2nd Edition
Cover Payments – Closing Another Loophole By Saskia Rietbroek, CAMS, Financial Crime Advisory NetEconomy In April 2007, the Wolfsberg Group, an association of 12 of the world’s largest banks, and the Clearing House Association called for the banking cooperative Society for Worldwide Interbank Financial Telecommuncation (SWIFT) to change the payment instructions it handles to “promote the effectiveness of global anti-money laundering and anti-terrorist financing programs.” The proposal would standardize the content of payment instructions sent by SWIFT to originator and beneficiary institutions when conducting third-party cover payments. Cover payments are funds transfers that involve two distinct payment message streams. • The first funds transfer (called “Single customer credit transfer – MT 103”) is sent to the beneficiary’s bank. It is the direct payment order to the beneficiary’s bank (first funds transfer) to instruct it to pay the beneficiary. • The second funds transfer (called “General Financial Institution Transfer MT 202”) is the bank-to-bank payment order to an intermediary bank to instruct (cover) that the beneficiary bank be paid by the originator or intermediary bank. Cover payments are used in international funds transfers because the originating and beneficiary banks often do not have a relationship that allows them to settle the payment directly.
Table of Contents Cover Payments – Closing Another Loophole......................Page 1 Welcome new board member!...Page 2 Interview with Florisela Bentoera, CAMS, Compliance Manager, RBTT Bank, Curacao ..................Page 3 User in the Spotlight..................Page 4 Hot Docs ...................................Page 5 IT Column .................................Page 5 Featured Functionality ...............Page 6 Financial Crime News from Around the World......................Page 7 Poll Question.............................Page 8 Calendar of Events 2007 ...........Page 8
The issue is that the information from the first leg of the funds transfer, including the identity of originator, the originating bank and the beneficiary, is not provided to the intermediary bank that receives the second funds transfer. This means that the intermediary bank does not receive all the information about the customer payment (MT 103) to which the cover payment (MT 202) relates. It does not receive the payment order related to the “MT 103,” and is therefore not always privy to the full originator and beneficiary identifying information contained in the original payment messages. Because of the incomplete information they receive, involvement of sanctioned parties in a transaction cannot be checked, and it is it difficult for the intermediary bank to adequately monitor for suspicious activity. Continued on Page 2
Cover Payments – Closing Another Loophole Continued from Page 1
Although the intermediary bank may not know who or what is involved in a transaction, they may be subject to penalties if regulators or law enforcement find that they processed a transaction for a sanctioned individual or entity. An example is a 2005 enforcement action against Banco de Chile, where the Office of the Comptroller of the Currency (OCC) said that the bank could no longer accept “covered transactions” (pass-through transactions in which funds are sent by order of a correspondent bank to another institution without designating the beneficiary). The proposal to standardize the content of the payment instructions sent by SWIFT to originator and beneficiary institutions when conducting third party transactions is timely and necessary. Financial institutions should:
• not leave out, delete or change information in payment messages to avoid detection of such data by other institutions in the payment process. • not use a particular payment message to avoid detection of information by any other institution in the payment process. • cooperate as fully as possible with other institutions that request information about the parties involved. • encourage correspondent banks to adopt the same principles. Cover payments are a potential loophole for the bad guys to fly under the radar screen. If the proposed measures are approved by the 2,200 SWIFT members, institutions will have greater insight into the parties that are on the sending and receiving ends of transactions, helping them to better understand possible risks associated with the underlying transactions and adequately monitor for suspicious activity.
NetPractice Exchange This newsletter is a quarterly publication by NetEconomy B.V. for NetPractice members and others interested in NetPractice or NetEconomy in general.
Welcome new board member! Cindy Shelton Ryan CAMS Compliance Officer Bank-Fund Staff Federal Credit Union Washington DC, USA In June, NetPractice added a new advisory board member. Cindy is a member of the Risk Management team of Bank-Fund Staff Federal Credit Union. Her institution serves primarily the staff of The World Bank Group and the International Monetary Fund. Cindy is responsible for enterprise-wide compliance, which includes BSA/AML/CTF/OFAC compliance. Throughout her 20 plus years in the financial services industry, she has managed all aspects of day-to-day branch and back office operations; she has led major project teams, implementing numerous delivery channel products and services, including e-Services. Cindy is based in Washington DC, USA.
