Anti-money launderingR E G U L AT I O N | C U S T O M E R I D E N T I F I C AT I O N | M O N I T O R I N G | L E G A L | T E C H N O L O G Y

Meet the Market: Legal: Q & A: Regional AMLBrian Dilley, Inside the Government’s Your questions answered IndonesiaUBS Investment draft exposure Bill by our expert panel

Reading between the linesWhat the Government’s AML legislation means to your business

Building bridges to break networksBanks and police join forces to combat terrorist fi nancing

M A R C H 2 0 0 6

A F M A N E W S L E T T E R

2 AML Newsletter

Brought to you by Lead Partner Legal Partner

Partners

Anti-money laundering NewsletterMarch 2006

Manager, Product DevelopmentWill Sanders(email wsanders@afmaservices.com)

Sub-editorSiobhan Brahe(email sbrahe@afmaservices.com)

National Manager, Sales & MarketingDiana Zdrilic(email dzdrilic@afmaservices.com)

ContributorsCharis PalmerNick Kochan

Published by

AFMA ServicesLevel 395 Pitt StreetSydney NSW 2000

GPO Box 3655Sydney NSW 2001

Tel: + 61 2 9776 4411Fax: + 61 2 9776 4488www.afmaservices.com

Disclaimer:

This publication is designed to provide accurate and authoritative information in regard to the subjects covered. It is distributed with the understanding that the Australian Financial Markets Association is not engaged in rendering legal, accounting or other professional service. If legal advice or other expert assistance is required, the services of competent professional persons should be sought.

Copyright statement:

COPYRIGHT© AFMA ServicesThis publication is copyright. Other than for the purposes of, and subject to the conditions prescribed under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system, or transmitted without prior permission. Enquiries should be addressed to AFMA Services.

5 NEWS BRIEFS AFMA AML event series

Fraud on rise, says KPMG

US FSA to streamline AML

US correspondent banking

7 COVER STORY – Building bridges to break networks

Nick Kochan, investigative journalist and author of The Washing Machine, examines the

complexities of combating terrorist fi nancing

10 COVER STORY – Reading between the lines

Lucy Major, KPMG considers the business impact of the Government’s AML legislation

14 LEGAL – Legal perspectives

It’s been a busy two months for AML specialists across the region with compliance and legal

teams working around the clock to assess the implications of the Government’s 220 page

AML/CTF draft exposure Bill. As we near the end of the public consultation period, lawyers

Blake Dawson Waldron highlight the legal ramifi cations of the Bill and the implications for the

fi nancial markets.

19 EUROPE – Directive thinking

Meet Joeb Rietrae, Economist, DG Internal Market at the European Commission and a

member of the drafting committee of the Third Anti-Money Laundering Directive

21 UNITED STATES – Team regulator

In December’s edition of the AML Newsletter, Paul Andrews and Will Harter examined the

regulation and enforcement experiences of the National Association of Securities Dealers,

Inc. (NASD). This month they discuss cooperation between regulators, both within the United

States and between the United States and regulators abroad

26 ASIA-PACIFIC INSIGHT – Indonesia

KPMG discuss the recent developments in anti-money laundering (AML) and counter-fi nancing

of terrorism (CFT) legislation and regulation in the Asia-Pacifi c region

29 MEET THE MARKET – Brian Dilley, UBS Investment Bank

Earlier this year KPMG met with Brian Dilley, UBS Investment Bank’s UK Money Laundering

Reporting Offi cer, to discuss the implementation of UBS’ AML compliance program.

32 Q&A – Phone a friend

AFMA has assembled a panel of experts to answer your questions on the development of an

AML program and the impact of legislation

CONTENTS

March 2006 3

Four joint government-industry working groups are ploughing through the provisions of the

draft AML Bill and uncovering many signifi cant issues, while the production of draft AML Rules, which explain how the new AML laws will work in practice, is taking longer than expected. Designing principles-based legislation in a risk-based framework without becoming overly prescriptive is proving a complex task.

The industry concern is that if the AML legislative package is pulled together in a rush to meet the current deadlines issues will not be properly resolved, or overlooked, resulting in implementation and ongoing operational problems.

Industry, and banks in particular, can’t proceed too far with the planning of signifi cant changes to their business management systems until the fi ner details of the AML Bill and Rules are agreed and certain.

These concerns have been raised by the fi nance sector with the Minister for Justice, Senator Ellison, who is driving the process. So far, the Minister is sticking to the April deadline for consultation and a June introduction of fi nal legislation to the Parliament, citing Australia’s international obligations to meet FATF standards.

The industry view is that it is better to take a little longer to get the AML package right than to scramble

COMMENT

Consultation between industry and government over the proposed

anti-money laundering laws is getting down to the wire and there are

concerns among industry participants that the April deadline set for the

consultation period can not be met at the present pace, writes Duncan

Fairweather, AFMA’s Executive Director.

to meet a self-imposed deadline. Australia’s current AML regime is effective and of comparable countries, probably only the UK is more signifi cantly advanced in meeting the higher FATF requirements.

Another factor in the mix is the forthcoming inquiry into the AML Bill and Rules by the Senate Legal and Constitutional Committee. While this will be a useful opportunity to explain industry’s concerns about the AML package, it is an additional task for industry representatives to deal with.

Industry’s concerns about the pace of the consultation process will again be conveyed to the Minister in a forthcoming meeting of the AML/CTF Advisory Group. �

Duncan Fairweather, Executive Director, Australian Financial Markets Association

The clock is ticking

March 2006 5

AFMA hosts second in a series of three industry briefi ngs

AFMA’s second anti-money laundering briefi ng brought together some of Australia’s leading experts on AML to discuss the

challenges and requirements of implementing a risk-based system.

Justice Minister Chris Ellison kicked off discussion by reassuring the private sector that the Government does not want to overburden industry, or infl ict inordinate implementation costs upon it.

While the Minister agreed that more work needed to be done on the draft rules, he admitted that despite being keen to meet the April 30 deadline, he also wants to ensure the industry is clear on the rules.

As industry executives digest the draft legislation, it’s clear they are drawing heavily on the experience and skills of those who have battled money laundering in other markets.

One such market is the UK, and John Mair, formerly of Lloyds TSB, provided the audience with some real insight into what institutions can do now to make sure their AML programs are as effective as possible.

It’s one thing for an AML program to look good, advised Mair, but quite another to turn it into something that causes real pain to money launderers and terrorists.

To make even the smallest dent in the armory of organised criminals Mair maintains that institutions, law enforcers and Governments need to put their best people to work, addressing the demand side i.e. fi nding ways to make the market less attractive, as opposed to just catching the criminals. He also advised that a strategy with elements of unpredictability is more likely to be effective than one that simply follows a standard set of rules.

But by far the strongest message delivered by Mair and other speakers was the need for more cooperation and information sharing between the public and private sectors.

Deutsche Bank’s Karen Khoury gave the audience some suggestions on where to source more guidance on identifying and assessing the risks of politically exposed persons (PEPs). In addition to implementing a policy to deal with PEPs, Khoury argued that staff should to be empowered to exercise their judgment, because many situations they’ll face won’t always be black and white. “To me it’s a matter of the

researcher being suffi ciently intellectually curious, suffi ciently tenacious to get answers where information is needed, and having suffi cient resources, including language skills and time and access to material – both free and paid for from the Internet. It’s also about using what you can internally,” concluded Khoury.

Two common themes arising from the morning’s presentations were that because risks are constantly evolving, no AML system should remain static, and that institutions should consider obtaining more Know Your Customer information than required in the draft legislation.

As KPMG’s Lucy Major noted, “We should never underestimate how clever and devious organised crime groups can be. There’s evidence coming out of the United States that organised crime groups are putting students through university in order that they get a good job in a bank so that they can facilitate money laundering.”

At the end of the day it is hoped participants went away with some clear ideas on how they can help shape the legislation, and the hindsight of others that have already embarked on an AML program.

The fi nal event in the series examines the implementation of an effective monitoring and reporting system and takes place in Sydney on Wednesday 29 March 2006. For more information contact Diana Zdrilic on 02 9776 7923

Fraud on rise, says KPMG

Accountancy fi rm KPMG has released a report on fraud from its Forensic & Litigation Services division, where fi nancial fi rms were found to have lost 10 times more to fraud last year than in 2004. It says fraud in the UK has reached a 10-year high, with cases involving almost £1 billion reaching court. However, the report noted that this fi gure may refl ect better policing and successful prosecutions.

The major sources of fraud (90%) were managers and organised crime. The KPMG report also includes a ‘fraud barometer’ that shows the prevalence and types of fraud in the UK. Most fraud is still directed against the government, including benefi t fraud.

US FSA to streamline AML

The FSA has released a policy statement to say it will press ahead with streamlining its anti-money laundering requirements for fi rms as part of its drive to simplify the FSA Handbook and remove rules and guidance that are no longer needed.

NEWS BRIEFSBROUGHT TO YOU BY

6 AML Newsletter

NEW YORK – US regulators now require US-based branches of foreign banks to maintain full documentation of their correspondent banking accounts, a requirement that affected banks say amounts to burdensome double-compliance.

Many banks operating in the US have most of their correspondent banking customer relationships managed out of their head offi ces abroad. Because of the way correspondent banking business works, the customers whose relationships are managed at the head offi ce are permitted to use any of their banks’ services in their US operations.

Accordingly, US-based branches get instructions for a specifi c service from a customer whose account is managed at the head offi ce abroad, and the head offi ce approves such a request based on the due diligence they have performed on such a customer.

But in the 2005 AML examinations cycle, regulators instructed such banks to hold full fi les of these customer relationships.

“Over here we have local, branch-level relationship managers that manage these head-offi ce accounts, just as the go-between to obtain information for any questions, even though they do not really know the customer. In 2005, we were told we must have complete account opening and due diligence fi les here in New York, in addition to the know-your-customer (KYC) diligence we have been conducting,” according to one compliance offi cer based in New York.

Foreign banks have previously relied on the KYC form, which has been comprehensive enough to satisfy regulators. “Regardless of how low-risk a customer is, they fi ll out a KYC form, which gathers information about who the managers of the bank are; what their source of funds is; how the company operates; their reputation in the market; was their credit review analysis done?

Another compliance manager says: “It’s a comprehensive form that gave me a certain measure of comfort. In my mind it was more than suffi cient. But they said they wanted to see due diligence and full customer fi les. At another time we would have challenged this and told them they are creating a bureaucratic nightmare, but in the current environment, nothing is very reasonable anymore, so we must comply.”

The bankers say, effectively, due diligence – the research they have to conduct on their customers that allows them to determine whether it is a good customer – will be done twice,

in the head offi ce as well as in the US branch. Some banks will have to duplicate due diligence fi les of up to 1,000 accounts.

Reconciling the information on the KYC forms, the Offi ce of Foreign Assets Control checks, certifi cate of good standing, what is at head offi ce, etc, will be very expensive. “We are now fi guring out how we can share this information from head offi ce – but we have to start with getting physical paper fi les. In the long term, online databases will be an option, but that opens a host of other issues of safety. How can you keep a database accessible across the Atlantic safe?” the banks ask.

In early January, the Financial Crimes Network (FinCEN) issued the fi nal rule to implement the requirements of section 312 of the USA Patriot Act of 2001. Section 312 requires US fi nancial institutions and their foreign branches, and US branches and agencies of foreign banks to establish enhanced risk-based due diligence policies, procedures and controls reasonably designed to detect and report money laundering through correspondent accounts and private banking accounts that fi nancial institutions in the US establish or maintain for non-US persons.

