The bank’s responsibility or not?

The Financial Times last weekend reported on the MAS banning a banker from operating in the Singapore market for 10 years due to wrongdoings found in the 1MD investigation in this article . “Mr Leissner was found by the MAS to have issued an unauthorized reference letter, using Goldman Sachs letterhead, to a financial institution based in Luxembourg in June 2015.”

Two things are remarkable about this:

1.       Maybe 10 years is a long time but it’s ‘just’ a prohibition to work in Singapore. If you know how difficult it is to get a work permit in Singapore this can hardly be seen as a punishment. There are millions of people who want to work in Singapore and cannot. It doesn’t appear to be a harsh or severe treatment. Certainly not if you take into account that Goldman received 300 million in fees for the transaction of which mr Leissner without doubt got a handsome share.

2.       Secondly it’s puzzling that a person can be banned for doing something while his employer goes completely free. If a person is doing something that is not allowed he or she should be held accountable but if the person is doing that as an employee also the employer should be held accountable I’d say

Interesting..

4 crucial points to make AML/CFT work in any bank

The questions in this article this article are indeed often asked by our clients. The answers provided make sense but I’m not so sure that we can call these true innovations… AML requires a financial institution to interpret regulations and embed these in internal policies. That’s the easy part. The next step is to get the rest of the organization to read and understand the policies and to amend all SOPs to ensure the first line of defense, functions in accordance with the policies. That’s not rocket science either but it’s a lot of work, has wide spread implications throughout the organization and touches on the day-to-day activities of many employees.

As the author rightfully states: taking this challenge seriously can be done within existing budget and in our opinion and experience (!) can actually save money. Four key points need to be taken into account:

-          Define a proper Target Operating Model so that it’s clear who is supposed to do what across the 1^st LoD;

-          Ensure there is one (!) central owner for all operational execution of AML/CFT processes; even if AML/CFT operations is not centralized you still need single ownership over all AML/CFT work;

-          Focus on numbers and make sure your management information measures progress, turnaround time and effort just as well as quality and meeting the compliance requirements;

-          Automate wherever possible.

And a final overall piece of advice; take this whole exercise seriously and execute the change program to reach the target model rigorously. We have proven it with various clients: you can meet AML/CFT requirements and still operate at a cost efficient level and still be customer friendly.

RegTech – top 3 trends

An interesting evening hosted by Datarama yesterday. It’s always good to meet peers and we enjoyed an interesting talk by Nathan SooHoo from Trulioo.

Technology can and will change the way organizations handle regulatory challenges. The bulk of the work though for most FIs is not to get policies issued and rolled out; it’s about all staff to understand what the policy means for their day-to-day jobs and actually adhere to it. Without bringing the organization to a standstill. Many AML/CFT processes are still very manual, so there’s a lot to be gained, both in terms of customer experience and in terms of the cost of compliance.

So apart from block chain and sharing of CDD data across organizations what would be top trend number 3?

How positive is the FATF really about the AML/CFT environment in Singapore

Anti-money laundering and counter-terrorist financing measures in Singapore – 2016

Many have already commented on the report FATF mututal evaluation Singapore, we took some time to read and reread the report. In this article we’ve summed up our comments and take-aways.

It took a while to release the report apparently, the FATF onsite visit was almost a year ago (Nov/Dec 2015), perhaps because the findings are of a mixed nature. Most comments are quite positive but without being too pessimistic: many comments that indicate some substantial improvements are possible and needed.

Let’s start with the good news. Singapore is found to have “a highly sophisticated coordination on AML/CFT and FIs demonstrate a reasonably good understanding of ML risks”. The National Risk Assessment has provided a sound basis for private and public sector to understand ML/TF risks and specifically domestic measures in FIs are considered adequate.

Looking at the effectiveness ratings 4 areas score ‘substantial’, 6 ‘moderate’ and 1 ‘low’. The technical compliance ratings 18 areas score ‘compliant’, 16 ‘largely compliant’ and 6 ‘partially compliant’. We leave it up to the reader to decide if that’s good or bad.

Let me cite also some less positive statements from the report. “No adequate risk assessment was done on all forms of legal persons and arrangements.”  “Challenges were faced in executing MLA requests in a timely manner.”  “The national risk understanding reflects a disproportionate focus on domestic predicate ML and domestic FIs demonstrated a less sophisticated understanding of ML and TF risks facing them.” “Given the inconsistencies in both the NRA and the individual assessment of risk in FIs, targeting on the basis of ML/TF risks is not optimal.”

