Upload
others
View
10
Download
0
Embed Size (px)
Citation preview
BECOME A LEADER. JOIN THE ACAMS ADVANCED CERTIFICATION PROGRAM
How Japanese Auditors Will Rise to AML/CFT
Challenges that Will Emerge in the Future
Hidehiro Kobayashi
Disclaimer: The views expressed in this paper are those of the author, and the author
alone. The author is not representing the views or opinions of the institution.
Table of Contents
1. Executive Summary 1
2. Introduction 1
3. Increased AML/CFT Risks in Japan 2
4. Changes of AML/CFT Environment and Future Challenges 3
5. Actions that Japanese Auditors Should Take 8
6. Conclusion 12
7. References 13
- 1 -
1. Executive Summary
Through a bitter experience with the third round of FATF Mutual Evaluations, Japan
has just begun the improvement of AML/CFT controls; however, it still needs further
enhancement to catch up with advanced AML/CFT countries. Additionally, Japan is
facing a difficult AML/CFT environment, as explained in depth below. Based upon my 24
years of internal auditor’s experience, How Japanese Auditors Will Rise to AML/CFT Challenges that Will Emerge in the Future is discussed in more detail below.
At present, Japan has faced the increased risks of AML/CFT such as, but not limited to,
(1) money laundering (ML) committed by Japanese boryokudan gangsters; (2) crimes
and ML by specialized fraud groups; (3) international Internet crimes; and (4) overseas
remittance to North Korea.
In the future, Japan will come to grips with the changed environment, including (1)
sophistication of specialized fraud groups/international Internet criminals; (2) increased
importance of AML/CFT controls that are suitable for business environment changes,
such as the promotion of digitalization/RPA (robotic process automation)/AI (artificial
information) and priority over the business of Internet banking/cashless
payments/cryptocurrencies; and (3) regulatory expectation of financial institutions to
catch up with AML/CFT advanced countries. Based upon such changes, Japan has to
address future challenges such as: (1) working together with many financial institutions
to combat money laundering, by designing a common KYC (know your customer)
database (DB) that many Japanese financial institutions can utilize; (2-1) effective
utilization of transaction data collected through the digitalization; (2-2) enhancement of
group-based governance to subsidiaries that do business of cashless
payments/cryptocurrencies; and (3) development of AML/CFT specialists to catch up
with advanced AML/CFT countries.
Japanese internal auditors should perform their role completely in the following areas:
(1) Collaboration audit to check the common procedures, including common KYC DB
(2) IT audit by using the knowledge of data science and RPA /AI
(3) Group-based audit to check the AML/CFT controls of subsidiaries
(4) Development of AML/CFT internal auditors through periodic skill assessment
To perform the actions listed above, auditors need to conduct a lot of good audits which
contribute to the enhancement of AML/CFT controls, and then gain
support/understanding from management that supports such an implementation.
2. Introduction
Japan had a bitter experience with the third round of FATF Mutual Evaluations in
2008. Japan could not comply with many FATF recommendations, as follows. From
October 2012, the enhanced follow-up of these non-compliant matters started; however,
it did not go well, and in June
2014, FATF expressed the
statement calling for quicker
remediation. In the end, such
a follow-up had continued
until October 2016. In order
to avoid the same mistake,
Japan issued a new guideline
to meet the FATF
recommendations sufficiently;
(1) (2) (3) (4) (3)+(4)
No. Country CompliantLargely
CompliantPartially
CompliantNon-
CompliantNeeds
Improvement1 America 15 28 2 4 62 Singapore 11 32 4 2 63 Belgium 22 20 6 1 74 Portugal(*) 13 23 10 2 125 England 24 12 10 3 13
18 Japan(*) 4 19 15 10 25(*) The countries have one item which was not applicable respectively.
- 2 -
however, the enhancement of AML/CFT controls has just begun. In order to catch up
with advanced AML/CFT countries, Japan needs to consider what should be done.
In addition, I think Japan is facing the difficult AML/CFT environment. The country is
the third-largest GDP country with economic powers, and the average family savings
amount is around 10 million yen. Especially elders of 60 years or over have more than
20 million yen in savings. Japan becomes an easy target of money launderers who have
grown more sophisticated. Japan also should examine the actions to reduce the increased
AML/CFT risks.