But US banks convinced FinCEN to exempt their foreign branches from the requirements in order to, among other things, minimise the anti-competitive impact on foreign branches that could result from their inclusion.

The required procedures and controls in the due diligence programs for correspondent banking accounts include money laundering risk assessment. Such assessment should include the nature of the foreign fi nancial institution’s business and the markets it serves, the type, purpose and anticipated activity of the correspondent account, and the AML and supervisory regime that licensed the foreign fi nancial institution.

The due diligence programme for private banking accounts should, at the minimum, ascertain the identity of all nominal and benefi cial owners of a private banking account, and ascertain whether any person identifi ed is a senior foreign political fi gure.

Correspondent banking issues continue to feature prominently in many of the US regulators’ AML enforcement actions. Since the broadening of the correspondent banking requirements in 2002, some foreign banks in the US have closed several branch-level correspondent banking accounts due to the heightened attention from regulators. Some branches of foreign banks have suspended the opening of new correspondent accounts, and kept only the few, long-standing correspondent banking accounts that are not managed from their head offi ces.

BROUGHT TO YOU BYNEWS BRIEFS

March 2006 7

Terrorists are becoming more sophisticated; fortunately, the techniques available to identify

them are even more so. Software can now be acquired or adapted to pinpoint terrorist money transfers and lifestyles.

Money movements and bank account patterns are at the core of a new drive by law enforcement to identify terrorists and their accomplices.

One police offi cer working for the UK’s National Terrorist Financing Investigations Unit (NTFIU), who is not able to be named for security purposes, said, “The fi nancial element within terrorist investigations as a whole has gone from something that sits on the outside to being right in the middle of everything else. The fi nancial investigation is just as core to terrorist investigations as surveillance or any of the other techniques we use.”

Much of the new technology also seeks to distinguish terrorist fi nancing from money laundering, a very different form of criminality. Money laundering perpetrators seek to process money through the fi nancial system to render it clean enough to be usable in the legitimate

economy. Terrorist fi nanciers, however, are typically doing the reverse: they put ‘clean’ money into the system (such as the proceeds of charity or political donations) with the goal of spending it on criminal material, such as explosives. That money may also be used to provide the living expenses of individual

Building bridges to break networksAs terrorist fi nancing techniques become increasingly sophisticated,

police and banks are developing unprecedented levels of cooperation

to tackle them. Nick Kochan, investigative journalist and author of “The

Washing Machine: How Money Laundering and Terrorist Financing

Soils Us”, examines the relationship building and techniques that

banks and police have established.

“Dormant accounts are also a new red fl ag for a terrorist who may present himself as a student” Jim Wills, Head of Money Laundering

Compliance, Searchspace

COVER STORY

8 AML Newsletter

operatives, although UK police believe the perpetrators of the July 2005 London attacks funded their living expenses through routine work.

The authorities seek two forms of material about terrorist fi nance from corporations. The fi rst is information or observations about some irregularity in the corporation’s customers. The second is evidence of anomalies in fi nancial transactions that pass through its systems.

Staff are also being re-trained throughout the fi nancial sector to understand terrorist fi nance, and assist law enforcement in its fi ght to identify terrorist activity before any atrocities can be committed.

The selection and analysis of fi nancial data concerning terrorism is complicated by much of the data’s apparent innocuousness. Understanding two elements is key: the fi rst relates to the strategic funding of terrorism, and the second to the operational fund movements involved in planning an attack.

On the fi rst score, investigators seek to adapt some of the techniques developed for spotting money laundering to terrorist fi nancing. However terrorists, like commercial criminals, still need to move money across borders from the place where the money was collected to the proposed scene of the crime. This forces them to disguise the destinations selected for the funds, or risk giving away their plans.

Law enforcement has a growing body of evidence showing the use of charities for this purpose, as these organisations routinely make international fund transfers to projects, and money may be siphoned off en route to its otherwise legitimate destination.

Banks have responded to this threat, says Adam Bates, a senior partner at KPMG: “Some big banks refuse charities nowadays. There is reasonable evidence that some of the charities coming out of Saudi may unwittingly have been involved in the money transfers.

That is a way of channelling money from a rich country to people who need the cash. Some banks avoid the risk of carrying terrorist funds, by avoiding having charities as customers. It is a way of looking at types of customers and you can just say no, we don’t want the risk, and turn away the business.”

Suspicious charities appear on blacklists provided by international fi nancial agencies like the US Federal Reserve, the UK Treasury and the Offi ce of Foreign Assets Control (part of the US Treasury). A search of these blacklists will show up criminal or terrorist links and they provide the fi nancial institution with its fi rst line of defence against abuse.

Scrutiny of banking practices could also yield clues to a terrorist presence. For example, Jim Wills, head of money laundering compliance at Searchspace, the leading software provider in the fi eld, says terrorists have “few if any standing orders or direct debits paying utility bills or other on-going and regular costs. Dormant accounts are also a new red fl ag for a terrorist who may present himself as a student.”

Adam Bates has uncovered similar trends in the course of investigating terrorist activity in Northern Ireland, “If you look at the fi nancial behaviour of a student’s account, you’ll see that they get money from a grant and perhaps from a part-time job. You also see that they will withdraw cash all the time. If the student account stays dormant for months, that’s not right.” The suspicion that students form an unusually large part of the terrorist body has persuaded some banks to rigorously examine the educational credentials of foreign student customers.

Bates draws attention to the terrorist practice of nurturing ‘sleepers’, that is, terrorists who are inactive and secreted in society for long periods. The opening of bank accounts or receipt of large amounts of money after long periods of dormancy will provide the indication that they may be ‘going active’ to prepare for an outrage.

Movements of money between terrorists preparing an individual outrage are characterised by their low values. These funds are used to sustain a modest and unexceptional lifestyle. The cost of explosives or travel is likely to be paid for by a quartermaster who keeps a wide berth from the operatives on the ground. Terrorist attacks are notoriously low-budget events, as witnessed by the minimal cost of the September 11 hijacking, which was assessed at no more than $500,000.

Unusual customer behaviour can give away as much as an irregular payment, said Bates. “When people open up accounts, they generally do it alone or with their partner. So if you get fi ve people going into the bank and saying we all want to open up accounts, you should think to yourselves, that’s a bit odd. How do you track this sort of thing? The only way is through your staff at the counter, because you don’t catch it electronically. It is looking for odd behaviour. The bank must not look solely for suspicious transactions, it is the way that the customer behaves which isn’t captured in the accounts and records.” This observation is drawn from the banking behaviour of the September 11 hijackers, a number of whom went to the bank together to open their bank accounts.

“Unusual customer behaviour can give away as much as an irregular payment”. Adam Bates, Senior Partner, KPMG

COVER STORY

March 2006 9

Specialist bankers are being hired to scrutinise the banking and fi nancial practices of those engaged in terrorism, says the offi cer from the National Terrorist Financing Investigation Unit (NTFIU). ‘The people who are best placed to assess different banking behaviours between terrorists and the general public are the banks themselves. We’ve had people from the banks come in, in the aftermath of a couple of operations, to look through what we’ve done. We’ve asked them to look at any profi le we’ve developed, at the account activity, and say that is particularly different from the norm. Those are things we wouldn’t have identifi ed because we are too much to one side, where they can stand back and look at the whole picture. We can then put that back out to the industry and say right, this is a potential indicator, this is something to look for.’ The offi cer says that some UK bankers have been security vetted, so that they can receive restricted information.

Financial clues may seem an obvious, not to say critical, place to start one’s

investigation, but the authorities have only recently started to concentrate on this part of the trail. September 11 dramatically changed reporting and intelligence systems. As one police offi cer reported, ‘In the weeks following 9/11, the US Security Council said that 80% to 90% of what they knew of the hijackers was fi nancial. That information existed before the attacks took place. Had they identifi ed one or two of the terrorists links that they could have drawn from the fi nancial angle, which they did post-incident, you could have see that they broke into their separate units, there was a pilot and lots of them had been doing fi tness training. They were staying in the same geographic areas, they were moving around and, they sent back extra money the days before the attacks. This all provides trigger points.’

A UK police offi cial working for the NTFIU puts it starkly. ‘We are in the fortunate position that the banks do a lot of work for us. From the policing perspective, it is quite cheap. It is a cost effective method of investigation, they are effectively unpaid investigators. We’ll pick up the phone and ask a question. Bankers we have dealt with over a long period will pick up the phone and say there’s this. They know what we are interested in and they can look at what’s behind it.’ This offi cer says that the contribution of fi nancial data to an investigation is far more cost effective than other sources. Information provided by the fi nancial sector in one case provided 60% of the total evidence but accounted for only 4% of the investigation’s total cost.

This bridge building, and an unprecedented spirit of cooperation occurring between police and the corporate sector could prove a critical step in crime detection and prevention of further atrocities. �

Responsible Offi cer & Compliance Offi cer Workshops

Responsible Offi cers (6.5 CE hours) 24 March Sydney & 6 April Melbourne

Compliance in Practice (up to 6 CE hours) 28 March Sydney

Two programs designed to assist Responsible Offi cers and Compliance Managers/Offi cers perform more effectively in their roles. Together they provide a complete package to meet your organisational requirements in complying with your licence obligations.

The Responsible Offi cers examines the key elements and requirements of a responsible offi cer’s role. The program draws out the importance of the role and clarifi es the compliance and risk factors involved for the RO and the licensee.

The Compliance in Practice is a ‘how to’ workshop which covers the day to day practicalities of managing the responsibilities of the Responsible Offi cer and Compliance Offi cer roles. The workshop also provides invaluable guidance on fostering highly effective working relationships amongst key compliance stakeholders within each organisation.

In-house TrainingThe Responsible Offi cer and Compliance in Practice workshops as well as a wide range of AFMA Services’ programs can be offered in-house. They can be customised to suit the requirements of individual organisations and presented at a time and location convenient to the organisation.

To fi nd out how AFMA Services in-house training can benefi t your organisation, please

contact Jason Sheil on 02 9776 7914 or email jsheil@afmaservices.com

10 AML Newsletter

they fi rst understand the nature of their risk profi le. Entities associated with riskier services, customers and geographies will have more onerous controls to contend with, but all affected organisations will have at least minimal AML/CTF requirements to implement.

This article sets out some of the key business impacts and issues that entities are likely to face, irrespective of their risk profi le.

Most organisations that are affected by the anti-money laundering (AML) and counter-

terrorism fi nancing (CTF) Exposure Draft Bill and associated Rules, released in December 2005, will be well versed on the legal obligations of this legislation by now. What is less clear is the extent to which the proposed legislation will affect their business operations. Unfortunately, there is not one simple answer to this. The risk-based approach means that affected organisations (known as reporting entities) cannot properly comprehend the impact that the legislation will have on them until

Reading between the linesLucy Major, KPMG considers the business impact of the Government’s

AML/CTF draft exposure Bill

COVER STORY

“There is the very real risk that a badly implemented due diligence program will have a negative impact on the customer’s experience”.

March 2006 11

Customer due diligenceUnder the draft legislation, reporting entities are required to carry out due diligence on their new and existing customers, assigning a risk-rating to them. For most reporting entities, even those that can justify merely applying the minimum due diligence requirements, this is likely to require a considerable investment.

Although retrospective customer identifi cation is not a requirement of the legislation, one of the fi rst things an entity must consider is whether it can assign a robust risk-rating to its existing customer base without undertaking further due diligence.

