Professional Documents
Culture Documents
CFCS Study Manual PDF
CFCS Study Manual PDF
CFCS CERTIFICATION
EXAMINATION STUDY MANUAL
Preparing For The Certified
Financial Crime Specialist Examination
CFCS CERTIFICATION EXAMINATION STUDY MANUAL
Rivergate Plaza, 444 Brickell Avenue, Suite P60 Miami, FL 33131 USA
Executive Editor
Contributing Editors
TABLE OF CONTENTS
CHAPTER 1 ACFCS AND THE CHALLENGE OF FINANCIAL CRIME ..................................................................... 11
The Association of Certified Financial Crime Specialists ..................................................................................11
ACFCS Certification Examination ........................................................................................................................... 12
Construction of the CFCS Certification Exam ..................................................................................................... 13
Job and Career Benefits from CFCS Certification ............................................................................................... 14
Conclusion ..................................................................................................................................................................... 14
CHAPTER 2 FINANCIAL CRIME OVERVIEW, COMMONALITIES AND CONVERGENCE .................................15
Financial Crime Overview ......................................................................................................................................... 15
Defining Financial Crime and its Permutations .................................................................................................. 16
Technology Changes Complexion of Financial Crime .......................................................................................16
Globalization of Financial Crime ..............................................................................................................................17
Commonalities of All Financial Crimes ...................................................................................................................17
Capitalizing on the ‘Commonalities’ and Exploring ‘Convergence’ ................................................................ 21
Conclusion .................................................................................................................................................................... 22
CHAPTER 3 MONEY LAUNDERING.............................................................................................................................23
Overview ....................................................................................................................................................................... 23
The Financial
Action Task Force ...................................................................................................................................................... 24
Money Laundering Methods .................................................................................................................................... 25
The Three Stages of Money Laundering .............................................................................................................. 26
The Russian Laundromat ...........................................................................................................................................27
Money Laundering Indicators ................................................................................................................................. 29
Financial Institution Money Laundering Methods and Vehicles .................................................................... 32
The Egmont Group of Financial Intelligence Units............................................................................................ 33
Non-Financial Institution Money Laundering Vehicles .................................................................................... 36
The Odebrecht Corruption Scandal .......................................................................................................................37
The Role of Lawyers, Accountants, Auditors, Notaries and Other Gatekeepers ....................................... 38
Regulatory Frameworks for Gatekeepers............................................................................................................. 38
Real Property and Money Laundering .................................................................................................................. 39
Structures That Hide Beneficial Ownership ....................................................................................................... 43
The US Money Laundering Law ...............................................................................................................................47
Terrorist Financing .................................................................................................................................................... 48
Conclusion .................................................................................................................................................................... 56
Chapter 3 Practice Questions ..................................................................................................................................57
CHAPTER 4 UNDERSTANDING AND PREVENTING FRAUD .................................................................................59
Overview ....................................................................................................................................................................... 59
Understanding and Recognizing Types of Fraud ...............................................................................................60
Fraud in loans and mortgages ................................................................................................................................. 64
Insurance and health care fraud ............................................................................................................................ 70
Credit and debit card fraud ...................................................................................................................................... 71
Fraud in government benefits ..................................................................................................................................72
Internal Fraud ...............................................................................................................................................................72
Identity Theft and Fraud............................................................................................................................................74
ACFCS
AND
THE
CHALLENGE
OF FINANCIAL
CRIME
11
CHAPTER 1 • ACFCS AND THE CHALLENGE OF FINANCIAL CRIME
12
@2019 Association of Certified Financial Crime Specialists
CHAPTER 1 • ACFCS AND THE CHALLENGE OF FINANCIAL CRIME
13
@2019 Association of Certified Financial Crime Specialists
CHAPTER 1 • ACFCS AND THE CHALLENGE OF FINANCIAL CRIME
14
@2019 Association of Certified Financial Crime Specialists
CHAPTER 2
FINANCIAL
CRIME
OVERVIEW,
COMMONALITIES
AND FINANCIAL CRIME OVERVIEW
CONVERGENCE
The world is awash in financial crime. No person or organiza-
tion, public or private, secular or religious, profit or nonprofit is
immune. Perpetrators of financial crime come in many forms,
often using the façade of sham or shell legal entities to conduct
their criminal activity.
15
CHAPTER 2 • FINANCIAL CRIME OVERVIEW, COMMONALITIES AND CONVERGENCE
Much of this fraud, and thousands of other similar This Manual covers all of them, focusing mainly
instances worldwide, is facilitated by corruption on crimes that have a cash or economic advan-
of the participants in the programs or in the pub- tage as their primary objective. However, the
lic agencies that conduct them. Lax controls and Manual does not deal with some profit-motivated
auditing, poor supervision by regulators, inade- crimes, such as drug trafficking, illegal gam-
quate enforcement by investigative agencies and bling, nuclear trafficking, prostitution and similar
inattention to recovering the assets stolen by offenses. While these crimes are also motivated
financial criminals emboldens others and breeds by the desire to make money, they do not fit into
more financial crime. the financial crime categories in this Manual.
Government agencies and private sector victims For your needs, we will cover those crimes in
of financial crime fare poorly in recovering the which perpetrators possess or control the crim-
funds that are taken unlawfully from govern- inal proceeds. At that point, these criminals
ment programs and from private sector victims. become classic financial criminals who must
While estimates are inherently difficult, statistics engage in some of the common steps that all
issued by government agencies suggest that only financial criminals take. Money laundering is
2 to 5 percent of assets that private- and pub- present in all financial crimes and is a common
lic-sector victims lose to financial criminals is and essential element that all financial crimes
ever recovered. Asset recovery is addressed in its share, regardless of how they made their money.
own chapter of this Manual.
What is financial crime? A good working defini-
tion may be that it is a non-violent action that
DEFINING FINANCIAL CRIME AND ITS results in the unlawful taking, moving, hiding or
PERMUTATIONS disguising of money or other value by the use of
Permutations and perpetrators of financial crime guile, artifice, corruption or deception for the
constantly evolve. At any given moment, persons benefit of the perpetrator or of another.
in all parts of the world are conceiving new ways
to take money or gain economic advantage ille- Financial crimes include corruption, money laun-
gally from organizational and individual victims. dering, fraud, tax evasion and sanctions viola-
tions. Each of these categories has subsets, off-
Except for crimes of passion and those committed shoots or tributaries. For example, identity theft
to make an ideological statement, such as terror- and embezzlement are subsets of fraud. Corrup-
ism, all crimes are committed to make money or tion exists in both the public and private sectors.
gain an economic advantage. Even crimes of pure Money laundering may be practiced in many
passion sometimes have a financial element, such ways and may involve persons in all walks of life
as in the case of a person plotting the murder of and private and public-sector organizations. One
a family member to claim a life insurance policy. type of financial crime often overlaps another, as
is discussed below in the section dealing with the
Most financial crimes have four phases: commonalities of financial crime.
16
@2019 Association of Certified Financial Crime Specialists
CHAPTER 2 • FINANCIAL CRIME OVERVIEW, COMMONALITIES AND CONVERGENCE
theft, for example, is not a new type of crime, but on financial institutions, businesses, and other
the advance of technology has spurred its growth organizations, all at a significant cost.
and made it a global menace. Similarly, cyber-
crime did not exist before the arrival of digital Even in the face of these mighty defensive and
technology and the Internet. offensive efforts composed of private- and pub-
lic-sector organizations, financial crime contin-
Financial crime today is more extensive, complex ues to grow. Financial criminals are industrious
and technology-driven than ever before; so are and find weaknesses, loopholes, negligence or
the government and private sector efforts against corruption to facilitate their crimes.
it. Investigative and enforcement procedures and
regulatory measures that seek to block or detect
financial crime need to grow at the pace of the GLOBALIZATION OF
evolving techniques of financial criminals. FINANCIAL CRIME
Financial crime flourishes when it crosses
New laws and regulations, multinational agree- national borders. By crossing these borders, the
ments, treaties and conventions, and working financial criminal complicates law enforcement
groups are all aimed at financial crime. Non-gov- efforts by forcing the agencies of one country to
ernmental organizations, such as the Financial obtain the cooperation of their counterparts in
Action Task Force (FATF), the Egmont Group, other countries for the purpose of gathering evi-
Interpol and others, have been formed in the past dence or locating suspects and witnesses. It usu-
fifty years to help public and private sector orga- ally causes the pertinent authorities to seek the
nizations to combat financial crime. assistance of an international treaty, convention
or agreement, or an international organization
Starting in 1990 with the creation of the US such as Interpol.
Financial Crimes Enforcement Network (FinCEN),
nations began creating agencies that have come This takes extra time, which favors the financial
to be known as Financial Intelligence Units (FIUs) criminal. As time passes, the financial criminal is
that facilitate international information sharing better able to find refuge for the financial crime
and cooperation. The success of these efforts proceeds, tamper with the evidence and even
often depends on the political will of nations to seek safe haven.
accept, adopt and enforce them.
The more than 60 “secrecy havens” around the
The patchwork of national and international globe, ranging from obscure islands, such as
requirements and standards places the duty to Nauru and Tortola, to long-standing havens, such
monitor, investigate, report, train and remediate as Lichtenstein and Switzerland, are a conve-
nient and vital resource for financial criminals to
move and hide their assets. These havens provide
financial criminals a crucial resource that com-
pletes the crime.
COMMONALITIES OF ALL
FINANCIAL CRIMES
There are many types of financial crime, such as
money laundering, fraud and corruption, each
with distinct subsets, such as terrorism and
17
@2019 Association of Certified Financial Crime Specialists
CHAPTER 2 • FINANCIAL CRIME OVERVIEW, COMMONALITIES AND CONVERGENCE
Europe/Mediterranean Andorra,a Channel Islands (Guernsey and Jersey),e Cyprus,e Gibralter, Isle of
Man, Ireland,a,b,e Liechtenstein, Luxembourg, Malta,ᵉ Monaco, San Marino,ᵃ,
Switzerlanda,b
Pacific, South Pacific Cook Islands, Marshall Islands,a Samoa, Nauru,c Niue,a,c Tonga,a,c,d Vanuatu
A Table Listing Countries that Appear on Multiple Lists of Tax Havens Issued by Countries and NGOs, Including
the OECD, US Government and Others. Source: US Congressional Research Service Report in 2015,
“Tax Havens: International Tax Avoidance and Evasion”
threat finance, identity theft and commercial thief and other financial criminals, at some point,
bribery. But, they all share several constant com- must hide or disguise the criminal proceeds. The
monalities, which make them more alike than not. domestic or international movement of “clean”
money for the purpose of committing a financial
Recognizing and exploiting the commonalities crime, money laundering is a necessary function
helps private- and public-sector organizations of the financial criminal because it permits him to
build a cohesive, comprehensive and collabora- mask his involvement in the financial crime, evade
tive approach to financial crime, and maybe get the payment of taxes and move the money to
even better results. The issue of convergence is hide it from victims and government authorities.
discussed in this chapter. The broad reach of most money laundering laws
and the predicate crimes that activate prosecu-
Financial crimes have these commonalities: tions for money laundering, as well as the inter-
All financial crimes involve money laundering. national money laundering control standards of
At some point in the planning and execution of the Financial Action Task Force (FATF) and other
financial crimes, all of them involve money laun- world bodies, lend credibility to the fact that all
dering. A business involved in a foreign corrupt financial crimes involve money laundering.
payment, a public official who receives illicit pay-
ments, a violator of sanctions laws, an identity
18
@2019 Association of Certified Financial Crime Specialists
CHAPTER 2 • FINANCIAL CRIME OVERVIEW, COMMONALITIES AND CONVERGENCE
19
@2019 Association of Certified Financial Crime Specialists
CHAPTER 2 • FINANCIAL CRIME OVERVIEW, COMMONALITIES AND CONVERGENCE
20
@2019 Association of Certified Financial Crime Specialists
CHAPTER 2 • FINANCIAL CRIME OVERVIEW, COMMONALITIES AND CONVERGENCE
known as the Egmont Group.2 The Group facili- multiple countries, especially in today’s elec-
tates the exchange of data and intelligence among tronic world.
its members, under security protocols, with the
goal of improving multinational efforts against The many bilateral agreements and multina-
financial crime. tional treaties, mutual legal assistance treaties,
tax information exchange agreements, financial
All financial crimes create the need for asset information exchange agreements, inter- gov-
recovery. All financial crime leaves someone ernmental agreements, extradition treaties and
poorer than they were before. The major recent other international cooperative agreements that
financial crimes, such as the Bernie Madoff Ponzi bear on financial crime underscore the interna-
scheme, the international bank mega-fraud of tional nature of these crimes.
Allen Stanford, the legal settlements scheme
of Scott Rothstein and others have left behind Some laws have an international focus by defi-
tens of thousands of victims with billions of dol- nition or by their very name. The US Foreign
lars in losses. Corrupt Practices Act (FCPA) is an example. The
placement of law enforcement agents of a coun-
Thousands of less-celebrated financial crim- try in their nation’s embassies overseas and the
inals worldwide leave millions of other vic- work of international organizations, such as
tims behind. Victims that have the resources to Interpol and the FATF, all highlight the cross-bor-
attempt to recover their assets rarely succeed in der nature of major financial crimes.
these efforts. Government agencies that seek to
recover funds that are stolen from government Financial crime often involves public or private
programs are no more successful in their efforts, sector corruption. Nothing facilitates financial
despite the strong asset recovery, legal and judi- crime more than a corrupt or complicit business
cial weapons they possess.3 insider or public official. Corruption is the engine
that drives most major international financial
Asset recovery is the neglected art of the finan- crime. Appreciation of the corrosive effect of cor-
cial crime continuum. The failure to recover the ruption has moved many organizations to mount
assets taken by financial criminals is a primary a broad, still blossoming assault on corrup-
cause of the growth of financial crime. The deter- tion in recent years, as evidenced in part by the
rent effect that successful asset recovery could revised 40 Recommendations of the FATF. Global
achieve is missing. Financial criminals have the anti-corruption is covered in its own chapter
pleasant reality that they rarely are required to of the Manual.
relinquish the money they take from their victims
— even if they go to prison. Asset recovery is dis- Public and private-sector corruption has many
cussed extensively in a later chapter. variations. Examples include the unlawful pay-
ment by a business to the employee of another
All (major) financial crimes involve more than one business to obtain trade secrets, or the bribery of
country. Whether it is the location of the financial a regulator to turn a blind eye to criminal activity
crime victim, the base of operations of the finan- in a financial institution or other type of business.
cial criminal or his co-conspirators, the home of
the financial institutions they use, or the coun-
tries where the criminal proceeds moved through
or were applied, all major financial crimes involve
2. To learn more, please click here: www.egmontgroup.org
3. While it is hard to ascertain an exact number for obvious reasons, it is estimated that five percent or less
of assets are recovered from financial crimes.
21
@2019 Association of Certified Financial Crime Specialists
CHAPTER 2 • FINANCIAL CRIME OVERVIEW, COMMONALITIES AND CONVERGENCE
22
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3
MONEY
LAUNDERING
OVERVIEW
23
CHAPTER 3 • MONEY LAUNDERING
24
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
tomers and owners, together with their corrupt- In a sanctions violation, a corporation that wants
ing influence in government operations. to continue doing business with a sanctioned
country routes the money involved in a prohib-
Today, nearly every country has enacted money ited transaction through a third party that does
laundering laws with widely varying character- not reside in, or have direct relationships with,
istics. However, in general, they are all designed the sanctioned country. That is money laun-
to serve as a deterrent to financial and other dering as well.
criminals by criminalizing their relationships
with financial institutions and other legitimate In fact, any attempt or conduct designed to hide
businesses, reducing their wealth and increasing and conceal the source, movement, control or
the risk for financial institutions and other busi- ownership of money illegally derived is an act
nesses that knowingly do business with them. of money laundering. Similarly, a process that
involves the movement of money derived through
legitimate means, but which is intended or des-
MONEY LAUNDERING METHODS tined to be used to commit a crime, such as in
In one simple example, to carry out a Ponzi the above example of the corrupt foreign official,
scheme, the promoter must disguise the funds he is also money laundering under the laws of many
is paying to the initial victims of the scheme as nations, including the United States.
their “investment earnings” when they truly rep-
resent funds received from later victims. That is The Financial Action Task Force (FATF) is an
money laundering. intergovernmental organization formed in 1989
designed to establish global standards on money
Another example is a scheme in which a company laundering controls. It is based in Paris. Long
draws funds from its account in its home country ago, the FATF developed a working definition of
and transports the funds across national borders money laundering involving funds that originated
so that they may be given, through an interme- in illegal activity:
diary or “bagman,” to a public official in another
country. The purpose of the illegal payment is to 1. The conversion or transfer of property,
influence the official acts of the public official. The knowing that such property is derived
movement of those funds is money laundering. from a criminal offense, for the purpose of
concealing or disguising the illicit origin
of the property or of assisting any person
who is involved in the commission of such
an offense or offenses to evade the legal
consequences of his actions;
2. The concealment or disguise of the true
nature, source, location, disposition,
movement, rights with respect to, or
ownership or property, knowing that such
property is derived from a criminal offense;
3. The acquisition, possession or use of
property knowing at the time of receipt that
such property was derived from a criminal
An image of Charles Ponzi taken August 1920. That offense or from an act of participation in
year, Ponzi launched the investment fraud scheme such offense.
that would later come to bear his name.
25
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
26
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
the criminal proceeds and their source by the more difficult it is to uncover the location of the
creation of layers of financial transactions that funds, establish their susceptibility to recovery,
disguise their flow and reduce their ability to be and pin the crime on the perpetrator.
traced. It often involves multiple participants and
entities, like shell corporations and cross- border Electronic fund transfers are probably the most
transactions. important layering method that money launder-
ers use. Millions of transfers are sent annually
The more complex and numerous the layers con- worldwide because they provide the advantages
structed by the financial or other criminal, the of speed, distance and increased anonymity.
The scheme was reportedly orchestrated by a group of Russian businessmen, some with criminal
pasts and most with ties to the Russian government. The arrangement had all the hallmarks of
a complex money laundering scheme, utilizing weak points in the company formation processes,
legal system and financial systems around the globe. It illustrates the ingenuity of sophisticated
financial criminals.
The Russian Laundromat was unveiled in 2016 and has prompted investigations in several coun-
tries, including the UK, Moldova and Russia. Three officials of Moldova’s central bank, along with 15
judges, have been arrested in the case.
27
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
28
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
an inflated price. Laundered funds thus enter effects on society. Among them are the foster-
into the financial system as legitimate profit from ing of public corruption, unfair competition with
a property sale. legitimate businesses, and a weakening of finan-
cial institutions.
Trade-based money laundering is a popular inte-
gration method to launder funds across borders.
This involves using false or over-invoiced import/ MONEY LAUNDERING INDICATORS
export transactions. Trade-based laundering will It is always advisable to visit the websites of
be covered in more detail later in this chapter. appropriate government agencies in one’s coun-
try to view the indicators, recommended training
Other integration techniques can include: topics, suggested best practices and other vital
• Purchasing or investing in legitimate information that can serve financial crime offi-
businesses using laundered proceeds cers, including AML specialists. The websites of
many of these agencies and the umbrella organi-
• Making investments in securities with
zations under which they have banded together,
laundered funds
such as the FATF and the Egmont Group, are con-
• Business arrangements between entities tained in the References section of this Manual.
controlled by financial criminals, such
as zero-interest loans made between Searching open-source information is a vital ele-
shell companies, purported repayment of ment of financial crime due diligence, investiga-
debts between companies, false invoicing tions, historical reviews and analyses in all sit-
schemes and more. uations, especially where terrorist financing or
money laundering may be in play.
Lawyers, accountants and intermediaries, such
as company formation agents, can also play a One of the pioneers in building public and pri-
role in integration, with or without their knowl- vate sector defenses against money laundering
edge. Launderers can use consultants and other was Australia. It was one of the earliest countries
third parties to make financial transactions on to establish a Financial Intelligence Unit (FIU),
their behalf, such as purchasing assets or making which is called Austrac. This respected agency,
investments. They can also set up fictitious con- which has been in the forefront of the world effort
sultancies to funnel money back to themselves or against financial crime and its component, money
their associates. laundering, since 1990, published what it called
the following “non-exhaustive” listing of money
In general, the use of secrecy havens, coupled laundering indicators in 2009.
with one or more of these tactics, allows the
financial criminal and money launderer to con- Austrac recommended that financial institutions
ceal beneficial ownership from corporate records, and other business organizations should include
utilize nominee officers, managers and corporate these indicators in their training programs, but
directors as fronts, and distort the business lifes- warned that: “Money launderers and terrorism
pan of the offshore entities that were purchased financiers will continuously look for new tech-
or established for use in the money laundering niques to obscure the origins of illicit funds to give
activities. More on secrecy havens will be dis- the appearance of legitimacy to their activities.
cussed in later chapters. (Anti- Money Laundering and Counter Terror-
ist Financing) officers should continually review
Regardless of the stage or technique used, money their products, services and individual customers
laundering has serious economic and social
29
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
30
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
• Use of student accounts after their departure • Outgoing transfer with corresponding
from the country incoming funds transfer – appears to be a
• Significant cash withdrawals from ‘u-turn’ transaction or ‘round tripping’
superannuation accounts • Purchase of travelers checks with cash
• Unusual bank account activity into and out of • Withdrawing all, or nearly all, funds from an
superannuation account(s) account within a short period of time
• Use of inactive account • Structuring of funds transfers or
transactions
GAMBLING INDICATORS • Similar transactions conducted over a short
• Betting accounts with large deposits but with period of time
minimal betting activity • Use of stored value cards
• Cash withdrawals from betting accounts in
checks and vouchers INTERNATIONAL ACTIVITY INDICATORS
• Client is a known frequent gambler and/or • Funds transferred to overseas account but
high roller at a casino then withdrawn in (the country)
• Large funds transfers after gambling activity • Funds transfers to numerous offshore
• Structuring of gambling purchases, payouts jurisdictions with no business rationale
and withdrawals • Departure from (the country) shortly after
• Unusual pattern of phone betting making funds transfers
transactions • Funds transfers involving a tax haven
• Multiple deposits made to same overseas
BUSINESS ACCOUNT INDICATORS account by different people
• Company account used for personal use • Large international funds transfers
• Business activity inconsistent with • Use of multiple remittance service providers
business profile to transfer funds to common overseas
• Use of false company beneficiaries
31
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
32
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
The Egmont Group defined an FIU as a central, national agency responsible for receiving (and, as
permitted, requesting), analyzing and disseminating to the competent authorities’ disclosures of
financial information: (i) concerning suspected proceeds of crime and potential financing of terror-
ism, or (ii) required by national legislation or regulation, in order to counter money laundering and
terrorism financing.
The goal of the Egmont Group is to provide a forum for FIUs around the world to improve cooper-
ation in the fight against money laundering and financing of terrorism and to foster the implemen-
tation of domestic programs in this field. The Egmont Group provides support to member FIUs in
the following ways:
33
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
However, financial institutions are a particularly third bank may be “nested” in the correspondent
important vehicle to criminals for the disposal account, conducting improper or illegal transac-
and movement of criminal proceeds. They have tions with that access.
vulnerable operations, customers and relations
that can serve money launderers well. It is also a best practice to prohibit the establish-
ment of correspondent accounts for foreign shell
Following is a partial listing of some of the vul- banks that have no physical presence and are vir-
nerabilities. tual shams that exist only for the convenience of
money launderers and other criminal interests.
CORRESPONDENT BANKING ACCOUNTS
This is a bank service by which a bank in other PAYABLE-THROUGH ACCOUNTS
geographic locations, often called the ‘respon- Sometimes, a correspondent bank allows the
dent bank,’ is allowed to establish an account at customers of a foreign bank to conduct trans-
the correspondent bank through which actions for themselves through accounts called
payable-through accounts. These types of rela-
it may conduct specific transactions. Many banks tionships are fraught with dangers for the corre-
have multiple correspondent accounts around spondent account for various reasons. For exam-
the world, which allows them to conduct inter- ple, the local bank may lack knowledge about the
national financial transactions for themselves foreign bank’s customers and the nature of their
and their customers where they have no phys- transactions. There is also the possibility that the
ical presence. Large global banks often act as foreign bank may be allowing transactions by its
correspondents for many other banks worldwide. customers that are prohibited under local law or
These so-called respondent banks receive various that the correspondent bank normally does not
services through their correspondent accounts, allow to be conducted.
including wire transfers, foreign exchange ser-
vices, cash management, check clearing and CONCENTRATION ACCOUNTS
other services. Concentration accounts are internal accounts
established to facilitate the processing and set-
Correspondent banking relationships often force tlement of multiple or individual customer trans-
a financial institution to execute the transactions actions within the bank, usually on the same day.
for customers of another bank. Thus, the corre- These accounts are also known as special-use,
spondent bank provides services for customers omnibus, settlement, suspense, intraday, sweep
which it has not fully identified or about whom or collection accounts. Concentration accounts
it has no adequate knowledge of. Correspondent are frequently used to facilitate transactions
accounts are also known for the large sums that for private banking, trust and custody accounts,
are involved in the transactions, thus raising the funds transfers and international affiliates.
stakes of the host correspondent bank.
PRIVATE BANKING
It is a best practice for a financial institution to
identify the true owners of a foreign bank that Private banking is a banking service for wealthy
seeks to establish a correspondent account and individuals that provides personalized and often
to examine deeply the account activity that is confidential services. It is a lucrative, competitive
contemplated for the account to protect against and worldwide industry that has played a role in
money laundering. A correspondent account many major money laundering cases in recent
must also guard against the possibility that a years. Private banking fees are often based on the
34
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
100 95%
90
80
70
60
50
40 35%
30
20%
20 15%
12%
10 4%
1%
0
Financial Money Casinos Trust Law Firms Internet Prepaid
Institutions Service Companies Payment Card
Businesses and/or Systems Providers
Accounts
PERCENTAGE OF MONEY LAUNDERING CASES INVOLVING THE USE OF DIFFERENT SECTORS . SOURCE:
FINANCIAL TRANSACTIONS AND REPORTS ANALYSIS CENTRE OF CANADA (FINTRAC)
35
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
NON-FINANCIAL INSTITUTION
MONEY LAUNDERING VEHICLES
As stated above, there are few instrumentalities,
entities, organizations or individuals that do not
pose a risk of being used for money laundering
activities; financial institutions are not the only
avenue for money laundering. The following list
and brief explanations highlight some of the
more important persons, entities and instru-
ments that should receive scrutiny, particularly
by financial institutions that are asked to open an
account relationship, or commercial entities that
are liable under global anti-corruption rules and
regulations. tomer identification procedures, for bets or pro-
ceeds over a certain threshold -- the same as
INSURANCE other financial institutions.
Life insurance and annuities contain the highest
money laundering risk in the insurance realm. DEALERS IN PRECIOUS METALS,
Money launderers can purchase insurance poli- JEWELRY AND ART
cies and then later redeem them and request the Precious metals, jewelry and art have great
funds be deposited into a bank account. Insur- money laundering vulnerabilities because of the
ance policies with certain characteristics are way they are traded and bought and sold. Money
much more attractive to launderers than others, launderers value them in their trade because
including transferable policies and those with a of their high intrinsic value, convertibility and
cash surrender value. potential anonymity in transfers.
Also, contracts for annuities may allow the ben- POLITICALLY EXPOSED PERSONS
eficiary, who could be a financial criminal, to
exchange illicit funds for an income stream. Pay- For years, corruption of public officials has been
ments from annuities are usually made monthly. a primary concern of many nations and inter-
national bodies, including some of the principal
CASINOS players in formulating global standards on money
laundering. They recognize that public corrup-
Casinos generate and receive substantial cash tion is a principal facilitator of financial crime and
and are vulnerable to money laundering via facil- a destabilizing element to nations, contributing
ities they offer to their customers to manage to poverty, reduced social services, and poorer
and dispose of money. Inserting illicit funds into fiscal health. For these reasons, public officials
a gambling operation and then cashing out the or Politically Exposed Persons (PEPs), are now a
funds as gambling proceeds is a popular method focus of public and private sector efforts in the
to launder funds, due to the relative anonymity of control of money laundering.
many gambling venues and the ability to conceal
sudden spikes in income as winnings. Exactly who is considered a PEP can vary based
on the laws and regulations of different jurisdic-
In many jurisdictions, casinos are required to file tions. Most use some variation on the definition
transaction reports, as well as undertake cus- provided by the FATF in its 40 Recommendations.
36
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
• Foreign government officials, such as heads Often, that reach is augmented by the simulta-
of state, legislators, judicial or military neous enforcement of the money laundering and
officials, officials in political parties, or other other laws in a particular case.
more senior appointed officials
• Officials at state-owned enterprises, such
as a government-controlled oil company
executive or administrator of a state-run
health system
• Domestic government officials such as
THE ODEBRECHT
heads of state, legislators, judicial or military CORRUPTION SCANDAL
officials, officials in political parties, or other
more senior appointed officials In March 2014, federal law enforcement
agents in Brazil were pursuing an inves-
• Officials of international organizations – This tigation into an alleged money laundering
includes non-governmental organizations ring when they uncovered a much wider
like the Red Cross and global sporting bodies network of corruption and financial crime.
like FIFA, among others
• Close associates can include business The probe, later dubbed “Operation Car
partners, individuals connected through Wash,” would expose an enormous bribery
a charity or non-profit venture, or even scheme involving two of Latin America’s
social connections like an official’s largest companies, the Brazilian state-
long-time friends owned oil company Petrobras and con-
struction firm Odebrecht.
Not every government employee or official is nec-
essarily a PEP - the FATF’s definition only includes Odebrecht was revealed to have made
government officials in “prominent positions.” over $800 million in corrupt payments to
Some countries consider only officials in “prom- government officials to win contracts and
inent positions” to be PEPs, while others cast a secure business in twelve countries. Doz-
wider net that includes less senior roles. Likewise, ens of high-level political figures, includ-
whether or not domestic officials are considered ing the former presidents of Brazil, Peru
to be PEPs will vary country by country. and Colombia, were investigated for tak-
ing funds connected to Odebrecht.
Some institutions have developed their own
internal lists of roles and responsibilities that The sweeping case ultimately led to a
qualify as “prominent positions.” This practice record-setting $3.5 billion penalty on
can prove useful when screening customers for Odebrecht and its petrochemical unit,
their PEP status, as required in customer due dil- Braskem S.A from the US Department of
igence programs. Chapter 11 on Compliance Pro- Justice and enforcement agencies in Brazil
grams will feature more on this topic. and Switzerland.
Apart from that, various nations, particularly the It is considered one of the largest corrup-
United States with its Foreign Corrupt Practices tion scandals in history. It is also a glaring
Act (FCPA), the United Kingdom with its UK Brib- example of the potential money launder-
ery Act and Canada with its Corruption of For- ing threat presented by politically-ex-
eign Public Officials Act (CFPOA), have enacted posed persons, or PEPs.
legislation with substantial extraterritorial reach.
37
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
These anti-corruption laws, which are addressed Recognizing the roles and abilities that different
in the chapter on global anti-corruption, place types of gatekeepers possess in your jurisdiction
greater compliance pressure on banks and other will help you better identify and assess their risks.
financial institutions that are the primary focus
of money laundering laws and regulations. Not
only may these businesses be involved directly REGULATORY FRAMEWORKS
in a Foreign Corrupt Practices Act violation, they FOR GATEKEEPERS
may also be implicated, knowingly or through The FATF and certain other international stan-
“willful blindness,” in facilitating the foreign cor- dard-setting bodies recommend that jurisdic-
rupt payment. tions impose AML/CTF regulations on gate-
keeper roles.
THE ROLE OF LAWYERS, In 2003, the FATF recommended that gatekeep-
ACCOUNTANTS, AUDITORS, ers be considered Designated Non-Financial
NOTARIES AND Businesses and Professions (DNFBPs), which
OTHER GATEKEEPERS would make them subject to compliance with
The global financial system is not composed of the regulatory framework laid out in the 40 Rec-
banks and other financial institutions alone. A ommendations.
wide range of facilitators – professionals who
move funds for clients, help manage assets or This would generally mean that gatekeepers are
interact with financial institutions, provide tax expected to implement AML compliance control
advice, purchase real estate, or form trusts and using a risk-based approach, similar to require-
legal entities – can help open the door to the ments for financial institutions. This includes
wider financial system. the following:
• Implementing customer
Like financial institutions, they, too, are vulner- identification measures
able to being exploited in money laundering and
financial crime schemes. These professionals are • Conducting due diligence on clients
often referred to as “gatekeepers” because they and transactions for AML and
can provide “access (knowingly or unwittingly) to financial crime risks
various functions that might help a criminal with • Reporting on suspicious transactions or
funds to move or conceal, per the FATF. client activity to their jurisdiction’s financial
intelligence unit
Types of professions considered to be gatekeep- • Maintaining records in the case they are
ers can vary somewhat by jurisdiction – profes- needed for regulatory compliance or law
sions can have different abilities, roles and limita- enforcement investigations.
tions in different countries.
Not every country has adopted this regulatory
For examples, notaries in many countries with framework for gatekeepers. In many Latin Amer-
civil law systems – such as Latin American coun- ican, Asian and European countries, most gate-
tries and most European countries – can help keeper professions are subject to AML compli-
clients form companies, create trusts, draft con- ance regulations. In the US and Canada, lawyers
tracts and provide many other legal services. In and other legal professionals have no govern-
other countries, such as the US and UK, notaries ment-mandated regulations, only voluntary stan-
play a much more limited role, primarily acting as dards put forth by industry groups.
witnesses when important documents are signed.
38
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
ASSESSING THE RISKS OF GATEKEEPERS tain types of clients and provide certain low-risk
Gatekeepers are generally considered a medium services. If a gatekeeper does not generally pro-
to high risk by banks and other financial institu- vide services that facilitate transactions, hold
tions that might hold accounts or conduct trans- assets or create or manage legal entities, only
actions with these professions. Certain services has domestic clients, and/or interacts with their
provided by gatekeepers are riskier than others, clients face-to-face, then they would generally
and the types of functions a gatekeeper offers, be considered lower-risk than other types of
along with the geographic reach and the custom- gatekeepers.
ers served, will significantly impact the gatekeep-
er’s AML risk. One final factor that can impact gatekeeper risk
is “professional secrecy.” In many countries, some
A 2013 report on gatekeeper risks by the FATF gatekeeper roles, such as attorneys, have tradi-
assessed SAR/STR filings made by attorneys and tionally enjoyed a high level of secrecy in their
other gatekeepers. It found the most common dealings with clients. In some countries, this
services that came up in SAR/STR reports filed secrecy is legally mandated. One example of
by gatekeepers: “professional secrecy” is the attorney-client privi-
lege in jurisdictions, such as the US.
• Real estate transactions
• Formation of trusts
• Formation of companies, and mergers and REAL PROPERTY AND
acquisitions of existing companies MONEY LAUNDERING
• Trust and company services – i.e., acting as a Also known as asset conversion and typically
trustee or corporate agent done during the integration phase of money
laundering, this is the purchase of goods -- typ-
Along with the nature of services, the way a ically high-value and portable items such as gold,
gatekeeper interacts with clients impacts the precious stones or vehicles. Real estate is also a
risk. Some factors that increase risk include common target for asset conversion schemes. We
the following: will focus on vehicles and real property here; pre-
cious metals and art are discussed elsewhere in
this chapter.
• Interfacing with domestic or international
politically-exposed persons (PEPs) and other
high-net-worth clients
• Taking on the role as third parties to
financial transactions
• Being a nexus to high-risk countries
Working with cash-intensive businesses
39
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
40
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
lower to accommodate the direction in which the frequently no apparent connection between the
money launderer wishes to move the money. To various accounts and deposits involved.
provide the trade transaction with an air of legit-
imacy, the money launderers may choose to use STRUCTURING
a financial institution to obtain trade financing Structuring is a close companion to smurfing.
and the documentation that goes with it. A more Structuring involves splitting up funds into mul-
thorough examination of trade-based money tiple deposits below certain thresholds to avoid
laundering can be found in Chapter 10, Money triggering reporting requirements. Most juris-
and Commodities Flow. dictions have imposed regulations requiring
many types of financial institutions to report
BLACK MARKET PESO EXCHANGE (BMPE) transactions above a certain amount. In the US,
In simple terms, this is a process by which money for example, institutions are required to file a
derived from illegal activity in one country is Currency Transaction Report (CTR) for depos-
purchased by peso brokers, who sell currency or its above $10,000. Structuring of deposits aims
monetary instruments to legitimate businesses. to avoid this reporting requirement and escape
This method is also widely used for legitimate detection of federal authorities.
purposes in many countries, including Colom-
bia. A more thorough description of BMPE, as it In many jurisdictions, structuring is illegal in and
is commonly known, is available in Chapter 10, of itself, and institutions are required to monitor
Money and Commodities Flow. for patterns of deposits that indicate structuring
is taking place.
PREPAID CARDS AND E-CASH
Smart cards are an ever-present money launder- BULK CASH SMUGGLING
ing threat because they store value in electronic Criminal operations, such as narcotics or human
form that serves as the equivalent of currency. trafficking, often generate large amounts of hard
Some countries allow prepaid, or “smart” cards, currency. In order for this cash to be concealed,
to carry unlimited value, while others place mon- placed within the financial system or utilized by
etary limits on them. More on prepaid cards, a financial institution, it often must be smuggled
virtual currencies and other evolving payment into another jurisdiction. This is referred to as
systems can be found in Chapter 10, Money and bulk cash smuggling.
Commodities Flow.
While the term is sometimes used to describe
SMURFING the movement of large amounts of cash within a
Smurfing, which is sometimes called structuring, jurisdiction, typically bulk cash smuggling takes
is a well-known money laundering method that is place across national or jurisdictional bound-
considered a crime in most countries. Smurfing aries. Many jurisdictions have laws prohibiting
involves dividing illegal proceeds between multi- bulk cash smuggling, as it can violate reporting
ple persons, known as “smurfs,” who then make requirements for cross-border currency transac-
multiple deposits into many separate accounts, tions above a certain threshold.
often at different institutions, to avoid report-
ing thresholds. In one example of a typical bulk cash smuggling
operation, money from the sale of narcotics is
These smaller deposits can then be transferred collected and sorted in a central location. Smaller
and consolidated into a single account. Smurf- bills are exchanged into larger bills, which are
ing can be difficult to detect because there is then packed for transport. Once prepared, the
41
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
cash can be moved across the border in a vari- bulk cash smuggling to help financial institutions
ety of ways. It may be carried across in multiple spot the activity:
small shipments by cash mules crossing illegally
or legally, hidden in personal luggage or vehicles. • An increase in the sale of large denomination
It may be packed in with consumer, industrial notes from a financial institution in one
or agricultural goods and shipped commercially. jurisdiction to another institution in a
Sophisticated criminal gangs may use surveil- bordering jurisdiction
lance and intelligence-gathering operations to • Large volumes of small denomination notes
help cash shipments move across the border being sent by currency exchange houses
successfully. in one jurisdiction to their accounts at a
financial institution in another jurisdiction,
Regardless of the methods, bulk cash smuggling or sold by the exchange directly to an
operations can involve financial institutions in institution in another jurisdiction.
multiple jurisdictions at several steps during the
process, either to obtain high-denomination cur- Large volumes of small denomination notes
rency in exchange for smaller bills or to ultimately being exchanged for large denomination notes at
place the smuggled cash. The border between the an institution
US and Mexico is a prominent location for smug-
gling operations conducted by Mexican drug
cartels. Consequently, US enforcement agencies
have assembled the following list of red flags for
$3 Million in US Currency Seized by Law Enforcement in the US City of San Diego as Part of an Effort Targeting
Bulk Cash Smuggling. SOURCE: US Customs and Border Protection
42
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
Money launderers also make loans among com- There are many legitimate reasons to form a shell
plicit entities, usually combined with other mech- company. In some instances, shell companies
anisms like offshore accounts, legitimate busi- can make it easier to invest overseas, help shield
nesses and shell corporations, loans and financing a company from liability, or transfer profits to
arrangements. This can allow launderers to inte- reduce taxes in a way that is completely legal.
grate large amounts of funds. In one example, a
launderer could set up a shell corporation and a However, many characteristics of shell compa-
legitimate business. The launderer can then make nies also make them highly attractive to financial
a loan to the legitimate business from the shell criminals. Typically, they are easy and inexpen-
corporation, using illicit funds. sive to incorporate, and, in many jurisdictions,
43
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
they can be established anonymously through cial owners behind shell companies in criminal
attorneys and third parties called “company for- investigations.
mation agents.” In some jurisdictions, shell com-
panies can be formed online through company SHELF COMPANIES
formation agents and with little to no informa- A similar concept to a shell company, the shelf
tion collected on the beneficial owners behind company is a corporation that has no activity or
the shell company, for less than $1,000. business. The name refers to how these com-
panies are formed and then left to “age,” or are
Most importantly, shell companies are an anon- “put on a shelf.” Some shelf companies may be
ymous, or at least concealed, vehicle to access completely inactive for years before being sold
the international financial system. To further off to a buyer.
obscure ownership, many financial criminals will
operate through layers of shell companies, which There are a number of reasons why buyers may
can make it very difficult to trace funds or assets want to purchase a shelf company, and some are
back to the ultimate owner. completely legitimate. In many jurisdictions, it is
simply easier to purchase a pre-existing company
Consequently, shell companies have become a than to set up a new one.
fixture of financial crime schemes of all varieties.
Almost any sophisticated money laundering, fraud In other cases, a businessperson may have an eas-
or corruption operation involves at least one shell ier time gaining interest from investors, securing
company at some point the process. Historically, loans or winning government contracts with a
certain nations and jurisdictions have become company that appears to have been in business
popular locations to form shell companies. There for several years. However, those same qualities
is often an overlap between these jurisdictions of apparent legitimacy and longevity are what
and those labeled as “secrecy havens.” make a shelf corporation appealing to finan-
cial criminals.
Discerning beneficial owners behind shell corpo-
rations can be very difficult when conducting due NOMINEES
diligence or investigations. One potential source
of information is the corporate registry for a given A nominee is a person, company or entity into
jurisdiction, many of which are accessible online. whose name assets, securities or property is
The information that can be obtained from such transferred, while leaving another person or
registries varies substantially between jurisdic- entity as the real owner. Nominee accounts are
tions, but it can include details such as the com- common among securities broker-dealers, who
pany name, the name of the company formation can hold securities for their customers and trade
agent, company directors or board members, and them much more easily. Like all the structures
sometimes a physical address for the company. listed here, nominees can be used for legitimate
purposes. A nominee’s ability to conduct transac-
While this information may not be particularly tions at a distance from the owner of assets, how-
revealing in and of itself, it can provide leads that ever, makes nominees a useful avenue for money
can be useful for discovering the company’s true laundering, particularly in the later stages like
owner. A 2012 survey of law enforcement agencies layering and integration.
in the European Union, for example, found that
company directors and shareholders were some FRONTS
of the most useful leads for unearthing benefi- In general terms, a front is a company or orga-
nization that is established and controlled by
44
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
another company or entity but that gives the the funds to be available from another “banker”
impression it is not affiliated or connected to the in another country. Later, the bankers settle
entity controlling it. In the financial crime con- their transactions. Hawala is attractive to money
text, fronts are often seemingly legitimate busi- launderers because they leave a slight audit trail
nesses with a physical presence and actual oper- and the identities of the customers who receive
ations, but whose primary purpose is to launder the funds are known only by the “bankers.”
criminal proceeds. An example is a restaurant More information about ITVS will be provided
formed by an organized crime ring that, while in Chapter 10.
open for regular business hours and serving cus-
tomers, mainly exists to take in money from nar- CHARITIES AND NONPROFITS
cotics trafficking. Charities and other nonprofit organizations can
also serve as money laundering vehicles. They
TRUSTS have access to significant funding sources, often
Trusts are legal entities created by a “settlor” to have a presence worldwide, and, in some juris-
manage property for a beneficiary. The settlor dictions, are subject to little regulation. Moreover,
transfers property that he owns to the trust. This “donors” can often make contributions to chari-
property is managed by a trustee according to the ties anonymously, providing a convenient vehicle
terms described in the trust. Trusts can be mis- to launder funds or move money across borders.
used for hiding money and hiding the identity of
the true beneficiary. Trusts are convenient vehi- In recent years, charities and nonprofit orga-
cles for money laundering and usually permit pay- nizations have emerged as a significant risk for
ments to beneficiaries that could disguise money terrorist financing, as well as corruption. Cor-
laundering. Usually, the payments need not be rupt officials will sometimes request that bribes
explained or justified. The trustees are often law- be paid to charities under their control, as will
yers who hold the assets in trust for others. be discussed further in later chapters. Terrorist
organizations will also use charitable operations
BEARER BONDS AND SECURITIES as covert fundraising operations to gather funds
These are convenient tools of money launderers from supporters overseas. Many of the same red
because they belong to the person who carries flags of money laundering discussed previously
them, thus the name “bearer.” Bearer shares are also apply, such as in these examples:
transferred by a physical delivery from one per-
son to another. • Charities and nonprofits that conduct wire
transfers to countries where they have
HAWALA AND INFORMAL VALUE no operation
TRANSFER SYSTEMS • Charities and nonprofits that operate in high-
Hawala and other underground banking proce- risk countries
dures are often called informal value transfer sys- • Charities and nonprofits with a vague
tems (IVTS). They are most popular with persons description of their purpose and services
from Africa and Asia and involve the transfer of
• Charities and nonprofits that have no obvious
value outside the regular banking system. These
physical presence or operate from a P.O.
informal value transfer systems have existed for
centuries and facilitate the secure movement of • Box would both be potential
funds. Persons who wish to send funds to rel- money launderers.
atives in another country place funds with a
hawala banker. For a fee, the banker arranges for
45
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
• The name and type of the legal entity Further compounding the difficulties of corpo-
rate registries as an investigative source is the
46
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
fact that information in them can often be out- THE US MONEY LAUNDERING LAW
dated and inaccurate. Many corporate registries Because it is one of the oldest and most powerful of
are not updated on a regular basis, and most do its kind in the world, it is helpful to study the pro-
not conduct due diligence on the information pro- visions of the US money laundering law. Enacted
vided, instead relying on the person or company in 1986, the US law has a specific “extraterritorial”
registering the legal entity to provide accurate provision which, at the time of its enactment, was
and true information at the time of incorporation. unique for its far-reaching applicability.
Despite these weaknesses, registries can be a This US law is proof that money laundering is a
valuable starting point in an investigation. Infor- part of all financial crimes. Anyone who works in
mation obtained from them, such as the names financial crime should understand the architec-
and contact details for registered agents or ture and “extraterritorial” reach of this law, which
shareholders, will typically require further inves- carries a maximum penalty of 20 years in prison. It
tigation and verification before the true owners can be applied to anybody, for virtually any trans-
behind a legal entity can be discerned. action or activity related to a crime, anywhere in
the world. The US uses it often against fraudsters,
Many jurisdictions have national or regional tax evaders, persons engaged in foreign corrupt
registries that can be publicly accessed online. practices and other financial criminals. The law’s
Additionally, a number of international bodies more than 220 “specified unlawful activities (SUA)”
maintain websites that can either be used to find are a prerequisite to prosecution and a catalogue
corporate registry information directly, or have of financial crimes. These are also known as pred-
links to corporate registries of various jurisdic- icate offenses. The law permits government civil
tions. Names and links to these organizations and actions and the appointment of “federal receivers”
regional registries are provided below. In the US, by US judges to pursue stolen assets worldwide,
corporate registries are maintained at the state armed with US government financial data and
level, and can be accessed by searching online for assistance from US treaty partners.
the registry of a given state.
