Another MAS review

Late October the MAS issued a paper on ‘ENHANCING ANTI-MONEY LAUNDERING & COUNTERING THE FINANCING OF TERRORISM MEASURES AND CONDUCT’ following inspections of 300 FI’s done between September 2014 and January 2015 < http://www.mas.gov.sg/~/media/MAS/Regulations%20and%20Financial%20Stability/Regulations%20Guidance%20and%20Licensing/Financial%20Advisers/Circulars/CMI%20052015%20Circular%20to%20financial%20advisers%20on%20enhancing%20AMLCFT%20measures%20and%20business%20conduct.pdf >

Not surprisingly quite a number of issues were found; let’s look at some of the key topics mentioned. Ongoing monitoring of business relations is a key finding as well as the (lack of) frequency of training on AML/CFT. Furthermore, it was found that policies and procedures were not always properly formalized and not applied consistently.

Moreover, it was found that in respect of Identification and Verification not all obligations were always met, that risk assessment criteria were often not formalized and shortcomings in the screening of relevant persons were found. Other observations mention the absence of formal Service Level Agreements in outsourcing scenario’s and the lack of Quality Assurance around AML/CFT processes.

No real surprises here unfortunately; from our own experience we can concur with the findings. The clients that we work with have all made substantial progress in improving their AML/CFT framework, yet there always continues to be room for improvement. Some key areas that we see from our own perspective at i-KYC include the following:

-       formalization of policies and procedures – not only need policies be documented, they also need to be clear to all staff and they need to be embedded in day-to-day processes and procedures;

-       training, training and more training throughout the organization; at all levels and on all policies;

-       consistency in operational execution, supported by a quality assurance framework.

Many FIs still see AML/CFT measures as a burden hence the shortcomings found. For us Integrity Means Business and that implies we ensure policies are adhered to while the organization runs as efficient and effective as possible. That is the real challenge. 

I-KYC Singapore exists 2 years

I-KYC Singapore exists 2 years

A sincere “thank you” to all friends, partners and customers who have congratulated us on our 2 year anniversary. We started late in 2013 and we’re happy that the business has evolved beyond our hopes and expectations. We’ve done projects in Singapore, India and Indonesia and have worked with many institutions across the region. We can be proud of our achievements sofar and we look with confidence to the future.

Our slogan “Integrity Means Business” is making meaning to many organizations and more and more customers appreciate our knowledge, expertise and approach.

Thank you once again and we look forward to working with you. 

Do banks have a future in the digital age

McKinsey recently published a report about the impact of the digital revolution on the financial services industry (http://www.ft.com/cms/s/0/a5cafe92-66bf-11e5-97d0-1456a776a4f5.html#axzz3o7uTWUbJ ). Some of the sectors that will see a decline in revenues and profits include payments processing, SME lending, wealth management and mortgages. At the same time it’s mentioned that “most attackers do not want to become a bank but want to squeeze themselves between the customer and the bank and skim the cream off”. Basically meaning they will reap the profits without running risks or be subject to regulation.

In the same week I attended a presentation by Steve Tunstall talking about the impact of the digital developments on regulation (http://parima.org/steve-tunstall/ ). One example he used was Uber, which basically drives out the taxi industry in many countries – including the heavy regulation in that sector. Regulation is basically replaced by openness and transparency. It’s no longer a regulatory body that safeguards fair pricing, adequate customer service levels and safety, direct feedback from customers shared via the cloud to everyone interested keeps the company in check. An interesting thought: regulators have been in put in place by government and societies to protect individuals from wrongdoing by institutions like banks. If customers get direct influence over the behavior and service of institutions likely less regulation might be needed.

What’s your view? We welcome your thoughts.

The legal professional and ML/TF

I just finished reading a recent report on the vulnerabilities of the legal profession to ML/TF <  http://www.fatf-gafi.org/media/fatf/documents/reports/ML%20and%20TF%20vulnerabilities%20legal%20professionals.pdf  > . If you don’t have time for the full report ( I must admit I have not read all details myself ) try and read the executive summary and the cases. Definitively interesting – on a side note: the FATF site contains lots of interesting reports, it’s worth browsing some of the reports from time to time.