Furthermore, in order to appropriately capture and store the additional information sourced from the customer as part of the due diligence process, reporting entities are likely to have to revise their existing customer acceptance and account-opening processes, front-line systems and document management standards.

The additional fl ow-on effects resulting, such as documentation revision (e.g. policy and procedure manuals or customer application forms) and staff training in the new processes, should not be underestimated.

How entities choose to revise their existing front-end processes is also signifi cant. There is the very real risk that a badly implemented due diligence program will have a negative impact on the customer’s experience, and possibly lead to a loss of business. In order to avoid this, entities should implement consistent due diligence processes that inform the customer at the earliest possible point about the exact nature of information and documentation required.

As this is dependent on the risk of the customer, it stands to reason that a front-line staff member should be able to assign a risk-rating to a customer on what is effectively a ‘real-time’ basis. This will require the development of a customer risk-rating model, which is a complex and demanding task. At least one international bank has spent several years refi ning such a model. The good news is that a well-implemented customer

due diligence program could infact enhance a reporting entity’s competitive advantage.

Suspect transaction monitoringAlthough the draft legislation is technology-neutral, most entities will require an automated transaction-monitoring solution to help them meet their considerably expanded and more prescriptive transaction-monitoring requirements. Identifying certain types of behaviour as suspicious, particularly those that are not in line with your expectations, is diffi cult to do manually.

Monitoring transactions that are subject to straight-through processing (i.e. no staff member is required to initiate or process the transaction) is impossible to do manually.

The majority of entities will therefore elect to implement an automated monitoring solution. Whether they choose to develop this in-house or buy a solution off the shelf, they will face challenges managing and integrating their data. AML/CTF monitoring solutions require that comprehensive and robust customer and transactional data to be sourced from all areas of the business and, as most entities will be aware, this is far easier said than done.

Third partiesThe draft legislation also requires that due diligence be conducted on third parties that provide a designated service to a customer on behalf of an entity. In practice, this means undertaking initial and ongoing risk monitoring of the third party, which might include ongoing AML/CTF audits, policy and procedural reviews and/or discussions with senior management.

Furthermore, revised contractual arrangements will need to be put in place with all third parties to refl ect AML/CTF requirements. In these arrangements, entities should seek to manage their risk by ensuring that the rights, responsibilities and obligations of all parties involved in a service chain are agreed and documented.

The logical conclusion of any third party due diligence program is that an entity may have to discontinue relations with third parties that fail to meet its requirements. This will clearly have business and sales implications. On the positive side, entities may be able to drive competitive advantage by helping third parties meet their own AML/CTF obligations, for example, by providing them with access to an effective risk-rating model.

Correspondent bankingSimilar to third party requirements under the draft legislation, entities will be required to review all existing and new respondent banking relationships from an AML/CTF perspective.

In practice, this will involve developing and distributing a questionnaire that gathers suffi cient information about the respondent bank. Relying solely on a respondent bank’s self-certifi cation of their AML/CTF program is unlikely to be suffi cient, so entities will need to assess the quality and robustness of the responses received and determine the level of risk.

“One of the fi rst things an entity must consider is whether it can assign a robust risk-rating to its existing customer base without undertaking further due diligence”.

12 AML Newsletter

Again, organisations may need to discontinue relations with those correspondent banks that fail to meet requirements or where the risk is deemed too high.

Program managementEntities must establish a framework for managing and monitoring their AML/CTF program. Amongst other requirements, entities will need to develop a process or system that allows them to monitor their level of compliance with the legislation, identify and report instances of non-compliance, and initiate and track remedial action.

This aspect of the program is likely to be the starting point for any regulatory inspection, and is therefore a critical element of an AML/CTF program.

Interestingly, whilst the draft legislation requires the board’s oversight and approval of an entity’s AML/CTF program, it does not require the appointment of one individual with personal liability for the program (often referred to as the Money Laundering Reporting Offi cer).

This is a well-established concept overseas in countries such as the UK and US. However, despite not being a specifi c requirement, entities should consider how effective their AML/CTF programs are going to be without having one senior individual with day-to-day accountability for the program.

Assessing the impactThe impacts set out above are only a starting-point for entities to consider as part of a wider impact-assessment exercise. Nonetheless, it is apparent that all reporting entities, regardless of their risk profi le, will face signifi cant operational change as a result of the draft legislation. In order to properly understand the impact of the legislation, entities should now be undertaking risk and impact assessments with input from all areas of the business.

Understanding the legislation’s impact will then enable the design of an effective AML/CTF program, one which successfully addresses specifi c business needs and requirements. It is also a critical step in formulating robust and constructive submissions to the Attorney-General’s (AG’s) department and AUSTRAC. In their submissions, entities should identify requirements that would be overly time-consuming to implement, cost-prohibitive and/or result in any sort of competitive disadvantage. �

Submissions, based on the guidance set out on the AG’s website (www.ag.gov.au), are due by 13 April 2006. You can provide them to an industry body, or direct to AUSTRAC and/or the AG’s department.

Lucy Major, Senior Manager, KPMG Forensic lucymajor@kpmg.com.au

Industry guidelines for preparing for an infl uenza pandemicThursday 25 May 2006, Sydney

In the second in a series of morning briefi ngs, AFMA, in association with the Business Continuity

Institute, bring together experts from across the fi nancial services sector to examine how fi rms

should prepare for a possible human infl uenza pandemic.

For further information regarding the agenda or to register for this event, call Diana Zdrilic on 02 9776 7923 or email dzdrilic@afmaservices.com

Agenda Focused on the practical steps fi nancial institutions should take to prepare for a pandemic, AFMA asks industry experts to provide their perspectives on:

� the global spread of avian infl uenza and the threat of a human pandemic

� Government’s updated pandemic management plan� the feasibility of working from home strategies� masks, vaccinations and the use of anti-virals � hygiene programs � HR, education and communication programs

Sponsorship opportunities available Contact Diana Zdrilic for more information on 02 9776 7942

Registration AFMA and BCI members $495 + GST

Confi rmed speakers include Professor Ian Gust, Director, World Health Organisation’s Infl uenza Collaborating Centre

Dr Moira McKinnon, Senior Medical Adviser/DirectorScientifi c and Clinical Advisory Unit, Biosecurity and Disease Control, Australian Department of Health and Ageing

Bryce Redgwell, Business Continuity Manager, UBS

Lisa Friis, Head of Business Continuity Management, Australia/New Zealand, Deitsche Bank

Todd Chappell, Business Continuity Manager, WIB, Westpac Banking Corporation

Gavin Casswell, Business Continuity Planning Manager, Rabobank

COVER STORY

Part III: Implementing effective monitoring and reporting systems for AMLWednesday 29 March 2006, Sydney

The final event in the series explores monitoring and reporting requirements under new AML legislation. Evaluating a range of alternative

technology solutions available to financial institutions, speakers address the challenges associated with implementing and integrating

new systems and potential synergies with existing compliance projects.

Anti-Money Laundering Morning Briefing SeriesEARN UP TO 10.5 CE HOURS BY ATTENDING THE FULL SERIES

Brought to you by

BLAKE DAWSON WALDRONL A W Y E R S

Endorsed by

Australian Association of Permanent Building Societies

Places are limited.To register call Diana Zdrilic on tel (02) 9776 7923 or email dzdrilic@afmaservices.com

AGENDA

8:00 Registration and morning coffee

8:20 Welcome address Duncan Fairweather, Executive Director, AFMA

Opening remarks from the chairDavid Van Homrigh, Regional Chairman, Asia Pacifi c, Forensic, KPMG

8:30 Monitoring and reporting requirements under the draft exposure Bill and the development of AML rules

� A comprehensive review of the monitoring and reporting requirements: Reassessing and interpreting the legislation

� What are you required to report? � Defi ning suspicious transactions and activities within the

fi nancial services markets – what is suspicious? – what to report and what not? � How AML rules are likely to address – high risk customers – reporting suspicious activity Andrew Young, Senior Associate, Blake Dawson Waldron

9:00 Developing transaction monitoring and reporting systems � Government’s position on monitoring requirements � Review of alternative monitoring and reporting systems (a) intelligence based systems (b) record keeping and reporting based systems (c) rules based (d) analytics

� Choosing the most appropriate solution � Challenges of implementation and integration – integrating solutions with the current architectures and

developing multiple interfaces to existing systems – costs in maintaining multiple packages due to changes

in regulations, different business requirements, new releases by vendors

– security and database issues � How can banks leverage of existing systems and technology – synergies with other compliance initiatives � What skill sets will banks require to implement effectively

and what challenges are banks likely to face? Tony Byrne, Senior Manager, Forensic, KPMG

9:40 Jim Wills, Business Line Manager, Anti-money laundering, Searchspace

10:20 Russell Gloster, Head of Fraud, Asia Pacifi c, Experian

11:00 Morning break

11:10 PANEL DISCUSSION: Review of current AML monitoring systems and challenges of implementationJim Wills, Business Line Manager, Anti-money laundering, SearchspaceRussell Gloster, Head of Fraud, Asia Pacifi c, Experian

12:10 End of briefi ng

14 AML Newsletter

On 16 December 2005, the Attorney-General’s Department released the much-anticipated exposure draft of the Anti-Money Laundering and Counter-Terrorism Financing

Bill. The Bill, once enacted, is intended to supplement Australia’s existing anti-money laundering and counter-terrorism fi nancing regime, and bring Australia into line with the international standards set out in the 40+9 Recommendations of the Financial Action Task Force (FATF).

The last date for submissions on the draft Bill and rules is 13 April 2006.

Structure of the new regulatory regimeThe new regulatory regime will comprise:

� the Anti-Money Laundering and Counter-Terrorism Financing Act;

� regulations made pursuant to the Act (no draft regulations have as yet been released)

� binding Rules issued by the Australian Transaction Reports and Analysis Centre (AUSTRAC), which will provide much of the detail of the new regime

� Guidelines issued by AUSTRAC. Whilst not binding, these Guidelines will give a good indication of how AUSTRAC will enforce the Act and the Rules.

Designated servicesThe new regulatory regime will only apply to ‘reporting entities’, being people who provide designated services. The types of services designated in the exposure draft of the bill include services relating to:

� bank or other ADI-operated accounts� deposits with banks or other ADIs� chequebooks, credit cards, debit cards, stored value cards,

travellers’ cheques, money orders and postal orders� loans made in the course of carrying on a business� the supply of goods under fi nance lease or hire purchase� bills of exchange, promissory notes, letters of credit� securities and derivatives� life insurance and sinking fund policies

Legal perspectivesIt’s been a busy two months for AML specialists across the region with

compliance and legal teams working around the clock to assess the

implications of the Government’s 220 page AML/CTF draft exposure

Bill. As we near the end of the public consultation period, lawyers

Blake Dawson Waldron highlight the legal ramifi cations of the Bill, and

the implications for the fi nancial markets.

LEGAL

“It is important that fi nancial service providers quickly determine which of their services are captured under the draft bill”. Stephen Cavanah, Partner, Blake Dawson

Waldron

March 2006 15

� pensions, annuities, superannuation, approved deposit funds, retirement savings accounts

� funds transfers (both domestic and international)� designated remittance arrangements� custodial or depository services� guaranteeing a loan in the course of carrying on a business� exchanging, collecting or delivering currency� buying or selling bullion� gambling services.

It is important that fi nancial service providers quickly determine which of their services are captured under the draft bill.