The law may be used only if the proceeds of at
• International Association of Commercial least one designated underlying crime are present
Administrators (IACA) in the laundering transaction. Without the pro-
http://www.iaca.org/ ceeds of at least one of more than 200 SUAs, no
• Corporate Registers Forum (CRF) prosecution for money laundering can proceed.
http://www.corporateregistersforum.org
It is important to note that not all the listed
• European Business Register (EBR) SUAs are US crimes. Certain foreign crimes
http://www.ebr.org/section/4/index.html are included among the SUAs and may serve as
• European Commerce Registers’ Forum the basis of a prosecution if their proceeds are
http://www.ecrforum.org/ part of a US transaction or are conducted with
• Association of Registrars of Latin America a US entity.
and the Caribbean (ASORLAC)
http://www.asorlac.org/ingles/portal/ The law asserts “extraterritorial jurisdiction” if
default.aspx the “conduct … is by a US citizen or, in the case of
a non-United States citizen, the conduct occurs
47
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
in part in the United States” and more than • Procure goods and supplies
$10,000 is involved. • Fund other ongoing operations
The SUAs include virtually every US crime that By that same token, money is the terrorist organi-
produces money or an economic advantage, zation’s weak point. By helping to identify and cut
including fraud, corruption, bank fraud, copy- off these funding sources, financial crime profes-
right infringement, embezzlement, export vio- sionals play a critical role in combating terrorism.
lations, illegal gambling, racketeering and even
environmental crimes. In most jurisdictions, terrorist financing is cov-
ered by the same legal framework established by
The SUAs include some foreign crimes, such as anti-money laundering laws and regulations. This
bribery of a foreign official, embezzlement from a means that customer due diligence, monitoring
government, “misappropriation, theft, or embez- and reporting related to terrorist financing risk
zlement of public funds” by a foreign official, are an essential part of an anti-money laundering
fraud against a foreign bank, extortion, narcot- compliance program.
ics offenses, kidnapping and robbery. They also
include violations of the Foreign Corrupt Prac- Like other money launderers, terrorist financiers
tices Act and the Trading with the Enemy Act. By have shown considerable resourcefulness and
including violations of the Foreign Corrupt Prac- adaptability in the ways they move funds and
tices Act, the money laundering law raises the conceal their financial activities, utilizing many
specter that a company or an individual could be of the same channels and methodologies as other
accused of both offenses simultaneously. Each financial criminals.
violation is deemed to stand on its own.
In one example, the director of the Financial
It is also possible for an individual or company to Crimes Enforcement Network, the national finan-
violate the money laundering law when conduct- cial intelligence unit for the US, stated that nearly
ing transactions with nations, organizations and 20 percent of international terrorism cases being
individuals that are subject to sanctions by the investigated by the FBI in 2014 had related Suspi-
US or other countries. cious Activity Reports and Currency Transaction
Reports associated with them. This reporting
helped further investigations connected to the
TERRORIST FINANCING self-styled Islamic State, Al-Qaeda and other ter-
Detecting and preventing the movement of funds rorist groups.
tied to terrorism is one of the most important
and challenging components of anti-money laun- Consequently, activity detected and reported
dering compliance, investigations and enforce- through AML compliance programs can be crit-
ment. In some cases, it can literally be a matter of ical to support law enforcement efforts against
life and death. terrorist groups. This section examines terrorist
financing models, methods to conduct transac-
Money is essential to terrorist organizations, and tions, emerging risks and red flags of transac-
not only for carrying out attacks. Terrorist groups tions potentially linked to terrorism.
need financing to accomplish the following:
48
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
49
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
50
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
ing funds through the formal financial system. Manual. Hawala is one of several informal sys-
Couriers can also be very useful in the conflict tems around the world, such as Fei Ch’ien or “Fly-
zones or underdeveloped regions where terrorist ing Money” in China.
groups frequently operate because cash is often
the only means to conduct transactions. Although they have existed for hundreds of years,
hawala systems came under greater scrutiny after
In more recent years, “foreign terrorist fight- the September 11th terrorist attacks in New York
ers” traveling to support terrorist groups have in 2001. Investigations in the wake of that attack
become another type of cash courier. Residents found that Al-Qaeda routinely used hawalas as
from other countries traveling to conflict zones to one of their primary transaction methods.
militarily support terrorist groups, often referred
to as foreign fighters, are not a new phenomenon. More recently, an attempt to bomb Times Square
in New York in 2010 was bankrolled through
However, after the Islamic State launched its cam- hawala transactions. The would-be bomber,
paign to form a so-called “caliphate” and actively located in Connecticut in the US, received two
courted foreign supporters to travel to its terri- payments of about $5,000 and $7,000 trans-
tory, the number and volume of FTFs increased. mitted from a Taliban-linked organization in
Rising incidences of online recruitment and radi- Pakistan through hawaladars in Massachusetts
calization have also boosted the numbers of FTFs. and New York.
Many foreign fighters traveling to support Money services businesses. Money services
Al-Qaeda, the Islamic State and other groups in businesses include a wide range of businesses,
Syria and Iraq brought currency with them. In such as currency exchanges, check cashers and
some cases, these funds made up a substantial money transmitters. While MSBs are covered by
portion of a terrorist group’s budget. the same AML regulatory requirements as other
financial institutions in most jurisdictions, many
Hawala networks and other informal value trans- do not hold accounts for customers, and often
fer systems. Methods for moving funds that exist have fewer opportunities to conduct in-depth
outside of the formal financial system, hawalas customer due diligence or develop detailed cus-
are described in more detail in other parts of this tomer profiles that could help detect suspicious
transactions.
51
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
from various Somali immigrant communities in ing suspicious trade transactions remains low in
the United States. many countries.
Unlicensed MSBs are also common in many Some terrorist groups have also utilized gold,
countries. These may operate with minimal diamonds and other precious metals and stones
record-keeping and little to no customer due dili- as a means of financing. Precious stones, in par-
gence, increasing their attractiveness to terrorist ticular, are high-value assets that can be easily
groups. MSBs can often move funds rapidly and transported, concealed and converted into cur-
at low cost, with cash available to recipients in a rency in another jurisdiction. Many countries in
matter of hours. the Middle East and Asia have thriving gold mar-
kets, making it easy to transfer gold into cash
Banks. Despite the level of scrutiny and attention and less likely that large transactions in gold will
paid to terrorist financing within the banking seem out of place.
sector, depository institutions, such as banks and
credit unions, can still be vulnerable to terrorist Prepaid and stored-value cards. In 2015, a group
financing transactions. of individuals paid for hotel rooms in Paris using
prepaid cards. The next day, these individuals
Counter-terrorist financing controls are not con- carried out a terrorist attack on the Bataclan
sistently applied in every jurisdiction or at every nightclub and surrounding areas in the city that
institution. Terrorist financiers have been known left 130 dead and many others injured.
to exploit correspondent accounts held by insti-
tutions with weak controls to move substantial This incident raised the scrutiny on prepaid cards
amounts of funds. In less common but nota- as a tool for financing terrorist attacks. Stored-
ble cases, financiers have essentially taken over value cards that are rechargeable or tied to an
compromised banks to hold funds or conduct account often require more rigorous due dili-
transactions. gence and monitoring of customer usage. How-
ever, lower-value cards that cannot be reloaded
Like other forms of money laundering, terrorist and are often purchasable in cash are still avail-
financing can stay under the radar by utilizing able in many jurisdictions, with few to no restric-
small transactions, or seemingly legitimate trans- tions on who purchases them.
actions, between individuals or business entities.
In one older but still notable example, the Sep- Because they are highly portable and easy to
tember 11 attacks were largely financed by trans- conceal, prepaid cards may be a viable funding
actions that moved through large regional and method for some smaller-scale terrorist attacks.
international US banks headquartered in the US. Recently, the European Union tightened reg-
ulations on prepaid cards to reduce the dollar
Trade-based money laundering and commod- threshold of cards that could be purchased with-
ities movement (TBML). With terrorist groups out customer identification and documentation.
moving closer to transnational organized crime
in their operational structure and activities, EMERGING RISKS AND
their increased use of trade as a money-launder- TERRORIST FINANCING
ing vehicle is no surprise. TBML offers the abil- Like all financial criminals, terrorist financiers
ity to move large amounts of funds across bor- will exploit any and all methods available to obtain
ders, and, although governments have boosted and move funds. This includes new payment sys-
efforts at trade transparency, the risk of detect- tems, online tools to solicit donations and fraud
schemes to raise funds, among other mechanisms.
52
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
53
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
Organized crowdfunding sites have also been LONE WOLVES AND SMALL-
misused by those seeking to fund terrorism. CELL TERRORISM
Crowdfunding sites enable individuals to quickly In recent years, the rise of so-called “lone wolf”
and easily set up a fundraising page and start and small-cell terrorists have posed a new and
soliciting donations, possibly under false pre- troubling issue for financial institutions and law
tenses or in the name of sham nonprofit organi- enforcement.
zations. In some cases, donors may not be aware
their contributions are funding terrorism. Historically, many terrorist plots have typi-
cally required multiple participants, a degree of
DIGITAL CURRENCIES coordination with supervisors or superiors and
Some individuals have gone beyond payment technical skills, such as bombmaking. Lone-wolf
cards and bank transfers, making the leap to dig- or small-cell attacks involve one or a handful of
ital currencies to solicit funds for terrorist orga- participants, and usually rely on readily avail-
nizations online. able weapons or techniques. Attackers may be
self-motivated by online propaganda, or have
In 2015, the US arrested an Islamic State backer only limited contact with handlers from terrorist
named Ali Shukri Amin for using Twitter to organizations.
spread information on how to use bitcoin to fund
the terrorist group, in part by sharing an article For these reasons, lone-wolf attacks have low
Amin had written titled “Bitcoin and the Char- funding needs and create only a small financial
ity of Jihad.” footprint, with transactions that can be very dif-
ficult to distinguish from legitimate activity. The
Bitcoin’s relative anonymity, the irrevocability of attack on French magazine Charlie Hebdo in 2015
transactions and the ability to move funds across was thought to be funded primarily through a
national borders are all appealing to terrorist 6,000 Euro personal loan obtained with fraudu-
financiers. In many situations, however, convert- lent documents and the sale of a used car. Com-
ing digital currencies into the real-world fund- pared to other small-cell attacks, that was a
ing that terrorist groups need to operate may be relatively complex plan, involving firearms and
challenging and impractical. three attackers. Attacks using knives and vehicles
already owned by the perpetrators require even
As of late 2017, law enforcement investigators less funding.
and analysts have noted relatively few instances
of terrorist groups moving substantial amounts A report by a Norwegian armed forces research
of funds through virtual currencies. With digital group that looked at 40 terrorist plots in Europe
currencies and online payment systems becom- between 1994 and 2013 found that about 75 per-
ing more common and widely accepted, this is cent cost less than $10,000. Some funding meth-
likely to change in the future. ods used by lone actors and small cells include
the following:
In early 2017, Indonesia’s national financial intelli-
• Self-funding through legitimate means,
gence unit reported that Bahrun Naim, one of the
such as employment income, sale of goods or
country’s most notorious militants and a mem-
possessions, government benefits or income
ber of ISIS, used online payment services, such as
of a spouse or family member.
PayPal and bitcoin, to transfer money to his col-
leagues to fund terrorist activities. • Low level crime, including petty theft, small
scale fraud and drug dealing. There is an
54
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
increasing body of evidence suggesting that media. Online radicalization plays a big role in
lone actors and small cell attackers often motivating many lone actors, and, in some cases,
have criminal histories. warning signs of extremism could be found on
• Small-scale fundraising, usually limited these individuals’ social media accounts.
to the attacker’s family, friends and direct
connections. RED FLAGS OF TERRORIST FINANCING
Due to the overlap with general money launder-
Detecting activity linked to lone actors and small ing methods and techniques, many of the same
cells can be very challenging for financial insti- red flags covered in previous sections also apply
tutions. Some institutions have sought to create to terrorist financing.
lone wolf monitoring typologies to watch for the
purchase patterns sometimes associated with The Egmont Group, a confederation of national
these attacks, such as weapons, body armor or financial intelligence units of more than 130 coun-
survival equipment. tries, analyzed nearly two dozen cases involving
terrorism and identified these indicators:
Institutions are also conducting increased due
diligence and ongoing review of customer’s social
PERCENTAGE OF TERRORIST ORGANIZATIONS WHO HAD RAISED FUNDS FROM VARIOUS SOURCES,
FROM A STUDY OF 40 TERRORIST CELLS OPERATING IN EUROPE. SOURCE: NORWEGIAN
DEFENCE RESEARCH ESTABLISHMENT
55
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
56
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
Q 3-1. Chuck Smith conducted a Ponzi scheme by luring innocent domestic investors
to invest. He claimed they would get a steady stream of payments over time and would
receive a handsome return on their investment. The transaction worked as follows:
• All investors resided in Smith’s country and wired money to Smith in order to make an
investment based on his statements, which later turned out to be false.
• Smith next moved the funds to an offshore bank account.
• Smith then transferred some of the funds from new investors to previous investors,
claiming it was money generated by their investment.
• Smith used the remaining funds to purchase cars and other luxury gifts to create the
appearance that he was successful.
The underlying criminal activity in this case is wire fraud. At which point did money laun-
dering FIRST take place?
A. When the investor wired money to Smith based on his false statements
B. When Smith transferred some of the funds from new investors to previous investors,
claiming it was money generated by their investments
C. When Smith used the remaining funds to purchase cars and other luxury gifts to
create the appearance that he was successful
D. When Smith wired funds to the offshore bank account
See Answer and Rationales
Q 3-2. A compliance officer at a major insurance company has recently noticed a pat-
tern of potentially suspicious transactions from a long-time customer. The customer is
employed in a consulting position that requires her to travel internationally on an unpre-
dictable schedule, and she often resides overseas for extended periods. The customer has
several properties insured with the company for large amounts. In the past three years,
she has overpaid her premiums numerous times and then requested a refund be issued.
Concerned that the customer may be laundering funds through the overpayment of pre-
miums, the officer is investigating the transactions.
Which fact would BEST indicate money laundering may be taking place?
A. The customer often requests that refunds be made by wire transfer to banks outside
of the country.
B. The customer makes the overpayments at different times of the year and in
varying amounts.
57
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
C. The customer has recently taken out a sizable new insurance policy on a commercial
property with your company.
D. The customer has requested that refunds on excess premiums be made to an attorney.
See Answer and Rationales
Q 3-3. A financial institution holds an account for a charitable organization whose stated
mission is to promote literacy in the local community. The charity derives most of its
financial backing from periodic fundraising drives that take in hundreds of small dona-
tions from individual donors.
Recently, the institution conducted a due diligence investigation and noticed unusual
activity in the charity’s account.
A. The charity recently purchased a large insurance policy which does not have a
surrender clause and cannot be used as collateral.
B. The charity does not have a long-term leasing agreement on a physical property in a
nearby town.
C. The transaction history indicates a pattern of wire transfers to countries with no
previous connection to the charity’s activities.
D. The transaction history for the charity shows a large number of small cash deposits.
See Answer and Rationales
Q 3-4. You are the chief anti-money laundering officer of a full-service bank, and you are
designing a risk-based customer acceptance program to determine the Terrorist Financ-
ing risks specific to not-for-profit (NFP) organizations.
Knowing the elevated risk that NFPs pose, which enhanced due diligence activity is most
essential for these types of client relationships?
A. Monitoring the financial activity in relation to the stated purpose and objectives
of the entity.
B. Obtaining a copy of the organization’s charter.
C. Establishing who controls the organization and its financial activities.
D. For NFPs, customer acceptance requirements are the same as for any other customer.
See Answer and Rationales
58
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4
UNDERSTANDING
AND
PREVENTING
FRAUD
OVERVIEW
59
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
60
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
61
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
62
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
are properly recorded and reported to securities Some indicators of insider trading include
industry regulators. Trades that equally benefit the following:
all shareholders that are conducted by a company
employee or insider are not considered insider • An individual buys or sells substantial
trading. An example would be stock repurchases. amounts of a company’s stock or
other equities shortly ahead of a major
Insider trading becomes illegal, however, when announcement
an individual is buying or selling a security based • A service provider in an advisory role trades
on information not available to the general pub- heavily in a company’s equities soon after
lic. That is a violation of a relationship of trust being engaged in a professional capacity
and confidence. by the company
• An individual with little or no history of
Examples of illegal insider trading cases include investing suddenly invests heavily in an
the following: equity of one company, even borrowing
• A company’s officers or directors may trade funds to do so
shares after they learn crucial, confidential
information, such as news of a merger or Stock options fraud. Stock options are generally
acquisition, a new product launch, the given as incentives to corporate employees. The
pending release of an earnings report, etc. employees are given the option to buy stock at
The information could also be negative in a specified future date. The price of the stock is
nature. A company may be the subject of set when the stock option is given. If the price of
an investigation or regulatory enforcement the shares increases, the employee profits from it.
action, for example. Stock options fraud involves backdating the date
the option was given to a time when the share
• A corporate insider may share confidential was trading at a lower price. This guarantees that
information with a friend or family member, the stock option will be assured a profit when
who then buys or sells shares based on the it is granted.
tip. In such a case, both persons may be
charged with insider trading. Prime bank note fraud. Prime bank note fraud
• Lawyers, public accountants or other has become increasingly prevalent in recent
corporate advisory roles may trade on years. This fraud scheme typically involves selling
confidential information related to clients fake deposit certificates to an offshore account
gathered in their professional capacity to investors with the promise of quick and highly
• Government employee trades based on profitable returns on the investment. As part of
non-public information gained through their the prime bank note fraud, the perpetrator con-
employment can also violate insider trading vinces the investor/victim to send money to a for-
laws. For example, a regulator who discovers eign bank. The money is eventually transferred to
sensitive data about a company’s financial an offshore account controlled by the perpetrator,
status during a routine examination may use who then uses the funds for personal expenses,
that information to trade in the company’s usually having laundered the funds to erase the
stock, in violation of confidentiality. paper trail.
63
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
assert that investors will enjoy a profit of more Front-Running. Securities broker-dealer firms
than 2000 percent in about one year. will sometimes receive orders from clients to
buy or sell a security which are likely to impact
Further, to establish legitimacy, the schemers will the security’s price. This is especially true of
claim to have access to bank “guarantees” that firms with large institutional clients, who may
are being issued by select “prime banks.” This be transacting in large quantities of securities.
is where the term “prime bank guarantee” orig- An employee of the broker-dealer could trade
inated. To appear more legitimate, the promot- in the security in his own personal account
ers use the term “prime bank debenture,” and ahead of executing the client’s order, then take
require that their investors sign non-disclosure advantage of the price change for his own ben-
agreements and non-circumvention agreements. efit. This “front-running” ahead of client orders
They usually insist that these forms are “required is considered unethical in all jurisdictions, and
by the International Chamber of Commerce” or a illegal in most.
similar international body in order to complete
the transaction. Similarly, an employee of a broker-dealer could
trade in securities ahead of pending buy-or-sell
The following are red flags of prime recommendations or investment analysis that the
bank note fraud: firm will soon be presenting to a client.
• Excessive guaranteed returns
• Fictitious financial instruments, FRAUD IN LOANS AND MORTGAGES
such as medium-term bank notes or Financial crime is adaptable in order to capital-
debentures, bank guarantees and offshore ize on new opportunities and present-day cir-
trading programs cumstances. Thus, when there is a push to offer
• Extreme secrecy home ownership to a greater number of persons,
• Exclusive opportunity the incidence of mortgage fraud is likely to rise.
When a new government program is created to
• Claims of inordinate complexity extend benefits to certain persons and entities,
such as healthcare programs, financial criminals
Equity Crowd-Funding via the Internet. A secu- normally find ways to abuse the program.
rities option which makes it possible for a start-
up company to solicit investors over the Inter- Mortgage fraud usually requires at least two per-
net or through social media with a lot less work sons to collude for the fraud to succeed. A per-
and cost than might be required for traditional son applying for a mortgage loan may grossly
capital investment. The program is supposed to inflate the value of the property to be mortgaged
make it easier for new companies to raise capi- or inflate his income to increase the chance the
tal and grow. mortgage loan will be given. Often, this person
has the help and collusion of an insider at the
This is a relatively new and expanding investment financial institution that extends the mortgage.
field. Because the screening is minimal, there is a
concern about it becoming a new avenue for secu- The institution employee or other insider, in col-
rities fraud. Because investors that are attracted laboration with property appraisers who are also
to these small, minimally screened, and arguably colluding, will obtain an appraisal with an inflated
risky investments, they may become easy targets value of the property that justifies a larger mort-
for con artists. gage loan by the financial institution for which he
works. The inflation of the loan amount extended
64
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
by the institution increases the institution’s material fact or other information on a mortgage
risk, as well as the illicit proceeds the conspir- or loan application to obtain a loan, or to obtain
ators derive. a larger loan than the lender would typically
grant, if the application information was true and
In another type of credit extension, a financial correct. Mortgage fraud was one of the leading
institution can be defrauded by the illegal use of causes of the housing meltdown that occurred
loan proceeds that a borrower has been granted. in the US and other countries in the mid to late-
The fraudulent application of loan proceeds 2000s. Mortgage scams continue to occur, result-
increases the institution’s risk. The misrepre- ing in poorly-performing mortgage portfolios
sentation by a borrower about the ultimate use for lenders and investors, as well as consumers
of the proceeds of a loan can subject that indi- unable to make mortgage payments, falling into
vidual to a separate crime that is recognized in default and becoming a risk for foreclosure.
many countries -- submitting false statements to
a financial institution from which a credit exten- Mortgage fraud consists of a number of different
sion is sought. methods and approaches:
Mortgage and loan fraud involves an intentional Income fraud. This involves overstating the bor-
material misrepresentation or omission of a rower’s income in order to qualify for a mortgage
100000
90000
80000
70000
60000
50000
40000
30000
20000
10000
0
2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011
SUSPICIOUS ACTIVITY REPORTS MADE TO US REGULATOR FINANCE INVOLVING MORTGAGE FRAUD HAVE
SHOW N A STEADY INCREASE
65
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
or for a larger loan amount. Prior to the recent est appraiser or a legitimate appraisal that has
housing downturn and legislative incentives been altered.
requiring lenders to change lending practices,
these typically involved “stated income” or “liar Cash-back fraud. This involves deliberate infla-
loans.” In these instances, the borrower, or a loan tion of a property’s price in order to provide the
officer working on behalf of the borrower (with or borrower with a “rebate” which is not disclosed
without the borrower’s knowledge), would state a to the lender. The seller as well as the real estate
specific income without verification. agent can participate in the scheme and all can
share in the “rebate.” This scheme requires a
Today, these types of loans typically involve an fraudulent appraisal to be successful.
alteration or forgery of income verification doc-
uments, tax returns or bank account statements “Shot-gunning” fraud. This occurs when multiple
in order to satisfy the income requirements. The loans for the same property are obtained with
fraud occurs when the borrower qualifies or different lenders at the same time and for a total
attempts to qualify for a loan, which their true amount in excess of the property value. This type
income would not support. of fraud leaves lenders greatly exposed to losses
because subsequent mortgages are junior to the
Employment fraud. This is another version first mortgage recorded.
of income fraud which involves claiming self-
employment in a non-existent company, or a Lender Fraud. This involves fraudulent lenders or
claim of a higher position in a real company, to mortgage brokers who victimize unwitting bor-
justify the representation of a fraudulently com- rowers or lenders who actually fund or purchase
piled income figure. the loans. Indicators of lender fraud include a
lack of a license (lenders are typically licensed by
Occupancy fraud. This usually involves a bor- the state or jurisdiction in which they operate),
rower that obtains or attempts to obtain a mort- loan terms that are too good to be true, and/or
gage claiming that they will occupy the residence, loan documentation that is incomplete, blank or
thereby obtaining a lower interest rate on the unintelligible.
note. In actuality, the borrower never plans to
occupy the residence. In addition, larger loans Foreclosure scams. The housing and economic
are typically allowed for owner-occupied dwell- crisis that afflicted several countries has resulted
ings than for income properties, for which delin- in an increase in the incidence of mortgage fore-
quency rates are substantially higher. closure scams. Perpetrators of these scams tar-
get people at risk of losing their homes. These
Appraisal fraud. This pertains to a deliberate include mortgage modification scams, as well as
over- or under-statement of the property’s true “foreclosure rescue” buyers who try to rush the
value to perpetrate a fraud. An over-statement of sale of house without the proper forms having
value enables the property owner to obtain more been completed.
money than the property is worth in the form
of a cash-out refinance; or an organized effort Buy and bail fraud. As the name implies, this
to generate a for-profit mortgage fraud scheme. form of fraud involves buying a new home with
An under-valuation of the property enables a the intention of abandoning mortgage payments
buyer/borrower to get a lower price on a fore- on the old home. Although there are a variety of
closed home, or to persuade a lender to reduce reasons why a homeowner might do this, some
the balance in the case of a loan modification. less insidious than others, it is still considered
These frauds typically involve either a dishon- fraudulent. Buy and bail schemes typically involve
66
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
homeowners who draw up false rental agree- associates to make a property seem less appeal-
ments on their current home, and then use these ing. Parties might submit inflated or falsified
agreements as part of the documentation needed repair estimates claiming that expensive work is
to secure a loan on a new home. Once they have required, or physically damage the property to
obtained the new home and moved, they stop discourage legitimate buyers.
making payments on their old home.
In another variation on flopping, the owner is
FLOPPING an innocent victim, and the fraudster conspires
Fraudsters often seek to take advantage of indi- with a real estate agent responsible for selling
viduals who are struggling to make mortgage the property. The agent could list the property
payments on a property they own, or to collab- at an inflated price to fend off other offers, then
orate with these individuals to defraud a lender. drop the price just before the fraudster arrives
One technique referred to as “flopping” exploits to make an offer. Or, the agent might steer the
the mechanism of short sales to fraudulent ends. deal directly to the fraudster, rejecting any other
offers without informing the seller.
In a short sale, a mortgaged property is sold for
less than the value of the outstanding loan. The From the perspective of the financial institution
lender accepts the sale price in exchange for set- involved in the short sale, flopping schemes can
tling the loan, as this might be ultimately less be hard to detect without a thorough investiga-
expensive or more expedient than foreclosing on tion. One indicator can be repeated instances of
the property. similar claims from property owners in the same
geographic area. For example, several owners in a
The basic steps of a flopping scheme are city who are all using the same real estate agency
outlined below: may submit expensive repair estimates listing
very similar types of damages.
• A fraudster approaches an owner who is
struggling to make mortgage payments and
at risk of foreclosure with an offer below the
amount owed on the loan.
• The owner communicates the fraudster’s
offer to the lending institution, who accepts
as settlement of the mortgage.
• The fraudster immediately resells the
property to another buyer that had been
previously secured and makes a tidy profit.
67
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
the nature of the transaction and the custom- FRAUD IN FINANCIAL REPORTING
ers involved. AND ACCOUNTING
An organization’s financial books and records and
While some of the red flags below are spe-
accounting practices are vulnerable to a wide vari-
cific to mortgages in real estate transactions,
ety of fraudulent manipulation, from deceptive
most apply to other types of credit extended by
tricks to boost purported earnings to techniques
financial institutions, such as personal loans or
to conceal internal theft and embezzlement.
vehicle loans:
68
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
of fraud when it is done outside of the proper employee could change the account details
channels and with erroneously recorded on the invoice to an account under their
revenue without provisions for returns, control, and then re-submit the original
cancellations or other modifications. invoice for payment.
• Altering dates or holding open accounting • Alternately, an employee colluding with a
periods. By changing the dates on certain vendor or other third party could inflate the
documentation, like shipping documentation value of a legitimate invoice, and then receive
or purchase orders, a company can some percentage of the transaction back
deceptively record revenue in one accounting from the conspirator. In both cases, the
period that should have accrued in another. employee would typically be someone with
Likewise, a company could improperly access to the systems used for a company’s
extend its accounting period, holding open accounts payable.
its receivables to record sales that should
have fallen into the next period.
• Creation of wholly fictitious sales and
customers. Although this technique is more
vulnerable to detection in audits, there have
been numerous cases where companies
simply falsified sales transactions, and
likewise created false customers to match
corresponding entries in their accounts
receivables.
69
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
1. One employee checks the invoice to confirm At the earliest stage of a new relationship with a
it is for a legitimate product or service. customer, a financial institution must assure that
2. A second employee reviews and the person seeking to open an account or estab-
authorizes payment. lish a business relationship is the true beneficial
owner of the funds to be invested or deposited.
When investigating a company’s records for indi- If a business organization is involved, the insti-
cators of false invoicing, red flags can include tution should ensure that the person seeking to
the following: establish the relationship is the real principal of
• Invoices missing common details and the entity or can and will identify that person.
information, such as no address being
provided, a tax ID number is not given, etc. The nature and size of a relationship usually deter-
• The company name listed cannot be found in mines the degree of due diligence that an insti-
the jurisdiction’s corporate registry. tution should take to investigate and verify ben-
eficial ownership and the principals of an entity.
• The invoice and/or supporting documents Financial criminals invariably use nominees and
are vaguely worded or copied from fronts in their business and financial transactions
other invoices. to hide and disguise their involvement.
• No purchasing order that matches the
information is provided in the invoice. If the account to be opened or business to be
• The goods described on the invoice cannot conducted is of sufficient size and importance, an
be found in the company’s inventory, or the institution or business should exercise enhanced
services cannot be accounted for. due diligence to ensure that persons are who
they say they are and that no nominees or fronts
• Multiple invoices contain the same are shielding the true parties in interest. In situa-
invoice number. tions of sufficient gravity and size, the institution
• There are multiple invoices with the same should go beyond its walls and seek facts inde-
amount on the same date, or from the same pendently from appropriate sources and conduct
vendor on the same date. enhanced due diligence.
• The invoice contains errors or misspelling.
If the institution or business confirms that the
FRAUD IN OPENING AN ACCOUNT beneficial owner is not the person who appears
at the institution seeking to establish the rela-
Financial institutions are vulnerable to fraud in tionship, it should decline the relationship in the
many ways, and the old adage, “Know Your Cus- absence of a satisfactory explanation. If none is
tomer,” is as effective a safeguard against exter- provided, in addition to declining the relationship,
nal financial crime as any government regulation. the institution should probably report the event to
One way to prevent fraud risk is to ensure that an the appropriate authorities as suspicious activity.
application for a new account or relationship by
an individual or entity is fully vetted.
INSURANCE AND
A good way for a financial institution to prevent HEALTH CARE FRAUD
future problems with a customer is to take rea-
sonable due diligence steps when the potential Insurance and health care fraud is a growing
new customer seeks to establish a relationship. and increasingly expensive problem. Although
The applicant should be asked to corroborate all health care fraud can be perpetrated by individ-
the information, and the institution must verify uals, the largest and most successful schemes
the information. usually involve health care providers colluding
70
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
71
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
• Tampering with card readers at ATMs and Some fraud in government benefits may actually
other point-of-sale locations, typically by be occurring with “good intention.” This can hap-
inserting skimmers to steal card numbers pen when another entity is trying to get benefits
and passwords. for a person without proper ID, and allows the fil-
• Online theft of numbers through ing of the benefits knowing that the ID provided
compromises of online security. is not valid. While helping someone in need with
this stolen ID, the perpetrator is also creating a
• Identity theft to apply for credit and debit separate victim of identity theft.
cards, such as “too good to be true” credit
card offers through which the fraudsters Fraud in government benefits can often involve
obtain the individual’s personal information collusion of two or more individuals, as well as
and then use that to apply for other cards. collusion between outside actors and govern-
• Physical theft of the card. ment employees.
• Internet fraud schemes, which involve the
use of unlawfully obtained credit card
numbers to order goods or services online.
INTERNAL FRAUD
Internal theft and misappropriation of assets
by employees and insiders of a business organi-
FRAUD IN GOVERNMENT BENEFITS zation are rampant in all countries. A business
Fraud in government benefits is generally perpe- can take several steps to minimize exposure to
trated by identity theft. Using a stolen identity, the these crimes.
fraudster can assume to be the proper recipient
of benefits intended for someone else. This type As in the case of financial institutions seeking to
of fraud is typically perpetrated with the help prevent threats posed by the “enemy within,” the
of knowing the victim’s identification or Social first step businesses should take start at the door
Security numbers (or other identifier), through of the human resources department. Hiring wisely
which access to benefits is typically verified. through thorough examination of applicants is
crucial in minimizing internal theft and misap-
Fraud against government agencies takes many propriation. Thorough interviews, vetting of all
forms. It can be as basic as improperly apply- important aspects of a candidate’s background,
ing for and receiving benefits of small amounts prior job and independent references is crucial.
offered by a social welfare program. Or, it can
involve large sums under large contracts, such Background checks, due diligence and examina-
as those with military and aerospace agencies, in tion of criminal records are also indispensable
which a contractor in the private sector inflates steps. Depending on the sensitivity of the position
costs or furnishes subpar materials to the agency and the potential fraud risk it poses, companies
or performs improperly under the contract. should also consider screening employees against
PEP lists, sanctions lists and negative news scans.
In some cases, financial criminals even recruit Not all of these screens may be required for
the help of prisoners who provide their identifi- every position, but they could be applicable for
cations, such as their Social Security number if higher risk roles. All of these policies and pro-
they are in the US, to pose as legitimate appli- cedures should form part of a pre-employment
cants seeking student loans, unemployment ben- screening program.
efits, tax refunds or other government benefits.
A code of ethics explaining acceptable and unac-
ceptable conduct and a program of mandatory
72
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
financial disclosure for key employees should also business ties to the vendor, this may warrant
be required. further investigation.
• Sudden changes in the employee’s spending
Financial institutions and other businesses habits and lifestyle—As obvious as this seems,
should also strongly consider establishing an this red flag remains a fixture in internal
anonymous telephone line or similar mechanism fraud schemes. If an employee suddenly
that employees can use to report theft and other starts purchasing expensive luxury goods,
dishonest acts. buys a house or other assets that don’t
match their salary, or otherwise starts living
This reporting mechanism should be sepa- beyond their known income, it warrants
rate from the usual reporting that takes place careful scrutiny.
through the lines of business – In other words, an
employee reporting to their superior, who then • Employees that have overlapping roles
may escalate it to their superior, and so on. If with access to the company’s funds or
there is no option to report outside of the typ- accounts—A lack of clear division of duties
ical reporting through the chain of command, is a weak point for fraudulent behavior. If
employees may be unwilling to speak up for fear one employee is responsible for generating
of retaliation, and will have nowhere to turn if invoices and approving their payment, or
their managers are the ones actually involved in adding new vendors to a company’s system
the suspected fraud. and then approving them, this creates
vulnerabilities for fraud. Organizations
Close observation of employee behavior may should carefully scrutinize these roles
also provide telltale signs of vulnerabilities to and consider adding a separate layer of
the “enemy within.” Some common indicators authentication.
and risk areas for potential involvement in insider
fraud include: It is worth noting that organizations should
always be cautions when developing programs
• Resistance to taking vacation/sick days to review employees for insider fraud risk. Legal
or refusal to share job responsibilities—If issues arise in monitoring employee behavior and
an employee rarely takes vacation or sick legal counsel of a business or institution should
time, or is resistant to sharing their duties be consulted before implementation of new pol-
with another employee, it could indicate icies. For example, monitoring employee use of
something more sinister than sheer devotion social media may raise privacy and other issues
to the job. This is particularly true of roles on which a lawyer should advise the business
with access to a company’s books and or government agency that is contemplating
records or payment processing functions. a new policy.
Likewise, when an employee declines a
promotion or reassignment to a different Internal misappropriation can be the work of
area of the company, this can raise red flags. low-level as well as higher rank employees. They
• Employees with close ties to a vendor or should all be monitored on a risk basis, and the
other third party—An employee that seems risks posed by senior-level staff should not be
abnormally close to a vendor or vendors ignored. Often, higher ranking staff is capable
should raise questions. For example, if an of inflicting far more harm on a business than
employee contacts a vendor more often employees at the lower levels.
that is necessary for business purposes,
advocates on their behalf, or has non- Internal controls aimed at reducing insider fraud
do not necessarily need to be complicated. Sim-
73
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
ple mechanisms like division of duties and “mak- credit cards, and to delay the discovery of the
er-checker” models can be highly effective at identity theft by the victim.
detecting certain types of fraud. For example,
one employee could be tasked with creating new Identity theft and identity fraud are terms used
vendor invoices in a company’s payment sys- to refer to all types of crime in which someone
tem, and another employee assigned to review wrongfully obtains and uses another person’s
and approve. personal data in some way that involves fraud
or deception, typically for economic gain. With
One thing is certain. If no internal controls exist, enough identifying information about an indi-
or if those that exist are not enforced, temptation vidual, a criminal can take over the individual’s
lures employees. identity to conduct a wide range of crimes, such
as false applications for loans and credit cards,
fraudulent withdrawals from bank accounts, or
IDENTITY THEFT AND FRAUD obtaining other goods, services or privileges
Identity theft is a giant menace of the 21st cen- which the criminal might be denied if he were to
tury. Often, perpetrators are employees of busi- use his real identity.
nesses, including doctors’ offices, government
agencies and financial institutions. The goal of If the financial criminal takes steps to ensure that
identity thieves is to uncover the identities of pri- bills for the falsely obtained credit cards, or bank
vate individuals in order to obtain the numbers statements showing the unauthorized withdraw-
and other characteristics of their credit cards, als, are sent to a physical or e-mail address other
place of employment, residences, children, family than the victim’s, the victim may not become
members, friends, vehicles and other personally aware of what is happening until the criminal has
identifying information. already inflicted substantial damage on the vic-
tim’s assets, credit and reputation.
By learning a person’s personal information, an
identity thief can penetrate a bank account, use OVERVIEW AND METHODS OF
their credit cards, receive government benefits, IDENTITY THEFT
seek a tax refund in someone else’s name and Identity theft is one of the fastest growing types
more. There are various red flags that indicate of consumer fraud and considered one of the
a person has been the victim of identity theft. leading threats to deposit accounts at banks and
These include unusual activity in personal finan- other financial institutions. It can be perpetrated
cial accounts, unknown charges on credit card by a wide variety of means, including some popu-
statements, notification by a tax agency that lar methods listed below:
more than one tax return was received in your
• Account takeover or account hijacking where
name, and other harrowing occurrences.
a fraudster captures a customer’s personal
information and uses it to take over a
Defensive measures against victimization by an
financial account
identity thief include using care about where
Personal Identification Numbers (PIN) on credit • New account fraud in which a fraudster
cards and ATM cards are written and monitoring assumes the identity of a real person to open
the volume of mail a person receives. A substantial a phony account
drop in mail may indicate that someone has sent • Collusion between the fraudster and
a change-of-address card to the postal authori- customer, or between fraudster and
ties in order to have access to and to read one’s employees of an organization
mail and determine a person’s bank accounts and
74
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
74,915
Theft Type
Credit Card Fraud
Employment or Tax Related Fraud
Phone or Utilities Fraud
124,784
133,015
55,558
235,670
46,920
133,944
123,215
101,174 82,051
75
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
COMMON TECHNIQUES USED BY simplistic and based on human nature. The roots
IDENTITY THIEVES of social engineering reach back to the days of tra-
Creating fake online identities. Fraudulent iden- ditional ‘con’ men and leverage the same skills to
tities play a significant role in many high pro- convince a victim to reveal sensitive information.
file financial fraud crimes. With today’s Internet
capabilities, fraudsters can easily create new or Leveraging technology. Fraudsters capitalize on
fake identities. Utilizing social networks, blogs, the speed and anonymity afforded by new tech-
forums, email accounts, domain creation, website nologies to perpetrate identity theft and identity
creation and various internet accesses, the fraud- fraud, including the following:
ster can create an entire false persona, including • Using handheld skimmers and other devices
name, address, telephone number, email address, that lift account information when the
website, etc., and represent it as real. Once this individual swipes his or her debit or credit
basic identity is created, the fraudster can file card at an ATM or point-of-sale location,
for a sole proprietorship or set up a corporation such as in a store
using the identifiers of the false persona.
• Getting people to disclose sensitive
The fraudster can then obtain a government tax personal data by sending them phony emails
or other identification number for the business (Phishing), text messages (Smishing) and
and open a new bank account for it. From all the phone calls (Vishing)
information associated with this person and busi- • Using malicious software to capture
ness, it can appear to be a legitimate entity. and transmit personal information to
counterfeiters over the Internet (Malware)
Social engineering. Fraudsters also engage in • Using peer-to-peer computer technology,
social engineering to perpetrate identity theft. such as the kind found on music-sharing
Social engineering typically refers to methods sites, to search personal computers for
and techniques used to manipulate people into password files, account numbers and
performing actions or revealing confidential other information
information in order to gather data, commit fraud
or gain access to computer systems or networks. Internal fraud. Studies of crime data have shown
The basic tools used to obtain information are that a high percentage of identity theft starts
with the theft of personal data by an organiza-
tion’s employee. This confluence of identity theft
and employee corruption is an important trend
for financial institutions and other business orga-
nizations to recognize and protect against with
appropriate fraud tools.
76
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
It starts with a real tax identification number, than one source, rather than relying solely on a
usually belonging to a child. Because it belongs credit report.
to a real person, the tax ID will often show up
as a valid number in credit reporting and other Issues with an applicant’s tax ID number can also
checks used by financial institutions. be a red flag. If the tax ID number does not match
the other information provided for the applicant,
Tax identification numbers belonging to children or matches a different person, this can be an indi-
are preferred because children typically don’t cator of synthetic ID fraud.
have much of a presence in the financial system.
They usually aren’t applying for accounts, check- RED FLAGS OF IDENTITY THEFT
ing their credit report or doing other activities Due to the prevalence and increasing growth
that might lead to detection. The fraudsters will of identity theft, various countries have pushed
then create a fake name and other details around financial institutions and other organizations to
this stolen identification number, including a real incorporate the following into their fraud surveil-
address (usually a PO box or mail drop). lance systems:
Using this new identity, criminals now have sev- • A layered approach that combines scanning
eral years to set up accounts, establish a credit software with other monitoring tools to
history, get credit cards and obtain personal proactively identify and defend against
loans. Fraudsters might nurture these synthetic identity theft
IDs for years, making card payments and ser- • Improved authentication procedures,
vicing loans, to increase the amount of credit including layers and token or biometric
extended to them. At some point, they will max authentication devices and procedures
out their credit cards and loans and disappear.
• Implementation of fraud detection software
In one notable recent case, a fraud ring created to identify account takeover
nearly 7,000 synthetic IDs and used them to
obtain more than 25,000 credit cards, as well as Because so much fraud committed now involves
loans. The scheme went on for years, and ulti- the illegal use of stolen customer or internal data,
mately led to more than $200 million in losses laws and regulations concerning the safeguarding
from financial institutions. of confidential customer data have been enacted
in many jurisdictions. In particular, financial
Financial institutions are still struggling with how institutions are often required to make their own
to manage the risks of this form of fraud. Like assessments of potential red flags of identity
some forms of loan fraud, synthetic ID fraud is theft within their processes or procedures and to
often written off as a credit loss, and never rec- implement methods for detecting and preventing
ognized as a criminal incident. This misclassifi- these red flags.
cation reduces the likelihood that an institution
will build controls around synthetic ID fraud, or For example, the US Federal Trade Commission
report it appropriately to law enforcement. and other regulators implemented the FACT Act
in 2009, which established key red flag catego-
Since synthetic IDs usually do not have a credit ries and specific examples indicative of identity
history, institutions should be careful and con- theft. These red flags are broadly applicable and
duct thorough due diligence when dealing with are consistent with identity theft red flags or sce-
so-called “thin file” applicants. Institutions narios identified by regulators in other countries.
should also verify applicant information from one The following are key red flags:
77
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
• Alerts, notifications and warnings from a » A social security or other identifier number,
credit reporting company: as well as address or phone number that has
» A fraud alert on a credit report been used by other people opening accounts
78
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
79
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
For many companies and institutions, fraud is a Identify the organization’s universe of potential
key risk to profitability and reputation. Imple- risks. Determine the fraud schemes and scenar-
menting effective fraud detection, prevention and ios that typically affect the institution or orga-
security systems has become a critical part of an nization, or firms like it. Assess the potential for
organization’s ability to control operational risk. these schemes and scenarios based on past inci-
Integrating fraud detection and prevention into dents of fraud, the culture of the organization
the organization’s overall GRC framework can and its current framework of internal controls.
produce substantial benefit, including a better
understanding of the impact of financial crime Most FRAs focus on identifying fraud risk in six
on the organization, improving return on risk and key categories:
compliance investments, enhancing the organi-
zation’s reputation and cultivating customer trust. • Fraudulent financial reporting
• Misappropriation of assets
FRAUD RISK ASSESSMENT AND RATING • Expenditures and liabilities for an
Conducting a fraud risk assessment (FRA) is an improper purpose
essential step in the process of detecting and • Revenue and assets obtained by fraud
designing controls to prevent the specific types of
fraud the organization faces. The FRA can be con- • Costs and expenses avoided by fraud
ducted by internal or external auditors or consul- • Financial misconduct by senior management
tants, or through some combination. It does not
necessarily identify exactly the types of fraud Analyze the likelihood of each scheme or sce-
occurring in the organization. Instead, it focuses nario occurring. The FRA must consider not only
detection efforts on specific fraud schemes and the possible risk, but the likelihood that a partic-
scenarios that could occur, as well as on incidents ular fraud will occur. International auditing stan-
that have occurred in the past. This information dards specify four risk levels:
enables the organization’s risk management and 1. Remote
audit teams to make recommendations to senior
management and support the implementation of 2. More than remote
fraud prevention controls designed for the iden- 3. Reasonably possible
tified risks and vulnerabilities. 4. Probable
Following are the steps that normally accompany Assess the materiality of risk. The FRA team
a comprehensive fraud risk assessment: should identify fraud risks that could have an
important financial impact on the organiza-
Create a ‘fraud risk assessment’ team. The FRA tion and its stakeholders, such as shareholders
team should include senior internal audit and risk and lenders. The three levels of materiality are
management personnel or an experienced out- inconsequential, more than inconsequential and
side certified fraud examiner or consultant with material. Any risks that are deemed more than
experience in conducting FRAs. According to the inconsequential or material must be addressed by
Basel Committee on Banking Supervision, the gathering more detailed information or evidence
internal audit plan should be based on a method- of potential fraudulent activity. This step should
ical control risk assessment that documents the take into account the risk tolerance of the firm.
organization’s significant activities and their
associated risks, as well as the principles of the Assess risks in the context of existing anti-
risk assessment methodology. fraud controls. The FRA team should evaluate
the effectiveness of existing controls in prevent-
80
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
ing the specific fraud scenarios which have been FRAUD DETECTION IN CUSTOMER
identified through the preceding steps. The ulti- ONBOARDING AND MONITORING
mate objective of the fraud risk assessment is to “New account” fraud is a significant challenge and
guide the organization’s auditors to implement has become a main conduit for identity theft and
specific measures to detect fraud, and senior risk other types of fraud. Fraudsters and criminal
management professionals to establish or adjust organizations that target financial institutions
anti-fraud controls to reduce the risk of fraud. take advantage of gaps in employee training and
communication and the pressures that front- line
As part of the risk assessment, the FRA team employees typically face to provide good service
and the internal audit department must consider and bring in new accounts.
whether and how anti-fraud controls can be cir-
cumvented or overridden by management and A good Customer Identification Program (CIP)
others. They should also analyze both internal can do far more than satisfy regulatory require-
and external threats to confidential electronic
data and computer and network security.
