Latest Trends in Financial Crime Prevention › media › 120783 › ccl-academy... ·...

Latest Trends in Financial Crime Prevention

Breakfast Briefing

21st March 2016

© CCL Limited 2014 © 2016 CCL Academy Limited

Agenda

Introduction – Nigel Sydenham

Recent Trends in Financial Crime – Dr Bill Peace

The Role of Effective Financial intelligence In Recognising and

Deterring Extremism - Grahame White

The Cybersecurity and Cybercrime Threat Landscape – Colin

Wetherill

Effective Third-Party Due Diligence for Financial Services -

Mark Dunn

Q&A


Recent Trends in Financial Crime

Dr Bill Peace


Trafficking: the criminal market in people

Human Trafficking • Victims coerced or duped into activity that binds them to criminal

enterprises or individuals; no meaningful consent is given• Trafficking for sex industry; workers for slave labour (domestic,

industrial, commercial, agriculture)• Criminals profit by exploiting victims’ labour• Victims bullied, blackmailed, physically abused; kept in a dependent

state, deprived of money, documents, and outside contact• Often involves exploitation of minors and vulnerable adults

Smuggling of Migrants• Facilitating transport or sustaining illegal residence • Migrants give consent and pay for the service, although they may

suffer harm in the process despite their consent• A worldwide phenomenon, affects most countries and especially

those seen as attractive destinations for economic migrant labour

“We are extremely preoccupied about the increasing and unprecedented global flow of

refugees, internally displaced persons, and migrants…We call upon all nations to tackle the

causes of these crises that have such tragic consequences for so many people” (G7 Declaration – Schloss Elmau Germany 2015)


Trafficking Routes...$150bn of criminal profits p.a


Trafficking: assessment, policy, regulation enforcement and research


The Role of Effective Financial Intelligence in Recognising and Deterring Extremism

Grahame White


For further details of training relating to Counter-Terrorist Financing

(CTF), including The CTF Intelligence Simulation, developed and

presented by Grahame White, please contact CCL Academy:

w: www.cclacademy.co.uk

e: [email protected]


The Cybersecurity and Cybercrime Threat Landscape

Colin WetherillCITI


The Threats Facing Large and Medium-Sized Organisations

The likelihood of

success

RISK

The hard and soft costs

Impact

The nature and

frequency of potentially

adverse eventsThreat

Vulnerability


Some Recent Attacks and Conspiracies


Some Key Threats

and Trends

Business

Executive

Compromise

Data

Breaches

Banking

Malware

Phishing

and

Spear

Phishing

The Growing Sophistication

and Automation of Attacks


Cashing-Out

Where Cybersecurity, Cybercrime and AML

Converge


Cash-Out Schemes


Fusion

Partnering and Collaborating to Prevent,

Detect and Respond

Anti-Bribery & Corruption

Third-Party Due DiligenceFocus on financial servicesMarch, 2016

Mark DunnSegment Leader

Entity Due Diligence & Monitoring

LexisNexis Business Insight Solutions

Introduction

Global enforcement trends

Focus on financial services

Lessons learned: Examples of enforcement, investigations and guidance

Third-party due diligence: Process and risk assessment

Towards a consistent third-party due diligence process

Summary

Agenda

17

17

Anti-Bribery & CorruptionGlobal enforcement trends

1818

BNY Mellon to Pay $14.8 Million to Settle Anti-Bribery CaseBloomberg, August 18, 2015

Goodyear agrees to $16M bribery settlementUSA Today, February 24, 2015

IAP Pays $7.1 Million to Settle FCPA ProbeThe Wall Street Journal, June 15, 2015

Louis Berger International pays $17.1 million to settle bribery chargesSupply Management, July 23, 2015

19

Third-party due diligence

Enforcement and reputational risk

“The fine must be substantial enough to have a real

economic impact which will bring home to both

management and shareholders the need to operate within

the law. Whether the fine will have the effect of putting

the offender out of business will be relevant; in some bad

cases this may be an acceptable consequence.”Fraud, Bribery and Money Laundering Offences Definitive Guideline

(UK Sentencing Council)

SEC fines Bristol-Myers Squibb $14 million for allegedly bribing Chinese doctorsMarketWatch, October 5, 2015

BHP Billiton hit with $US25m fine over corruption allegationsABC News, May 20, 2015

“One of the most effective ways to combat corporate

misconduct is by seeking accountability from the

individuals who perpetrated the wrongdoing.”Memorandum: Sally Quillian Yates, Deputy Attorney General (US DoJ)

20

2015 US FCPA corporate actions

• BHP Billiton ($25M)

• Bristol-Myers Squibb ($14M)