Issues for consideration� In addition to the services designated in the exposure draft of

the bill, the Attorney-General’s Department has indicated that it intends to introduce a second tranche of anti-money laundering legislation, which will apply to other service providers, such as accountants, lawyers, real estate agents and jewellers.

� The draft legislation does not expressly regulate general insurers, but general insurers who offer policies with life insurance components (such as consumer credit insurance) may fi nd they have to comply with the draft bill and rules.

� Some services will only be designated if they are provided ‘in the course of carrying on a business’. This could be taken to mean that if a relevant service is provided in the course of carrying on any business at all, even if the business is completely unrelated to the service being provided, then it will be a designated service. For example, if a person is in the business of selling ice-cream, and decides to make a loan of some of their profi ts to a business associate, then the loan would amount to the provision of a designated service, and the ice-cream seller would have to comply with identifi cation and reporting obligations, as well as the obligation to have an AML/CTF program. It is unlikely that the drafters intended the draft bill to have this effect.

Extra-territorial applicationThe draft Bill makes it clear that the new regulatory regime is also intended to apply to the provision of designated services at permanent establishments by residents of Australia and subsidiaries of Australian companies, even when those services are provided through a permanent establishment located outside of Australia.

However, if the permanent establishment is located outside of Australia, the designated service provider there need not comply with identifi cation or reporting requirements.

Issues for consideration� Reporting entities that operate a permanent establishment

overseas will still need to comply with the new legislation, to the extent permitted by local law. This will require an investigation of local law, especially privacy law, to determine any limits on the overseas establishment’s ability to comply with Australian law.

Customer Due Diligence

Know Your Client (KYC)Before providing a designated service to a customer, a reporting entity (or an authorised agent) must carry out an applicable

identifi cation procedure, unless:

� the reporting entity has had a continuous relationship with that customer since before the legislation commenced

� the service is classifi ed as a low-risk service by AUSTRAC (there has been no indication yet which services will be classifi ed as low-risk, but the life insurance and superannuation industries are lobbying for this classifi cation)

� carrying out the identifi cation procedure would ‘disrupt the normal course of business’, and the service is not provided on a face-to-face basis, relates to the acquisition or disposal of a security or derivative, or relates to issuing or acting as insurer for life policy or sinking fund policy. In these circumstances, the reporting entity has up to fi ve business days after the provision of the service to identify the customer.

The minimum KYC information required is set out in the draft identifi cation rules excerpt released by AUSTRAC, and is more extensive than the information that cash dealers are currently required to collect under the FTRA. For example:

� where the customer is a natural person, the minimum KYC information is the customer’s name, address, residential address, date and place of birth, and countries of residence and citizenship;

� where the customer is a company, the minimum KYC information is the company’s name, address and principal place of business, ABN/ABRN, country and date of incorporation, the name of each director and company secretary, substantial shareholders (or, for non-listed companies, any person who meets the control test), and evidence of authorisation given by company to deal with reporting entity.

Later rules will indicate which of this information needs to be verifi ed by an external source.

The obligation to know your customer will not be met by merely collecting the minimum KYC information at the beginning of the relationship: reporting entities should update minimum KYC information on an ongoing basis during the course of the relationship, and depending on the risk classifi cation of a customer, may need to collect additional KYC information at the beginning of and/or during the relationship.

Risk profi lingReporting entities will need to assign a risk classifi cation to each customer (including existing customers), based on the following:

� the customer’s KYC information� whether the designated services are high risk� whether the delivery method of the service is high risk� whether the jurisdiction to which the services are being

provided is high risk� whether the customer is a ‘politically exposed person’ (PEP).

A customer’s risk classifi cation should be reviewed at appropriate intervals (for example, whenever there is a material change in a customer’s circumstances or transaction behaviour).

If a customer has been identifi ed as higher risk, enhanced due diligence may apply and a reporting entity must consider whether

16 AML Newsletter

to re-identify or obtain additional KYC information from the customer, conduct more detailed transaction monitoring, or lodge a suspicious matter report (as discussed below).

Transaction monitoringA reporting entity will have to monitor the transactions of its customers, in order to identify any that are unusual (for example, any not in line with the expected behaviour of that customer). The level of transaction monitoring required will depend on the risk classifi cation of the customer in question.

Issues for consideration� Customer due diligence obligations are all interconnected and

cannot be addressed separately. For example, minimum KYC information is needed to assess a customer’s risk profi le, and the risk profi le may in turn trigger the need for additional KYC information and enhanced transaction monitoring. A reporting entity’s systems and AML/CTF policy (see below) must recognise and address this.

� While there is no general obligation to re-identify existing customers, providers of designated services will have to re-identify if a customer has been identifi ed as higher risk, if a risk trigger event occurs (AUSTRAC will issue rules setting out the trigger events), or if the continuity of relationship between the service provider and the customer is broken (AUSTRAC will issue rules setting out when the continuity of relationship will be broken). Reporting entities should therefore be aware that they may have to re-identify some of their existing customers.

� KYC obligations will require reporting entities to collect private and potentially commercially sensitive information (for example, where the customer is an unlisted company, information will always need to be collected about members who meet the control test, and where a reporting entity is required to obtain additional KYC information for a trust, that information includes details of benefi cial ownership). Reporting entities will need to determine how to treat this information so their customers are confi dent about its security, especially considering that Privacy Act 1988 protection does not apply to the collection of information by certain small businesses, or to the collection of information which is neither about a natural person nor credit information. Reporting entities will also need to consider what, if any, of this information they may use for marketing purposes.

Reporting obligations

Suspicious matter reportingA reporting entity will be required to make a report if it has reasonable grounds to suspect that any information it holds in relation to a designated service may be relevant to an investigation of tax evasion, an offence against any criminal law in an Australian jurisdiction, including terrorist fi nancing, or overseas offences that correspond to an offence against any Australian criminal law. Reports must be made about transactions that have commenced, as well as suspicions about transactions that a person has requested or inquired about, but decided not to undetake. Reports must be made within three days of forming the suspicion (or within 24 hours if the suspicion relates to the fi nancing of terrorism).

AUSTRAC has issued draft rules that prescribe in detail what a reporting entity should consider when forming a suspicion

(for example, whether the service requested fi ts the customer’s transaction history and expected behaviour), and the contents of a suspicious matter report.

Issues for consideration� It is an offence under the draft legislation for a reporting entity

to tip-off a person that it has formed a suspicion or made a suspicious matter report to AUSTRAC. If a reporting entity fails to go through with a transaction, that may tip-off a person that a suspicion has been formed.

� There is nothing in the draft legislation that prohibits a reporting entity from completing a transaction once it has formed a suspicion. However, completing the transaction may be an offence under existing legislation, which prohibits facilitating terrorist fi nancing and dealing in the proceeds of crime.

� Reporting entities are required to report to AUSTRAC any information reasonable grounds to suspect may be relevant to investigation or prosecution of overseas offences which correspond to an offence against any Australian criminal law, or evasion of a foreign taxation law. This may require reporting entities to have general knowledge of foreign criminal and taxation laws.

Threshold transaction reportingThe exposure bill requires a reporting entity to report transactions

LEGAL

No guidance has been given as to what it means to ‘materialy mitigate’ a risk. This needs to be clarifi ed. Philip Trinca, Partner, Blake

Dawson Waldron

March 2006 17

identifi cation and provision of designated services, as well as reports of due diligence assessments of correspondent banking relationships.

Where a third party carries out identifi cation procedures for a reporting entity, the third party must provide a record of the identifi cation procedure to the reporting entity, which must then retain that record.

The length of time for which documents must be kept has not yet been decided.

AML/CTF programA key obligation under the proposed legislation is for reporting entities to develop, maintain and comply with an AML/CTF program. The program must identify and ‘materially mitigate’ the risk that the reporting entity will be used to facilitate money laundering or the fi nancing of terrorism. AUSTRAC has issued draft rules that prescribe in more detail the content requirements for the program (for example, a third party due diligence program is required).

Importantly, the Board and senior management (or equivalent) must approve and have ongoing oversight of all components of the program. The program must also be subject to regular independent review.

Issues for consideration� No guidance has been given as to what it means to ‘materially

mitigate’ a risk. This needs to be clarifi ed, especially considering that if its program does not ‘materially mitigate’ the relevant risks, the reporting entity will have committed an offence.

� AUSTRAC’s draft rules state that the program must include an employee due diligence program. Hiring policies may need to be reviewed to ensure that prospective employees, and any existing employee whose role changes materially, are screened prior to commencing work. This screening must ensure that they are fi t and proper persons to carry out the job. This may raise industrial relations and/or anti-discrimination issues.

Penalty regimeThere are offences for failure to comply with many of the obligations imposed in the draft Bill, which are punishable by criminal sanctions (including imprisonment) and/or civil penalties.

Issues for consideration� In many instances, the draft Bill is not entirely clear about what

a reporting entity must do to comply. In cases such as these where non-compliance is a criminal offence, this is a serious issue (for example, a reporting entity will commit an offence if the AML/CTF program does not ‘materially mitigate’ the risk that the reporting entity will be used to facilitate money laundering or the fi nancing of terrorism, but it is not clear what

‘materially mitigate’ means).

AUSTRAC’s powersAUSTRAC is currently Australia’s fi nancial intelligence unit, and has some regulatory duties. It is proposed that AUSTRAC’s enforcement and monitoring role will be substantially enhanced as part of the new regime, to include powers of audit, investigation and inspection. �

of AUD$10,000 or more in cash (including foreign currency) or e-currency. AUSTRAC will release rules giving further detail about the required content of such a report.

Reports about cross-border movements of physical currency and bearer negotiable instrumentsCross-border movements of physical currency of AUD$10,000 (or foreign equivalent) must be reported to AUSTRAC, a customs offi cer or a police offi cer. A person leaving or arriving in Australia must, if directed by a police or customs offi cer, make a report to AUSTRAC, a customers offi cer or a police offi cer about a bearer negotiable instrument they are carrying.

Funds transfer reportingBoth domestic and international funds transfer instructions must include originator information that, depending on the circumstances, may include the originator’s name, address, ABN, and/or date and place of birth.

There are some important carve-outs from these requirements for approved third-party bill payment systems, debit and credit cards, ATMs, and transfers between fi nancial institutions where each institution acts on its own behalf.

Special requirements for international fund transfer reportingIn addition to including originator information in funds transfer instructions, a reporting entity that provides a service relating to an international funds transfer must also report to AUSTRAC about the provision of the service. AUSTRAC will release rules giving further detail about the required content of such a report.

Correspondent bankingAn Australian fi nancial institution must not enter into a correspondent banking relationship with a shell bank, or with any other fi nancial institution that allows a shell bank to maintain an account with it.

Further, before an Australian fi nancial institution enters into a correspondent banking relationship, it must carry out a detailed assessment of the other fi nancial institution (including its reputation, and internal controls on money laundering and terrorist fi nancing), and prepare a written report on the assessment.

The exposure draft of the bill states that this must be done for existing correspondent banking relationships within fi ve days of the commencement of the legislation. In addition, there must be ongoing due diligence assessments of correspondent banking relationships.

Issues for consideration� The timeline for performing a detailed assessment of existing

correspondent banking relationships is extremely tight, and may effectively require reporting entities to start the assessment process prior to the commencement of the legislation.

� The information required as part of the assessment process may be hard to gather and verify, and some correspondent banks may not be forthcoming. Thought needs to be given as to how to manage these issues.

Record keepingReporting entities must retain documents relating to the

Every Transact ion Counts

Over half of the world’s 25 largest banks use

Searchspace solutions to detect fraud and money

laundering.

