Building an AFC Compliance Program

Question 1

First Line of Defense

Answer 1

Reports directly to Senior Management
-Client Relationship mgmt
-Daily Operations
-Quality Control
-Quality Assurance
-Maintenance Control of Framework
-Implements AFC policies set by second line
-Reports to senior management

Question 2

Second Line of Defense

Answer 2

Reports Directly to Senior Management
-AFC compliance and oversight
-managing and testing compliance controls
-independent from business units

Question 3

Third Line of Defense

Answer 3

-Reports Directly to the Board of Directors or Audit Committee
-Internal Audit
-Independent audit of the first two lines
-Safeguards financial institution at the macro level

Question 4

Senior Management Responsibilities:

Executes AML Program

Answer 4

Senior management is ultimately responsible for implementing and overseeing the AML program. They execute the program, ensure policies and procedures are integrated into operational areas, and communicate all compliance expectations to staff.

Question 5

Senior Management Responsibilities:

Promotes Governance

Answer 5

A robust governance structure provides clarity of roles and responsibilities, enhanced accountability, effective oversight and monitoring, promoting a culture of compliance and adaptability to regulatory changes.

Question 6

Senior Management Responsibilities:

Addresses Deficiencies

Answer 6

Senior management takes responsibility for any failures in the AML program, addressing compliance deficiencies, implementing corrective actions, and reporting progress to the board.

Question 7

Senior Management Responsibilities:

Approves Compliance Reports

Answer 7

It reviews and approves compliance reports, including SARs and compliance assessments, ensuring accuracy and transparency.

Question 8

Senior Management Responsibilities:

Monitors Compliance

Answer 8

Senior management monitors compliance with AML policies and regulations, ensuring regular reports on the program’s status, including risk assessments and any significant incidents, are submitted to the board and relevant committees.

Question 9

Enterprise-wide Risk Assessment (EWRA)

Answer 9

Helps organizations evaluate risk exposure to financial crime, including:
-Money laundering
-Terrorist financing
-Proliferation financing
-Sanctions evasion
-Tax evasion
-Bribery and corruption
-Some organizations include fraud operational risks

Question 10

EWRA Residual Risk Equation

Answer 10

Inherent Risk-Control Effectiveness=Residual risk

Question 11

Questions to ask when considering one’s role relative to the EWRA

Answer 11

-How does my organization establish its risk infrastructure?
-What risks am I facing in my role and how are these managed?
-What controls are in place to mitigate these risks?

Question 12

Risk-based approach:

Introduction

Answer 12

Introduced by FATF in 2007 to help organizations align with their risk appetite:

-Identifying, assessing, understanding risks
-Applying appropriate measures to mitigate them

Question 13

Risk-based approach:

Recognize and Assess all types of risk

Answer 13

Accurately judging a customer’s potential involvement in financial crime is an important prerequisite for the risk-based approach. Organizations should conduct due diligence on business operations, industries, customer characteristics, and geographic exposure, to obtain adequate, complete, and truthful customer information for analysis.

Question 14

Risk-based approach:

Obtain Adequate, complete consumer information

Answer 14

Financial crime risk is just one element of risk organizations face. Others include operational risk, credit risk, and market risk. By combining these risk management processes, risk managers can assess financial crime risks and allocate resources to mitigate the highest risks.

Question 15

Risk-based approach:

Obtain commitment from senior management and employees

Answer 15

A risk-based approach focuses effort with the greatest need and impact. It requires the full commitment and support of senior management, and the active cooperation of all employees.

Question 16

Risk-based approach:

Implement measures to mitigate and monitor risks

Answer 16

Adopting a risk-based approach requires implementing a risk-management process to handle financial crime. This process encompasses recognizing the risks, assessing them, and developing control strategies to mitigate and monitor them.

Question 17

Risk-based approach:

Allocate Resources Based on Risk Exposures

Answer 17

Using a risk-based approach allows the organization to allocate resources effectively. These decisions determine the level and frequency of customer profile research and updates.

Question 18

Examples of Risk-based Approaches

Answer 18

-Ensure Matrix management across all risk disciplines
-Recognize, assess, develop controls, to mitigate and monitor risks
-Implement risk management process
-Obtain commitment from senior management and employees
-Focus effort and resources on greatest need
-Obtain adequate, complete customer information

Question 19

Customer Risk Assessment (CRA) vs EWRA

Answer 19

CRA is a risk assessment at the individual customer level, while EWRA is organization-wide

Question 20

A CRA

Answer 20

assesses individual customer and business relationship risk exposure, uses KYC information to assess risk, and determines simplified, standard, or enhanced due diligence.

Question 21

An EWRA

Answer 21

assesses organizational risk exposure, helps allocate resources, determines residual risk to guide AML/CFT framework design, identifies inherent risks, and assesses controls.