We all know that legal professionals play a crucial role in many financial transactions. It’s therefore no surprise that the report concludes “…that criminals seek out the involvement of legal professionals in their ML/TF activities, sometimes because a legal professional is required to complete certain transactions, and sometimes to access specialised legal and notarial skills and services which could assist the laundering of the proceeds of crime and the funding of terrorism. “. The report continues to describe the various methods that criminals deploy and contains over 100 case studies.

On page 5 the report contains a nice overview of ‘ the involvement of the legal professional ‘ in any type of transaction. Of course many legal professionals are trustworthy but there’s a large gray area between being alert and pro-active down to being willfully blind, corrupted or downright complicit.

The report concludes with recommendations for legal professionals and self regulating bodies (SRBs) that oversee the legal profession. Fact is though, that there is a huge difference amongst countries in terms of how strict these SRBs are and how much their influence and power is.

As a result – also because apparently many legal professionals do not do any CDD on their clients - a legal professional is often the weakest link in the parties involved in financial transactions.

I’m not sure if a call for more regulation and oversight is justified but the current situation can hardly be called satisfactory.

Suggestions and opinions are welcome! What do you think?

Money Laundering and Corruption in plain sight.

Two pieces of news last week caught my attention: 

- the first about the FIFA scandal http://www.nytimes.com/2015/06/06/sports/soccer/as-fifa-scandal-grows-focus-turns-to-its-auditors.html?_r=0

- the second about an internal investigation at Deutsche Bank targeting Russian trades.

http://www.bloomberg.com/news/articles/2015-06-05/deutsche-bank-probe-said-to-target-6-billion-of-russian-trades

Both items are ‘news’ and yet nobody is surprised. If at all there is curiosity it’s about “why did it take so long to come out”. In the case of the FIFA scandal one old-style reporter (Andrew Jennings) has been digging for close to 15 years to unveil the bribery, corruption and other mal practices at the FIFA. Publishing several books and many articles about the topic along the way.

http://www.washingtonpost.com/news/morning-mix/wp/2015/06/03/how-a-curmudgeonly-old-reporter-exposed-the-fifa-scandal-that-toppled-sepp-blatter/

I understand there’s a difference between common belief, pub talk and hard facts. Proving money laundering or corruption is usually no mean feat, certainly not in an international context and if hard evidence is needed to pursue (criminal) investigations and prosecution.

But all these FIFA transactions were executed via (mostly) reputable banks. And the Russian clients subject of the internal investigations have likely been banking for years with Deutsche. Apparently the banks involved didn’t have their AML/CFT act completely together. If onboarding processes, transaction monitoring and periodic client reviews are done properly and management is acutely aware of the risk profile of clients and transactions this could have been detected early.

The work that i-KYC does, is exactly what could prevent these findings: ensuring that staff have a thorough AML/CFT awareness, ensure that the institution follows the right procedures and implementing an escalation and management framework around the whole KYC program.

Have a good week.   

rolf@i-kyc.com

Looking for clarity in the new MAS regulations and how i-KYC can help you

Friday afternoon - A nice time to attend a seminar (http://www.rhtacademy.com/seminars/new-amlcft-obligations-financial-institutions-are-you-ready ) quite a crowd looking for clarity. Nizam Ismail opens and talks about the balance the MAS tries to find in promoting a risk based approach while creating as much clarity as possible in terms of ‘what is allowed and what is not’. Some of the changes are ‘old news’ – the notion for instance that PO Boxes are not allowed for a residential address was already practice in the bank I worked for 10 years ago. The reaction of the audience proves however that many have not adopted that practice yet….

The rest of his talk is focused on the details of the regulations and how to interpret them. The organizations that the audience of mostly compliance officers work for need to be given clarity… The thing is: a policy can only give so much clarity – you need people like us to make it work, train staff and implement a policy. One thing that is obvious is that the MAS will focus more on how well trained staff are – exactly the type of work we do with a lot of our customers.

The new regulations put more emphasis on filing and the use of systems, so co-sponsor LexisNexis (http://www.lexisnexis.com/en-us/gateway.page ) talks about their – widely known and well recognized solution – and how they see the developments in the industry.

