Vol. 2, Issue 1, 2008
Making Experience Count
Table of Contents
A proven methodology to satisfy the regulators and to reduce false positives
Making Experience Count........Page 1-2
SECURETM is a methodology that is helping financial institutions meet regulations while dramatically reducing the cost and frequency of false positives. NetPractice interviewed Erik Middelkoop, one of its principal creators, to find out more. NetPractice: Can you briefly explain what SECURE is, and the needs it satisfies? Erik: Many organizations are learning that while regulations are helpful in encouraging financial institutions to take preventative measures against such crimes as money laundering or fraud, they don’t really answer the fundamental question you need to ask when getting started, namely, “What should we be detecting, and how?” The SECURE methodology enables financial institutions to review all the key components of money laundering detection. By reviewing the policies, procedures, training, and detection technology used to detect suspicious behavior, SECURE identifies which actions are best left to staff, and which can best be left to detection technology. Some detection will clearly involve both manual and technology detection methods. By clearly defining what the detection technology from NetEconomy should do, rules and alerts can be optimized.
New Advisory Board Member .....Page 3 Hot Docs ....................................Page 3 Mobile Phone Laundering: Fact or Fiction .........................Page 4-5 User in the Spotlight...................Page 6 NetEconomy Forms User Group Committee for Dublin ’08 ...........Page 7 Business Analysis, the Key to a Successful Implementation ......Page 8-9 Featured Functionality ..............Page 10 Financial Crime News from Around the World.....................Page 11 Poll Question............................Page 12 Calendar of Events 2008 ..........Page 12
Using SECURE, we help define the risk faced by the institution, and then we help determine how to detect that risk. This often involves challenging financial institutions to answer how they should go about detecting all types of money laundering activity. NetPractice: The banks like being challenged? Erik: Yes. I think they greatly appreciate having experienced people come to the table who can help them think of the best way to detect suspicious activity. Continued on Page 2
APRIL 2008
Making Experience Count
NetPractice: And this has an impact on the total cost of ownership?
Continued from Page 1
NetPractice: What other benefits do they get from using SECURE? Erik: SECURE provides the assurance that financial institutions are looking for when the regulator comes knocking at their door. With this methodology, they know what they are looking for to prevent money laundering. So the next time our customers are asked “Why did you not detect this or that transaction,”they can explain why the transaction in question was not unusual and can provide the evidence to back it up. In this way, they can show what they are monitoring, how they are monitoring it, and why they have set it up this way.
“It’s all about knowing what to detect and why.”
NetPractice: So SECURE helps financial institutions to be more effective. Erik: Absolutely. SECURE ensures that organizations are effective in how they take on money laundering or fraud. All relevant steps and decisions are clearly documented, and SECURE provides the clear overview needed to know where to make the necessary improvements when they are needed.
“When things go wrong, you need to explain why you didn’t report it. SECURE provides the explanation, providing regulators the information they need, and financial institutions the confidence they need to show.”
Erik is a Business Consultant from IEQ and has been involved in many NetEconomy Financial Crime Suite implementations during the last eight years. Erik is also the founder of the SECURE methodology that helps financial institutions improve their transaction monitoring hit ratio and reduce operations costs. Erik has a BA in psychology and is based in Arnhem, The Netherlands.
Erik: It really does. We have worked out with our customers the cost savings of reducing, for example, ten alerts per day. Now imagine the savings if you can multiply that even further, which is what we are achieving with SECURE. Our customers are also learning that it is better to serve a smaller team of highly skilled individuals in detecting suspicious transactions, than to employ a larger number of lesser skilled people in the investigation process.
NetPractice: It sounds great. So if other banks reading this interview wanted a total cost of ownership (TCO) analysis done before committing to the methodology, you could assist them with this? Erik: Yes; I believe it’s important to do this. Showing the financial and operational benefits they could achieve is crucial. Additionally, we can get them to talk with the other banks that have benefitted from SECURE so they hear it directly from them.