81
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
• Verify and authenticate the • Check the usage of mail drop locations or
customer’s identity rental mailboxes, which could be a sign of
multiple or false identifications.
• Screen the customer against national and
international sanctions lists and other watch OVERVIEW OF FRAUD MONITORING AND
lists, such as known or suspected fraud lists DETECTION SYSTEMS
from internal and external sources, including
law enforcement sources Because of the volume of customers, transactions
and data involved in monitoring and surveillance,
• Document the normal and expected business as well as evolving fraud trends and its shifting
activity for each customer, including sands, some organizations leverage specialized
occupation and business operations technology to help meet their fraud detection
• Document the customer’s relationship and reporting requirements.
within the organization and its subsidiaries,
including all the lines of business Data Mining Tools. Data mining is an effective
and widely used approach for discovering and
Many of these steps also apply to organizations detecting fraud. Data mining is used to detect
that are seeking to develop or strengthen inter- patterns of activity or transactions which are
nal procedures to guard against signs of corrupt anomalous, or “stand out,” from typical customer
activities by their own employees or through or business activity. It can also be used to discover
third parties with foreign public officials and previously unknown relationships between cus-
their family and associates. tomers, accounts and entities transacting with or
through the firm or financial institution.
82
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
Suspicious patterns are symptoms of fraud, not an important part of the account and relationship
evidence of it. Typically, further investigation opening process.
must be done to determine whether the activ-
ity is actually fraud (or another form of financial Point fraud detection products. Most business
crime) or is legitimate. Therefore, data mining organizations, including financial institutions,
tools must be combined with other capabilities have invested in products and processes to iden-
which facilitate the review and investigation of tify and prevent fraud on a product or channel-
the identified exceptions. specific basis. Traditionally, they have focused on
employing “point solutions” which focus on a rel-
Data mining tools have evolved substantially and atively narrow scope of behavior or fraud.
are able to analyze much larger sets of data in a
much faster timeframe. Data mining techniques Point solutions can be very effective for specific
have been integrated into many software solu- problem areas, such as check fraud and check
tions targeted at fraud detection. kiting, ATM fraud, credit card fraud, and for
establishing mechanisms to help protect access
Predictive analytics. Predictive analytics are through remote channels, such as online or mobile
widely used in fraud detection and prevention banking and other services. Point solutions may
efforts. Many predictive analytical techniques use one or a combination of fraud detection tech-
were pioneered by the credit card industry, and niques, including predictive analytics and rule
in recent years have been leveraged in other patterns, to detect the specific type of fraud for
areas including payments, online banking access, which the solution specializes.
account opening and small business fraud. Like
data mining techniques, predictive analytical Unfortunately, fraudsters do not stick with one
models have been integrated into many fraud channel, line of business or product. Deploying
detection software solutions. multiple fraud detection solutions does not sup-
port the ability to share and consolidate critical
Predictive analytics look at potential risk factors information among fraud detection silos, which
to detect the likelihood of fraudulent activity and leaves the organization and its customers vulner-
develop models which can be leveraged for real able to more sophisticated fraud schemes. Each
time monitoring. For example, analytical models of the major areas of fraudulent activity—activity
evaluate transactions to identify subtle patterns creating the most challenges for firms in terms of
of behavior indicative of fraud, or activities that losses, customer service issues, and reputation—
are atypical for an account or customer. Fraud typically involve more than one type of mecha-
analytical models are an excellent complement nism, channel or product.
to other detection techniques, such as reports
or rule patterns (which detect known patterns of Although point solutions offer significant capa-
fraudulent activity). bilities in specific areas of fraud, they can gen-
erate high levels of “false positives” and may not
Analytic modeling provides flexibility because it be well-integrated into the overall fraud and risk
allows successful automated detection of a broad management regime of the organization.
spectrum of suspicious activity, including activity
not previously recognized as fraudulent. Analyti- Fraudsters, who sometimes associate with orga-
cal models can also predict the likelihood or pro- nized crime, often use smarter and more sophis-
pensity of fraud based on attributes of the cus- ticated methods to gain access to financial data
tomer or entity seeking to do business with the in an organization. Sometimes collusion among
firm or financial institution, and, therefore, are merchants, fraudsters and organization insiders
83
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
exists. For this reason, many organizations have help prevent and reduce losses by automatically
implemented enterprise-wide fraud detection uncovering and focusing investigations on the
systems, including transaction monitoring and most urgent and actionable alerts.
case management systems to support a broader
view of fraud across various channels and types Internal reports. These are internally generated
of products and services. reports or systems, such as exception reports,
incident reports and leads databases, which help
Transaction Monitoring Systems. This is an flag activities and provide important ancillary
automated system, either a proprietary applica- information used for analyzing or investigating
tion or vendor-provided, for ongoing scanning alerts or cases.
of transaction, customer and entity data. It fil-
ters, compiles and summarizes transaction data Third party data. These can be reports, online
and flags or issues alerts on situations of poten- research portals and public record and propri-
tially suspicious or fraudulent behavior. Detec- etary data sources and analytics provided by
tion is typically achieved through implementa- third-party data vendors and repositories. These
tion of fraud detection scenarios that fall into
three categories:
• Rules-based scenarios which identify specific
patterns of behaviors related to fraud
BENFORD’S LAW
typologies or red flags. When hunting fraud in financial documents,
Benford’s Law can be a useful tool. It is a
• Statistical profiling scenarios which
mathematical theory that says certain digits
identify unusual activity by modeling
appear more frequently than others at cer-
typical or expected activity profiles for a
tain positions in real world data sets.
specific customer or type of customer and
identifying outliers.
Benford researched all different sorts of data
• Predictive analytical models which provide sets- from the size of butterfly wings to the
automated detection of a broad spectrum surface area of rivers - and found the same
of suspicious activity, including activity principle held true: The number 1 appears as
not previously recognized as fraudulent. the first digit about 30% of the time, and the
Analytical models can also predict the number 9 appears first less than 5% of the
likelihood or propensity of fraud. time. The numbers 2 through 8 have different
probabilities of appearing as the first digit.
Some software solutions leverage or combine
multiple types of approaches to help improve Benford’s Law applies to account transac-
detection capabilities. In addition, most transac- tions, bank transfers and wire transfers, and
tion monitoring systems also provide alert and can be used in investigations and foren-
investigations management systems to facilitate sic accounting.
and document the analysis and investigation of
alerts and cases. Comprehensive alert and case For example, an investigator might analyze
management can automate processes and reduce a company’s financial statements and note
investigative costs. that the number 9 is the first digit 25% of
the time. This will merit closer scrutiny and
Enterprise case management built specifically for could indicate fraud
financial crime investigators can provide a single
view of fraud, risk and compliance status. It can
84
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
may include credit record information, as well events as they are happening, particularly more
as more sophisticated predictive analytics. This complex, cross-channel fraud schemes, and tak-
information can be used at the time of account ing action before assets have disappeared are
opening for Know Your Customer and due dili- critical to minimizing losses and then meeting
gence purposes, and to support alert analysis and the challenging task of recovery.
investigations of suspicious or unusual activity.
A centralized approach that combines real-time or
near real-time fraud detection with sophisticated
THE IMPORTANCE OF AN analytics often facilitates early detection of fraud
ENTERPRISE APPROACH TO FRAUD schemes and their participants and enhances
AND FINANCIAL CRIME loss prevention and mitigation. An organization
should determine what the recommendations
In their efforts to more successfully man-
or requirements of its regulators indicate about
age financial crime and compliance, business
these approaches.
organizations, including financial services enti-
ties, often recognize the need to take an enter-
Establishing an enterprise fraud management
prise-wide approach to fraud management. Many
system, manual or automated, can be a key step
of them, especially larger ones, are establishing or
in better integrating fraud detection and preven-
have already established financial crime units or
tion into the organization’s overall governance,
financial intelligence units as a first step toward
risk and compliance framework. This can provide
targeting fraud in a more comprehensive way.
many benefits, including a better understanding
The effectiveness of this approach often depends
of the impact of financial crime on the organiza-
on the ability to bring together and coordinate
tion, and improved return on risk and compliance
existing point fraud detection software.
investments, protection of the organization’s rep-
utation and maintenance of customer trust.
.A comprehensive fraud detection approach must
provide a single point of analysis for account and
customer activity and also enable the monitor-
ing and detection of complex behavior and pat-
terns that may indicate broader issues. Exposing
85
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
Q 4-1. The CFO of a large public corporation sees that the company’s quarterly numbers
are going to exceed analysts’ expectations. Knowing the stock price will probably make
a big jump when this news is released, he makes several large open stock repurchases,
which increases the intrinsic value of the tens of thousands of shares he already owns.
He then mentions the earnings report to his wife, and she buys 1,000 shares of stock in her
personal trading account. Her broker, who knows that she is married to the CFO of this
company, feels that she must know something, so he recommends it to many of his clients
who buy some very large blocks.
The quarterly numbers are released, and the stock makes a big move as expected. Which
individual in this scenario has committed insider trading?
A. The CFO
B. The CFO’s wife
C. The wife’s stockbroker
D. The stockbroker’s clients
See Answer and Rationales
86
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5
GLOBAL
ANTI-CORRUPTION
COMPLIANCE
AND
ENFORCEMENT
OVERVIEW
87
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
For all these reasons, corruption and its many This means that all public functions, especially in
deleterious consequences have gained great countries where corruption is pervasive, may be
public and international attention in the past corroded and distorted to accommodate the cor-
two decades. rupt interests of the public officials. A legislator
may be corrupted to advance a legislative proj-
Official corruption, which refers to the dishon- ect, conduct an investigation or kill a bill that is
est acts of public officials, can take many forms. pending in the legislative body. This corrupts the
It can be bribery, extortion, embezzlement, kick- laws that guide business and other dealings and
backs, influence peddling, nepotism and alliances on which judicial decisions in business transac-
with criminal elements. tions are based.
Official corruption is not limited to employees Similarly, there is widespread corruption world-
in the executive branch of government, such as wide in the judicial branch of government. This
heads of state, ministers, law enforcement offi- means judges who are sworn to impartiality and
cials, inspectors, regulators and other func- fair dealings with parties that appear before them,
tionaries. Official corruption is also widespread are corrupted by a party to rule in a certain way
around the world in the legislative and judicial or prohibit someone from taking action, or com-
branches of government. In addition, many coun- pelling persons to do certain things. This goes to
tries’ governments create state-owned commer- the heart of the law and pollutes the legal sys-
cial enterprises that compete with private sector tem to the point where the public, whose tax dol-
businesses that do the same things. These state- lars support the system, loses confidence in the
owned enterprises engage in many commercial courts and respect for the judiciary and the law.
activities typically performed by private sec-
tor entities. Official corruption, which is often called public
corruption, is also rampant in many countries
State-owned airlines are an example. They fly where organized crime, drug traffickers and
commercial routes alongside private sector air other criminal enterprises shower public officials
carriers and have employees that perform simi- with money and expensive gifts to neutralize the
lar jobs as those in private airlines. The employ- laws and their enforcement. This creates an envi-
ees of these state-owned companies are as prone ronment in which the more traditional financial
to corruption as those of standard government criminals - who do not dirty their hands with
agencies. In general, the laws of most countries drugs, human trafficking and the like - find public
deem corruption by persons who work at state- officials more receptive to their corrupt payments.
owned entities in the same light as corruption by
employees of regular government agencies.
THE WORLD MOVEMENT TO
If an employee of a state-owned airline, for exam- COMBAT CORRUPTION
ple, seeks or obtains an unlawful payment for the Recognizing this, major international bodies have
performance of an official act related to the air- increased international pressure on nations to
line, it is a corrupt act just as if it were performed intensify their efforts against corruption over
88
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
roughly the past 15 years. This has resulted in the In the anti-corruption field, NGOs may be divided
enactment of laws by various nations, notably the into two groups:
United Kingdom, which enacted its far- reaching 1. Those that are associated with or supported
Bribery Act in 2010. by governments, sometimes through
international bodies like the Organization for
In addition, this surge in international attention Economic Cooperation and Development
to corruption has caused other nations to amend
their laws and step up their enforcement activ- 2. Those that are non-profit entities that are
ity. The notable example is the US, which has not officially supported by or connected to
greatly increased the enforcement and regula- a government
tory efforts under the Foreign Corrupt Practices The two types of NGOs often engage in similar
Act. The FCPA, which became law in 1977, is the work and partner with each another, thus blur-
grandfather of such laws around the world that ring the distinctions. Typically, however, NGOs
prohibit and criminalize corrupt payments to for- connected to national or international bodies are
eign public officials. more active in creating and promoting anti-cor-
ruption policies and standards, while unaffiliated
The new international standards that have non-profit agencies normally focus on anti-cor-
evolved from these accelerated and intensified ruption advocacy.
efforts have served as a beacon for nations that
wish to improve their mechanisms to prevent, One of the best-known of the unaffiliated enti-
deter and prosecute corruption in their govern- ties is Transparency International (TI), which is
ment functions. headquartered in Germany and has chapters in
100 countries. The chapters have considerable
latitude to choose the projects they will pursue.
NON-GOVERNMENTAL
ORGANIZATIONS AND ANTI- TI’s anti-corruption work is wide-ranging, but
CORRUPTION ADVOCACY some of its most important work is its research,
analysis and reporting on corruption issues. TI is
Non-governmental organizations (NGOs) play a
one of the key sources of information on global
significant role in these efforts. They have raised
corruption, which is facilitated by the data it
awareness of the effects of corruption, advocated
receives from its network of chapters. One signif-
for transparent government and business prac-
icant TI publication is the Corruption Perceptions
tices, and created and assisted anti-corruption
Index, an annual report that assigns rankings to
monitoring efforts.
all countries based on their “perceived levels of
89
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
A recent example occurred in France. Three pri- Organization for Economic Cooperation and
vate sector organizations sued Teodoro Obiang, Development (OECD). This important multi-
the son of the dictator of Equatorial Guinea, who national organization, which also serves as the
was suspected of having plundered his oil-rich parent of the Financial Action Task Force, plays
90
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
The convention also commits signatory nations tion, monitoring and finance systems in the gov-
to a two-stage review by other signatory coun- ernment agencies.
tries on their anti-corruption laws, policies and
enforcement and regulatory resources. In the In partnership with the United Nations Office on
first stage, the examining nation reviews the laws Drugs and Crime, the World Bank also adminis-
to ensure they are complete and in keeping with ters the Stolen Asset Recovery Initiative, known
the mandates of the Convention. The second as StAR. The program is intended to “support
phase assesses how well the nation is implement- international efforts to end safe havens for cor-
ing and enforcing its laws and how often its agen- rupt funds” and help countries that lose funds
cies bring cases. and other resources because of corruption to
recover the stolen assets.
As of January 2019, 40 nations had signed the
Convention, including Bulgaria, Iceland, New StAR also trains personnel of law enforcement
Zealand, Colombia, France, Germany, the US, agencies and other government agencies, as
the UK, Brazil and Turkey. The Convention has well as private sector entities on asset recovery.
prompted nations to amend corruption laws that It produces reports, handbooks and guides on
predate the Convention, including the US, which asset recovery.
amended the FCPA in 1998 to bring it in line with
the Convention’s requirements. United Nations Office on Drugs and Crime
(UNODC). The UNODC maintains an open source
World Bank. One of the most visible and import- database of corruption-related legal cases and
ant NGOs, it is an international financial institu- information, called Tools and Resources for
tion that extends loans and financing to devel- Anti-Corruption Knowledge, or TRACK. The
oping countries. One of its primary goals is to UNODC provides training on anti-corruption
reduce poverty by encouraging international enforcement and good governance practices to
trade and investment. Projects funded by the government agencies and other NGOs through
World Bank are often the targets of corrupt prac- numerous publications and training documents,
tices among the nations that receive assistance as well as its International Anti-Corruption Acad-
and the contractors and service providers that emy located in Austria. It also conducts research
implement them. As a result, over the past decade, on corruption and produces country- specific
the Bank has actively developed and promoted reports on corruption risks.
anti-corruption and good governance programs.
Many of them provide training, technical assis- United Nations. The United Nations Convention
tance and technology to recipient nations with against Corruption, which was introduced in
the goal of improving management, administra- 2003, establishes worldwide standards of con-
91
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
trols directed at official corruption and mecha- rupt official may ask that a payment be made to
nisms. By the end of 2012, it had been signed by a non-profit entity which he or she controls or
140 nations. Signatory nations commit to crimi- benefits from.
nalize bribery, implement laws and regulations
intended to prevent corruption, and cooperate
on asset recovery in corruption cases. Signatory
nations may seek and obtain the assistance of
other signatories to combat corruption. STOLEN ASSET RECOVERY
There are other prominent private sector organi-
INITIATIVE (STAR)
zations that render valuable services to the world Assets stolen by corrupt leaders at the
community on the combat of official and private country level are frequently of stagger-
sector corruption. These include Global Witness, ing magnitude. The true cost of corrup-
which was formed in 1993 to combat corrup- tion far exceeds the value of assets stolen
tion, natural resource exploitation, human rights by the leaders of countries. This would
abuses and poverty; and the Group of States include the degradation of public institu-
Against Corruption, which is a dependency of the tions, especially those involved in public
Council of Europe and monitors implementation financial management and financial sector
of multilateral agreements that seek to com- governance, the weakening if not destruc-
bat corruption. tion of the private investment climate, and
the corruption of social service delivery
These international bodies, NGOs and other mechanisms for basic health and educa-
organizations around the world offer informa- tion programs, with a particularly adverse
tion, training resources and expertise that can impact on the poor. This “collateral dam-
be a very valuable resource for financial institu- age,” in terms of foregone growth and
tions, commercial entities and national, provin- poverty alleviation, will be proportional
cial and local governments in their compliance, to the duration of the tenure of the cor-
investigation and enforcement efforts. Finan- rupt leaders.
cial crime specialists should always keep these
resources in mind. Addressing the problem of stolen assets is
an immense challenge. Even though coun-
tries as diverse as Nigeria, Peru and the
MECHANISMS THAT Philippines have enjoyed some success in
FACILITATE CORRUPTION asset recovery, the process is time-con-
suming and costly.
Throughout the world, there is a wide variety of
mechanisms and vehicles that facilitate the plan-
The Stolen Asset Recovery (StAR) initia-
ning and execution of corruption.
tive was launched jointly by the UN Office
on Drugs and Crime (UNODC) and the
Here is a listing of some common vehicles for
World Bank Group (WBG) to respond to
corruption. Additional information on how these
this problem.
can be applied can be found in the money laun-
dering section.
92
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
In guidance on the Foreign Corrupt Practices Act, diligence on businesses that receive payments
the US Department of Justice lists five questions may reveal fictitious businesses that are corrup-
to consider when making charitable payments in tion vehicles.
a foreign country:
Payments through loans. An organization or
• What is the purpose of the payment? individual could use loans to disguise corrupt
• Is the payment consistent with the company’s payments in several ways. A payer could give a
internal guidelines on charitable giving? bribe to the recipient directly, but then record it
• Is the payment at the request of a as a legitimate loan in its books and records. A
foreign official? company or individual could also give an actual
loan to a government official or entity, but pro-
• Is the foreign official associated with the vide it on very favorable terms, such as at a low
charity, and if so, can they make decisions interest rate if not interest-free.
impacting your business?
• Is the payment conditioned upon receiving Gifts, travel, entertainment and other personal
businesses or other benefits? expenses. These are often a cover for corrupt
dealings with a public official and his family and
Political campaigns. Elected public officials have associates. For example, a public official who asks
political organizations through which corrupt a business person for financial assistance to pay
payments may be made. The official may also his daughter’s college education may be seeking
use a nominee or ‘front’ to create a company that a bribe. Companies that provide an official the
provides services to the campaign and which may free use of their apartments, cars or airplanes, in
serve as a vehicle for corrupt payments. effect, may be bribing that official.
93
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
• Correspondent accounts maintained in other The roots of the FCPA can be traced back more
countries by the financial institutions of the than three decades. In the mid-1970s, a series
country where the corrupt official resides of corporate bribery scandals made headlines
• Using state-owned companies that are worldwide and triggered unprecedented gov-
commercial entities owned by a government, ernment scrutiny of transnational corrupt busi-
which may offer facilities and personnel to ness practices.
execute a corrupt scheme
Investigations of international corporate brib-
Corruption breeds other financial crimes. Often it ery began in the US, when the political scandal
is part of larger financial crimes. To hide evidence known as ‘Watergate’ led to a wider probe of
of their corruption, officials that take bribes and domestic corporate corruption. These inquiries
companies that pay them usually falsify their tax unearthed evidence not only of illegal political
contributions inside the US, but also widespread
94
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
bribery of non-US public officials by US compa- The FCPA also applies to non-US persons who
nies overseas. reside in the US and to non-US entities that are
registered with the SEC as an “issuer” of securi-
One example involved Lockheed Martin Corpo- ties, meaning any company whose stocks or secu-
ration. An investigation in 1975 by a US Senate rities are traded on US exchanges. Even a non-US
subcommittee exposed that the US aerospace company with no offices, employees or physical
company had paid $22 million to high-ranking presence in the US may be criminally prosecuted
government officials in four countries to secure in US courts for bribery it committed anywhere in
airplane contracts. The fallout was global. In the world. This makes it a truly international law.
Italy, the scandal forced the sitting president to
resign. In the Netherlands, evidence implicating In a prosecution for violation of the FCPA, viola-
the country’s prince taking corrupt payments tors may face the judicial precept known as “will-
disgraced the royal family. Japan’s prime minis- ful blindness.” This means that persons or entities
ter was arrested and convicted on charges con- that may not have direct knowledge of corrupt
nected to his accepting bribes. payments may still be held responsible if they
were “willfully blind” to the payments and delib-
The US SEC subsequently found evidence impli-
cating more than 400 US corporations that had
paid $300 million in bribes to non-US public offi-
cials and political entities. The resulting outcry in PDVSA BRIBERY SCANDAL
the US and abroad led the US Congress to pass
In early 2018, the US Department of Jus-
the FCPA. It was enacted into law in 1977.
tice released the opening salvo in what
would become a broad campaign against
KEY PROVISIONS OF THE FCPA corruption tied to Venezuela’s state-
The FCPA is a sweeping anti-corruption law that owned oil company, Petroleos de Venezu-
has criminal and civil provisions. It makes it a ela S.A (PDVSA).
crime for US individuals and entities, including
corporations and non-profit organizations, to US prosecutors indicted five former offi-
“corruptly offer, promise or provide anything of cials of PDVSA for accepting tens of mil-
value to a foreign official for the purpose of obtain- lions in bribes to steer contracts to two
ing or retaining business.” The term “foreign offi- US-based businessmen. As the officials
cial” has been interpreted very broadly by US were not US persons, some were outside
law enforcement and regulatory agencies. It has the scope of the FCPA, but still subject to
come to mean not just elected officeholders, but US money laundering laws. Four of the
also political appointees and virtually all employ- officials were arrested in Spain, while a
ees of a state agency or state-owned company. fifth was at large as of early 2019.
The FCPA also imposes record-keeping and In a separate case later in the year, pros-
accounting duties on certain entities. These are ecutors in Miami indicted a US citizen
known as the “books and records” provisions and and former German banker for their role
are enforced by the SEC. The provisions require in embezzling $1.2 billion from PDVSA. In
companies to create effective controls that are that instance as well, prosecutors com-
designed to prevent and detect corrupt payments. bined corruption and money laundering
Companies that violate these provisions can face charges, showing a clear connection.
civil penalties.
95
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
96
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
cuted corporations and individuals for bribing business tasks, including marketing and distrib-
officials in national, state and local governments, uting new products, providing legal consultation,
as well as regulators, law enforcement agents, and acting as intermediaries between the com-
political parties and their candidates. pany and government officials. Common exam-
ples of these intermediaries are attorneys, sales
Another important term in the FCPA is “instru- agents, distributors, consultants, accountants
mentality.” US agencies have interpreted it to and lobbyists.
include state-owned enterprises (SOEs), such as
utility companies, airlines and other state- owned Third parties in the setting of possible foreign
businesses. FCPA cases have involved employees corrupt acts are some of the biggest compliance
of SOEs, including managers of so- called sover- and liability risks that a business organization
eign wealth funds, directors of a telecommunica- can face. The FCPA guidance by the US Justice
tions utility and medical professionals employed Department and SEC devotes considerable atten-
by state-run healthcare systems. State-owned tion to third parties and the liability that can flow
enterprises are very common in many nations, from their actions.
and, in some nations, they have a monopoly or
near-monopoly on industry sectors such as trans- Many companies have faced FCPA enforcement
portation, energy production and infrastructure, actions as a result of corrupt payments made
and health care systems. by third parties. One high-profile situation that
erupted in mid-2012 involved Wal-Mart’s Mexican
FPCA cases have also involved companies and subsidiary, Wal-Mart de Mexico. An investiga-
individuals for corrupt payments to employees of tion and report by the New York Times revealed
entities that are not wholly-owned by a foreign that Wal-Mart de Mexico had retained attorneys,
government. US agencies have determined that known as “gestores,” to help obtain permits from
foreign companies or entities can be considered federal, state and local government agencies. The
an “instrumentality if a foreign government has attorneys were said to have made widespread
a controlling interest or otherwise exerts con- payments to Mexican government officials. Wal-
trol over them.” Mart is under investigation by the Justice Depart-
ment and SEC and has launched a broad internal
In November 2012, the US Department of Jus- investigation.
tice and the SEC issued guidance to the public
on compliance with the Act and best practices Middlemen who assist companies in dealing with
in meeting the duties it imposes. They indicated governmental agencies are fixtures of the busi-
they would most likely not pursue an enforce- ness environment worldwide. Carefully vetting
ment action against an enterprise in which a and monitoring of the third parties that are hired
foreign government held less than a 50 percent is essential to avoiding FCPA violations. Experts
ownership stake. say the anti-corruption compliance measures
that companies and individuals should take
These expansive interpretations of “foreign offi- when employing third parties should include
cial” and “instrumentality” have been challenged, the following:
but no US court has limited the broad approach 1. Thorough reviews of the third party’s
of these government agencies. background, reputation and experience,
paying special attention to their connections
THIRD-PARTY LIABILITY UNDER FCPA with government officials. Abnormally high
Companies and individuals that operate overseas fees charged by them can be a red flag of
frequently employ third parties for a variety of corrupt payments.
97
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
2. Contract terms that explicitly describe all ing a corruption case should be aware that con-
services to be performed, and the fees or tracts, payments and business arrangements
expenses that are expected to be charged with third parties are common mechanisms for
and incurred. Contracts should include corrupt payments.
warranties that formally commit the third
party to complying with the FCPA and other In some cases, third parties may be paying bribes
anti-corruption standards. on a company’s behalf without the knowledge
3. Continuous oversight and monitoring of or authorization of the company. In other cases,
third parties after a contract is signed, to companies may seek out third parties in order to
include periodic updating of the review of facilitate or obscure bribe payments, or ignore
the third party, requirement of ongoing anti- evidence that third parties are making corrupt
corruption training, and annual certification payments on their behalf.
that the third party is compliant with the
FCPA and local laws. In these situations, various red flags such as the
following may be used to indicate that a third
4. The due diligence procedures exercised on party may be involved in a corruption scheme:
third parties should be risk-based, taking
into account the geographic area, past
history and the business rationale for hiring • Fees that are much higher than other
them and other factors. third parties in the same sector, without a
compelling business rationale
RED FLAGS OF CORRUPTION IN THIRD- • Requests for abnormal or strange
PARTY PAYMENTS compensation arrangements, such
as excessive commissions or unusual
A financial crime specialist who is reviewing a
reimbursements
company’s compliance program or investigat-
A View of the Bonny Island Natural Gas Facility in Nigeria. The US Company Halliburton was Fined $579 Million for
Paying Bribes to Secure Contracts Related to the Facility Worth $6 Billion
98
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
99
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
mented anti-corruption policies and procedures, employees as soon as possible after a merger or
certification of third parties, and a mechanism acquisition. The importance of providing train-
to report suspected bribery and anti-corruption ing to employees of newly acquired companies
legal violations. in mergers and acquisitions is continually high-
lighted by US enforcement agencies, who stress
When an acquisition is completed, the two com- that it should happen within a short timeframe
panies should integrate their compliance pro- once the acquisition is complete.
grams and ensure they are consistent across all
offices, branches or subsidiaries. This includes BOOKS AND RECORDS
providing consistent and adequate training to all PROVISIONS OF THE FCPA
Chiquita’s Colombian subsidiary, C.I. Bananos de Exportacion, S.A., or “Banadex,” was the com-
pany’s most profitable banana-producing operation. The case revealed that Banadex gave at least
$1.7 million in 100 separate payments to a Colombian terrorist group, the Autodefensas Unidas de
Colombia or the United Self Defense Forces of Colombia (AUC), from 1997 to 2004. The company
also made payments to another terrorist organization, the Revolutionary Armed Forces of Colom-
bia, or FARC. Both were violent paramilitary organizations known to kidnap and murder civilians to
further their agendas.
AUC was labeled a foreign terrorist organization (FTO) by the US Secretary of State in 2001 and a
Specially-Designated Global Terrorist in 2003. These designations made it illegal for US entities
to enter into business with or otherwise support the AUCFrom 1989-1997, Banadex paid FARC for
rights to grow bananas in a region of Colombia. In 1997, the leader of the AUC met with the general
manager of Banadex and explained his intentions to remove FARC from power and institute AUC
as the ruling group in the area. The AUC leader threatened the general manager, saying that harm
would come to Banadex personnel and property if he did not provide regular payments to AUC.
Banadex paid AUC regularly until 2004.
It was revealed in the case that at least 10 top executives knew about and approved the illegal activ-
ities. Chiquita even received counsel about this predicament and was very strongly advised to stop
payments. The company ignored the legal advice and continued to produce bananas in the terror-
ist-controlled regions.
After three years of investigations and legal proceedings, Chiquita pleaded guilty to making $1.7
million in illegal payments to designated terrorist groups. The company was fined $25 million and
agreed to adopt a large-scale corporate integrity program in the case settlement. Although the
Department of Justice considered individual prosecution of Chiquita executives, none was pursued.
100
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
101
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
In the past, the SEC has played a secondary role in Violations of the books and records provision also
enforcing the FCPA. The increased enforcement carry significant penalties. For companies, violat-
of the FCPA over the past decade has been led ing the books and records provision can result in
primarily by the Justice Department, which has a criminal fine of up to $25,000 and a civil fine
typically launched investigations and assessed of up to $725,000 per penalty. For individuals,
the largest monetary penalties in settlements. penalties are even more severe. Individuals face
SEC civil fines for books and records violations criminal fines up to $5 million and civil fines of
were usually added to cases that were initiated by up to $150,000, as well as prison terms as long
the Justice Department, and focused mainly on as 20 years.
violations of the bribery provision.
Instead of pursuing criminal cases, the US Justice
In recent years, that trend has shifted, and the Department often employs Deferred Prosecution
SEC has begun to pursue companies for violat- Agreements (DPA) to settle FCPA cases against
ing the books and records provision even when companies. This usually includes monetary pen-
they were not charged with violating the bribery alties and other remedial measures, but no crimi-
provision. Of the eight SEC enforcement actions nal charges brought against the company or indi-
against corporations in 2012, four were civil cases viduals. The terms of a DPA normally include a
that only charged books and records violations. criminal fine and assurances by the company that
The SEC collected more than $57.4 million in dis- it will not violate the FCPA again and will improve
gorgements from those cases. its anti-corruption compliance program. Often a
company may be required to conduct a full audit
In total, the SEC collected $118 million from com- of its compliance program and submit a written
panies in 2012 in FCPA cases. Financial crime pro- plan for augmenting it.
fessionals should note that this heightened SEC
enforcement increases the pressure on compa- DPAs, which are publicly available at the US Jus-
nies to implement robust accounting controls and tice Department’s website, serve as a resource for
ensure adequate oversight by company directors. financial crime specialists who seek to fashion
compliance programs and measures that reduce
CRIMINAL AND CIVIL PENALTIES the risk of FCPA violations.
UNDER THE FCPA
The cost of facing an enforcement action runs
The FCPA imposes substantial criminal and civil
beyond the penalties and the remediation pro-
penalties. One recent example is the settlement
cedures that may be imposed. At a multinational
that the Swedish telecommunications corpora-
corporation, such as Siemens, these reviews can
tion, Telia, reached with the Justice Department
involve international teams of legal professionals,
and SEC for bribery of government officials in
investigators, forensic accountants and auditors,
Uzbekistan in 2017. It exceeded $900 million in
in addition to internal staff that is distracted from
civil and criminal penalties.
its normal work for long periods. Companies that
are penalized for FCPA violations have suffered
Companies that violate the law’s bribery pro-
considerable declines in their stock price, as well
vision face criminal fines of up to $2 million per
as lawsuits by shareholders. The reputational
violation, and civil penalties of up to $16,000 per
harm is also large.
violation. Individuals who violate the anti- bribery
provision face criminal fines of up to $250,000
per violation, civil penalties of up to $16,000, and
sentences of up to five years in prison.
102
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
Private business entities are not the only ones Guidance by industry associations and nonprofit
that must consider and implement anti- cor- organizations, such as the International Cham-
ruption compliance programs. International ber of Commerce's Rules on Combating Corrup-
non-profit and non-governmental organizations, tion and Transparency International's Business
which often operate in countries where corrup- Principles for Countering Bribery, are also useful
tion is widespread, frequently have their own resources for financial crime specialists.
compliance and training programs.
The US Justice Department and SEC Guidance
Like compliance programs in other financial included several “hallmarks” of an FCPA com-
crime fields, such as anti-money laundering, anti- pliance program. The following summary is
corruption compliance should be tailored to the intended as a general overview of these hall-
organization, its operations and risk profile. Com- marks, incorporating and expanding on them
pliance should start with a thorough risk assess- with guidance from other public and private-
ment, taking into account the geographic regions sector organizations.
in which it operates, its products and services,
its relationships with corporations, third parties
103
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
104
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
This could include examining internal risks, no-tolerance policy for employee involvement
such as a lack of consistent training or in corrupt activities.
unclear gifts and entertainment policies. It • Standards of behavior for the organization's
may also include assessing geographic risks employees, which may include an anti-
to determine if an organization operates in corruption agreement written into
a jurisdiction with weak anti-bribery laws or employment contracts.
enforcement, a widely recognized history of
commercial or governmental corruption, or • Procedures on the actions that should be
a culture in which gift-giving and bribery is taken if bribery or corruption is detected,
considered the norm. It should also examine and a clear chain for escalating corruption
the risks in its existing partnerships to issues upward to senior management.
determine if the partners are exposed or
prone to corruption through relationships To build anti-corruption policies and procedures,
or contributions to public officials, political organizations should examine pre-existing com-
parties or associations, charitable groups pliance programs in related fields, such as fraud
or ventures. and money laundering. It is possible to apply
certain tools from other compliance regimes,
• Determining expertise. An accurate risk such as anonymous reporting telephone lines or
assessment can be challenging based solely transaction monitoring systems, to anti-corrup-
on the knowledge and expertise that is tion programs.
required to carry one out. An organization
must determine if it has the proper skills An organization should also solicit advice and
among its employees and executives to suggestions from employees when it is creat-
properly assess risk, and understand ing anti-corruption procedures and policies.
what internal and external personnel and Employees often have great expertise and on-the-
expertise it needs or plans to use. ground experience concerning the challenges
and risks of corruption settings and players.
Clearly articulated compliance policies, proce- Involving employees may help create a sense of
dures and code of conduct. This encompasses ownership in the compliance program and assist
a company's documented anti-corruption com- in building a compliance culture.
pliance program and existing procedures to
implement them. Some measures could include Compliance program oversight and monitoring
the following: by senior management, autonomy and adequate
• A clear statement of commitment to adhering resources. US and UK agencies make clear that
to anti-corruption statutes and regulations, an organization should designate members of
including the FCPA, UK Bribery Act senior management to supervise the anti-cor-
and local laws. ruption compliance program. These persons
bear ultimate responsibility for ensuring that the
• Direction on how, when and in what amounts program is robust and effective, and should have
employees are allowed to pay for gifts, direct access to the top levels of authority in the
hospitality or entertainment for foreign organization. This usually includes the board of
officials or their families and associates. This directors and the audit committee.
includes procedures to ensure that payments
are legal and transparently recorded, and an Senior management must ensure that the com-
approval process exists for such expenses. pliance program has adequate resources to
• An explicit written statement prohibiting effectively detect and prevent corruption. Such
bribery and corruption, possibly including a resources should include a compliance staff,
105
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
funding and tools, such as databases and transac- and incorporated into an organization’s audit and
tion monitoring systems. The resources may also review of its program.
include external legal counsel, investigative pro-
fessionals or technical support services. Orga- Updating compliance programs through testing
nizations should consider their risk profile, size and review. An organization should audit its com-
and organizational complexity, and the services pliance program on a periodic basis, as well as in
or products they offer when they are determining response to changing market conditions, service
the resources that will be adequate to build and or product offerings, or partnerships and busi-
maintain the compliance program. ness arrangements. When it opens a new office
overseas, it should thoroughly review its com-
Ongoing training for employees and third par- pliance policies and procedures to ensure they
ties. Training is another crucial element of anti- are adequate for conditions and risks in the new
corruption compliance. It should include the jurisdiction.
provision to employees and third parties of full
information on the relevant anti-corruption laws Organizations must also take into account any
and regulations in the jurisdiction where an orga- changes to applicable laws and enforcement pol-
nization operates, and full details on the organi- icies in all countries where it operates. Periodic
zation’s anti-corruption policies. Comprehensive review and updates of compliance programs
direction on how to report suspected instances should include how the review results will be
of corruption must be included, via escalation to reported, to whom within the organization the
higher authorities. report shall be given, and how and when the rec-
ommended changes shall be implemented.
The training should clearly delineate the dis-
ciplinary measures that will be taken against Risk-based due diligence on third parties and
employees who violate the policies. Many orga- transactions. These include acquiring knowledge
nizations require termination of those employ- of the third party's reputation and associations,
ees and notification of the proper authorities of an understanding of the business rationale for
possible criminal or civil violations. Some organi- hiring the party and the expected services the
zations have implemented measures that incent party is expected to provide, and ongoing moni-
proper behavior, such as employee bonuses for toring and due diligence of the third party.
commendable adherence to the anti-corrup-
tion policies.
THE UK BRIBERY ACT
Procedures for confidential reporting of cor- Like the FCPA, the Bribery Act of the UK stands as
ruption violations and internal investigation. If an anti-corruption law with international scope
suspected bribery or corruption arises, organiza- and broad applicability on entities that are sub-
tions should have processes for employees at all ject to its provisions. In many ways, the Brib-
levels to report potential violations confidentially. ery Act goes beyond the FCPA in the behavior it
These mechanisms should include a clear chain prohibits, and the criminalization of commercial
of command for escalating the reports upward bribery, in addition to bribery of government offi-
in the organization's hierarchy, and appropriate cials. It also contains fewer exceptions than the
procedures to inform regulatory and enforce- FCPA. For example, it prohibits "facilitation pay-
ment authorities, where appropriate. Investiga- ments," whereas the FCPA does not. The Brib-
tive steps should be documented and if weak- ery Act also criminalizes domestic corruption
nesses in a compliance program are identified and the acceptance of bribes by UK citizens. In
during the investigation they should be corrected
106
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
107
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
108
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
with [them] from bribing." The Bribery Act does • Communication (including training).
not specify what “adequate procedures” are. Organizations should use thorough internal
and external communication to ensure that
COMPLIANCE WITH THE UK BRIBERY ACT anti-corruption policies are recognized,
Although the Bribery Act exceeds the scope of accessible and understood by all employees,
the FCPA in several ways, many of the essential as well as third parties. This includes a
compliance procedures and practices apply under training program based and focused on the
both laws. The UK guidance lays out six "princi- corruption risks faced by an organization.
ples" it says should form part of an organization's • Monitoring and Review. The anti-corruption
compliance program. They are summarized here compliance program of an organization
for reference, but a financial crime specialist con- should undergo auditing and testing
ducting a project or investigation related to the regularly, especially after significant changes
Bribery Act should refer to the full guidance that to the organization's business lines, services
is included in the Appendix: or operations, such as opening a new
affiliate overseas.
• Proportionate Procedures. An organization
should adopt processes and controls to Financial crime specialists should understand and
prevent bribery that are proportionate to be aware of how the UK Bribery Act differs from
the scale and complexity of its activities. the FCPA, including the absence of an exemption
This principle stresses that all compliance for facilitation payments and the coverage of the
programs must be tailored to the specific Bribery Act of all bribery, not just bribery of for-
circumstances of the organization. The eign officials.
guidance underscores that procedures must
be "clear, practical, accessible, effectively UK BRIBERY ACT PENALTIES
implemented and enforced." Violations of the Bribery Act carry stiff penalties.
• Top-Level Commitment. The guidance Individuals found guilty of violations face up to 10
recommends that the top management of years in prison and an unlimited fine. A “commer-
an organization, from CEO to the board cial organization” found guilty of failing to pre-
of directors, must have a demonstrated vent bribery also faces an unlimited fine.
commitment to preventing bribery, which
should be communicated to the entire Individuals and organizations found guilty may
organization. have assets confiscated under another British
law, known as the Proceeds of Crime Act. A com-
• Risk Assessment. Organizations should pany director or senior manager who violates the
conduct a well-informed, documented Bribery Act may be disqualified from serving as
and regularly-updated risk assessment by a director of any company or from taking part in
determining the nature and extent of its the formation or management of any company.
possible external and internal corruption
risks. This risk assessment should include
third parties and other persons and entities BRIBERY AND EXTORTION
associated with the organization.
Bribery and extortion have many characteristics
• Due Diligence. Organizations should conduct in common, and the lines between the two can
appropriate due diligence on all persons or become blurred. There are key differences, how-
entities that perform services, including third ever, and for the purposes of investigating and
parties such as attorneys and sales agents,
based on their risks.
109
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
preventing corruption, it is important to under- application for a license for an insurance company
stand their distinctions. if the applicant does not pay a certain amount to
his nominee.
Both are criminal acts that involve a giver pro-
viding assets, services or other articles of value Extortion typically involves the threat of harm
to a recipient. One major difference between the against a person or entity, whereas bribery
two is what the recipient will do in response to involves the offer of some benefit for a person
receiving the asset or article of value from the or entity. To be considered extortion, the threat
giver. In bribery scenarios, a giver is provid- must be credible and the harm must be immedi-
ing something of value in exchange for a benefit ate and tangible.
offered by the recipient.
Both the FCPA and UK Bribery Act have exemp-
In extortion, the recipient is typically not offer- tions to making corrupt payments if the payments
ing to provide anything of benefit to the giver. are made under real duress, and the company or
Instead, he or she is threatening to take an action individual is in legitimate danger from a credible
or engage in conduct that will harm the giver if threat. Even so, companies or individuals looking
he or she does not provide something of value, to remain compliant with anti- corruption laws
usually of a specific amount or to comply with such as the FCPA should understand that, in most
the recipient’s demands. For example, a com- circumstances, they will not be able to protect
missioner of insurance may threaten to reject an themselves from liability by claiming extortion.
110
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
Q 5-1. You are a compliance analyst at a multinational financial institution that provides
banking and investment services to large institutional customers. Your institution is cur-
rently seeking new business opportunities providing services to universities, hospitals and
other institutions with potential ties to political officials and government agencies. Your
institution plans to expand into Norway, India, Botswana and Chile and has asked you to
assess the corruption risks of offering its services in each nation.
What is an accurate risk rating for these countries?
A. Providing investment and banking services in Norway poses the highest risk for
corruption due to a history of bribery by Norwegian state-owned oil companies.
B. Providing services in India poses the highest risk for corruption due to the prevalence
of state-owned entities and Politically-Exposed Persons (PEPs).
C. Providing investment and banking services in Botswana poses the highest risk for
corruption due to widespread graft in government contracts.
D. Providing services in Chile poses the highest risk due to connections between the
Chilean government and international organized crime rings.
See Answer and Rationales
A. Paying for Dr. Y’s dinner is permissible under the United States’ Foreign Corrupt
Practices Act.
B. Dr. Y is a medical professional and thus exempt from the United States Foreign
Corrupt Practices Act.
C. Dr. Y can be considered a foreign public official under the United States Foreign
Corrupt Practices Act because he is a high-level employee at a government-
owned entity.
D. Sending Dr. Y a gift basket is permissible under the United States Foreign Corrupt
Practices Act.
See Answer and Rationales
111
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6
TAX
EVASION
AND
ENFORCEMENT
OVERVIEW
There is an old adage that says that “the only things in life that
are certain are death and taxes.” While financial criminals may
not be able to cheat death, they certainly try, and mostly suc-
ceed, in evading their taxes. For obvious reasons, corrupt offi-
cials, money launderers, Ponzi schemers and others usually can-
not declare their criminal proceeds on their tax returns. This
would threaten their criminal operation with exposure. Even if
they are able to make their criminal proceeds appear legitimate
for tax purposes, financial criminals who steal and cheat for a
living typically have few qualms about evading taxes.
112
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
113
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
created by the OECD, known as the Common • Tax evasion is escaping payment of taxes by
Reporting Standard. This will be discussed in illegal means, such as by hiding the true state
more detail later in this chapter. of one’s finances from tax authorities or not
filing required tax documents.
This chapter provides a general overview of what • Tax avoidance is sometimes referred to as
tax evasion entails and the avenues and mecha- tax mitigation and is the legal use of the tax
nisms through which it is conducted. It also cov- laws and regulations to one’s advantage to
ers some common schemes of tax evasion and reduce the taxes that are payable by means
key indicators that suggest tax fraud is occurring. that are approved by the law or regulations.
Additionally, it provides guidance on conducting Some methods of tax mitigation are common,
investigations into tax evasion and using tax doc- such as making use of pension plans or
uments in financial crime investigations, generally. retirement accounts in the US that postpone
tax until retirement.
Often, tax information that a person or busi-
ness organization has prepared and filed can Although governments have always had enforce-
be a critical source when investigating a finan- ment authority over illegal tax evasion, recent
cial criminal or building a legal case against one. economic downturns and reduced public reve-
Although many jurisdictions have tight secrecy nues have forced governments and taxing author-
laws restricting access to tax information, it can ities to closely look at tax evasion methods and so
be very valuable for a wide range of matters. All called “aggressive” tax avoidance in an effort to
financial crime professionals should have famil- detect violators and increase tax revenue.
iarity with tax evasion and enforcement issues.