Page 2 | NetPractice Exchange
NetPractice Advisory Board Florisela Bentoera, CAMS, Manager Compliance and AML Operations, RBTT Dutch Caribbean, Rooi Catootje Branch, Curacao, Netherlands Antilles Thierry Istace, Coordinator of Projects for the Compliance Division, Dexia Bank, Brussels, Belgium. Deborah King, CAMS, VP Director AML Investigations, Citizens Financial Group, Medfort, MA, USA Gabriel McLaughlin Adams, CAMS, Compliance Officer, Dexia S.A., Brussels, Belgium. Saskia Rietbroek, CAMS, Financial Crime Advisor, NetEconomy, Miami, FL, USA (Chair) Cindy Shelton Ryan, CAMS, Compliance Officer Bank-Fund Staff Federal Credit Union, Washington D.C., USA NetPractice Staff Director: Stanley Harmsen van der Vliet, CAMS Marketing Director: Alison Holland, CAMS Communications Manager: Joyce Kooijman This newsletter is for general information purposes only. The views expressed in this newsletter are not necessarily those of NetEconomy B.V. NetEconomy has taken all reasonable measures to ensure that the material contained in this newsletter is correct. However, NetEconomy gives no warranty and accepts no responsibility for the accuracy or the completeness of the material. In publishing this newsletter, neither the authors nor NetEconomy are engaged in rendering legal or other professional advice. NetPractice, Loire 200-202, 2491 AM, The Hague, The Netherlands Tel: +31 (0) 70 452 5448, Fax: +31 (0) 70 452 5444, info@netpractice.org, www.netpractice.org
Interview with Florisela Bentoera CAMS, Compliance Manager, Curacao
Florisela is responsible for compliance operations for the Netherlands Antilles with focus on assuring that proper preventive measures and controls are in place in relation to non-physical security aspects in the widest sense. She has the responsibility for adequate identification and verification procedures and guidelines for monitoring and reporting unusual transactions, to ensure compliance with regulations and RBTT’s policy on the issue of AML & TF. She studied Dutch Law and graduated from the Catholic University in Brabant, The Netherlands. Florisela is based in Curaçao, Netherlands Antilles. She is a member of the NetPractice Advisory Board. Please describe your bank briefly: The RBTT Group is the number one Caribbean-owned banking and financial services group comprising of more than 30 companies. The Dutch Caribbean jurisdiction, where I’m based, has 12 branches located in Curacao, Bonaire and St. Maarten. We cater to a diverse clientele, offering both offshore and onshore banking. Our services include business financing, retail banking and various lending facilities. What is your role exactly? I’m the manager of the Centralized Compliance Department, which covers Compliance & AML Operations for all three jurisdictions within the Dutch Antilles. How long have you been using the NetEconomy Solution? Since September 2005. How do you monitor wire/electronic funds transfers? We monitor wire transfers whereby the beneficiaries are either located in a high-risk country or are of a high-risk nationality. The legal and regulatory requirements from our jurisdiction were also incorporated in alert definitions. At the end of the day, it all boils down to having adequate client information, which can provide just cause for the wire.