Question 22

Initial CRA

Answer 22

-At onboarding
-Establish customer profile
-Build the foundation for future monitoring

Question 23

Ongoing CRA

Answer 23

Triggered by material changes in risk factors, such as:
-Business activity
-Ownership
-Jurisdiction

Question 24

Periodic CRA

Answer 24

Scheduled reviews based on:
-Risk level
-High-risk customers assessed more frequently

Question 25

Customer Risk Assessment: Transactional Behavior

Answer 25

Deviations from expected transaction patterns, unexplained high-volume cross-border transactions, or the use of complex payment structures

Question 26

Customer Risk Assessment: Delivery Channel

Answer 26

Consider whether the customer is onboarded in person or virtually. Payments that are sent to, or received from, unknown or unassociated third parties should be considered high risk.

Question 27

Customer Risk Assessment: Product

Answer 27

Consider how the products the customer has applied for or might already hold could be misused for financial crime. Examples include correspondent banking, private banking, wealth management, cryptocurrency, and trade finance.

Question 28

Customer Risk Assessment: Jurisdiction

Answer 28

Whether a customer is from or conducts business in high-risk jurisdictions, as identified by FATF, OFAC, the EU, and other national regulators

Question 29

Customer Risk Assessment: Customer Profile

Answer 29

Natural person or legal person, ownership structure, nature of business, industry, and presence of politically exposed persons (PEP)

Question 30

Steps of a CRA

Answer 30

1) Data Collection 2) Risk Scoring 3) Risk Classification 4) Approval Process

Question 31

Screening Types: Payment

Answer 31

The review of payments made and received by customers. If a red flag is detected, it is stopped and held until investigations are complete. This includes payments to or from parties on a sanctions list.

Question 32

Screening Types: Name

Answer 32

A process where financial institutions and other regulated organizations compare customer details against various watchlists and databases to identify potential risks

Question 33

Screening Types: Batch

Answer 33

Allows organizations to systematically review customer databases against updated sanctions lists, PEP lists, and adverse media sources. It is conducted at scheduled intervals to detect newly sanctioned individuals, evolving high-risk customers, and emerging threats.

Question 34

Screening Types: PEP

Answer 34

The process of identifying individuals who are or have been entrusted with a prominent public function, as well as their immediate family members and close associates. PEPs are considered higher risk due to their potential exposure to corruption.

Question 35

Screening Types: IP

Answer 35

A security measure that checks the geographic origin of a customer's IP address. It occurs during or after customer onboarding. If the customer logs in from a sanctioned or high-risk location, the system detects and flags the activity for further review.

Question 36

Screening Types: Location

Answer 36

Involves verifying the geographic information associated with a transaction against known risk databases to flag potentially suspicious activity before or after the transaction occurs

Question 37

Screening Types: Adverse Media

Answer 37

A risk management strategy that involves reviewing publicly available information such as news articles, social media, or legal filings to identify potential financial crime risks related to individuals or entities.

Question 38

The customer lifecycle: Pre-Onboarding Assessment

Answer 38

-ID&V, screening, KYC/CDD, -CRA -Onboard or reject customer -EDD for high-risk customers

Question 39

The customer lifecycle: Periodic Review and Ongoing Due Diligence

Answer 39

-Scheduled KYC refreshes -Continuous risk assessments -Ongoing financial crime risk management -Perpetual KYC

Question 40

The customer lifecycle: Investigations

Answer 40

-Ongoing controls -Escalation and case management -SAR filings, if necessary

Question 41

The customer lifecycle: Screening

Answer 41

-TM: Continuous observation of transactions after onboarding to identify unusual or illicit activity -Screening: PEP, adverse media, payment, and batch

Question 42

The customer lifecycle: Offboarding

Answer 42

-Due to suspected illicit activity or noncompliance risks -Exits based on risk appetite mismatch should be case-by-case

Question 43

Examples of regulator requests

Answer 43

-Routine examinations or targeted investigations -Monitorship following breaches -Special provisions to obtain information -UK Financial Services and Markets Act 2000: Sections 166 and 100 -USA PATRIOT Act: Section 314(a)

Question 44

Transaction monitoring

Answer 44

-Occurs continuously, in real time and retroactively, after customer is onboarded -Detects suspicious activity during or after transactions occur -Can identify unusual or illicit activity

Question 45

Payment screening

Answer 45

-Identifies the risk of individuals, entities, or jurisdictions for payments your organization sends or receives -If adequate and effective controls are in place, it could prevent illicit transactions before they are completed.

Question 46

Transaction monitoring examples: Large Transactions

Answer 46

Transactions that exceed a certain threshold, often set by regulatory bodies or financial institutions themselves

Question 47

Transaction monitoring examples: Structuring

Answer 47

The act of dividing a single, large transaction into multiple smaller transactions to evade reporting requirements or to hide the true source of funds

Question 48

Transaction monitoring examples: Round Trip Transactions

Answer 48

A sent remittance returned as a received remittance immediately or shortly afterward

Question 49

Transaction monitoring examples: Transfers to high-risk jurisdictions

Answer 49

Require heightened scrutiny due to potential risks. These jurisdictions might have weak AML laws, political instability, or a history of illicit activities.