Sometimes, investigating a criminal as a tax Other terms that the financial crime specialist
evader can be a very effective step in unraveling may need to know include the following:
the larger financial crime scheme.
• Tax shelter is a mechanism by which a
taxpayer may protect assets or income from
TAX EVASION VS. TAX AVOIDANCE taxation or at least delay the application
As a financial crime specialist, it is important to of taxes. Common forms of tax shelters
distinguish between legal methods to reduce tax may include investments in pension plans
liabilities and illegal avenues to reduce taxes or and real estate. It is important to note that
evade paying taxes. It is common among tax- many types of tax shelters are completely
payers to minimize taxes applicable to income legal. Where tax shelters may cross the
and other assets. The tax regimes of many juris- line into tax evasion is when they are solely
dictions recognize legitimate methods to min- designed for the purpose of avoiding taxes.
imize or remove tax consequences for certain In these cases, they may be deemed abusive
transactions, but uniformly prohibit and punish by tax authorities and subject the pertinent
tax evasion. taxpayers to criminal or civil penalties.
• Tax havens are jurisdictions that provide
However, not following applicable tax laws or uti- secrecy or other means of protecting assets
lizing unlawful methods to escape taxation can be placed there from being taxed by other
a violation of law and subject the taxpayer to seri- jurisdictions. Tax havens may be states,
ous penalties. Generally, many courts have rec- countries or territories with low taxes
ognized that individual taxpayers may reduce the or no taxes at all. It is not uncommon for
amount of taxes that would otherwise be appli- corporations or individuals, usually high-
cable if lawful means authorized by law are used. wealth individuals, to physically relocate
114
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
to these jurisdictions or shift assets there that fail to apply the law openly, fairly and
by opening subsidiaries or shell companies. consistently are indicators of a lack of
As economies have become increasingly transparency. Also contributing to a lack
globalized in recent years, this has led to of transparency are limited regulatory
fears of tax competition among jurisdictions, oversight and enforcement powers, and
as nations compete to offer lower tax the government’s inability to access
burdens. Global tax compliance efforts, like financial records.
FATCA, are partly intended to stem such tax • No requirement for a substantive local
competition. presence, which allows individuals and
corporations to set up shell companies
There is no one universally accepted definition and other entities without the need to be
of a tax haven. One simple definition proposed physically located in the haven, sometimes
by some economists is a jurisdiction with tax with nothing more than a PO Box.
laws that are purposefully designed to cater to
individuals and corporations looking to avoid • Self-promotion as an offshore financial
taxes. Often, these jurisdictions will alter their center. Before more recent reforms, nations
laws to make them more attractive to persons such as the Cayman Islands and jurisdictions
and entities. such as Jersey and Guernsey, often
advertised their offshore financial services,
Additionally, many havens have bank secrecy and indirectly or directly, giving the impression
data privacy laws designed to severely restrict they were a tax haven.
the tax information that may be shared with gov-
ernment and law enforcement agencies in other
jurisdictions. For this reason, tax havens are also
INTERNATIONAL SCOPE
referred to as “secrecy havens.” Many havens also OF TAX EVASION
have extradition laws or treaties that only permit By nature, tax evasion is difficult to quantify. This
extradition for a limited number of crimes, usu- is particularly true of offshore tax evasion, as
ally violent ones, and exempt financial crimes like funds are often disguised by complex legal struc-
tax fraud from extradition. tures and hidden in tax haven accounts with little
transparency.
One useful working definition of tax havens
comes from the Government Accountability Estimates of the scope of tax evasion exist, how-
Office (GAO), the US Congressional watchdog ever. A 2012 report by anti-tax evasion advo-
agency. In a December 2008 report on the use cacy group, Tax Justice Network, estimated that
of tax havens by US corporations, the GAO pro- between US$21 trillion and US$32 trillion is kept
vided the following characteristics as suggestive undisclosed to tax authorities in secrecy havens
of a tax haven: worldwide. This represents between 24 percent
and 32 percent of total global investments. In an
• No or nominal taxes. older 2007 estimate, the OECD estimated that
• Lack of effective exchange of tax information untaxed capital held offshore amounted to US$5
with foreign tax authorities. trillion to US$7 trillion, or approximately 6 to 8
• Lack of transparency in the operation of percent of total global investments.
legislative, legal or administrative processes,
particularly in functions such as the Some rough calculations reveal the amounts at
formation of companies. ‘Secret rulings,’ stake. Taking the OECD’s conservative $7 tril-
negotiated tax rates and other practices lion number and assuming those untaxed assets
115
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
would earn just five percent each year, and these Because much of the revenue lost from tax eva-
earnings would be subject only to a 20 percent sion is in more developed countries, the OECD
tax rate, nations are losing $70 billion a year from has taken a lead in developing international stan-
undisclosed offshore assets. Some estimates dards for transparency and exchange of informa-
are far higher. tion concerning tax matters.
The advantages of tax havens1 basically may be Tax evasion. In broad terms, tax evasion or tax
classified in four categories: fraud is the willful violation of one’s legal duty to
Asset holding. The first step of asset holding pay mandatory taxes to the government. At its
involves forming a corporation, trust or other most basic level, tax evasion may be as simple as
legal entity. In more complex arrangements, a misstating facts and numbers on a tax return, or
trust will be formed that controls a company. failing to file a required form. Other straightfor-
Typically, the entity will be formed in one tax ward examples include the following:
haven and administered in another. The purpose • Underreporting of income
of the entity is to hold assets, which may include
physical properties, investments, funds or other • Overstating deductions and losses
companies. By transferring the control and own- • Overstating dependents
ership of such assets into an entity in a haven, • Filing returns on behalf of another without
the assets are often no longer able to be taxed authorization (identity theft)
in other jurisdictions. Asset holding is sometimes
done to avoid or evade a specific type of tax, such Tax evasion schemes can also be extraordinarily
as inheritance tax. complex, involving offshore accounts and multi-
ple layers of corporate entities and legal trusts
Trading and other business activity. To minimize that make the true owner of assets very diffi-
taxes, businesses that operate online or remotely, cult to determine. While international efforts to
or require only minimal staff, will sometimes increase transparency and the exchange of tax
relocate to havens. These may include certain information between jurisdictions have made
investment and financial services companies, as strides in recent years, there are still many ave-
well as technology groups. Historically, a key use nues for the creative financial criminal to dodge
of havens for corporations attempting to mini- taxes and disguise assets.
mize taxes was in transfer pricing schemes.
A few of the more notable tax evasion and fraud
Transfer pricing. This allows companies to shift schemes are outlined below. Specific varieties
pre-tax profits and losses between subsidiaries of tax evasion depend heavily on the tax laws of
and legal entities they control in order to reduce the nation or jurisdiction where the fraud takes
their overall tax burden. In general, such schemes place, and these laws can vary widely. As a result,
are legal, although there are limitations on them the financial crime specialist should be aware of
in the tax laws of many nations. The Organiza- tax fraud schemes that are tailored to exploit the
tion for Economic Cooperation and Development laws of their jurisdiction.
(OECD) has produced guidelines on conducting
transfer pricing that many of its member nations
have adopted, but the practice remains contro-
versial. Recently, the UK has indicated that fur-
ther international cooperation is needed to limit
what is characterized as transfer pricing abuses.
1 Please note that not all of these are illegal.
116
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
A Depiction of Carousel VAT Fraud Taking Place within the European Union. Source: Dutch Tax
and Customs Administration
118
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
use VAT also legally mandate residents to report ers before being exported. One or more of those
and pay the tax on items purchased in another sellers will pocket the VAT instead of paying it to
jurisdiction. This can be difficult and resource-in- the government.
tensive to enforce. Consequently, most nations
target VAT enforcement efforts at luxury items In many jurisdictions, exporting products incurs
and other high-cost goods. no VAT tax. The exporter will then reclaim VAT
from the government for the full value it was
Carousel Fraud. This is a variety of tax fraud that charged by the sellers, but due to the “missing
goes by several names, including “missing trader” traders” further back in the chain, that VAT was
fraud. It exploits the mechanism for collecting never paid to the government in the first place.
VAT in order to effectively pocket tax revenues.
Carousel fraud is prevalent in the European
Understanding carousel fraud requires knowl- Union, due to the number of nations that use VAT
edge of the mechanics of VAT. Any company that and the fact that EU member states do not charge
buys and sells products will charge VAT to the VAT on exports. Carousel frauds are often perpe-
consumers of its goods, and pay VAT to the pro- trated by organized crime rings because of the
ducers it purchases from. The rate of VAT charged number of persons needed and relative complex-
changes depending on the step in the buying and ity of this type of fraud scheme.
selling process. Essentially, VAT tax is charged
each time a product moves through the supply
chain to its ultimate consumer. An office supply
company, for example, will charge individuals VAT
when they buy a box of printer paper. The same
supply company would have already paid VAT on
the same box of paper when it purchased it from
the manufacturer.
119
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
International Business Companies (IBCs). These owned by the group and only underwrites their
are a form of legal entity that is typically incor- own operations. In tax evasion schemes, individ-
porated in tax or secrecy havens, such as Panama, uals or companies will form a captive in order to
the British Virgin Islands and the Seychelles, as claim a tax deduction on their insurance premium,
well as emerging offshore destinations, such as and then devise methods to return the premiums
Ireland and Singapore. IBCs are intended to exist paid to the participants.
solely for the purpose of conducting international
trade or financial transactions and typically can- Regardless of their layers or complexity, one
not conduct business in the jurisdiction in which thing that tax evasion structures usually have
they are incorporated. The attraction of IBCs for in common is the facilitation and involvement of
tax evasion purposes stems from their secrecy. third parties. Law firms, private banks, accoun-
Typically, in tax havens, a tax identification num- tants, auditors and others all may play a role in
ber is not required to open a bank account for an establishing tax shelter arrangements or offshore
IBC, and limited or no ownership information is operations, and in secrecy havens these third
publicly available. parties may form a thriving industry sector. In
some financial crime matters, these intermedi-
Offshore Trusts. These are another type of legal aries may be a good source of information and
entity typically formed in tax or secrecy havens. potential evidence on the whereabouts, transac-
The main advantage of a trust is that it can be tions and assets of a financial criminal.
used to cloak ownership of accounts or assets.
Many jurisdictions either do not collect infor-
mation on the beneficial owners behind such SPECIAL PURPOSE
trusts, or do not publicly share such ownership VEHICLES/ENTITIES
information. A special purpose entity (SPE) is also referred to
as a special purpose vehicle (SPV), or a financial
Personal Investment Corporation (PIC). Also vehicle corporation (FVC). SPEs are also referred
referred to as an “offshore company,” PICs are to as “bankruptcy-remote entities” or “derivatives
another means for shifting tax liability from an product companies.”
individual to a corporate entity formed in an off-
shore jurisdiction, typically a secrecy haven. Indi- A SPE is a subsidiary corporation and a legal
viduals can transfer assets and property to a PIC entity, usually a limited company, created with
and retain beneficial ownership over them, yet the purpose of executing some type of specific
avoid paying the appropriate taxes. Frequently, or temporary objective. The main reason com-
there are multiple layers in the formation and panies create SPEs is to help protect them from
control of PICs. An offshore trust may open a PIC financial risk. There are situations in which com-
with a law firm acting as nominee, burying the panies abuse the power of SPEs, such as in the
individual or entity that truly controls the assets case of Enron, but that aside, SPEs are legal, inno-
and, in some cases, completely obscuring the vative and widely used. SPEs provide a range of
ownership of assets. securities backed by assets, such as cash flow
on car loans, credit-card and home-equity debt,
Captive Insurance Companies. Like other tax manufactured-housing loans, student loans and
evasion vehicles, captive insurance companies equipment leases. Additionally, companies trans-
can be completely legitimate and formed for real fer assets to SPEs for management or use them to
business reasons. A captive insurance company is finance a project.
formed when a group of businesses or individu-
als creates an insurance company that is wholly
120
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
The establishment of an SPE is similar to the cre- The company established these numerous enti-
ation of a company in that there must be pro- ties to shield itself from mark-to- market losses
moters or sponsors. A sponsoring company will in its growing equity investment business. When
isolate certain assets into the SPE. This isola- these investments started going downhill, Enron
tion of assets is important for providing com- attempted to support the SPEs with its own stock,
fort to investors because there are fewer risks which was only a temporary solution at best.
associated with it. With the assets and activities
distanced from the parent company, the perfor- Although Enron’s use of SPEs was illegal, many
mance of the new entity will not be affected by companies use these vehicles to legally con-
the ups and downs of the originating entity. Ulti- duct “off-balance sheet” transactions. As long as
mately, a good SPE should be able to stand on its SPEs are not abused, they can be very beneficial
own, independently of the sponsoring company. to companies.
Finally, SPEs are used in financial engineering • The use of property held by offshore entities
schemes. The main goal is usually avoidance of at zero or below-market rental
tax or manipulation of financial statements. • False invoices for services or goods that a tax
evader charges to an offshore entity that they
Sometimes, SPEs are illegally used. In these cases, ultimately control
SPEs are typically used to hide debt or ownership, • Scholarships or charitable foundations
or to obscure relationships between different that covertly funnel funds to a tax evader’s
entities which are actually related to each other, relatives or associates
like in the case of Enron. SPEs sometimes even
allow tax avoidance strategies that are unavail- In addition to these, it is not uncommon for
able elsewhere. third parties to facilitate the movement of funds
or assets from a tax evader’s offshore accounts
Enron is the biggest example of the misuse of to their jurisdiction of residence. In extreme
SPEs. In total, by 2001, Enron had used hundreds instances, employees of law firms or private
of SPEs to hide its debt. Enron used the SPEs for banks have physically brought cash or high-value
more than just avoiding accounting conventions. assets to tax evading clients in other jurisdictions.
121
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
Such was the case with the “client advisors” at government the taxes employees pay and that
Swiss banks Wegelin and UBS, who would fly to employers withhold.
the US to meet with wealthy US tax evaders and
purchase artwork, jewelry and other luxury items Common employment tax fraud schemes include
with funds from Swiss accounts to assist them in the following:
transferring assets. Third party withholding fraud. Many smaller
businesses rely on payroll service providers or
other third-party employment firms to manage
DEMONSTRATING TAX FRAUD the process of the withholding taxes employees
IN LEGAL CASES pay. Just like the employers themselves, however,
The tax codes of many jurisdictions are highly these companies can collect the employment tax
complex, and reporting requirements are not but fail to report it to the appropriate tax author-
always widely known or intelligible to an average ities. Companies should be aware of this type of
taxpayer. As a result, the courts of many nations tax fraud, as it can result in liability to the com-
have established a relatively high standard for pany and to the third-party perpetrator.
proving tax fraud, recognizing that mistakes
are common. Typically, a government must go Worker status misstatement or falsification.
beyond showing that a taxpayer misstated his or Employers may improperly categorize a full-time
her taxes or did not pay any taxes, and demon- employee as part time, or record an employee
strate that a taxpayer actually had the intent to as a contractor in order to lessen or avoid
commit fraud. certain taxes.
While these cannot be considered evidence or Pyramiding. This refers to a company that with-
proof, the following are useful as indicators sug- holds taxes from employees, such as for Social
gesting tax fraud: Security in the US, but willfully fails to pay them
to the appropriate tax agency. These schemes
• Repeated patterns of underpayment of taxes tend to have a short lifespan. The title “pyramid”
• Lack of records to substantiate income, refers to the manner in which as tax withholdings
deductions and other items in tax filings which are not being turned over to the govern-
• Extensive use of cash transactions ment agency build up, it becomes more difficult
for the employer to catch up on the back-tax lia-
• Destruction or alteration of financial records, bility it owes.
especially those pertaining to tax liability
• Failure to provide an accountant or other tax Cash payments. If the employer has large, unex-
professional with necessary information to plained periodic cash payments, or other infor-
prepare tax returns or filings mation suggests that employees are being paid in
cash, it is a likely indicator of tax fraud because of
cash payments. It is not uncommon for employers
EMPLOYMENT TAX FRAUD to pay employees in cash to evade the employ-
Tax evaders are not only drawn from the ranks ment tax requirements.
of the wealthy or from multinational corpora-
tions. Businesses of all sizes engage in tax evasion Offshore employee leasing. This refers to when
and employment tax fraud schemes are prevalent a taxpayer resigns from his employment posi-
mechanisms for doing so. These schemes take tion and signs an employment contract with an
a variety of forms, but usually revolve around offshore employee leasing company, which indi-
improperly withholding or not paying to the rectly leases his services to his original employer.
122
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
The employee performs the same services before • A significant or repeated pattern of incorrect
and after entering into the leasing agreement or understated income on tax returns
and generally receives the same payment for his • Applications and tax and related documents
services. However, his salary is sent offshore as that appear to be backdated
“deferred” compensation, in which employment
and income taxes may be avoided. • Use of multiple identification numbers
by a single person or entity, or the
use of incorrect or non-existent
RED FLAGS OF TAX FRAUD identification numbers
Because of the thin line that sometimes exists • Submission of false wage and
between outright tax evasion and aggressive but other statements
legal tax avoidance schemes, pointing to specific
actions or behaviors as definitive red flags can be
difficult in the tax enforcement field. As a result, INVESTIGATIVE TECHNIQUES TO
the financial crime specialist should know the tax DETECT AND PROVE TAX FRAUD
laws of the pertinent jurisdiction well, or consult For the most part, investigative methods that
with a tax professional before pursuing an inves- focus on tax evasion overlap with financial crime
tigation or legal action related to tax fraud. investigative methods. A financial crime special-
ist who is an investigator of his or her country’s
Some acts or situations are fairly clear indicators tax agency must access tax documents and have
that tax fraud by an individual or organization knowledge of how to obtain tax information that
is occurring. Some potential red flags include is typically out of the reach for other financial
the following: crime specialists.
• Deliberately ignoring or failing to follow
Like other financial crime investigations, a tax
advice of an accountant, attorney or
fraud investigation usually starts by gathering
return preparer
relevant records and other data that provide evi-
• Knowingly failing to inform a tax professional dence of the tax affairs of the subject. The inves-
of all the relevant facts for the accurate tigator records where, when and from whom the
preparation of tax filings or returns information was obtained and pursues the leads.
• In the case of tax fraud by a business, Tax evasion or suspicious behavior by a taxpayer
evidence or testimony from employees about is often a sign that a larger fraud or financial
irregular withholding of taxes or suspicious crime has occurred.
business practices
As with all financial crime investigations, all doc-
• Destroying or altering books and records,
uments and other evidence obtained must not
especially if it occurs just before or after an
be modified by the investigator in any way. The
• audit or examination by tax authorities investigator must also maintain a clear chain of
• The sudden transfer of assets in a manner custody to log how the custody and control of the
that suggests concealment, or the diversion records changed or progressed from the time it
of funds by company officials or trustees, was initially obtained to the time it is used in a
especially to an offshore location or legal proceeding. A financial crime professional
secrecy haven investigating tax evasion and other fraud must
always strive to obtain the taxpayer’s explanation
for discrepancies in financial records and other
123
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
documents, and ensure that their explanations ties that provide a framework for sharing infor-
are recorded clearly and accurately. mation in criminal or civil tax investigations. A
model TIEA was originally developed by the
In some circumstances, financial crime spe- OECD’s Global Forum Working Group on Effec-
cialists will investigate a case in which a tax tive Exchange of Information and have since been
return has not been filed, and tax or other fraud adopted by dozens of countries worldwide.
is suspected.
Jurisdictions negotiate the terms of TIEAs
When conducting a tax evasion investigation, the between themselves, and the specifics may vary
first contact with the subject presents a crucial slightly depending on the countries involved.
opportunity to obtain the point of view of the Generally, TIEAs allow one jurisdiction to request
taxpayer and other important information. Tax a wide range of information that is “foreseeably
evasion investigations often follow an audit by the relevant” to the enforcement of tax laws, includ-
examiners of the tax agency, in which the subject ing details on financial accounts and beneficial
taxpayer may not be aware that the agency may ownership information on companies or trusts.
be considering a criminal tax evasion investiga- Information shared is usually subject to strict
tion focused on him or her. confidentiality requirements, and can only be
shared with courts or judicial bodies for the pur-
As a result, the subject may provide informa- poses of determining criminal or civil tax issues.
tion or access to financial and other documents
that they would otherwise take pains to conceal, The OECD maintains a database tool that allows
which may be difficult to obtain in later stages of anyone to view the TIEAs that a country has in
the investigation. place with other countries. This can be a useful
resource for understanding the overall tax com-
Some questions that should be asked in the initial pliance and potential tax evasion risk on a juris-
interview of the target taxpayer are as follows: diction level. If a country does not have many
TIEAs in place, or is not effectively following up
• Who was responsible for preparing the tax on requests for information, it could indicate that
documents and returns? the jurisdiction has lax tax compliance or is act-
• Who was responsible for approving ing as a secrecy haven.
the statements, including income,
deductions and expenses, cited in the tax
filing or returns? THE UNITED STATES FOREIGN
• Who was responsible for management of the ACCOUNT TAX COMPLIANCE ACT
person’s income or business affairs? 2010 (FATCA)
• How were the person’s income or business A landmark tax reporting law, the 2010 US For-
receipts calculated and documented for eign Account Tax Compliance Act is one of the
tax filings? most sweeping changes to international tax com-
pliance and enforcement ever enacted. Targeting
TAX INFORMATION US tax evaders with undeclared assets offshore,
EXCHANGE AGREEMENTS FATCA compels all financial institutions outside
the US to collect and report to the US Internal
When conducting investigations across national
Revenue Service the US persons that maintain
borders, tax information exchange agreements
accounts at their institutions. Failure to do so will
can be powerful resources. Tax information
subject the pertinent non-US institutions to a 30
exchange agreements (TIEAs) are bilateral trea-
124
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
percent withholding tax on US income, in addi- $50,000 for an individual and $250,000 for a
tion to other applicable taxes. corporation must then be reported to the IRS.
2. Non-US institutions that do not comply with
Although it is a US law, FATCA’s reporting require- the law are subject to a 30% withholding
ments cover banks and other financial institu- tax on certain payments originating in the
tions in all jurisdictions, making it a truly global US, as said above. Payments subject to the
law. Non-US financial institutions may face con- tax include income, rents, dividends, wages,
siderable challenges and steep costs to comply and certain interest payments. These are
with FATCA, according to several studies. known as “fixed or determinable annual or
periodical” (FDAP) payments.
FATCA was inspired by a tax evasion scandal
centered on UBS, one of Switzerland’s largest 3. US persons with offshore accounts must
banks. UBS was found to have maintained secret file a new IRS Form 8938 with the IRS along
bank accounts for about 52,000 US persons who with their annual income tax return if
wanted to evade their US taxes. UBS was prose- their accounts hold more than $50,000. US
cuted by the US Department of persons that fail to file this new form may be
subject to a penalty of up to 40 percent of
Justice, leading to the disclosure of more than the account value.
4,000 US taxpayers who had hidden accounts at
UBS. The case provoked the US Congress and July 1, 2014, was the first effective date of many
paved the way for FATCA. of FATCA’s key provisions. Because of the sheer
complexity and scale of the law, provisions took
According to estimates at the time of FATCA’s effect in stages through 2017.
implementation, the IRS expected to recover $8
billion in tax revenue from offshore accounts over FATCA is phased in over a long period of time
the next 10 years. The total may be far higher. to allow the US and other nations to resolve the
Because of the close ties between tax evasion legal obstacles that stand in the way of the law’s
through offshore accounts and other financial implementation. Many jurisdictions do not permit
crime, FATCA has the potential to unearth mil- financial institutions in their territory to share
lions in criminal proceeds linked to corruption, tax information and other financial information
money laundering, fraud and sanctions violations, with the US and other nations. Some nations and
in addition to tax evasion. other jurisdictions, including many EU coun-
tries, forbid exchange of tax information that is
FATCA has three key operative provisions: automatic and not in response to a court order
or formal government request. As a result, many
1. Non-US financial institutions, which can nations must amend their laws and regulations to
include banks, broker-dealers and investment permit FATCA compliance.
firms, depending on the non-US jurisdiction
and other circumstances, must identify any INTERGOVERNMENTAL
US persons who hold accounts and gather FATCA AGREEMENTS
their names, addresses and tax identification
numbers, as well as their account balances, In the process of implementing the worldwide
deposits, withdrawals and other information. obligations that FATCA imposes on financial insti-
US persons include individuals and business tutions in other countries, the US Internal Reve-
organizations formed in the US. Information nue Service has pursued and succeeded in cre-
on any US accountholders with more than ating “Intergovernmental agreements,” or IGAs,
with other nations. As of April 2014, dozens of
125
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
nations in various parts of the globe2 have signed partner country’s tax authority for information
IGAs with the US. It is very likely that many more on recalcitrant accountholders. This informa-
nations in all parts of the world will sign these tion may be collected and reported to the IRS on
agreements with the US. In essence, IGAs outline an aggregate basis. The IRS may also request US
how the signatory nation and its financial institu- financial institutions for information about pay-
tions will comply with the reporting requirements ments to non-US institutions that refuse to com-
of FATCA. The US has developed two template ply with FATCA.
IGAs, Model I and II, which are outlined below:
One potential problem for organizations that is
• The Model I agreement, released in early present in multiple jurisdictions is the manage-
2012, requires non-US institutions to report ment of FATCA due diligence requirements under
information on US accountholders to their two models. Institutions may be required to build
own tax authorities, which would collect the multiple systems to meet the requirements of
information and deliver it to the IRS. applying the two models to local laws.
• The Model II agreement requires non-US
institutions to report information on US FATCA COMPLIANCE FOR US INSTITUTIONS
accountholders directly to the IRS instead of While non-US institutions shoulder much of the
their own tax authorities. It allows non-US data processing and reporting burden under
institutions to exchange tax information FATCA, US institutions are not exempt from
with the IRS on request and supplement it major challenges. Among other things, they are
when necessary. FATCA partner countries required to enforce the 30 percent withholding
that enter a Model II IGA must enable its tax imposed on noncompliant non-US institu-
reporting institutions to register with the tions. Consequently, US institutions must be pre-
IRS and comply with FATCA’s due diligence, pared to sort and classify their accounts to know
reporting, and withholding requirements. which of them is held by overseas institutions that
are FATCA compliant, non-compliant or exempt.
The Model I and II templates produce distinct
IGAs, each with varying terms. Financial crime US institutions must also conduct ongoing mon-
specialists should know if a country of interest itoring of the accounts they house for foreign
has entered into an IGA with the US Treasury institutions in case their FATCA compliance status
Department and review its provisions. changes. To ease this process for US institutions,
the IRS created an online FATCA registration
Both models allow the IRS to request more infor- “portal.” The portal includes access to a database
mation about so-called “recalcitrant accoun- of FATCA-compliant non-US institutions.
tholders,” or US persons who refuse to provide
information required for FATCA compliance. The bi-national IGAs also present compliance
Depending on the terms of an IGA, non-US burdens. Many of the agreements call for recip-
institutions may be required to close accounts rocal reporting, which requires US institutions
of recalcitrant taxpayers under some circum- to identify accountholders of a nation that has
stances, but not all IGAs require this. signed an IGA with the US Treasury Department
and to report these accountholders to the appro-
Model I agreements allow the IRS to request priate nation’s tax agency.
more information on recalcitrant accountholders
from the partner nation’s tax authorities. Model II This places US institutions in similar situations as
also allows the IRS to make group requests to the their counterpart institutions abroad. This means
2 A list of FATCA IGAs is available here: http://www.treasury.gov/resource-center/tax-policy/treaties/Pages/FATCA.aspx
126
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
3 The final regulations for FATCA are available from the IRS site at
http://www.irs.gov/PUP/businesses/corporations/TD9610.pdf
127
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
the customer relationship was established, and THE OECD’S COMMON REPORTING
understand the gaps that exist in the customer STANDARD – AN EVOLUTION IN
information. It makes little sense for institutions GLOBAL TAX COMPLIANCE
to take any implementation steps without first
understanding the customer data they have. A Efforts to boost global financial transparency
strategy to identify and gather the missing ele- and augment tax compliance did not end with
ments, if any, would be required. the implementation of FATCA. Instead, the US
was only the start of a larger and more globalized
Other steps advisable to take or consider for effort - The Common Reporting Standard issued
FATCA compliance include the following: by the OECD.
• Analyzing your customer procedures and Prompted by the creation of FATCA and by
amending them, if necessary, to capture European Union efforts to increase financial
information pertaining to a customer’s data-sharing for tax purposes, in 2014, the OECD
citizenship status or tax nationality, along developed a framework for automatic tax informa-
with related documents and records. tion exchange that can be adopted by any nation.
• Classifying customer accounts by
appropriate categories, including those for Instead of FATCA’s unilateral reporting structure,
US and non-US persons by compliant and in which all countries are effectively required to
“recalcitrant” status. Institutions will need to report to US tax authorities, the Common Report-
have or develop systems to monitor account ing Standard (CRS) is a multilateral system. Each
activity related to other institutions to country that agrees to participate must direct
classify them by FATCA-compliant and non- its financial institutions to identify accounthold-
compliant status. ers from all other participant countries, and
report account information to tax authorities.
• Building or acquiring new monitoring This information is then shared between the tax
systems to detect and flag any changes to authorities of all participant countries annually,
accounts that affect how they are reported on an automatic and ongoing basis, beginning in
for purposes of FATCA. September 2017.
• Develop procedures and data systems to
process and report to the IRS, or other While there are notable differences, the steps
appropriate tax authorities under an IGA required to comply with the CRS and the infor-
agreement, the appropriate documentation mation on financial accounts being captured and
when an account’s status is in question or exchanged are broadly similar to the require-
has changed. ments of FATCA. The CRS covers both individual
• For financial institutions in nations with and legal entity accounts, including trusts and
certain bank secrecy laws, obtaining a signed foundations.
waiver form from account holders indicating
they consent to have their account data The CRS itself consists of four parts:
reported to the IRS. 1. A model Competent Authority Agreement
that lays out the legal framework countries
adopt to participate in automatic exchange.
It is functionally similar to the Model I and II
agreements under FATCA.
128
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
2. Standards that establish how information information was only shared when one country
should be collected, verified and reported to requested it from another under the terms of
tax authorities a tax information exchange agreement. These
3. Commentaries that provide further requests were usually only made as part of crimi-
information on the Standards and Competent nal or civil investigations, and, in many cases, the
Authority Agreement exchange process was slow.
4. Technical guidance to support the data The automatic and ongoing exchange under
collection and transmission required the CRS greatly increases the level of transpar-
under the CRS ency in the global financial system. The frame-
work cuts down on the ability of tax evaders and
As of early 2017, there were more than 100 juris- other financial criminals to shield assets from tax
dictions that had agreed to implement the CRS. authorities by moving them offshore.
The Common Reporting Standard requires finan-
cial institutions to report generally the same It should be noted that like FATCA, the CRS con-
information as FATCA, with some notable differ- tains loopholes – certain legal entities and types
ences. Each signatory country must gather the of financial institutions are not subject to report-
following information: ing, for example. Also, like FATCA, dozens of
• The name, address, taxpayer identification countries have not agreed to implement the CRS,
number and date and place of birth of each including large economies like the US.
customer covered by reporting requirements.
This includes most individual accounts and Although tax and secrecy havens have not been
accounts for certain legal entities. eliminated, the CRS tightens the net on tax eva-
sion. With fewer places to hide, tax evaders are
• The customer account number being forced to resort to methods that are less
• The name and identifying number of the convenient, more expensive and potentially eas-
Reporting Financial Institution ier to detect.
• The account balance or value as of the end
of the relevant calendar or, if the account As tax evasion is closely connected to other forms
was closed during such year or period, the of financial crime, this movement toward tax
closure of the account transparency also has ramifications for enforce-
ment efforts against money laundering, corrup-
This represents a significant evolution in global tion and fraud.
tax compliance and financial account transpar-
ency. Previously, this type of financial account
129
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
Q 6-1. Your bank holds a business account for a local tax preparation service.
What would MOST likely trigger further investigation by the compliance department
in the bank?
A. Numerous deposits of tax refund checks in the names of different individuals but with
common addresses
B. Multiple deposits of checks in the same amount written by different tax
service customers
C. Variances in the frequency of transactions depending on the calendar cycle
D. A request by the customer to have payments made to the Tax Office through a
certified check process
See Answer and Rationales
Q 6-2. A regional bank operates within a country that has a Model 1 agreement in place
with the US to implement the Foreign Account Tax Compliance Act (FATCA). The insti-
tution already has a FATCA compliance program in place, but recently, there have been
media reports suggesting US tax evaders are using the bank’s country as a haven for undis-
closed assets.
The bank has some US accountholders and is reviewing its FATCA compliance program in
response to the news reports.
A. The bank must register and report US accountholders directly with the US Internal
Revenue Service (IRS).
B. The bank must institute a 30 percent withholding on the accounts of its US customers
C. The bank must confirm that US customers filed a Form 8938 with the IRS to disclose
their accounts.
D. The bank is required to report certain details about US accountholders to its
country’s tax authorities.
See Answer and Rationales
130
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7
ASSET
RECOVERY
OVERVIEW
131
CHAPTER 7 • ASSET RECOVERY
Financial crime creates the opportunity or other resolution of the offense that the financial
necessity to recover assets that have been ille- criminal has committed.
gally taken. Consequently, asset recovery is the
essential endgame of all financial crime. The final phase is where the asset recovery pro-
fessionals trace and recover the financial crime
Because of this necessity, the skills and special- proceeds. Unless the proceeds of the financial
ized knowledge of investigators, lawyers, forensic crime are recovered, the victim and the gov-
accountants and other professionals who under- ernment agencies that investigate, prosecute or
stand the unique challenge of asset recovery assure compliance by entities through which the
efforts are at a premium. Asset recovery skills criminal proceeds flowed, the game is lost, even if
in financial crime cases are crucial because so the perpetrators go to prison.
much of the asset recovery work that needs to be
done in the wake of financial crime depends on
private resources. Government agencies, which PARTICIPANTS IN AN ASSET
have heavy workloads, usually devote compar- RECOVERY TEAM
atively few resources to tracing and recovery of Asset recovery operations are typically con-
financial crime proceeds of the huge number of ducted by teams of professionals, each with their
cases they must handle. own distinct skill set and focus. Private- and
public-sector asset recovery teams have more in
The level of recovery of all financial crime pro- common than most people realize. They typically
ceeds is very low. Of an estimated $500 billion in have similar team members who do similar jobs:
criminal proceeds that are generated each year
in the US alone, for example, no more than $5 • Investigators. In the public sector, they
billion is recovered through government asset are called special agents, detectives or
recovery efforts. It is estimated that private sec- commanders, and in the private sector they
tor asset recovery efforts recover even less from are called private investigators.
financial criminals. • Forensic Accountants. The private sector
usually calls them forensic accountants
Although there are significant overlaps with other while the public sector calls them auditors,
elements of financial crime, including investiga- examiners and reviewers.
tions, compliance and prosecutions, asset recov-
ery requires unique proficiencies and skills, and • Lawyers. They are called prosecutors in
poses distinct challenges. These skills are not the government and receivers, insolvency
always the same as those required to investi- professionals, lawyers and trustees in the
gate the financial crime and its perpetrators. In private sector.
the same way, asset recovery skills are not the • Investigative Analysts. They are sometimes
same as those used to detect and document the referred to as intelligence analysts in
disguising, hiding and laundering of the crimi- the public sector and litigation support
nal proceeds. specialists in the private sector.
Asset is the fourth phase of financial crime inves- Receivers, trustees, monitors, “private attor-
tigations. First is the investigation of the crime neys general” and other fiduciaries are usually
and the perpetrators. Next is the investigation appointed by a court to undertake the process
of the money laundering by the perpetrators of mustering out the affairs of a legal entity that
and any accomplices. Third is the prosecution or has served as a vehicle for the financial crimes
perpetrated by its principals. The laws of many
132
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
countries, including the US, United Kingdom, The value of an asset should be determined
Canada and Australia, provide for the appoint- before any action is taken. Its value includes both
ment of these persons to undertake the manage- its monetary worth as well as its importance to
ment and control of such entities and to search the financial criminal. Assets that appear to have
for, identify and attempt to recover their assets. a high market value may be heavily encumbered
As is explained below in this chapter, there are with mortgages, liens or other legal impediments.
many legal and equitable tools that these fiducia- This makes their monetary value low or possibly
ries have at their disposal in a worldwide search even negative. Still, if a government agency views
for assets to compensate the victims. an asset as being worth little, but recognizes that
it plays an important role in the criminal activi-
Asset recovery teams in the private and public ties of an organization or financial criminal, sei-
sectors use similar legal and investigative asset zure must be considered regardless of its value.
tracing and recovery tools. Government agents However, it should be kept in mind that even sei-
have search warrants and seizure warrants, while zure of an asset costs money.
the private sector has civil search warrants and
other tools that courts of equity may give them, 2 How much will it cost to maintain and preserve
as described below. the asset during the asset recovery process?
After an asset is seized or taken in an asset recov-
With court orders, government agents can forc- ery effort, the asset recovery team must store and
ibly enter premises, while private investigators maintain it until a court orders the divestiture and
may obtain court orders that allow them to “break return of the asset to the victim, the victim‘s rep-
and seal” the premises of financial crime perpe- resentative or a government agency order. If the
trators or their accomplices. asset requires maintenance and upkeep during
this time before a final order by a court, the cost
This chapter of the manual explains tools and of maintaining the asset may escalate rapidly.
resources that asset recovery specialists have,
the knowledge they should have about asset trac- 3. Are there potentially innocent owners of the
ing, and the recovery weapons and skills they asset who may impede or prevent recovery?
should ensure their team has. This chapter will
also cover the unique issues that multinational Sometimes, an asset targeted in an asset recovery
asset recovery efforts confront, and how they effort is owned by a third party, even in the case
should be dealt with. of money that has been taken in a financial crime,
such as in the case of charitable contributions by
the financial criminal or funds contributed to a
IMPORTANCE OF SOUND PLANNING political campaign. If the financial criminal is not
the owner and the owner of the asset is not impli-
Sound pre-seizure planning is a must for effective
cated in the financial crime or the illegal move-
asset recovery in both the public and private sec-
ment of the financial crime proceeds, freezing or
tors. Even when an asset recovery team has the
seizure of the asset may not be an appropriate
legal authority to freeze, seize or take an asset, it
course of action.
may not be in the best interest of the overall asset
recovery effort to do so.
MAKING THE CASE FOR
Before doing so, an asset recovery team in both
sectors should consider the following:
ASSET RECOVERY
For law enforcement and other government agen-
1. Does the asset have value?
cies, a successful seizure of an asset is the begin-
133
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
ning of the asset recovery process. Presenting a An actual or appraised value for each item or
strong case to a prosecutor for seizure and ulti- asset that is the target of an asset recovery
mate recovery is a vital first step. Government effort. The value and nature of an asset may
agents and investigators should submit complete determine the type of legal procedure to be initi-
and accurate requests to the prosecutor or other ated in various jurisdictions. Certain jurisdictions
legal officer detailing the probable cause for sei- permit the seizure, freezing or ultimate recov-
zure, freezing and ultimate recovery. The sub- ery of assets of a certain value by an adminis-
mission should list the potential claimants that trative action. Assets that do not fall into those
may emerge and full information about such per- categories in these jurisdictions may be recov-
sons and their likely claim. The investigators are ered only through judicial proceedings and not
often required to furnish the legal officer sup- administratively.
plemental investigative reports as they learn new
information. Names and full contact information of all per-
sons who may have a legal or other interest in an
Below are the recommended elements of a report asset that is the focus of an asset recovery effort
by investigators to a government legal officer or that has been frozen or seized. The laws of
or prosecutor before an asset recovery effort is most jurisdictions require that names of poten-
commenced, or when seizure of an asset is being tial claimants with an interest in an asset that is
considered, which also largely apply to private sought to be frozen or seized be received prior
sector asset recovery teams. formal notification of the contemplated action.
For this reason, it is important that the legal offi-
The presentation or submission to the legal offi- cer or prosecutor in an asset recovery effort have
cer or private sector lawyer should be organized the accurate names, addresses and full contact
so that relevant information that allows evalua- information of the potential claimants so that
tion of the case is found quickly. These are the they may be provided with legal notices in accor-
items of information that a prosecutor or other dance with the law.
legal officer in the private and public sectors
would normally request: A listing of all registered owners and persons
holding liens on assets that are the focus of a
A list of each tangible or intangible assets, and seizure, freezing or other asset recovery effort.
pieces of property for which asset recovery is Property owners routinely record their vehicle
sought. For purposes of presentations in court, and interests in real estate in the records and
the prosecutor or legal officer must accurately files maintained by government offices. These
list each item, with complete description of the databases, which are normally accessible by the
asset. It is important that the asset recovery general public, must be searched. Parties with
team is mindful of the passage of time because recorded interests affecting the targeted assets
many jurisdictions prescribe the number of days must be listed in the reports presented to the
that an asset recovery team in the government legal officers in a public or private sector asset
or private sector has to commence or complete recovery effort so that they may receive the
procedures, including applications to the courts. required legal notice of the action. The legal offi-
The location of an asset is important because cer or prosecutors must evaluate this information
legal issues pertaining to the rights of parties in to determine if the potential claimants have legit-
other jurisdictions must be addressed, and there imate claims or have the legal status that is nor-
must be certainty that the asset recovery team is mally called “innocent owners.”
legally empowered to act in the jurisdiction.
134
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
A statement explaining the legal theory and ANCIENT AND POWERFUL EQUITABLE
justification or probable cause for the seizure, POWERS OF COURTS
freezing or ultimate recovery of each item or The equitable powers of the court are based on
asset. A legal officer or prosecutor needs and the principle, “Where there’s a wrong, there’s
benefits from a concise description of the the- a remedy -- if you come with clean hands.” An
ories of seizure, freezing or recovery that the asset recovery team has potent weapons based
asset recovery team will pursue. The description on these judicial equitable powers. A court may
should include the full justification, or “probable compel disclosure of information, issue civil
cause,“ that the asset recovery team will pursue, search warrants and “break and search” orders,
which justifies the seizure, freezing or recovery. rewrite contracts, transfer property, require the
The investigative or analysis team that provides examination of documents, and enter orders per-
information to the legal officer or prosecutor mitting the seizure of assets.
should strive to furnish full information to jus-
tify the recovery of the asset and linking its pur- Equity is the name given to a set of principles that
ported owner to the underlying financial crime. are applied in common law jurisdictions, such as
the US, United Kingdom, Canada, Australia and
Complete copies of all investigative and analy- other nations that inherited a system of law from
sis reports and search warrants or other court England. The principle of equitable relief is also
orders. Legal officers and prosecutors must intended to supplement and complement the
review the investigative reports to evaluate the remedies and relief that statutory law provides.
basis of seizure, freezing and ultimate recovery of Equitable relief is also intended to apply where
specified assets. In the case of a government asset the application of statutory law may be unduly
recovery effort, search warrants must contain harsh, unfair or inequitable. Although equity in
a statement of probable cause that summarizes that name is not known in civil law systems, such
the investigation and the evidence leading to the as those that operate in continental Europe, Latin
search for and subsequent seizure of an asset. America and most of Asia, those systems have
and apply broad rules that give judges similar
Copies of all seizure orders, warrants or other powers to fashion remedies to meet inequitable
court orders previously issued in the case. Prior circumstances.
orders of the court, including a seizure order or
warrant, will detail the justification or “probable Equitable powers constantly adapt and evolve to
cause“ that justified the taking of an asset. meet new circumstances, particularly in the busi-
ness and commercial environment. Common Law
The laws of most nations, including the US, courts have invented a host of equitable remedies
require that a government asset recovery, or that are powerful tools for asset recovery. These
“forfeiture,“ action must be commenced within a include things such as so-called Mareva Injunc-
specific time from the date an asset was frozen tions, Anton Piller Orders and Norwich Pharma-
or seized. Government investigators, and often cal Orders that may be used in the investigation
those in the private sector, should recognize that and initial steps of asset recovery cases. They can
legal officers and prosecutors have minimum also require a party to permit a legal represen-
thresholds of property value in asset recovery tative of another party to search premises and
cases. These thresholds are dictated by consider- remove evidence.
ations of the proper and efficient use of legal and
judicial resources. Among the powerful weapons that a court of
equity may wield in asset recovery and other
cases are these:
135
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
136
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
Freezing orders are powerful and can be used is shown that the target of the effort is likely to
effectively with a variety of assets, especially destroy evidence to frustrate the investiga- tion.
bank accounts or real property. Freezing orders
typically require that the asset not be transferred LIS PENDENS
or removed without a court order. While these A lis pendens is simply a written notice that a law-
orders do not guarantee recovery of the assets, suit or claim affecting title or an interest in spe-
they assure that the assets will not be transferred cific real property has been filed.
or dealt with in a prejudicial or harmful manner
until the case is concluded. Lis pendens, which is Latin for “suit pending,” is
the notice of a pending action and is filed with
A freezing order should be sought in the place and certified by the clerk or secretary of a court
where the financial criminal or his accomplices it is subsequently recorded in the official regis-
reside or hold property. Sometimes, it is possi- try of the place where the property is located. It
ble to obtain a worldwide Mareva order from a notifies persons with an interest in the subject
court if the financial criminal has fled the juris- real property that a claim on the property exists.
diction, but not all countries recognize these The recording of the lis pendens informs anyone
global orders. interested in buying or financing the property
that there is a potential claim against it.
Other well-known judicial tools provide assis-
tance in asset recovery efforts in common law A lis pendens must include a legal description
countries or jurisdictions. The terms by which of the property. Usually, in common law juris-
these tools are known are included in parentheses: dictions, the party who filed a lis pendens is not
required to show a substantial likelihood of suc-
NORWICH PHARMACAL (PURE BILL OF cess on the merits, but only a connection between
DISCOVERY) AND BANKERS TRUST the ownership of the property and the dispute in
ORDERS (PRODUCTION ORDER) the pertinent lawsuit.
These orders by a court, usually under seal and
accompanied by so-called anti-tip-off or gagging LETTERS ROGATORY
restraints, are injunctions that typically seek dis- A letter rogatory is a request from one judge to
closure of confidential records and information another judge in another country seeking assis-
from financial institutions and other businesses. tance in obtaining information, documents or
The orders usually require a third party to dis- testimony in a particular legal matter. Letters
close certain documents or information to the rogatory are not treaties, but they provide a
party that sought the orders. For example, a third means by which private- and public-sector per-
party could be a financial institution that has rel- sons and agencies may obtain international assis-
evant information and records. tance in a case. Letters rogatory can help gather
financial evidence, including bank records, and
ANTON PILLER ORDERS (STAND help to restrain assets. Compliance with a letter
AND DELIVER) rogatory is discretionary on the part of the court
These are search and seizure orders that may be that receives it, and the process is usually slow.
executed simultaneously at homes and offices of Without an effective advocate in the jurisdiction
the targets they are issued on. An Anton Piller that receives it, a letter rogatory may not succeed
order is intended to preserve evidence that may in obtaining the desired assistance.
be crucial to a worldwide asset tracing case. It
can be obtained to preserve evidence where it Each country has its own laws and practices for
the receipt and execution of letters rogatory. Exe-
137
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
cution of letters rogatory must be in strict com- There are no standard procedures that asset
pliance with domestic law. The process is marked recovery teams must follow for successful repa-
by these uncertainties: triation of assets. No two cases, and the laws of
no two countries, are alike. Asset recovery cases
• Letters rogatory are usually transmitted via sometimes encounter difficulties that stem from
diplomatic channels and must be processed local corruption, especially in the final stages
through a court and the diplomatic agencies. when repatriation is sought.