Here's why. Searchspace patented technology delivers:

Detection of not only known but previously unknown

suspicious behavior.

Operational efficiency that maximizes effectiveness

of fraud and AML analyst teams.

High detection rates, minimizing the number of false

positives by building behavioral and statistical profiles

based on every transaction a customer makes as it

happens across all lines of a financial institutions

business.

Scalability, capable of dealing with over 50,000,000

dollar and non dollar transactions a day.

The accommodation of rapid changes in the business

such as adding newly acquired banks, lines of

business, new products and customers.

Ease of modification and tuning to reflect changes

in market behavior.

Easy integration into existing systems and capable

of rapid deployment.

By sifting through every transaction and analyzing

behavior in the context of the adaptive profiles, both

individual and peer groups, the system automatically

detects unusual or irregular activity and notifies the

relevant business analysts.

‘Unusualness’ is detected via statistical algorithms,

supplemented with money laundering risk assessments

to ensure high-quality notifications. The system makes

it easy for users to configure the parameters that define

this business risk assessment, providing flexibility

in setting and administering risk management policies.

Such flexibility is especially important in order to

rapidly respond to today’s fast-moving regulatory and

operational environment.

World class Anti Money Laundering and Fraud Detection solutions built on best practice

Searchspace monitors over 450 million accounts a day, working with community, regional, national and global banks.

For information on Searchspace call 212 422-5100, email sales@searchspace.com or visit www.searchspace.com

March 2006 19

When member states encounter diffi culties in implementing the directive, these questions will normally be discussed in a co-ordinating body. Co-operation is proceeding well between member states, and we believe there will be consistency on the risk-based approach.

The directive is binding upon member states and there will be the usual legal procedures for non-compliance, from infringement procedures all the way up to the European Court of Justice.

Will there be more cost-benefi t analysis, especially with regard to terrorist fi nancing?

On terrorist fi nancing, the directive is helpful but intelligence services driven. The risk-based approach will ensure each member has the fl exibility to produce a cost-effective framework.

Do you have a programme to help countries implement the third directive and to ensure that there is a level playing fi eld?

The Third AML Directive harmonises preventative measures in the area of money laundering and terrorist fi nancing at a minimum level. It will come into force on December 15, 2005. Member states have until December 15, 2007 to implement it. On June 15, 2006, the European Commission (EC) will provide guidance through implementing measures in areas such as the defi nition of a politically exposed person (PEP) and simplifi ed due diligence.

Directive thinking In late November, Operational Risk interviewed Joeb Rietrae, economist, DG Internal Market, European Commission, and member

of the drafting committee of the Third Anti-Money Laundering Directive

BROUGHT TO YOU BY EUROPE

20 AML Newsletter

When you look at the co-operation within the UK and with other countries after the July 7 and July 21 incidents, you realise dialogue and co-operation has improved substantially.

How should banks tackle the identifi cation and verifi cation of ‘benefi cial owners’?

The defi nition of ‘benefi cial owner’ in the third directive is concrete, and in that respect different to that of FATF. It is,

in essence, a natural person who, directly or indirectly, ultimately (1) controls or owns 25% or more of the shares or votes of a private company (ie, not listed on a regulated market) or (2) is a benefi ciary or controls 25% or more of the property of a foundation, trusts or other such entities.

The directive is sensitive to possible identifi cation and verifi cation challenges in the following ways: (1) listed companies are exempted from the defi nition; (2) identifi cation and verifi cation may be done on a risk-sensitive basis; (3) the verifi cation measures taken should be reasonable. In this context, the most likely diffi culties will arise when dealing with customers based outside the OECD, but bear in mind that this represents only about 10% of transactions.

And the fundamental question should not be whether it is diffi cult to identify or verify the benefi cial owner but why it is diffi cult. Why is a private company not able

to exchange information on its benefi cial owner from whom it ultimately accepts instructions and on behalf of whom it collects, for example, dividends? That is quite peculiar and should raise alerts.

Lastly, sometimes people complain that they may lose clients. They should lose the criminal ones! It is in their best interests and that of the fi nancial system not to deal with a client that declines transparency. It might save their reputation, after all.

How do you expect national legislation to interpret ‘taking reasonable measures’? How should PEPs be defi ned?

It is diffi cult to defi ne reasonable measure before we have concrete cases. Entities will need to show that they took reasonable measures that would stand up ultimately in a legal context. In Europe, this is a well-established concept and should not present undue diffi culty.

The defi nition of PEPs is currently broad and fl exible. We aim to refi ne it and will launch on the EC’s website in January 2006 draft implementing measures to solicit views. From a recent consultation, it appears that views are divergent. Some respondents are calling for a list approach and others are asking for a risk-based approach, which is in keeping with the spirit of the directive. �

Operational Risk the defi nitive news source for the operational risk industry

Operational Risk provides its readers with the latest

news, analysis, commentary, and technical features

on op risk measurement and management for fi nancial

organisations globally.

To sign up for your trial today go to:

www.operationalriskonline.com

BROUGHT TO YOU BYEUROPE

March 2006 21

Combating money laundering and terrorist fi nancing presents enormous challenges. Although there have been many successful investigations and prosecutions around

the globe, widespread criminal activity persists. While the real size of the problem is hard to guess, the International Monetary Fund has estimated that annual global money laundering fi gures could range between two and fi ve percent of the world’s gross domestic product. This article discusses the widespread cooperation among U.S. regulators, on federal and state levels, including the results of noteworthy investigations involving effective coordination among U.S. and state enforcement offi cials. We also review important international groups and agreements that promote mutual assistance and the sharing of information. In addition, we describe a recent large investigation that resulted from vigorous transnational coordination.

Despite these positive steps forward, there continues to be new and complex avenues for money laundering and terrorist fi nancing. With increasing globalisation, criminals can more easily move illicit money across international borders. As serious threats remain, regulators and enforcement offi cials in the U.S. and overseas should increase their cooperative efforts.

Cooperation among U.S. regulatory and enfrocement agenciesA total of 16 different U.S. federal agencies share responsibility for deterrence of money laundering. The policymakers, regulators, and law enforcement criminal authorities include the Treasury, Justice, and Homeland Security Departments, the Federal Reserve Board, and the Postal Service, as well as offi ces within these groups. With so many different organisations involved, there is much risk of fragmentation and lack of accountability within the U.S. regulatory framework.

These risks are being addressed. In January 2006, the U.S. agencies jointly released a report refl ecting their assessments and experiences.

The Money Laundering Threat Assessment (the ‘Assessment’) is the fi rst-ever U.S. government-wide analysis of money laundering. It identifi es and describes the varied money laundering vulnerabilities that exist, and emphasises that the government now treats money laundering as an independent and primary focus across all relevant agencies. This affi rmative approach is different from a decade ago, when efforts among the responsible agencies were decentralised.

The Assessment also discusses the existing money laundering concerns. Signifi cantly, the Assessment notes that even measuring the extent of the problem has been diffi cult. By its nature, money

Team regulatorsIn December’s edition of the AML Newsletter, Paul Andrews and

Will Harter examined the regulation and enforcement experiences of

National Association of Securities Dealers, Inc. (NASD)1. This month

they discuss cooperation between regulators, both within the United

States and between the United States and regulators abroad.

UNITED STATES

1 © National Association of Securities Dealers, Inc. NASD is a registered trademark of the National Association of Securities Dealers, Inc. NASD is a private-sector provider of fi nancial regulatory services, dedicated to investor protection and market integrity through regulation and complementary compliance and technology-based services. NASD touches virtually every aspect of the U.S. securities business – from registering and educating industry participants to examining securities fi rms, enforcing both NASD rules and the federal securities laws, and administering the largest dispute resolution forum for investors and member fi rms.

22 AML Newsletter

Another example of successful collaboration led to the January 2006 arrest and indictment of Martin Tremblay. Tremblay was the president and managing director of a Bahamas-based investment fi rm, Dominion Investments, Ltd. The U.S. law enforcement groups involved included the DEA, the IRS, the New York Police Department (NYPD), and the FBI. The indictment charged that Tremblay acted on behalf of numerous Dominion Investments clients. According to the indictment, Tremblay laundered more than $1 billion in illegal proceeds from such crimes as international narcotics traffi cking, securities fraud scams, income tax evasion, mail and wire fraud schemes, and bank fraud in exchange for substantial commissions. He allegedly transferred the illicit monies into bank accounts in the U.S., Canada, the Bahamas, and elsewhere. Authorities arrested Tremblay as part of an undercover operation; he was caught while allegedly agreeing to launder large sums of cash from illegal drug sales.

International CooperationOutside the U.S., regulatory and enforcement agencies in many countries are actively building multinational alliances with one another to fi ght money laundering and terrorist fi nancing. An important component of their efforts is the participation in broad pacts to extend cooperation. The agreements generally contain inspiring language that requires cooperation, collaboration, and mutual legal assistance, yet they do not suffi ciently spell out the exact nature of this assistance so as to bind signatories to any specifi c acts. One constructive advance has been the development of more precise bilateral and multilateral MOUs among securities regulators; however, not enough nations have yet signed the MOUs. The narrow participation thus far constrains their potential positive impact. Several groups are now encouraging international participation in battling money laundering and terrorist fi nancing, and these are discussed below.

United NationsThree major U.N. Conventions encourage coordination of AML efforts. The U.S. is a party to all three conventions. These are:

� Convention Against Illicit Traffi c in Narcotic Drugs and Psychotropic Substances (Vienna Convention). Adopted in 1988, this agreement was the fi rst international instrument to require signatories to criminalise money laundering. The Vienna Convention, which almost all U.N. countries have signed, has a mutual assistance clause. This clause requires governments to collaborate with each other in money laundering investigations, prosecutions, and judicial proceedings.

� U.N. Convention against Transnational Organised Crime (Palermo Convention). The 2000 Palermo Convention has been signed by a majority of the U.N. nations, although many have not yet ratifi ed it. This convention requires each U.N. member to adopt laws criminalising the laundering of crime proceeds, provide mutual legal assistance, participate in joint investigations, and take measures to enhance cooperation among law enforcement authorities.

� International Convention for the Suppression of the Financing of Terrorism. This convention was adopted in 1999 and signed and ratifi ed by most U.N. nations. It requires each nation to

laundering occurs outside the range of normal economic statistics, so only rough estimates of illegal activity are possible. According to the Assessment, U.S. agencies do not even systematically collect data on what can be measured, namely, the total amount of money laundering activity apprehended by federal and state regulators. Consequently, it is diffi cult for offi cials to acquire a precise understanding of the types and magnitudes of the different methods of laundering the proceeds of illicit activities, a diffi culty exacerbated by increasing globalisation and new fi nancial services such as stored value cards and online payment systems. The challenge for U.S. agencies now is to design a joint methodology to collect and evaluate data and to more closely analyse emerging money laundering vulnerabilities and trends.

Federal and state coordinationU.S. AML activities are complicated by the fact that both the federal government and the individual states have regulatory and enforcement authority. Therefore, states must participate actively in federal efforts, and the federal agencies must provide assistance to state efforts. On a positive note, the Treasury Department’s Financial Crimes Enforcement Network (FinCEN), which serves as the U.S. Financial Intelligence Unit (FIU), has been actively working with the states. In June 2005, FinCEN announced the signing of Memoranda of Understanding (MOU) between that organisation and more than half of the state banking agencies in the country. These agreements should signifi cantly enhance collaboration and information sharing between federal and state agencies. Still, in the near future, all of the remaining states must also sign the MOUs to ensure this effort has the best chance possible.