The SECURE methodology has now been used in a number of recent NetEconomy implementation projects.
NetPractice: In summary, what do the financial institutions like the most when using SECURE?
The combination of a solid methodology that leverages the knowledge of the anti-money laundering team combined with NetEconomy’s intelligent detection technology really makes the difference.
The results! They are impressed with the results they have managed to achieve by using SECURE. They also enjoy our candid-but-tough discussions with them on the best ways to detect anti-money laundering.
The TCO Challenge: Take the TCO challenge, and find out how you could benefit from using SECURE. Contact us at: marketing@neteconomy.com and ask for the TCO SECURE Challenge.
Page 2 | NetPractice Exchange
Meet Our New NetPractice Board Member
New NetPractice Advisory Board Member Aleksejs Truhans IT Development, Parex Banka, Latvia
In January 2008, NetPractice added a new advisory board member. Aleksejs is an IT development manager at Parex Banka, one of the largest commercial banks in Latvia, with branches and subsidiaries in Switzerland, Sweden, Russia and Ukraine, amongst other countries. He participates in AML-related information systems development in the Bank, as well as in other projects involving acquisition, integration, and development of IT systems. In his career he has taught programming, developed software, and managed projects and people in the IT field. Working at Parex Banka since 2001, he is proficient in such banking business areas as payments processing, AML, market abuse and credit scoring. Aleksejs leads the IT team implementing the NetEconomy solution at Parex Banka, the first bank in Latvia to use it.
Hot Docs Spanish U.S. FFIEC BSA/AML Examination Manual The FDIC has had the Federal Financial Institutions Examination Council (FFIEC) 2007 Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual translated into Spanish and made available to the public. The order form for a copy of the Spanish version of the manual is available on the FDIC’s Web site at http://www.fdic.gov/regulations/ examinations/bsa/index.html or http://www.fdic.gov/quicklinks/spanish.html or contact Review Examiner Eric S. Walker at SASFIL@FDIC.gov or (202) 898-3673. Two NetPractice training webcasts available for download 1. AML trends: In January, Celent’s AML expert Neil Katkov presented a well attended webinar exploring some of the key new issues facing financial institutions in anti-money laundering (AML) and the subsequent impact on business strategies and priorities. In this web seminar, Celent’s senior analyst outlined the trends to watch out for, and explained the potential impact on financial institutions. Download webcast: www.netpractice.org
2.Government Sanctions and PEP Compliance: In February, NetEconomy’s Financial Crime Advisor and former Executive of the Association of Certified Anti-Money Laundering Specialists (ACAMS) Saskia Rietbroek, and Jeroen Dekker, NetEconomy Product Manager, presented a webinar about best practices on government watch list and PEP screening. Download webcast: www.netpractice.org These 1-hour sessions provide 1 CAMS credit each for purposes of continuing education. White paper on Employee Fraud The recent scandal at Societe Generale in which one employee was responsible for the loss of millions has raised a great deal of interest in employee fraud prevention. In our new white paper, NetEconomy advises on how to detect employee fraud using real-life case examples. The paper also emphasizes the importance of seeing the wider picture, answering the questions: – Was the fraudster acting alone? – Are there other fraudulent actions as yet undetected? – Could there be other customers at risk? – Could this be part of a bigger scam within the organization? Download the paper at www.neteconomy.com
Page 3 | NetPractice Exchange
Mobile Phone Laundering: Fact or Fiction? Saskia Rietbroek, Advisory Board, Association of Certified Anti-Money Laundering Specialists (ACAMS) From 2001–2005, Saskia Rietbroek served as the original Executive Director of the Association of Certified Anti-Money Laundering Specialists (ACAMS). She continues to serve on the Advisory Board of the Association. She is currently the Financial Crime Advisor to NetEconomy, and Partner in AML Services International, LLC. She conducts money laundering audits and training for financial institutions in the US, Caribbean, and Latin America. She is based in Miami, FL.
