, will depend on the adequacy of both CDD and the mechanisms in place for monitoring account and transaction activity. Staff training for all of these issues will be immensely important, as described in the following sections. Likewise, internal guidelines duly communicated to all staff should be in place to enable employees to iden- tify and report to the appropriate official cases of suspected ML/FT. Institutions' failure to report could expose them to fines and sanctions by the competent authorities, including by the supervisory agencies. 3.4.3 TRANSACTION AND ACCOUNT MONITORING Monitoring for unusual and suspicious activity should be an ongoing function of financial institutions and other DNFBPs. They should have appropriate processes in place that allow for the identification of unusual activity and unusual patterns of activity or transactions. Because not all unusual transactions are suspicious, financial institutions and DNFBPs should have the capacity to analyze such transactions to ascertain whether they are consistent with a customer's profile. 28 | Module 3a Unusual transactions or activity that cannot be explained on legal or commercial grounds may provide a basis for forming a suspicion and for reporting to the FIU. A reporting institution's ability to monitor account activity would be largely con- tingent on the availability and adequacy of its due diligence and record-keeping processes. Weak CDD and record keeping would significantly constrain the ability to develop customer profiles and identify unusual and suspicious activity. 3.4.4 HOW TO DEVELOP AN EFFECTIVE MONITORING SYSTEM The financial regulators or other authority should provide guidelines and examples of suspicious activity as an aid to financial institutions and DNFBPs. Depending on size, need, and complexity of financial institutions and DNFBPs, monitoring of suspicious transactions may be automated, manual, or both. Some financial institutions and DNFBPs use specialized software to detect suspicious transactions or activities; however, the use of such software can only comple- ment managerial oversight and not replace the need for constant monitoring of the accounts of customers. Monitoring mechanisms should be more rigorous in high-risk areas of an institution and supported by adequate information systems to alert management and other appropriate staff (for example, the AML/CFT compliance officer) of suspicious activity. Training of staff in the identification of unusual and suspicious activity should always be an ongoing activity. Transaction monitoring · A clear policy and the procedures for monitoring and reporting suspicious activity should be communicated to all staff. · There should be an effective management information system to alert the board, senior management, and compliance officers of significant ML/FT risk factors and cases. · The system for monitoring transactions should provide for the aggregation of data on transactions, accounts, and clients across product lines and on a group-wide basis, including international operations. · A monitoring system should provide for the identification of structuring/smurfing and for identifying linked transactions. · There should be a system for identifying large (especially unusually large) transac- tions, including those using cash or bearer monetary instruments. · A monitoring system should enable a review of account activity for turnover and use of unexpected financial instruments to detect unusual transactions or patterns of transactions. Special attention should be given to "pass-through" accounts, that is, those in which debits and credits to an account are roughly the same. · Wire transfer activity should be monitored to ensure that the amounts involved are commensurate with the needs of customers, especially when they involve trans- actions with counterparties in high-risk jurisdictions and sectors. · Credit and debit card operations should be monitored closely. Accounts with high credit limits and cash-secured credit cards should be subject to closer scrutiny. · Loans and financial guarantees (such as back-to-back lending and standby letters of credit), especially transactions involving the use of entities established in offshore financial centers, should be closely monitored. Regulatory and Institutional Requirements for AML/CFT | 29 3.5 Risk-based approach Achieving an integrated AML/CFT risk-based system depends mainly on a proper assessment of the relevant risk sectors, products, services, and clients and on the implementation of appropriate risk-focused due diligence. These, in turn, become the foundation for monitoring and compliance mechanisms that allow rigorous screening of high-risk areas and accounts. Without sufficient due diligence and risk profiling of a customer, adequate monitoring for suspicious activity would be impossible. In June 2007, the FATF issued "Guidance on the Risk-Based Approach to Com- bating Money Laundering and Terrorist Financing: High Level Principles and Procedures" to assist both authorities and the private sector to · support the development of a common understanding of what the risk- based approach involves; · outline the high-level principles involved in applying the risk-based approach; and · indicate good public and private-sector practice in the design and imple- mentation of an effective risk-based approach. In addition, the Wolfsberg Group has issued guidelines on a risk-based monitor- ing system. The risk-based monitoring system for banking clients should · compare the client's account/transaction history to the client's specific profile information and a relevant peer group, and/or examine the client's account/transaction history against established money laundering criteria/ scenarios to identify patterns of suspicious activity or anomalies; · establish a process to compare customer or transaction-specific data against risk-scoring models; · be capable of recognizing patterns and of "learning" which transactions are normal for a client, rather than designating certain transactions as unusual (for example, not all large transactions are unusual and may easily be explained); · issue alerts if unusual transactions are identified; · track alerts to ensure they are appropriately managed within the institution and that suspicious activity is reported to the authorities as required; · maintain an audit trail for inspection by the institution's audit function and by bank supervisors; and · provide appropriate aggregated information and statistics. FATF Recommendation 11 requires financial institutions to pay special atten- tion to complex and unusual transactions and Recommendation 8 requires financial institutions to pay special attention to new and developing technolo- gies for customers and to have policies and procedures in place for business relationships with no face-to-face contact. For more information on FATF Recommendation 11, see Appendix R. For more information on FATF Recom- mendation 8, see Appendix M. You may also refer to section 3.2.3, Enhanced due diligence, in this module. 30 | Module 3a Knowledge check QUESTION 20. Pick a type of financial institution (for example, bank) and identify/list at least five issues or red flags that the financial institution should pay attention to in ongoing transaction monitoring. You may consider focusing on the high-risk areas or high-risk customers of such institutions, for example, deposits for a bank, life insurance policies for an insurer, and so forth. Provide your answer in the space below. 3.6 Suspicious transaction or activity reporting (STR/SAR) STRs or SARs should be filed by all institutions and persons covered by the local AML/CFT law. This should be a direct mandatory and enforceable obliga- tion. This requirement should be a core element of internal policies and pro- cedures and the substantive result of effective customer identification and due diligence processes. FATF Recommendation 13 and Special Recommendation IV are particularly relevant here, requiring suspicious transactions, including attempted transactions, to be reported promptly to the FIU. Recommendation 16 requires that STR requirements be enforced with regard to the DNFBPs. For more information on FATF Recommendation 13, see Appendix T. For more information on FATF Special Recommendation IV, see Appendix V. For more information on FATF Recommendation 16, see Appendix W. National regulations or guidelines could provide specific direction concern- ing the allotted time allowed for reporting suspicious activity, but it should be reported in a reasonably short period after the suspicion is formed. Laws and guidelines usually hold that the reporting institution need not know or establish the underlying predicate crime (for example, drug trafficking, fraud, terror- ism) before filing a STR/SAR. Still, every effort should be made to conduct an internal review of the basis for suspicion so that legitimate transactions, even if unusual, are not reported. This would avoid sending unnecessary reports, which could be explained on legal or commercial grounds, to the FIU and reduce the number of low-quality reports. The following approach could help institutions in deciding when STRs/SARs should be filed. Regulatory and Institutional Requirements for AML/CFT | 31 1) Get to know your customer: By applying the KYC principle, you will know each customer's professional activity, trade, business line, or corporate purpose. Moreover, you will be able to confirm the sources of funds and expected account activity. 2) Inconsistency: This principle--inconsistency--appears in many suspicious transactions because the suspicious transaction is different from the normal, expected activities of the customer. Comparisons with peer groups can help identify inconsistencies in a customer's financial activities. These two principles complement each other; staff must know the customer to determine if his or her actions are inconsistent with normal business or personal activities. Unusual transactions are not necessarily suspicious; aside from suspi- cious amounts, in order for a transaction to be classified as suspicious, the appli- cation of fundamental principles such as KYC and inconsistency is required. Suspicions should be brought to the attention of the appropriate official within the organization for necessary review and action. National authorities should provide reporting entities with examples of poten- tially suspicious transactions. Such examples will not be exhaustive and must be developed over time. Thus, employees can be educated about conditions or criteria that may make a transaction suspicious and reportable. Some of the red flags that can enable a financial sector employee to determine suspicious activity are listed in Appendix X. "SAFE HARBOR" PROVISIONS FOR REPORTING FATF Recommendation 14 states that countries should provide immunity from liability for any good faith reporting by a financial institution or officer, direc- tor, or employee of a reporting institution. Such safe harbor laws encourage reporting institutions to report all suspicious transactions by protecting report- ing institutions and employees from criminal and civil liability when reporting suspicious transactions in good faith to the FIU. Legal provisions should provide reporting institutions and their employees or representatives protection against lawsuits for any alleged violation of confidentiality or secrecy laws, as long as the suspicious report was filed in good faith. For more information on FATF Recom- mendation 14, see Appendix U. 32 | Module 3a Knowledge check CASE 1 A) Placement stage: In a recent money laundering case, an elderly couple visited several islands in the Caribbean on cruise ships. The couple carried a small suitcase filled with cash, approximately US$400,000. After several attempts, the couple succeeded in opening a deposit account in a bank in Utopia. But because the amount exceeded the limit for daily cash deposits by a single customer, a "helpful" bank employee advised them to open a safety deposit box to hold the remaining cash. The customers then instructed the employee to deposit small amounts of cash into their account from the safety deposit box each day, at or just below the bank limit. Through this simple mechanism, large amounts of cash entered the banking system. The funds were then invested, through other financial institu- tions, in the stock and bond markets of other countries. QUESTION 21. In this case, who was aiding and abetting the laundering of funds? Is there anything unusual about any of the transactions? B) Layering stage: An apparently respectable businessman hires a U.S. attorney to represent him in the purchase of real estate in Utopia. He tells the attorney that funds will be gathered from a number of sources to make up the necessary payment for the Utopia property. Funds are transferred from a variety of sources and held in escrow by the attorney. The property is then purchased with these funds, using Regulatory and Institutional Requirements for AML/CFT | 33 the attorney's trust account. The Utopian bank receiving the funds considers them legitimate because they seem to be coming from a reputable U.S. law firm. The purchased property can now be resold to unrelated parties and the pro- ceeds from the sale would appear to be perfectly legitimate. QUESTION 22. Why might these funds go unquestioned by the receiving bank? Can you identify any transactions that could give rise to a suspicion of illegal activity? C) Integration stage: A "businessperson" uses a casa de cambio (exchange house) in Utopia to wire funds to his brokerage account in the United States; the broker's