U.S. investigations and criminal prosecutionsMany cases demonstrate exemplary coordination among federal agencies and state regulatory authorities. One very notable nationwide investigation arose from a routine traffi c stop initiated by a sheriff’s offi cer in Texas. The stop led to an investigation of a large Mexico-based money laundering and drug traffi cking organization. The Drug Enforcement Administration (DEA) became involved and expanded the case to 43 investigations across the U.S., in 25 cities. The DEA found that the organisation laundered as much as $200 million from various rural and urban American cities to Mexican targets. The authorities ultimately arrested 83 defendants and seized more than $4.4 million in cash, as well as 2,500 kilograms of cocaine and other illicit drugs.

A second signifi cant case, which involved Australian nationals, resulted from the joint work of the U.S. Internal Revenue Service (IRS) and the Federal Bureau of Investigation (FBI). Their efforts led to the prosecution of Geoffrey Clement, who had falsely represented to prospective Australian investors that they could make high-yield, low-risk investments through a company he controlled. Specifi cally, he told investors that they could expect a return of four to eight percent per month on their investments. However, the investors lost an estimated $5 million. To launder the illegal proceeds, Clement directed wire transfers from England to the U.S., and also from the U.S. to Australia. A U.S. court sentenced Clement to 13 years in prison for fraud and money laundering, and ordered Clement to pay $3.9 million restitution to the victims.

UNITED STATES

March 2006 23

countries must provide is specifi ed in the MOU, and is similar to the information exchanged between signatories of the SEC’s bilateral MOUs. That is, each country must provide bank and brokerage records suffi cient to reconstruct all securities and derivatives transactions, and records that identify the benefi cial owner for each transaction. Each country may also request other signing countries to compel a person’s statement or testimony. IOSCO has 108 members, but currently only 28 securities commissions have signed the multilateral MOU. While many more countries have pledged to sign the document, they fi rst must pass the appropriate legislation internally to permit them to gather and share information with foreign countries, without restrictions. These MOUs now apply in the context of securities investigations, which can frequently involve money laundering issues, as occurred in the case involving Geoffrey Clement. But regulators should also seek to expand their use in broader contexts.

MOUs, of course, are not a prerequisite to coordination among foreign authorities; instead, regulators can also cooperate on an informal basis. One example of informal coordination was a successful multinational investigation that involved regulators from the U.S., Canada, England, and Colombia. In May 2004, U.S. and overseas offi cials jointly announced the indictments of 34 individuals and companies in Colombia, the United States, and Canada, and the forfeiture of $20 million in laundered funds. The collaborative investigative efforts involved the DEA, the NYPD, the IRS, and a Florida AML team, as well as the National Crime Squad in London, the Royal Canadian Mounted Police, and the Colombian Departamento Administrativo De Seguridad. The defendants were part of a large international money laundering ring called the Colombian Black Market Peso Exchange.

ConclusionFruitful alliances, information sharing, and investigations demonstrate the genuine coordination that occurs among regulators. It is critical for these collaborative efforts to continue as regulators need to identify creative ways to develop meaningful data, exchange information, and provide guidance. Each country should consider participation in MOUs, passing appropriate enabling legislation where necessary, so that they can share information without undue restrictions. By doing so regulators and enforcement offi cials will have a far more potent armoury with which to address the challenges of money laundering and terrorist fi nancing. �

The views expressed by Mr. Andrews and Mr. Harter are their own and do not necessarily refl ect the views of the National Association of Securities Dealers, Inc. or its staff. Paul Andrews is Vice President and Deputy Managing Director, and Will Harter is Director at National Association of Securities Dealers, Inc. (NASD) Email: paul.andrews@nasd.com / william.harter@nasd.com

criminalise the funding of terrorist activities. The convention also mandates cooperation by each nation in terrorist fi nancing investigations and prosecutions.

Financial Action Task Force (FATF)Shortly after the U.N. adopted the Vienna Convention, the Group of Seven industrialised nations — Canada, France, Germany, Italy, Japan, the U.K., and the U.S. — created the FATF. FATF’s aim is to assist in the implementation of the Vienna Convention principles and to facilitate cooperation on AML issues. The FATF has issued 40 Recommendations on Money Laundering and Nine Special Recommendations on Terrorist Financing (known as 40 + 9). The FATF has 31 member countries. In addition, two organisations, the European Commission and the Gulf Cooperation Council, have member status. Seven FATF-style regional groups, which together cover the major world regions, have observer status with the FATF.

The Egmont Group:The Egmont Group is a global network of FIUs. Consisting of approximately 100 members, it has adopted guidelines for cooperation. These best practice recommendations govern the informal exchange of information between FIUs, and include tips that can lead to successful investigations.

While the participation of so many nations in the battle against money laundering is laudable, the U.N. Conventions and FATF instruments are insuffi ciently precise to guarantee concrete cooperation among regulators. Likewise, the exchanges among Egmont Group members are informal. No strict protocols require the sharing of information. International efforts to combat money laundering would be signifi cantly assisted by the greater use of more explicit and concrete bilateral or multilateral MOUs.

MOUsOver the past 15 years, the U.S. Securities and Exchange Commission (SEC) has signed bilateral MOUs with more than 30 other regulators. The assistance available under the MOUs varies in scope, depending on the underlying statutory authority of the particular regulator. Generally, for investigations or prosecutions, each MOU provides for information sharing by the signatories. This information includes business, accounting, bank, brokerage, telephone, and Internet service provider records. Each regulator must also provide benefi cial ownership information for trading and banking accounts. In addition, each authority must compel every person in its jurisdiction to provide a witness statement or testimony to the regulator in the other jurisdiction. The bilateral MOUs have been crucial in investigations, as each authority can acquire vital information, outside its own jurisdiction, that previously may have been unattainable. Thus, the SEC is working towards entering into more bilateral agreements.

A multinational MOU, developed by the International Organization of Securities Commissions (IOSCO), has had an even greater impact on cooperation among securities regulators. Each country that signs this standard MOU must provide all of the other signatories the most complete mutual assistance possible. The information that the

Finding a proven solutionBanks value their reputations; should they be tarnished, legitimate institutions with shun them.

A fi nancial institution that has ‘assisted’ in the laundering of money or in terrorist fi nancing faces severe reputational damage. The desire to reduce all avenues of operational, regulatory and reputation risk has driven fi nancial institutions around the world to adopt ongoing enhanced anti-money laundering/counter terrorist fi nancing and KYC procedures, and World-Check has for the last fi ve years worked to assist in this complex but rewarding task.

Originally created to provide Swiss institutions with a Politically Exposed Persons (PEP) database, World-Check is today considered the world’s leading provider of KYC Risk Reduction Intelligence. Working with some 1,600 institutions in more than 120 countries, World-Check has found that:

� reputable banks cannot afford to appear on the front page of any major newspaper linked to dictators, terrorists, arms dealers, money launders or any other such individuals

� reputation risk drives most banks to carry out active KYC, terrorist and PEP checks not their legislative requirements

� management may initially see compliance as being a non-profi t making expense until it understands that without effective compliance policies the bank may face multi-million dollar fi nes, blacklisting by regulators, loss of correspondent banking networks, and even a dramatic devaluation in share holder value

� forward-thinking institutions now accept that their responsibility is not only to their shareholders, directors and account holders, but also to wider society. Institutions have a key role to play in fi ghting international crime and terrorism.

“When we set out in late 2000,” explains David Leppan, World-Check’s founder, “our sole purpose was, on behalf of a handful of Swiss banks, to offer an ‘early warning system’ at account opening. The fi nancial community, however, changed dramatically post-September 11 2001, as bankers worldwide came to terms with the fact they had no idea of who their customers were. With the global role out of compliance requirements, World-Check, because of its uniqueness, was chosen to assist hundreds of institutions in dramatically and immediately reducing their KYC, terrorist and PEP risk.”

Know your customerrisk reduction

“Compliance is not about keeping regulators happy. It’s about enabling fi rms to cut their losses by not doing business with companies that might harm or embarrass them… World-Check offers businesses a tool that can help prevent problem entities from becoming customers.”

Extract from the Gartner Report Use World-Check Now, Avoid Embarrassment Later

PARTNER STATEMENT

Please visit www.world-check.com for more information

March 2006 25

Please visit www.world-check.com for more information

World-Check today assists 1,600 institutions, including 43 of the world’s 50 largest banks and more than 200 regulatory, enforcement and government agencies with its global database of heightened-risk individuals and companies.

By consolidating and organising unstructured information from hundreds of thousands of worldwide sources into a database of highly structured profi les, World-Check enables institutions to automatically and regularly screen their client-base for the presence of high and heightened-risk entities. World-Check is the most comprehensive and highly structured intelligence database service available and it has proven to thousands of bankers on a daily basis that KYC checking can make a big difference.

Today it is widely accepted that KYC checking requires diligence to be carried out not only on individuals but also on companies, trusts and even correspondent banks. World-Check’s success has been partly due to the in-depth research carried out over fi ve years, not only to identify these individuals but to connect them to their associates and ‘front companies’. Coverage within World-Check extends from terrorists, fraudsters and organised crime to “shell banks”, sanctioned entities and PEPs regardless of jurisdiction.

“A database that simply confi rms a certain individual is a senior politician, but which fails to reveal risk-relevant information, is of little assistance in meeting the legislative requirements for KYC, terrorist and PEP identifi cation” says Mr. Leppan.

“It would, however, be very short sighted to simply want to comply. One needs to understand the reasoning behind KYC, terrorist and PEP checking to fully understand that it makes good business sense to want to know one’s customers and thereby reduce your institution’s risk”. There is no doubt of the value of ‘early warning’ intelligence. World-Check has regularly profi led entities up to two years ahead of their being added to the Bank of England Sanction list or the US OFAC list. World-Check prides itself on being ahead on the sanction listing curve.

“Never before has a company successfully taken hundreds of thousands of unstructured, open-source documents and converted them into a highly structured KYC database. Weaving the web of relationships across more than 220 countries and

territories has resulted in a unique database,” Leppan says, “The continuous researching and gathering of information allows us to keep ‘connecting the dots’ and as the pieces of the puzzle fall into place, data becomes intelligence.”

World-Check’s drive, expertise and a global team of highly motivated professionals has led to its success. On a regular basis feedback is received from bankers, lawyers and government agents on how valuable this risk reduction service is. The most frequent compliment is that World-Check’s intelligence just keeps getting better and as such the fi nancial community is able to take on its social responsibility in stopping the proceeds of crime and terrorist fi nancing from passing through our banking system. As David Thursfi eld, Director Cayman Financial Reporting Authority, concluded, “World-Check marks a critical advancement in fi ghting fi nancial crime, and is an important aspect of our ongoing efforts to prevent money laundering and terrorist fi nancing.” �

“The continuous researching and gathering of information allows us to keep ‘connecting the dots’ and as the pieces of the puzzle fall into place, data becomes intelligence?” David Leppan, Founder,

World-Check.