Diplomats may refuse to act if a letter is
deemed inconsistent with their nation’s Asset recovery teams must obtain a judicial order
public policies. to repatriate assets after they are located and
• Requests must contain certain information, frozen to prevent dissipation or flight. The order
including a description of the facts and must divest the financial criminal and his accom-
details of persons and entities involved. The plices of the asset and place title in the control or
letters may be returned for clarification to the names of the victims, their representatives or
the judge in the requesting country. a pertinent government agency.
• Nations sometimes refuse to execute letters
rogatory in a criminal matter until formal Mareva injunctions or other court orders at the
criminal charges have been filed in the start of a case that preclude the financial crim-
requesting country. This policy makes letters inal or his accomplices from transferring or liq-
rogatory unavailable during the investigation uidating assets are essential initial steps. The
when they are often most needed. laws of certain jurisdictions allow creation of
so-called asset protection trusts. A trust protec-
• In some countries, secrecy laws do not tor appointed by the court usually may transfer
permit bank records to be obtained by assets from one jurisdiction to another.
means of letters rogatory unless other laws
authorize this disclosure. STATUTES OF LIMITATION
An asset recovery team must also observe stat-
REPATRIATION OF ASSETS utes of limitation as a potential obstacle in its
case. Statutes of limitations vary from jurisdic-
In asset recovery cases, it is not enough to freeze
tion to jurisdiction and encourage prompt reso-
assets. To succeed, they must be repatriated.
lution of cases. However, statutes of limitations
Repatriation of assets from foreign hiding places
can also sometimes benefit financial criminals,
is the crucial final step that private and public
if they succeed in concealing their conduct and
asset recovery teams must accomplish. It may be
assets until the statute of limitation expires. The
fraught with complications.
time period that a statute of limitation prescribes
is easily learned in any jurisdiction, and should
In repatriating assets, government asset recovery
be one of the first things an asset recovery team
teams often have unique international weapons
does. Often, these statutes impose different time
that can provide substantial help in the recov-
limitations for different types of legal actions.
ery. Private sector asset recovery teams may also
have access to powerful government weapons in
One way to mitigate the negative effect of a stat-
certain circumstances if they convince govern-
ute of limitations that expired or is about to expire
ment investigators, prosecutors or judges to uti-
is to enter into “tolling“ and standby agreements
lize them on their behalf. The discussion below
with adverse parties by which they agree to
about Mutual Legal Assistance Treaties (MLATs)
ignore the statute of limitations problem. That is
covers this.
unlikely when you are dealing with the financial
138
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
139
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
evidence for use in legal proceedings of various for the fees of expert witnesses, translation, tran-
types. All appropriate international agreements, scription and travel expenses.
such as the Hague Convention, that provide chan-
nels of information-sharing should be reviewed MLATs may only be used by government agen-
by asset recovery teams in the private and public cies and are designed for their benefit. However,
sectors at the start of a case. under some circumstances, as explained below
in this chapter, representatives of private sec-
In addition, as discussed in more detail in other tor victims of financial crime may persuade the
chapters of this Manual, in accordance with lawyers or agents of a government agency that
Egmont Group recommendations some 132 have received information under an MLAT from
nations have established Financial Intelligence another country to share the information.
Units (FIUs). These agencies collect a wide variety
of financial information and reporting forms from Government asset recovery teams have no obsta-
financial institutions, businesses and individuals cles to the use of MLATs if they have been signed
in their countries and disseminate it to their law and ratified by their countries. Many industrial-
enforcement agencies and prosecutors. They also ized countries have entered into dozens of MLATs.
sign bilateral and multinational agreements that The US, for example, has entered into more than
authorize and facilitate the mutual exchange of 60 of them, as of early 2013. A full listing of all
intelligence and information. the bilateral and multilateral agreements that a
nation has ratified may usually be found in the
MUTUAL LEGAL ASSISTANCE TREATIES website of a jurisdiction‘s state department or
Mutual Legal Assistance Treaties (MLATs) pro- foreign ministry. In the US, the website of the US
vide for the broad exchange of information, State Department provides this listing in a publi-
assistance and other cooperation between two cation called Treaties in Force.
nations. In an international asset recovery case,
they can be a valuable tool for gathering perti- An example of how an MLAT describes the assis-
nent information and evidence. The execution tance the signatory nations agree to extend
and operation of MLATs is often cumbersome to the other nation is found in Article 16 of the
and time-consuming. MLAT between the US and the United Kingdom,
which follows:
Most MLATs require the requested country to “The parties shall assist each other in pro-
assist the requesting nation to take actions that ceedings involving the identification, tracing,
include these measures: freezing, seizure or forfeiture of the proceeds
and instrumentalities of crime and in rela-
• Taking testimony or statements of persons tion to proceedings involving the imposition of
• Providing documents, records and evidence fines related to a criminal prosecution.“
• Service of documents
Most MLATs include restrictions on the use of the
• Locating or identifying persons information they provide.
• Executing requests for search and seizure
• Identifying, seizing and tracing A government agency that files an MLAT request
proceeds of crime may seek permission to share information with a
court-appointed receiver or other formal repre-
The “requested“ party in an MLAT request usu- sentative of financial crime victims. If the infor-
ally pays all costs related to its execution, except mation is sought for restitution to victims, the
government officials should so specify in the
140
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
request. It is advisable that private sector rep- The requested party in an MLAT can be instructed
resentatives of financial crime victims establish to keep confidential the request that has been
appropriate, cordial professional relationships made, the contents of a request, the outcome of
with these government officials. the request‘s execution and other information
concerning the request.
Parties that are considering the filing of an MLAT
request should consider all possible uses of the
information you may provide. The language of BANKRUPTCY AND INSOLVENCY AS
the request should cover all the intended uses ASSET RECOVERY TOOLS
of the information and, generally speaking, it is The asset tracing and recovery fields have several
advisable to request approval for broad usage of off-the-beaten-path legal weapons, such as bank-
the information. ruptcy and insolvency. They can serve very well
in locating, safeguarding and recovering assets.
MLATs can be helpful in piecing together money Persons appointed by courts as trustees, receiv-
trails in financial crime cases, including those ers, administrators, monitors or liquidators of
involving corruption. They can lead to the dis- entities that have served to spawn or execute a
covery of bank accounts, property ownership or financial crime are given great powers of investi-
evidence of the ownership of business entities. gation and recovery of assets. Especially in finan-
cial crime cases, in which the business or corpo-
Often, nations provide mutual assistance under rate entities that financial criminals use collapse
other types of international agreements that can upon the discovery of the financial crime, the
impact asset recovery case. These agreements tools discussed here are important parts of the
include Organization for Economic Co- opera- asset recovery arsenal.
tion and Development (OECD) Anti-Bribery Con-
vention, the Inter-American Convention Against A trustee, receiver or liquidator steps into the
Corruption, the Council of Europe Criminal Law shoes of the directors of the business entity and
Convention on Corruption, the Council of Europe is entitled by law to all information about the
Civil Law Convention on Corruption, and the entity to which its directors were entitled. Simi-
United Nations Convention against Corruption. larly, a trustee in bankruptcy steps into the shoes
of the bankrupt entity and is entitled by law to
An MLAT request for assistance is normally made all the information to which the bankrupt entity’s
in writing and usually includes the following: directors were entitled.
1. The name of the agency conducting
the investigation, prosecution or Judicial orders appointing receivers, liquidators
other proceeding or “officeholders,“ as they are called in the United
2. The facts about the subject of Kingdom, typically require the subjects of asset
the investigation, prosecution or recovery efforts, their agents and all persons
other proceeding in concert with them who receive notice of the
order, to hand over all assets that belong to the
3. The nature and stage of the matter subject entity or receivership. These cover secu-
and the text of the relevant laws of the rities, money and property of any kind, including
requesting party all money at financial institutions for the bene-
4. A description of the assistance requested fit of the targets of the investigation. The laws of
5. A description of the purpose of the many nations allow a receiver to take control of
requested assistance assets located in other jurisdictions.
141
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
All nations and jurisdictions have an interest in Forfeiture is defined as the permanent depriva-
regulating improper conduct in their territory. If tion of property by order of a court or other com-
assets are not repatriated by a person who has petent authority. It is a term used interchange-
been ordered to do so, a receiver will likely seek ably with recovery and confiscation.
recognition abroad of the order appointing him or
her, and try to convince a foreign bank to honor Forfeiture is handled through judicial or admin-
the request to transfer the funds. These efforts istrative procedures that govern the transfer of
may require proof of the underlying financial ownership of specified funds or other assets to
crime and of the receiver‘s plan to distribute a government agency. Many countries, including
assets to the financial crime victims. the US, have asset forfeiture laws that authorize
proceedings against assets that are the proceeds
As mentioned above, The Hague Convention of criminal activity or that served as the instru-
allows parties to request, through a bankruptcy mentalities of crime.
or other court, the assistance of another nation
in obtaining evidence and testimony. Asset forfeiture or recovery laws vary depending
on the jurisdiction. An asset recovery team mem-
ber should study the laws on forfeiture and asset
TRACING, FORFEITURE AND recovery in the jurisdiction where she or he is
SUBSTITUTION OF ASSETS handling the case. Persons or entities that had an
Courts may assist financial crime victims in sev- interest in the assets at the time of forfeiture lose
eral ways in tracing and recovering assets. Under all rights to the seized or frozen funds or other
common law, tracing is restricted to assets that assets upon a judicial or administrative ruling of
originally belonged to the claimant, and to the forfeiture. Many nations, including the US, allow
profits from the asset or its substitute. both criminal and civil forfeiture.
142
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
143
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
144
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
committed by someone acting on behalf of such of the illicit funds and increase the risk the money
an entity, the biggest hurdle to recovery gener- or the recipients may disappear.
ally consists of proving liability instead of search-
ing for assets. Understand cash withdrawals. Often, frequent
large cash withdrawals or unexplained transfers
Does the financial criminal have assets or money? from an account are noticed. Look for explana-
Because successful financial crime and fraud tions, which may include the purchase of cashier’s
schemes involve getting, transferring and spend- checks, withdrawals of cash to purchase money
ing large sums of money, records to reconstruct orders or wire transfers at other institutions,
the flow of funds will generally be available. Even cash withdrawn for deposit into other accounts
in the absence of reliable records, it is hard to at other institutions, or cash payments to pub-
execute a large financial crime without creating lic officials.
an audit trail. These records will provide trails to
third parties, firms and institutions that may be If the money was used for wire transfers, the
liable for damages for participating in the financial records of the money transmitter or funds
crime or enabling or fostering it knowledgeably. transfer institution will document this. If other
financial accounts are suspected, subpoenas or
To lay the groundwork for the pursuit of third par- requests for production to the institutions where
ties, various possible steps should be considered: the accounts are maintained should be issued.
Withdrawals by the financial criminal should be
Source and use analysis. All bank records the cross-checked against travel records, includ-
financial criminal and his accomplices used, bank ing credit card statements, to establish travel to
statements, both sides of all checks, deposit items secrecy havens or to other locations soon after
and wire transfers should be obtained. After this cash withdrawals.
data is placed in a spreadsheet or account rec-
reation software, the money that came into the Find related entities. Determine the other enti-
accounts, where it came from, how much was ties the financial criminal and his accomplices
spent, and where it went may be determined. have created. The asset recovery team should
check corporate and other public records to
When pursuing third parties, a keen eye should determine other business entities that list him, his
be trained on fee payments to professionals, family members, affiliated companies or accom-
including “investment advisors.” After it is input, plices as officers, directors or registered agents.
the data should be sorted by source and payee,
a process often called “Source and Use Analy- Check public records. Many assets generate pub-
sis.” This can show how much money the finan- lic records when they are purchased or trans-
cial criminal’s entity had at any point, how funds ferred, whether they are homes, cars, boats, jew-
were used as they came in, and how much went els, airplanes, negotiable instruments or other
to various recipients. assets. As more government agencies put these
records on their websites, these searches become
Identify the payees. When the recipients of the easier to conduct. Searches should be expanded
funds from the financial criminal are known, the to look for ownership by family members, close
purpose of each payment should be determined. associates, suspected accomplices and affiliated
The records of the financial criminal may answer entities of the target.
this or interviews of employees may do so. Oth-
erwise, subpoenas or requests for production of Intelligence sources. Many financial criminals
records should be sent to the recipients to obtain realize that their schemes ultimately will fail. At
explanations. However, this may tip off recipients
145
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
that point, they become more creative in hiding vent, may be voidable. For Ponzi frauds and other
assets, utilizing more cash transactions, transfer- financial crime schemes, the test of insolvency is
ring property to others, opening accounts at dif- met by the entity’s financial obligations to exist-
ferent financial institutions or purchasing goods ing investors. Good faith transactions, where
in the names of others. These actions are diffi- fairly equivalent value was given, are excepted.
cult to detect. The best sources for finding these This protects outside service providers or ven-
transfers are people who had contact with the dors who acted in good faith, and still permits
financial criminal and his accomplices. receivers to recoup improper payments.
Some sources, like former spouses, unhappy Overpaid investors. Investors in long-running
employees or angry investors, can provide Ponzi and similar financial crime schemes some-
assistance. Other sources must be persuaded to times receive more in distributions than they
cooperate, which can come through compulsion, contributed as capital. Distributions to investors
such as subpoenas, court orders or protecting beyond the amount of their principal investment
self-interest, including the fear of being charged must be returned under the laws of most coun-
with crimes or sued for money, and incentives, tries, including the US. If the investor or victim
such as immunity from prosecution that must be did not act in good faith because he or she knew
expended by government authorities. of the fraud or withdrew funds because of sus-
picions that something was not right, good faith
Affiliated entities. The affiliates and entities was missing and a receiver or other fiduciary
of the financial criminal should be analyzed to can demand a return of all the distributions
determine if their conduct gave rise to liability, or he received.
if their actions as agents of the financial criminal
created grounds to pursue their assets. With these considerations taken into account, an
asset recovery team may focus on specific third
Gratuitous donees. Payments by financial crim- parties whose deep pockets may secure the res-
inals that benefit others are also recoverable titution of the financial crime victims.
under the laws of many countries, including the
US. While payments by an entity of the financial GATEKEEPERS AND INTERMEDIARIES
criminal for normal business expenses are not When a financial crime has come to an end, one
voidable if the payments represented fair value may ask, “Where were the gatekeepers?” This
for the services provided, payments to satisfy refers to attorneys, accountants, brokers, audi-
the debts of others, including the financial crim- tors, investment advisors, consultants, corporate
inal’s personal debts, are voidable. Examples are directors and others. They often play a crucial
the payment of bank loans owed by employees role in facilitating or promoting a financial crime
or affiliates of the financial criminal and the pay- and have a duty to prevent the crime in transac-
ment of the indebtedness for assets purchased tions where they are involved. Under recent laws
by others. Charitable contributions and political in some countries, gatekeepers and intermediar-
contributions made by the financial criminal or ies must now actively attempt to avoid facilitating
the promoter of the financial crimes scheme are a financial crime, including fraud. If they fail to
also recoverable. meet this obligation, they may be liable for some
or all of the losses incurred by the victims.
Fraudulent conveyances. Under the laws appli-
cable to fraudulent conveyances, payments made A primary consideration in any claim against a
by a financial criminal or his entity, when the third party is whether that person or institution
payments would have made the company insol- owed a duty of care to the defrauded party or
146
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
financial crime victim. Some courts will consider actions during the commission of the financial
whether they had a duty of care to persons about crime, the intermediaries may be liable to the
whom they were not aware when their profes- victims. Often, these firms must conduct due dili-
sional responsibilities began. gence and implement “know your customer” pro-
cedures, just as banks do, on their customers and
counterparts.
THIRD PARTIES THAT MAY BE
HELD LIABLE TO FINANCIAL Even if the firms were fooled by the financial
CRIME VICTIMS criminal, they may be liable if they failed to con-
duct sufficient due diligence or if their operational
If gatekeepers and intermediaries act as cheer-
procedures were lax, or if they can be viewed
leaders and enablers and facilitate a financial
as having aided and abetted the fraud or other
crime, they may rightly be considered aiders and
financial crime. For example, if a broker-dealer
abettors or co-conspirators in the financial crime.
executed transactions based on forged signa-
The following gatekeepers and intermediaries
tures, the firm may be liable if the broker-dealer
may be liable if the financial criminal’s identified
should have known that was improper.
and located assets are not sufficient to satisfy the
losses of the victims.
Company directors. As part of the due dili-
gence procedures, an asset recovery team should
Banks. In most nations, banks must conduct due
attempt to determine if there is liability on the
diligence examinations on their account hold-
part of the officers and directors of an entity that
ers, including “know your customer” proce-
did business with the financial criminal. Director
dures required by anti-money laundering laws.
and officer liability insurance may be a source of
These are records an asset recovery team should
recovery for victims of financial crime. A failure by
obtain. Usually, Suspicious Activity Reports (SAR/
the directors to obey their duty to creditors and
STR) may not be disclosed by a financial institu-
investors may give rise to claims against them by a
tion under the laws of many countries, including
receiver or other fiduciary. Directors may also be
the US. An asset recovery team should under-
liable for wrongful or fraudulent trading or when
stand the banking regulations in the jurisdiction
preferential payments were made to creditors.
where the recovery operation is taking place in
order to determine the reporting and record-
Employees. Employees who held responsible posi-
keeping responsibilities of financial institutions
tions may be held liable for failing to detect or halt
and businesses used by the target of the oper-
financial crimes, including fraud, of which they
ation. Obtaining this information can help sig-
had knowledge or should have had knowledge.
nificantly in financial crime and asset recovery
investigations.
Attorneys. To the extent attorneys helped pre-
pare solicitation or other documents that con-
Financial institution records, including gov-
tained false information, which induced invest-
ernment-required forms they file, can provide
ment by innocent third parties, they may be liable
a wealth of information in asset recovery cases,
if they failed to conduct sufficient due diligence.
although the ability to access them is tightly reg-
Attorneys may also be forced to return money
ulated in many jurisdictions.
they received for representing the financial crim-
inal if the money was paid by a legal entity that
Broker-dealers, investment advisers, futures
had been controlled by the financial criminal and
commission merchants. If a financial crimi-
is now in bankruptcy. Retainers paid from stolen
nal hired registered financial intermediaries to
funds may also be recovered.
advise him, or he used them to execute trans-
147
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
Auditors and certified public accountants. A case by an audit report. The misstatement could be
for recovery against an auditor may arise where a the result of fraud by company management or
duty of care has been proved and the duty was from error. Determining if a duty of care is owed
breached and led to a loss to a person to whom by an auditor to a third party normally depends
the auditor owed the duty. An example is where on the circumstances, including the relationship
a lender suffers a loss by relying on a compa- between the auditor and third party and how an
ny’s financial statements indicating it was finan- audit report was produced and communicated to
cially sound and the statements are supported the third party.
Q 7-1. In a Venezuela court case for fraud against individuals and companies around the
world, documents have been obtained that would be helpful in a related proceeding in the
US in Miami. Venezuela and the US are parties to the Hague Evidence Convention on the
Taking of Evidence Abroad in Civil or Commercial Matters. No special laws exist in either
jurisdiction for the evidence sought.
To ensure these documents are properly received in evidence in the US, which two are
acceptable methods of requesting such evidence?
148
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8
FINANCIAL
CRIME
INVESTIGATIONS
INTRODUCTION
149
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
This chapter describes some of the key methods Civil law courts are generally not bound by prec-
to investigate financial crimes and gather evi- edent and are restricted to what is contained in
dence in compliance, enforcement and regulatory the law. Judges within the civil law system are
cases. In some respects, except for a few notable usually specially trained judicial officers with a
differences such as grand juries, the procedures limited ability to interpret the law.
and tools available to financial crime specialists
in the private and public sector are similar. Con- Civil law is primarily contrasted with common
sequently, the investigative techniques presented law, which is a legal system that developed his-
here are designed to be applicable to a wide range torically in Anglo Saxon societies, especially in
of financial crime matters. England and its colonies. Common law countries
are most notably represented by the United King-
It is important to note that the legal and inves- dom—members of what was historically called the
tigative techniques in financial crime are often British Commonwealth, such as Canada, Australia,
closely related. In many cases, a financial crime New Zealand, India, Pakistan, the English-speak-
specialist will be conducting an investigation ing Caribbean islands—and the US.
as part of a legal action or in cooperation with
a legal professional. In criminal and civil cases, The US inherited and adopted this legal system
the financial crime specialist must take care to from England. Historically, civil law and com-
conduct investigations in a way that ensures their mon law differed in that common law developed
findings can be used as evidence in a legal pro- from customary practices and court decisions
ceeding. As such, understanding some of the key that established legal principles that were fol-
legal principles underpinning civil and common lowed over time by other courts and became the
law systems, as well as criminal and civil cases, is “common law” or precedent. The precedents are
a necessary starting point for a financial crime applied by courts unless legislation prohibits or
investigation, as is discussed below. modifies a common law precedent.
In a civil law country, legislation is deemed the The most notable continuing difference between
primary source of law; it determines the rights, civil law and common law is in the approach
remedies and actions available in a civil law juris- to codes and statutes, as well as in the reme-
diction. Unless there is specific legislation allow- dies and procedures available to resolve claims
ing for a particular procedure, that procedure and disputes.
is generally not available in that jurisdiction. In
civil law systems, courts and judges tend to be KEY DIFFERENCES IN CIVIL LAW AND
inquisitorial, often asking the questions that in a COMMON LAW SYSTEMS
common law system would be the province of the In civil law countries, legislation is seen as the
prosecution/plaintiff or defense counsel. primary source of law; therefore, courts base
150
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
Legal proceedings under the two systems also This difference can be illustrated by the following
vary. Civil law courts are generally inquisito- example. A bank officer embezzles money from
rial, with the judge acting as fact-finder in the accounts under his control or supervision.
case. Civil law judges may ask the parties ques-
tions designed to see how the facts of the case Under criminal law:
square up against the requirements of the code. • The officer could be charged and prosecuted
Common law proceedings are adversarial, with a for theft as a crime defined by the legislation
prosecutor and defense attorney or plaintiff and of the jurisdiction in which the incident
defendant squaring off against each other. happens. Under most legal systems, the
accused would not be required to testify
For a financial crime specialist, recognizing the and would be entitled to a presumption
type of system that may be available or applicable of innocence. The burden of proving guilt
in a given case is important. This can help in eval- would fall upon the prosecution, which must
uating which jurisdiction may be more appropri- usually meet a standard of guilt beyond
ate to initiate or pursue claims or litigation, as “reasonable doubt.”
well as in determining the cost and effort of pur-
suing a claim, and the likelihood of success. • In most common law and some civil law
systems, the accused is entitled to a jury
to try facts and determine guilt, although
CRIMINAL LAW AND CIVIL LAW he may waive that right and be tried by
the judge only.
Criminal law is the body of law involving the state
against individuals (including corporations, legal • Upon conviction, the accused (defendant)
entities, and other organizations), in which the may be subject to imprisonment, fines and
state relies on statutory powers. suspension of certain privileges, such as
special licensing or the ability to be hired by
Civil law, in this context and not to be confused a bank in the future. In some cases, the court
with the civil law system described earlier, is may order the defendant to pay restitution
the area of law that deals with disputes between or other compensation to the financial
151
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
institution or the account holders as victims. pensated based on a percentage of the judgment
The court may also, where allowed, order the obtained. In a civil case, the plaintiffs do not have
forfeiture of assets identified as proceeds of the resources available to public prosecutors,
the criminal activity. and the cost of investigation and other technical
aspects of the case are either paid by the plaintiffs
In a civil case: or recovered through the proceeds of judgment.
1 Though it cannot be reduced to a formula, preponderance of evidence is generally understood to mean the level of evidence
needed to make it appear more likely than not that what a claimant seeks to prove is true.
152
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
153
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
of the chain of custody requirements in seizing and, finally, to a law enforcement authority in the
and safekeeping an item for presentation as evi- receiving country, to undertake the requested
dence in court. specified assistance. The assistance may include
obtaining bank records, interviewing witnesses,
Electronic surveillance. Any surveillance using executing search warrants or any other speci-
electronic equipment that invades the expected fied investigative or evidence gathering proce-
privacy of an individual usually requires a court dure. Generally, a formal mutual legal assistance
order. This could involve eavesdropping equip- request is based on a bilateral or multilateral
ment, long-range video devices, wireless inter- global or regional treaty, or a letter rogatory.
cepts, etc. In most jurisdictions and circum-
stances, a private sector investigator would not be Undercover operations. In public sector inves-
permitted to conduct these surveillances and uti- tigations, an undercover operation typically
lizing them could constitute a criminal violation. requires authorization and official approval
before it can be started. The undercover opera-
Bi-national and International Mutual Legal tion may continue for the period of time that is
Assistance Treaties (MLAT) and less formal authorized. Undercover operations conducted by
mutual assistance. Mutual legal assistance is the the private sector must be mindful of the risk of
process of requesting or providing evidence and violating privacy laws.
information from one country to another for use
in a criminal investigation. The request can be Physical surveillance. Both public and private
formal or informal. A formal request may origi- investigators can engage in surveillance with
nate in an investigative agency in the requesting restrictions and advantages for each. This can
country but must follow the procedures that the include examples such as tailing an investigative
requesting country specifies. Usually an inter- subject or his associates, or staking out a loca-
national request for assistance is transmitted tion to track the movements of a target. Sur-
through the country’s designated “National Cen- veillance can help locate assets (bank accounts,
tral Authority,” which is the name of a nation’s real property, brokerage accounts, boats, cars,
office that coordinates international law enforce- etc.) and criminal associates, and identify pat-
ment assistance with and through Interpol. In the terns of activity and establish probable cause for
US, the National Central Authority is located in search warrants.
the US Department of Justice. The National Cen-
tral Authority, or Bureau as it is called in the US, Another investigative tool is garbage pickups.
also often serves as the intermediary between a Properly conducted, garbage pickups can provide
nation’s law enforcement agencies and Interpol in considerable evidence and lead to hidden assets,
Lyon, France. fronts and associates. Law enforcement agen-
cies must ensure that information obtained from
Requests for assistance may also be required to both surveillance and garbage pickups is legally
be transmitted through diplomatic channels to admissible and that the process of obtaining the
the central authority of the “receiving country”
information was proper in the jurisdiction where police actions, or national Financial Intelligence
the garbage pickup occurred. Units (FIUs) of the Egmont Group.
Private sector investigators should also be on For example, the US FIU is the Financial Crimes
firm ground concerning the legal requirements of Enforcement Network (FinCEN) Canada’s is Fin-
these types of investigative techniques to avoid trac. FIUs generally collect, collate and analyze
trespassing or other violations. substantial amounts of financial information,
much of which is derived from reporting forms
Informants. Government agency investigations that the financial and business communities of
have strict guidelines for the use of informants, a nation are required to submit, including suspi-
while the private sector has few or no restrictions. cious activity reports.
Informants usually request anonymity, which
may make their information inadmissible but still Information obtained from these sources may
a source of excellent leads and intelligence. Man- serve as evidence or extremely valuable intelli-
datory disclosure to the defense in some jurisdic- gence and leads. In most cases, the information
tions may complicate the use of informants and obtained by FIUs, particularly suspicious activ-
create evidentiary and security problems. Similar ity reports, is not available to the private sector
problems rarely exist for the private sector. The directly from the FIU, but may often be subpoe-
risks and benefits of using information derived naed or obtained by other legal process from
from informants must be carefully weighed by the opposing party that filed a form. The private
both sectors. sector also does not have access to the records
and assistance provided by Interpol, whose head-
Recording conversations with one party con- quarters is in Lyon, France.
senting. Public sector investigators can obtain
authorization, often required from a court, before Civil society information. Numerous private
recording conversations where one side consents. sector organizations that serve as watchdogs,
This is a significant tool in obtaining evidence such as Transparency International, Open Soci-
and is similar to a telephone intercept except that ety Justice Initiative, Sherpa and Global Integrity,
the level of probable cause required to be shown employ investigators, forensic accountants and
is generally less stringent. In some, but not all, attorneys to gather evidence and intelligence
states in the US, a private sector asset recovery against corrupt leaders and politicians. Occa-
team member may record a conversation, either sionally, they use this information in lawsuits to
on the phone or in non-electronic circumstances, recover assets for the victims of corrupt regimes.
when one party to the conversation consents. Other times, the information is used for publica-
Some jurisdictions allow this activity by non-gov- tions and offered to law enforcement and private
ernment entities, while others, such as Florida, sector investigators to help bring corrupt offi-
make it a criminal violation. Careful research cials to justice. This intelligence can be extremely
of the law in the jurisdiction where operating is valuable to private and public investigators. The
essential in these situations. private sector and law enforcement can use the
information as intelligence and leads to assets.
Informal international assistance. There are Creating working relationships with these groups
many routes of productive informal, non-treaty, is often very productive.
international assistance that are available to pri-
vate and public asset recovery team members.
Examples of informal MLA requests include the
use of Interpol, embassy contacts, police-to-
155
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
OPEN-SOURCE INTELLIGENCE The search engine industry has shifted from pro-
viding purely text content results to include other
Open-source intelligence (OSINT) is informa- results in searches, such as videos and photos.
tion that is publicly available and accessible; yet These results are known as Blended or Univer-
OSINT, although publicly available, is not neces- sal Search Results and they are useful to finan-
sarily free or easily discoverable. OSINT gathering cial crime investigators, as following a result on
will play a powerful role in most investigations. It a seemingly irrelevant photo may link one to a
contributes to the foundation and justification for more useful content page. Effective searching
more intrusive evidence and information collec- investigation should include visually scanning and
tion methods. checking images and video. Also, when checking
a page source, one should scan for comments that
OSINT does not require a court order to obtain. are related to a video or image.
The collection techniques used for OSINT are
not intrusive. SOCIAL MEDIA, BLOGS AND
MICROBLOGGING
There are several types of OSINT sources:
Social media sources can be extremely helpful in
• Online Searching and Web Content a financial crime investigation. A photo, a com-
• Social Media, Blogs and Microblogging ment or a tweet may be enough to establish a
timeline or location of someone that may be of
• Media Outlets and News Sources interest. Social media is also an excellent source
• Geospatial Open-Source of investigative information from people who may
• Public Records be observing and documenting fraudulent activ-
ity for distinct motives or a sense of duty.
• Professional Conferences and Live Events
• Observation and Reporting Social media includes sites such as Facebook,
LinkedIn and LiveJournal. Online profiles have
ONLINE SEARCHING AND WEB CONTENT varying levels of security, but even a search that
A growing and easily accessible source of OSINT generates a main social media page can show
is Internet searching through search engines. some contacts for further searching; people are
These are among the best known and frequently not always selective about “friending” or “con-
used online tools worldwide, and include sites necting.” Dating sites (eHarmony, POF, etc.)
such as Google, Bing and Yahoo. often have online discussion boards that are
156
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
open and searchable with or without an online logging and social media platforms can be useful
dating account. sources of real-time information about a subject.
In more than one case, photos and other infor-
“Microblogging” platforms are sites where users mation posted to social media sites have helped
share and contribute short messages or photo to track and locate suspected financial criminals.
and video content, such as Twitter, Tumblr, Face-
book, Instagram and Pinterest. Microblogging MEDIA OUTLETS AND NEWS SOURCES
can be a powerful and extremely fast way to The media are powerful sources of open-source
move a message. Content is typically generated information. A financial crime specialist will want
and buried quickly, and microblogging platforms to research beyond the media releases that are
have tools to comment (or “like”), and share and freely available from search engine results. Media
spread it. Depending on the audience, messages includes newspapers, journals and other publica-
can be transmitted in extreme short-hand or tions, and radio and television broadcasts. Some
particular style than is difficult to parse if you of the major online newspapers require online
are not the intended audience. Since users often subscriptions to access their material, which
update them once or many times a day, microb- may require a fee but will be more effective than
157
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
While the data will not be real-time, users may • Criminal history records
also create custom maps to update places of • Court records
interest and obtain other information. This can • Names and salaries of government and
aid in tracking a subject’s activities by potentially corporate employees
revealing details of his or her current location
and helping an investigator review locations and • Business and other government-required
confirm addresses. Tools such as Google Maps licenses (liquor, building permits, etc.)
allow an investigator to get a good view of a loca- • Public records by state
tion, which can be very useful. • Real estate records
• Adoption records
CONDUCTING AN INTERNET AND • Universal Commercial Code (UCC) filings
PUBLIC RECORD DATA SEARCH
A simple example, from a commercial database
Not long ago, checking the real property owner-
and a social media posting, can demonstrate the
ship of an investigative subject might have taken
158
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
power of these investigative inquires in financial in an expensive coastal area. The husband is a
crime investigations. public official earning a mid-range salary and is
suspected of taking bribes or kickbacks. A for-
Example 1: An informant says the subject of an mer friend of the wife disclosed the Facebook
investigation was divorced two years ago, but posting. A commercial database search reveals
the location is unknown. A commercial database no property owned by the public official in the
search reveals the county and state of the divorce. coastal town.
A further inquiry discloses that there was a prop-
erty settlement agreement. A copy of this agree- A subsequent Facebook posting by the wife states
ment, obtained online for a fee, reveals two bank that she is looking forward to a trip to their new
accounts and a Mercedes-Benz vehicle, traced to vacation home this weekend. A surveillance of the
a dealership. Contact with the Mercedes-Benz wife and husband Friday evening leads investi-
dealership reveals a financial statement that dis- gators to the property. County records indicate
closes additional bank accounts and property. A the vacation home is in the name of a shell cor-
simple Internet search uncovered more than $1 poration. Numerous investigative leads will follow
million in assets. from here, including the tracing of money used to
purchase the property.
It should be noted that bank accounts are usually
found by tracing financial transactions and fol- Meaningful OSINT collection requires creativ-
lowing each lead. There is no Internet or govern- ity, time and monitoring of trends in online tools.
ment database of bank accounts. A financial crime specialist also needs a deep
understanding of the industry or individual they
Example 2: The wife of the subject of a financial are researching to conduct productive searches.
crime investigation has just posted on Facebook
that she is very happy with the new penthouse
vacation home that her husband has purchased INTERVIEWING TECHNIQUES
Few skills are as important to the success of a
financial crime investigation as the command of
interviewing techniques. Understanding the dif-
ferent types of these techniques and their pros
and cons is essential to the success of the inter-
view, especially in financial crime cases.
159
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
direct questions and expecting simple and direct be authenticated and the chain of custody
answers. The questioning is accusatory in nature. established. Any lead documents need to
be followed up, and certified copies must
In an interview, particularly a financial interview, be obtained. It is important to understand
the investigator attempts to develop a rapport the motivation of third-party witnesses,
with the witness and looks for detailed answers. and one must ensure that facts are not
Financial interviewing involves systematically selectively provided.
questioning individuals with knowledge of the • Interview of parties who are represented
events, the people involved and the physical and and not represented by lawyers. In planning
intangible evidence: to interview witnesses, cooperating
individuals and subjects, it is important to
• Subject interview (custodial or non- understand and respect the attorney-client
custodial). Custodial interviews by a relationship. Represented parties should
government investigator often require the not be contacted directly, but only through
obligation to provide warnings about the their attorneys, depending on the laws
right to counsel. It is critical to document of the jurisdiction. Failure to identify and
the recitation of required warnings in the acknowledge legal representation can prove
country where the interview was conducted devastating to one’s investigation and the
and to remain aware of perceptions admissibility of evidence.
regarding implied custody. The subject must
also understand his ability to walk away, if
any. In conducting a non-custodial interview, AFFIDAVITS
it is important to consider and prepare for An affidavit is a written statement of the witness’
the likelihood of obtaining incriminating testimony, made under oath by the witness. It is
statements. Consider protections, an effective tool for locking down testimony of
perceptions of custody and other factors in potentially hostile or unreliable witnesses.
charting your course of action.
• Interview of cooperating witness. Keep in mind the following:
Cooperating persons can provide intimate
• The affidavit must be voluntary.
details about the actions, comments, records
and assets of a subject. It is important to • Attester must give oath before a person
maintain transparency in negotiations having authority to administer the oath.
with a cooperating witness to prevent the • The affidavit is usually prepared by the
perception of a quid pro quo arrangement – interviewer, but may be prepared by the
i.e., “tell me what I want to hear and I’ll give witness, providing it addresses all of the
you what you want or need.” Informants are necessary issues.
apt to manipulate facts and circumstances
• It may be constructed contemporaneously
to fit a current need. All statements
at the time of the interview or prepared later
by cooperating individuals must be
from the interview notes.
corroborated.
• The person signing the affidavit must
• Interview of non-cooperating witness.
sign each page and initial any changes or
Other third-party witnesses can provide
corrections.
information, leads and documents. Properly
document all witness contacts and • The affidavit must be signed by the person
statements. Any documents received must taking the oath and (preferably) a witness.
160
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
161
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
cept was conducted without a court order. The diction. Some jurisdictions require that counsel
information is both relevant and material to the for both sides be present during the questioning.
matter now being tried; however, because of the Others require the testimony to be taken before a
way it was obtained, it is not admissible. In most judge. One should learn what the rules are before
circumstances, any legally obtained information undertaking evidence- gathering.
received as a direct result of the illegal intercept
often would not be admissible in court proceed- Special investigative techniques. In government
ings either, under the so-called exclusionary rule2. cases, it is very important to know how evidence
will be obtained in the requested country if “spe-
Example 2: A news article reports that the alleged cial investigative techniques” will be involved. The
ringleader of a fraud scheme has a shell corpo- jurisdiction that is gathering the evidence may
ration in Panama. This is good intelligence, but have a lower standard of probable cause to obtain
is not considered admissible as evidence unless authorization for the use of invasive procedures,
introduced by someone who has direct knowl- such as wiretaps, search warrants and electronic
edge of the account. surveillance. This may cause the evidence to be
ruled inadmissible when it is introduced in court
in the jurisdiction of the requesting country.
FINANCIAL CRIME INVESTIGATIONS
ACROSS INTERNATIONAL BORDERS Dual criminality. In a government financial
Instances of large-scale corruption, money laun- crime case, where the assistance of a foreign
dering, fraud and asset recovery often require nation is requested, it is important to know if the
assistance from other nations and jurisdictions, requested nation requires that the offense being
which may have different laws on collection of investigated qualify as an offense in both juris-
evidence, taking of testimony, investigative pro- dictions before assistance will be rendered.
cedures and the level of cooperation afforded to
other countries. For example, most countries criminalize income
tax evasion, but Switzerland does not. If a mutual
When seeking foreign assistance in a government legal assistance request is sent to Switzerland for
or public-sector case, or when a private sector evidence to be gathered in support of a criminal
financial crime team seeks to obtain records in income tax investigation, it will be denied.
another country, it is important to understand
the procedures that must be followed to obtain One should keep the following considerations in
the required evidence. The following issues may mind when considering sending a request to a
affect the admissibility of the evidence that is foreign nation for assistance:
obtained in that fashion. • What does one need to ensure that the
information gathered in the foreign country
Testimony of witnesses. If the goal is to use tes- will be admissible as evidence when it is
timony as evidence and the witness will not be transmitted?
available to attend the proceedings in the home
country, it is important to ensure that correct • What are the legal and statutory
procedures are followed during the interview of requirements of the foreign country? For
the witness to preserve the evidence for later use example, if one is attempting civil asset
in trial. It is necessary to understand the proce- forfeiture (non-conviction based) and wants
dures that the court will require to admit the tes- assets frozen in a foreign jurisdiction, does
timony of a witness questioned in a foreign juris-
2 This is often referred to as “fruit from the poison tree.”
162
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
that country have laws that allow non- the Federal Bureau of Investigation, whose rep-
conviction-based seizures and forfeitures? resentatives in foreign embassies are called Legal
• Is one legally compelled to inform the Attachés or “Legats.”
subject of the investigation of the assistance
being requested in the foreign country? For
example, obtaining testimony of witnesses
TAX AND SECRECY HAVENS
that the opposing side may not be able to Although we covered these extensively in the Tax
interview may result in the statements being Evasion and Enforcement Chapter, we will briefly
deemed inadmissible. mention them here. Because of their obvious ben-
efits, tax and secrecy haven countries are favored
• Will the subject of the investigation be
locations of tax evaders, fraudsters and other
notified of the requested assistance by
financial criminals to hide unreported income
the foreign authorities? Some countries
and criminally derived proceeds.
require the holder of a bank account to be
notified prior to the disclosure of records to
Secrecy havens are nations, or jurisdictions
the government.
within nations, that typically have the following
• What level of probable cause is required to characteristics:
authorize certain enforcement actions or
investigative techniques, such as searches • Few or no taxes
and seizures? • Lack of effective exchange of tax information
with foreign tax authorities
The best way to answer these questions is to con-
• Lack of transparency in the operation of
tact the proper authorities in the foreign country
legislative, legal or administrative provisions
prior to sending a formal request for assistance.
Another source of helpful information may be the • No requirement for a substantive
appropriate legal or other attachés in the embas- local presence
sies of one’s country. Requestors should always • Self-promotion as an offshore financial center
follow their agency’s internal rules and proce-
dures in making contact with foreign authorities. In recent years, many regions or countries that
Often, a phone call to the appropriate person in historically had reputations as secrecy havens,
the foreign jurisdiction, or to one’s embassies such as the Cayman Islands and Switzerland, have
overseas, will provide answers to these questions, taken steps to reform their financial systems and
save time and ensure that the evidence is admis- introduce greater transparency. But new havens
sible at trial. have opened their doors, and some in unexpected
locations, like the US states of Delaware and
One should always keep in mind the resources Nevada. It is often very difficult to obtain useful
of one’s embassies throughout the world and the information on beneficial owners, accounts, legal
embassies of foreign nations in your country’s entities or companies in these secrecy havens.
capital city. The US, for example, has embassies
or missions in more than 150 countries, and, in This difficulty may arise because the jurisdiction
Washington, DC, more than 150 countries have restricts what information can be provided in
embassies or missions in Washington, DC. All investigations, or because accurate information
these embassies have officers or attachés that are on account or business ownership is not collected
capable of answering pertinent questions. In all in the first place. Delaware, for example, does not
US embassies, for example, there are represen- require any information on the true owners of a
tatives of federal investigative agencies, such as corporation to be provided at time of incorpora-
163
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
US SECRECY HAVENS
In recent years, national governments of many ficial owners at the time of company formation.
nations, as well as international bodies such as Likewise, no information on the true owners of
the FATF, have highlighted the need for cor- companies is available from Delaware’s corpo-
porate transparency to help combat money rate registry. Delaware corporations that do not
laundering and tax evasion. Although the US actually do business in the state of Delaware
has participated in these calls for transpar- do not need to file annual income tax reports
ency, critics have justifiably highlighted the or company financial statements, allowing the
fact that the country plays host to its own company’s financial records to remain private.
secrecy havens, in the form of states with very The state also allows for company formation
lax incorporation laws. agents to conduct incorporation, and for the
company to be held in the name of nominee
Four US states in particular, Delaware, Nevada, directors and shareholders.
Oregon and Wyoming, have emerged as popu-
lar locations to form shell companies because Despite the increasing attention and public
of the almost complete anonymity in the com- outcry over the role of US states like Delaware
pany formation process. Delaware is most as secrecy havens, to date these states have
notable because it offers very low taxes and resisted calls for increased transparency and
minimal requirements for maintaining a com- stricter customer identification procedures. It
pany after it is formed. should be noted that the vast majority of com-
panies incorporated in Delaware and the other
Most importantly, Delaware, along with several states highlighted are entirely legitimate.
other states, collects no information on bene-
164
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
165
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
enforcement involvement may make it easier to Law enforcement agents, usually through a pros-
obtain some evidence, such as personal finan- ecutor, can request search warrants from a judge,
cial documents, for review. These legal requests who may issue them with specific rules for seiz-
typically go through the court. Evidence seized ing and searching the evidence. A search warrant
pursuant to a court order must be obtained specifies the time, place and items that can be
within the scope of the court order if it is to be searched. Failure to follow the terms of the search
used at trial. warrant may render the evidence useless in trial.
Exhaustive open-source intelligence (OSINT) For a judge to approve a search warrant request,
work and client cooperation can lay the founda- he or she must be shown probable cause that a
tion of an investigation if criminal activity has suspect has participated in the criminal activity
not yet been determined. Overt, open and non- or committed a crime.
intrusive evidence gathering will help determine
if an investigation needs to be escalated to a legal SUBPOENA
action. This will also strengthen the case made The subpoena is the legal tool most commonly
to a judge in requesting a court order for more used to obtain information. It is a legally enforce-
intrusive investigation. able command for a specified person or entity to
produce records or things at a specified place at
COURT ORDERS a specified time, either with or without accompa-
If a financial crime specialist has been retained nying testimony. A subpoena may be issued by a
by an employer to conduct an investigation, he or clerk of court in connection with a legal proceed-
she will probably have substantial access to files ing; an attorney in connection with many national
and physical property, including the employee’s and state court proceedings; and, in some cases,
computer, electronic data and phone records. by law enforcement officials and administrative
agencies in connection with their investigations
A private sector financial crime specialist may and proceedings.
also be engaged after a law enforcement agency
has begun an investigation. Evidence may have During a criminal investigation in many coun-
already been seized and removed from the ini- tries, a grand jury reviews the evidence and
tial placement location before the private sector decides if the case will go to trial. Further evi-
financial crime specialist ever comes on the scene. dence may be requested on behalf of the court
through subpoenas.
Regardless of the sequence of events, if an inves-
tigator needs a court order to preserve, obtain, There is considerable variation in the subpoena
search and protect information, he or she will process from country to country and even within
likely need the support of the court and law states and jurisdictions of certain countries. Gen-
enforcement agents to get it. Legal counsel should erally, a subpoena is a blank document issued by
be consulted once criminal activity in the matter the court clerk to be filled out by an attorney and
has been established. then served by law enforcement agents.
166
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
The subpoena process is not necessarily as fast as Some electronic data, by nature, is overwritten
that of the search warrant. A search warrant for quickly while some persists until a decision is
public sector agencies may be preferable if infor- made to overwrite it. It is important to under-
mation must be seized immediately. stand what evidence can be overwritten, and
take the appropriate steps to preserve it until a
PRESERVATION ORDERS (LITIGATION cyber-investigation is conducted.
HOLD, HOLD ORDERS)
Once important electronic material has been
A financial crime specialist conducting an inves-
located, it may be wise to seek a “protective”
tigation may find he or she needs to protect elec-
order to prevent a party from accessing, destroy-
tronic data from being deleted, altered or oth-
ing, overwriting or modifying it. “Litigation holds”
erwise “spoliated.” Due to the ephemeral nature
may also be imposed internally by companies that
of electronic data, which can be easily erased or
reasonably anticipate litigation or by an attorney
overwritten intentionally or accidentally, cap-
working for an adversary. They are mechanisms
turing and preserving such evidence can pose a
to preserve data while the legal issue is addressed
real challenge.
and resolved.