Question 50

Transaction monitoring examples: Unexpected transactions

Answer 50

Transactions that differ from the expected or anticipated volumes or values documented in the customer's KYC

Question 51

Customer segmentation

Answer 51

-Classifies customers based on specific criteria: -Risk profiles, behaviors, characteristics. -Indicates exposure to financial crime -Allows organizations to: -Strengthen financial crime prevention measures. -Allocate resources more efficiently.

Question 52

Scenario creation and development

Answer 52

-Designing hypothetical situations or risk profiles: -Illustrates how financial crimes might occur. -Helps test and improve the effectiveness of TM systems

Question 53

Rule development

Answer 53

-Scenarios are converted into rules. -Integrated into TM systems -Different thresholds for the same scenario will be in place, depending on low, medium, or high risk -Measurable rules should: -Align with requirements, best practices. -Capture relevant risks identified by regulators.

Question 54

Threshold setting

Answer 54

-Definition of limits: Value, frequency, location, type -Types of thresholds: -Value-based -Frequency-based -Time-based -Dynamic review and adjustment -Regulatory compliance

Question 55

System tuning

Answer 55

The process of refining rules, thresholds, parameters, and models to enhance TM system effectiveness

Question 56

Scenario Setting

Answer 56

Creating, modifying, or removing detection rules based on historical suspicious activity and incidents

Question 57

Threshold Setting

Answer 57

Defining the minimum level of activity required to trigger an alert. Adjusting these thresholds enhances sensitivity and accuracy while reducing false positives for better resource use.

Question 58

Frequency

Answer 58

Defining the minimum level of activity required to trigger an alert. Adjusting these thresholds enhances sensitivity and accuracy while reducing false positives for better resource use.

Question 59

System tuning data points: Configuration

Answer 59

Information related to the rule, including the creation date, purpose, typology, or scenarios it attempts to identify, established thresholds, and alert frequency

Question 60

System tuning data points: Alert Productivity and conversion rates

Answer 60

Include the volume, frequency, and materiality of the alerts, or how many alerts result in investigations and suspicious activity reports

Question 61

System tuning data points: Transaction Patterns and customer behavior trends

Answer 61

Historical transaction data and customer behavior can reveal anomalies and trends that suggest emerging risks, helping organizations adjust detection criteria.

Question 62

System tuning data points: Industry Information and Law Enforcement Guidance

Answer 62

This includes information from peer organizations on emerging risks and the effectiveness of different monitoring strategies. Similarly, guidance, advisories, and feedback from law enforcement agencies and regulatory bodies can inform tuning efforts.

Question 63

Process for alerts review

Answer 63

1) Review internal information. 2) Identify and review external information. 3) Contact business line staff. 4) Document findings in a written report.

Question 64

Sources of investigation: Open Source Intelligence

Answer 64

This includes social media and news organizations. Ongoing negative news screening programs and systems can identify information that prompts reviews and generates investigative leads.

Question 65

Sources of investigation: Regulatory Actions or RFIs

Answer 65

Includes routine requests for details of activities under review by a regulator, which might help form a view that an internal investigation should be conducted. More formal investigations from the regulators might also provide the context for further internal review. Also, regulatory findings and recommendations help identify additional risks and initiate reviews.

Question 66

Sources of investigation: Internally-generated Alerts

Answer 66

These include those generated as a result of screening and transaction monitoring processes. They can originate from any employee irrespective of their roles and responsibilities. Other sources include whistleblower portals, audit findings, customer complaints, and control failures.

Question 67

Sources of investigation: Information Sharing requests

Answer 67

These requests enhance the ability to detect suspicious activities and initiate reviews. Examples include Sections 314a and 314b, Article 75 of EU framework.

Question 68

Sources of investigation: Law Enforcement Requests, Court Orders

Answer 68

Requests for Information (RFI) from law enforcement might include direct inquiries for specific information as part of an investigation. Subpoenas, search warrants, information requests, and other court orders might require the organization to provide specific information.

Question 69

Sources of investigation: RFI from Counterparties and Respondent Banks

Answer 69

These include formal requests for clarification, data, or additional details that might provide the context for seeing a fuller view of activity which then leads to an investigation.

Question 70

LEA request

Answer 70

-Criminal investigative agencies -Furthers a specific criminal investigation -Specific individuals and/or entities, transactions, or accounts -Legal authority related to criminal procedure -Evidence gathering, asset seizure, and prosecution support

Question 71

Regulatory request

Answer 71

-Financial regulatory bodies Assess and ensure AML/CFT compliance, inform policy -Organization's overall AML program and adherence to rules -Statutory and regulatory authority over financial institutions -Remediation of AML deficiencies, enforcement actions