• FLIR ($9.5M)

• Goodyear Tire & Rubber Co. ($16.2M)

• Hitachi ($19M)

• Hyperdynamics Corp. ($75K)

• IAP Worldwide Services ($7.1M)

• ICBC Standard Bank ($4.2M)

• Louis Berger International Inc. ($17.1M)

• Mead Johnson Nutrition ($12M)

• PBSJ Corporation ($3.4M)

• The Bank of New York Mellon ($14.8M)

Alleged pending US FCPA actions by sector

January 2016 Corporate Investigations List FCPA Blog

FCPA Blog

Anti-Bribery & Corruption: Third-party due diligence

US enforcement trends

US Enforcement Actions Concerning Bribery of Domestic and Foreign Officials by Industry (1977-2015)

Global Enforcement Report 2015TRACE International

21


Regulators’ Expectations

AUSTRALIA

“The body corporate proves that it exercised

due diligence to prevent the conduct, or the

authorisation or permission. ”Extract from Criminal Code Act 1995 (ComLaw)

BRAZIL

“To decrease the chances that the company may become involved in cases

of corruption or fraud in tenders and contracts, depending on the actions of

third parties, it is important to adopt appropriate checks for contracting

and supervising suppliers, service providers, intermediaries and associates,

among others, primarily in situations of high risk to integrity” Extract from Brazil Clean Company Act Integrity Program Guidelines for Private Companies

(Merrill Brink translation)

SWEDEN

“Companies shall have knowledge of, and when

needed, perform a due diligence review and verify the

integrity of agents and other cooperation partners

before agreements are executed or other forms of

cooperation commenced.”Extract from Code of Business Conduct

(The Swedish Anti-Corruption Institute)

SWITZERLAND

“Particular due diligence has to be applied for the

selection and assignment of local agents.”Extract from Preventing corruption – Information for Swiss

businesses operating abroad (State Secretariat for Economic

Affairs (SECO))

22


Non-US enforcement trends

Total Enforcement Actions Concerning Bribery of Domestic and Foreign Officials by Industry(Excluding the United States) (1977-2015)

Global Enforcement Report 2015TRACE International

23

Real GDP GrowthIMF Data Mapper (October 2015)

Transparency InternationalCorruption Perceptions Index (January 2016)

Markets that offer greatest opportunities often perceived as highest risk

High growth

Perceived as high risk

23


Company’s expectations

Key Due Diligence drivers

• Regulatory

Demonstrate robust compliance with national and global

standards on anti-money laundering, anti-Bribery &

corruption and sanctions etc..

• Financial

Mitigate the risks of financial penalties, debarment and loss of

business

• Reputational

Protect brand reputation and demonstrate adherence to

ethical codes and standards

• Strategic

Ensure ongoing business process efficiency and support

effective execution of business strategy to sustain competitive

edge

Third-Party Due DiligenceFocus on financial services

US

2424

“Businesses may reduce the FCPA risks

associated with third-party agents by

implementing an effective compliance

program , which includes due diligence

of any prospective foreign agents ”A Resource Guide to the U.S. Foreign Corrupt

Practices Act (US DoJ, SEC)

“Comprehensive due diligence demonstrates a

genuine commitment to uncovering and

preventing FCPA violations.”A Resource Guide to the U.S. Foreign Corrupt Practices Act

(US DoJ, SEC)

25


US Market Expectations

“Properly documented risk-based due diligence

pertaining to the hiring and appropriate and regular

oversight of agents and business partners”Extract from US FCPA Deferred Prosecution Agreements and

Probation Orders (US DoJ)

“Financial institutions are encouraged to develop and maintain

"enhanced scrutiny" practices and procedures designed to

detect and deter transactions that may involve the proceeds of

official corruption by senior foreign political figures, their

immediate family, or their close associates. These practices and

procedures should be viewed as an application of institutions'

due diligence and anti-money laundering policies”Guidance on Enhanced Scrutiny for Transactions That May Involve the Proceeds

of Foreign Official Corruption (US Department of Treasury et al)

“Due Diligence and Third-Party Selection: A bank should conduct

due diligence on all potential third parties before selecting and

entering into contracts or relationships.“Extracts from Third-Party Relationships: Risk Management Guidance

(US Office of the Comptroller of the Currency)

26


US Market Expectations: Office of the Comptroller of Currency

Due Diligence and Third-Party SelectionThe degree of due diligence should be commensurate with the level of risk and complexity of the third-party relationship. More extensive due

diligence is necessary when a third-party relationship involves critical activities. On-site visits may be useful to understand fully the third party’s

operations and capacity. If the bank uncovers information that warrants additional scrutiny, it should broaden the scope or assessment methods of the

due diligence as needed.