account is held in a U.S. bank and his name does not appear on any records. The funds are then wired to a deposit account in a Caribbean offshore bank. Simultaneously, the funds are loaned back to a trading firm controlled by the Utopian national, and there is no apparent relationship between the firm (borrower) and the indi- vidual (depositor). QUESTION 23. Identify all the various financial institutions that were placed at risk. Indicate who could have detected the activity as unusual or suspicious and how it could have been done. 34 | Module 3a Knowledge check CASE 2 ABC Video Company has been dealing with your bank for more than three years and has seen very little growth in profits. Weekly deposits range from $800 to $1,000, depending on the time of year and other cyclical factors. You recently noticed that ABC's weekly deposits have nearly doubled to an average of $1,900 per week and are more frequent, sometimes twice daily. QUESTION 24. Should your suspicions be raised by the change in deposit behavior? QUESTION 25. What questions should you ask yourself to ascertain if the account is suspicious? QUESTION 26. Should you ask the client to explain the change in the amount and number of deposits? QUESTION 27. What should you do? Should you visit the business establishment? Regulatory and Institutional Requirements for AML/CFT | 35 3.7 Cash transaction reports (CTRs) CTRs are used most often by countries with highly developed financial systems and where it is common for noncash modern technologies to be used for pay- ments (for example, checks, credit/debit cards, e-banking, etc.). Cash transaction reports are also used by cash-based economies, such as Slovenia, Croatia, and Nigeria, to name a few. The usefulness of CTRs in identifying ML/FT varies across countries. Those that elect to employ a CTR system should have the analytical capability and technology to justify its cost. FATF Recommendation 19 provides that countries should consider the feasibility and utility of, but not necessarily impose, a system where banks and other financial institutions and intermediaries would report all domestic and international currency transac- tions, above a fixed amount, to a national central agency with a computerized data base. For more information on FATF Recommendation 19, see Appendix Y. Where a country has implemented a CTR system, the threshold should be high enough to screen out insignificant transactions, yet low enough to be meaning- ful. Countries should also make certain categories of clients exempt, such as government agencies, and/or provide higher reporting thresholds for entities that are traditionally cash intensive, such as gas stations and restaurants, from the CTR requirements for transactions. Such exceptions should be reviewed on a regular basis to determine if it is still appropriate in certain circumstances, both as a rule and for specific entities. 4 Internal audit and compliance programs Financial institutions and DNFBPs subject to AML/CFT laws should establish and maintain an effective AML/CFT program that includes at least the following: · Policies, procedures, and controls including screening new employees · Compliance arrangements, including the appointment of an AML/CFT compliance officer · Ongoing employee training programs · Internal audit and, where applicable, external audit functions The internal compliance program should be documented, approved by the board of directors, and communicated to all levels of the organization. In devel- oping an AML/CFT compliance program, attention should be paid to the size and range of activities, complexity of operations, and the nature and degree of ML/FT risk facing an institution. FATF Recommendation 15 requires that financial institutions have an inter- nal control program. Recommendation 16 suggests the principle be applied to DNFBPs. For more information on FATF Recommendation 15, see Appendix Z. For more information on FATF Recommendation 16, see Appendix W. 4.1 The role of the board/senior management The board of directors and senior management of financial institutions and DNFBPs should establish, where needed, formal policies, procedures, and con- trols (PPCs) on AML/CFT that are equal to the risks undertaken and the size and complexity of an institution. PPCs should be communicated to all levels of staff and should foster a culture of compliance throughout the organization. Management commitment to the implementation of these policies should be clearly demonstrated by providing adequate resources for their effective imple- mentation. A strong corporate governance framework within an organization supports AML/CFT controls. Key to instituting a resilient framework is promot- ing a culture of ethics and integrity when interacting with customers and official agencies. This kind of culture could be supported by codes of conduct/ethics at the institutional and/or sector level. Supervisors for the various reporting entities should actively promote and provide support in the development and dissemination of such codes. 36 Regulatory and Institutional Requirements for AML/CFT | 37 4.2 What should the board/senior management do? Demonstrating board/senior management commitment to the implementation of an effective AML/CFT compliance program may include, but not be limited to, the following: · Formulation and implementation of a corporate governance program that emphasizes sound internal controls and ethical behavior throughout the organization. Implementation of this program should start at the top with the board of directors and senior management, who should then set the tone for compliance and good governance for the rest of the organization. · A comprehensive program that includes internal controls for the approval and monitoring of new clients, accounts, products, and services and then the incorporation of procedures to ensure ongoing CDD, monitoring of account activity, and internal reporting of any unusual and suspicious activities. · Enhanced CDD and monitoring for higher-risk areas and clients. · An information system to inform senior management of AML/CFT issues in a timely and transparent manner, including the results of audits and compli- ance reviews, the discovery of any AML/CFT deficiencies, and corrective action to be taken. · Clear lines of responsibility for AML/CFT compliance, which can be made a condition of employment and to influence performance evaluations. · Adequate human and technological resources to guarantee an operative AML/CFT program. Rigorous screening programs for new staff is another important control mecha- nism, especially in high-risk jurisdictions. This would promote high ethical standards within an institution. Organizations must use "know your employees (KYE)" as much as they employ KYC rules. Employees promoted or assigned to higher-risk areas of an organization may be asked to undergo intensive screening and training. 4.3 Appointment of AML/CFT compliance officer/money laundering reporting officer Financial institutions and other DNFBPs should designate a qualified employee, who has day-to-day responsibility for managing all aspects of the AML/CFT compliance program, as its compliance officer. The AML/CFT compliance officer's main responsibility is to monitor institutional compliance with the AML/CFT laws, regulations and guidelines and internal policies and controls. Where the institution forms part of a financial group or has overseas operations, the AML/CFT compli- ance program should be applied on a group-wide basis so that all aspects of its operations and product lines, wherever located, are adequately covered. It is the responsibility of the board of directors and senior management to appoint the person to a level high enough within the organization to be viewed as a senior official and delegate enough authority to the officer to administer a 38 | Module 3a comprehensive AML/CFT compliance program. In particular, the compliance offi- cer should have unfettered access to all information essential to his or her respon- sibilities. Finally, the compliance officer acts as the principal point of contact with regulators, the FIU, and other authorities concerned with AML/CFT issues. 4.4 Ongoing employee training program Financial institutions and other DNFBPs must see that staff is trained on all aspects of the AML/CFT legislative and regulatory requirements, and on inter- nal anti­money laundering policies, procedures, and controls. An effective train- ing program should · describe the risks of money laundering and terrorist financing schemes, methodologies, and typologies; · explain AML/CFT laws and other national and regulatory requirements; · explain an institution's policies and systems with regard to customer identi- fication, due diligence, monitoring, and reporting suspicious activities, stress- ing the importance of not tipping off clients; · offer relevant training; and · inform employees of the consequences when failing to comply with legal and institutional AML/CFT requirements, including fines, imprisonment, and termination of employment. Targets should include · all staff appropriate to their roles within the organization; highlight ML/FT risks inherent in their activities; · employees and senior management, the Board of Directors in some cases, and especially persons who have contact with customers; and · intensive and ongoing training for employees who manage and monitor cus- tomer accounts/transaction activity, or who handle cash or other monetary instruments. Training should be ongoing, incorporating trends and developments in an institution's business risk profile, as well as changes in the AML/CFT legislation. Training on new money laundering schemes and typologies are of the utmost importance when reviewing policies and controls and designing monitoring mechanisms for suspicious activity. Regulatory and Institutional Requirements for AML/CFT | 39 4.5 Compliance and internal audit to test the system An institution's internal auditor should be well resourced and enjoy a degree of independence within the organization. The internal audit should · test the overall integrity and effectiveness of the management systems and the AML/CFT control environment; · focus on risk-based audit programs and procedures and include sample tests, emphasizing CDD and high-risk markets, operations, products, and services; · assess the adequacy of the bank's processes for identifying and reporting suspicious activity; · communicate the findings to the board and/or senior management in a timely manner; and · recommend specific corrective action for deficiencies. External auditors can play an essential part in reviewing the adequacy of AML/ CFT controls by communicating their findings and recommendations to man- agement via the annual management letter, which accompanies the audit report. International audit firms risk-focus their audit programs now and conduct intensive reviews of higher-risk areas where controls may be deficient. In some countries external auditors may be expected by law to report incidences of sus- pected criminal activity uncovered during audits, to the financial sector supervi- sors or other competent authority. They may want to discuss the results of their audits with supervisory authorities, including AML/CFT control deficiencies in reporting institutions. 5 Professional associations: What are their roles? Professional and trade associations can play an important role in fostering AML/CFT compliance across the covered sectors. This would create a play- ing field where peer pressure might be applied to noncompliant institutions to strengthen their AML/CFT mechanisms. 5.1 Providing training Training is one area where these associations can contribute and make a differ- ence. Although large financial institutions develop institution-specific training programs for staff, it is common for small countries and financial sectors to orga- nize training at the industry level. Consequently, members of the former can benefit from the development and delivery of training programs by professional associations; furthermore, regulator and FIU participation in training programs would enrich discussions and learning. 5.2 Develop cooperation and understanding By involving industry associations and their regulators, a common understanding of the risks and logical responses could be developed; this involvement would also engender cooperation among the various stakeholders. Industry-wide train- ing programs benefit additionally from scale and scope economies, providing excellent opportunities for cross-sector/cross-institutional sharing of experi- ences. Notwithstanding such industry efforts, individual institutions would still be called on to provide specific training to their staff on internal policies, proce- dures, and controls, and the idiosyncratic risks facing them. 40 Regulatory and Institutional Requirements for AML/CFT | 41 Country examples American Bankers Association (ABA) The ABA brings together money laundering experts in law, law enforcement, and finan- cial services for seminars. British Bankers Association (BBA) The BBA has produced guidance notes for the financial sector since 1990. It also offers a money laundering prevention program in e-learning format. Swiss Bankers Association (SBA) The SBA has published a money laundering brochure that illustrates the advanced methods used by Switzerland to fight money laundering. A section of the association's Web site is dedicated to money laundering issues. West African Bankers Association The West African Bankers Association published money laundering guidance in one of its magazines. The information is also available on the association's Web site. American Insurance Association (AIA) The AIA has concerns not only about money laundering and terrorist financing but also with regard to the Terrorist Risk Insurance Act of 2002. Latin American Association of Insurance Supervisors (ASSAL) The AASAL exchanges information on legislation, regulatory control, market character- istics, and operational systems in the region. Its goal is to promote technical coopera- tion in the design of effective policy and supervisory mechanisms. ASEAN Bankers Association The ASEAN Bankers Association promotes the development of banking and the finan- cial system in the region, in part by encouraging cooperation among bankers. 