167
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9
INTERPRETING
FINANCIAL
DOCUMENTS
168
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
FINANCIAL CRIME VERSUS ERROR ness partners, vendors and financial institutions
One primary factor that distinguishes fraud about loans by representing an inaccurate finan-
from error is whether the underlying action that cial picture.
results in the misstatement of the financial state-
ments is intentional or unintentional.
169
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
3 It is generally known as an income statement in the US, or profit and loss account in the UK. It can also be referred to as
a profit and loss statement (P&L), revenue statement, statement of financial performance, earnings statement, operating
statement, or statement of operations. We will refer to it as a P&L Statement in this manual.
170
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
over several periods to look for unusual fluctua- • The top section will show revenue and cost
tions. Following are some questions that financial of sales4, and the result of the revenue minus
crime investigators should ask: the cost of sales which is the ‘Gross Profit.’
• The next section will show all expenses
• Are there any sources of income that appear and derive a sum of expenses. It will then
out of the ordinary, or inordinately high, for subtract the expenses from the gross profit
the company or the industry? to determine the ‘Income from Operations.’
• Is the Cost of Goods Sold within industry • And finally, at the bottom, usually after
standards? Are there items in Cost of Goods a section for other income and/or non-
• Sold that don’t seem to be connected to the operating expenses (such as taxes), will
production process? In the US, due to some be the ‘Net Profit (or Loss).’ This is simply
Tax Court decisions, questionable payments derived from the Income from Operations
are placed in Cost of Goods Sold rather than and adding any other income and subtracting
deducted below as operating expenses. and non- operating expenses.
• Is the gross profit too high a percentage for Formatting and line items will be different in
industry standards? every P&L you see, but, in the end, it is simply a
• Are business expenses delineated, and, if so, statement of revenue minus expenses to deter-
are there indications of where fraudulent mine net profit or loss for the year.
expenses may be concealed?
• Are there unusual fluctuations in any In the example, you should notice that a great
of the revenue or expense categories deal of the information on the statement is
between periods? derived from other data on the sheet. To clar-
ify what data is derived from other entries; rows
Profit and loss statements can be limited by items that are used in calculations are labeled with a
omitted (examples are values such as brand rec- letter label. For example, Total Sales Revenue is
ognition that have no established guidelines for labeled with a [J]. For derived results, the formula
measuring); by accounting methods used to pro- to determine that row’s value is included in the
duce the numbers (companies in the same indus- row. For example, ‘Gross Profit’ is the result of [J]
try may use different depreciation methods); and minus [K], and we will now refer to gross profit as
by measurements that involve judgment (such as [L]. In other words, gross profit is the total sales
life of an asset, or estimates of future bad debt revenue minus the total cost of sales.
write-offs). You should always be aware of indus-
try norms when analyzing statements. To further clarify the statement, you should
notice that all ‘cells’ that are calculated from other
In the following example of a P&L, you can see the data and not manually entered are shaded grey.
primary elements of a typical statement. Every Any changes to entered data in the non- shaded
company will have a slight variation of this as far cells should automatically change the results in
as specific line items—sometimes far more gran- the shaded cells.
ular, and sometimes less—but all will have three
basic sections: In our example, there are additional columns for
‘Current Period as a % of Sales’ and ‘% Change
from Prior Period.’ You will not always see these
on a P&L, but we include them here to demon-
171
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
Operating Expenses
Sales and Marketing
Advertising 18 22 5.5% 22.2%
Marketing 2 3 0.8% 50.0%
Total Sales and Marketing Expenses [M] 20 25 6.3% 25.0%
General and Administrative
Wages and salaries 22 23 5.8% 4.5%
Supplies 2 4 1.0% 100.0%
Rent 12 12 3.0% 0.0%
Utilities 4 6 1.5% 50.0%
Depreciation 9 9 2.3% 0.0%
Insurance 1 2 0.5% 100.0%
Total General and Administrative Expenses [O] 50 56 14.0% 12.0%
Total Operating Expenses [P=M+N+O] 70 81 20.3% 15.7%
172
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
strate some of the conclusions you can draw from and easily explained reason for this, but it shows
the data in our example. you the kind of item that might warrant more
investigation.
The first column of those two columns is sim-
ply the entry in that row for the current period Charitable organizations do not produce a P&L
divided by the total sales revenue for the current statement. Charities, by definition, are not
period, which in our example is $400,0005. We for profit, and thus will have not profit or loss.
can clearly see in this column that software sales However, they often do have reporting require-
were 32.5% of total revenue in 2012. ments, either to a regulator, donors or a board
of directors.
The final column simply shows the percentage
change in that row from the prior period to the Instead, they produce a similar statement that
current period. This should highlight any signif- reflects funding sources compared against pro-
icant year over year changes. For example, the gram expenses, administrative costs, and other
cost of supplies increased 100 percent in 2012, or operating commitments. This statement is com-
doubled year over year. Granted, the numbers are monly referred to as the statement of activities.
small in this example (only increasing from $2,000
to $4,000), but should highlight the kind of year Although not depicted in our example, most P&L
over year changes that should catch your eye. statements from companies of any significant
size include a Notes section at the end. As with
What can you determine from this statement? any financial statement, the Notes section is
Usually, any issues will require making an anal- common place to hide irregularities.
ysis of the results to determine what might be
suspicious depending on what you are investigat- Some questionable entries in the Notes section
ing. On this statement, a financial crime specialist might include the following:
may want to look into why the cost of sales for
software increased by 50 percent from one year • Write-downs of inventories
to the next, but the revenue from software sales • Litigation settlements
only increased 30 percent. There may be a simple • Discontinued operations
• Disposal of assets such as property, plants
and equipment
• Disposals of investments
• Restructurings activities of an entity
• Other reversals of provisions
5 Note that the actual entry in that row is 400, but at the top of the statement you should notice that all numbers are ‘stated in
000s.’ That simply means the statement is in thousands, and you should add three zeros to the end of all numbers on the state-
ment to get the actual number. This is a common practice to reduce the clutter on a P&L statement.
173
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
174
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
• Other Current Assets – This is, basically, a • Other Assets. Once again, a catchall category
catchall section for any assets that have value for assets not covered elsewhere.
and can be readily liquidated but are not
covered elsewhere in this section. It is not As with the asset section, the liability section
uncommon for this to fluctuate over time, begins with current liabilities, or liabilities that
but massive changes should be looked into. will come due in less than a year.
Below the current assets are the fixed assets The current liabilities in our example include
of the company. These assets are considered the following:
less liquid:
• Accounts Payable. These are the bills owed by
• Long Term Investments. These are the company, typically to suppliers.
investments that the company intends to • Short/Current Long-term Debt. Short-term
hold for more than a year and might never debt is debt that will come due in less than
mature. Stock positions in other companies a year, and current long-term debt is the
and bonds might fall in this category. payment due on long-term debt with a year.
• Property, Plant and Equipment (PP&E). • Other Current Liabilities. As in the asset
This represents relatively illiquid assets section, these are liabilities that are not large
a company might hold and, without enough to qualify as line items. It is a catchall
reinvestment over time, will decrease due to for small, miscellaneous liabilities.
depreciation. It may be a very large item for
some types of companies or a very small line As a general rule, in a healthy company, the cur-
item for others6. rent liabilities should not be greater than the cur-
• Goodwill. This is a line item typically found rent assets. Below the current liabilities are the
when a company acquires another company. long-term liabilities the company carries. These
In order to balance the books, this is added are liabilities that will not mature in the next year.
as an asset to reflect any premium paid
over the book value of the company7. It is As with the asset section, the liability section
intended to reflect the intangible assets that begins with current liabilities, or liabilities that
are considered part of the purchase, such will come due in less than a year.
a brand value or reputation of the acquired
company. Although there was likely a clear The long-term liabilities in our example
reason the company paid over book value are as follows:
for an acquisition, goodwill is generally not a
good thing to have on the books. • Long Term Debt. This can represent
financing on PP&E, bond issues, or any other
• Intangible Assets. Assets that are not long-term leasing or financing relationship.
physical in nature, such as patents and other
intellectual property. Intangible assets are • Negative Goodwill. Negative goodwill is
typically very hard to value and could be actually considered a good thing to have on
inflated on some balance sheets. a balance sheet. This reflects an acquisition
where less than the book value was paid, or
basically the company paid less than the
6 For example, a shipping company would likely have a very high PP&E since most of its assets would be in the fleet of ships it
owns. A consulting company would likely have a small number in this line item.
7 The book value of a company is basically the value of its assets minus its liabilities.
175
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
acquisition was worth. This typically happens Although usually issued regularly like the income
in distressed sales or a sale in which the statement, the statement of cash flows shows
assets of the company being acquired are actual cash items only, while the income state-
very illiquid. ment (P&L) shows non-cash items such as depre-
• Other Liabilities. This is another catchall ciation. These are typically produced quarterly by
category that covers liabilities that are not most companies depending on the requirements
covered in another line item. of the jurisdiction’s regulator.
Balance sheets in particular, are very indus- A statement of cash flows is a critical piece of
try-specific. While all will have the general line information to review to truly determine the
items found here, there will be industry variances. health of the company and to note any irreg-
ularities. There are many ways to manipulate
There are many ways a balance sheet can be an income statement to appear very liquid or
manipulated. One example is the early recogni- profitable, yet the company’s cash position is
tion of assets. Assets with long-term contingen- extremely poor.
cies, or that cannot be billed in the near future,
can be recognized early. These assets could be An example would be if a company wins a large
placed in the “accounts receivable” account in contract with a very big customer. On the income
order to push up revenue for a given period. statement, it would be recognized as revenue, but
they might not get paid for the contract for quite
This is inaccurate because the sale of a long- some time. A more accurate look into a company’s
term asset beyond a year would be inappropri- liquidity should include a review of their State-
ately classified if put in the accounts receivable ment of Cash Flows.
account. Consequently, unusually large accounts
receivable on a balance sheet for a given period
should rouse the interest of a financial crime
OTHER TYPES OF
investigator. FINANCIAL RECORDS
In addition to the usual statements that most
This is only one example. There are many oth- companies are required to prepare, there are
ers, such as moving assets from PP&E to current myriad other documents retained that might lead
assets if they are intended to be sold within a to solving or discovering a financial crime.
year even though the sale may never happen or
the valuation may be inflated and not reflective of TRANSACTION RECORDS
the likely sale price. You need to review balance Transaction records kept by financial institutions
sheets with a critical eye to discern discrepancies. can produce invaluable information. Transac-
tion records, such as those that follow, are just
the beginning of what one can find in a commer-
STATEMENT OF CASH FLOWS
cial bank or credit union, otherwise known as a
The statement of cash flows presents the use depository institution:
of cash and cash generated in a defined period
of time (fiscal year ending, quarter ending, etc.). • Deposit tickets
It will be broken into three categories: opera- • Deposited items (checks and other monetary
tion activities, investing activities and financ- instruments)
ing activities.
• Checks drawn
• Debit memos
176
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
Balance Sheet
Universal Widget
Year End Statement 2012 Stated in 000s
177
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
178
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
179
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
One should check the policy for disposal of obso- invoices are also critical evidence in customs
lete or spoiled inventory. Look for patterns of duties, tax evasion and alternative remittance
either writing off inventory for year-end “earn- systems investigations.
ings management” or suspicious writing off that
is actually theft of the inventory by an employee. Following are some of the red flags for the finan-
cial crime specialist in analyzing commercial
COMMERCIAL INVOICES invoice data:
A commercial invoice may be just a simple bill pre- • Discrepancies in the description of goods
sented in a commercial transaction. More often, it shipped between the commercial invoice and
refers to a document used in international trade. other documentation
It typically will contain the information neces-
sary for presentation of shipping declarations • Large price differences between the declared
to a customs authority of a particular country. value of the goods and the WCO standard
Although there is no standard format for a com- values for similar goods
mercial invoice, the World Customs Organization • Atypical financing for the goods
(WCO) sets standards for the information needed • Illogical shipping routes and stops for the
on the form in an effort to create transparency goods on their way to their final destination
of information between countries. Some of the
information contained in a commercial invoice • Inconsistent size of the declared amount and/
includes the following: or size of the declared trade goods with the
shipping container or the weight
• The parties involved in the • Counterfeit, false documentation
shipping transaction
• False sets of books
• The goods being transported
• The country of manufacture, and codes Some of the money laundering methodologies
for those goods associated with commercial invoices and trade-
based money laundering includes under and over
A commercial invoice must also include a state- invoicing; misrepresentation of quantity, quality,
ment certifying that the invoice is true, and a product, or cost; recycling products; and non-ex-
signature. Due to the amount of information typ- istent or false products.
ically required by customs authorities, the com-
mercial invoice can provide valuable information Investigative strategies for commercial invoice
to the financial crime specialist. Caution should manipulation include the following:
always be taken to notice not just the informa-
tion that is on the form, but also what information • Bank account analysis for unusual deposit
appears to be missing. activity associated with the payment
for trade goods
Although estimates vary widely, the consensus • Analysis of Financial Intelligence Unit (FIU)
is that international trade is one of the biggest reporting of large currency transactions and
vehicles used by transnational criminal and ter- suspicious activity
rorist organizations for financing and laundering • Analysis of shippers’ import and export
the proceeds of their illicit activities. Therefore, declarations against inventory amount and
when investigating these types of criminal activ- valuation data
ity, the commercial invoice is a vital piece of evi-
dence needed for analyzing the financial activi-
ties of subjects of the investigation. Commercial
180
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
• Spot inspection of import or export trade market price, rather than their historical
goods for quality and quantity comparisons costs. Although an entirely legitimate
to the commercial invoice practice if done correctly, it can also be used
to commit fraud, particularly in situations
Sources of information available to the finan- where it is difficult to determine an accurate
cial crime specialist in investigations involving market price for assets.
commercial invoicing include freight forwarders, • Inappropriate inventory write-off. This is the
insurance companies, transport companies, cus- moving, spoiling or destroying of inventory
toms services and shipping companies. to change year-end reporting or to hide
employee theft.
RECONCILIATIONS ON
INTERCOMPANY ACCOUNTS CANCELLED CHECKS
Intercompany transactions can be material, Cancelled checks have always provided one of
such as a transfer of inventory or allocation of the most fruitful caches of leads for the financial
R&D costs between units. However, if the com- crime investigator because one document may
pany does not correctly reconcile these transac- provide the complete picture of a financial trans-
tions with a policy to investigate discrepancies, action, including date to amount, the recipient of
it could result in an overall company material the funds, the payer of the funds, the method and
misstatement. location of negotiation, and the final disposition of
the funds. This has changed to some extent in the
This may be in error or intentional, but will start US with the advent of laws allowing digital copies
with an investigation on how transfers of inven- of checks, which eliminates the need to retain the
tory are initiated, received and reconciled. physical copy. Other countries now have similar
laws in place, so the financial crime investiga-
There are many ways to overstate income or assets: tor should be well-versed in his or her country’s
• Bill and hold transactions. These overstate rules regarding cancelled check retention.
revenue when a company invoices the
customer and records the sale as recognized Copies of cancelled checks are still maintained
even though the asset remains in the seller’s by banks in accordance with regulatory require-
physical possession until a later date. A sign ments of the countries in which they are located.
of fraud would be the seller counting both Paper copies of cancelled checks may not be
the “inventory not yet shipped” as “inventory available to customers of the banks and, thus, not
on hand,” as well as recognizing the revenue available for subpoena or search warrant. How-
from the sale. ever, the electronic age has brought new formats
and record retention, which when understood
• Late recognition of returns. This could be may provide better and quicker access to the
another form of “earnings management” or financial information associated with the tradi-
a sign of theft and fraud. If returns are not tional cancelled check. Since all of the data is now
recognized at all (for example the inventory captured electronically, it can be searched and
count does not change to the return), this retrieved with greater accuracy and quickness.
could be a fraud at point of sale/point of
return. This can be incredibly hard to detect, The following outline identifies some lines of
especially if there is collusion. inquiry the financial crime specialist should fol-
• Mark-to-market accounting. This is an low when dealing with cancelled checks:
accounting practice that refers to recording A. Business or personal check
assets or liabilities based on their current
181
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
• May identify an unknown bank account assets, including real estate and personal prop-
» Who owns or opened the account? erty, securities accounts, insurance policies, cars,
boats and many other things. Sources of income,
» What is the source of funds going into including salary, interest, dividends, rents, pur-
the account? chase and sale of assets, may also be identified.
» What other account activity is connected The tax return lists banks and broker- dealers
to the subject or identified associates or that paid dividends or interest. Comparing tax
co-conspirators? return items from one year to the next, such as
• May identify a nominee, front or shell property taxes and interest expense, can tell a lot
company, or associate the subject is using to about assets, incomes and sources of funding.
conceal illicit proceeds
OBTAINING TAX RETURNS
• May identify a business or individual who is
conspiratorially linked to the subject The value of tax returns is offset somewhat by
the difficulty in obtaining them. In the majority of
B. Cashier’s or bank check jurisdictions, tax information is guarded by strict
secrecy laws. In a private sector financial crime
• On what bank is the cashier’s check drawn? case, a tax return can be very hard to obtain
• Was it drawn against an account? unless the target furnishes it.
» If not, how was it paid for? In the public sector, one must follow the proce-
» What was the form of payment? dures of the appropriate tax authority. Individual
• Who purchased the cashier’s check? and business tax returns should be obtained, if
possible. They may reveal a trove of otherwise
• Was a large currency or suspicious activity unavailable information. Sometimes, tax returns
report filed by the bank in connection with aid in unearthing hidden assets or income, such
the purchase of the cashier’s check, if such a as hidden business ventures acquired with finan-
report was required? cial crime proceeds. Review interest or dividends
from hidden investments or capital gains on the
C. Money orders and travelers checks sale of hidden assets or income from the criminal
• Where were they purchased? activity that may be listed as “consulting fees or
commissions.”
• By whom were they purchased?
• What was the form of payment? You should not ignore the tax lawyer, accountant
or preparer who may be inclined to cooperate
It is a good practice when dealing with bank because of their potential liability under the tax
checks and monetary instruments not drawn on laws. Usually, they will not cooperate unless their
an account to request the consecutively num- client authorizes them to do so or unless they
bered bank checks and monetary instruments appear under compulsory legal process, such as
immediately preceding and following the identi- a grant of immunity.
fied monetary instrument, in case the subject or
co-conspirator purchased more than one. Other ways to obtain tax returns include
the following:
182
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
liability to their client if they release the tax When dealing with electronic information, han-
return without permission or compulsion dling for integrity and documenting a chain of
• Subpoena the taxpayer or target custody are equally important. Just as original
documents need to be protected, controls need
• Asking business partners for copies of the to be established to prevent the overwriting of
corporate or partnership tax return, if they electronic information. Investigators should be
also signed the return careful not to unintentionally alter metadata that
• Subpoena the mortgage company, bank could be useful, such as the name of the user who
or closing agent, or mortgage broker, who last edited a file, for example, or the date a file
may have copies of the tax return provided was last accessed.
by the subject
• Subpoena municipal and state tax authorities To maximize the likelihood that electronic
for copies of tax returns filed by the subjects records can be entered into evidence, investi-
in their jurisdiction gators will generally need a clear and thorough
understanding of how the data were obtained
and who was involved in gathering, storing and
PROTECTING THE EVIDENCE transmitting it. For some investigations, includ-
ing those involving multiple countries or jurisdic-
At the beginning of an investigation, one does
tions, this can be challenging.
not have a clear picture of which financial doc-
uments will be relevant and which will not. Thus,
Professionals should determine if they need
all financial documents should be handled as if
parties with technical skills to ensure data are
they will be material evidence in a future legal
captured correctly at the outset and preserved
proceeding or action. A proper chain of custody
throughout the process of investigation. If the
must be followed.
source, origin and chain of custody of data are
not clear, the ability to enter that data into evi-
Chain of custody procedures include a docu-
dence may be compromised.
mented chronology of the handling of the doc-
ument or physical evidence. Important chain of
For example, let’s say an investigator involved in
custody documentation may include the following:
an anti-corruption probe has requested payment
• Where the item was initially located records from an affiliate of a multinational cor-
poration. The affiliate is in another country. The
• Who collected it
investigator receives the records on a hard drive,
• Where it was filed but there is no accompanying documentation
• Documentation of each person explaining how the data was originally obtained,
who handled it which employees were involved in handling it,
and the process they followed. This lack of clarity
Whenever possible, original documents should will greatly reduce the chances that the payment
be obtained, or it should be noted why the orig- records could be used in a legal case.
inals were unavailable. This makes it extremely
important to protect and control the document.
Detailed and accurate chain of custody records
will help if evidence is ever altered or damaged –
either accidentally or intentionally.
183
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10
MONEY
AND
COMMODITIES
FLOW
OVERVIEW
184
CHAPTER 10 • MONEY AND COMMODITIES FLOW
In the execution, cover-up, laundering and ulti- parts of the world like the Middle East and Africa,
mate use and enjoyment of financial crime pro- which moves billions of dollars in paperless form
ceeds, the money or commodity that is involved often without leaving trails.
typically must be transferred through multiple
accounts, vehicles and entities. This “flow” of
money or commodities linked to financial crime FREQUENTLY USED VEHICLES
is executed and directed by the financial criminal TO MOVE MONEY
and his collaborators and co- conspirators. The We first examine the tools that financial criminals
collaborators and co-conspirators could include use most often. Some methods to move money
a banker or corporate official, who knowingly and other assets include the following:
or unknowingly is an accomplice in the criminal
operation. The word “commodities,” as used here, • Checks
refers to value or goods obtained through ille- • Wire transfers
gal activity.
• Electronic transfers
Without the successful movement or flow of the • Correspondent banking
criminal proceeds and their ultimate use, the • Private banking
financial criminal cannot succeed. His goal is to
take from, or deprive, someone or something, • Informal systems for the movement of assets
such as an institution or government agency, of • International trade, including trade finance
money or other assets. The vital step in the pro- • Currency
cess is to move the proceeds of his crime for his
own purpose and enjoyment. • Securities and financial products and
instruments, such as futures, bonds,
This chapter will discuss some of the major meth- derivatives and insurance policies.
ods that are employed in the movement of money
and other financial assets. This will include red Two of the old but popular informal methods to
flags that financial crime specialists should look move funds include Hawala and the so-called
for in their work of examining money flows. Black Market Peso Exchange, which are covered
later in this chapter.
The number of money movement mechanisms
is limited only by the creativity and ingenuity of Among the emerging technologies that serve to
the financial criminal. Wire and electronic funds move money and create new challenges for finan-
transfer facilities, currency, international trade, cial crime specialists are the following:
Hawala, and mobile money and other vehicles • Virtual currencies and online
spawned by new technologies are just a few of money exchanges
the avenues available to move money and value
at various phases of the financial crime process. • Pre-paid cards
• Mobile payments
As new routes are opened by technology, the
old ones do not go away. They remain, leav- USE OF MULES AND OTHER THIRD PARTIES
ing financial crime specialists with a constantly Money mules are persons who move criminal
growing list of routes through which money can proceeds for the purpose of disguising the iden-
move. Thus, the new technological vehicles stand tity of the beneficiary or source. Sometimes they
alongside ancient ones, such as Hawala, a centu- are willing participants who know they are mov-
ries-old method of money movement popular in ing criminal proceeds, and other times they are
185
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
unwitting participants who have been recruited • Note any large checks or transfers that do
through the Internet or e-mail scams. The typical not fit the normal pattern of the general use
scheme involves placing a large deposit into the of the account.
account of the “mule,” who then moves the money • Canceled checks often have notes and
to another account or person, retaining a fee for numbers written on the back by bank
his service. employees, indicating such things as the
purchase of a cashier’s check or use of the
funds for a wire transfer. The financial crime
CHECKS AND BANK STATEMENTS specialist should make notes of all these
Virtually everyone is familiar with a check, the markings, including the names of the bank
paper document that orders the payment of employees, and start an inventory of all
money from the account of the writer, known as accounts to which transfers are made, the
the drawer, at a bank or other financial institution names of any reference to individuals and
to the account of the receiver. The use of paper other information.
checks and other documents as the primary
means of making payments in the financial sys-
tem has fallen significantly in recent years. Also,
most financial institutions no longer have an obli- CORRESPONDENT
gation to return canceled checks, thus reducing, BANK ACCOUNTS
or making more difficult, the amount of informa-
tion that can be gathered unless the information A basic domestic bank typically only offers
is subpoenaed in an electronic format. In addition local services to customers, including depos-
to examining the paper or electronic version of its and loans. If those customers travel out-
a check, the examination of a bank statement, side of the bank’s operating region, accept
which may or may not include digital copies of international deposits or engage in other
checks, can be very useful in mapping the flow of activities outside the bank’s coverage area,
money or other assets. the bank either needs to open a new branch
or make arrangements with a correspondent
When a financial crime specialist has the oppor- bank. Opening new branches may not always
tunity to review checks and bank statements, it is be feasible or desirable, so a correspondent
wise to be guided by these procedures: bank account provides a convenient solution.
186
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
187
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
188
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
189
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
A simple example would be: • To move money from one country to another,
Assume Person A wishes to move money from the parties may overstate the price of
Country X to Person B in Country Y. Person B imported goods or understate the price of
buys 10,000 widgets in Country Y and exports exported goods.
them to Person A in Country X with an invoice
for $100 per widget, although he only paid $10 These international trade operations require the
per widget. Person A or B goes to a bank to two parties working in league with each other. By
obtain trade financing to finance the exporta- doing so, they can achieve their goals in moving
tion or importation of 10,000 widgets at $100 different amounts of money at any time. To facil-
apiece. The financing is achieved, and Person A itate the commission of crimes, such as terror-
pays Person B the $1 million that is invoiced. By ism, trade-based money laundering may be used
this transaction, he is able to move an excess to send money to terrorists in the jurisdiction
of $900,000 disguised in an international where they are operating.
trade procedure.
More than 35 million containers of goods arrive in
By using international trade and the manipula- or leave the US every year, and major industrial-
tion of the prices that pertain to the products ized nations, as well as rapidly developing nations
being shipped, persons may move money in either such as China and Brazil, have even higher totals.
direction disguised as the cost of the products The sheer magnitude of this commerce makes it
being imported or exported. This works both very difficult to detect the movement of money
ways, as follows: linked to financial crime in wider international
trade. It is like finding a lone needle in a hay-
• To move money into one country from stack of needles.
another, the parties may understate the price
of imported goods or overstate the price of Sophisticated data mining may serve to detect
exported goods. and identify some international trade trans-
actions that are linked to financial crime and
money laundering.
190
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
191
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
IVTS businesses pre-date traditional banks. Ini- is a system by which illicit proceeds are laundered
tially, they offered barter systems to resolve through a combination of exchange of currencies
accounts and to foster trade. But the systems and international trade in goods.
have survived and today are used to send money
worldwide. Common types of IVTS include Hawala A BMPE, despite the name, does not have to
networks and the Black Market Peso Exchange. involve pesos, although the scheme originated in
Colombia and is still prevalent there. Traditionally,
BLACK MARKET PESO EXCHANGE laundering through BMPE begins with the pro-
The Black Market Peso Exchange (BMPE) method ceeds of narcotics sold in the US. These funds are
is an elaborate means of moving money and laun- in US dollars. Narcotics traffickers then contract
dering criminal proceeds. In broad terms, BMPE with money exchangers, referred to as “cambis-
tas” or peso brokers, to purchase the dollars at
An Illustration of a Colombian Black Market Peso Exchange Ring, Broken Up in 2005 by US Law Enforcement as
Part of an Initiative Called Operation Mallorca. Source: US Drug Enforcement Administration
192
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
a reduced rate. The cambista holds accounts in A basic example of a Hawala transaction would be
financial institutions in both the US and Colombia. a customer from country X seeking to send money
or satisfy an obligation to another from country Y.
The cambista then swaps the US dollars for pesos A hawaladar from country X would then receive
with import/export businesses in Colombia and funds from country X and provide the customer
other Latin American countries. These businesses from country X with an authentication code. A
need US dollars to purchase and import goods corresponding hawaladar from country Y would
from the US, which range from tobacco products be instructed to deliver funds in the currency of
to home appliances. Many businesses involved in country Y to a specified beneficiary, who needs to
the BMPE are completely legitimate, while others disclose the authentication code to receive funds.
illegally smuggle goods from the US to avoid cus-
toms duties. In either case, businesses typically Another example of how Hawala works is found
receive US dollars at a significantly lower rate in a report titled, The Hawala Alternative Remit-
than the official exchange rate. tance System and Its Role in Money Laundering,
by the Financial Crimes Enforcement Network,
Cambistas then pay off narcotics rings in Colom- FinCEN, a bureau of the US Department of the
bia with the pesos they receive from these busi- Treasury and Interpol.
nesses, completing the BMPE cycle. As cambistas
receive substantial commissions and fees from Note the trust that is inherent in the example that
the exchanges, and businesses receive a favorable follows. Tariq gave his money to Yasmeen and
exchange rate, the BMPE can be quite profitable received no receipt. He trusts that the Rs 180,000
for all parties involved. That is one of the reasons will reach his brother, Waleed. Yasmeen keeps
the scheme has been so successful in past years. track of how much money she owes Ghulam and
Greater awareness of BMPE has led many US Ghulam, of course, will keep track of what Yas-
financial institutions to restrict or cut off busi- meen owes him. The relationship between Yas-
ness with suspect Colombian and other South meen and Ghulam could be one of several types:
American peso brokers, lessening the impact of 1. They could be business partners or
BMPE in recent years. Nevertheless, the financial individuals who do business together on a
crime specialist should remain aware of it, espe- regular basis. It could be in addition to other
cially if they are pursuing a case or assignment in business they engage in, such as CD or video
a jurisdiction where use of BMPE is common. import or a tour agency
193
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
This will allow Tariq to send Waleed Rs154,225. • A fee of 1 rupee for each dollar transferred
Delivery would be extra—an overnight courier • 37 rupees for a dollar
service because surface mail is not always reli- • Delivery is included
able, especially if it contains something valu-
able, and can cost as much as $40 to Pakistan— Under these terms, Tariq can send Waleed
and take up to a week to arrive. Tariq believes Rs180,000. He decides to do business
he can get a better deal through Hawala, and with Yasmeen.
talks to Iqbal, a fellow taxi driver who is also a
part-time hawaladar. The Hawala transaction proceeds as follows:
Iqbal offers Tariq the following terms: • Tariq gives the $5,000 to Yasmeen.
194
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
paper trail or actual transfer of funds between USING SECURITIES, FUTURES AND
institutions, cultural factors such as kinship and DERIVATIVES TO MOVE MONEY
ethnicity play a vital role in the facilitation of the Trade in securities represents a multi-trillion dol-
transactions. lar sector of the global economy, with millions of
stocks, bonds, derivatives, futures, credit swaps
REASONS FOR USING HAWALA and other financial instruments being sold and
Hawala may seem like a lot of trouble in today’s purchased on dozens of exchanges worldwide.
world, when money can be moved rapidly through The actors involved in securities trading include
the traditional banking system or through elec- most of the world’s largest banks, major interna-
tronic means. However, Hawala offers many tional investment firms and government entities
advantages, according to these points gleaned such as sovereign wealth funds. They also include
from the above-mentioned study by FinCEN an array of smaller brokerage firms, sole propri-
and Interpol: etorship broker-dealers and individual traders.
Together with banking, the securities industry
• Cost effectiveness is one of the key ways that persons worldwide
• Efficiency access the global financial system.
• Reliability
Monitoring securities trading presents a distinct
• Lack of bureaucracy challenge, as it can not only be used to launder
• No paper trail
• Allows evasion of taxes
COMMON INDICATORS OF
COMMODITIES TRADING SUSPICIOUS ACTIVITY
TO MOVE MONEY Some of the most common indicators
of suspicious activity in the securities
One emerging method of moving funds is com-
industry are:
modities purchases and trades. In these situa-
tions, a financial criminal will purchase a type of • Changing share ownership when
commodity and export it to a “beneficiary.” Pur- making a transfer across borders
chase orders, invoices and other records lend an
• Liquidating what would usually be
air of legitimacy to the transaction.
a long-term investment within a
short period
Once the commodity is received in the destina-
tion country, it is sold locally, which accomplishes • Using a brokerage account similar to a
the task of exchanging one currency for another. depository account
Sometimes, a third country is utilized to further • Opening multiple accounts or
obscure the transaction. nominee accounts
• Engaging in transactions involving
nominees or third parties
195
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
and move the proceeds of criminal activity, but A similar type of security is a “bill of exchange” in
also be manipulated to earn illicit proceeds. As a jurisdiction where it is redeemable upon pre-
insider trading and other forms of securities sentation. Similar to the bearer bond, a bill of
fraud are addressed in the Understanding and exchange may be viewed as having a high level of
Preventing Fraud chapter, this chapter focuses on risk of being used in a financial crime scenario or
using securities as a mechanism for transferring to launder criminal proceeds.
dirty money. The financial crime specialist should
note that securities fraud and laundering through SECURITIES TRADING AS LAYERING
securities are often closely interconnected. Purchasing most securities on exchanges or mar-
kets almost always requires an account of some
The laws governing securities trading vary con- kind held with a securities broker, which is typ-
siderably from jurisdiction to jurisdiction, as do ically funded by another account at a financial
the regulatory and enforcement frameworks institution. As a result, securities trading is not
around securities markets. Many of the larger often the first stage in laundering dirty money.
global exchanges, such as the London or New York However, because securities trades can be exe-
Stock Exchanges, are closely watched by a num- cuted in high values and large volumes, they do
ber of market regulators and oversight bodies. represent a potential avenue for layering illicit
Other exchanges receive considerably less scru- proceeds, by quickly creating a chain of transac-
tiny. In a 2010 typology report, the FATF found tions to obscure the source of the funds.
that, generally, suspicious activity reporting by
the securities industry worldwide remained low, One example of this is wash trading of stocks, or
potentially due to a lack of awareness of AML and simultaneously buying and selling shares of stock
terrorist financing issues in the securities field. in the same company through two different bro-
kers. Although this is usually done as a form of
The term “securities” refers to different types market manipulation in order to make it appear
of financial instruments issued by companies as if there is a high level of trading activity around
and government entities. A complete explana- a certain stock, it can also be done simply to pile
tion of the instruments that qualify as securities up transactions and layer funds.
is beyond the scope of this manual, especially as
types of securities continuously grow and evolve. Another sign that securities trading may be lay-
Further reading is advised for the financial crime ering is if a broker is directed to make many rapid
specialist involved in cases involving securities. purchases of a security with no discernible pat-
tern, purpose or underlying market rationale,
BEARER SECURITIES and then sell these securities after holding them
Although most securities are not now maintained only briefly.
in paper form, “bearer” securities, including
bearer bonds, still exist in certain jurisdictions. DERIVATIVES
These instruments are owned by the person who Derivatives come in three forms: futures, options
“bears,” or possesses them. Once a bearer instru- and swaps. Using derivatives to move money
ment has been issued, the holder can transfer it derived from financial crime requires at least a
to another recipient without the need to record cursory understanding of how derivatives work.
the transaction. Bearer securities can be depos-
ited into a brokerage account and then be used Derivatives are essentially a bet on which direc-
to make other trades or to withdraw or wire the tion the price will move for some underlying
entire funds. value, which can be a commodity, a share of stock,
a financial asset, foreign exchange or an index
196
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
WASH TRADING
Futures: A financial contract obligating The most common technique used in deriva-
the buyer to purchase an asset (or the tives trading to obscure illicit funds is known as
seller to sell an asset), such as a physical wash trading. The financial criminal establishes
commodity or a financial instrument, at two accounts. One account, the “dirty money”
a predetermined future date and price. account, is held by a seemingly unrelated party.
The second account is held by the party that
Options: Financial derivative that repre- should “receive” the payment, such as a politi-
sents a contract sold by one party (option cian who may be receiving a bribe. This scheme,
writer) to another party (option holder). of course, requires the assistance of a com-
The contract offers the buyer the right, plicit broker.
but not the obligation, to buy (call) or sell
(put) a security or other financial asset at The financial criminal and the broker agree to set
an agreed-upon price (the strike price) up two positions that offset each other. When the
during a certain period of time or on a positions come due, the loss is assigned to the
specific date (exercise date). dirty money account and the gain to the clean
money account. The difference in the two is the
Swaps: Traditionally, the exchange cost of laundering the money.
of one security for another to change
the maturity (bonds), quality of issues OTHER DERIVATIVE TRADING RISKS
(stocks or bonds) or because invest- Derivatives can be used in a multitude of other
ment objectives have changed. Recently, combinations to create the illusion of legitimacy
swaps have grown to include currency while, at the same time, moving money across
swaps and interest rate swaps. borders to further a financial crime, launder
criminal proceeds or finance terrorism. Taking
offsetting positions that result in double com-
of these. The party betting that the price will go missions for the complicit broker, options trad-
down is said to be “short” on the contract. The ing with offshore companies, client- originated
party betting that the price of the underlying insider trading, swaps in the commodities mar-
value will go up is said to be “long” on the contract. ket and auto-trading are some of the schemes or
If the price of the underlying value moves, there factors that have been noted in recent years as
will be a winner and a loser in connection with vehicles for moving money.
the contract. If the price goes up, the long side
wins. If the price goes down, the short side wins. The real complexity of a derivative lies in the
underlying contract, which is also often complex.
The key to money laundering with derivatives is The FATF has said in a report: “The way in which
to manipulate the two sides of the contract in derivatives are traded and the number of opera-
such a way that the losing side is associated with tors in the market ensure that there is the poten-
the dirty money, and to ensure that both sides tial to obscuring the connection between each
are participants in the money laundering scheme. new participant and the original trade.”
Thus, the winning side gets clean money from suc-
cessful contracts, a legitimate source of income.
197
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
198
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
199
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
card, and restricting or not allowing the card to EMERGING PAYMENT METHODS AND THEIR
be reloaded, limits the ability to store and move FINANCIAL CRIME RISKS
large amounts of value. Again, these thresholds In Kenya, a trader in precious metals buys and
and load monitoring systems should be tailored sells gold using funds stored on his cell phone.
to the intended use of the card and the type of In Germany, a customer buys electronic goods
customer. If reloads are allowed, prepaid issu- over the internet with Bitcoins. In the US, a user
ers typically should limit the amount that can be of Second Life uploads funds into an in-game
loaded onto the card in a given timeframe. account in order to purchase virtual items.
Be able to identify the source and location of All of these scenarios are examples of emerging
loads and reloads. Prepaid providers should technologies to move and transmit funds called
monitor the geographic location and flag or “new payment methods” by the Financial Action
potentially block cards loaded or reloaded from Task Force. Online communication tools, social
unexpected and high-risk jurisdictions. They and gaming networks, and mobile devices such as
should also have mechanisms in place to know smart phones and tablets, are opening up more
the source of reloads, whether that is cash, credit avenues for storing and transferring value than
card, wire transfer or money order. ever before. Many of these payment methods
are either so new as to be entirely unregulated,
Monitor the number and type of cards issued to or intentionally designed in such a way that they
any given customer. A customer holding dozens can be used anonymously. As such, the attraction
or hundreds of prepaid cards without any compel- for financial criminals is obvious, especially as the
ling business reason would obviously raise major web-based nature of many of these tools makes it
red flags. Issuers should track the cards it issues possible to move funds internationally with only
to customers and place limits as appropriate. a computer and a little creativity.
Conduct due diligence to understand all parties It is difficult to judge the financial crime risks of
involved in the issuance of cards in a prepaid pro- these new payment methods, as most have only
gram. Prepaid cards are typically issued by banks, been in existence a handful of years. Despite the
many of which are smaller regional institutions. attention they have received from some compli-
These banks often outsource the actual opera- ance professionals and law enforcement agencies,
tions and maintenance of their card programs to there are very few well-documented cases of the
third parties, including the compliance function. proceeds of financial crime moving through ven-
Whether the financial crime specialist is advising ues like mobile payments and virtual currencies.
a prepaid issuer or investigating a case involving With that said, it is still important for the finan-
prepaid cards, they should understand who ulti- cial crime specialist to understand these meth-
mately controls cardholder information, and who ods and recognize their potential vulnerabilities.
is responsible for supervising compliance. As they continue to grow in use and amount of
value being transferred, it is almost inevitable
Prepaid card issuers must also be alert to the that they will be exploited by financial criminals
responsibility of suspicious activity reporting in some capacity.
requirements. Some jurisdictions require suspi-
cious activity reports to be filed with the perti- MOBILE PAYMENTS
nent authorities on prepaid activity, similar to the
requirements on other financial transactions. It is estimated that in 2012, roughly 1.5 billion
people had direct access to a financial institution,
yet there were more than five billion cell phones.
With phones and other mobile technology prolif-
200
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
erating, the potential to transfer, send or receive One risk of such a system is “digital value smurf-
funds through mobile devices, or “mobile pay- ing,” which simply means using multiple money
ments,” represents a rapidly growing new finan- mules or “smurfs” to make small cash depos-
cial service. its of financial crime proceeds into their mobile
accounts. Once the money is in the mobile pay-
Currently, mobile payment systems are most ment system, the smurfs can then transfer the
common in developing countries like the Philip- virtual value into an account controlled by a laun-
pines, Ghana and especially Kenya, where access derer or other financial criminal.
to banks or other traditional financial services is
often limited. Depending on the size and sophis- Such a scheme has none of the typical difficulties
tication of the system, mobile payments can associated with bulk cash smuggling. Because
be used to deposit and withdraw funds from many mobile payment networks are relatively
accounts, transfer funds between phones, and unregulated, it could also evade currency and
buy goods and services. Some employers will transaction reporting requirements placed on
even pay their employees directly to their phones. more traditional financial institutions.
Mobile payments have also become a popular
means for emigrants to remit payments back to In addition, mobile payment systems may make it
their home countries. easier for launderers and other financial criminals
to erase their tracks, as they usually leave behind
Perhaps the best example of a mobile payment fewer records than more established financial
system in action is Kenya’s M-PESA. Launched in transactions. Law enforcement would be left with
2007, M-PESA relies on a network of more than little physical evidence that a financial crime took
100,000 small businesses, who register as agents place, and if the mobile payments are transferred
with the mobile payment system. An M-PESA user across borders, they may lack jurisdiction to pur-
can then bring cash to these agents, who will sue the financial criminal.
then exchange it for virtual value credited to a
user’s M-PESA account. Users can then exchange VALUE TRANSFER THROUGH
this value with other M-PESA users, buy items VIRTUAL WORLDS
at some stores and restaurants, or withdraw the As online role-playing games became increas-
value as cash at another agent. As of late 2012, ingly popular worldwide, some began incorporat-
more than $1 billion was transferred through ing the ability to convert real-world currency into
M-PESA each month. virtual value that could be used to purchase items
in the game. As these games continued to develop,
some of the larger and more sophisticated ones
spawned virtual economies where items, services
and even virtual real estate could be bought and
sold. Critically, some even developed means to
convert virtual value back into real-world funds
or other assets.
201
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
accounts in virtual worlds and exchange real- Less than two years later, Nakamoto ceased pub-
world money for virtual value, then transfer that lic communications and effectively disappeared.
value to an organized crime group by purchasing Whether he is a real person, a pseudonym used
items in the game world. Additionally, some vir- by someone else, or a group of individuals is still
tual worlds require little information from users not clear. But in the years since, the Bitcoin sys-
to open accounts, allowing financial criminals tem has grown dramatically, launching a new era
to enter these online communities and conduct of digital currencies.
transactions with relative anonymity.
Digital currencies existed prior to Bitcoin, some
One of the oldest and most robust virtual worlds dating back to the 1990s, and the name can refer
for the exchange of real and virtual value is Sec- to a wide variety of electronic money and value
ond Life. An online community of roughly one transfer systems. Some of the earliest digital cur-
million users worldwide, it allows users to cre- rencies were systems that allowed users to open
ate characters, design virtual items and cre- and fund accounts tied to the price of gold or
ate in-game buildings and structures. All these other precious metals, and conduct transactions
items and this real estate can be bought and with other users. More recently, “decentralized”
sold, using an in-game currency called “Linden digital currencies based on mathematical sys-
Dollars,” named after the company that created tems, like Bitcoin, have risen to prominence.
Second Life. Linden Dollars can be purchased
with real-world currency, and traded back into Since their beginning, digital currencies have
real-world currency through the company’s cur- attracted vocal supporters who claim they are
rency exchange. In 2012, roughly $119 million was the future of money and payments, and equally
traded on Linden’s currency exchange. Virtual vocal critics who argue they mostly exist for illicit
worlds have almost no oversight from any regu- transactions. To date, both sides seem partially
latory body. As a 2012 report on currency trading right. Some digital currencies are innovative and
in virtual worlds from the European Central Bank have potentially far-reaching applications. But
stated: “Every criminal act which takes place like any system that can be used to store and
in the real world might also be reproduced and transfer value, they are also vulnerable to use by
adapted to Second Life and probably also to other money launderers, cybercriminals and terror-
virtual communities. But the likelihood is even ist financiers.
stronger as a result of the lack of proper regula-
tion and oversight and owing to the high degree The FATF uses the terms “virtual currency” and
of anonymity that exists in these online worlds.” “digital currency” interchangeably. It defines
these currencies as “a digital representation of
value that can be digitally traded and functions
DIGITAL CURRENCIES as a medium of exchange, a unit of account, and/
In October 2008, someone going by the name or a store of value.
of Satoshi Nakamoto published a paper, which
detailed the development of a peer-to-peer elec- The FATF notes that digital currencies are not
tronic cash system, to a mailing list for program- issued or backed by any country or jurisdiction
mers and cryptography researchers. – they hold value only due to their acceptance by
a user community. Digital currencies are sepa-
A few months later, Nakamoto released the source rate and distinct from “fiat” currencies, the real-
code for the project outlined in the paper, and world money issued by national governments.
became the first person to hold currency gener- Some digital currencies, in fact, were originally
ated by this new system: Bitcoin. intended by their creators as replacements for
202
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
fiat currencies. In broad terms, digital currencies By their nature, centralized systems are more eas-
can be divided into two types of systems. ily subjected to regulatory oversight or enforce-
ment. One person or entity administers them, in
CENTRALIZED CURRENCIES some cases running the platform off of a hand-
Centralized currencies exist on their own propri- ful of servers. If the person behind the system is
etary platform and are operated by a single com- arrested, or the servers seized, a centralized cur-
pany or person, usually referred to as the adminis- rency can essentially disappear overnight.
trator. While users hold accounts and can initiate
transactions, the administrator sets the rules of Closed-loop currencies are less at risk for money
the system and acts as an intermediary to pro- laundering than open-loop or convertible ones,
cess transactions and maintain a payment ledger. and their use in financial crime schemes is gen-
erally limited to smaller transactions by low-
Most centralized currencies are “closed-loop” or er-level criminals.
non-convertible, meaning they can only be used
for transactions on a specific platform. Some are However, savvy financial criminals have fig-
“open-loop” or convertible, meaning they can be ured out ways to exploit even seemingly obscure
exchanged for fiat currencies. Common exam- value transfer systems for their own benefit, and
ples of closed-loop systems are the currencies closed-loop digital currencies are no exception.
used to buy and sell items in online games and Secondary markets or unauthorized exchanges
virtual worlds. have developed around some non-convertible
currencies, allowing users to convert virtual
Users can transfer real-world money onto funds back into fiat currency.
accounts in these closed-loop systems and con-
duct transactions between users of the system, DECENTRALIZED CURRENCIES
but typically cannot spend or convert the cur- Decentralized currencies do not have an admin-
rency outside of the platform. istrator, and there is no single entity that controls
them. Instead, they operate on a peer-to-peer
model. The platform that maintains and admin-
isters the currency is distributed between the
users, and its rules and operations are estab-
lished by its programming.