Can you describe the alert assignment process in your bank? The alerts generated overnight are assigned by the Manager of the Compliance Department to the Compliance Officers. At the time of the assignment, the jurisdiction, workload and alert type is taken into consideration. The more “difficult” alerts, which require more investigation, are assigned to more senior staff. Can you describe the alert handling process? Each user is responsible for handling the alerts that are assigned to them. They make use of all available resources, which may include our core banking system, customer information, the internet, the input of the account officer, etc. Escalation occurs when it is determined that the alerted transaction(s) are not in accordance with the client’s profile. How many alerts do you think one person can handle per day and why? It depends on a variety of factors. Being, but not limited to, the period of the month, the experience of the user and the type of alert. How do you use the case management function in our solution? Any tips? When an alert has been escalated and an investigation commences, the Department Head assigns the case to a user. In addition to using the resources mentioned above, the user would make use of enhanced resources, e.g. inquiries at the judicial authorities, assistance of our Group Security Department and at times requested information from the client as it may be that there was a profile change. After the investigation has been finalized, the case is presented to the Department Head, with the recommendation of the user. The Department Head reviews the findings and decides whether additional investigation needs to be performed, a report must be generated or the case can be closed. Tips: It is important that the users make use of all resources, his/her findings are properly presented and conclusions are substantiated, allowing the Head of the Department to make a proper assessment of the case.
Page 3 | NetPractice Exchange
User in the Spotlight Name Title Organization
Maureen Niebieska Legal Compliance Money Laundering Team Manager Nationwide Building Society, United Kingdom
Maureen has worked 20 years for Nationwide, starting in the Fraud Department. For the past 15 years she has been in Nationwide’s Money Laundering Reporting Team and has been involved in several projects including the implementation of ERASE. What is your favorite ERASE feature and why? Fingerprinting, because following the identification of one suspect customer; a single ‘click’ is all it takes to identify linked customers within the organization.
If you had an extra 15 minutes in your busy day at the office, how would you use it? Go on to www.netpractice.org and see what other ‘best practice’ suggestions are out there.
Can you give one piece of advice to a new ERASE user? ERASE is only as good as the data received from your legacy system(s). Therefore, detailed, up front, data analysis is vital.
What is your favorite piece of advice from an AML seminar, course or conference? ‘Know Your Customer’ was the key item taken away from the latest NetEconomy user conference in Brussels, Belgium. But most advice given by like-minded peers is usually the most rewarding, and results in a renewed enthusiasm for the process of identifying money-laundering activity.
What is your most ingenious ERASE alert investigation/ handling tip? Use ERASE as your one-stop shop by getting as much information as possible from your legacy system(s).
Hot Docs UK’s regulator issues guidance on automated transaction monitoring systems Soon, new UK money laundering regulations will make transaction monitoring compulsory. More specifically, UK firms will have to conduct ongoing monitoring of a business relationship, focusing both on scrutinizing transactions and keeping the documentation and customer information up-to-date. The July 2007 FSA guidance document “Automated Anti-Money Laundering Transaction Monitoring System” consists of feedback on good practice, which firms may find helpful to ensure compliance with the new regulations once they come into force. The full report can be found at www.netpractice.org. Gartner report indicates benefits of anti-money laundering technology Gartner Research’s positioned Anti-Money Laundering (AML) technology in the “plateau of productivity” in its recently published report “Hype Cycle for Banking and Investment Services Risk and Compliance, 2007.” A hype cycle is a graphic representation of the maturity, adoption and business application of specific technologies. The plateau of “productivity,” where AML technology is at the moment, according to
Page 4 | NetPractice Exchange
Gartner, represents mainstream adoption when real-world benefits of technology are demonstrated and accepted. The report can be found on www.netpractice.org. KPMG survey identifies potential commercial benefits from transaction monitoring According to KPMG’s Global Anti-Money Laundering Survey 2007, transaction monitoring is among the main drivers of the past and future increases in money laundering control costs. On the other hand, the survey, which was conducted among hundreds of financial institution around the world, also looked at the potential commercial benefits flowing from implementation of automated transaction monitoring systems. Of the banks that identified commercial benefits, 37 percent cited improved marketing opportunities and customer relationship management, 30 percent referred to improved reputational risk management, and 20 percent mentioned fraud reduction. In relation to fraud reduction, a number of banks now appear to be moving towards incorporating additional modules into their automated AML transaction monitoring platforms to identify fraud, and other financial crime risks. See: www.kpmg.com/Services/Advisory/Other/AML2007.htm
IT Column Scheduling “jobs” via an external webservice. The ERASE scheduler has a little known feature to control “jobs” via an external web service. A job is a function or an action that can be scheduled to be executed according to a predefined schedule. For example, to generate alerts, delete log entries older than a specified number of days, or to synchronize users who are stored in a directory with users in the NetEconomy software. In this column we will show how the ERASE scheduler can be used to call, start or stop jobs via an external web service, and how ERASE should be configured to utilize this feature. In this example the job “Generate alerts” will be handled, all others job can be handled the same way (except the import and validation jobs, as these are file driven). The following steps are required: Step 1: Create a “Generate alerts” job • Go to System Administration -> Configuration -> General -> Jobs • Click on “Add” • Select “Generate alerts” • Change the Run field to “On web service call” • Save the Job
Step 2: Request Job ID and Job State from ERASE To get the ID and status of a Job the provided script shown below can be used. If the returned status is “waiting,” the web service is ready for new input. Please change the system database to the system database currently in use.