In Europe and Asia, and to a lesser extent, the United States, people are able to pay for groceries using their cell phones. You can make payments wirelessly with your cell phone. You can also transfer funds to another telecom subscriber using SMS text messages. Authorization typically occurs by keying in a PIN (personal identification number) associated with the person or the mobile device. The customer receives a text (SMS) confirmation after the transaction is conducted. Does this mean that a money launderer can use his cell phone to launder money? And if so, what can be done by telecom providers to control the risk? Some argue that even if mobile payments could theoretically be used for money laundering, the service is typically used for micro-payments and involves amounts too paltry to be of interest to a money launderer. Before answering these questions, let’s take a look at how mobile payments work. Linked to bank account or not? The most basic form of mobile payment is when the customer uses the cellular phone as an access device to initiate and authenticate transactions from existing bank accounts or payment cards. Because of the involvement of a bank account at a regulated institution, the customer has been identified when the underlying bank or credit card account was opened. But the mobile payment can also function as a standalone facility without a direct underlying bank or payment card account. In this case, the telecom operator acts as a payment intermediary to authorize and settle the payment in its own system. In the stand-alone facility, there are prepaid and postpaid payment services: In a postpaid system, the telecom operator allows the phone owner to charge certain payments to the phone bill. In a prepaid system, the telecom operator lets the phone owner fund an
Page 4 | NetPractice Exchange
“account” (this is not a bank account) held by the telecom operator for the purposes of making prepaid payments. In this stand-alone option, telecom companies engaged in these activities may not be overseen by a country’s central bank or other banking regulator in regard to money laundering purposes. How to abuse the system Here is how the launderer can abuse the mobile payment system: The launderer buys a prepaid card for any amount and loads it with ill-gotten money. He then registers online with a mobile payment provider using a free anonymous e-mail account, the prepaid mobile phone number, and the money on the stored-value card. Of course, he provides a false identification number and a false address. Using the cell phone, the launderer then logs on to the payment service provider website and gives them the number of the mobile phone to which he wishes to transfer the funds from his prepaid card. The telecom company then sends a message to the receiver’s phone number asking where to transfer the money. If there is a partnership with a bank, the recipient can request the transfer be made to his stored-value card and then withdraw the funds from any ATM, anywhere. The transaction leaves a minimal audit trail: two mobile phone numbers, the amount of the transaction, perhaps short instructions on the transmission, and reception. This could create a situation where we have a minimal audit trail and anonymity, combined with functional similarity to a credit or debit card or remittance services. And all of this is virtually unregulated. Risk mitigation Amounts. Money laundering and fraud issues can arise when the maximum transaction and loading amounts are high. When mobile phones are access devices to underlying bank and credit card accounts, limits may
NetEconomy detection scenarios applicable in the mobile payment setting A mobile payment account that is used in an ATM to access cash from a prepaid account operates in a similar way to a debit card accessing a bank account via an ATM. NetEconomy can use detection scenarios that are also used in a bank account setting, such as transactions above certain amounts, foreign withdrawals combined with up-front cash loading within a certain period, and transactions in certain high risk countries.
acceptable range of transfers for certain cards. An alert is generated when the limit is reached.
If a certain threshold for number of transactions is reached for a particular account holder, an alert can be generated for further investigation. Different thresholds can be set for mobile payment account holders with different risk classifications (depending on age, country or state of residence, etc.).
NetEconomy can import a risk score that is assigned by the firm to its customers in order to monitor activity in accordance with the risk posed by this customer. It can compare the activity of a particular customer with the historical profile of that customer. It can compare patterns within peer groups such as customers living in the same zip code or with a similar age.
With the network analysis feature, NetEconomy can identify, investigate, and trace links between mobile account holders which can help uncover a money laundering trail. This tool allows you to build an overview of account holder relationships: Who is transmitting funds to which other account holder?