I have worked as an internal auditor for financial institutions for 24 years, and the
Institution of Internal Auditors (IIA) 1 emphasizes the importance of three lines of
defense. From the standpoint of internal auditors, How Japanese Auditors Will Rise to AML/CFT Challenges that Will Emerge in the Future is examined in more detail below.
3. Increased AML/CFT Risks in Japan
Based upon National Risk Assessment on Money Laundering and Terrorist Financing2,
the National Police Agency’s white paper3 , and other related documents, the main
exposed risks in Japan are summarized as follows. The number of such cases increased
year by year, and the sophistication of money laundering is growing.
Risk 1: Money Laundering (ML) Committed by Japanese Boryokudan Gangsters
Boryokudan gangsters
were one of the main
money launderers who
conceal and receive
criminal proceeds by habitual gambling/running a gambling place for unjust profit,
business deviating from the Public Morals Regulation Act, and narcotics-related crimes
as shown in the above chart, which is based upon National Risk Assessment of Money
Laundering and Terrorist Financing by National Public Safety Commission. Under the
ordinance for eliminating organized crime groups, financial institutions strictly check
their own bank accounts, which are difficult for criminals to have. Therefore, they tend
to increase the transactions with non-financial companies (i.e., starting businesses)
using dirty money.
Risk 2: Crimes and ML by Specialized Fraud Groups
Former boryokudan
and loosely-organized
criminal gangsters
committed organized
fraud to swindle victims (especially elders) out of money by phone calls as shown in the
chart which is based upon the statistics announced by the National Police Agency. The
dirty money is transferred to bank accounts in the names of other people who sold their
own bank accounts to get amusement expenses and/or living expenses. The people who
join specialized fraud groups are increasing because the wealth gap between the rich
and poor is widening.
1 Refer to IIA’s Exposure Document: Three Lines of Defense. 2 National Risk Assessment of Money Laundering and Terrorist Financing is issued by National Public Safety
Commission annually. 3 The National Police Agency issues an annual white paper including trends of crimes and preventive measures.
2016 2017 2018Cleared cases of ML offenses 388 361 511
Cases by Boryokudan gangsters 76 50 65% 19.6% 13.9% 12.7%
Description Year
Description Year 2106 2017 2018No. of cases 1,291 425 322
Total financial damages (\ mil.) 1,687 1,081 461
(1) Fraudulent remittance by illegal access to internet banking and phishing
- 3 -
Risk 3: International Internet Crimes
Internet crimes, such as (1) illegal access to Internet banking and phishing, (2) theft of
credit card information from online stores that have weak security4, and (3) hacking
attacks on cryptocurrency systems5, led a good deal of damage, as shown on these
charts which are based upon National Risk Assessment of Money Laundering and
Terrorist Financing by National Public Safety Commission and statistics formally
announced by Japanese credit cards association .
Money launderers use the same method as the specialized fraud groups. In addition,
they divide dirty money into the smaller amounts and also remit them overseas by
using cryptocurrencies, which may exchange into real currencies on the dark web and
real money trading (RMT) sites.
Risk 4: Overseas Remittance to North Korea
Japan is located near North Korea where people work away from their home country,
keeping their identities secret, and illegally trade seafood produced in North Korea (i.e.,
illegal ship-to-ship cargo transfer). They may remit earned money to home countries.
Risk 5: Failure to Prevent/Detect ML due to Insufficient AML/CFT Controls
Under the FSA guideline, Japanese financial institutions have begun the enhancement
of AML/CFT controls. In order to catch up with advanced AML/CFT countries, their
further development, including KYC procedures, trade-based anti-money laundering
(TBAL), utilization of AML/CFT system, and IT governance, is necessary.
It will take a long time to manage such further development, which is executed by only
about 700 Japanese CAMS, as of November 2019. They are just 0.17% of total worldwide
CAMS (about 42,500), and considering that the number of financial institutions is
around 550, this is shorthanded. With such few controls, there could be a risk of failure
to prevent and detect ML.
4. Changes of AML/CFT Environment and Future Challenges
The above current AML/CFT risks in Japan are expected to be changed, and the future
changes could be: (1) sophistication of specialized fraud groups/international Internet
criminals, (2) enhancement of AML/CFT controls that are suitable for business
environment changes, such as the promotion of digitalization and the priority over
business of Internet banking/cashless payments/cryptocurrencies, and (3) regulatory
expectation of financial institutions to catch up with AML/CFT advanced countries. For
such changes, the following future three challenges need to be addressed.