6 Enforcement of AML/CFT requirements Supervisory and/or other competent authorities should have the powers to address a financial institution's or DNFBP's failure to meet statutory or regulatory require- ments. The powers should be broad enough to compel the imposition of sanctions against institutions, owners, and officials where necessary. FATF Recommendation 17 is particularly relevant here, requiring countries to ensure that effective, pro- portionate, and dissuasive sanctions, whether criminal, civil, or administrative, are available to deal with natural or legal persons covered by FATF Recommendations. For more information on FATF Recommendation 17, see Appendix AA. Although the adoption of anti­money laundering and terrorist financing laws will affect the development of a meaningful legal framework, it is by itself insuf- ficient. More critical are legal and regulatory imperatives and credible methods for enforcement. To do otherwise would contribute to a lack of faith in the AML/CFT regime and to apathy in the face of a lack of enforcement. Conse- quently, to foster compliance, sanctions should be reasonable, proportionate, and dissuasive. Depending on each country's legal system, sanctions can range from criminal to civil to administrative action by the competent authorities. In light of a country's legal system and traditions, the responsibility to moni- tor and enforce compliance could fall on several agencies. In many countries, the burden is shouldered by supervisory authorities for particular industries or sectors, such as the Central Bank, and supervisors for insurance and securities. In others, the FIU assumes this role, especially for the nonprudentially regu- lated sectors, such as casinos, real estate agents, jewelers, car dealers, and so on. There may be a call for self-regulatory organizations--namely, in designated professions like law and accounting. Irrespective of who has the obligation, it is vital that the organization/authority has indisputable authority and available resources to discharge its enforcement responsibilities. Do not underestimate the need for a range of available remedial measures and sanctions to impose on institutions and officials that fail to comply with, or fully implement, AML/CFT requirements. These measures can run the gamut, from simple warnings to criminal charges to revocation of a license to operate, offer- ing flexibility to the enforcement authority to apply the sanction most suited to the unique particulars of a case. Sactions should also require corrective action if the institution or individual is to remain in business. 42 Regulatory and Institutional Requirements for AML/CFT | 43 Module discussion Consider the following questions and provide your responses in the spaces below each. QUESTION 28. What are the main sanctions a supervisory authority can impose on institutions and persons? QUESTION 29. What are the main sanctions a self-regulatory body can impose on its members? Check your understanding QUESTION 30. Provide three reasons why supervisors should be concerned about money laundering and/or terrorist financing risks in the financial system. QUESTION 31. Identify three to five risks facing financial institutions, that could pose safety and soundness concerns. 44 | Module 3a QUESTION 32. Under what circumstances would financial sector supervisors be required to cooperate and share information with other national and interna- tional agencies involved in AML/CFT? Identify the main agencies with which supervisors may be required to cooperate. QUESTION 33. What financial and business sectors do you think pose a higher degree of risk in your country? Identify the five sectors with the highest degree of risk. QUESTION 34A. Review the following bank account for unusual and suspicious activity. Identify at least three red flags that should prompt you to inquire fur- ther. These should be easily identified by a simple visual scan of the account. Regulatory and Institutional Requirements for AML/CFT | 45 QUESTION 34B. Should it be reported to your money laundering reporting offi- cer in your bank? If yes, why? Summary In this module, we discussed · what entities have organizational and administrative authority for effective supervision among relevant sectors; · what entities and individuals are subject to AML/CFT compliance requirements; · the regulatory and institutional requirements for financial institutions and DNFBPs; and · why training is important and the roles of professional associations. Appendix A: References FATF Recommendations · The Forty Recommendations (FATF, June 2003) http://www.fatf-gafi.org/dataoecd/7/40/34849567.pdf · Special Recommendations on Terrorist Financing (FATF, October 2004) http://www.fatf-gafi.org/dataoecd/8/17/34849466.pdf Useful Web sites · ASEAN Bankers Association http://aseanbankers.org/association/ · American Bankers Association http://www.aba.com/ · American Insurance Association http://www.aiadc.org/ · Basel Committee on Banking Supervision (BCBS) http://www.bis.org/bcbs/index.htm · British Bankers Association http://www.bba.org.uk/ · International Organization of Securities Commissions (IOSCO) http://www.iosco.org · INTERPOL http://www.interpol.int/Default.asp 46 Regulatory and Institutional Requirements for AML/CFT | 47 Reference Documents · Best Practice Guidelines: Providing Feedback to Reporting Financial Institutions and Other Persons (FATF Annual Report 1997­1998, Appdx. E) http://www.fatf-gafi.org/dataoecd/13/51/34326611.pdf · Core Principles for Effective Banking Supervision (Basel Core Principles) (BCBS, September 1997) http://www.bis.org/publ/bcbsc102.pdf · Core Principles Methodology (BCBS, October 1999) http://www.bis.org/publ/bcbs61.pdf · Customer Due Diligence for Banks (BCBS, October 2001) http://www.bis.org/publ/bcbs85.pdf · Consolidated KYC Risk Management (BCBS, October 2004) http://www.bis.org/publ/bcbs110.pdf · Guidance Paper on Anti­Money Laundering and Combating the Financing of Terrorism (IAIS, October 2004) http://www.iaisweb.org/041013_GP5_Guidance_paper_on_anti­money_ laundering_and_combating_the_financing_of_terrorism_approved_040107.pdf · A Resolution on Money Laundering (IOSCO, October 1992) http://www.iosco.org/library/resolutions/pdf/IOSCORES5.pdf · Joint Forum (Initiatives by the BCBS, IAIS, and IOSCO to combat money laundering and the financing of terrorism, June 2003) http://www.iosco.org/library/pubdocs/pdf/IOSCOPD146.pdf Appendix B: FATF Recommendation 23 Countries should ensure that financial institutions are subject to adequate regulation and supervision and are effectively implementing the FATF Recom- mendations. Competent authorities should take the necessary legal or regula- tory measures to prevent criminals or their associates from holding or being the beneficial owner of a significant or controlling interest or holding a management function in a financial institution. For financial institutions subject to the Core Principles, the regulatory and supervisory measures that apply for prudential purposes and which are also relevant to money laundering, should apply in a similar manner for anti­money laundering and terrorist financing purposes. Other financial institutions should be licensed or registered and appropriately regulated, and subject to supervision or oversight for anti­money laundering purposes, having regard to the risk of money laundering or terrorist financing in that sector. At a minimum, businesses providing a service of money or value transfer, or of money or currency changing, should be licensed or registered, and subject to effective systems for monitoring and ensuring compliance with national requirements to combat money laundering and terrorist financing. Interpretative Note to Recommendation 23 Recommendation 23 should not be read as to require the introduction of a sys- tem of regular review of licensing of controlling interests in financial institutions merely for anti­money laundering purposes, but as to stress the desirability of suitability review for controlling shareholders in financial institutions (banks and non-banks in particular) from a FATF point of view. Hence, where shareholder suitability (or "fit and proper") tests exist, the attention of supervisors should be drawn to their relevance for anti­money laundering purposes. 48 Appendix C: FATF Recommendation 29 Supervisors should have adequate powers to monitor and ensure compliance by financial institutions with requirements to combat money laundering and ter- rorist financing, including the authority to conduct inspections. They should be authorised to compel production of any information from financial institutions that is relevant to monitoring such compliance, and to impose adequate admin- istrative sanctions for failure to comply with such requirements. 49 Appendix D: FATF Recommendation 25 The competent authorities should establish guidelines and provide feedback, which will assist financial institutions and designated non-financial businesses and professions in applying national measures to combat money laundering and terrorist financing, and in particular, in detecting and reporting suspicious transactions. Interpretative Note to Recommendation 25 When considering the feedback that should be provided, countries should have regard to the FATF Best Practice Guidelines on Providing Feedback to Report- ing Financial Institutions and Other Persons. 50 Appendix E: FATF Recommendation 24 Designated non-financial businesses and professions should be subject to regula- tory and supervisory measures as set out below. a) Casinos should be subject to a comprehensive regulatory and supervisory regime that ensures that they have effectively implemented the necessary anti­money laundering and terrorist financing measures. At a minimum: · casinos should be licensed; · competent authorities should take the necessary legal or regulatory mea- sures to prevent criminals or their associates from holding or being the beneficial owner of a significant or controlling interest, holding a man- agement function in, or being an operator of a casino; · competent authorities should ensure that casinos are effectively super- vised for compliance with requirements to combat money laundering and terrorist financing. b) Countries should ensure that the other categories of designated non- financial businesses and professions are subject to effective systems for monitoring and ensuring their compliance with requirements to combat money laundering and terrorist financing. This should be performed on a risk-sensitive basis. This may be performed by a government authority or by an appropriate self-regulatory organisation, provided that such an organisa- tion can ensure that its members comply with their obligations to combat money laundering and terrorist financing. 51 Appendix F: FATF Recommendation 20 Countries should consider applying the FATF Recommendations to businesses and professions, other than designated non-financial businesses and professions, that pose a money laundering or terrorist financing risk. Countries should further encourage the development of modern and secure techniques of money management that are less vulnerable to money laundering. 52 Appendix G: FATF Recommendation 4 Countries should ensure that financial institution secrecy laws do not inhibit implementation of the FATF Recommendations. 53 Appendix H: FATF Recommendation 28 When conducting investigations of money laundering and underlying predicate offences, competent authorities should be able to obtain documents and infor- mation for use in those investigations, and in prosecutions and related actions. This should include powers to use compulsory measures for the production of records held by financial institutions and other persons, for the search of persons and premises, and for the seizure and obtaining of evidence. 