203
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
manual. However, while they may sound com- Mining helps process transactions in Bitcoin,
plex, most cryptocurrencies are fairly simple to and maintains the currency’s open payment led-
obtain and use. ger, or “blockchain.” It is also how new Bitcoins
are released into circulation. Through its pro-
Bitcoin has become the de facto standard for gramming, Bitcoin has a cap on the total number
cryptocurrencies, although there are many oth- of Bitcoins that will be brought into circulation,
ers inspired by Bitcoin that have tried to present at 21 million.
themselves as modified or improved versions. As
of early 2018, some of the more popular crypto- Resolving the mathematical puzzles required for
currencies after Bitcoin were Ethereum, Litecoin, mining takes substantial computational power.
Zcash, Dash, Ripple and Monero. To incentivize mining, the system rewards min-
ers with a small transaction fee. When a new Bit-
The most common way that users obtain Bit- coin is periodically released into circulation, the
coins, or other cryptocurrencies, is through an miner who unlocks that Bitcoin also receives it as
exchange. These exchanges operate similarly to a reward. Mining has become significantly more
securities trading accounts, with the prices of difficult over time, due to the programming con-
currencies constantly changing. Exchanges gen- straints of Bitcoin. Some other cryptocurrencies
erally will require a users’ real name and contact also rely on mining as part of their operations,
information, and conduct customer due diligence while others use different models.
before opening an account.
Because setting up accounts on digital currency
Customers can then purchase digital curren- platforms is often a quick and easy process that
cies through bank accounts or credit or debit can be done online, these systems lend them-
cards. Some exchanges also provide wallets or selves to “micro-laundering.” A launderer may
electronic storage for a user’s Bitcoins. Users open multiple different accounts under his con-
can also create their own wallet online. A wallet trol on a currency platform, and use them to
comes with a unique address that allows users to send many different small-value payments to
receive Bitcoins. other recipients.
Once they have obtained and stored Bitcoins, This technique takes advantage of the ability to
users can transfer payments using the recipient’s conduct rapid or instantaneous payments using
public address, purchase items from retailers who digital currencies. W the amounts transmitted in
accept Bitcoin, buy gift cards, or even exchange each payment may be very small, a criminal can
Bitcoins for other digital currencies. There were move large sums quickly by conducting hundreds
nearly 100,000 retailers that accepted Bitcoin as or even thousands of low-level transactions.
of mid-2017.
CRYPTOCURRENCY AND MONEY
There are several other ways to obtain Bitcoins LAUNDERING RISKS
and other digital currencies besides purchasing Why would a money launderer, fraudster or other
them from an exchange, including through “min- financial criminal decide to use a cryptocurrency?
ing.” In simple terms, mining involves using com- After all, there are established money laundering
puting power to solve complex mathematical for- channels that are proven to be effective, and pay-
mulas, and is an integral part of how Bitcoin and ment systems like money remitters have transac-
some other cryptocurrencies operate. tion fees that are comparable or lower than many
cryptocurrency exchanges.
204
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
Furthermore, cryptocurrencies are a tradable Unlike cash, digital currency users do not need
asset. Speculation on cryptocurrency markets to physically move large volumes of currency
can lead to large fluctuations in their price, and or be in the same area to conduct transactions.
their value tends to be less stable than many real- This ability to conduct cross-border transactions,
world currencies and investments like real estate. without the use of financial institutions and the
Although their acceptance by retailers and even regulatory oversight that comes with them, is
some financial institutions is growing, the abil- another reason why financial criminals might
ity to convert cryptocurrencies into cash, or use exploit cryptocurrencies.
them to buy goods and services, is still more lim-
ited than real-world currencies. It is worth noting that there is a major caveat in
Bitcoin’s perceived anonymity. All transactions in
However, there are key features of cryptocurren- Bitcoin are stored on its public ledger, or block-
cies that may make them attractive to the crim- chain. If someone – for example, a law enforce-
inal element: ment agent – knows the addresses of the sender
or recipient, they can theoretically trace the
ANONYMITY transaction through the blockchain.
Much of the concern from law enforcement and
regulators has focused on the potential for largely In 2015, agents with the FBI and IRS Criminal
anonymous transactions using cryptocurrencies. Investigations Division were able to trace nearly
4,000 Bitcoin transactions to Silk Road, a noto-
Many exchanges will conduct customer due dil- rious online drug bazaar. This tracing was pos-
igence, monitoring and reporting on the funds sible after agents seized a laptop containing
coming into customer accounts. Once funds the personal addresses of Ross Ulbricht, Silk
move from real-world currencies into crypto- Road’s owner and operator, and analyzed these
currencies, however, they become much more addresses against the blockchain.
difficult to trace back to a real person. Once a
customer has transferred Bitcoins purchased on For this reason, Bitcoin is often referred to as
an exchange into his wallet, the transaction trail pseudo-anonymous. Even if a transaction is
is obscured from the eyes of law enforcement traced, it can be challenging to tie an address
and regulators. back to its true owner, and requires extensive
investigation.
At this point, cryptocurrency transactions act
similarly to transactions in cash. Users can trans- SPEED AND IRREVOCABILITY
fer currency to other users, buy goods or services An individual who orders a wire transfer for pay-
or store currency in an online or offline wallet ment to a recipient overseas may have to wait
with little to no reporting or audit trail. several days for the transaction to clear. During
that time, the bank will conduct due diligence
Although exchanges require a user to provide his checks on the customer and recipient, and the
real identity, wallets typically do not – many can transaction could be cancelled or reversed if it is
be opened using only an email address and alias found to be fraudulent or in violation of sanctions.
or fake name. Wallets can be held on a user’s own
device, such as a computer, phone or even USB Cryptocurrency transactions have no such lim-
drive. Addresses tied to these wallets, and used itations. Once initiated, the currency leaves one
to transact in Bitcoin and other cryptocurrencies, user’s wallet, is processed through the ledger,
can be hard to link back to an individual or entity. and enters the recipient’s wallet in a matter of
minutes or less. Transactions are usually irrevo-
205
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
cable. Like a cash payment, there is no built-in From the perspective of a criminal conducting an
mechanism to reverse a cryptocurrency payment online fraud scheme, this makes cryptocurren-
unless the recipient simply agrees to return it. cies an appealing option. Online Ponzi and pyra-
mid schemes will often ask for payment in Bitcoin
Many exchanges and service providers will or other cryptocurrencies, ensuring the fraudster
respond to user complaints, and may shut down receives his funds quickly and defrauded custom-
accounts suspected of illicit activity. But the ers have little ability to recover them. The same is
decentralized nature of cryptocurrencies means true for cybercriminals offering hacking skills or
there is no single administrator to police transac- malware, or sellers of narcotics or illegal goods,
tions or field appeals from users. who want to ensure they will be paid without
A Notice Posted on the Dark Markets Alphabay and Hansa After Both Were Seized by Dutch
Police in 2017. In Recent Years, Law Enforcement has Become More Adept at Dark Web and
Cryptocurrency-related Investigations.
206
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
having to reveal any personally identifying infor- law enforcement have found infrequent though
mation to buyers. growing use by organized crime rings, and lim-
ited cases involving terrorist financing.
INCONSISTENT REGULATION AND
ENFORCEMENT OF DIGITAL CURRENCIES In July 2017, a report by the European Commis-
sion noted that use by organized crime was “quite
In the early days of digital currencies, lawmak-
rare” at that time, and suggested that digital
ers and regulators in many jurisdictions seemed
currencies presented a higher bar for entry and
baffled by what to make of this strange new
were less convenient than other money laun-
phenomenon. Cryptocurrencies seemed espe-
dering methods.
cially confusing.
Digital currencies are widely used in markets for
Some countries ignored them, some outlawed
illegal goods and services online, however. Digital
their use entirely, and still others debated whether
currencies have become the preferred payment
they were even a financial asset that should be
method for illicit online transactions, especially
subject to regulation. That debate continues, but
on the dark web. The “dark web” describes an
some nations have adopted a framework for reg-
Internet network that exists outside of the “sur-
ulating parts of the digital currency world. The
face web,” or the online world that most people
most common approach has been to focus on
typically interact with through their browser.
regulation of digital currency administrators
The dark web can only be accessed through spe-
and exchanges.
cialized software and is not discoverable through
search engines or web indexing tools.
In the US, Canada and European Union, for exam-
ple, administrators and exchanges are considered
The largest and perhaps most well-known dark
to a form of money services business, and sub-
web is accessible through The Onion Router (Tor),
ject to the same AML regulation as other MSBs.
an online anonymity tool. Tor is free software that
This includes customer due diligence, transac-
anyone can download. It was initially developed
tion monitoring, reporting and record-keeping
to help persons in repressive countries access the
requirements. Globally, the regulatory framework
Internet and avoid government censorship.
for digital currencies remains inconsistent and
varied. Some countries still do not regulate dig-
It directs an individual’s online activity through
ital currency exchanges; others have regulations
a network of more than 7,000 relays, disguising a
on the books but do not seem to enforce them.
user’s true location and making it difficult to con-
Whether and how individuals have to report their
duct online surveillance on a user. Web sites can
digital currencies for tax purposes is also unre-
be configured so that they are accessible only to
solved in many countries.
computers running Tor software. This has cre-
ated a hidden online environment shielded from
CRIMINAL USE OF DIGITAL CURRENCIES
the public view of the surface web.
AND THE DARK WEB
If digital currencies are vulnerable to use by Much of its dark web is innocuous. There are per-
financial criminals, there is an obvious question: sonal websites, blogs and even social media sites
What are criminals using them to do? similar to Facebook, but, inevitably, criminals
have also been drawn to the dark web. There are
Much concern about digital currencies has forums where credit card fraudsters trade tips
focused on their potential for money laundering and share skills, and others where cybercriminals
by transnational organized crime groups and ter- discuss new malware and attack techniques and
rorist financiers. As of mid-2017, researchers and
207
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
offer suggestions on easy targets. Criminal actors digital currencies back into real-world funds to
have also set up dark web marketplaces, where bankroll ongoing operations or enjoy their ill-got-
a vast array of illegal goods and services can be ten gains. This creates an interface with financial
purchased using cryptocurrencies. institutions and raises compliance concerns for
AML professionals.
Many well-trafficked illicit bazaars in the Tor dark
web, such as Silk Road, Silk Road 2.0 and Alpha- Banks and other financial institutions should con-
Bay, have been closed by law enforcement or shut sider monitoring their customer accounts for sig-
down by their own creators. Yet each time, oth- nificantly large or frequent funds transfers to and
ers open up to take their place. from digital currency exchanges. These transac-
tion patterns could indicate potential illicit activ-
These marketplaces act as a middleman, provid- ity involving digital currency.
ing the online platform to connect sellers and
buyers. Many will mimic the functionality and At the same time, institutions should recog-
even the appearance of legitimate surface-web nize that there is nothing inherently suspicious
retail sites, such as eBay or Amazon. Markets about purchasing or transacting in digital cur-
may specialize in one type of good or service, but rencies. Most customers are likely to be moving
larger ones will usually have a variety of offerings. funds to a digital currency exchange for a legiti-
mate purpose.
Cryptocurrencies have enabled these dark
markets to thrive. The ability to conduct rapid Specific digital currencies rise and fall in promi-
cross-border payments that do not require trust nence, and some have disappeared completely.
between buyer and seller makes cryptocurren-
cies ideal for illicit online transactions. Most mar- However, the concepts underlying digital cur-
ketplaces only use Bitcoin or other cryptocur- rencies, especially the decentralized public led-
rency as their payment mechanism. ger or blockchain, are here to stay. As innovation
continues and mainstream use increases, block-
DIGITAL CURRENCY COMPLIANCE chain applications are poised to expand into the
CONSIDERATIONS new fields, and digital currencies seem likely
to become a widely accepted part of the global
Along with overtly criminal marketplaces, there
financial system.
are thousands of legitimate merchants who
accept digital currencies, on both the dark web
and surface web. They range from global cor-
HUMAN TRAFFICKING AND
porations such as Microsoft and Dell and online
retailers such as Overstock to travel sites such FINANCIAL FLOWS
as Expedia, along with many smaller sites and A lucrative and rapidly growing criminal activity,
stores. Some bars and restaurants have adopted human trafficking is by most estimates second
Bitcoin payments. Even some political parties only to drug trafficking in its global scale and
and non-profits have begun taking donations via profitability.
cryptocurrency.
On the positive side, awareness of the issue
As digital currencies become more mainstream has greatly increased in recent years, as have
and more merchants start accepting them, crim- resources to train financial crime professionals
inals who transact in cryptocurrencies have to spot illicit financial flows tied to human traf-
more outlets to use their illicit proceeds. Even so, ficking. Some countries have also seen positive
criminal actors may still want, or need, to convert results combatting human trafficking with ini-
208
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
209
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
convenient. Historically, schemes have panied by a third party. This third party may pur-
operated with prepaid cards, cash and port to be a translator, and often possesses the
money orders to take funds from victims client’s identification.
and finance operations, though the use of
personal bank accounts is also common. While such may never show up in an alert, a well-
More recently, law enforcement agencies in trained staff member could quickly raise the issue
some countries have an increase in the use of to compliance staff for further investigation.
digital currencies and email money transfers,
such as those offered by Paypal, in sexual Other transactional activity that could be red
exploitation cases. In one case in Canada, flags of human trafficking includes:
victims of sexual exploitation were being paid • Customers that cash payroll checks, then
in bitcoin and email money transfers, which remit all or the majority of funds back to an
once received were immediately sent to employer account
another account.
• Accounts that appear to operate as funnel
RED FLAGS OF HUMAN TRAFFICKING accounts, which receive cash deposits from
states, cities or regions outside of where the
As research and reporting on human trafficking accountholder resides
have advanced, so too have the resources from
regulators and international organizations that • Low cost, high-volume transactions related
are available to support compliance programs to transportation and logistics
and investigations. The links highlighted below • Common telephone numbers or emails
are just a few examples: between multiple (seemingly unrelated)
customer’s accounts
• FATF Report – Financial Flows from Human
Trafficking (2018) – Includes statistics and • A customer with no clear full-time
descriptions, case studies, and red flags employment, despite significant
account turnover
• FinCEN Advisory - Guidance on Recognizing
Activity that May be Associated with • Accounts with frequent transactions to
Human Smuggling and Human Trafficking classified advertising sites/services
(2014) – Includes a compendium of red flags • Accounts that are tied to customers at the
organized by type of financial institution same address receive funds that are then
• United Nations Office on Drugs and Crime immediately withdrawn in cash
– Human Trafficking Knowledge Portal - • Accounts for individuals that have deposits
Archive of known cases of human trafficking, coming in, but no living expenses – E.g.
updated on an ongoing basis no transactional activity related to food
purchases, rent, credit card payments, etc.
It’s worth noting that front line staff can be very
important watchdogs for detecting suspicious
activity tied to human trafficking. For example,
one key red flag is a customer who establishes an
account or conducts transactions while accom-
210
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
Q 10-2. A young woman, who is a national of Country A, works as a caregiver for a fam-
ily in the US. She sends much of her earnings to support her family back in Country A by
giving the amount in cash to a local grocer, whose family is also in Country A. Once the
grocer receives the cash, he calls his partner who runs a market in one of the larger cities
in Country A. From there, the young woman’s family can pick up the money sent.
What is the name commonly used to describe this form of remittance transaction?
A. Cash transfer
B. Hawala
C. Referral Banking
D. Black Market Peso Exchange (BMPE)
See Answer and Rationales
211
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11
COMPLIANCE
PROGRAMS
AND
CONTROLS
OVERVIEW
212
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
These compliance programs have compelled vari- an overall unit that may be called “The Financial
ous business organizations to create new depart- Crimes Risk Management Program,” or some-
ments to ensure obedience with the legal require- thing similar.
ments. Over time, these compliance departments
have grown dramatically in terms of the number How does one create such a program and the
of people involved, the diverse occupational fields accompanying structure?
that these people represent, and their cost to the
organization. In fact, regulatory agencies not only A compliance structure for a financial crimes risk
review the operations of the business organiza- management program involves multiple coordi-
tion to ensure that it is not conducting or facili- nated functions. As with any compliance program,
tating the particular financial crime activity that its success requires development, implementa-
is the agency’s jurisdiction, but they also exam- tion and ongoing operation, effective corporate
ine the compliance department to enure that it is oversight and the interaction of executive leader-
sufficient to guard the organization against the ship, key group and line of business leaders, com-
pertinent financial crime problem. pliance, product managers, the legal department,
an auditing process and other employees across
CONVERGENCE OF FINANCIAL the organization.
CRIME FUNCTIONS
One essential element, if the organization is large
As compliance programs have grown, so have
enough, is a governance function. This element of
their structures and focus. One of the significant
the overall financial crime compliance program
developments in compliance program manage-
should set policies and have an effective and effi-
ment and organization in recent years is the con-
cient method of implementing them across the
cept of “convergence.” Just as the term “financial
entire organization, including ways to handle
crime” connotes an embrace of distinct compo-
requests for exceptions and exemptions.
nents of that term, including corruption, money
laundering, fraud, sanctions and related crimes,
convergence signifies the enveloping of distinct
ORGANIZATIONAL OVERVIEW OF
financial crime-control functions to improve
effectiveness, efficiency and economy in compli- FINANCIAL CRIME CONTROLS
ance by business organizations, including finan- A company’s size, structure, complexity and risks
cial institutions. are the basis of internal controls designed to limit
213
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
and control risks and achieve compliance with • Monitoring customer activity, and applying
the appropriate laws. Internal controls are typ- predictive analytics for customer-centric,
ically divided into “preventive” and “detective,” cross-channel fraud detection
although they are not strictly linear. In what- • Monitoring the activity of both employees
ever names the controls are labeled, a program and third parties when they act on behalf
should be designed to promote a strong compli- of the company
ance culture that provides oversight and permits
members of the group to challenge persons in the • Screening, blocking and rejecting
business units and the examiners, as appropriate. transactions and customers appropriately
• Reporting these matters (and other
Preventive controls include the follow- regulatory reporting requirements,
ing and others: including CTRs)
214
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
PRODUCT RISK
RISK ASSESSMENTS Having a product or service risk policy for new
Risk assessments should be based on the govern- and modified offerings allows an organization to
mental requirements and designed so that they have a more comprehensive view of its overall
are conducted at a business unit level that then financial crime risks.
can be aggregated for other units, including at
the corporate level.
SANCTIONS COMPLIANCE
For financial crimes, a risk assessment should fol- The laws of certain countries impose sanctions,
low a documented process. It is useful to apply the or authorize regulations imposing sanctions,
following categories to a risk assessment process: against specific foreign governments, organi-
• Types of distribution channels used by the zations and persons. Sanctions generally pro-
business unit hibit transactions with countries, individuals
and organizations and require that transactions
• Complexity of the business unit’s involving them be blocked. The laws that autho-
business model rize sanctions also usually impose penalties on
• Degree of change in the business individuals, financial institutions, or other busi-
• Amount and type of growth in the business nesses and organizations that conduct transac-
tions or engage in commerce with the sanctioned
nations, individuals and organizations.
215
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
216
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
actions with sanctioned countries, organizations Sanctions program laws and regulations in var-
and individuals. OFAC also imposes sanctions on ious countries include a number of obligations
“specially designated nationals,” known as SDNs, and expectations. Principal among these are the
whose property must be blocked. OFAC’s website, blocking of funds and rejecting of transactions
at www.ustreas.gov/offices/enforcement/ofac, involving sanctioned entities or regimes. Sanc-
provides information on US sanctions policy and tions lists, such as those of OFAC, consist of SDNs
sanctioned nations, persons and organizations. and countries, as well as economic sanctions
against specific countries or regimes as part of
Sanctions regulations are complex and varied. specific laws.
Penalties for violation apply to institutions, busi-
nesses and individuals. In the US, the maximum OFAC SANCTIONS
prison term upon a criminal conviction is 20 years. The US has one of the most complex and actively
Civil monetary penalties may also be imposed for enforced network of sanctions laws in the world.
each prohibited transaction. As previously mentioned, US sanctions are
administered and enforced by the Office of For-
The sanctions program of a financial institution eign Assets Control, or OFAC.
or other business must not only employ and con-
tinually train employees on sanctions policies, The US has comprehensive sanctions in place
enforcement and compliance, but it should also against a number of countries, which as of May
ensure its procedures provide current infor- 2017 included Cuba, Myanmar, Iran, North Korea,
mation on sanctions developments worldwide, Sudan and Syria. These prohibit most forms of
including new and modified sanctions. Close trade and financial transactions to these coun-
monitoring of transactions to ensure they do not tries. There are also targeted sanctions in place
involve a sanctioned nation, individual or organi- against over 5,000 individuals, businesses, non-
zation and prompt blocking of those that do, cou- profits and entities, including terrorist organiza-
pled with effective internal reporting and train- tions, drug traffickers and organized crime fig-
ing, are essential elements of a good sanctions ures located anywhere in the world.
compliance program.
Entities that are owned by these specially des-
ignated nationals, or in which SDNs have a more
SANCTIONS than 50 percent stake, must be treated as SDNs.
COMPLIANCE PROGRAMS All US citizens, corporations and legal entities
Sanctions programs of various nations, such as must comply with US sanctions. In addition, any
those managed by the US Treasury Department’s person or entity physically located in the US must
Office of Foreign Assets Control (OFAC) or the comply with US sanctions, including branches of
UK Treasury, are designed to block or prevent non-US financial institutions located in the US.
the transfer or use of funds through the global
financial system by certain designated entities The procedures that institutions use to enforce
or countries. Usually, sanctions compliance is an US sanctions on financial transactions will vary
important component in the organization’s over- somewhat depending on the terms of the specific
all AML program. Sanctions carry heavy civil and law imposing that sanction. In general, however,
criminal penalties, ranging from large fines to institutions will follow these steps:
criminal prosecutions, as well as significant rep-
utational damage. • The originator and recipient of a transaction
are screened against lists of sanctioned
countries and SDNs.
217
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
• Transactions that match an entry on the required to freeze the entire account and report
sanctions list must be “blocked,” or prevented, its actions to OFAC.
from being processed. The funds must
be placed in a separate, interest-bearing Even non-US institutions with very limited US
account at the institution. operations, or only one branch in the US to con-
• Based on OFAC recommendations, duct dollar-clearing transactions, must still com-
institutions should conduct a thorough ply with US sanctions. Failure to comply with
review against a variety of information OFAC sanctions can incur very high monetary
sources and databases, or contact OFAC and criminal penalties, including up to 20 years
directly, before blocking a transaction. in prison for individuals.
Institutions should only block transactions
if there is an exact match with an entity This fact has been vividly demonstrated by
or individual on a sanctions list. Partial enforcement actions recent years, including in a
or inconclusive matches are not sufficient major sanctions case against British bank Stan-
grounds to block a transaction. dard Chartered that ended in nearly $800 mil-
lion paid to US state and national enforcement
• The institution must submit a blocking agencies. Standard Chartered was based almost
reporting with OFAC within 10 days of entirely outside the US, but had one office in New
blocking the transaction. York that it used only for clearing transactions in
• The institution cannot notify the person, US dollars. The fact that it routed transactions
company or organization that the transaction that violated US sanctions through this office was
has been blocked. sufficient to trigger liability.
218
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
219
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
220
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
221
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
222
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
223
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
224
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
and identify the account or service technologies Implementing continuous system risk assessment
that are right for their business model and how and model risk validation programs helps ensure
financial crime, money laundering or terrorist the financial institution or organization is proac-
financing risks might vary by this technology. tively addressing areas of internal, statutory or
They must define and identify vulnerabilities and regulatory focus. This helps them stay in com-
develop a clear roadmap on how those vulnera- pliance, facilitates the examination process, con-
bilities are assessed and addressed. This should tributes to operational efficiencies and ensures
be a cross-institutional effort undertaken with the reputational integrity of the organization.
support across business lines throughout the
organization. CUSTOMER ONBOARDING
AND MONITORING
When attempting to address vulnerabilities, the Customer onboarding is the process of opening
organization should focus on the following: a new account or accounts, providing certain
• Vulnerability assessments that identify products and services, and beginning to build a
weaknesses in systems or controls and relationship with the customer. In the context of
the features of unique financial products AML compliance, customer onboarding involves
or services which may make them open to due diligence on new customers. Monitoring of
abuse or exploitation for money laundering or the customer means regular reassessment of the
terrorist financing. Vulnerability assessments risk or potential risk, presented by the customer
primarily focus on weaknesses that could based on the customer’s activities at the institu-
allow for financial crime, including money tion or organization. Establishing and following
laundering or terrorist financing. proper onboarding and monitoring policies and
procedures are key parts of developing the cus-
• Potential threat recognition identifies tomer relationship, and help protect the institu-
potential threats presented by the nature of tion against financial crime, including corruption,
the organization’s business, customers, and money laundering, terrorist financing and fraud.
the geographies in which it operates. The
combination of an external threat coupled
KEY ELEMENTS OF A “KNOW YOUR
with internal vulnerability often results in
CUSTOMER” PROGRAM
occurrences of financial crime, including
corruption, fraud, money laundering or A sound Know Your Customer and Customer Due
terrorist financing. Diligence (KYC/CDD) program includes robust
customer identification and account-opening
As the organization conducts its assessment, it customer initiation procedures that allow the
should determine whether the assessment mea- institution or organization to determine the true
sures are retrospective or prospective in nature. identity of each customer and assess the risk or
Retrospective analysis will provide learning and potential risk presented by the customer. The
insights by drawing on data from past events in major components of KYC include account open-
order to fine-tune any present vulnerability. Con- ing, the customer identification program (CIP)
ducting prospective analysis is equally important. and ongoing monitoring. KYC can also include
A prospective analysis is a process of attempting “Enhanced Due Diligence” (EDD) for customers
to look into the future with the benefit of histor- that pose a higher risk based on attributes deter-
ical data to help better identify emerging vulner- mined at the opening of the account or the cus-
abilities or threats. tomer activities after the account is opened.
225
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
Common account opening procedures and best must be collected at the time the customer seeks
practices include: to open an account and must be verified within a
reasonable time after the account is established.
• Gathering and verifying customer
identification materials through paper In addition, financial institutions must verify the
documents and/or electronic identity identity of customers prior to undertaking large
verification currency transactions, purchasing certain finan-
• Clarifying and stating the services that are cial instruments or ordering wire transfers. This
available to the customer includes vetting the customers against relevant
• Having all forms available and understanding sanctions or other watch lists.
them sufficiently well to explain them
professionally to the customer Under current rules and regulations in many
countries, CIP regulations do not require a finan-
• Verifying and authenticating the cial institution or other organization to authen-
customer’s identity ticate the identity of the beneficial owners of
• Screening the customer against sanctions proposed accounts in all cases. However, an orga-
lists, watch lists and politically exposed nization is obliged to look through a non- indi-
persons (PEP) lists vidual customer particularly business organiza-
• Documenting the normal and expected tions to attempt to identify the individuals with
activity of each customer, including authority or control over the account. This is cru-
occupation and business operations cial when the institution or other organization
cannot verify the customer’s true identity after
• Documenting the customer’s relationship using standard verification methods.
with the institution or organization, including
all lines of business within the organization Typically, the institution does not have to com-
and its subsidiaries that the customer plete unanimous verification of all identifying
will utilize information. But it must achieve a level of con-
fidence through a plurality of defined metrics or
CUSTOMER IDENTIFICATION indicators, assumed to be sufficient, to establish
PROGRAM (CIP) and verify the customer’s information.
Regulated entities in the banking and securi-
ties industries in many countries are required to CUSTOMER MONITORING
implement a “customer identification program,” Financial institutions are often required by regu-
or CIP, as it is called in the US. A CIP must include lation to apply ongoing monitoring to certain cor-
risk-based procedures for the verification of the respondent and private banking accounts, as well
identity of each customer to the extent reasonable as to the accounts of customers who pose higher
and practical. Essential identification information risk or potentially higher risk. This is determined
The chart below provides a simple example of a risk rating summary and levels of due diligence required:
Risk score 41 - 50 31 – 40 21 – 30 11 – 20 1 – 10
Risk level Highest High Intermediate Low Intermediate Lowest
Due diligence applied Enhanced Standard Simplified
due diligence due diligence due diligence
Approval required from: Senior manage- Senior AML officer AML officer AML staff member Rela-
ment of institution tionship manager
226
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
by information collected at the time of onboard- Customers at higher risk tiers will require further
ing, specific customer activity, and other material measures, or enhanced due diligence, to manage
factors that may have changed since onboarding. their financial crime risk. Some common EDD
techniques include:
The institution should collect customer due dil-
igence information in a database or system that • Additional investigation into a customer’s
is accessible to relationship managers and com- source of funds or wealth. Institutions could
pliance personnel. Designated personnel should request additional records and information
periodically update these customer records to from customers, such as financial documents
reflect changes in behavior, activity profile, or for a company or copies of tax returns for
other factors that impact the AML and other individuals, or conduct their own research
financial crime risk posed by the customer. This • Identifying and verifying beneficial owners
new information should be factored into a re-as- down to a lower ownership threshold
sessment of customer risk along with supporting • Additional verification of customer-supplied
factors, such as transactional activity, geographic information, using multiple sources
exposure and suspicious activity history.
• Thresholds on the size or frequency of
ENHANCED DUE DILIGENCE (EDD) FOR transactions a customer can conduct
HIGH-RISK SERVICES, CUSTOMERS, AND • Approval by progressively higher levels
JURISDICTIONS of management based on the risk of
the customer
Customer due diligence requirements have
increased in recent years in keeping with evolv-
In some cases, institutions may determine that
ing regulatory expectations for a more effective
a customer poses an undue risk, and decline the
and ongoing monitoring of existing customers.
relationship or transaction. Institutions should
Customer and third party due diligence is the
have policies in place for when and how to man-
cornerstone of a strong compliance program and
age the termination of a customer relationship,
requires that institutions and other organizations
including what records to keep and when to file
conduct and record specialized or enhanced due
suspicious transaction reports.
diligence (EDD) for high-risk customers.
Management should establish periodic reviews of
The information gathered in CIP, customer ques-
higher risk customers to determine if their activ-
tionnaires, and results of screening will provide
ity is reasonable, that customer due diligence and
the raw material for risk assessment and rating.
enhanced due diligence procedures are com-
pleted, and the customer risk rating is accurate
The risk score will guide the level of additional
and up-to-date.
due diligence required, if any. For customers at
the lowest risk of involvement in financial crime,
institutions may choose to conduct simplified due EMPLOYEE ONBOARDING
diligence, or the minimum level required under
the jurisdiction’s AML regulations. Institutions AND MONITORING
may allow relationship managers or lower levels Similar to customer onboarding and monitor-
of staff to approve customers subject to simpli- ing, employee onboarding and monitoring plays
fied due diligence. Publicly traded companies and a critical role in financial crime prevention at all
pension funds are common examples of low-risk business organizations, including financial insti-
customer types. tutions. An insider can pose the same money
laundering threat as a customer. Establishing and
227
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
A Graphic Displaying the Cyclical Process of Customer Risk Assessment, Onboarding, Monitoring and Audit in a
Financial Crime Compliance Program.
following proper employee onboarding policies tation should include rules, regulations, respon-
and procedures help protect the organization sibilities and the organization’s code of ethics.
against potential employee involvement or collu- Senior management must set the tone or culture
sion in all financial crime and protects the integ- at and from the top, consistently and regularly
rity and sanctity of internal processes and infor- communicate the organization’s ethical policies
mation from filtration to outside elements. and code of conduct as well as emphasize the
important role each employee plays in ensuring
KEY ELEMENTS OF “KNOW YOUR that these policies are adhered to and honored.
EMPLOYEE” PROGRAMS
Best practices that have evolved for effective
A Know Your Employee (KYE) program allows
employee onboarding include the following:
the organization to understand an employee’s
background, associations, conflicts of interest • Onboarding and assessment, which begins
and susceptibility to corruption, money launder- during the interview process. The vetting
ing, tax evasion or fraudulent activities. When an should include background screening,
employee is hired, part of the orientation process especially for criminal history. It is important
should include a proper introduction to the com- to conduct a complete review of the
pany culture and the expectations the employee
is supposed to meet in that culture. This orien-
228
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
employee before hiring, including checking software, so-called exception reports, log
references and relevant background checks. files, and the like.
• Gathering and verifying employee • Regular reviews and updates on the
identification materials through paper company’s ethics policies and ethical
documents and electronic identity compliance culture
verification • Regular communication that enforces
• Screening the employee against sanctions the organization’s policies, including full
lists, watch lists and politically exposed disclosure if financial crime has occurred
persons (PEP) lists and the actions that were taken
• Providing new employees with a copy of • Ongoing employee training in recognizing
the organization’s written ethics policy and red flags for corruption, tax evasion, money
code of conduct laundering, fraud and other financial crime,
• Providing appropriate training for the as well as clear guidelines on how to follow
position the employee is hired for, including up and report on financial crime suspicions
written regulations and web-based or
classroom training on financial crime When an employee is supported by an ethical
addressing corruption, money laundering, company culture, he or she is constantly reminded
fraud and sanctions with scenarios that are to perform the required customer due diligence
appropriate to the business and the clientele and to pay attention to how customers and third
with which the employee will be working parties establish relationships with employees.
One example is where a customer is grooming an
• The institution of a “hotline” that employees employee for a future financial crime or money
may use to anonymously report financial laundering transaction, or collusion in a related
crime tips covering a range of financial scheme where the employee does not merely rub-
crimes on which they should be trained ber- stamp questionable transactions, and does
not accept corrupt or improper compensation.
Proper employee onboarding improves pro-
ductivity and contribution by ensuring that the RED FLAGS OF EMPLOYEE PARTICIPATION
employee fully understands his or her job respon- IN FINANCIAL CRIME
sibilities and has access to necessary tools.
Employee perpetration of or collusion in financial
EMPLOYEE MONITORING crime, including corruption, tax evasion money
laundering, sanctions violations and fraud can
Best practices for effective employee monitoring occur in financial and non-financial organiza-
can include the following: tions. Employees in financial institutions or other
• Regularly scheduled background screening financial services providers may have access to
especially of criminal history to identify customer and account data and the ability to
employees who should be removed move funds in and out of accounts. Employees in
other organizations may have access to account
• Ongoing monitoring of employee actions and information through statements or online access
activities as they pertain to their facilitation and financial instruments, such as checks or
of account or transactional activity for electronic access to payment mechanisms. This
customers. This can be achieved through access highlights the vulnerability to insider
a combination of automated monitoring financial crime, including fraud, and the impor-
tance of ongoing monitoring of employee activ-
229
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
ity and lifestyle factors when they are available the names of family members and associates,
to help detect and prevent financial crime by the show unusual levels of activity, such as
“enemy within.” internal transfers into the accounts followed
by wires or other transactions out of
Although not an exhaustive list, the following the accounts
are red flags or indicators of potential employee • Employee never takes a vacation, or takes
involvement in financial crime of a wide variety: much less than the minimum vacation period
• Employee approves or is involved in an that is mandated by the organization
inordinate number of exceptions to policies, • Employee resists an internal transfer to
procedures, account limits and other rules of another unit or element of the organization
the organization • Employee enjoys a lavish lifestyle, including
• Employee frequently overrides or high-end cars, real estate and lavish trips, for
circumvents internal controls, approval example, which cannot be supported by his
authority or established policies, including or her normal compensation
accessing accounts and records for which
the employee has no legitimate business
purpose to access INVESTIGATING AND IDENTIFYING
• Employee misrepresents the identity, BENEFICIAL OWNERS
background, associations or financial As previously mentioned in the Money Laun-
resources of a customer at the time dering chapter, the term “beneficial ownership,”
of onboarding, updating customer when used to refer to beneficial ownership of a
documentation or due diligence financial account, is conventionally understood
• Employee is involved in completing or to refer to the person who maintains ultimate
expediting financial or business transactions control over funds in an account through owner-
where the identity of the counter party or ship or other means. “Control” in this sense is dis-
ultimate beneficiary is not identified tinguished from mere signature authority or legal
Employee accounts or other accounts linked title. The specific definition of a beneficial owner
to the employee, such as those opened in of a legal entity includes an individual who owns
or controls, directly or indirectly, greater than a
certain percentage of the legal entity.
230
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
Determining beneficial ownership has become There are no firm rules on what constitutes sus-
increasingly important from a regulatory stand- picious activity. However, there are known typol-
point internationally and in many nations. The ogies of transactions and other activities that
Financial Action Task Force now emphasizes it serve as common indicators of financial crime,
in its recommendations and interpretive notes. including money laundering. In addition, activity
Beneficial ownership involves establishing mech- that is not consistent with a customer’s known
anisms to record basic information about the style of living, source of income or wealth, type
organization or individual to enable financial of business, or type of accounts or services used
institutions, the pertinent authorities and others should be scrutinized.
to determine the true ownership. This is needed
to conduct appropriate due diligence on the Because most organizations must monitor and
real customer. attempt to flag thousands and maybe millions of
transactions each day, they should employ a risk-
Many countries and the FATF have progres- based approach determined by elements such as
sively raised expectations regarding beneficial their business profile, location, types of prod-
ownership rules. For example, the US Finan- ucts and services offered, third-party relation-
cial Crimes Enforcement Network, which is that ships and geography. When suspicious or unusual
nation’s Financial Intelligence Unit, has officially activity is detected, organizations must investi-
announced that it may require the institutions it gate to determine if there is a reasonable expla-
regulates to determine the names of individuals nation for the activity, or if there is a likelihood of
who directly or indirectly own more than 25 per- financial crime in the broad sense.
cent of a legal entity that has a relationship with
the financial institution. If financial crime, including money laundering, is
suspected, or if the activity cannot be reason-
Beneficial ownership has also been a central ably explained, the organization is likely obliged
focus of the FATF’s mutual evaluation process as to report the activity through a suspicious activ-
to the adequacy of controls that exist in various ity report or suspicious transaction report. This
nations. This focus is part of a larger strategy to depends on the requirements of the country in
improve the availability of beneficial ownership which it operates. Each country’s laws and reg-
information for legal entities that open accounts ulations dictate the length of time the organi-
or conduct transactions through financial insti- zation has to report the suspicious activity, the
tutions and to facilitate the implementation of frequency of additional reporting if the activity
global standards for obtaining beneficial own- continues, and the length of time it must main-
ership information by financial institutions and tain these records.
other business organizations.
It should be noted that suspicious activity report-
ing often takes place in two contexts: reporting
DETECTING AND REPORTING within an organization or institution, or reporting
SUSPICIOUS ACTIVITY to external government agencies and regulators.
Financial institutions in most countries, includ-
ing non-bank financial services providers, are In the case of reporting to government agencies,
required to monitor customer and entity behavior many jurisdictions have specific reporting forms
to detect transactions or activity which could be they must complete and file with a regulatory or
indicative of money laundering or other financial enforcement agency. In Canada, for example, the
crime activity. This includes corruption, tax eva- forms for financial institutions are called “Suspi-
sion, fraud and terrorist financing. cious Transaction Reports (STRs)” and are filed
231
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
with FINTRAC, that nation’s governmental finan- Along with training, other general best practices
cial intelligence unit, or FIU. In the US, the forms for a reporting program include:
are called “Suspicious Activity Reports (SARs)”
and are filed with the Financial Crimes Enforce- • Processes to identify suspicious activity
ment Network. In most jurisdictions, reports are through multiple channels, including
filed with the governmental FIU, which then has alerts produced by transaction monitoring
the responsibility of analyzing and disseminating systems, referrals or notifications from
them to law enforcement. employees, and requests or queries from law
enforcement and regulators.
Most jurisdictions have clearly prescribed pro- • Investigation and review processes for each
cedures for filing suspicious transaction reports, suspicious activity identified.
along with standard forms or electronic filing • Decision-making procedures for when to
systems that institutions use. These forms typi- file a report, when to escalate the decision
cally contain several sections: and when to decline, supported by thorough
• Contact information for the filing institution documentation.
232
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
The information provided in suspicious activity financial crime and money laundering
reports to governmental FIUs is a key resource typologies or red flags
for law enforcement investigations in many juris- • Statistical profiling scenarios that identify
dictions. Information from suspicious activity unusual activity by modeling typical or
reports can help enforcement agencies find infor- expected activity profiles for a specific
mation on individual accounts or persons they customer or type of customer and
are investigating, or alert them to new potential identifying outliers
criminal activity in progress.
Some software leverages both approaches to help
Suspicious activity reporting can also be used by ensure the best possible detection capabilities. In
institutions or law enforcement to get a high-level addition, most transaction monitoring systems
view of financial crime in a given area or jurisdic- also provide alert and investigations management
tion. Governmental FIUs can analyze all reports systems to facilitate and document the analysis
involving mortgage fraud, for example, and place and investigation of alerts and cases.
that information on a map to gain a better under-
standing of where such fraud is happening most Cases are reviewed by financial crime analysts,
frequently. Internal FIUs can conduct similar ana- including those devoted to AML, who investigate
lytics. This ability to capture large-scale financial the activity along with supporting data and infor-
crime trends can help institutions and govern- mation. The analyst then determines whether to
ments allocate resources more effectively. clear the case or escalate it for further review and
action, including suspicious activity reporting in
the appropriate jurisdiction.
OVERVIEW OF AML COMPLIANCE
MONITORING SYSTEMS Like any other element of the compliance pro-
Because of evolving regulatory expectations, as gram, transaction monitoring solutions require
well as the volume of customers, transactions ongoing quality assurance and review to func-
and data involved in monitoring and surveillance, tion effectively. This includes refining monitoring
many organizations leverage specialized technol- rules, statistical models, and the data feeding into
ogy to help meet their detection and reporting monitoring systems to address two types of prob-
requirements. The major types of information lematic issues: False positives and false negatives.
technology systems or solutions used in financial
crime in general, particularly AML and sanctions • False positives are transactions or
compliance, include the following: patterns that are not actually suspicious,
but incorrectly flagged as suspicious by
Transaction monitoring systems. An automated monitoring system
system, either a proprietary application or ven-
dor-provided solution, for ongoing scanning of • False negatives are transactions or patterns
transaction, customer and entity data. The solu- that are actually suspicious or indicative
tion filters, compiles and summarizes transaction of financial crime that are NOT flagged by
data and flags or alerts on instances of poten- transaction monitoring system
tially suspicious behavior. Detection is typically
accomplished through implementation of AML False positives tend to receive the most attention
scenarios that fall into two broad categories: from compliance staff, for understandable rea-
sons. A false positive is visible and apparent to
analysts, and dealing with large numbers of them
• Rules-based scenarios that identify specific can waste considerable time and resources. False
patterns of behavior related to known
233
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
234
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
alerts analysis and investigation of suspicious or increased scrutiny of automated systems sup-
unusual activity. porting financial crime, AML and sanctions com-
pliance programs. Their recommendations often
Automation can play a key role in financial crime focus on validation of monitoring systems to
control programs and should be part of an organi- assess the integrity of data inputs, the accuracy
zation’s strategic planning process in information of algorithms, the appropriateness of thresholds
technology. Ongoing maintenance and evolution and scenarios, and the structure of case manage-
of these systems may be factored into the finan- ment, investigation and reporting.
cial crime compliance program as a component.
Financial institutions must put in place a program
This should include periodic validation of the sys- to consistently and regularly assess their compli-
tem through internal audit, regulatory examina- ance systems’ performance and apply corrective
tion, or third party independent evaluation opti- action to address deficiencies. Two key areas of
mizing the system through scenario and threshold evaluation should be included:
tuning, and improvements to data quality and
availability. It should also include changes made • Effectiveness: the system’s ability to properly
to enable prompt response in evolving regulatory identify and report suspicious activity and
requirements or new financial crime typologies, help ensure compliance with regulations, as
including those for money laundering and terror- well as reputational and legal integrity
ist financing. • Efficiency: the system’s ability to reduce
the number of false positive alerts or
exceptions while minimizing the risk
ONGOING TESTING AND DUE of “missing something.” Efficiency helps
DILIGENCE OF MONITORING AND reduce costs without increasing the risk of
REPORTING PROCESSES non-compliance.
In virtually every country, examiners conduct
Implementing a continuous system and perfor-
periodic examinations of AML and financial
mance assessment program facilitates the exam-
crime compliance programs. When reviewing
ination process, proactively addresses areas of
compliance monitoring and reporting systems,
regulatory focus, and contributes to operational
they usually focus on the adequacy of the system
efficiencies. A well-structured and rigorous com-
and evaluate the reasonableness of the scenarios
pliance program of periodic assessment coupled
and parameters applied, as well as changes to the
with independent testing can provide compli-
systems and policies.
ance officers, senior management and the board
of directors with the information needed to keep
Recently, they have begun to place more empha-
financial crime compliance program effective
sis on assessing the adequacy of the efforts of
and responsive.
financial institutions and other organizations to
ensure ongoing effectiveness and integrity. In
many countries, regulators have been signaling
235
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
Q 11-1. As the compliance officer in a national financial institution, you have recently
received an alert from your regulator warning of suspected bulk cash smuggling into your
jurisdiction.
Which recent activity might be indicative of bulk cash smuggling?
A. An increase in domestic wire transfers between another bank within your jurisdiction
and your financial institution
B. A significant number of cash withdrawals, all under $10,000, from your
financial institution
C. Large amounts of small denomination currency being sent from a Foreign Financial
Institution (FFI) to an account at your bank
D. A dramatic increase in domestic ACH transactions at your bank
See Answer and Rationales
Q 11-2. A US bank receives a letter of credit from an issuing bank in connection with
the purchase of wheat from a bank customer. The buyer/applicant is located in Belarus, a
country in which certain senior government officials are on the US Specially Designated
National (SDN) List. The country is not, however, subject to comprehensive US sanctions.
The buyer is determined to be a joint venture in which a Belarus SDN has a 50 percent
interest through two separate companies wholly owned by the SDN. Each has a 25 percent
interest in the joint venture. No funds have yet been received by the bank. Which state-
ment is true about this situation?
A. The letter of credit can be processed and the funds paid because the customer is not
on the SDN List, and the SDN does not have a majority or controlling interest.
B. The letter of credit can be processed and the funds paid because the US Office of
Foreign Assets Control (OFAC) has issued general licenses exempting food from
US sanctions.
C. The letter of credit must be blocked by the US bank and reported to OFAC even
though no funds have yet been received.
D. The letter of credit cannot be accepted or acted on so it must be returned to the
advising bank with notice that any funds received will be blocked.
See Answer and Rationales
236
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
Q 11-3. A small regional bank has recently started using a new transaction monitoring tool
that utilizes several custom scenarios to identify specific activity which was defined by the
Financial Crimes Compliance team. There are five scenarios that are live in production.