4 Refer to statistical information of Japan Credit Card Association. 5 Refer to statistical information of National Police Agency.
Description Year 2106 2017 2018No. of recognized cases 14,154 18,212 17,844
Total financial damages (yen) 40,765,652,881 39,474,870,491 38,286,761,222
Description Year 2106 2017 20182019
(9 months)
Total financial damages (\ bil.) 8.89 17.67 18.76 16.70
(2) Theft of credit card information from credit member stores
- 4 -
Change 1: Sophistication of Specialized Fraud Group/International Internet Crimes
As for the existing ML techniques, the financial institutions are taking related
preventive measures, however specialized fraud groups and Internet criminals are
developing new techniques, which become more diverse. Amidst the accelerated
collaboration between domestic and international groups, fraud groups are being
globalized.6
In addition, there were some cases in which the following money launderers use the
same sophisticated methods as the specialized fraud groups and Internet criminals, as
follows.
6 Summarized from Occupation Specialized Fraud Group by Nippon Hoso Kyokai interview group, and Fraudulent
Wire Transfer Association by Daisuke Suzuki
Risk Change of Environment
According to a National Police Agency survey, the number of Boryokudan
Gangsters has decreased to 30,000 in the last 15 years, which was because
Boryokudan Gangsters are controlled strictly under Boryokudan
Gangsters exclusion ordinance.
Such a trend will continue. Boryokudan Gangsters can make neither bank
accounts nor financial transactions in their names, because financial
institutions check with their database and then the difficulty in ensuring
the funds will increase. It is expected they wallow in crime to get more
criminal proceeds and get involved in Specialized Fraud Group.
ML committed by
Boryokudan
Gangsters
Risk 1ML committed by Japanese
Boryokudan Gangsters
Risk 2Crimes and ML by
Specialized Fraud Group
Risk 3International Internet
Crimes
Risk 4Overseas remittance to
North Korea
Failure to prevent/detectML due to insufficient
AML/CFT controlsRisk 5 Change 3 Challenge 3
Current AML/CFT Risks
Sophistication ofSpecialized Fraud Group/
International InternetCriminal
AML/CFT controls whichare suitable for changes of
business environment
Work together withmany financial
institutions to combatmoney launders
Effective utilizationof transaction
data/Group-basedgovernance
Challenge 1
Change of Environment Future Challenges
Challenge 2
Strengthening ofAML/CFT specialists
development
Regulatory expectation offinancial institutions tocatch up with advanced
countries
Change 1
Change 2
Past
Techniques ofDeception
Ore Ore Swindle(*)Billing Fraud/Loan Deposit
Fraud/Repayment fraud etc.
Way of money transfer Wire Transfer
Cash Delivery/Theft of CashCard/Hand-deliver of CashCard with passwords/Usageof Electronic Money etc.
Hacking attack targetInternet Banking
Credit Card SystemExtensionof target
Targeting the system ofcryptocurrency
brokers/online stores whichhave the weak security
Way of money transferMain Transfer to BankAccounts of Japanese
Internationalized ways
Transfer to Bank Accountsof Overseas People as well
as Japanese
(*) Swindler makes a phone call and starts the conversation with parents/grandparents from "ore ore" or "it's me".
SpecialFraudGroup
Description Present
Diversifiedtechniques
InternationalInternetCriminals
- 5 -
Challenge 1: Working Together with Many Financial Institutions to Combat Money
Laundering
Considering such sophistication, Japan needs to work together to combat money
laundering. It is useful for the financial institutions that have the experiences of ML to
share the risk information, including names of suspicious money launderers and their
techniques, with as many financial institutions as possible. The possible methods to
share are risk assessment and Japanese common KYC DB.
(1) Share of Risk Assessment
(2) Design of Japanese Common KYC DB
However, risk assessment and common KYC DB include corporate secrets and personal
information, respectively. The protection of such secrets and information should be
considered.
Change 2: Increased Importance of AML/CFT Controls that Are Suitable for
Business Environment Changes
(1) Digitalization and Utilization of RPA/AI
Customers have little appreciation for coming in to banks branches. Customer traffic has
decreased by 40% versus 10 years ago. Three mega-banks (MUFG, SMBC, Mizuho) are
promoting digitalization and reducing the volume of work as well as the number of
Current Situation Ideal Methods
Every financial institutions update
their own risk assessments at the
least annually, however they are
neither required to report them to
National Public Safety Commission
nor share with other financial
institutions, if possible.