54 Appendix I: FATF Recommendation 5 Financial institutions should not keep anonymous accounts or accounts in obvi- ously fictitious names. Financial institutions should undertake customer due diligence measures, including identifying and verifying the identity of their customers, when: · establishing business relations; · carrying out occasional transactions: (i) above the applicable designated threshold; or (ii) that are wire transfers in the circumstances covered by the Interpretative Note to Special Recommendation VII; · there is a suspicion of money laundering or terrorist financing; or · the financial institution has doubts about the veracity or adequacy of previ- ously obtained customer identification data. The customer due diligence (CDD) measures to be taken are as follows: a) Identifying the customer and verifying that customer's identity using reli- able, independent source documents, data or information.3 b) Identifying the beneficial owner, and taking reasonable measures to verify the identity of the beneficial owner such that the financial institution is satisfied that it knows who the beneficial owner is. For legal persons and arrangements this should include financial institutions taking reasonable measures to under- stand the ownership and control structure of the customer. c) Obtaining information on the purpose and intended nature of the business relationship. d) Conducting ongoing due diligence on the business relationship and scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the institu- tion's knowledge of the customer, their business and risk profile, including, where necessary, the source of funds. Financial institutions should apply each of the CDD measures under (a) to (d) above, but may determine the extent of such measures on a risk sensitive basis depending on the type of customer, business relationship or transaction. The measures that are taken should be consistent with any guidelines issued by 3 Reliable, independent source documents, data, or information will hereafter be referred to as "identification" data. 55 56 | Module 3a competent authorities. For higher risk categories, financial institutions should perform enhanced due diligence. In certain circumstances, where there are low risks, countries may decide that financial institutions can apply reduced or sim- plified measures. Financial institutions should verify the identity of the customer and beneficial owner before or during the course of establishing a business relationship or con- ducting transactions for occasional customers. Countries may permit financial institutions to complete the verification as soon as reasonably practicable fol- lowing the establishment of the relationship, where the money laundering risks are effectively managed and where this is essential not to interrupt the normal conduct of business. Where the financial institution is unable to comply with paragraphs (a) to (c) above, it should not open the account, commence business relations or perform the transaction; or should terminate the business relationship; and should con- sider making a suspicious transaction report in relation to the customer. These requirements should apply to all new customers, though financial insti- tutions should also apply this Recommendation to existing customers on the basis of materiality and risk, and should conduct due diligence on such existing relationships at appropriate times. Appendix J: FATF Recommendation 9 Countries may permit financial institutions to rely on intermediaries or other third parties to perform elements (a)­(c) of the CDD process or to introduce business, provided that the criteria set out below are met. Where such reliance is permitted, the ultimate responsibility for customer identification and verifica- tion remains with the financial institution relying on the third party. The criteria that should be met are as follows: a) A financial institution relying upon a third party should immediately obtain the necessary information concerning elements (a)­(c) of the CDD process. Financial institutions should take adequate steps to satisfy themselves that copies of identification data and other relevant documentation relating to the CDD requirements will be made available from the third party upon request without delay. b) The financial institution should satisfy itself that the third party is regulated and supervised for, and has measures in place to comply with CDD require- ments in line with Recommendations 5 and 10. It is left to each country to determine in which countries the third party that meets the conditions can be based, having regard to information available on countries that do not or do not adequately apply the FATF Recommendations. Interpretative Note to Recommendation 9 This Recommendation does not apply to outsourcing or agency relationships. This Recommendation also does not apply to relationships, accounts or trans- actions between financial institutions for their clients. Those relationships are addressed by Recommendations 5 and 7. 57 Appendix K: FATF Recommendation 6 Financial institutions should, in relation to politically exposed persons, in addi- tion to performing normal due diligence measures: a) Have appropriate risk management systems to determine whether the cus- tomer is a politically exposed person. b) Obtain senior management approval for establishing business relationships with such customers. c) Take reasonable measures to establish the source of wealth and source of funds. d) Conduct enhanced ongoing monitoring of the business relationship. Interpretative Note to Recommendation 6 Countries are encouraged to extend the requirements of Recommendation 6 to individuals who hold prominent public functions in their own country. 58 Appendix L: FATF Recommendation 7 Financial institutions should, in relation to cross-border correspondent bank- ing and other similar relationships, and in addition to performing normal due diligence measures: a) Gather sufficient information about a respondent institution to understand fully the nature of the respondent's business and to determine from pub- licly available information the reputation of the institution and the quality of supervision, including whether it has been subject to a money laundering or terrorist financing investigation or regulatory action. b) Assess the respondent institution's anti­money laundering and terrorist financing controls. c) Obtain approval from senior management before establishing new corre- spondent relationships. d) Document the respective responsibilities of each institution. e) With respect to "payable-through accounts," be satisfied that the respondent bank has verified the identity of and performed on-going due diligence on the customers having direct access to accounts of the correspondent and that it is able to provide relevant customer identification data upon request to the correspondent bank. 59 Appendix M: FATF Recommendation 8 Financial institutions should pay special attention to any money laundering threats that may arise from new or developing technologies that might favour anonymity, and take measures, if needed, to prevent their use in money laun- dering schemes. In particular, financial institutions should have policies and procedures in place to address any specific risks associated with non-face-to-face business relationships or transactions. 60 Appendix N: FATF Recommendation 12 The customer due diligence and recordkeeping requirements set out in Recommenda- tions 5, 6, and 8 to 11 apply to designated non-financial businesses and professions in the following situations: a) Casinos--when customers engage in financial transactions equal to or above the applicable designated threshold. b) Real estate agents--when they are involved in transactions for their client con- cerning the buying and selling of real estate. c) Dealers in precious metals and dealers in precious stones--when they engage in any cash transaction with a customer equal to or above the applicable designated threshold. d) Lawyers, notaries, other independent legal professionals and accountants when they prepare for or carry out transactions for their client concerning the following activities: · buying and selling of real estate; · managing of client money, securities or other assets; · management of bank, savings or securities accounts; · organisation of contributions for the creation, operation or management of companies; and · creation, operation or management of legal persons or arrangements, and buy- ing and selling of business entities. e) Trust and company service providers when they prepare for or carry out transactions for a client concerning the activities listed in the definition in the Glossary. Interpretative Note to Recommendations 5, 12, and 16 The designated thresholds for transactions (under Recommendations 5 and 12) are as follows: · Financial institutions (for occasional customers under Recommendation 5) - USD/ EUR 15,000. · Casinos, including internet casinos (under Recommendation 12) - USD/EUR 3,000. · For dealers in precious metals and dealers in precious stones when engaged in any cash transaction (under Recommendations 12 and 16) - USD/EUR 15,000. Financial transactions above a designated threshold include situations where the transaction is carried out in a single operation or in several operations that appear to be linked. 61 Appendix O: FATF Recommendation 18 Countries should not approve the establishment or accept the continued opera- tion of shell banks. Financial institutions should refuse to enter into, or continue, a correspondent banking relationship with shell banks. Financial institutions should also guard against establishing relations with respondent foreign financial institutions that permit their accounts to be used by shell banks. 62 Appendix P: FATF Recommendation 21 Financial institutions should give special attention to business relationships and transactions with persons, including companies and financial institutions, from countries that do not or insufficiently apply the FATF Recommendations. Whenever these transactions have no apparent economic or visible lawful purpose, their background and purpose should, as far as possible, be examined, the findings established in writing, and be available to help competent authori- ties. Where such a country continues not to apply or insufficiently applies the FATF Recommendations, countries should be able to apply appropriate countermeasures. 63 Appendix Q: FATF Recommendation 22 Financial institutions should ensure that the principles applicable to finan- cial institutions, which are mentioned above, are also applied to branches and majority owned subsidiaries located abroad, especially in countries that do not or insufficiently apply the FATF Recommendations, to the extent that local applicable laws and regulations permit. When local applicable laws and regula- tions prohibit this implementation, competent authorities in the country of the parent institution should be informed by the financial institutions that they can- not apply the FATF Recommendations. 64 Appendix R: FATF Recommendation 11 Financial institutions should pay special attention to all complex, unusual large transactions, and all unusual patterns of transactions, which have no appar- ent economic or visible lawful purpose. The background and purpose of such transactions should, as far as possible, be examined, the findings established in writing, and be available to help competent authorities and auditors. Interpretative Note to Recommendations 10 and 11 In relation to insurance business, the word "transactions" should be understood to refer to the insurance product itself, the premium payment and the benefits. 65 Appendix S: FATF Recommendation 10 Financial institutions should maintain, for at least five years, all necessary records on transactions, both domestic or international, to enable them to comply swiftly with information requests from the competent authorities. Such records must be sufficient to permit reconstruction of individual transactions (including the amounts and types of currency involved if any) so as to provide, if necessary, evidence for prosecution of criminal activity. Financial institutions should keep records on the identification data obtained through the customer due diligence process (e.g. copies or records of official identification documents like passports, identity cards, driving licenses or similar documents), account files and business correspondence for at least five years after the business relationship is ended. The identification data and transaction records should be available to domestic competent authorities upon appropriate authority. Interpretative Note to Recommendations 10 and 11 In relation to insurance business, the word "transactions" should be understood to refer to the insurance product itself, the premium payment and the benefits. 66 Appendix T: FATF Recommendation 13 If a financial institution suspects or has reasonable grounds to suspect that funds are the proceeds of a criminal activity, or are related to terrorist financing, it should be required, directly by law or regulation, to report promptly its suspi- cions to the financial intelligence unit (FIU). Interpretative Note to Recommendation 13 The reference to criminal activity in Recommendation 13 refers to: a) all criminal acts that would constitute a predicate offence for money laun- dering in the jurisdiction; or b) at a minimum to those offences that would constitute a predicate offence as required by Recommendation 1. Countries are strongly encouraged to adopt alternative (a). All suspicious trans- actions, including attempted transactions, should be reported regardless of the amount of the transaction. In implementing Recommendation 13, suspicious transactions should be reported by financial institutions regardless of whether they are also thought to involve tax matters. Countries should take into account that, in order to deter financial institutions from reporting a suspicious transaction, money launderers may seek to state inter alia that their transactions relate to tax matters. 