Practical AML experience & Lessons Learnt

Kabul, Afghanistan – 19 April 2006

2

Money Laundering….

The Global Problem

What is Money Laundering?

3

What is Money Laundering?

Money laundering is the process by which criminals

attempt to hide and disguise the true origin and ownership

of the proceeds of their criminal activities. The term

“Money Laundering” is also used in relation to the

financing of terrorist activity (where the funds may, or may

not, originate from crime).*

* Standard Chartered Bank – Group Definition

4

Criminal Activities

Drug TraffickingBribery / Corruption

Prostitution

Gambling

Tax Evasion

Extortion

Robbery and Fraud

White Collar Crimes

(including Insider

Trading and Securities offences) Smuggling

(arms, people, goods)

Counterfeiting and Forgery

Kidnapping

Serious Crime or All Crimes?

Organised Crime

5

What are the key stages of the Money Laundering Cycle?

Placement– of criminal proceeds into the financial system

Layering– of transactions to confuse the audit trail and distance the original

source of funds (e.g. successive transactions, international

transfers, early termination products, tax haven companies,

genuine businesses).

Integration– of funds back into the real economy as “clean and respectable

money”

6

What does this mean for Banks?

7

What are the risks for banks?

Failure to understand and deal with Money

Laundering can lead to:

– Significant regulatory risk

– Significant reputational risk

– Significant litigation risk

– Significant Operational risk

8

The consequences of non-compliance are serious …

City banks ‘handled dictator’s fortune’. This is

disappointing says regulator Financial Times 9/3/01

Crime bill cracks down on

money laundering

The offence of failing to report evidence of

money laundering will be toughened

Financial Times 6/3/01

Bank of Scotland .. under investigationby the Isle of Man's financial

regulator after being sucked

into a web of alleged money

laundering and bankruptcy

fraud

Financial Times 10/12/00

Credit Suisse.. to be

indicted in the

money-laundering

scandal

over $4bn plundered from

Nigeria by General Sani

Abacha, the country's

former leader

Financial Times 7/12/00

UK signs UN convention

on trans-national

organised crime….

establish a common legal

framework and introduce

measures across Europe

to … crack down on money

laundering…Financial Times 14/12/00

The designated president of the Financial Action Task Force , Jochen Sanio, said the agency will need a bigger budget and tough powers to impose sanctions on countries that don't comply with its rulings

' Everything will be overshadowed by the task of fighting terrorism'

Financial Times 3 October 2001

Paine Webber

International (UK

Limited) fined

£350,000 for serious

compliance failures,

including

inadequate controls

to prevent money

laundering

Complinet 22/08/01Nigerian loot laundered in the

City Sunday Times 17/12/00

9

Regulatory Case Studies

Failure to:– Identify numbered accounts– Investigate Suspicious Activity Reports (SAR’s)– Establish the right internal checks and procedures

“HSBC fined €2.1 million in Spain”21st November 2002

10

Regulatory Case Studies

Failure to:– Report high value cash transactions– Have systems to detect suspicious transactions– Supervise agents– Lodge SAR’s

“Western Union fined $8 million under State Regulations and $4

million under Federal Regulations”2nd December 2002 & 10th March 2003

11

Regulatory Case Studies

Failure to Know Your Customer and check the origin of funds (Sani Abacha – Nigeria case)

“Credit Suisse fined Sfr 750k”2nd December 2002

12

Regulatory Case Studies

Fine imposed due to failure to obtain or retain sufficient ‘know your customer’ (‘KYC’) documentation to adequately establish customer identity in an unacceptable number of new accounts

Bank named, shamed and fined despite:– RBS discovered the problems through its own testing– Bank took an open and constructive approach to FSA’s investigation– No evidence of actual money laundering having taken place– Considerable resources dedicated at an early stage to correct the problem– Group-wide monitoring on compliance now in place– FSA is satisfied the Bank has now adequately dealt with the issue

“FSA fines Royal Bank of Scotland Plc £750,000 for money laundering control

failings” FSA press release, 17 December 2002

13

Regulatory Case Studies

Failure to:– Maintain effective systems & controls– Know your Customer (no evidence of Id)– Manage and escalate SAR’s in a timely manner

“FSA fines Abbey National £2.32 million for compliance failures”

FSA Press release 10th December 2003

14

Regulatory Case Studies

Failure to:– Keep proper Know Your Customer records

(Identification records, system conversion)

“FSA fines Bank of Scotland £1.25 million”

FSA Press release 16th January 2004

15

Regulatory Case Studies

Being involved in fund remittances for an underground group.