A detection scenario can be created for limits on the
not be necessary. If the mobile payments are not linked to underlying bank accounts, the telecom provider often imposes a maximum per transaction per day to a few hundred dollars or euros, which limits the vulnerability to money laundering.
or fellow service subscribers. Subscribers can also withdraw money from their mobile payment account directly from their bank account, or as cash from an ATM with a prepaid card. Limited transaction value and limited cross-border functionality can help reduce the risk.
Identification. If the mobile phone service is prepaid and the funds used to facilitate mobile payments are also prepaid, the service provider may not be motivated to fully identify customers because of the absence of credit risk and legal requirements. It would be prudent to identify the customer and to verify the information provided in the registration process. Otherwise, there is no way for the telecom provider to know if the information provided is real or has been stolen from another person.
Detecting the cell phone launderer
Method of funding. Mobile payments that draw on a prepaid account can be funded by adding money from a bank account, or from a debit/credit/prepaid card. Payment sources which have independently verified the identity of the phone owner and which maintain a record of the funds transferred to the mobile payment account are low risk. The use of cash to fund a mobile payment account, independent of other risk factors, may present some limited money laundering/terrorist financing risk. By limiting funding options, the risk can be mitigated. Usage limits. Typically, payments can only be received for POS (point of sale) transactions by participating merchants
The telecom firm may not be legally required to do so, but their internal policies and procedures or partnerships with banks may require them to report suspicious activity. In order to do this, they need not only to identify the customer, but also to keep records for every transaction (including tiny micro payments) in order to create patterns of transactions and to monitor for suspicious transactions. With pattern recognition technology, such as the NetEconomy solution, the mobile payment firm can determine if the activity is commensurate with what was expected from the customer. This is done using algorithms that predict and link data, and that generate alerts for investigations and further analysis. This way we can help the firm distinguish suspicious from normal activity, and mitigate the risks presented by ingenious launderers trying to launder money with their cell phones. In 2006, FAFT released a document entitled “Report on New Payment Methods.� To download that report, please visit www.netpractice.org. Page 5 | NetPractice Exchange
User in the Spotlight Alekjes Truhans, Parex Banka Aleksejs is an IT Development Manager at Parex Banka. He participates in the development of NetEconomy-centered and other AML functionality in the Bank, and is involved in other acquisition and integration projects of new IT systems. He has taught programming, developed software and managed projects in the IT field during his career. Aleksejs is based in Latvia and is a member of the NetPractice Advisory Board. 1. Describe your institution (size of the bank, location, number of branches). Parex Group is one of the largest, oldest and most experienced private financial groups in the Baltic States. The Group offers integrated client services including lending, payment card services, leasing, asset management and securities brokerage. The Group consists of banks, asset management and consumer lending companies in Latvia, Estonia, Lithuania, Switzerland, Ukraine, Belarus and Azerbajan. The flagship institution, Parex Bank Latvia, has EUR 3.5 Bn in assets and serves more than 400,000 customers. 2. Which version and module of ERASE does your institution use, and since when? We are running Compliance Manager 4.1.5SR1. We started the implementation project early in 2006 and launched ERASE into production use on December 18, 2006. 3. How do you use it across different branches? The same ERASE system is used by all the Parex Bank branches. 4. Describe your role working with the NetEconomy solution. I have lead the IT implementation team since the very beginning, acting mainly as business analyst, project manager and software developer. 5. What was the biggest challenge when implementing the solution? And how did you solve it? In the very beginning, it was the gap in understanding how ERASE functions between Parex and NetEconomy analysts. Installing a test system and delivering data into it resolved this issue. Then we appeared to be quite unique and required a lot of additional development besides just using the solutions best practices. The second challenge was related to the fact that we value the security of our customers so much that we did not give any test data to NetEconomy, hence they had no way themselves to test the customizations they’ve been developing. Placing consultants on-site was the best way to resolve this issue.