67 Appendix U: FATF Recommendation 14 Financial institutions, their directors, officers and employees should be: a) Protected by legal provisions from criminal and civil liability for breach of any restriction on disclosure of information imposed by contract or by any legislative, regulatory or administrative provision, if they report their suspi- cions in good faith to the FIU, even if they did not know precisely what the underlying criminal activity was, and regardless of whether illegal activity actually occurred. b) Prohibited by law from disclosing that a suspicious transaction report (STR) or related information is being reported to the FIU. Interpretative Note to Recommendation 14 Where lawyers, notaries, other independent legal professionals and accountants acting as independent legal professionals seek to dissuade a client from engaging in illegal activity, this does not amount to tipping off. 68 Appendix V: FATF Special Recommendation IV If financial institutions, or other businesses or entities subject to anti­money laundering obligations, suspect or have reasonable grounds to suspect that funds are linked or related to, or are to be used for terrorism, terrorist acts or by ter- rorist organisations, they should be required to report promptly their suspicions to the competent authorities. FATF Guidance Notes SR IV: REPORTING SUSPICIOUS TRANSACTIONS RELATED TO TERRORISM This Recommendation contains two major elements: · Jurisdictions should establish a requirement for making a report to compe- tent authorities when there is a suspicion that funds are linked to terrorist financing; or · Jurisdictions should establish a requirement for making a report to compe- tent authorities when there are reasonable grounds to suspect that funds are linked to terrorist financing. For SR IV, the term financial institutions refers to both banks and non-bank financial institutions (NBFIs). In the context of assessing implementation of FATF Recommendations, NBFIs include, as a minimum, the following types of financial services: bureaux de change, stockbrokers, insurance companies and money remittance/transfer services. This definition of financial institutions is also understood to apply to SR IV in order to be consistent with the interpretation of the FATF Forty Recommendations. With regard specifically to SR IV, if other types of professions, businesses or business activities currently fall under anti­ money laundering reporting obligations, jurisdictions should also extend terror- ist financing reporting requirements to those entities or activities. The term competent authority, for the purposes of SR IV, is understood to be either the jurisdiction's financial intelligence unit (FIU) or another central authority that has been designated by the jurisdiction for receiving disclosures related to money laundering. 69 70 | Module 3a With regard to the terms suspect and have reasonable grounds to suspect, the distinction is being made between levels of mental certainty that could form the basis for reporting a transaction. The first term--that is, a requirement to report to competent authorities when a financial institution suspects that funds are derived from or intended for use in terrorist activity--is a subjective standard and transposes the reporting obligation called for in FATF Recommendation 15 to SR IV. The requirement to report transactions when there are reason- able grounds to suspect that the funds are derived from or intended for use in terrorist activity is an objective standard, which is consistent with the intent of Recommendation 15 although somewhat broader. In the context of SR IV, jurisdictions should establish a reporting obligation that may be based either on suspicion or on having reasonable grounds to suspect. Appendix W: FATF Recommendation 16 The requirements set out in Recommendations 13 to 15, and 21 apply to all designated non-financial businesses and professions, subject to the following qualifications: a) Lawyers, notaries, other independent legal professionals and accountants should be required to report suspicious transactions when, on behalf of or for a client, they engage in a financial transaction in relation to the activities described in Recommendation 12(d). Countries are strongly encouraged to extend the reporting requirement to the rest of the professional activities of accountants, including auditing. b) Dealers in precious metals and dealers in precious stones should be required to report suspicious transactions when they engage in any cash transaction with a customer equal to or above the applicable designated threshold. c) Trust and company service providers should be required to report suspicious transactions for a client when, on behalf of or for a client, they engage in a transaction in relation to the activities referred to Recommendation 12(e). Lawyers, notaries, other independent legal professionals and accountants acting as independent legal professionals are not required to report their suspicions if the relevant information was obtained in circumstances where they are subject to professional secrecy or legal professional privilege. Interpretative Note to Recommendation 16 1) It is for each jurisdiction to determine the matters that would fall under legal professional privilege or professional secrecy. This would normally cover information lawyers, notaries or other independent legal profession- als receive from or obtain through one of their clients: (a) in the course of ascertaining the legal position of their client, or (b) in performing their task of defending or representing that client in, or concerning judicial, administrative, arbitration or mediation proceedings. Where accountants are subject to the same obligations of secrecy or privilege, then they are also not required to report suspicious transactions. 2) Countries may allow lawyers, notaries, other independent legal profession- als and accountants to send their STR to their appropriate self-regulatory organisations, provided that there are appropriate forms of co-operation between these organisations and the FIU. 71 72 | Module 3a Interpretative Note to Recommendations 5, 12, and 16 The designated thresholds for transactions (under Recommendations 5 and 12) are as follows: · Financial institutions (for occasional customers under Recommendation 5) - USD/EUR 15,000. · Casinos, including internet casinos (under Recommendation 12) - USD/ EUR 3,000. · For dealers in precious metals and dealers in precious stones when engaged in any cash transaction (under Recommendations 12 and 16) - USD/EUR 15,000. Financial transactions above a designated threshold include situa- tions where the transaction is carried out in a single operation or in several operations that appear to be linked. Appendix X: Red flags Banking sector GENERAL SIGNS · Smurfing: Customers depositing small amounts of cash on different succes- sive occasions, in such a way that on each occasion the amount involved is not significant, but all together the total equals a very large amount, a practice known as "smurfing" · Customers not acting on their own behalf and refusing to reveal the true identity of the beneficiary · Customers and prospective customers providing insufficient, false, or suspi- cious information, or information that is difficult or expensive to verify · Customers refusing to provide information that, under normal circum- stances, would permit access to credit facilities or other valuable banking services · Customers holding several accounts and making cash deposits into each, such that the total amount deposited becomes considerable · Accounts that show virtually no banking activity but are used to receive or pay significant amounts not clearly related to the customer or the custom- er's business · Withdrawals of large amounts from an account previously dormant or inac- tive, or from an account that has just been credited with a large amount unexpectedly from abroad · Customers maintaining accounts with several financial institutions in the same city or town, especially the accounts regularly consolidated prior to a request for a transfer of the funds · The balancing of payments with credits made in cash the same day or the previous day · Frequent deposits and withdrawals to and from accounts consistently in rounded numbers, especially if inconsistent with the known business activ- ity of the customer · Customers who together and simultaneously use separate cashiers to carry out substantial operations in cash or foreign currency · Increased use of safety deposit boxes. Increased banking activity by the per- sons holding the boxes. The depositing and withdrawal of sealed packages · Company representatives avoiding contact with the office 73 74 | Module 3a · Substantial increases in cash deposits or deposits of negotiable instruments by a professional firm or company using accounts opened in the name of the client or a fiduciary company (such as a trust or nominee company), especially if such deposits are quickly transferred to another client account · Insufficient use of the normal advantages offered by banks, such as failing to take advantage of higher interest rates for large balances · Cash deposits by many individuals into the same account without an appro- priate explanation · Purchases or deposits of monetary instruments inconsistent with the busi- ness or profession of the customer · Wire transfer activity that is not consistent with the business or profession of the customer · Immediate conversions of funds transferred into monetary instruments in the name of third parties · A large volume of deposits to one or several accounts with frequent trans- fer of a major portion of the balances to another account(s) at the same or another bank · Many deposits of cashier's checks, money orders, or wire transfers · Simultaneous deposits to a single account made at different branches · Receipt over a short period of several small deposits through transfers, checks, and money orders, followed immediately by a wire transfer of those funds to another location, town, city, or country, leaving only a small bal- ance in the account · Frequent sending and receiving of wire transfers, especially to or from countries considered high risks for money laundering (such as major drug producing and drug transit countries), or with strict banking secrecy laws. Special attention is warranted if such operations occur through small or family-run banks, shell banks, or unknown banks · A discrepancy between the domicile of a customer's account and the ser- vice area of the branch in which the customer normally transacts · Large deposits by customers who claim that the funds are lottery or casino winnings · Unusually large deposits or withdrawals of cash by an individual or a legal entity whose apparent business activities are normally carried out using checks and other monetary instruments · Substantial increases in cash deposits by any person for no apparent reason, especially if such deposits are subsequently transferred within a short time to a destination not normally associated with the customer · Customers seeking to change large quantities of notes of small denomi- nation for larger ones, or frequently changing large amounts of cash into foreign currency · Transfers of large amounts of money to or from abroad, with instructions that payment be made in cash Regulatory and Institutional Requirements for AML/CFT | 75 · Deposits of large amounts of cash using night safes, thus avoiding direct contact with bank personnel · Frequent or large cash exchanges of local currency into foreign currency or vice versa, without any apparent connection with the professional or com- mercial activity of the customer · Frequent cash deposits, over the counter or via the night depository, or cash withdrawals of large amounts, without any apparent justification in terms of the type and volume of the business in question · Proposals for large operations involving the sale of foreign bank notes (usually U.S. dollars) or checks drawn in foreign currency against local currency, made by persons claiming to be intermediaries or commission agents and who on occasion claim to have contacts with the local authorities or the tacit approval of the central bank with respect to the carrying out of such operations · Frequent deposits of large amounts of foreign currency MONEY LAUNDERING THROUGH LOANS WITH OR WITHOUT COLLATERAL · Loans without a clear purpose · Customers unexpectedly paying off problem loans, without indication of the origin of the funds · Loans completely or partially paid off in cash, foreign currency, or other instruments in which the issuer is not revealed · Loans repaid with funds deposited in another institution by third parties, the origin of which is unknown or the value of which bears no relation with the customer's known situation · A request for a loan backed by assets deposited in the financial entity or by third parties, the source of which is unknown or the value of which has no relation to the situation of the customer · A request for financing, when the source of the financial contribution of the customer with respect to a business is unclear, particularly if real estate is involved · Loans guaranteed by third parties with no apparent relation to the customer · Loans secured by property that will be disbursed in another jurisdiction · Requests for credit facilities from little-known customers who offer guaran- tees in cash, financial assets, foreign currency deposits, or foreign bank guar- antees, and whose business bears no relation to the object of the operation · Default on credit used for legal trading activities, or transfer of such credits to another company, person, or entity, without any apparent justification, leaving the bank to enforce the guarantee backing the credit · Letters of credit documenting imports and exports but with no information regarding the importer or exporter, in violation of established standards · The use of standby letters of credit to guarantee loans granted by foreign financial entities, without any apparent economic justification 76 | Module 3a MONEY LAUNDERING THROUGH OFFSHORE ACTIVITIES · Customers who frequently conduct operations with companies or finan- cial institutions located in countries with strict secrecy laws