The bank should consider the following during due diligence:

• Strategies and Goals

• Legal and Regulatory Compliance

• Financial Condition

• Business Experience and Reputation

• Fee Structure and Incentives

• Qualifications, Backgrounds, and Reputations of Company Principals

• Risk Management

• Information Security

• Management of Information Systems

• Resilience

• Incident-Reporting and Management Programs

• Physical Security

• Human Resource Management

• Reliance on Subcontractors

• Insurance Coverage

• Conflicting Contractual Arrangements With Other Parties

Extracts from US Office of the Comptroller of the Currency (OCC): Third-Party Relationships: Risk Management Guidance

“A bank should conduct due diligence on all potential third parties before selecting and entering into

contracts or relationships. A bank should not rely solely on experience with or prior knowledge of the third

party as a proxy for an objective, in-depth assessment of the third party’s ability to perform the activity in

compliance with all applicable laws and regulations and in a safe and sound manner.”

SEC Charges Germany-Based Allianz SE with FCPA Violations

The Securities and Exchange Commission today charged Germany-based insurance and asset management company Allianz SE with

violating the books and records and internal controls provisions of the Foreign Corrupt Practices Act (FCPA) for improper payments to

government officials in Indonesia during a seven-year period.

The SEC’s investigation uncovered 295 insurance contracts on large government projects that were obtained or retained by improper

payments of $650,626 by Allianz’s subsidiary in Indonesia to employees of state-owned entities. Allianz made more than $5.3 million in

profits as a result of the improper payments.

“Allianz’s subsidiary created an 'off-the-books' account that served as a slush fund for bribe payments to foreign officials to win

insurance contracts worth several million dollars,” said Kara Brockmeyer, Chief of the SEC Enforcement Division’s FCPA Unit.

Extracts from SEC Press Release December 17, 2012

Outcome• Without admitting or denying the findings, Allianz agreed to cease and desist from further violations and pay disgorgement of

$5,315,649, prejudgment interest of $1,765,125, and a penalty of $5,315,649 for a total of $12,396,423

• Allianz took various remedial measures, including employment action against several individuals who were involved in the conduct

or failed to stop the conduct.

• Issued new or enhanced FCPA compliance and internal accounting control policies and procedures, including mandating strict

scrutiny of payments to third party intermediaries.

• Updated the anti-corruption clause in its third-party contracts to specifically refer to the FCPA.

• Provided enhanced FCPA compliance training to its employees and improved its current global anti-corruption compliance program

Extracts from SEC Order and SEC Press Release December 17, 2012

27


US Foreign Corrupt Practices Act: Books and records and internal controls

SEC Charges BNY Mellon With FCPA ViolationsWashington D.C., Aug. 18, 2015 — The Securities and Exchange Commission today announced that BNY Mellon has agreed to pay $14.8

million to settle charges that it violated the Foreign Corrupt Practices Act (FCPA) by providing valuable student internships to family

members of foreign government officials affiliated with a Middle Eastern sovereign wealth fund...

“Financial services providers face unique corruption risks when seeking to win business in international markets, and we will continue to

scrutinize industries that have not been vigilant about complying with the FCPA,” said Kara Brockmeyer, Chief of the SEC Enforcement

Division’s FCPA Unit.

Extracts from SEC Press Release August 18, 2015

2828


US Foreign Corrupt Practices Act: Sovereign wealth funds

Sovereign Wealth Funds Asset MapSovereign Wealth Fund Institute (April 2015) Oil & Gas Non-Oil & Gas

Transparency InternationalCorruption Perceptions Index (January 2016)

Perceived as high risk

Many countries that attract the greatest investment often perceived as highest risk

“We have conducted a recent sweep in the financial services industry that will yield a number of important cases”

Andrew Ceresney, Director, Division of Enforcement, SEC (March, 2015)

Third-Party Due DiligenceFocus on financial services

UK

2929

30

“Most firms failed to demonstrate

adequate systems and controls for

assessing bribery and corruption risks in

relation to dealing with and monitoring

third party relationships, such as

relationships with agents or introducers.”Thematic Review (UK Financial Conduct Authority,)


UK Market Expectations

“The commercial organisation applies due diligence

procedures, taking a proportionate and risk based approach, in

respect of persons who perform or will perform services for or

on behalf of the organisation, in order to mitigate identified

bribery risks.” Extract from Bribery Act 2010 Guidance (UK Ministry of Justice)

“Reasonable procedures for undertaking due diligence on

potential projects, acquisitions, business partners, agents,

representatives, distributors, sub-contractors and suppliers”Extract from Deferred Prosecution Agreements Code of Practice