The AML/CFT guidelines requires
all financial institutions to report
their own updated risk assessments
to National Public Safety
Commission, which share the useful
information with other financial
institutions as much as possible.
Current Situation Ideal Methods
< Boryokudan Gangsters>
Financial institutions update their own Boryokudan Gangsters ’ DB by their efforts.
The quantity and quality of database differ among corporations. The maintenance of
such a database is a cumbersome procedure for them.
<PEPs>
Based upon “Japanese Act on Prevention of Transfer of Criminal Proceeds”, financial
institutions purchase foreign PEPs list to check the customers with such a list.
However, the Act does not require the financial institutions to check their customers
with domestic PEPs.
< Beneficiary Owners >
Japanese Boryokudan Gangsters tends to conceal their identity by corporations and
non-profit organizations, representatives of which are not them.
However, “Japanese Act on Prevention of Transfer of Criminal Proceeds” only require
financial institutions to receive declarations of beneficiary owners from customers and
the Act does not clarify the reconciliation of such declarations with reliable evidences.
Commercial registration started including the beneficiary owners information from
2018, however, the updated procedures are not clear.
<Design of Japanese common KYC DB>
Japanese Common KYC DB including
Boryokudan Gangsters, PEPs and
beneficiary owners needs to be designed.
<Data governance/Model validation>
The procedures to ensure the accuracy
and completeness of data should be
clarified.
<Update of common DB>
Financial institutions may obtain the
new information through on-going
KYCs, which should be accumulated
and reflected in the common DB.
Risk Change of Environment
Overseas
remittance to
North Korea
North Korea are always looking for a loophole. The country is also
changing the ways of money laundering until the lifting of sanctions.
According to UN Security Council, North Korea employs government-
affiliated hackers and earn more than 500 million dollars by hacking into
crypto currency systems.
- 6 -
branches/offices (there are cases in which Internet banking business is given priority)7
to pursue more cost efficiency as follows.
Japanese banks are working on digitalization, which is the process of converting
information into a digital (i.e., computer-readable) format, and the transformation of
current branches/offices into next-generation branches/offices in which digitalization is
designed. In addition, banks will make the effort to pursue cost efficiency including RPA
/AI which will introduce automated procedures and contribute to a reduction of work. In
the areas including but not limited to KYC procedures and transaction monitoring, there
are banks that have introduced RPA/AI to create efficiency.
Internet banking users increased by 70% over previous years, and as a result, targeting
money laundering will expand the target of cyberattacking/phishing fraud.
(2) Cashless Payment
Payments will become multifaceted. The national projection is that cashless payments
will increase from 25% to 40% of total payments8 by the end of 2025. Cryptocurrency
transactions have increased year by year. Money launderers can use various methods,
such as credit cards, QR code payments, e-money, prepaid payments, and
cryptocurrencies, in order to receive criminal proceeds and transfer dirty money.
Challenge 2: Effective Utilization of Transaction Data/Group-Based Governance
(1) Effective Utilization of Transaction Data
Digitalization will increase the transaction data, which may benefit the prevention and
detection of ML. In such a situation, financial institutions may have data scientists who
can unify statistics, data analysis, machine learning, and their related methods in order
to understand and analyze actual phenomena with data. Current data scientists have
knowledge of data science and sometimes find the problems; however, there are some
cases in which they are hard up for solutions. Such scientists neither sufficiently acquire
the skills of determining business solutions to discuss with responsible operating
departments, nor obtain the knowledge of data engineering to implement the necessary
programs for the solution to problems.9
In addition, according to InfoCom Research, Inc., in Japan, the shortage of systems
engineers and data scientists will increase in the future. Financial institutions should
consider how to recruit and develop IT-related human resources.