Page 6 | NetPractice Exchange
6. Can you give one piece of advice to an institution that is about to implement ERASE? Start with just a few critical alert definitions, then gradually expand and rework. Using ERASE will give you the understanding of what the best uses for this instrument are. It will enable you to get maximum possible value out of it as fast as possible. 7. What would you like to see added to the current ERASE solution? (This could be something, for example, related to downloading information into ERASE from the core system, configuration, data fields, data streams, or a functionality, etc.) It would be nice to make it more open. For example, to enable us to add new import data fields and new profiles. It would be good if the system could log detailed debug information. We do not allow remote access to our systems and providing the debug information would certainly help developers to analyze some tricky issues we have without travelling to Riga. We also would appreciate a tool to extract alert definition configuration from one system and load into another. There are such things used by NetEconomy for internal purposes and it really helps in avoiding human errors when transferring configuration from test system to the production one. 8. If you had an extra 15 minutes in your busy day at the office, how would you use it? I’d spend these minutes learning something, reading a book or trying some exciting new technology. 9. What is your favorite piece of advice from a seminar, training course or conference that you would like to share with other IT managers working with ERASE? It seems that what I deem the best piece of advice is already embedded into the suggestions above. More than one time, perhaps :)
NetEconomy Forms User Group Committee for Dublin ’08 Below are the members of the Committee in charge of developing the program for the NetEconomy User Group event, to be held in Dublin, Ireland on June 10 and 11, 2008: Isaac Alejandro Legal & Compliance, ING Bank, Mexico Claude Baksh MLRO, Sun Life Financial, Canada Melanie Cousins Marketing Manager, NetEconomy, United Kingdom Christopher Ghenne Trainer, NetEconomy, the Netherlands Stan Harmsen van der Vliet Director, NetPractice, the Netherlands David Lombard AML Program Manager, Bank of Ireland, Ireland Michiel Peeperkorn Compliance Manager, ING Group Compliance, the Netherlands
Harold Pernot Product Manager, NetEconomy, the Netherlands Saskia Rietbroek Financial Crime Advisor, NetEconomy, United States Andy Scherpenberg ERASE Application Leader, ING, Belgium We thank the committee members for their continuous input and for helping us make this event a great success. If you have any suggestions for the program, please let the Committee know at info@netpractice.org.
We are pleased to announce the NetEconomy User Group Conference 2008 Dublin, Ireland To be held at the Conrad Dublin Hotel on Tuesday 10th and Wednesday 11th June 2008 Kindly hosted by Bank of Ireland and in association with NetPractice
To register, please visit: http://www.netpractice.org/User_Group_Event_2008.aspx
Page 7 | NetPractice Exchange
Business Analysis, the Key to a Successful Implementation Name Title Company Location
Ben Scheffers, CAMS Business Analyst NetEconomy The Hague, the Netherlands
Ben is the lead Business Analyst at NetEconomy. The Business Analysis is the one of the most crucial parts of the implementation project. The purpose is to investigate and analyse the customers’ needs and translate these into input for the project. Ben has been involved in over 50 implementations of the NetEconomy solution across 35 countries. What is your role in the department? I started with NetEconomy almost 6 years ago. At that time the AML world was still at an immature state. Many laws were still being written and in most banks the requirements were not clear. I had the opportunity to grow with our customers and together we created solutions for their regulatory requirements concerning AntiMoney Laundering and Terrorist Finance. Before joining NetEconomy, I graduated with a Master of Science in Business Administration majoring Management Information from the Erasmus University in Rotterdam. After serving in the Dutch army, I joined the Dutch ERP Solutions provider EXACT. For them I worked as a Product Manager CRM and managed different development teams in The Netherlands, Ireland and Malaysia. Following that job, I worked as a product manager with Fenestrea making data available on the cell phone and PDA. What does the business analysis process entail? In my role a business analyst, I’ve been involved in many implementations in many countries. My role changed a little bit in the past year. I still fulfill my role as Business Analyst. It allows me to keep in touch with what is important. Next to my role as business analyst, I am involved in growing our company in the services department and sharing my experience of the past years with the growing team. Please describe the business analysis process? The Business Analysis process is one of the most crucial parts of the implementation project. The goal is to deliver a solution to the financial institute. Depending on the experience and needs of the financial institute, we may simply deliver a software solution or help the bank perform their risk analysis and set up an AML program. Our first role, of course, remains the delivery of a good software solution. What is the main purpose of a business analysis? The purpose of the business analysis is to be able to deliver a good working system. It requires explanation of the