Failure to Report SAR to FSA Care to be taken when acting for an Agent or Sub

custodian

“FSA in Japan suspends Standard Chartered’s custody business for 1

year”20th February 2004

16

Regulatory Case Studies

Failure to update its Anti Money Laundering manuals.

“FSA fines Raiffeirsen Zentralbank Osterreich £150k”

20th February 2004

17

Regulatory Case Studies

Failure to: – implement effective AML program– Detect or investigate suspicious transactions– File SAR’s (especially re some Saudi accounts)

“Riggs Bank fined $25 million”13th May 2004

18

Regulatory Case Studies

Illegal transfer of USD currency from Note Depot to sanctioned countries.

Subsequent concealment, falsification of records and returns to the Reserve Bank.

“UBS fined $100 million”10th August 2004

19

Regulatory Case Studies

Closure of Private Banking Offices in 1 Branch and 3 satellite Offices.

Failing to prevent suspected Money Laundering Poor Know Your Customer records Improper trading

“Citigroup ordered to close offices in Japan”17th September 2004

20

Regulatory Case Studies

Failing to prevent suspected Money Laundering implement effective AML program Improper trading

“ABN Amro fined USD 80 mn in New York”January 2006

21

Regulatory Case Studies

Written AML Program Independent Testing and Audit Effective Training SAR’s & KYC Review historic transactions Progress Reports

“Standard Chartered enters into agreement with US Federal Reserve to improve AML

controls”13th October 2004

22

What is Standard Chartered doing about it?

23

Key components of the SCB Group Policies and Standards

Organisation and Internal Policies

Identify Your Customer

Know Your Customer (Risk Based KYC)

Ongoing Monitoring (outflows as well as inflows)

Record Retention

Reporting Suspicious Activities

Awareness and Training

24

Money Laundering Prevention - Organisation

Country CEO

Head of Legal and Compliance

Country MLRO

Business MLPO Business MLPO

Unit MLPO Unit MLPO Unit MLPO

REGULATOR/ FIU

25

Tailored to suit our international business ….

Consumer Bank Guidance Notes

Wholesale Bank Guidance Notes

Country procedures taking into account

– Local regulatory requirements

– Group Standards

– CB & WB Guidance Notes

26

CUSTOMER DUE DILIGENCE

Know Your Customer (KYC)

Identity Verification Address Verification Nationality Business/ Profession Source of Income/ Wealth Transaction Profile

27

CUSTOMER DUE DILIGENCE

Non-Personal Accounts - Companies/ Trusts

KYC of major share holders/ beneficial owners KYC of all the directors and controllers of funds KYC of the trustees/ settlers of trusts

POA holders/ Intermediaries/ Agents

KYC of the Principals as well as agents/ POA holders/ intermediaries

Correspondent Banks

Ensure that the correspondent bank has equivalent ML prevention procedures

28

CUSTOMER DUE DILIGENCE

PEP (Politically Exposed Person)

A person holding post of a high public function in a foreign country like, heads of state, ministers, senior officials of judiciary, armed forces, etc.

Senior Management approval for opening account. Enhanced due diligence on source of funds, source of wealth Periodic Review and monitoring FATF Recommends extension of the principle to the countries

of domicile as well.