A part of the problem found by data scientists could be solved by RPA/AI as mentioned
in the CRISP-DM below, which could lead to the enhancement of regulatory process. This
is known as regulatory technology (in short, regtech); the effective utilization started in
7 Refer to VoiceComm’s research: www.myvoicecomm.com. 8 Refer to the Cashless Road Map prepared by Cashless Promotion Association. 9 Summarized from book to understand data science by Ichiro Takahashi
No. ofTransformation
Target Date ofReduction
Volumes ofReduction
Target Dateof Reduction
No. of ReductionTarget Date of
Reduction
MUFG70-100
branchesEnd of 2023
Works of 6000bank employees
End of 2023 180 branches End of 2023
SMBC 430 branches End of 2019Works of 4000bank employees
End of 2019 - -
Mizuho All branches End of 2020Works of 19000
employees (group-basis)
End of 2026 130 offices End of 2024
Reduction ofemployees'
works volumesas the result ofefforts including
RPA/AI
Reduction of Branches/OfficesTransformation into Next-
generation branches Reduction ofWork Volumes
Bank
- 7 -
the field of KYC and transaction monitoring. When RPA/AI is introduced in a lot of fields,
the procedures for appropriate maintenance/review of the RPA/AI should be established
to avoid the risk of useless models which could not identify ML sufficiently.
(2) Enhancement of Group-Based Governance
As mentioned above, as payment methods become diversified with Internet banking,
credit cards, QR code payments, e-money, prepaid payments, and cryptocurrencies, the
targets of specialized fraud group/international Internet criminals will expand. First, if
Internet banking users, online stores with credit card information, and cryptocurrencies
brokers do not have sufficient security awareness, they become easy targets for crime.
Such companies need to carry out security training by themselves.
Banks have overseas and domestic subsidiaries that operate in expanded cashless
businesses, such as QR code payments, e-money, and cryptocurrencies businesses, and
perform onsite checking if necessary. Banks need to share AML/CFT know-how,
including digitalization and RPA/AI, with subsidiaries so that subsidiaries can build the
same defenses as banks.
Change 3: Regulatory Expectation of Financial Institutions
Japan’s Financial Service Agency (JFSA) issues a report on the actual situation and
challenges of AML/CFT every year. The following current main issues to be addressed
are summarized.
As mentioned above, the quality and quantity of AML/CFT specialists are not enough to
implement actions to enhance the above controls.
Challenge 3: Catching Up with Advanced AML/CFT Countries
In order to catch up with the advanced AML/CFT countries, how to increase the number
of AML/CFT specialists needs to be examined in Japan. Financial institutions should
give a great deal of importance to personnel evaluation/salaries of AML/CFT specialists
and develop training programs for learning the know-how of advanced AML/CFT
countries.
5. Actions that Japanese Auditors Should Take
Internal auditors’ core role should be
to provide assurance to
management/the board on the
effectiveness of AML/CFT controls
as shown in The ERM Fan10 on the
left. Internal auditing can also
extend its activities beyond this core
role as with consulting services
shown in the center of the Fan. If
internal auditors have already
acquired valuable skills and
knowledge, they can internally
share them in order to contribute to
10 Refer to the Institute of Internal Auditors’ Exposure Document: Three Lines of Defense, June 2019.
- 8 -
the enhancement of AML/CFT controls. In such a case, the application of certain
safeguards, including engagement to ensure the independence of the internal audit, is
necessary. Internal auditors can perform their role completely, especially in the following
areas.
Action 1: Collaboration Audit with Auditors of Other Financial Institutions
Besides checking the AML/CFT controls, including risk assessment and KYC procedures,
Japanese auditors will need to provide assurance on the effectiveness of procedures, such
as KYC DB’s procedures that are common to many financial institutions, if the common
KYC DB is designed as mentioned above in the “Challenge 1: Working Together with
Many Financial Institutions to Combat Money Laundering.” For such an assurance,
audit collaboration with auditors of other financial institutions is necessary. Practically,
the collaborating audit teams will utilize external auditors to check the main focus
points:
➢ To evaluate the effectiveness of
common procedures to ensure the
accuracy and completeness of DB
by reconciling between the input
data and DB on a sampling basis
➢ To check whether the fuzzy logic of
DB is operated in line with the
defined procedures (For example,
when the inputted names are 75%
matched with those of DB, DB
makes alerts.)
➢ To assess the security controls, including access controls and back-up procedures, by
the cooperative audit team composed of operational auditors and IT auditors
In order to increase the effectiveness of audit collaboration, audit know-how is necessary
to be shared with auditors of other financial institutions through regular communication
and seminars.
In consulting roles, Japanese internal auditors, in conjunction with auditors of other
financial institutions, should focus their ingenuity on design of integrated procedures
across many financial institutions that use different procedures.