use system select top 1 JS.Description, JT.id from Job J inner join JobTemplate JT on JT.id = J.TemplateID inner join FunctionPoint FP on FP.Name = JT.FunctionName inner join JobState JS on J.StateID = JS.ID where FP.Description = ‘Generate alerts’ and JT.TriggerTypeID = 2 order by J.StateID, JT.id
Step 3: Calling the ERASE Web service to start the “Generate alerts” job. For this part, please see the Web Services chapter of the System Configuration manual, which can be found on the NetPractice website. (http://www.netpractice.org/memberarea/softwaredocumentation.aspx?id=48)
Page 5 | NetPractice Exchange
Featured Functionality Assign alerts to a case In ERASE it is possible to assign alerts to a case in various ways as depicted in the figure below:
1 From an alert via an investigation and an unassigned incident to a case; 2 From an alert via an investigation to a case (available as of release 4.1.4); 3 From an alert directly to a case (available as of release 4.1.4).
Figure – Three scenarios for assigning alerts to a case
In the first scenario (the blue arrows in the figure above), the user opens the alert and selects the investigate button if the alert requires further investigation. A new screen called Collected Incident Data appears in which the user can select the transactions, accounts and customers that must be included in the investigation. The selected data will be added to the incident data, and upon completion an incident will be generated including the selected data. The incident will appear in the Unassigned Incidents list on the Track tab. The incident can then be assigned to a new or existing case. All data selected in the Incident Data will automatically be copied to a case. The second scenario (the green arrows in the figure above) is similar to the first scenario with the exception that the incident data can directly be assigned to a new or existing case. In this scenario, an incident will be automatically generated and assigned to the case and all data gathered
Page 6 | NetPractice Exchange
in the Collected Incident Data screen will be copied to the case. The third scenario (the red arrow in the figure above) represents the shortest route from an alert to a case. In this scenario, an alert can be directly assigned to a new or existing case. There is no need to first select the incident data, create an incident, and assign the incident to a case, because this is will all be done automatically. When the alert is assigned to the case, ERASE will gather all relevant transactions, accounts and customers and copy this data to the case. In the case itself, the user can still add more data if required for the investigation. Directly assigning an alert to a case can be done from the following screens: • The Unassigned Alerts list on the Alert tab • The My Alerts list on the Investigate tab • The Alerts for All Users list on the Investigate tab • The Edit Alert screen
Financial Crime News from Around the World Belgium Severe and organised fiscal fraud As of 1 September 2007, Belgian financial institutions have to report to the national FIU any activity suspected to be related to severe and organised fiscal fraud initiated by means of money laundering. This type of fraud is often characterized by usage of complex (legal) structures and financial transactions within international schemes. The requirement is based on a Royal Decree of 3 June 2007 and an adjustment of the Law of 11 January 1993 on preventing the use of the financial system for purposes of money laundering and terrorism financing. In aiding institutions in the detection and reporting of such schemes the government has issued a list of 13 indicators. The list shows unusual and suspicious financial and non-financial activity that might indicate severe and organised fiscal fraud. The list of indicators will be evaluated in June 2009. Qatar Monitoring of inward and outward remittances The Qatar Central Bank (QCB) disclosed on 23 May 2007 that it keeps a very close watch on all inward and outward remittances by means of an electronic system in place at the QCB. The system is part of a constant surveillance against attempts to launder money. Some foreign exchange houses were not in a position to have an electronic system