Skipping to the prioritized recommendations we can see a few trends:

1.       More focus on non-FIs.

2.       More measures targeted at specific risks – properly reflecting amongst others risks inherent to the nature of Singapore’s financial services industry in which 77% of the funds managed has a foreign origin.

3.       An approach which is less ‘just ticking the box’ and more focused on actual risks.

4.       More focus on complex and foreign predicate money laundering.

Combating financial crime is not easy – we all know that – Singapore has come a long way and as the report concludes the regulatory framework is sophisticated. Reading between the lines though, the report is not altogether that positive. Having a world class regulatory framework is by no means enough; FIs and other players in the financial markets will need to do more than just ‘tick the box’ and truly understand risks and implement programs to mitigate those risks; there’s more work to be done.

Much more.

Comments are welcomed at info@i-kyc.com

3 tips to reduce the cost of compliance

The following article by Piotr Kaminski is spot on and talks about all the things that i-KYC is practicing day in day out. It addresses the question “why do so many banks still don’t get it right after all these years and still face fines and regulatory sanctions”. The i-KYC consultants know all about this and help our clients day-in-day-out to address the issues.

Read the article and keep the following 3 pointers in mind

      1. The compliance team acts in an advisory and policy setting role – if an organization wants to seriously manage regulatory risks and lower the cost of compliance – it needs to solve fundamental control issues in the 1^st Line of Defense.

       2. The organization could or perhaps should form a team – in the 1^st LoD – to manage operational execution of AML/CFT processes and performsprocess walk-throughs, quality assurance on operational execution, efficiency monitoring and measures and manages customer experience.

       3. Don’t just tick-the-box but really manage the residual risks taking into account not only the policies in existence but also the quality of adherence to policy.

All companies face an increased cost of doing business as a result of increased regulation. How high the cost of compliance is, is not a given. It can be managed and reduced. 

If you want to know how…. Contact us at info@i-kyc.com or find us on www.i-kyc.com

Number of STRs doubled in Singapore

As reported today in the Today Online the number of STRs has doubled year on year. Interesting detail is that half of the STRs come from non-financial institutions. That means that the topic of AML/CFT is extending its reach into casino’s, money changers etc.; these sectors are getting their act together if we can believe the numbers. Traditionally regulators have focused on banks and other financial institutions recently putting more attention on Trade Based Money Laundering and the use of off-shore centers. The number of STRs from non-FIs indicates that regulators are extending their reach into other sectors.

A second interesting detail is the case featured of an individual convicted in a money laundering case. For those out there who think that money laundering is just ‘a minor thing’ this case might open some eyes. For receiving and transferring money – without actually knowing underlying details – the individual was sentenced to 9 months in jail.

Definitely not a minor thing…..

1MDB - what more to say... a key lesson for financial institutions

Apart from the fact that the publications in the Sarawak Report http://www.sarawakreport.org/2016/07/caught-red-handed-by-the-fbi-pm-najib-razak-malaysian-official-number-1-is-fingered-by-the-doj/ will likely have a political impact there's a few more observations that we can make.

First and foremost: FIs need to do their homework and ensure that they know their clients, the case once more proves the risks of dealing with PEPs loud and clear.

Secondly: where smoke is, is fire... In other words: a CDD analyst needs to develop some 'fingerspitzengefuhl', a 6th sense to 'smell' if a client can be trusted and accepted as a client or not.

Both imply that every FI should have a working (! that means not just on paper...) risk based approach to onboard new clients and assess existing clients. Moreover, CDD, Customer Due Diligence, analysis can be taught, but knowledge alone doesn't make a good analyst. An inquisitive mind and an attitude to truly help the FI to understand its clients are crucial.

3 lessons on TBML

Following a breakfast meeting hosted by Accuity on Trade Based Money Laundering let me share a few observations from the presentations and the panel discussion:

1.       Accuity is leading the way in technological improvements – e.g. to detect dual purpose goods or detect over- or under-invoicing. However, technology can only do so much and has its limitations

2.    Regulators will continue to raise the bar. The fact that TBML is in the news so much is largely because the financial services industry has made traditional ML harder than before so other ways are sought. Regulators will increase their focus on TBML – as one panelist cited a comment from a regulator: “we know it’s hard and we don’t care“

3.    Lawyers and consultants can support financial institutions to interpret regulations and share best practices, but their added value is limited to (theoretical and high-level) advise

That leaves many institutions with the challenge to – with or without help from the above mentioned parties – define a risk based approach, which covers the front-office and trade finance operations alike.

If you need help or if you’re interested in a TBML course for your staff - call us at +65 9683 1451 or send a mail to info@i-kyc.com.