Action 2: IT Audit by Using the Knowledge of Data Science and RPA/AI
Japanese internal auditors tend to be unfamiliar with data science and RPA/AI, as
mentioned above in the “Challenge 2: Effective Utilization of Transaction Data.” As the
first step, they should acquire related knowledge. By using such knowledge, they should
check the main points shown below in order to provide assurance on the effectiveness of
controls based upon data science and RPA/AI11:
11 Summarized from the following: Introductory Data Science by Kentaro Matsumoto, Understand Data Science by
Ichiro Takahashi, The Beginner’s Guide to Deep Learning by Deep Learning Study Group, and The Beginner’s
Guide to Machine Learning by Machine Learning Study Group
KYC DB
BankBankBank
External Auditor
Access to DB
Outsourcing
CollaborationAudit
- 9 -
➢ People: To confirm how to
secure data scientists who
can identify the
meaningful phenomena
with data and create
solutions together with
responsible operating
departments
➢ Process: To check the
effectiveness of data
quality controls which
ensure data accuracy and
completeness
➢ Data: To conduct the
model validation, such as
RPA/AI, in order to confirm whether the models are updated to identify ML in a
timely way
➢ Data: To verify machine-learning algorithms by attesting training data based on
mathematical models
➢ Data: To carry out independent data analysis by using internal auditors’
knowledge of data science/RPA/AI and compare that to the results of responsible
operating departments
➢ Technology: To evaluate the effectiveness of security controls for access to RPA/AI
and their business continuity plans
The following points are related to IT audit knowledge, and therefore, operational
auditors and IT auditors need to work together.
Japanese internal auditors can have more experience to check various controls and
accumulate more know-how than first/second lines. In playing consulting roles, internal
auditors can share such know-how with first/second lines through in-house seminars.
Action 3: Group-Based Audit to Check the AML/CFT Controls of Subsidiaries
Banks are the most advanced industry that has much experience to fight against money
launderers. As mentioned above in the “Challenge 2: Group-Based Governance,” the
money-laundering risks are expanding to subsidiaries of banks, which do business
using cashless currencies and cryptocurrencies. Japanese banks’ internal auditors
should share their audit programs with subsidiaries’ internal auditors, and then review
the audit work based upon the following audit programs.
Through the above audit experiences, banks’ internal auditors can have various
opportunities to see the coping actions for dealing with money-laundering risks across
different industries. In terms of consulting, banks’ auditors can enhance information-
sharing regarding subsidiaries’ AML/CFT controls among first/second lines of banks, and
Bank
CryptoCurrencies Com.Credit Card Com.
QA Code Payment Com.
E-money Com.Subsidiaries
Parent
Audit Programs Review
Source;https://www.slideshare.net/marylevins/stop-the-madness-18-april-2013
- 10 -
then provide advice on the improvement of group-based governance.
Action 4: Development of AML/CFT Internal Auditors
As mentioned above in the “Risk 5: Failure to Prevent/Detect ML Due to Insufficient
AML/CFT Controls” and “Challenge 3: Catching Up with Advanced AML/CFT Countries,”
the shortfall in Japanese AML/CFT auditors’ resources should be addressed. The skill-
gap analysis12 of AML/CFT auditors needs to be carried out periodically in order to
develop action plans to close the gap. The measurement of existing skills can include the
following main points:
➢ To check whether Japanese auditors have CAMS and other equivalent AML/CFT
qualifications
➢ To verify if they attend targeted AML/CFT trainings, which are matched with
AML/CFT risks and the level of auditors
➢ To make sure that auditors have enough skills of communication with first/second
lines
When such skill-gap analysis frameworks can be a good example of best practice,
Japanese auditors can give advice to first/second lines on such an analysis.
6. Conclusions
The implementation of the actions mentioned above requires a lot of resources as well as
budgets that are supported by the management. Recently, management is promoting a
better understanding and often raises AML/CFT risks as a top risk. In order to advance
such actions, Japanese internal auditors need to conduct a lot of good audits that
contribute to the enhancement of AML/CFT controls and gain support/understanding
from management.
12 The source is the Association for Talent Development, Los Angeles chapter (ATD-LA): https://www.atdla.org/.
- 11 -
7. References
Institute of Internal Auditors. (2019, June). Exposure Document: Three Lines of
Defense.
National Police Agency [Japan]. (2018). The White Paper.
National Public Safety Commission. (2018, December). National risk assessment of money laundering and terrorist financing.