and without adequate supervisory or regulatory structures · A customer introduced by a foreign branch, affiliate, or bank based in a country where drug production or trafficking is frequent · The use of letters of credit and other offshore mechanisms for moving money between countries where such activity bears no relation to the cus- tomer's normal business · Use of back-to-back loans, where deposits securing the loans are made in offshore entities, while the loans are granted and disbursed to parties in another jurisdiction · Use by customers of cash-secured international credit cards issued by offshore entities, and frequent use of ATM or other banking facilities to withdraw cash · The creation of large balances in accounts that are not consistent with the customer's business, and subsequent transfers to accounts offshore · Electronic funds transfers, without explanation by customers, involving an immediate deposit and withdrawal from the account or even without pass- ing through an account (for example, through the use of omnibus, suspense, or consolidation accounts) · Use of "payable-through" accounts, where the beneficiaries of the accounts are unknown or where they are clients of offshore entities with strict secrecy laws · Frequent requests for traveler's checks, foreign denomination drafts, or other negotiable instruments without a clear purpose · Frequent deposits in an account of traveler's checks or foreign denomina- tion drafts, especially if originating from abroad without a clear purpose · Frequent deposits to customer accounts originating from casas de cambios in countries with inadequate regulations, especially where the customer is a broker or acting as an intermediary for others · Customers depositing loan proceeds borrowed from offshore institutions under participation agreements, nominee, or trust arrangements, and where the source of the funds is unknown · Cash deposits from offshore correspondent banks, where the frequency and volume of deposits are substantial in view of the size, nature, and location of the client bank ACCOUNTS UNDER INVESTIGATION OR LEGAL PROCEEDINGS · Accounts under official investigation or served with legal process, seizure, or restraining orders, or other action relating to fraud or money laundering, by competent national or foreign authorities · Accounts that are the source or receiver of significant funds related to an account or person under investigation or the subject of legal proceedings in Regulatory and Institutional Requirements for AML/CFT | 77 a court or other competent national or foreign authority in connection with fraud or money laundering · Accounts controlled by the signatory of another account that is under inves- tigation or the subject of legal proceedings by a court or other competent national or foreign authority in connection with fraud or money laundering, in the country or abroad Insurance sector INSURANCE SECTOR­SPECIFIC SIGNS · Application for a policy from a potential client in a distant place where a comparable policy could be provided closer to home · Application for business outside the policyholder's normal pattern of business · Introduction by an agent or intermediary in an unregulated or loosely regulated jurisdiction or where organized criminal activities (such as drug trafficking or terrorist activity) are prevalent · Missing information or delay in the provision of information to enable verifications · Transactions involving an undisclosed party · Early termination of a product, especially at a loss caused by front-end loading, or where cash was tendered or the refund check is made out to a third party · A transfer of the benefit of a product to an apparently unrelated third party · Requests for a large purchase of a lump-sum contract, where the policy- holder's experience is with contracts involving small, regular payments · Attempts to use a third-party check to make a proposed purchase of a policy · Applicant for insurance shows no concern for the performance of the policy but intense concern over early cancellation of the contract · Applicant attempts to use cash to complete a proposed transaction when this type of business transaction would normally be handled by checks or other payment instruments · Applicant requests to make a lump-sum payment by a wire transfer or with foreign currency · Applicant is reluctant to provide normal information when applying for a policy, providing minimal or fictitious information or information that is dif- ficult or expensive for the institution to verify · Applicant appears to have policies with several institutions · Applicant purchases policies in amounts considered beyond the customer's apparent means · Applicant establishes a large insurance policy and within a short time can- cels the policy and requests the cash value refunded to a third party · Applicant seeks to borrow the maximum cash value of a single premium policy soon after paying for the policy · Applicant uses a mailing address outside the insurance supervisor's jurisdic- tion and where the home telephone has been disconnected · "Churning" at the client's request 78 | Module 3a MONEY LAUNDERING INVOLVING EMPLOYEES OR OFFICIALS OF FINANCIAL INSTITUTIONS · Unexplained changes in an employee's behavior--for example, a lavish lifestyle, avoidance of holidays, association with known drug traffickers or criminals · Significant and abnormal changes in performance by an employee, such as a large increase in cash sales · Refusals to accept promotions, transfers, or changes in an employee's duties and responsibilities · Arrangements made by an employee to supply the institution's services or products to an unknown or concealed final beneficiary, contrary to normal operating procedures on identification and source of funds · An unusually high level of single-premium business · Use by employees of their own business address for the "delivery of cus- tomer documentation" Securities sector­specific signs · Lack of concern by customers about risks, commissions, or other transaction costs · Customers who have difficulty describing the nature of his or her business or lack general knowledge of their industry · Customers who, for no apparent reason, maintain multiple accounts under a single name or multiple names, with a large number of inter account or third-party transfers · Purchases of securities to be kept in custody by the financial institution, where the operation appears to be inconsistent with the customer's business · Requests from customers for investment handling services, in foreign cur- rency or securities, where the source of funds is not clear or is inconsistent with the customer's known business · Security transactions through a trust or similar intermediary, characterized by substantial cash transactions or transactions made through an offshore entity bearing no relation to the customer's business · Purchases by customers of bearer shares, especially if issued by offshore entities · Purchase and sale of financial instruments without any apparent purpose or in unusual circumstances · Introduction by a broker or intermediary in an unregulated or loosely regulated jurisdiction or where organized crime (drug trafficking, terrorist activity) is prevalent · Missing information or delay in providing information for verifications · Transactions involving an undisclosed party · Customer attempts to use cash to complete a proposed transaction when the transaction would normally be handled by check or another method of payment Regulatory and Institutional Requirements for AML/CFT | 79 · Customers who exhibit unusual concern about the firm's compliance with government reporting requirements or about the firm's AML policies, particularly with respect to customers' identity, type of business, and assets; customers who are reluctant or refuse to reveal any information about busi- ness activities, or who furnish unusual or suspect identification or business documents · Customers who engage in transactions that lack business sense or apparent investment strategy, or that are inconsistent with the customer's stated busi- ness strategy · Customers who make deposits for the purpose of purchasing a long-term investment, followed shortly thereafter by a request to liquidate the posi- tion and transfer of the proceeds from the account · Accounts that show an unexplained level of account activity with very low levels of securities transactions · Inactive accounts that suddenly show large investments inconsistent with the normal investment practice of the client or the client's financial ability · Clients who attempt to purchase investments with cash · Clients who wish to purchase investments with money orders, traveler's checks, cashiers checks, bank drafts, or other bank instruments, especially in amounts that are slightly less than $10,000, where the transaction is inconsistent with the normal investment practice of the client or the client's financial ability · Clients who use securities or futures brokerage firms as a place to hold funds that are not being used to trade in securities or futures, where such activity is inconsistent with the normal investment practice of the client or the client's financial ability · Clients who are willing to deposit or invest at rates that are not advanta- geous or competitive DNFBPs ACCOUNTANTS · Clients who appear to be living beyond their means · Clients whose business activity is inconsistent with industry averages or financial ratios · Clients whose checks are inconsistent with sales (indicating unusual pay- ments from unlikely sources) · Clients who change bookkeepers or accountants yearly · Clients who are uncertain about the location of company records · Companies that carry nonexistent or satisfied debt that is continually shown as current on financial statements · Companies that have no employees, when having no employees is unusual for the type of business · Companies that are paying unusual consulting fees to offshore companies 80 | Module 3a · Company records that consistently reflect sales at less than cost, thus put- ting the company into a loss position, while the company continues to oper- ate without reasonable explanation of the continued loss · Company shareholder loans that are not consistent with business activity · Misstatements of business activity that cannot be readily traced through the company books · Large payments to subsidiaries or similarly controlled companies that are not within the normal course of business · Companies that acquire large personal and consumer assets (boats, luxury automobiles, personal residences, vacation property) when this type of transaction is inconsistent with the ordinary business practice of the client or the practice prevailing in that particular industry · Companies that receive invoices from organizations located in countries with inadequate money laundering laws or highly secretive banking and cor- porate laws (tax havens) REAL ESTATE BROKERS · Clients who arrive at a real estate closing with a significant amount of cash · Clients who purchase property in the name of a nominee such as an associ- ate or a relative (other than a spouse) · Clients who do not want to put their name on any document that would connect them with the property, or who use different names on offers to purchase, closing documents, and deposit receipts · Clients offering unpersuasive explanations for a last-minute substitution of the purchasing party's name · Clients who negotiate a purchase for market value or above the asking price, but who then record a lower value on documents, paying the differ- ence under the table · Clients who sell property below market value but who demand an addi- tional payment under the table · Clients who make their initial deposit using a check from a third party (other than a spouse or a parent) · Clients who make a substantial down payment in cash, while the balance is financed by an unusual source or offshore bank · Clients who purchase personal property under the corporate veil when this type of transaction is inconsistent with the ordinary business practice of the client · Clients who purchase property without inspecting it · Clients who purchase multiple properties over a short period and seems to have few concerns about the location, condition, or anticipated repair costs · Clients who make rental or lease payments in advance using a large amount of cash Regulatory and Institutional Requirements for AML/CFT | 81 · Clients known to have paid large remodeling or home improvement invoices with cash, on a property for which property management services are provided · Requests for financing, when the source of the customer's financial contri- bution to a business is unclear, particularly if real estate is involved CASINOS · Any casino transaction of $3,000 or more, when an individual receives payment in casino checks made out to third parties or without a specified payee · Clients who request their winnings check in a third party's name · Acquaintances who bet against each other in even-money games, where it appears that they are intentionally losing to one of the party · Clients who attempt to avoid filing a cash report by breaking up the trans- action · Clients who request checks that are not for gaming winnings · Clients who inquire about opening an account with the casino or about the possibility of transferring funds to other locations, when the client is not a regular, frequent, or high-volume player · Clients who purchase large volumes of chips with cash, participate in lim- ited gambling activity with the intention of creating a perception of signifi- cant gambling, and then cash in the chips for a casino check · Clients who exchange small bank notes for large, or who use small bills to purchase chips, vouchers, or checks · Clients who are known to use multiple names · Clients who request that their winnings be transferred to the bank account of a third party or to a country known to be a source of drugs, or to a coun- try that has no effective anti­money laundering system TRUSTS · Naming of a foreign individual or legal entity not fully identified to the bank as beneficiary of a trust that owns real or other property · Contribution of property to a trust without identifying the contributor or the source of the contributor's funds · Trusts without a clear purpose, such as "Star" or purpose trusts · Trusts holding property that consists of companies registered in offshore jurisdictions, especially where shares are in bearer form and the source and amount of company assets are unknown · Failure of the trust declaration or deed to convey substantive control of trust property to the trustee, and where control rests with other parties, such as the maker of the trust or its beneficiaries Appendix Y: FATF Recommendation 19 Countries should consider the feasibility and utility of a system where banks and other financial institutions and intermediaries would report all domestic and international currency transactions above a fixed amount, to a national central agency with a computerised data base, available to competent authorities for use in money laundering or terrorist financing cases, subject to strict safeguards to ensure proper use of the information. 