KPMG (http://www.kpmg.com/SG/en/services/Advisory/Forensic-Services/Pages/default.aspx) closes of to give some do’s and don’ts based on what they have found in quality reviews of files as part of their regulatory audit work. Great and helpful, but knowing which mistakes to avoid doesn’t mean you know how to run a proper remediation program. The recommendation: “ appoint a project manager “ is too much an open door to be helpful for success. You need guys like us that have done this before, know the ropes and deliver on time and to quality.

So what did we learn:

- there is more work to be done;

- a law firm, an auditor or a system provider alone will not do the trick;

- a risk based approach implemented well into any organization, combined with adequate training and potentially a well-run remediation program are still the right answer.

So - you still need a partner like i-KYC to implement a program end-to-end and people with experience in operationally implementing KYC in all its aspects.

You know where to find us – good weekend. 

Is the MAS really tightening the rules?

The MAS last week moved the MAS Bill for first reading in parliament. Comments all around suggest that the rules are being tightened but is that really true on closer inspection? Let’s have a look.

First of all, MAS has up till now issued AML/CFT notices which are not primary legislation. The MAS Bill corrects that, but of course it will hardly make the life of the average FI more difficult.

Secondly the AML/CFT regime is extended to stored value facilities, non-bank card issuers and designated financial holding companies. So that’s not really a tightening of the regulations but more extending the reach.

The third element is about sharing more information with more external parties. This is mostly applicable to branches and subsidiaries of foreign FI’s and means that information can be shared with home financial and AML/CFT supervisors (if these are not the same).

Finally it sets out requirements for FI’s to perform CDD and retain CDD records, which is hardly anything new.

Time will tell. The MAS Bill will definitively have an impact but perhaps not as much as feared.

Rolf

TBML – a hopeless case?

RHT GRACE (http://www.rhtgrace.com/) organized another networking session yesterday; an interesting evening about Trade Based Money Laundering. The presentation and following discussions highlight the lack of definition and guidance from regulatory bodies, leaving financial institutions in the dark. Investing in systems is needed but at the same it’s hard to justify the benefits of dedicated TBML systems while lots of trade transactions don’t use traditional trade finance products like L/C’s. As a consequence financial institutions just see the bare transactions without any information on the underlying physical goods or values. What’s more is that something like tax evasion is a much sexier crime to attract focus and funding.

So where does that leave a financial institution? Can nothing be done? Well, it’s not easy but it’s not rocket science either and we at i-KYC actually have quite a bit of experience in this area.

First and foremost the organization needs to recognize that trade is different. It’s a separate, specialized part of a financial institution, with dedicated, often complicated products handled by specialists. That fact needs to be reflected in the AML program to start with and needs to lead to a dedicated section in the AML/CFT policy, a clear risk appetite statement and finally an implementation in the organization by means of procedures and training.

A key aspect in all this is of course that the organization truly knows its customers…. the phrase Know Your Customer should not be about just ticking the box but about genuinely understanding customers and their transactions.

If you want to know more about our dedicated TBML programs contact us.

Rolf

W:          www.i-kyc.com

E:            rolf@i-kyc.com

                 

Ticking the box or more?

In the work we do with financial institutions we use concepts that are familiar to most you. The 3 lines of defense model, taking a risk based approach, defining a risk appetite and assessing an organization against this are a few key examples of these.

That’s an approach that goes well with our fellow AML/CFT practitioners and compliance officers in general. If we talk to the first line of defense though – whether it be sales staff, relationship managers, the trade finance department, tellers, payment processing staff or support staff – we often find some skepticism when we take this approach.

In the front line there are 2 things we notice. First there is a clear and explicit desire to know ‘what is allowed’. As a specialist or advisor we’re asked to give direction and guidance on client onboarding, filtering treshholds, documentation requirements and more. Understandable but what is needed is that the organization takes an approach in line with its own policies and guidelines. An advisor can share best practices but every organization is different.

Secondly we notice that the majority of staff still believes that compliance costs money and that the organization should do the minimal and not more. Even though most management and staff are aware that non-compliance is expensive there’s little desire to do more than just ‘tick the box’.

Just curious if this is something that others see as well, we welcome your thoughts and reactions.

Rolf

E:  Rolf@i-KYC.com

W: www.i-kyc.com