(UK Serious Fraud Office, Crown Prosecution Service)

“There was a general failure to implement a risk-based approach to anti-bribery and corruption

and very weak due diligence and monitoring of third-party relationships and payments.”Extract from Financial Crime: a guide for firms

(UK Financial Conduct Authority)

“Before entering into any formal relationship, sufficient and

appropriate risk-based due diligence should be undertaken ”

Extract from Anti-Bribery and Corruption Guidance 2014

(British Bankers Association)

31


UK Market Expectations: Financial Conduct Authority

Anti-bribery and corruption

Corruption and bribery are criminal offences under current UK legislation and the Bribery Act 2010, which came into

force on 1 July 2011. Authorised firms have additional, regulatory, obligations to put in place and maintain policies

and processes to prevent corruption and bribery and to conduct their business with integrity. These are set out in

SYSC 3.2.6R/SYSC 6.1.1R and Principle 1 of our Principles for Businesses (PRIN 2.1.1R).

What is the FCA’s role?

The FCA does not enforce the Bribery Act 2010. Our regulatory powers apply where authorised firms fail adequately

to address corruption and bribery risk, including where these risks arise in relation to third parties acting on behalf of

the firm. We do not need to obtain evidence of corrupt conduct to take regulatory action against a firm.

What should firms do?

Firms must assess the risks of becoming involved in, or facilitating, corruption and bribery. Firms must also take

reasonable steps to prevent those risks crystallising. Reasonable steps are likely to include an anti-corruption policy,

senior management oversight, staff training and, where applicable, due diligence on third parties acting on behalf of

the firm.

Extract from: UK Financial Conduct Authority: Anti-bribery and corruption

“A firm must take reasonable care to establish and maintain effective systems and controls for compliance

with applicable requirements and standards under the regulatory system and for countering the risk that

the firm might be used to further financial crime.”Financial Conduct Authority Handbook

32

FSA fines Willis Limited £6.895 million for anti-bribery and corruption systems and controls failingsBetween January 2005 and December 2009, Willis Limited made payments to overseas third parties who assisted it in winning and retaining

business from overseas clients, particularly in high risk jurisdictions. These payments totaled £27 million. The FSA investigation found that, up

until August 2008, Willis Limited failed to:

• ensure that it established and recorded an adequate commercial rationale to support its payments to overseas third parties;

• ensure that adequate due diligence was carried out on overseas third parties to evaluate the risk involved in doing business with them; and

• adequately review its relationships on a regular basis to confirm whether it was still necessary and appropriate for Willis Limited to

continue with the relationship.

Extracts from UK Financial Services Authority Press Release

July 21, 2011

Primary issues regarding third-party due diligence systems & controls• Due diligence checks not mandatory

• Inconsistent due diligence processes

• Due diligence findings not documented

• Compliance team not alerted to termination of a high risk account relationship

• No requirement under firm’s policies to conduct ongoing review of overseas third-party relationships

“Willis Limited failed to ensure that appropriate due diligence was carried out to address the risks that doing business

with the Overseas Third Party would result in corrupt payments.”

For full details consult UK Financial Services Authority Final Notice

32


UK Anti-bribery and corruption systems & controls failings

Due diligence on third-party relationships

Examples of good practice Examples of poor practice

Establishing and documenting policies with a clear definition of a ‘third

party’ and the due diligence required when establishing and reviewing

third-party relationships.

Failing to carry out or document due diligence on third-party

relationships.

More robust due diligence on third parties which pose the greatest risk

of bribery and corruption, including a detailed understanding of the

business case for using them.

Relying heavily on the informal ‘market view’ of the integrity of third

parties as due diligence.

Having a clear understanding of the roles clients, reinsurers, solicitors

and loss adjusters play in transactions to ensure they are not carrying

out higher-risk activities.

Relying on the fact that third-party relationships are longstanding

when no due diligence has ever been carried out.

Taking reasonable steps to verify the information provided by third

parties during the due diligence process. Using third-party forms which

ask relevant questions and clearly state which fields are mandatory.

Carrying out only very basic identity checks as due diligence on higher-

risk third parties.

Having third-party account opening forms reviewed and approved by

compliance, risk or committees involving these areas.

Asking third parties to fill in account opening forms which are not

relevant to them (e.g. individuals filling in forms aimed at corporate

entities).

Using commercially available intelligence tools, databases and/or other

research techniques such as Internet search engines to check third-

party declarations about connections to public officials, clients or the

assured.

Accepting vague explanations of the business case for using third

parties.