Page 8 | NetPractice Exchange
products, listening to the customer, and translating the requirements to the solutions that can be delivered with the product and identify gaps between requirements and the features of the NetEconomy products. Who is typically present at a business analysis workshop from the client side? I like to invite all team members from the customer’s project team. Of course, the compliance-responsible people who make the decision about how the tool must be integrated in their daily operations must be present, but also the data, application and hardware responsible people should be there. Data is a crucial part of the success of the implementation. Also with implementations of our software, the rule “garbage in is garbage out” applies. If the data-responsible people are involved, the feasibility of desired functionality can be identified quicker. What are the most important skills of a business analyst? Be able to listen; be able to translate the functional needs to a software solution; be able to act a little stubborn in order to convince the customer to understand a different approach that has been proven to work before but that is not what was initially expected. How do you stay up-to-date on the latest financial crimes schemes? I stay up-to-date by reading several periodicals (e.g. ACAMS, www.moneylaundering.com), the several email groups that exist on the topic, and of course www.netpractice.org which contains alerts and links to the latest new topics in this market. Also, each Business Analyst is required to get a CAMS certification at some point. This means that in order to keep this certification, continuous learning is required. I just went through the recertification process and it reminded me how strict the ACAMS organization is in maintaining a good quality standard. Please describe the most ingenious custom risk view (detection scenario) that you ever had to create for a customer. When talking about the most ingenious risk view I must be careful not to become technical. The best views are often
the simplest ones. Those in which you think that the data is missing, or the ones that become difficult performance-wise are soon on your mind. With some creativity, solutions can often be found. What was your biggest challenge ever at a business analysis workshop? My biggest challenge is when there is doubt that a system can help in solving the requirements. This might be the case when the department was not involved in the decision to purchase a system or the NetEconomy system. At such a point, the challenge is to win confidence by explaining and showing what the product is capable of and showing that we can deliver. What do you think are the advantages of the business analysis process versus a standard configuration? The big challenge when using a ‘standard configuration’ is to fit different banks with different customers to one standard. Luckily the standard offers much flexibility. If you could say something to a prospective client about the business analysis process, what would it be? In business analysis, we bring the experience of many implementations from all over the globe at different financial institutions. These institutions were specialized in, for example, retail banking, business banking, or private banking. Some are internationally focused; others more domestic. We have seen small and large banks and are able to deliver a good solution to all. In business analysis,
Volume 2, No. 1, 2008
NetPractice Exchange This newsletter is a quarterly publication by NetEconomy B.V. for NetPractice members and others interested in NetPractice or NetEconomy in general. NetPractice Advisory Board Florisela Bentoera, CAMS, Manager Compliance and AML Operations, RBTT Dutch Caribbean, Curacao, Netherlands Antilles Deborah King, CAMS, VP Director AML Investigations, Citizens Financial Group, Medfort, MA, USA Michiel Peeperkorn, CAMS, Compliance Officer, ING Bank, Amsterdam, Netherlands Saskia Rietbroek, CAMS, Financial Crime Advisor, NetEconomy, Miami, FL, USA (Chair) Cindy Shelton Ryan, CAMS, Compliance Officer, Bank-Fund Staff Federal Credit Union, Washington D.C., USA Aleksejs Truhans, IT Development, Parex Banka, Latvia
The business analysis phase consists of a workshop, or series of workshops, detailing five main areas of implementation: (a) assessment of the business needs and overview of the product (b) the specifications of data requirements (c) the specifications of hardware requirements (d) technical and business core team member training (e) a description of any required customizations (outside of the implementation project scope). A business analysis is conducted for new customers who are implementing the solution for the first time, and for existing customers who are facing a material change in functional or regulatory requirements. For more information, please email: info@netpractice.org. the focus is on implementing a software product, but we can work with the bank on AML-related topics like conducting a risk assessment. In other words, the analysis can be very lean and mean, but in situations where needed the analysis can be broader.