Integrity Means Business

Integrity Means Business

For i-KYC this is not an empty slogan. For us as a company of course all the work that we do is about integrity; the courses we provide, the implementation work we do and the advisory projects we’re involved in all revolve around business integrity, mostly in the field of financial and economic crime.

FEC exists because it still pays to launder money and there will likely always be terrorists looking for funds, how sad that may be. For banks, other financial institutions and more and more related service providers it’s a necessity to ‘get it right in the field of AML/CFT’. That means that not only that rules and regulations need to be translated into policies and procedures, it also means that staff need to be trained, that knowledge, skills and awareness need to be built and that procedures are implemented and controlled.

Integrity means business because no organization wants to implement all this and bring the business to a grinding halt. Effectiveness and control do not have to stand in the way of a customer service oriented institution and an efficient operation. If you want to find out more about how we do this, find more information on our website www.i-kyc.com or contact us at info@i-kyc.com . 

Trade Based Money Laundering – it’s a craft to fight it

Hong Kong is only one country where regulators are focusing more and more on TBML as can be read in this article http://www.gtreview.com/news/asia/hk-banks-warned-over-trade-based-money-laundering/ . TBML is less transparent and harder to detect than more traditional types of money laundering. As the article mentions “there is no rigid set of rules governing TBML, instead banks must take a risk-based approach”. That means that bank staff – governed by policies – need to take risk based decisions. It means staff have to build up knowledge and skills, not only understanding global trade flows and markets, but most of all building a deep understanding of the clients of the bank. As Sean Norris from Accuity is quoted “technology providers can help with a handful (… of the 40 potential red flags…) .. but the rest comes down to building a team that is knowledgeable and experienced in trade itself, rather than compliance.”

And that’s exactly what we at i-KYC help many clients with in our TBML training. Building teams and building knowledge and expertise on trade and money laundering.

We’re happy to share our experience – contact us at info@i-kyc.com.

A best-practice model for compliant banking

A best-practice model for compliant banking

In a recent article by Pjotr Kaminski and Kate Robu both working for McKinsey&Company an outline is given for a more structural solution to deal with ever increasing regulatory requirements and compliance challenges < http://www.mckinsey.com/business-functions/risk/our-insights/a-best-practice-model-for-bank-compliance >.

The title of the article is “A best-practice model bank compliance” but if all recommendations are implemented much more would be achieved than “bank compliance”. The framework will lead to what I’d like to call ‘compliant banking’ in the true sense of the word. So let me try and summarize the article and make some observations.

The article starts with the observation that “many banks still struggle with the fundamental issues of the control environment in the first line of defense…” we can’t agree more! On a daily basis we work with our clients to improve the behavior of the front office, but it’s still a long way for most institutions. Moreover the authors talk about the increased spend on compliance related programs often with little effect.

These and several other challenges can according to the article be addressed by following 3 principles:

1.      an expanded role of compliance and active ownership of the risk-and-control framework.

The idea here is that a compliance team should not just issue policies and give ad-hoc advice, the compliance function should be much closer to the business, manage risks and even have an eye for operational efficiency. Something we wrote about exactly a year ago < http://i-kyc.com/English/About-Us/blog/top-five-priorities-for-the-risk-and-compliance-function-2015.html >. In such a role a compliance team can actually be much more effective in building a compliance culture and be of more added value to the institution.

2.      Transparency into residual risk exposure and control effectiveness.

Most risk frameworks nowadays start from assessing inherent risk, followed by measuring the effectiveness of implemented controls, leading to insight in the residual risk exposure and subsequently deciding on actions to be taken if the residual risk is not within appetite. Most organizations know this in theory, but the whole framework is rarely implemented to the full. The article further suggests that the use of Key Risk Indicators – measuring the residual risk – would be much more effective than checking all the controls on a regular basis. If applied properly this all would give the institution a truly comprehensive view of its portfolio of risks and facilitates a risk-based allocation of resources

3.      Integration with the overall risk-management governance, regulatory affairs and issue-management process.

Not only would this enhance the overall risk view of senior management it would also lessen the burden on the business.

The article concludes with a 10-point scorecard to measure progress in the transformation of the compliance function. I’m not going to get into the detail of all these points, the most important is that institutions should realize there’s still a lot of work to do to make the compliance function the efficient and effective function it can be. Organizations can perform better, at lower costs and with better management of risks if the topics pointed out in the article are implemented.

Complacency is not the right answer to all the challenges, the framework in the article might be.

If you want more information or a discussion on how your organization is doing in this aspect let us know.

Rolf