Extract: Financial crime: a guide for firms Part 2: Financial crime thematic reviews

April 2015 (UK Financial Conduct Authority)

33


UK Market Expectations: UK Financial Conduct Authority

Due diligence on third-party relationships (Continued)


Routinely informing all parties involved in the insurance transaction

about the involvement of third parties being paid commission.

Approvers of third-party relationships working within the broking

department or being too close to it to provide adequate

challenge.

Ensuring current third-party due diligence standards are appropriate

when business is acquired that is higher risk than existing business.

Accepting instructions from third parties to pay commission to other

individuals or entities which have not been subject to due diligence.

Considering the level of bribery and corruption risk posed by a third

party when agreeing the level of commission.

Assuming that third-party relationships acquired from other firms have

been subject to adequate due diligence.

Setting commission limits or guidelines which take into account risk

factors related to the role of the third party, the country involved and

the class of business.

Paying high levels of commission to third parties used to obtain or

retain higher risk business, especially if their only role is to

introduce the business.

Paying commission to third parties on a one-off fee basis where their

role is pure introduction.

Receiving bank details from third parties via informal channels such as

email, particularly if email addresses are from webmail (e.g. Hotmail)

accounts or do not appear to be obviously connected to the third

party.

Taking reasonable steps to ensure that bank accounts used by third

parties to receive payments are, in fact, controlled by the third party

for which the payment is meant. For example, broker firms might wish

to see the third party’s bank statement or have the third party write

them a low value cheque.

Leaving redundant third-party accounts ‘live’ on the accounting

systems because third-party relationships have not been regularly

reviewed.



34



Due diligence on third-party relationships (Continued)


Higher or extra levels of approval for high risk third-party relationships. Being unable to produce a list of approved third parties, associated due

diligence and details of payments made to them.

Regularly reviewing third-party relationships to identify the nature and

risk profile of third-party relationships.

Maintaining accurate central records of approved third parties, the due

diligence conducted on the relationship and evidence of periodic

reviews.



35



UK financial services anti-bribery & corruption guidance includes:

UK Financial Conduct Authority

Financial Crime: a guide for firms

http://fshandbook.info/FS/html/FCA/FC/link/PDF

UK Ministry of Justice

Official Bribery Act 2010 guidance

http://www.justice.gov.uk/guidance/making-and-reviewing-the-law/bribery.htm

British Bankers Association

Anti-Bribery and Corruption Guidance 2014

https://www.bba.org.uk/policy/financial-crime/anti-bribery-and-corruption/anti-bribery-and-corruption-guidance/

36


UK Serious Fraud Office Deferred Prosecution Agreement: Standard Bank

SFO agrees first UK DPA with Standard BankThe suspended charge related to a US$6 million payment by a former sister company of Standard Bank, Stanbic Bank Tanzania, in March

2013 to a local partner in Tanzania, Enterprise Growth Market Advisors (EGMA). The SFO alleges that the payment was intended to induce

members of the Government of Tanzania, to show favour to Stanbic Tanzania and Standard Bank's proposal for a US$600 million private

placement to be carried out on behalf of the Government of Tanzania. The placement generated transaction fees of US$8.4 million, shared

by Stanbic Tanzania and Standard Bank.

On 18 April 2013, Standard Bank's solicitors Jones Day reported the matter to the Serious and Organised Crime Agency and on 24 April to

the SFO. It also instructed Jones Day to begin an investigation and to disclose its findings to the SFO. The resulting report was sent to the SFO

on 21 July 2014.

Extracts from UK Serious Fraud Office Press Release

November 30, 2015

Outcome• Pay financial orders of US$25.2 million and will be required to pay the Government of Tanzania a further US$7 million in compensation

• Bank has also agreed to pay the SFO's reasonable costs of £330,000 in relation to the investigation and subsequent resolution of the

DPA.

• In addition to the financial penalty that has been imposed, Standard Bank has agreed to continue to cooperate fully with the SFO and to

be subject to an independent review of its existing anti-bribery and corruption controls, policies and procedures regarding compliance

with the Bribery Act 2010 and other applicable anti-corruption laws. It is required to implement recommendations of the independent

reviewer (Price Waterhouse Coopers LLP)

• The charge against Standard Bank has been suspended for three years, after which, subject to the bank's compliance with the terms of

the DPA, the SFO will discontinue the proceedings.

“KYC checks do not appear to have been conducted in the same level of detail as would have been the case

had Standard Bank conducted its own KYC and/or due diligence on EGMA.”