NetPractice Staff Director: Stanley Harmsen van der Vliet, CAMS Marketing Coordinator: Roos Goosen This newsletter is for general information purposes only. The views expressed in this newsletter are not necessarily those of NetEconomy B.V. NetEconomy has taken all reasonable measures to ensure that the material contained in this newsletter is correct. However, NetEconomy offers no warranty and accepts no responsibility for the accuracy or the completeness of the material. In publishing this newsletter, neither the authors nor NetEconomy are engaged in rendering legal or other professional advice. NetPractice Loire 200-202 2491 AM, The Hague The Netherlands Tel: +31 (0) 70 452 5448 Fax: +31 (0) 70 452 5444 info@netpractice.org www.netpractice.org
Page 9 | NetPractice Exchange
Featured Functionality My List Matching Alerts In this section, we describe a functionality of ERASE that the NetEconomy Product Management team recommends you use. In this issue, we discuss the feature “My List Matching Alerts.” Prior to release 4.1.6 SR1, list matching alerts were always left unassigned and, once assigned to an investigator by the compliance manager, showed up in the My Alerts screen of that user along with “regular” alerts. ERASE 4.1.6 SR1 introduces a My List Matching Alerts screen. Unlike My Alerts, it provides users with data and functionality specifically for dealing with list matching alerts. Most important are the columns showing the subject data and list data for all the match fields that added to the overall score. These fields enable the investigator to determine at first glance if any differences between subject and list data can justify closing alerts without any further investigation. Compared to the existing Unassigned List Matching Alerts screen, columns showing the alert Priority, and the Match List that the Subject had a hit against have been added. This enables the investigator to focus on High Priority alerts first, for example, or deal with (terrorist) sanction list matches before moving on to PEP matches. Columns showing the Workflow and the Status of the alerts have also been added. When further investigation is needed, clicking on the button of an alert will display all (flattened) list records that the subject hit against in the Match Details tab at
Figure: My List Matching Alert window
Page 10 | NetPractice Exchange
the bottom of the screen. New for 4.1.6 SR1, this tab can provide a link to background information that takes the user to comprehensive records for that list entity. For example, when using the Factiva PFA (Public Figures and Associates), the complete Factiva record for that list entity is provided, in addition to a picture of the PEP (Politically Exposed Person) when available. To make optimal use of My List Matching Alerts, it is good to know that 4.1.6 SR1 also introduces an Alert Routing feature in the Configure section, which enables setup of automatic alert priority and user assignment for list matching alerts based on: • Match list (e.g. PEP, OFAC, UN, Other) • Business Unit to which the customer or account subject belongs • Foreign or Domestic matches for Factiva PEP, • If Foreign, whether or not the match is from a Flagged Country This functionality makes it easier to automatically distribute alerts to the right users, and for those users to prioritize Foreign PEP matches over Domestic PEP matches, for example. For more information, please go to our www.netpractice.org web site and visit our section Software Documentation release 4.1.6 SR1. Factiva Public Figures & Associates is a technology partner of NetEconomy, for more information please visit www.factiva.com web site.