29

Risk based approach to KYC

1. Accept or Reject business?

• Profitability

• Suitability

• Reputational Risk

• Sanctions

• Suspect/Blacklists

Reject due to Business Consideratio

ns

Reject due to Business Consideratio

ns

Reject due to Sanctions

etc

Reject due to Sanctions

etc

Accept

2a. Borrowing Customers

Existing KYC Process

3. Risk Assessment

Man

ag

e a

s

Level

3 R

isk

Man

ag

e a

s

Level

3 R

isk

Man

ag

e a

s

Level

2

Ri s

k

Man

ag

e a

s

Level

2

Ri s

k

Man

ag

e a

s

Level

1 R

isk

Man

ag

e a

s

Level

1 R

isk

2b. Non-Borrowing Customers risk profiled using agreed and easy to implement filters.

3. Separate out Level 3 customers using agreed filters.

3. Impose Basic KYC only

3b. Impose Enhanced KYC

30

Risk based approach to KYCLevel 3

riskLevel 3

riskLevel 2

RiskLevel 2

RiskLevel 1

RiskLevel 1

Risk

Monitor Account Activity which requires account to be classified as Level 2 or 3.

Monitor Account Activity which requires account to be classified as Level 2 or 3.

Monitoring to identify account activity which requires account to be reclassified as Level 3.

Monitoring of transactions against customer profile every 12 months.

Monitoring to identify account activity which requires account to be reclassified as Level 3.

Monitoring of transactions against customer profile every 12 months.

Account Opening

Ongoing Account

Management

6 Monthly Review

-Monitoring of transactions against customer profile

-KYC Relationship review approved by Senior management

6 Monthly Review

-Monitoring of transactions against customer profile

-KYC Relationship review approved by Senior management

Enhanced KYC

-Basic KYC Plus

-Nature of business

-Origin of funds

-Purpose of account

-Type & level of activity

Enhanced KYC

-Basic KYC Plus

-Nature of business

-Origin of funds

-Purpose of account

-Type & level of activity

Basic KYC

-Evidence of Identity

-Evidence of address

Basic KYC

-Evidence of Identity

-Evidence of address

31

Account Monitoring & Suspicious Activity Reporting

32

Suspicious Activity

Suspicious Activity will often be one which is inconsistent with the customer’s known, legitimate business or personal activities or with the normal business for that type of account

“The first key to recognition is knowing enough about the customer’s business to recognise that a transaction, or series of transactions, is unusual”

(“..unusual or large transactions with context to the account, which have no apparent genuine economic or lawful purpose…”

33

Account Monitoring & Suspicious Activity Reporting

Need to monitor accounts:– Manual Monitoring– System monitoring

• Daily reports on thresholds and account recency• Trend reports

Need to report suspicions:– External Reporting where laws and regulations require this

(accounts may be frozen)– Internal Reporting (account closure)

What are the consequences of not reporting?

34

Reporting Suspicions

“Suspicion” is not proof, but neither is it a “flight of the imagination”

“Believing something to be true, but without proof”.

Some events always suspicious, in absence of contrary evidence.

Can be a series of events

If unsure report anyway

35

Potential cases of Suspicion

Frequent cash deposit where inconsistent with customer’s known status

and occupation

Frequent use of cash for early loan repayment

Large numbers of electronic transfers into and out of account.

Multiple accounts where no need

Transactions with countries where no business

Excessive request for privacy

Unnecessary use of intermediaries

Receipts/remittances for which source/destination cannot be identified

36

SAR Regulatory Environment

60% of enforcement actions taken over the last 3 years

have been for SAR deficiencies.

Earlier actions related to Cash Transaction Reporting in

USA.

More recent ones have focused on management and

timeliness of SAR’s

37

Challenges in improving SAR numbers

Low staff awareness

Staff training not specific enough about SAR’s

Not disciplining non compliant staff

Fear of losing business

High work volumes and pressures

38

What is SCB doing on Training?

AML Training a part of the staff Induction training.

Compulsory to clear test within first week, bar at 80%

Refresher training every quarter with testing

AML Guidelines broken down into simple fact sheets for

ease of reference

Senior Management commitment to the process is a MUST

39

Record keeping

5 years record retention (Group Standards)

Retention is from the date account is closed or suspicious discovered

Record should be kept centralised and ready to be provided upon any query in a timely manner

40

Questions?