82 Appendix Z: FATF Recommendation 15 Financial institutions should develop programmes against money laundering and terrorist financing. These programmes should include: a) The development of internal policies, procedures and controls, including appropriate compliance management arrangements, and adequate screening procedures to ensure high standards when hiring employees. b) An ongoing employee training programme. c) An audit function to test the system. Interpretative Note to Recommendation 15 The type and extent of measures to be taken for each of the requirements set out in the Recommendation should be appropriate having regard to the risk of money laundering and terrorist financing and the size of the business. For financial institutions, compliance management arrangements should include the appointment of a compliance officer at the management level. 83 Appendix AA: FATF Recommendation 17 Countries should ensure that effective, proportionate and dissuasive sanctions, whether criminal, civil or administrative, are available to deal with natural or legal persons covered by these Recommendations that fail to comply with anti­ mone laundering or terrorist financing requirements. 84 Answers 86 | Module 3a Module 3a Answers Answer 1 (a) Minimum Answer 2 (c) Both Answer 3 (b) False Answer 4 (b) False Answer 5 (a) True Answer 6 To conduct effective supervision for AML/CFT, it is important that there are clear laws and rules as to who is responsible for such supervision. Where super- vision is conducted by the traditional supervisory agencies (e.g., Central Bank), the preconditions for effective supervision need to be in place. These include issues such as the operational autonomy of the regulator as well as an appropri- ate legal framework for supervision that provides reasonable supervisory and enforcement powers and access to information. Supervisors also need to have the necessary resources, both in terms of trained professional staff and funding, to enable proper supervision. Legal protection for the supervisors is also a key element for effective supervision when they carry out their duties in good faith. Supervisory authorities should be given a legal authority to license, supervise, and sanction financial institutions, whenever necessary. Answer 7 Principal Financial Sectors: 1) Banking sector 2) Insurance sector (life insurance and any other investment-related insurance policies and products) 3) Securities sector including collective investment schemes. This sector is not always present or significant in a large number of developing countries Regulatory and Institutional Requirements for AML/CFT | 87 4) Leasing and finance companies 5)Money remittance and exchange business 6) Other Other Sectors: DNFBPs 1) Casinos, including Internet casinos 2) Real estate agents 3) Dealers in precious metals and stones 4) Lawyers, notaries, accountants, and other independent legal professionals 5) Trust and Company Services Providers, mainly for offshore financial centers (See Glossary in the FATF Recommendations for Financial Institutions and Designated Non-financial Businesses and Professions) Answer 8 1) Financial sector supervisors, e.g., Central Bank, Financial Regulatory Com- mission, Superintendence of Banks and other financial institutions, Securi- ties Commission, Insurance Supervisor, Supervisor for Cooperatives and Credit Unions, Customs and Tax authorities, etc. Please note that some countries have integrated supervisory agencies that supervise the principal financial sectors. 2) Financial Intelligence Unit (FIU). In some countries, the FIU supervises AML/CFT compliance among all covered entities, while in other countries this role is shared with the traditional supervisory agencies and the FIU supervises only those not covered by the supervisors; supervision is not, however, considered a core function of FIUs. A key issue to consider, irrespective of those who conduct supervision, is the need to establish effective coordination and cooperation among the various agencies involved in AML/CFT efforts. Answer 9 Neither the governor of the Central Bank nor the head of the FIU should pro- vide such information unless it is a legitimate request in accordance with the law. Ordinarily such requests would come from the FIU, police, prosecution, or judicial authorities in accordance with established procedures and the law. Providing such information to the minister, especially if he/she is not authorized to request it under the AML/CFT laws, could open the possibility of legal action against the Central Bank and the FIU. It is obvious that the minister may use the information, by leaking it to the public, to gain political advantage over his/her opponents in the coming election. Supervisors, including FIUs with supervisory duties, should consider if they have been confronted with similar situations and how it was handled. 88 | Module 3a Answer 10 No, for the reasons cited in answer 9. It may be in breach of the law and would certainly raise questions in the eyes of the financial institutions receiving the request. Answer 11 If the information is provided to the minister and he/she is entitled under the law to receive it, the information will likely be used for political purposes. The Central Bank and the FIU, having advance knowledge of this situation, could be seen as not acting in good faith and would therefore be subject to legal action. Moreover, the credibility and reputation of both the Central Bank and the FIU would be irreparably damaged in the eyes of the financial sector, the public, and other concerned local and international organizations. It would also bring into question the operational autonomy of both institutions, an important prereq- uisite for their effectiveness and credibility. Additionally, if the information is provided and there is a change in government, it is foreseeable that the incom- ing administration would take action against officials of both agencies, damag- ing their viability and effectiveness. At the very least, fining the governor of the Central Bank and the head of the FIU could be justified because they did not act in good faith and probably violated the law. If the information is not provided, the minister could dismiss or remove both the governor of the Central Bank and the head of the FIU; however, this could be challenged in court. Answer 12 According to the Basel Committee, a "customer" is: a) a person or entity who maintains an account with a financial institution or on whose behalf an account is maintained (i.e., beneficial owners); b) beneficiaries of transactions conducted by professional intermediaries (e.g., agents, accountants, lawyers); c) a person or entity connected with a financial transaction, who can pose a significant risk to the bank. Depending on the laws, regulations, and guidelines for each country and for purposes of due diligence, "customer" includes occasional customers who do not maintain accounts--e.g., a walk-in client who buys traveler's checks or drafts. With respect to companies, the "customer" includes those who are authorized to act on behalf of, or have the power to bind, a company. Identification would also be required of "customers" who are principal shareholders or controlling persons in private companies (beneficial owners). Regulatory and Institutional Requirements for AML/CFT | 89 In legal arrangements such as common law trusts, the customer would be the settler of the trust (person transferring property to the trustee), the trustee, and, where applicable, the beneficiaries. Answer 13 For financial institutions conducting KYC, a common challenge is ascertaining whether a customer is acting on his or her own behalf or on behalf of inter- mediary clients and beneficiaries who are not identified in the documents that are maintained or requested by the financial institution. When there is reason to believe a customer is acting on behalf of another, appropriate due diligence measures should be employed. Because legal entities and arrangements (e.g., corporations, foundations, and trusts) often involve tiered ownership, it is impor- tant to establish the ultimate beneficiaries of accounts or transactions. In this case, appropriate due diligence measures should be used to determine the iden- tity of owners and controllers of companies--e.g., parent or controlling entities, including those persons authorized to bind or to act on behalf of such entities. Accordingly in the case of the above question, the lawyer could be asked in what capacity he or she is acting for the company--e.g., as shareholder, direc- tor, or authorized representative. Either way he or she would be identified as a customer. If the lawyer is acting as a representative, the bank should inquire for whom he or she is acting and in what capacity. Answer 14 When clients are acting as trustees, the financial institution should learn the identity of those who contribute assets and those who benefit. Are there other parties involved in the transactions? Who has the power to decide on distribu- tions of trust property? Sometimes there are not specifically named benefi- ciaries, as in purpose and charitable trusts. The three main parties to a trust relationship, according to common law, are usually the following: 1) Settler: the person who contributes property to the trust 2) Trustee: the person who administers the trust property 3) Beneficiaries: the persons who are identified as benefiting from the property held in trust Following are examples of the kind of information to request: · Does the company form part of the trust property? · What is the purpose of the trust? · Who is the settler of the trust--that is, who provided the assets/property? · If known, who are the beneficiaries of the trust? · What is the source of the property being settled into the trust? · Copies of the trust documents--e.g., trust deed 90 | Module 3a Answer 15 It is unlikely the plumber is a high-risk customer given his/her profession and sector. The risk profile could be elevated if the plumber engages in other busi- ness or professional activities considered high risk--e.g., he/she is also in the currency exchange business. Possible questions and information could include: · Identification documents · Address and place of business if any, including a copy of rent, telephone, utility and/or tax bills, etc., to confirm address · Copies of past and current business contracts to ascertain source and amount of funds · Purpose and expected use of the account · Other, depending on country Answer 16 This could be a high-risk customer depending on the country and region of operation. More care should be taken with this client because the company deals with individuals from other countries. There should be more concern if this client's country is on the FATF/NCCT list. Trade-related money launder- ing is considered significant, and in this case, the re-export business needs closer analysis and scrutiny. In addition to the normal identification of the company, its representative, principal directors, and controlling shareholders, the following information could help establish the risk profile of the client. · Where is the company incorporated and does it have other affiliates in the country and abroad? · Has the company issued bearer shares? If so, who has custody of the shares? · How long has the company been in operation? · From what country does the company import the equipment? · To what country does the company export the equipment? · Does the company re-invoice its exports? · Does the company use free-trade zone in its import/export business? · Copy of financial statements · Other Answer 17 Risk factors: · Political person requiring enhanced due diligence--a minister of finance in control of his/her country's finances · Country known to be corrupt based on Transparency International rating · Transaction may have no apparent economic/lawful purpose Regulatory and Institutional Requirements for AML/CFT | 91 Information requirements: · Because client is a PEP senior management, approval is necessary for the establishment of a business