Financial Crime News from Around the World Bermuda Expanding role for monetary authority The Bermuda Monetary Authority’s (BMA) responsibilities for AML regulation have been expanded. As of 2009, the BMA will monitor financial institutions for compliance with AML reporting requirements and other obligations. The government has proposed that the BMA assume responsibility not only for monitoring financial institutions but also for enforcing compliance with the preventive measures imposed under proceeds of crime and anti-terrorist finance regulations. The BMA is preparing drafts of primary and subsidiary legislation that will provide the legislative framework for the BMA’s expanded role. In addition, the BMA expects to complete work on guidance notes that will supplement the regulations in the second quarter of 2008. Guernsey Handbook on countering financial crime and terrorist financing On 18 September 2007, the Guernsey Financial Services Commission (GFSC) issued the “Handbook on countering financial crime and terrorist financing” (“Handbook”) and the “Proceeds of Crime Regulations, 2007” (“2007 Regulations”). The 2007 Regulations include requirements relating to: • Risk assessment and mitigation • Undertaking customer due diligence (CDD) • Monitoring customer activity and ongoing CDD • Reporting suspected money laundering and terrorist financing activity • Staff screening and training • Record keeping • Ensuring compliance, corporate responsibility and related requirements The Handbook provides a list of appropriate and effective policies, procedures, and controls and its structure is such that it permits a financial institution to adopt a risk-based approach appropriate to its particular circumstances. The Handbook offers a two-level approach. First, the commission rules define how the commission requires financial institutions to meet the regulations. Secondly, the guidance notes present methods that comply with the regulations and the commission rules. Both the Handbook and the 2007 Regulations came into effect on 15 December 2007. They can be found at http://www.gfsc.gg/content.asp?pageID=50 and are available within the NetPractice.org Interactive Knowledge Center. Poland 3rd round evaluation report The Council of Europe’s MONEYVAL Committee published on 15 January 2008 its 3rd Round Evaluation Report on Poland. This report analyses the implementation of international and European standards to combat money laundering and terrorist financing, assesses levels of compliance with the FATF 40+9 Recommendations, and includes a
recommended action plan to improve the Polish AML and CFT system. One of the main findings of the evaluation report is that although the identification of customers generally complies with international standards, several key elements of the customer due diligence (CDD) process, as set out in the FATF Recommendations, are insufficiently incorporated into laws or regulations. Additionally, there is no legal requirement to take reasonable measures to determine the natural person who ultimately owns or controls a customer and/or the person on whose behalf a transaction is conducted (also knowns the beneficial owner). There are also no provisions within the current AML Act or other regulations that sufficiently address the risk of cross-border correspondent banking. The report can be found at http://www.coe.int/moneyval and is available within the NetPractice resource center. USA FinCEN issued new CTR ruling On 25 January 2008, FinCEN issued a ruling (FIN-2008R001) to clarify the CTR filing obligations when reporting transactions that involve sole proprietorships. A sole proprietorship essentially means that a “Natural person” person does business in his or her own name and that there is only one owner. FinCEN explained how the CTR needs to be filled out involving these businesses operating under a “doing business as” (DBA) name. The present ruling replaces FIN-2006-R003. The ruling provides six examples on how to file a CTR and fill out the “A” section of a FinCEN Form 104 (CTR). The new ruling and previous ruling can be found on http://www.fincen.gov/reg_rulings.html and are available within the NetPractice resource center.
Page 11 | NetPractice Exchange
Poll Question Responses to last month’s poll question on www.netpractice.org were: Do you do a peer group analysis when monitoring for suspicious activity?
41.67% 29.17% 29.17%
The poll question for next month is: Who decides whether or not to close an account after filing a suspicious or unusual transaction report? • Compliance Officer • Senior Management • Relationship Manager • Can’t close because of legal restrictions Please submit your vote at www.netpractice.org
Never Always Sometimes
Calendar of Events How to Reduce the Cost of Your AML Operations
webinar www.netpractice.org
23 April 2008
Product Update ERASE 4.2
webinar www.netpractice.org
15 May 2008
How to Do Peer Group Analysis to Detect Suspicious Activity
webinar www.netpractice.org
29 May 2008
NetEconomy User Group Conference 2008
Dublin
10-11 June 2008
Insurance Industry Summit 2008
London
25 June 2008
Contact
NetPractice, Loire 200-202, 2491 AM The Hague, The Netherlands Phone: +31 (0)70 452 5440 Fax: +31 (0)70 452 5444, info@netpractice.com ©2008 Fiserv, Inc. 4/08