in place whereby each of their transactions could be reported to the central bank immediately. The QCB has helped such foreign exchange companies to install the system. All of them are now in a position to report transactions immediately. Qatar is a member of the Middle East and North Africa Financial Action Taskforce (MENAFATF). USA BSA effectiveness and efficiency The US Treasury is going to push for a more balanced approach to AML compliance for smaller financial institutions. A fact sheet released by the Financial Crimes Enforcement Network (FinCEN) dated 22 June 2007 says that not all financial services providers are subject to the same kinds and degree of risk. Therefore, matching risk-based examination to risk-based obligations should become the norm as smaller financial institutions seek to comply with Bank Secrecy Act (BSA) regulations going forward. Small banks have struggled so far to find adequate human and technology resources to address compliance issues. The projected commonsense approach is exactly what the US banking industry has been asking for. See: http://www.fincen.gov/bsa_fact_sheet.pdf. Nigeria SEC advises financial industry on acquisition of AML software solutions The Securities and Exchange Commission (SEC) of Nigeria advised operators in the financial industry on 15 June 2007 at a national conference on money laundering controls to
acquire all the necessary anti-money laundering (AML) software solutions that could aid them in combating money laundering activities and other fraudulent practices. All operators in the financial system should face up to the challenges posed by the provisions of the Money Laundering (Prohibition) Act, 2004 (MLPA) by acquiring necessary AML software solutions to fortify their procedures, processes, policies, and programs against money launderers and be able to generate information required of them by regulators. The ML Act 2004 empowers the SEC to monitor suspected money laundering activities capable of being perpetrated through the Nigerian capital market. Nigeria used to be included on the Financial Action Taskforce’s Non-Cooperative Countries and Territories (NCCT) list. Switzerland Adoption of revised FATF Recommendations The Swiss Federal Council adopted on 15 June 2007 a draft dispatch on the implementation of the revised Financial Action Taskforce (FATF) recommendations. Swiss legislation already complied to a large extent with the revised standards of 2003, but some modifications nonetheless had to be made, including application of the AML Act in the fight against terrorist financing, and enhancing customer identification measures, among others. Implementation of the revised FATF recommendations also requires amendments to the ordinances of the competent supervisory authorities in the areas of money laundering and terrorist financing. Therefore the SFBC ordinance on money laundering (18 December 2002) will be revised. The revision is at an advanced stage and should be finalised in Autumn 2007. Also, the Due Diligence Convention (CDB 03) will be revised, due in 2009.
Page 7 | NetPractice Exchange
Poll Question Responses to last month’s poll question on www.netpractice.org were: On average, how many alerts does one AML analyst investigate per day?
39.13% 34.78% 26.09%
The poll question for next month is: Do you factor in “non financial events” (such as change of address, change of password, etc.) when analyzing alerts generated by your AML monitoring solution? • Always • Sometimes • Never Please submit your vote at www.netpractice.org
21 or more 1 -10 11 -20
Calendar of Events Bank Card Conference
Chicago
September 5-7, 2007
Free Live Chat on Database Configuration
September 6, 2007
Boston
October 1-5, 2007
Free Webcast: Control, Controversy or Confusion over MiFID?
October 11, 2007
Las Vegas
October 7-11, 2007
ABA Regulatory Compliance Conference
Washington
October 21-23, 2007
ACAMS European Conference
Amsterdam
November 7-9, 2007
BAI Retail Delivery Conference
Las Vegas
November 13-15, 2007
NetPractice
SIBOS NetPractice and Celent
Teradata User Group Conference
Contact
NetPractice, Loire 200-202, 2491 AM The Hague, The Netherlands Phone: +31 (0)70 452 5440 Fax: +31 (0)70 452 5444, info@netpractice.com ©2007 Fiserv, Inc. 5/07