PARTNER STATEMENT

26 AML Newsletter

Insig

ASIA-PACIFIC INSIGHT

March 2006 27

1 Defi ned as a country or jurisdiction whose fi nancial institutions engage in transactions involving signifi cant amounts of proceeds from all serious crime

2 The CPI ranks more than 150 countries in terms of perceived levels of corruption, as determined by expert assessments and opinion surveys3 Law No. 15 2002 Concerning the Crime of Money laundering (as amended by Law No. 25/2003)4 PPATK

The risksIndonesia has a reputation as a country susceptible to money laundering and terrorism fi nancing. This vulnerability is largely due to a poorly regulated fi nancial system, the prolifi c use of alternative remittance systems, lax law enforcement, endemic corruption and sustained levels of terrorist activity. The US Department of State’s 2005 International Narcotics Control Strategy Report classifi ed Indonesia as a major money-laundering centre1. The report noted that most money laundering in Indonesia is connected to non-drug criminal activity such as gambling, prostitution, bank fraud, corruption and wide-spread smuggling. Transparency International’s Corruption Perception Indices (CPI)2 also identify Indonesia as one of the most corrupt nations in the world, ranking 137 out of 158 countries in the 2005 CPI.

The responseIndonesia’s recent highly publicised battle to combat domestic terrorist activity has resulted in intense international scrutiny. Consequently, Indonesia has demonstrated a more robust commitment to preventing and detecting money laundering and terrorist fi nancing.

Most notably, Indonesia was removed from the Financial Action Task Force’s (FATF) list of non-cooperative countries and territories (NCCTs) in February 2005, thanks to a combination of legislative reform and international lobbying.

Indonesia’s previous classifi cation as a NCCT stemmed largely from the fact that money laundering was not previously classifi ed as a criminal offence, and thus the government did not have the necessary legislative or regulatory tools to prevent or deter it. The FATF also identifi ed specifi c failings around international cooperation, suspect transaction reporting requirements and restrictive thresholds on the proceeds of crime. In 2002, Indonesia introduced AML legislation3 that has gone some way towards addressing these concerns. The success of this legislative and regulatory reform is proven by more encouraging levels of Suspicious Transaction Report (STR) lodgements received by the Indonesian Financial Intelligence Unit (FIU)4. As of April 2005, there have been approximately 20 convictions based on STR referrals to law enforcement, with approximately 25 further cases undergoing prosecution. In its role as monetary authority, the Bank of Indonesia has also completed more than 30 AML compliance reviews of commercial banks.

Nonetheless, Indonesia is still being monitored by the FATF, given its relatively recent removal from the NCCT list, and the Indonesian situation was due for review at the South African plenary session held last month.

In June 2004, Indonesia’s FIU also stepped up its efforts to cooperate in the international fi ght against money laundering and terrorist fi nancing by becoming a member of the Egmont Group, the international network of FIUs. Indonesia is also a member of the Asia-Pacifi c Group on Money Laundering, as well as the Bank for International Settlements, and its FIU has established memorandums of understanding with Australia, Hong Kong, Malaysia, Philippines, the Republic of Korea and Thailand. The 2005 Global Corruption Report issued by Transparency International also indicates that the anti-corruption movement has made some progress in Indonesia with the establishment of an anti-corruption commission in 2003, the issuing of a presidential decree on public procurement, and anti-corruption declarations made by key political and religious organisations. However, the Global Corruption Report also notes that there is little evidence to date that behaviours specifi cally in relation to corruption have actually changed for the better.

While Indonesia has recently improved its efforts in preventing and detecting money laundering and terrorist fi nancing, there are still signifi cant risks for organisations to consider when doing business in Indonesia. In line with the risk-based approach, organisations should put in place enhanced AML/CTF controls to mitigate these risks. These controls could include enhanced customer due diligence, regular transaction monitoring and thorough third party due diligence. �

Next issue: Singapore

In the second in a series of updates setting out recent AML and CTF legislative and regulatory developments in the Asia-Pacifi c region, KPMG explore the anti-money laundering (AML) and counter-terrorism fi nancing (CTF) risks in Indonesia.

ht into Indonesia

BR

IS

BA

NE

C

AN

BE

RR

A

ME

LB

OU

RN

E

PE

RT

H

SY

DN

EY

J

AK

AR

TA

P

OR

T

MO

RE

SB

Y

SH

AN

GH

AI

BLAKE DAWSON WALDRONL A W Y E R S

Stephen CavanaghPartnert > (02) 9258 6070e > stephen.cavanagh@bdw.com

Phil TrincaPartnert > (03) 9679 3258e > philip.trinca@bdw.com

Our dedicated anti-money laundering team can advise you on all aspectsof the AML legislation and equip your business to deal with its impact.

Our approach is simple – we cut through the complexity of legalrequirements and help you build the capability of your anti-moneylaundering team.

Jonathan GordonPartnert > (02) 9258 6186e > jonathan.gordon@bdw.com

Andrew YoungSenior Associatet > (02) 9258 5881e > andrew.young@bdw.com

For more information on our compliance trainingservices contact

Julian FenwickNational Business DevelopmentManagert > (02) 9258 6382e > saltinfo@bdw.com

Process DesignDocumentation

Drafting and ReviewTrainingCompliance Audit

Our AML Team

For further information, please contact:

March 2006 29

Earlier this year KPMG met with Brian Dilley, UBS Investment

Bank’s UK Money Laundering Reporting Offi cer, to discuss the

implementation of UBS’ AML compliance program.

Q: In your experience, what has been the most challenging aspect of implementing and maintaining an AML Compliance Program and why?

A: Designing and implementing a global policy to manage AML and fi nancial crime risk more widely has been one of the most challenging aspects of our AML Program. Given the nature of our business, reconciling policies and procedures with a global booking model has been particularly challenging.

When designing a policy you aim for global consistency. However, you have to take into account variations in local regulations and requirements, as well as business practices in managing fi nancial crime risk. For example, standards may be higher in certain jurisdictions and additional requirements may need to be introduced to refl ect these.

Our approach has been aimed at designing a global program which can be rolled out across the three major operational regions of our business (London, New York and Hong Kong), with ‘add-ons’ or variations to refl ect the requirements of other jurisdictions.

Q: What would you say were the critical success factors of your AML Compliance Program and why?

A: There are a number of critical success factors including but not restricted to:

� compliance with applicable regulations across the globe� identifying and managing the reputational and fi nancial crime

risks, (particularly before client take-on)� absence of regulatory censure

Q: What are your biggest concerns and prospective challenges from an AML regulatory compliance perspective, as well as from a money laundering and fi nancing of terrorism risk perspective?

A: Going forward, one of our biggest regulatory challenges will be to maintain an AML program across different jurisdictions that tackles fi nancial crime on a risk-based approach.

This will include working out how to respond to the different jurisdictional interpretations of the risk-based approach. One of the challenges is ensuring that you have an understanding of what practically happens on the ground, how to manage the risks and what the minimum legislative requirements are across the different jurisdictions, including how much room there may be for interpretation of these requirements.

It is therefore critical to understand the business realities and expectations of regulators in each of the jurisdictions in which you do business.

Brian Dilley, UK Money Laundering Reporting Offi cer, UBS Investment Bank

Global consistency

MEET THE MARKET

30 AML Newsletter

Combating the fi nancing of terrorism will continue to be a major challenge across the globe. It will be critical going forward that governments enable law enforcement to share information with fi nancial institutions so that they are better able to combat the fi nancing of terrorism and work in a joined up and cohesive manner.

Q: As it is early days for many Australian organisations, one of the key issues is engaging the business and changing the culture and the way that organisations do business. Can you provide any advice as to how best to embed AML compliance attitudes within a fi nancial markets organisation?

A: Firstly, it is critical that senior management are seen to take the matter seriously and are fully supportive of AML. In order to achieve a culture of AML compliance, our approach has been to give the business ownership of the risk, with the compliance/AML area able to override a decision where necessary. Individuals making decisions about what action to take should be accountable for those decisions on an ongoing basis, and be able to justify and understand the risks associated with that decision.

UBS assesses its clients according to their product, customer and geographic risks. We then apply measures to the maintenance of that client that are proportionate to our assessment of the risk.

In relation to product risk we consider factors such as the transparency of the transaction and whether third-party payments are possible. For customer risk we consider, for instance, whether the customer is listed and regulated which would rank the customer as ‘lower risk’. For geographic risk, additional checks are made if sensitive countries are involved. Where the risk is considered high overall we undertake additional or enhanced due diligence.

In order to apply a risk-based approach effectively it is essential that staff are appropriately trained in relation to AML risk management. We conduct one-to-one training for each of our business sponsors and also run quarterly conferences to share information and train staff.

Q: What are the key issues you have had to address in implementing and maintaining a suitable automated transaction monitoring system?

A: One of the major challenges we found with implementing an automated transaction monitoring system was meeting the demands of the different business areas. An automated system suitable for retail may not be suitable for securities due to the differences in the nature of the business conducted by the two areas. The challenge can be that retail systems are good for client profi les and client management, but not as readily able to analyse settlement transactions in investment banking. Consequently we currently use two different systems.

Q: Where does the AML compliance function sit within your organisation?

A: Our AML function sits within the compliance function, and reports through to General Counsel.

Q: Have you attempted to integrate your AML compliance programme with other risk and compliance projects, such as Sarbanes-Oxley or Basel II?

A: We have integrated AML with operational risk because of the operational risk standards for AML required as part of the Sarbanes-Oxley certifi cation. (The process involves each Business Area certifying that they have met the AML control standards. The responses are then reviewed and any issues followed up.)

Q: Have you observed any benefi cial changes or developments in the way that AML is regulated, implemented and enforced, both in the UK and internationally, that Australia could learn from?

A: Some of the most positive industry developments in recent times have been:

� the development of a risk-based approach as now refl ected in the FATF recommendations and the Third EU ML Directive.

� cooperation between regulated fi rms and development of ‘practical’ standards, for example by the Wolfsberg group

� realisation that law enforcement and government must up their game if we are to succeed in fi ghting fi nancial crime – it is a partnership.

� the increasing adoption of a joined-up approach to fi nancial crime, with fraud control and AML being addressed holistically by institutions; and

� the establishment of industry fora where MLRO’s can work together.

Above all, it is essential that the regulator sets and enforces standards consistently to ensure that institutions committed to combating fi nancial crime are not put at a commercial disadvantage. At the same time, the regulator must be clear about its expectations and work with the industry to develop practical, risk-based guidance on how to comply with the requirements. There should be agreed and established boundaries in relation to the risk-based approach so that industry takes a reasonably consistent approach.

And lastly, regular sharing of information by law enforcement on trends and issues is crucial to help organisations understand what type of suspicious activity they should be looking for. The real challenge going forward will be to work more closely together in partnership in the fi ght against fi nancial crime both nationally and internationally. The key will be to drive better communication, cooperation and sharing of information, this is the only way we will clamp down on money laundering and to counter the fi nancing of

terrorism. �

MEET THE MARKET

32 AML Newsletter

QUnder the draft anti-money laundering (AML) and counter-terrorism fi nancing (CTF) legislation (the draft legislation), reporting entities will face unique challenges when attempting to satisfy their Know Your Customer (KYC) obligations around trusts. This is largely because trust structures are not necessarily conducive to transparency. The short answer to this question is that KYC procedures for trust arrangements will vary. Procedures will vary according to the risk attributed by individual organisations to particular trust relationships. The precise nature of these KYC procedures will be clarifi ed once AUSTRAC releases its rules on applicable customer identifi cation procedures.

What should your trust KYC procedures be aiming to achieve?Organised criminal groups abuse trusts. They enable criminals to anonymously own and control assets, as well as to disguise the origin of the trust assets and potentially prevent legitimate claims to those assets. Under the risk-based approach, reporting entities should look to understand whether there is a legitimate economic purpose for the trust arrangement. This should involve attaining suffi cient information in order to understand the purpose and structure of any trust arrangement, as well as the source of the trust property. This will allow reporting entities to determine the required level of KYC, as well as to identify any suspicious red fl ags.