relationship; take reasonable measures to pin- point the source of wealth and funds and conduct ongoing monitoring of the business relationship. · Identification documentation · Evidence of address · Bankers and professional references · Copies of salary or wage checks and receipts · Tax returns · Other information, depending on country Other sources of information: · FATF/NCCT list · UN sanctions terrorist list · EU blacklist for country or national blacklist Questions to ask in addition to normal identification requirements: · Why did he/she choose your country and bank? · Salary and other sources of income and wealth. This especially needs to be verified. · Banking references · Copy of last tax return and declaration of assets to his/her government, if applicable · How and from where will the money be transferred to your bank? Answer 18 The bank should already have all the customer identification records for the client. The records required in this case would be the copy of the draft sold, including the paid copy, and the manner in which it was purchased. It will only be necessary to have sufficient records to reconstruct the paper trail, including who was paid with the bank draft and where it was deposited. Answer 19 a) This client usually would not raise much concern given the small amount involved. The records about the bank draft would be kept on file along with any form needed to fulfill national requirements. A copy of the person's identification document would probably be required, along with the pur- chase documentation. b) This customer is obviously structuring his/her transactions to avoid the filing of a large transaction report. Structuring large amounts in this fash- ion should raise a red flag for possible money laundering or other illicit activities, and it should attract the full range of CDD and record keeping. It 92 | Module 3a would provide a cause for filing a suspicious activity report to the FIU and the report should be kept on file. Answer 20 Banks (deposits): · High volume of deposits and withdrawals that are inconsistent with the expected turnover · High use of cash when the business/profession of the client suggests that use of cash should not be the norm · Numerous small deposits followed by large single withdrawals for no appar- ent reason · Large single deposits followed by numerous small withdrawals for no appar- ent reason · Use of foreign currency when the business or profession of the client does not indicate a foreign currency source · Payments out of the account to persons who appear unrelated to the cus- tomer's needs · Multiple transfers/deposits from other branches of a bank on a periodic basis, followed by large single transfers out of the account · Others Answer 21 Both the employee and the bank were aiding and abetting money laundering-- the former for advising the customers to use a safety deposit box to structure their transactions, bypassing internal bank controls, and the latter for failing to install a satisfactory anti­money laundering program that would detect structur- ing and unethical actions on the part of an employee. Answer 22 Funds transferred in a lump sum from a known and seemingly reputable U.S. law firm; both the realtor and the bank will benefit from the business transac- tion. Once the funds are received and the property purchased, none of the parties involved will have a commercial reason to track the turnover of the property and the disposal of sales proceeds. Other institutions, in Utopia or else- where, will receive or invest the proceeds from the resale of the property. This scheme is often referred to as a "real estate flip." Answer 23 1) Utopia casa de cambio: This was the first entry point and the place where CDD should be conducted. The funds should not have been wired without first establishing the identity of the customer and the business purpose of the transactions. Regulatory and Institutional Requirements for AML/CFT | 93 2) U.S. broker. The broker should have insisted that the identity of the ordering party be established (not that of the casa de cambio), and ascertain if there was a connection between the ordering party and the beneficiary/recipient. 3) The U.S. bank should know if the broker has adequate AML/CFT controls to provide assurance that it knows its clients. The bank should place little or no reliance on the broker if he/she is not covered by the AML/CFT laws. The underlying clients should be identified with certainty or there would be no way to ascertain the legitimacy of transfers to a Caribbean offshore bank account. 4) The Caribbean offshore bank should have questioned the need for an immediate loan against the deposit and verified if there was a connection between the depositor and borrower. Answer 24 Suspicion should not be automatic but does merit a closer look at the account. Comparison with similar video store accounts may be helpful. Answer 25 Why are the deposits more frequent? Answer 26 Yes. Why did "profits" suddenly increase when there was little growth in the past three years? Are there any obvious reasons? Answer 27 This might be a situation where the cash-based business is commingling illicit funds with legitimate bank deposits. The situation calls for further inquiry and research; perhaps a routine visit to the place of business or routine questions about the business operation will clarify the situation. If the change in deposit behavior is unexplained or if explanations/information are unsatisfactory, the bank may consider making a report to the FIU. Answer 28 · A warning, which can include a letter or the use of moral persuasion, for example, in private meetings with the management of an institution · A monetary fine, the amount being commensurate with the magnitude and frequency of infraction, or dependent on the determination of negligence, recklessness, or willful blindness to the duty to comply · A prohibition or suspension to hold management or directorship positions in an institution (this can be either temporary or permanent but should be proportionate to the breach) 94 | Module 3a · A public censure through a statement or advertisement in the media, either electronic or print (naming and shaming strategy) · Restriction on business activities pending corrective measures, including cease-and-desist orders · A letter of commitment or memorandum of understanding where the entity or person promises to undertake certain corrective measures · Cancellation or revocation of authorization to operate, often referred to as the "nuclear option" or the "death penalty" · Court action Answer 29 · A warning · Public censure and fine · Temporary suspension of license to practice or conduct business · Permanent cancellation of license to practice or conduct business. Answer 30 1) Financial crimes, including money laundering and terrorist financing, dam- age the reputation of financial systems. This in turn can put the financial condition of those affected at risk and result in losses to the public. 2) Loss of a financial system's reputation can adversely affect investments, including foreign direct investment. 3) Financial institutions, including banks, can be denied access to the inter- national payment systems, thereby harming the local financial system and economy. 4) Money laundering and terrorist financing attracts criminals to a financial sys- tem and allows them to operate freely and promote illegal activities. 5) Money laundering and financing terrorism place the economy and the secu- rity of the country at risk. 6) Currencies and interest rates can be distorted by money launderers' invest- ment practices. 7) Institutions that accept illegal funds cannot rely on those funds as a stable deposit base. 8) Money laundering may distort some sectors and create instability in mar- kets. Answer 31 1) At-risk reputations of a financial institution result in loss of public confi- dence 2) Legal and financial risks associated with defending against money launder- ing/financing terrorism charges and investigations, which can also lead to the seizure of correspondent bank accounts abroad 3) Regulatory risk associated with sanctions taken by the supervisory authori- ties, including the revocation of licenses Regulatory and Institutional Requirements for AML/CFT | 95 4) The termination of various banking facilities 5) Loan losses owing to fewer numbers of high-quality borrowers 6) Deposits placed in a bank by a money launderer are not stable sources of funding 7) Noncompliant institutions can be fined or have their license revoked 8) Institutions can become the property of criminals Answer 32 The principal agencies that interact and cooperate with financial sector super- visors are generally at the domestic level (answers depend on country and the assigned authority of supervisor): 1) Financial intelligence units--by ensuring that financial institutions have proper control and monitoring systems in place to detect and report suspi- cious activities to the FIU. This ensures that the quality of reports sent to the FIU is high and avoids overburdening the analytical capacity of the FIU with inadequate reports. 2) Investigative and prosecution authorities--to provide technical and profes- sional advice and support. Financial sector regulators are knowledgeable about the financial sector and its operations and can provide expert advice and testimony for prosecution of ML/FT cases. 3) Regulators often have access to overseas regulators on a formal (e.g., through memoranda of understanding) or informal basis, which is useful for regulators in the investigation of money laundering and financing of terrorism. There are, of course, limits and restrictions on cooperation and on the use of information provided by the regulator, particularly with regard to information subject to confidentiality provisions--e.g., client account information. Answer 33 ML/FT risks vary across countries and sectors. Each area should assess the degree of risk facing the financial and business sectors and implement the appropriate control mechanisms. Please note that certain sectors are more vulnerable than others to certain stages of the money laundering/financing ter- rorism processes. Examples of high-risk areas, which could vary from country to country, are 1) banks and trusts; 2) money exchange and remittance businesses (e.g., casas de cambio); 3) real estate; 4) dealers in high-value items (e.g., cars, boats, precious metals and stones, etc.) 5) casinos; 6) high cash-volume businesses (e.g., horse racing, mass entertainment events); and 7) other. 96 | Module 3a Answer 34a Red flags include: · Beginning and ending balances are the same. This suggests use of the account as "pass through" with debits equal to credits. · Multiple large deposits (Jan. 5, 12, 13, 15, 20, 21) followed by single large withdrawals. This pattern could indicate structuring and needs to be com- pared with the customer profile to check for consistency with the expected use of the account. · The cash deposits and wire transfers need not be considered suspicious, but they need to be examined for consistency with the client's profile and expected use of the account. · Checks were cashed for large amounts. Answer 34b This account should probably be reported internally for further analysis. It has too many red flags that require further internal analysis. However, the profile of the customer must be examined before filing a report. Money laundering and the financing of terrorism are global problems that not only threaten a country's security, but also compromise the stability, transparency, and efficien- cy of its financial system, consequently undermining its economic prosperity. The annual global estimate for money laundering is more than $1 trillion, valued in U.S. dollars. Efforts to counter these activities are known as anti­money laundering and combating the financing of terrorism (AML/CFT) programs. The Combating Money Laundering and the Financing of Terrorism training program was developed by the World Bank's Financial Market Integrity Unit, with support from the governments of Sweden, Japan, Denmark, and Canada. The program will help coun- tries build and strengthen their AML/CFT efforts by training all relevant staff in both the public and private sectors, such as staff in financial intelligence units, financial supervisory authorities, law enforcement agencies, and financial institutions. The training guide's modules are: Module 1: Effects on Economic Development and International Standards Module 2: Legal Requirements to Meet International Standards Module 3a: Regulatory and Institutional Requirements for AML/CFT Module 3b: Compliance Requirements for Financial Institutions Module 4: Building an Effective Financial Intelligence Unit Module 5: Domestic (Inter-Agency) and International Cooperation Module 6: Combating the Financing of Terrorism Module 7: Investigating Money Laundering and Terrorist Financing The modules cover all the Financial Action Task Force on Anti­Money Laundering's Forty Recommendations and Nine Special Recommendations, with the original texts. Each module is targeted at a specific group of professionals in a jurisdiction's AML/CFT regime, although they may also benefit from gaining wider knowledge through the other modules included in this program. Each module provides questions at the beginning and end to assess how much has been learned. The training guide contains numerous case studies, discussions and analyses of hypothetical and actual examples of money launder- ing schemes, and best practices in investigation and enforcement, which will help readers fully understand the implementation of successful AML/CFT programs.