Selected extracts. For full details consult UK Serious Fraud Office Press Release , Statement of Facts and Deferred Prosecution Agreement

Third-Party Due DiligenceIdentifying and Mitigating Risks

3737

Third-Party Due DiligenceProcess overview

3838

Arrow

1

Arrow 2

Arrow

3

• Risk assessment determines extent

of due diligence required

• Approach to due diligence covers

three stages:

1. Conduct health check

Update records on existing third-parties

2. Manage incoming checks

Conduct due diligence on new third-parties

3. Monitor third-parties

Conduct spot checks and periodic reviews

Third-Party

Due Diligence

Conduct

health check

Manage

incoming checks

Monitor

third-parties


Process Overview

39

Third-Party Due DiligenceRisk Assessment

40

LexisNexis Proprietary & Confidential: For internal office use only 41

Country risk

An organisation should consider the countries in which it operates and assess the following types of factors:

• a specific country’s risk, based on perceived levels of corruption highlighted by country reports and corruption league tables published

by reputable organisations

• anti-bribery legislation and its implementation/enforcement in a specific country

• The organisation’s footprint in that country, including size, product and customer type/industry

Product and business opportunity

This might include an assessment of the bribery risks associated with:

• project finance, particularly where it involves the public sector, including real estate and construction

• mergers and acquisitions

• private equity, including extractive industries, pharmaceuticals and defence

• high-value projects or projects involving many contractors or intermediaries.

Business partnership risk

This might include an assessment of certain relationships perceived as higher risk, such as:

• route to market

• agents and third parties (particularly those located in higher risk jurisdictions who receive substantial remuneration)

• commission structures, e.g. considering whether commission percentages paid to introducers of new business are reasonable,

proportionate and transparent

• the use of intermediaries in transactions with foreign public officials

• consortia or joint venture partners

• syndicated lending arrangements

• politically exposed persons – where the proposed business relationship involves or is linked to a prominent public official.

Anti-Corruption Risk Assessment

Common External Risks

41

Source: UK British Bankers Association Anti-Bribery and Corruption Guidance 2014


Government and public official interactions

This might include an assessment of risks such as:

• interaction with public officials in government or government-owned entities i.e. is the public official acting in their formal capacity, or

as a client/representative of the bank

• the nature and extent of government interaction (e.g. central government, local government) by the organisation or other public

official interaction (e.g. quangos, quasi-government bodies including regulators, state owned enterprises including sovereign wealth

funds, international bodies)

• licences and permits

• public procurement

• public business, including bond and equity issuance and underwriting or debt syndication

• political lobbying.

The risk of missing data

Operational risks exist throughout the business and have the potential to impact on anti-bribery and corruption processes and controls, for

example:

• Due Diligence – ineffective processes result in risk information not being identified when undertaking reviews, leading to inaccurate

assessment of potential risk.

• Charitable Donations/Event Sponsorship – data is missing or incorrect leading to ineffective risk assessment

• Facilitation Payments/internal Reporting - escalation procedures are not followed leading to an increased risk of inadequate internal

controls.



42



Wider risks

The following list is not exhaustive, but wider risks include:

• charitable or political donations and sponsorship

• lobbying

• procurement and sourcing

• advisory and consulting activities

• payment (standing data, paying away to third parties)

• people/HR risks including: o existence and application of disciplinary policies

• remuneration structures and incentives

• ethics and conduct

• deficiencies in employee training, skills and knowledge

• gifts, entertainment and hospitality

• travel expenses

• nature of the organisation, i.e. size, structure and focus of the business.

What should be assessed will vary considerably between different types of organisations and activities. For example, wholesale banking is

likely to focus greater attentions towards certain types of activities e.g. syndicated lending, soft dollar arrangements, sovereign wealth

funds, M&A, real estate brokerage etc., whereas domestic based retail operations may be more concerned with introducing mortgage

brokers. Private wealth banks may focus in particular on risks associated with Political Exposed Persons.



43


Social

Communication

And

Training

EconomicKey global factors

driving proactive

enterprise risk

management

Technological

Legal

Political

Environmental

Reputational Financial

Regulatory Strategic

sanctions

embargos

policy

unrest

slowdown

levies

regime change

inflation

forex

ethics

anti-bribery

corruption

slavery

&

trafficking

intellectual

property

data

protection

security

contingency

scalability

stability

reliability

trust

culture

sustainability

waste

pollution

competition

CSR

financial

crime

Third-Party Due DiligenceProcess overview

4545

Verify

Communication

And

Training

Risk

AssessmentDue Diligence

High Level

Process

Audit

Monitor

Identify

Review


Process Overview

46

Third-Party Due DiligenceWhat information do you need?