AFMA has assembled a panel of experts to answer your questions on

the best way to develop an AML program

and the impact of the new legislation.

To submit a question to our panel email

wsanders@afmaservices.com

What does the draft Australian legislation say?As noted above, AUSTRAC has yet to release the rules on applicable customer identifi cation procedures, which should provide some clarifi cation as to which parties associated with the trust should be subject to what type of identifi cation requirements.

To date, AUSTRAC have released a draft AML/CTF rules excerpt on ‘The Minimum Know Your Customer Information’. This sets out a series of information requirements which must be obtained for all customers, regardless of their risk profi le. In addition to obtaining information about the name and address of the trust, and evidencing the establishment of the trust through the trust deed, the minimum KYC requirements include obtaining:

� The name of the customer’s principal offi cer;� If the customer has a governing board, the name of each person

on that governing board;� The name of any person who is in a position to control the

customer’s funds – for example, the name of all trustees or trust managers;

� Evidence of the authorisation given by the customer to any person to deal with the reporting entity in respect of any designated service.

Phone a friend

QUESTION & ANSWER

QUESTION: To date there has been considerable discussion around the issue of Know Your Customer (KYC) requirements for companies and individuals. How should companies approach KYC for trust structures. Do you undertake KYC for the responsible entity, the benefi ciaries, the trust itself, the board of trustees (where relevant) or all of them?

OUR EXPERT PANEL

Lucy Major, Senior Manager, KPMG

Tony Byrne, Senior Manager, KPMG

Andrea Beatty, Partner, Mallesons Stephen Jaques

March 2006 33

Q

The draft guidance paper issued by AUSTRAC to date on ‘Applicable customer identifi cation procedures’ states that not every piece of minimum KYC information will need to be verifi ed. It also states that where a reporting entity is identifying a non-natural customer, such as a trust, then it may be able to rely on a disclosure certifi cate provided by the customer, in respect of certain customer details.

If additional KYC information is deemed necessary under the risk-based approach, then further information may be sought, as set out in section 10 of the draft AML/CTF rules ‘Anti-money laundering and counter-terrorism fi nancing programs’. Under these additional KYC procedures, a reporting entity might deem it necessary to obtain further details in respect of the ownership and control structure of the customer, the benefi cial ownership of the funds used by the customer with respect to the designated services, the benefi ciaries of the transactions being facilitated by the reporting entity on behalf of the customer, and the identity of any relevant party that may be related to the customer (e.g. an offi cer of the trust).

Enhanced Due Diligence procedures, as set out in section 22 of the of the draft AML/CTF Rules ‘Anti-money laundering and counter-

terrorism fi nancing programs’, might involve obtaining even further information from the customer in order to undertake more detailed analysis and clarify any additional KYC information.

ConclusionKYC procedures for trust structures will vary according to the risk assigned to the customer relationship. For the lowest risk trust relationships, reporting entities should obtain the minimum KYC information, which currently focus on obtaining the details of those with control over the trust funds.

The extent to which these details should be verifi ed through appropriate identifi cation procedures will be clarifi ed through the release of subsequent Rules. For higher risk trust relationships, a reporting entity may choose to expand KYC procedures (including verifi cation of identifi cation) to all key parties involved in the trust relationship, particularly focussing on benefi cial owners and controllers of the funds.

Lucy Major, KPMG Forensic, lucymajor@kpmg.com.au

1 The Joint Forum was established in 1996 by the Basel Committee on Banking Supervision, the International Organization of Securities Commissions

and the International Association of Insurance Supervisors to deal with issues common to the banking, securities and insurance sectors, including the

regulation of fi nancial conglomerates. The Joint Forum is comprised of an equal number of senior bank, insurance and securities supervisors representing

each supervisory constituency.2 The International Organization of Securities Commissions was created in 1983 from the transformation of its ancestor inter-American regional association

(created in 1974) into a truly international cooperative body. Twenty years later, IOSCO’s membership stands at 181 members and is still growing rapidly.

The organization’s members regulate more than 90% of the world’s securities markets and IOSCO is today the world’s most important international

cooperative forum for securities regulatory agencies.

IntroductionGiven the complexity of the products and the institutional nature of the client base for many years the futures industry was not subject to the same level of AML/CTF scrutiny as other fi nancial segments e.g. retail. This was despite the best efforts of organisations like the Joint Forum1 and IOSCO2. However, the understanding of the risk exposure presented by these markets is now developing and organisations should look to satisfy international as well as local regulatory requirements.

The Wholesale risksWholesale products are characterised by high values and volumes. The transactions are often international and initiated by a diverse range of customers operating in or across a number of jurisdictions. Ownership of assets can be fl uid and determining benefi cial ownership of funds diffi cult. To compound matters customers have increasing access to ‘self-service’ functionality providing 24 hour access to global markets. Equally, the many professionals who operate in this industry are rewarded through commission-based sales. This use of incentives is internationally recognised as increasing the risk of individuals to either ignore AML/CTF controls or even become complicit in the activity.

QUESTION: Do the intricacies of futures trading or foreign exchange trading present any unique opportunities for money laundering?

Foreign exchangeForeign exchange markets are characterised by the international movement of high volumes and values of currency. These transfers are not necessarily just between banks and blue chips. The service is utilised by companies wanting to pay other companies for goods e.g. import/export companies. Equally, the foreign exchange market is subject to speculative trading by a diverse range of customers including high risk segments e.g. Politically Exposed Persons (PEPs) and high net worth individuals.

DerivativesDerivatives are used by a diverse range of customers across the globe. The challenge to service providers is to determine whether the use of these instruments makes ‘economic sense’. Service providers need to establish ‘typical’ customer profi les that cover the nature of the transaction, volume, value and frequency. These profi les will differ given whether the instruments are traded over-the-counter or exchange-based.

Tony Byrne, KPMG Forensic, tbyrne@kpmg.com.au

34 AML Newsletter

Q

Q

Q

Q

QUESTION & ANSWER

Yes, the requirement to identify signatories to an account continues under the draft AML/CTF Bill. Reporting entities must satisfy prescribed customer identifi cation requirements. Section 6 sets out designated services in Tables 1 and 2. Item 2 of Table 1 states that in the capacity of account provider, allowing a person to become a signatory to an account is a designated service. Further, Item 3 states that before allowing a transaction in relation to an

QUESTION: Under FTRA, we must identify signatories to an account. Will this continue?

account, all signatories must be identifi ed. The Rule prescribing identifi cation procedures for signatories has not yet been released at 8 March 2006, however it is expected that they will probably be the same procedures as for other natural persons. This is also yet to be determined, although AUSTRAC has released a draft guidance paper on applicable identifi cation procedures which includes an extract of the draft identifi cation rules.

QUESTION: Where a director signs for an unlisted company, will it be necessary to identify this person by 100 point check type method? Further, if the director authorises others to transact on the account, will these people need to be identifi ed?

Yes, however the identifi cation process may be different to the current 100 point check. The director would be either a signatory to the account or an agent of the company (or both of these). Under the AML/CTF Bill, agents must be identifi ed, however the Rule that specifi es requirements for their identifi cation has not been released at 7 March 2006. It is expected that the identifi cation procedure for

QUESTION: When identifying customers, minimum KYC information includes names of company directors, names of secretaries and the names of everybody passing the control test. Can this be obtained electronically at no or low cost?

an agent will include a check that they are actually authorised to act for the customer (see Paragraph 23 of the draft Guidance Paper on Acceptable Customer Identifi cation Procedures). If a director authorises others to transact on the account, these additional signatories must be identifi ed as Items 2 and 3 of Table 1 in section 6 requires all signatories to be identifi ed.

The names of current company offi cers can be obtained from ASIC. It is very unlikely that the names of people who pass the control test can be obtained electronically or at low cost, but a reporting entity may be able to rely on disclosure by the company. Collecting the names of people who pass the control test will be diffi cult because, as currently drafted, hundreds of people will pass the control test in relation to each company (most of which have no real connection with the company and many of whom may be quite unknown to the company).

Whether an individual passes the control test in relation to an unlisted company will be determined in the same way as for the Social Security Act 1991 (Cwth) (s 10 AML/CTF Bill). Section 1207Q(2) of the Social Security Act states that an individual passes the control test in relation to a company if:

(a) the direct voting interests held in the company by an individual and that individual’s associates is 50% or more; or

(b) the direct control interests in the company by an individual and that individual’s associates is 15% or more; or

(c) the company is suffi ciently infl uenced by the individual or an associate of the individual or 2 or more entities covered by the previous two points; or

(d) the individual (either alone or together with associates) is in a position to exercise control over the company.

Because of item (c), above, if a natural person actually controls a company, all of the person’s ‘associates’ are taken to pass the control test. The term ‘associate’ is defi ned very broadly by s 1207C of the Social Security Act to include all living relatives, to the extent of children of a second cousin of the person’s spouse. If any of these relatives is a benefi ciary under any trust, or controls any company, the trustee of the trust, and each such company, also pass the control test.

The draft guideline suggests that persons that pass the control test are not subject to an identifi cation procedure – they merely have to be named. However, the breadth of the defi nition may make this unworkable. In many cases a person that controls the company will not know the names of all their ‘associates’.

QUESTIONS: Section 2(j) [of the extract of the draft identifi cation rules] says that an organisation must obtain evidence of the authorisation of the person opening the account. Can we just ask them, or do we need to see a board resolution?

The form of evidence of the authorisation of the person opening the account is unknown at this time, as no draft Rule has been released. However it seems unlikely that relying on a person’s claim that they represent a company would be suffi cient. Clause 23 of the draft guideline on applicable customer identifi cation procedures states that where a person wants to act as agent for another person, a prescribed procedure will need to be followed to ensure that the agent has authority to act on behalf of the customer.

It is a common practice for retail banks to require a board resolution

when opening an account for, or making a loan to, small companies, to confi rm that the action is indeed authorised by the company and to identify the persons on whose authority the bank is to act. Larger companies typically have a formal power of attorney under which (for example) level 2 managers have specifi ed powers to act on behalf of the company. It is likely that the AML Rules will require the reporting entity to sight this kind of evidence (and in any event it is prudent business practice to confi rm that an agent does have authority to bind the principal).

Andrea Beatty, Mallesons Stephen Jaques, andrea.beatty@mallesons.com

Do you have a question you would like to pose to our panel? Send your questions to wsanders@afmaservices.com

© 2005 KPMG, an Australian partnership, is part of the KPMG International network. All rights reserved. August 2005. VIC9424FAS.

AML legislation.

In-depth

knowledge

working

for you.

The Government’s new anti-money laundering(AML) legislation is upon us. At KPMG, we can help you assess clearly and pragmatically theimpacts for your business.

Our team of AML professionals offer deep knowledgeand practical experience in helping financial servicesorganisations, just like yours.

We can help you assess the money laundering andfinancing of terrorism risks faced by your business – and more importantly how to address them.

Our team can assist in the design and implementationof new policies and processes, systems selection andintegration advice and staff training.

We have worked with leading financial institutions,globally and in Australia, in areas such as moneylaundering and terrorist financing risk reviews anddeveloping AML processes, policies, training andtechnology. It all translates into more focused, up-to-date and relevant advice for your business.

So when it comes to understanding the new AMLlegislation, contact the professionals in the know – KPMG Forensic.

kpmg.com.au