47

To identify and verify Sources

The business partner’s full, legal name, registered address

and company number or equivalent

•Business partner questionnaire

•Checks of local company registers

Details of the business partner’s shareholdings and

shareholders, including wholly and partly owned

subsidiaries or parent companies



A list of the business partner’s directors and officers, and

any other employees who will be carrying out services for

the organisation, including providing CVs, proof of

citizenship, relationships with any politically exposed

persons, references where appropriate and details of other

companies in which they are involved



•Media searches

Details of other clients of the business partner, or parties

with whom they regularly do business (especially public

officials and government bodies), and how the business

was obtained


•Media searches

•Checks with local business groups and

embassies

•Watchlists and PEP databases


What type of checks are conducted?

Source: Extracts from Due diligence: know your business partners (Reed Smith): Serious

Economic Crime: A boardroom guide to prevention and compliance (UK Serious Fraud Office)48


Meeting the beneficial ownership challenge

49

• Identifying and verifying the identity of beneficial owners to uncover potential government connections, regulatory

and other reputational risks is a key third-party due diligence requirement. However, few countries mandate the

collection and availability of beneficial ownership information:

• Ultimately, requiring the third-party to disclose details of beneficial ownership as a condition of doing business is

the primary way of only way of uncovering such data due to the lack of information in the public domain

“Pick any major corruption scandal in recent history – Petrobras, FIFA, Ukraine’s Viktor

Yanukovych – and you will find a secret company was used to pay a bribe, shift and hide stolen

money, or buy luxury real estate in places like London and New York.”(Transparency International)

Reviewing G20 promises on beneficial ownership (Transparency International)

G20 PRINCIPLE 4: ACCESS TO BENEFICIAL OWNERSHIP INFORMATION

To identify and verify Sources

Financial information, including accounts and annual

reports as well as details of any history of insolvency of the

business partner and any of its directors.


•Checks of company registers

•Media searches

Details of any legal proceedings or regulatory investigations

involving the business partner or any of its key personnel,

with particular focus on matters involving allegations of

corruption.

•Business partner questionnaire.

•Litigation records.

•Media searches

The precise nature of the intended relationship with the

business partner, what services it intends to provide, how

and by whom these services will be provided, and how it is

going to calculate what remuneration it receives for doing

so.


•Contract documentation

What, if any, anti-bribery and corruption policies and

procedures the business partner has in place, and what

due diligence it carries out on third parties with which it

does business.



What type of checks are conducted?

Source: Extracts from Due diligence: know your business partners (Reed Smith): Serious

Economic Crime: A boardroom guide to prevention and compliance (UK Serious Fraud Office)50

Third-Party Due DiligenceInformation resources

51

Risk

Assessment

Due Diligence Resources

Low

High

High

Individual

Subscription

Services

Aggregated

Subscription

Services

Outsourced

Risk Advisors

52


Aligning information resources to risk assessment

Google

Benefits

• Free content

• Global coverage

• Easy to access

• Prerequisite for due diligence and screening / complements other research

Things to consider:

• Archival data increasingly requires subscription

• EU ‘Right to be forgotten’ legislation means potential risks maybe less evident

• Difficult to achieve consistency as data sources change daily

• Difficult to audit as source data sometimes hard to verify

• Lack of security (IP tracing)

• Limited support or guarantees

Due diligence resources

53

Individual Subscription Services

Benefits:

• Enables selected content to be purchased to meet specific requirement (i.e. country company data)

• Content maintained, up to date and accurate

• Access secure

Things to consider:

• Additional subscription services may be required over time to cover changing business requirements

• Requires users to learn different search interfaces which impacts consistent process and time efficiency

• Requires users to combine multiple search results into standard reports

• Requires company to maintain multiple contracts with information providers


54

Aggregated Subscription Services

Benefits:

• Consolidates all key data via single service for consistent process

• Single interface also helps users speed up due diligence process

• Content maintained, up to date and accurate

• Access secure

• Single contract easier to manage

Things to consider:

• Ensure content required is in line with risk-based approach (e.g. Country coverage, depth of content)

• Availability of local language content and interfaces


55

Outsourced Risk Advisors

Benefits:

• Due diligence done for you

• Able to conduct investigations on the ground particularly in high risk markets

• Secure and trusted

Things to consider:

• High costs for basic due diligence research reports

• Impractical for high volumes of simplified due diligence

• Time lag in receiving information

• Reports received may need further validation after review


56

Third-Party Due DiligenceTowards a consistent due diligence process

57

58

5858

Sanctions

Lists

Regulatory

Watch lists

Politically

Exposed

Persons list

Identity

documents

ABC Policy

&

Procedures

Identity

verification

Negative

News

Legal

Cases

Web

search

US Public

Records

Customer

Internal List

Incorporation

DocumentsBeneficial

Ownership

Group

Structure

Company

verification

Beneficial

ownershipGroup

structure

PEPs and

Watch lists

Company

Data

OUTSOURCE DUE DILIGENCE TO RISK CONSULTANCY

For specialist local market investigations and surveillance

1. Input name into workflow, case management and audit

2. Identify

Request identification

data collected from

client or third party

3. Check watch lists

Batch search global

sanctions, regulatory,

enforcement and PEP lists

4. Risk assessment

Set criteria determines risk of engaging with client or third-party and extent of due diligence and monitoring applied

5. Simplified due diligence

Basic checks applied if low

risk entity

6. Enhanced due diligence

More in depth checks

applied if high risk entity

ESCALATE Y/N?

7. Outsourced due diligence

More specialist checks

applied if high risk entity

ESCALATE Y/N?

8. Ongoing monitoring

Automated batch checks

against watch lists and

negative news. Periodic

refresh of full due diligence

Negative

NewsSanctions

Lists

Regulatory

Watch lists

Customer

Internal List

Politically

Exposed

Persons list

Negative

News

58


Typical ABC due diligence process

1. Set clear requirements and objectives for role of ABC technology aligned to risk-based approach and to

help manage expectations/define return on investment

2. Try before you buy (trial/test/compare/benchmark/complement other resources)

3. In it for the long haul. Prepare for change (scaleable, flexible tech/integration and pricing / add-ons)

4. Integration/customisation options to use in-house labels, descriptors, user roles, admin levels,

escalation, negative media keywords etc..

5. Consider level of IT commitment (i.e. You host, vendor host?)

6. Consider local language availability (interfaces, content, translation tools etc..)

7. Sufficient training and support (hours, training options etc.)

8. Generate management intelligence/audit data to help track and demonstrate ROI/comply

9. Build in regular reviews with business: to ensure technology remains aligned to changing business and

regulatory requirements / risk based approach

10. Build in regular reviews with vendor (to do same as above) and keep up awareness of new

features/content

59


ABC technology checklist

Regulatory

• Helps demonstrate robust AML, ABC and sanctions complianceand adherence to associated industry standards & best practice

• Helps implementation and ongoing maintenance of a consistentrisk-based approach scaled to company size

• Enables indication of clear risk flags and maintenance of comprehensive audit trail

• Enables more discipline and control to be implemented throughhard coded role profiles, permission settings, incident escalationand approvals to support ‘four eyes’ check

60

Towards a consistent process

Benefits of consolidating key due diligence tasks

Reputational

• Helps protect hard earned brand and business reputationsthrough comprehensive and consistent due diligence processto mitigate AML, ABC and other risks

• Helps business maintain strong ethical standards and adhere tocodes of conduct

• Helps demonstrate and promote robust processes and controlsto customers and business partners

61



Business

• Effective and consistent due diligence process improvesspeed of execution and competitive edge in key high riskdeveloping markets

• Efficient and streamlined onboarding experience enhancesboth external and internal customer and other third-partyservice levels

• Helps Compliance and associated teams reinforce benefitsand emphasise positive contribution to business successthrough improved service levels and provision of moreeffective management intelligence to support Boardengagement

62



Financial

• Helps mitigate regulatory fines, financial penalties and contractdebarment

• Prompts regular review and audit of due diligence researchresources to address content overlap and cost duplicationthereby reducing cost of sale etc.

• Consistent process enables business to easier test andbenchmark cost efficiencies and other associated benefits

63



Summary

65

Need more information?

[email protected]

[email protected]

020 7400 2809

LexisNexis Business Insight Solutions UK

www.bis.lexisnexis.co.uk/blog

Segment Leader , Entity Due DiligenceLexisNexis Business Insight Solutions

Mark Dunn is the Segment Leader for Entity Due

Diligence & Monitoring at LexisNexis. He is

responsible for product management and development

of the LexisNexis Business Insight Solutions due

diligence applications. He is the spokesman on anti-

money laundering, anti-bribery & corruption and

sanctions compliance. He is also responsible for

helping to shape the LexisNexis Risk and Compliance

strategy and business development. Mr. Dunn is a

regular speaker at industry events and has written

extensively for industry journals.

Presenter Biography

For further information, please contact us on: t +971 4 323 0800 e [email protected] www.cclacademy.com

Thank you for attendingClick to edit Master title style

w: http://bis.lexisnexis.co.uk/


w: www.cclacademy.co.uk


Thank you for attending

Latest Trends in Financial Crime Prevention › media › 120783 › ccl-academy... ·...

Documents

Transcript of Latest Trends in Financial Crime Prevention › media › 120783 › ccl-academy... ·...