The Analytics team within Financial Crimes Compliance has performed some research on
the scenarios and is ready to make recommendation to management regarding possible
changes to the scenarios.
Which scenario(s) should the Analytics team recommend making changes to first?
A. Scenario A that has generated 100 alerts in the past three months and 50 percent of
those have been deemed suspicious and a suspicious transaction report was filed.
B. Scenario B that has generated 180 alerts with a 95 percent false positive rate.
C. Scenario C that has generated no alerts and there appears to be a problem with the
mapping of data.
D. Scenarios D and E that were put into production in the last 30 days to address a
matter requiring attention from a regulator.
See Answer and Rationales
237
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12
CYBERSECURITY
OVERVIEW
238
CHAPTER 12 • CYBERSECURITY
Financial criminals have followed closely behind, financial crimes in and of themselves, designed
quickly adopting and exploiting online and elec- to directly steal assets from financial accounts.
tronic tools to their own illicit ends. Fraudsters Other cybercrimes, such as online identity theft
use social networks to make connections and and data breaches, are often one element in a
lend legitimacy to their false investments or non- wider financial crime scheme. Personal data
existent business enterprises. Organized crime stolen online, for example, may later be used to
rings use elaborate schemes to implant mal- create a false identity to apply for government
ware on the computers of businesses worldwide, benefits as part of a fraud scheme. Systems and
obtain passwords and login information, and networks can also be tampered with to dis-
drain millions from business accounts. Hackers, guise illicit transactions or destroy evidence of a
acting alone or in teams, breach the data systems financial crime.
of major corporations and government agen-
cies to steal and resell customer data, from bank Globally, incidents of cyber financial crime have
account access codes to credit card and tax iden- exploded in recent years. A report by cyber secu-
tification numbers. rity firm Symantec estimated that in 2011 more
than 232 million customer records were sto-
It is no exaggeration to say that financial crime len from private corporations across the globe.
has moved into a new digital era, and protecting Worldwide, 40 percent of all cyberattacks tar-
networks and data is essential to detecting and geted financial institutions, according to the 2012
preventing a wide range of financial crimes. Con- Data Breach Investigations Report by Verizon.
sequently, a working knowledge of cybersecurity
is rapidly becoming a necessity for all financial The type of entities orchestrating cybercrimes
crime professionals. has also changed considerably over the past
decade. Increasingly sophisticated organized
For the purposes of this Manual, the term cyber- crime, terrorist and activist groups have moved
security is used in a broad sense. It encompasses into the cybercrime field, either for profit or to
methods to recognize, prevent and detect cyber- further a political or ideological agenda. State-
crimes, as well as the understanding of the recom- sponsored group and military organizations also
mended controls to prevent unauthorized access have a growing online presence, engaging in
from external actors. Recognizing that employ- covert cyber warfare operations that strike not
ees and other internal sources are a significant only government agencies but unwitting targets
financial crime risk as well, the concept of cyber- in the private sector.
security also includes policies and procedures to
safeguard against unauthorized internal access. Financial institutions of all types and sizes are
particularly at risk. Their online banking and
Additionally, data management and data privacy transaction services and wealth of potentially
also form another key component of cybersecu- valuable customer data make them rich pickings
rity, and this chapter will provide guidance on for traditional cybercriminals seeking money and
standards for retaining and destroying sensitive assets. At the same time, their strategic impor-
data, sharing data with law enforcement and tance makes institutions attractive targets to
transmitting data across international borders. state-sponsored groups looking to disrupt a
country’s economy, or “hacktivists” trying to
Cybercrimes, or criminal activities conducted send a message.
using online and electronic tools, can intersect
with financial crimes in a variety of ways. Some, All these factors make cybersecurity a criti-
like account takeovers previously mentioned, are cal front in the battle against financial crime.
239
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
240
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
face value, particularly those from authoritative Traditionally, phishing has been a technique
persons or sources. intended to facilitate identity theft schemes tar-
geting customers of financial institutions. Over
Social engineering schemes can and often do the past several years, phishers have expanded
occur through multiple channels. Some social their targets, attacking government agencies
engineering schemes may use phone calls imper- such as the US Internal Revenue Service, and
sonating a bank employee, auditor or law enforce- social networking websites in an attempt to steal
ment agent to deceive a target into turning over personal identifying information also used in the
confidential information. Others may use social commission of various identity theft and account
networks to contact targets, build credibility by take over schemes.
conducting background research on targets, or
create fake profiles to impersonate a target’s real There are several variations to phishing attempts:
friends or business associates. Email Phishing. The most common form of phish-
ing is via email. Phishers ‘spam,’ or send the same
Criminals leveraging social engineering schemes phishing email to millions of individual e-mail
have even appeared in-person at financial insti- addresses, requesting the recipient to divulge
tutions and other companies posing as “security personal information under false pretenses. They
consultants” or law enforcement agents, in order typically send the victims to a fake website that
to steal data from internal networks or install looks almost identical to the actual site the vic-
malware on company computers. However, by tims thought they were going to. These pieces of
far the most common type of social engineering information are then used by phishers for vari-
is phishing through electronic communications, ous illegal activities, but, most commonly, to
which is explained in more detail below. facilitate an identity theft scheme. Most phishing
email messages have an urgent subject line which
Consequently, there is no one-size-fits-all strat- requests the user to enter their credentials to
egy for guarding against social engineering at update account information, change passwords
organizations, whether banks, businesses or gov- or verify account details.
ernment agencies. One low-tech, but effective,
solution is employee training. These types of attack have a relatively low suc-
cess rate now that people are more skilled at
PHISHING recognizing these types of email. But even a tiny
Phishing refers to the act of sending an email or success rate on the millions of phishing emails
other electronic message falsely claiming to be a sent per day means that many still fall victim to
legitimate communication in order to manipulate this type of attack.
the recipient into providing confidential informa-
tion. Typically, a phishing message will direct the Man-in-the-Middle Attack. Man-in-the-Middle
recipient to a sham website with the same look Attacks are one of the more sophisticated phish-
and feel as the legitimate website of a business, ing techniques in which the phisher is virtually
government agency or other organization, and located in between the legitimate website and
instruct the unsuspecting user to divulge sensi- the user terminal. The phisher intercepts details
tive information such as passwords, credit card during a transaction between the legitimate web-
numbers and bank account information. The site and the user. As the users enter their personal
website, however, is not genuine and solely cre- information, it is then captured by the phishers
ated in an attempt to steal the user’s information. without the user’s knowledge.
241
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
Man-in-the-Middle attacks require far more SMS Phishing. Similar to IM Phishing, SMS
sophistication that standard phishing attacks, but Phishing (also known as Smishing), is sending
are far more successful. Since victims are going SMS messages to people’s phones with links to
to the real website of the organization in the link site that will capture their information.
provided, and the safeguards users might have
installed to recognize phishing sites, like antivi- Voice Phishing. Also known as Vishing, this is a
rus or browser controls, will not detect this. very straight forward type of social engineering
in which a scammer simply calls an organization
Instant Messaging Phishing. Similar to email and pretends to be someone in authority to con-
phishing, instant message phishing is the method vince the person they called to reveal passwords
by which the user receives a message via an and other confidential information. Skilled con
instant messaging software program with a link men can be surprisingly successful at eliciting
directing them to a phishing website which has information from a victim over a phone.
the same look and feel as the legitimate website.
The user is then prompted to enter their personal Spear-Phishing. A more refined phishing tech-
information. nique, spear-phishing involves sending targeted
A Graphic Displaying the Process Organized Cybercrime Rings will Sometimes Use in Business Email Compromise
Attacks. Source: U.S. Federal Bureau of Investigations.
242
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
messages with information or content tailored executive. The message will request immediate
to a specific recipient, thereby increasing the payment to a vendor or other party, indicating it’s
likelihood they will believe it is a genuine mes- a very urgent matter – the payment must be com-
sage. What distinguishes spear-phishing from pleted before the close of business.
traditional phishing schemes that typically rely
on template messages sent out to large numbers Of course, no such vendor exists. The message
of recipients, is the inclusion of some personal includes payment instructions to an account
information about the recipient. controlled by the cyberfraudster, typically in
another country. Once transferred, the funds
Spear-phishing messages can be quite sophisti- will be laundered through further accounts and
cated, and may include the subject’s name and effectively disappear.
personal identifying information. They may also
mimic messages from a recipient’s friends, rela- Attackers will either spoof the sender’s email
tions or business associates. Spear-phishers must address or create a new address that looks nearly
have some level of information on their recipi- identical. In other cases, attackers obtain a tar-
ent in order to make their message seem plausi- get’s email account credentials and take control
ble, and as a result, spear-phishing is often used of it to send messages.
in combination with data breaches or theft. For
example, a phisher may gather some personal In a variation, messages are sent directly to a
details on a subject by stealing them from a com- financial institution, purportedly from a busi-
pany database, and then use that information to ness executive controlling the account, direct-
follow up with a directed phishing message to ing that funds be transferred to another party
obtain login credentials for a bank account. immediately.
Victims are far more likely to be susceptible to Another tactic is for cybercriminals to imperson-
a spear phishing attempt that a simple tem- ate a supplier or vendor, and contact a company
plate-based phishing attempt. Many people by with updated account information for monthly
second nature recognize the standard phishing payments. In one case in 2016, a Lithuanian man
attempts that fill our email boxes and delete them was able to steal $100 million from tech giants
by reflex. The inclusion of some individuality to Google and Facebook in a matter of months using
the attempt makes it appear far more authentic this technique.
and is much more likely to be successful.
Attackers will either spoof the sender’s email
BUSINESS EMAIL COMPROMISE address, or create a new address that looks nearly
Business email compromise (BEC) is a variant identical. In other cases, attackers obtain a tar-
of social engineering that has been lucrative get’s email account credentials, and take control
for cybercriminals. In simple terms, a fraudster of it to send messages. Overall, the FBI estimated
impersonates someone else via email to deceive that BEC was responsible for $3.1 billion in losses
a target into making a wire transfer, processing in 2016 alone.
a payment or otherwise taking actions that will
transmit funds to the attackers. PROTECTING AGAINST BEC ATTACKS
Fortunately, there are some relatively low-
In one common example, cybercriminals send tech policies and procedures that you can use
a message to a company employee in accounts to protect against BEC and other social engi-
payable or the finance department that appears neering attacks.
to be sent from the company CEO, CFO or other
243
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
One is requiring more than one employee in a Other prevention steps include the following:
company to authorize a wire transfer, vendor
account update or transmittal of sensitive data. • Verify the hyperlinks within electronic
Depending on the size and sensitivity, you may communication. This can usually be done by
require multiple individuals to sign off. hovering a mouse cursor over links to view
the true URL, although this is not a sure-fire
Another is verifying with the person who sup- solution, as links can be masked.
posedly sent the email. This confirmation should • Remain cautious about opening electronic
always be done through an outside channel, such communication attachments and
as known phone numbers or company web sites or downloading files from electronic
- not by replying to the email, text or voice mes- communication. If the message is suspect or
sage, or calling any numbers provided in the not from a known source, at a minimum, files
message, as these are likely to be controlled by should be scanned by antivirus program.
the fraudster. • Never send personal or financial information
via electronic communication, and only
Ongoing training and awareness on the part of all provide personal or financial information
employees is perhaps the best defense. Like other through an organization’s website once it has
forms of fraud, social engineering often preys on been reviewed to ensure its legitimacy
the shared human desire to be helpful, and the
tendency to take things at face value.
ACCOUNT TAKEOVER
Every individual should maintain a level of pro-
Account takeover is one of the more common
fessional skepticism when dealing with email,
forms of identity theft, occurring when a fraud-
text and phone communications, especially those
ster obtains unauthorized access to an individual
that are out of the ordinary. Simple steps like
or organization’s financial accounts. The nature
reviewing an email header, checking hyperlinks
of the takeover and the level of sophistication can
in a text a message before clicking, or scanning
vary. In the simplest form, an attacker could use
email attachments before opening can head off
malware, phishing or other techniques to obtain
a social engineering attack before it starts. A
a person’s online banking credentials, then access
company’s networks are only as secure as their
the account and initiate transfers.
weakest point.
More elaborate attacks might gain account cre-
PREVENTION & DETECTION OF SOCIAL
dentials and some personally identifying infor-
ENGINEERING ATTACKS mation (such as the victim’s tax identification
The most effective method in the detection of number or answers to online security questions)
potential cyber fraud is to stay educated and and use this to change the official mailing address
up-to-date on phishing techniques and identity or online banking credentials with that individu-
theft schemes, as well as become familiar with al’s financial institution. Once accomplished, the
the channels that legitimate organizations use to fraudster can perform unauthorized transactions
communicate with their customers. Legitimate using the victims account without the victim’s
companies and government agencies will almost knowledge ( cash withdrawals, check orders, wire
never request personal identifying information transfers, online banking transactions, etc.).
via electronic communication. Any electronic
communication requesting such information Account take over (ATO) schemes are often the
should be treated as highly suspicious. end result of a combination of many identity theft
tactics used to obtain personal information. ATO
244
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
schemes can impact nearly any financial product cash or assets in a physical location. Do
or account type across all customer segments not use unprotected Internet connections.
within a financial institution, including individ- Sensitive data should be encrypted, and virus
ual customers, small-business customers, private protections should be updated regularly.
banking customers and large commercial and • Using complex passwords that are changed
corporate customers. Small businesses and non- regularly. This can make it more difficult for
profit organizations are an especially common financial criminals behind ATOs to capture
target of ATO attacks, as they typically hold more a password, or guess it if they have already
funds in their accounts than individuals, but tend gathered other personal data.
to have less robust cybersecurity programs than
larger organizations. • Multifactor or strong authentication. These
are systems that require multiple pieces of
Although it is difficult to produce hard numbers evidence to verify a user before they are
on losses, some security analysts estimate that allowed access to an account. Traditionally, a
$2 to $3 billion per year is stolen solely from US multifactor system requires 2 of 3 “factors” to
accounts in account takeover attacks. In a 2011 allow access, which are:
survey of more than 500 US small businesses » Something a user knows (password or
conducted by a cybersecurity firm, 56 percent personal information)
of the respondents said they had been targets » Something the user has (typically a
of fraud involving electronic payments in the card or token)
past year. About 75 percent of those said they
were the subject of an attempted or successful » Something the user is (fingerprints, voice ID
account takeover. or other biometric identification)
• Multi-channel authentication. Although a
As previously mentioned, account takeovers are robust system for verifying users, multifactor
often the end result of identity theft schemes. authentication is not always practical
Social engineering and phishing are common online. In its place, some organizations use
methods to obtain the data needed to take con- multichannel authentication to verify a user
trol of a financial account, as are malware such or confirm a transaction, especially if it is
as trojans and keystroke loggers, which will be suspicious or above a certain threshold.
discussed later in this chapter. In addition, illicit One simple example of multichannel
actions in the real world, such as mail theft or the authentication would be an institution that
theft of personal items or documents, dumpster asks users to log in to their account with a
diving and even “shoulder surfing” (surreptitiously standard password and username, and then
watching a person as they log in to accounts) can has an employee call or text the user to
be used to support ATOs. confirm before executing the transaction.
• Understanding responsibilities and
The adaptability, breadth and combination of liabilities. Many account agreements with
such schemes make them increasingly difficult to a bank or financial institution detail what
detect and prevent, as it is often very difficult to reasonable security measures are required
determine the root causes and how an account to protect accounts. In some cases, these
take over scam was perpetrated. Other methods may direct an accountholder to implement
to prevent ATO schemes, as well as mitigate the measures. It is critical that users understand
damage should they occur, include the following: and implement the security safeguards in
• Protecting the cyber environment. A cyber the agreement. If they do not, they could be
environment should be guarded just as would liable for losses resulting from a takeover.
245
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
It is very important to note that all steps to pre- rity or authentication processes. User activity
vent account takeovers, as well as cybercrimes in and transactions must be assessed to determine
general, should be proportionate to the risks of what is normal, and actions that deviate from that
the user and transaction. baseline should receive greater scrutiny. Trans-
actions above a certain threshold, in unusual
Consequently, not every user, every log in by a amounts or at odd dates or times, or an account
user, or every online transaction a user attempts being accessed from an unknown IP address or
to conduct should be subject to the same secu- location, should all be subject to stronger authen-
246
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
tication and monitoring than routine transac- • A small funds transfer to a previously
tions or logins that fit the user’s typical patterns. unknown recipient, followed by one or more
larger transfers to the recipient in a short
In some cases, an institution implementing what period of time
it believes to be a rigorous approach can actually • A series of funds transfers to a recipient
be harmful if it is not tailored to specific risks and located in another country or jurisdiction
situations. In one notable recent example, a small that are uncharacteristic for the customer
bank was sued by a corporation whose business
account was taken over by an Eastern European • Disabling or changing transaction alerts
hacking gang. The judge ultimately ruled in favor and/or notifications in a customer’s online
of the corporation due to the bank’s insuffi- banking accounts
cient data security policies and protections. One • Logins to a customer’s account from different
shortcoming cited was the bank’s requiring users or unusual IP addresses
to answer security questions before conducting
any transaction above $1, which gave hackers USE OF MALWARE
many opportunities to intercept the needed data Malware is a class of malicious or intrusive com-
for the account takeover. puter code (or software application) that includes
viruses, trojan horses and computer worms used
Although the bank considered this to be a robust by attackers to obtain personal/non-public user
security measure, it really only served to give information. They can also be used to gain access
cybercriminals more chances to obtain infor- to or control over private computer systems and
mation that would help them access the account. databases, or interrupt a computer’s functional-
Like compliance in other financial crime fields, ity and availability to its users. Malware’s objec-
data security programs and controls should be tive is typically to remain undetected, either
risk-based, not one-size-fits-all. by actively hiding within a computer system or
by simply not making its presence on a system
known to the user.
ACCOUNT TAKEOVER RED FLAGS
Red flags of account takeover can be similar to • Computer Virus- a computer program
those for other forms of fraud, which is to say, that can replicate itself and extend from
activity that does not have a clear rationale or one computer to another through actions
match the expected behavior of the customer. undertaken by the user intervention to
Red flags can also include actions taken in an proliferate.
online banking account that could potentially • Trojan horse or Trojan- a non-self-
conceal the attacker’s intrusion from detection. replicating type of malware which appears
Some examples include the following: to perform a desirable function of a
legitimate software application but instead
• Logins to customer accounts and/or funds facilitates unauthorized access to the user’s
transfers at unusual times of day or outside computer system.
of a customer’s normal hours • Computer Worm - a standalone malware
• New accounts or payees linked to an online computer program that replicates for the
account, followed by one or multiple funds purposes of spreading to other computers
transfers initiated to these new accounts automatically.
shortly afterwards
One common type of malware used in financial
crime schemes, which can be deployed as a Tro-
247
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
jan or worm, is a keystroke logger. This piece of legitimate ones, or transferred over file-shar-
software runs surreptitiously on the background ing services.
of a user’s computer, capturing everything typed
on a computer’s keyboard and periodically trans- Enterprising cybercriminals have even found
mitting that information to another computer or ways to program malware onto the “firmware” of
external network. Eventually, those keystrokes devices like wireless routers and USBs. Firmware
are parsed and analyzed by a financial criminal is the permanent software that comes embedded
to find passwords, logins and other sensitive per- into a device’s memory.
sonal information. There are a number of varia-
tions on keystroke loggers, such as malware, that Advanced cybercriminals will write their own
secretly takes screenshots of a user’s computer. malware programs, but more common is pur-
chasing or modifying an existing one. Thousands
Any channel used to connect computers and of malware applications are available for sale or
transmit data can be exploited to spread malware. even free download on web forums and dark web
Compromised websites or “attack sites” and mal- marketplaces.
ware bundled into email attachments are com-
mon vectors. Malware can also be packaged into RANSOMWARE
other applications downloaded online, including Ransomware is one strain of malware that has
proven popular among cybercriminals – and
A Screenshot of a Computer Infected with the Petya Ransomware, a Variant that Appeared in 2016 and Spread
Quickly in the Ukraine and Europe.
248
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
highly disruptive for their victims. Ransomware location that is not connected to the internal net-
prevents a user from accessing their computer or work or Internet.
locks files until a ransom is paid, typically through
cryptocurrencies. Some versions are a form of MALWARE PREVENTION & DETECTION
“scareware,” which attempt to frighten a victim The vast majority of Internet users globally have
into paying by threatening to permanently lock knowingly or unknowingly been impacted by or
or delete files, even though the program doesn’t otherwise been exposed to malware. Similar to
have that ability. phishing, malware presents significant risks to
nearly any computer user as a result of the mali-
More advanced ransomware will actually encrypt cious code’s ability to infect users either in an
files. Cybercriminals will then only provide the undetectable environment or embedded within
key to unlock them upon receipt of payment – if legitimate software applications. Below are some
they provide it at all. industry best practices around avoiding mal-
ware attacks.
Ransomware is available in a “malware as a ser-
vice” model, which accounted in part for its rapid • Use reputable antivirus software program
rise in popularity in the mid 2010s. On the dark on computers, and keep the computer’s
web, a cybercriminal can purchase a package operating system and anti-virus
that includes a ransomware program and every- software up to date.
thing needed to get it up and running, spamming • Remain cautious about opening electronic
services to distribute it, cryptocurrency wal- communication attachments and or
lets to receive payment, and even ongoing tech- downloading files online, especially if the site
nical support. or source is unknown or unverified.
It’s not just individuals that have been targeted • Browse the Internet responsibly by only
by ransomware. Entire companies and govern- visiting reputable web sites.
ment agencies have had operations disrupted • Do not click on pop-up advertisements,
and networks shut down. Ransomware has had especially advertisements pertaining to anti-
serious impacts on critical infrastructure, such virus or anti-spyware software.
as healthcare providers, energy companies and
transportation services. In 2016, a global ran- Outside of programs designed explicitly to dis-
somware attack dubbed WannaCry led several rupt or destroy computer networks, malware is
hospitals in the UK’s National Health Service to rarely used in isolation and is usually a means
redirect patients and cancel surgeries after their of facilitating another crime. Although the steps
networks were hit with encryption. Overall, the to prevent it are relatively straightforward, they
WannaCry program struck an estimated 200,000 should be used in conjunction with other security
computers across 150 countries. controls and protocols. The following section of
this chapter will detail some industry best prac-
One of the best safeguards against ransomware tices and standards for network security and the
is robust data backups. Organizations should detection and prevention of unauthorized access.
ensure that they are backing up data, especially
sensitive or essential data, on a regular basis and OTHER TYPES OF ATTACK
in more than one location. To maximize the secu- Network vulnerabilities are simply weaknesses in
rity of sensitive data, backups should take place a system that can be exploited by a cyber- threat.
in three locations – internally, on a location off Several system vulnerabilities are explained below
their internal network, and on a third external
249
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
in detail. Reducing a system’s vulnerabilities will devices for data analysis or modification or to
reduce the number and impact of such threats. steal the password file from the server and gain
access to user accounts
IPL (Initial Program Load) vulnerabilities. The
start of a network or system, called the initial Representative Examples – Unauthorized
program load (IPL), presents very specific sys- Network Access
tem vulnerabilities. During the IPL, the operator
brings up an organization’s system and can per- • The FBI arrested a computer programmer
form operations to compromise the security. An in New York and charged him with stealing
operator could load unauthorized programs or proprietary software code from the Federal
data, reset passwords, rename various resources, Reserve Bank of New York (FRBNY). This
reset the system’s time and date and bypass the software, which handles all kinds of US
security checks. government financial transactions, cost more
than $9 million to develop.
Traffic analysis. An intruder analyzes data char- • A 31-year-old Russian national living in
acteristics (message length, message frequency New York, was charged with hacking into
and so forth) and the patterns of transmissions accounts at Fidelity, Scottrade, E*Trade and
(rather than any knowledge of the actual infor- Schwab in a complex scheme that involved
mation transmitted) to infer information that making unauthorized trades that profited the
might be useful to an intruder. gang he recruited to open bank accounts to
receive the illegal proceeds. The brokerage
Data scavenging attacks. This is the technique of firms said they lost $1 million because
piecing together information from found bits of of his fraud.
data on a network, and using that data to expose • Yahoo accidentally leaked the private key
weaknesses or launch a cyberattack. that was used to digitally sign its new Axis
extension for Google Chrome. Axis is a new
Network address hijacking. It may be possi- search and browsing tool from Yahoo. A
ble for an intruder to reroute data traffic from a security blogger discovered the package
server or network device to a personal machine, including the private crypto key, noting it
either by device address modification or by net- offered a malicious attacker the ability “to
work address “hijacking.” This diversion enables create a forged extension that Chrome will
the intruder to capture traffic to and from the authenticate as being from Yahoo.” Yahoo
was forced to release a new version of its
Axis extension for Google Chrome.
PLANNING A
CYBERSECURITY PROGRAM
Considering the amount of sensitive data within
their custody, such as personal identifying infor-
mation, financial records and other forms of non-
public information, cybersecurity is a critical
element for most companies and organizations.
Organizations should constantly be taking pro-
active measures to protect themselves against
internal misuse or theft of data, external theft
250
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
of data and the threat of malware intrusions on The following are introductory steps an organi-
their networks. zation should consider when first deciding on its
cybersecurity approach:
Proper cybersecurity policies and procedures
allow organizations to effectively manage the pro- • Assess what networks and data are being
tection of their physical and financial resources, protected, which may include data from
reputation, legal position, employees, and other clients, such as personally identifying
tangible and intangible assets. information of customers, an organization’s
own internal data, and the networks required
Some of the same core principles from the finan- to run the organization’s operations.
cial crime compliance arena also apply to cyber- • Assess risks and cyber threats facing the
security. One of these is assessing risks and organization, and compare this against an
building controls and protections accordingly. A assessment of systems and information
cyber security plan starts with a risk assessment. requiring protect to determine the areas of
highest priority.
251
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
• Establish a methodology to assess the sion of the Internet, big data and mobile access,
adequacy of existing cybersecurity controls there is a greater demand placed on companies
against the perceived level of risk. to safeguard their intranet and extranets.
• Create cybersecurity policies, including
measures to assess whether policies are The Internet is defined as a global network that
being followed, and plans for periodic links computers worldwide and uses data trans-
reassessment. A good security plan should fer protocols, such as FTP and HTTP, to trans-
be flexible to technology and staff changes, fer information and data across locations. An
scalable, informative and user friendly, intranet is a private or closed network that uses
considering security is a daily issue. internet technology. For example, a company’s
intranet site can only be used by its employees
• Consider the human aspects of cybersecurity. and approved contractors to access specific non-
A 2014 study of cyber incidents by IBM found public company information such as corporate
that 90 percent had a human component policies, announcements, corporate financial
to them, meaning that the actions of an information, employee forums, internal job post-
employee helped further the cyber attack ings and event calendars.
rather than a purely technical failure. An
organization’s internal security practices An extranet is a computer network that facili-
and training are as important as its controls tates controlled access from the outside, for spe-
around network access from the outside. cific business or informative purposes. Access is
• Recognize that cybersecurity also has a restricted to particular outside users and specific
physical component. Attackers will use any information within the network. Information can
weak point to launch an attack, including be shared from various areas of the business, and
physical vulnerabilities. In past cases, can be used to communicate sales and customer
cyberfraudsters have posed as consultants services, product development and marketing
for a financial institution, using forged and personnel recruitment, among other things.
security badges to enter the server room
and steal data directly off the institution’s For example, a company may choose to share
network. In another instance, criminals product information with its business partners,
simply stole the entire server racks. or it may use electronic document interchange
• Consider the potential repercussions for (EDI) to allow customers to place orders, deliver
cybersecurity incidents. Thinking through goods and process payments electronically.
the possible fallout that can result from a
data breach, malware disruption or other To detect and prevent unauthorized access to or
attack can help an organization decide how use of an organization’s computers and networks,
robust its data security program should be. it is necessary to develop an effective frontline
For example, a software company may lose of security mechanisms, as well as data breach
millions if their application source code is detection systems to discover intrusions and
discovered and made available to public. thefts if they do occur.
STRUCTURE AND SAFEGUARDS Cybersecurity does not take place solely in the
virtual world. Network, system and physical secu-
IN A NETWORK
rity as well as controls for dealing with people are
In the simplest terms, a network can be described required. The intangible aspects of data security
as a collection of computers and other hardware also need to be considered, such as the effects
that are used to store information and carry out
the functions of an organization. With the expan-
252
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
of tight security controls on business operations Bring Your Own Device Policies. Organizations
and company morale. that allow employees to bring their own devices,
such as phones, tablets or personal computers,
THE BASICS OF CYBERSECURITY into the workplace or otherwise connect them to
Best practices for securing an organization’s sys- the organization’s network should have security
tems and data can be grouped into two broad policies and controls in place to manage this risk.
categories: those focused on organizational poli- Devices infected with malware can compromise a
cies and controls, and those focused on the train- company’s network, and cybercriminals may use
ing and procedures of individual employees. We’ll employee devices as an attack channel.
look at the latter first.
Accessing WiFi and Storage Devices. Employees
Training and Awareness. Human-centric best should exercise caution when accessing wireless
practices start with training and awareness on networks and avoid connecting to any unsecured
the part of all employees. Training should focus networks. Cybercriminals can use these to target
on helping employees to modify their behavior to others on the network, or may set up their own
reduce cyber risk. Employees should be aware of network to lure unaware victims. Likewise, indi-
the cyber threats they face, and understand how viduals should not connect to unknown devices
their day-to-day actions on the job – opening – a USB stick found in a company’s break room, for
email attachments, for example – can increase or example – as these could be vectors for malware.
decrease their vulnerability for attack.
ORGANIZATIONAL POLICIES
To the extent possible, organizations should AND CONTROLS
extend their training and awareness of cyber Manage log of changes to the existing data net-
threats to their customers. For example, if an work. Any changes to the network, including ele-
institution is seeing a rise in incidences of busi- ments such as software updates, authorized users
ness email compromise attacks affecting its cus- and access controls, should always be tracked
tomer accounts, it could send out a customer and accurately recorded in a network log. This log
alert warning them of the fraud trend and teach- should be accessible to all IT staff and adminis-
ing them what to look for. trators with permissions to make changes to the
network. System logs must be retained for 30 to
Cyber Hygiene. All staff should exercise good 90 days and then destroyed unless further reten-
cyber hygiene, or routine practices to safe- tion is necessary due to legal, regulatory or con-
guard their own devices and online activity. This tractual requirements.
includes setting strong passwords and changing
them frequently, not reusing the same password Prevent keeping data for any more time than is
or passwords across multiple platforms, and run- necessary. Data retention and deletion policies
ning regular scans for malware. are an essential element of data security. All orga-
nizations should assess what data is being stored,
Safe Browsing Practices. Individuals should prac- for what reasons, and on what time scale. In many
tice safe search and browsing when maneuvering cases, it may be that an organization is preserv-
online, such as checking hyperlinks before visit- ing more data, or preserving it for longer time
ing sites, avoiding suspicious or untrustworthy periods, than is necessary which is more expen-
sites, and downloading and installing software sive to the companies. This leaves the organiza-
only from trusted sources. Browser extensions tion and its customers more vulnerable to data
that rate a site’s reputation or highlight sites with theft and breaches. Data that is non-essential for
security issues can assist with this.
253
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
business, regulatory or legal reasons should usu- Systems must be configured to automatically
ally be deleted. update any software. Operating system software,
server applications (webserver, mail server, data-
Actively monitor fraudulent human behavior. base server, etc.), client software (web brows-
Unusual communication, requests outside of nor- ers, mail clients, office suites, etc.), and malware
mal workflow and instructions to provide infor- protection software (antivirus, anti-spyware,
mation or take actions contrary to policies should etc.) should all be updated automatically to pro-
be viewed as suspect. Outbound traffic should tect against constantly-shifting threats. A plan
also be monitored to identify suspicious traffic. to manually apply new updates within a docu-
mented time period is an acceptable alternative.
Restrict administrative connections to spe-
cific internal sources, and do not allow exter- Partitioning. This means that systems and net-
nal administrative access. Administrative access works should share hardware and resources only
typically allows a user full control to install or with other systems that have similar security
delete programs, extract data or make changes to requirements. Systems which share similar secu-
the code in a computer or network. It can be very rity requirements should have user communities
dangerous if a financial criminal gains admin- of similar size and character, similar firewall pro-
istrative access to a system, and, as such, orga- files, and similar technical requirements.
nizations should maintain restrictions on what
employees and functions are granted adminis-
trative access. In most circumstances, external OTHER NETWORK SECURITY
administrative access should not be allowed. STANDARDS AND INDUSTRY
BEST PRACTICES
Implement a firewall and access control list.
This is a basic but vital step for protecting an In most circumstances, a financial crime profes-
organization’s servers that can be accessed sional will not be required to have a specialized
externally -- firewalls are software or hardware knowledge of network security. However, some
devices (or a combination of both) that monitor fluency in the more technical aspects of cyber-
and limit access to traffic flowing into and out security can be useful in compliance, investiga-
of the network based on predetermined proto- tions and enforcement matters. Below are some
cols. An access control list (ACL) specifies what slightly more advanced techniques and tools for
systems or users have permission to access a safeguarding networks:
server or system. • Avoid using point-of-sale systems to
connect to the web directly, and ensure your
Change default credentials of internet facing point-of-sale system is compliant with the
devices. The default or out-of-the-box passwords requirements designed by the Payment Card
or login information should always be changed Industry Data Security Standard (PCI DSS) to
for any device with an external connection. A ensure that all companies that process, store
surprising number of companies will connect or transmit credit card information maintain
devices that can be accessed externally without a secure environment.
changing vendor-supplied usernames and pass-
words. Financial criminals will take advantage of • Use encryption and decryption methods to
this fact to easily exploit holes in the data secu- convert information into a version that is
rity system. Almost all password cracking tools meaningful only when the intended recipient
start with the list of default passwords from every uses a key or code when transferring files.
manufacturer. Strong encryption methodologies, such
as Advanced Encryption Standard (AES),
254
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
which uses the same key to encrypt and your company’s confidentiality and security
decrypt data, can be used for particularly standards for handling customer information
sensitive information such as credit card at the time of hiring. If this has not previously
numbers, bank account information and been done, all current employees should also
payment details. be required to sign such an agreement.
• Adopt inspection firewalls on network • Limiting access to customer information to
connections, which are the most common employees who have a business reason to see
firewalls in use today. These firewalls it. For example, give employees who respond
track the state of a network connection to customer inquiries access to customer
to determine if a packet of data being files, but only to the extent they need it to do
transmitted to or from the network should their jobs, and do not grant the same access
be filtered. Proxy firewalls allow deeper privileges to employees in the organization’s
packet inspection for more granular control research and development department, who
and authentication. have no reason to view customer files.
• Require password changes upon suspicion • Controlling access to sensitive information
of theft or data breach for all users. In some by requiring employees to use “strong”
cases, this may include notifying customers passwords that must be changed on a regular
and requiring them to change passwords as basis. (Tough-to-crack passwords require
well. For very secure data or transactions, the use of at least six characters, upper- and
organizations could also consider using one- lower-case letters, and a combination of
time or limited-use passwords. letters, numbers, and symbols).
• Consider blocking large address blocks/ • Using password-activated screen savers
regions if they have no legitimate business to lock employee computers after a period
purpose, also known as IP blacklisting. of inactivity.
Similarly, an organization could use a web • Developing policies for the use and
content filter to check every URL request protection of mobile devices, including
originating from its network against a laptops, PDAs and cell phones. For example,
blacklist of undesirable websites. implement a policy of encrypting any user
data that is kept or transferred on to a mobile
PROTECTING AGAINST UNAUTHORIZED device, and provide training to employees
INTERNAL ACCESS using such devices on properly storing and
A significant percentage of data breaches and using them in secure locations.
thefts involve the participation of insiders, and • Providing training to employees on the steps
organizations should not underestimate the they should take to maintain the security,
threat of unauthorized internal access. Depend- confidentiality and integrity of customer
ing on the nature of their business operations, information.
firms should consider implementing the follow-
ing practices: MONITORING AND TESTING FOR
• Thoroughly checking references or CYBERSECURITY
conducting background checks before hiring Cybersecurity testing and network intrusion
employees who will have access to customer monitoring is an ongoing and evolving effort to
information. ensure protection against new and dynamic
• Requiring new employees to sign an threats to networks. A critical aspect of any secu-
agreement committing them to following
255
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
rity program is proactive testing and monitoring • Flagging and monitoring failed login
procedures that remains flexible and dynamic. attempts (especially those indicating
widespread sequential guessing)
Vulnerability assessments and penetration test- • Locking out accounts after a specified
ing should occur when a cybersecurity program number of tries
is first put into place, as well as periodically on an
ongoing basis. In simple terms, penetration test- • Requiring help desk calls for account lockouts
ing involves conducting an authorized attack on a • Enforcing password policies (length,
network or system, in order to assess the strength complexity, clipping levels)
of security measures and identify weak points. • Password throttling (increasing lag in a
computer or system after successive failed
An intrusion detection system (IDS) is a device logins, to prevent malware from running
or software application that monitors network or multiple rapid password guesses)
system activities for malicious activities or policy
violations and produces reports to a management • Password cracking tests
station. Some systems may attempt to stop an
intrusion attempt but this is neither required nor When creating and implementing cybersecurity
expected of a monitoring system. programs, understanding legal and regulatory
duties is essential. Many jurisdictions have laws
Intrusion detection and prevention systems or regulations that lay out the requirements for
(IDPS) are primarily focused on identifying pos- cybersecurity programs, including when and how
sible incidents, logging information about them, to report cyber incidents.
and reporting attempts. In addition, organizations
use IDPSs for other purposes, such as identify- One example is the Directive on Network and
ing problems with security policies, documenting Information Security, which establishes cyber-
existing threats and deterring individuals from security standards for organizations in European
violating security policies. IDPSs have become a Union member states. In the US, the state of New
necessary addition to the security infrastructure York implemented Rule 500 in 2017, which lays out
of nearly every organization. detailed cybersecurity program requirements for
financial institutions.
IDPSs typically record information related to
observed events, notify security administrators of DATA RETENTION AND DELETION
important observed events, and produce reports. Many jurisdictions also have requirements for
Many IDPSs can also respond to a detected threat retaining various types of records. The US and its
by attempting to prevent it from succeeding. They states are one example. In the state of Texas for
use several response techniques, which involve example, disability and sick benefit records must
the IDPsS stopping the attack itself, changing the be retained for six years and claims of employee
security environment (e.g. reconfiguring a fire- inventions must be retained for 25 years. Accord-
wall), or changing the attack’s content. ing to US federal law, financial account records
must be retained a minimum of five years after an
OTHER MONITORING AND TESTING account is closed.
INDUSTRY BEST PRACTICES
Depending on the nature of your business, there
• Routine log monitoring may be multiple agencies that have their own
specific requirements. Even if an organization
does not have explicit regulatory mandates,
256
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
257
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
response time and reduce the negative impact of • Identify the sensitivity of the incident and
cyberattacks. level of impact on the subjects and the
organization.
Deciding who takes the lead and how to react can • If data has been stolen, lost or corrupted,
be surprisingly difficult in the midst of a cyber establish whether the systems housing
emergency. In the case of large-scale ransomware the data can be accessed or used without
attack where key systems are locked down, for specialized knowledge or software. In the
example, the organization will be dealing with aftermath of a cyber incident, the affected
a highly disruptive incident that may impact computers and networks are a crime scene.
multiple departments. Communications may be They need to be preserved and accessed
disrupted, employees may not know whom to in a way that doesn’t interfere with efforts
contact, and there may be disagreements over to investigate and remediate. This often
the proper course of action. It could be crippling requires cyber forensic expertise.
if it’s not clear who is in charge.
• Identify whether data can be recovered
Your plan should include consideration of legal or the damage done by the attack can be
reporting requirements and voluntary reporting repaired. In many incidents, the answer will
responsibilities. In many jurisdictions, a be a resounding “no.” In certain situations
cyberattack will require institutions covered by – files locked by ransomware, for example,
AML regulations to file a suspicious transaction or fraudulent transactions initiated due
or activity report with their national financial to business email compromise – it may be
intelligence unit. Beyond this, there may be possible to fully or partially reverse damages.
mandates to report to other government agencies. • Establish a complete list of subjects
affected and their contact details. This can
Companies may also be part of public-private include customers, employees and other
information-sharing groups that encourage stakeholders.
voluntary reporting, to help other businesses stay • Notify members of the crisis management
aware of cyber incidents. team (including, but not limited to,
information security officer, CEO, corporate
When cybersecurity staff are faced with reporting counsel and HR).
a security breach, especially with regard to
notifying an Information Commissioner's Office
(ICO) or similar governing body specific to that
territory, it will be in the best interests of the
company to examine the legal and regulatory
disclosure requirements.
258
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
259
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
• Evaluate and adjust the program in light of • The institution’s record retention policies and
relevant circumstances, including changes other institutional policies
in the firm’s business or operations, or the • State and federal laws that govern the
results of security testing and monitoring. maintenance and disclosure of records and
other information.
Organizations should implement safeguards
appropriate to their own circumstances. A com- The receiver should also consider developing a
pany may decide to designate a single employee working relationship with the offices of the law
to coordinate safeguards or may assign this enforcement agencies that are most likely to make
responsibility to several employees who will work such requests. In some areas, formal structures
together. In addition, companies must consider may already exist to facilitate such relationships.
and address any unique risks raised by their busi- One such example is InfraGard, a US public-pri-
ness operations, such as the risks raised when vate partnership association that promotes infor-
employees access customer data from their mation-sharing and reporting between compa-
homes or other off-site locations, or when cus- nies and the Federal Bureau of Investigation.
tomer data are transmitted electronically outside
the company network. Establishing such relationships in advance of
receiving a request for information should greatly
RESPONDING TO LAW ENFORCEMENT facilitate the response and provide an opportu-
REQUESTS FOR DATA nity to discuss legal and policy issues around law
Financial crime investigations will often be enforcement access to data.
accompanied by compulsory legal requests from
law enforcement, courts or private litigants for
data or information. As an industry best prac- INTERNATIONAL DATA PRIVACY
tice when dealing with such requests, a financial LAWS AND REGULATIONS
institution or firm should designate a specific The notion of a right to privacy is dramatically
person or specific office to receive all requests different across geographies, and certain coun-
for information and to coordinate the responses tries have developed aggressive legislation to
to such requests. protect these cultural values.
With the possible exception of public records In October 1998, the European Union’s Data Pro-
requests, the persons handling requests generally tection Directive went into effect to protect the
should be in-house legal counsel for those insti- privacy of information and prohibit the trans-
tutions that have one, or a senior level manager or fer of personal data to non-European Union
compliance officer for those that do not. countries. Some non-EU countries are thought
to not “adequately” meet EU standards for pri-
The receiving office or person should have a basic vacy protection.
understanding of such requests:
• The nature and kinds of records and The US Department of Commerce, in consulta-
information that are maintained on campus tion with the European Data Privacy Commission,
and that are likely to be requested. has developed a “Safe Harbor” framework to pro-
vide a means for US companies to comply with
• The nature and structure of the institution’s the EU Data Protection Directive via the US-EU
recordkeeping systems, including, but not Safe Harbor program. In addition to applying for
limited, to its IT systems. safe harbor certification, companies have also
found it effective to have internal groups and pol-
260
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
icies that strictly address data privacy and the The Working Group’s recommendations, which
transmission of electronically stored information are not binding on the privacy authorities of the
across borders. various EU countries, include the following:
Data privacy is a legal decision that must be care- Consent. Individuals may consent to the pro-
fully analyzed before collecting or transferring cessing of their personal information. Obtain-
data belonging to employees. It is advisable to ing consent, however, is no simple matter. To be
seek the advice of local counsel in the specific effective, consent must be given freely—it cannot
country to provide guidance on compliance with be coerced, even mildly, by an employer—vol-
local regulations. untarily, and knowingly. Evidence of consent
must be clear and consent, once given, may be
THE EU GENERAL DATA revoked. Broad advance waivers as a condition
PROTECTION REGULATION of employment are not effective; consent must
be provided affirmatively and with reference to
The EU has a wide-ranging data privacy law that
the specific documents the production of which
has been implemented by individual countries.
has been requested. Where obtaining consent
The EU data privacy law extends to any docu-
is not feasible, the party from whom documents
ment containing information about an EU cit-
are requested must at least disclose to affected
izen, and it governs not just the production of
persons that their personal information will be
this information, but also how, where and under
processed, and possibly disclosed, and offer such
what circumstances the information can be pro-
persons the right to object.
cessed and stored.
Necessary for compliance with a legal obligation.
Under EU data privacy laws, “personal infor-
Processing is permitted where a member state
mation” has a much broader definition than is
has authorized it for the purposes of meeting a
understood in the US. In Europe and elsewhere,
legal obligation to comply with a court order of
personal information is virtually any information
another jurisdiction regarding pre-trial discovery.
about an individual, including name, physical and
email address, family members and similar facts
Necessary for meeting a legitimate interest.
that can be used to identify someone, even if the
Processing and transferring personal information
information is created and maintained in a busi-
data may be authorized to meet the demands of
ness environment. EU data protection laws con-
litigation if accomplished in a measured, propor-
trol the processing and transfer of data contain-
tionate and secure manner. Processing for litiga-
ing any personal information.
tion requires balancing the rights of the individ-
uals whose personal data are processed against
The General Data Protection Directive (GDPR)
the rights and interests of litigating parties.
does not completely prohibit processing and
transferring. The directive has, however, been
interpreted to seek compliance with certain data PROTECTING THE DATA UNDER THE EU
protection requirements. For example, in Febru- DATA PROTECTION REGULATION
ary 2009, a Working Group established under the A party seeking to process personal data for liti-
Directive published “Working Document 1/2009 gation must take numerous steps to protect per-
on Pre-Trial Discovery for Cross Border Civil Liti- sonal information. As much processing as possi-
gation,” which provides guidance in managing the ble should be accomplished within the European
tension between US litigation discovery obliga- Union. The data must be anonymized or at least
tions and the EU’s data protection requirements. pseudonymized, and must be culled of irrelevant
personal information. Truly sensitive information,
261
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
such as official ID numbers, health and tax infor- lowing negotiations with the European Commis-
mation should be purged from the data. If the data sion. The Department of Commerce provides a
to be transferred contains personal information, process of self-certification based upon adher-
the request to transfer it must be proportionate ence to several principles pertaining to the pro-
to the legitimate needs of the case, and reason- tection of personal data. These include:
able provisions should be made to secure the data
and to prevent its use and transfer beyond the • Mechanisms for effective supervision of data
matter at hand. Personal information must not be management with strong ongoing oversight
indefinitely retained. • Limits on how data can be accessed and used
for purposes of US national security and
Penalties for violating privacy laws can be severe. intelligence
Private parties seeking data that contains per- • The ability to field and respond to individual
sonal information must be very familiar with the complaints brought to a participating
laws of the jurisdiction hosting the data. Even organization within 45 days
data created in the work environment gener-
ally falls within the scope of the Data Protection • Public declaration of commitment to the
Regulation. For example, unlike what typically is Privacy Shield Framework
held to be the case in the US, email created in • Informing individuals of their rights to
the work environment that identifies a natural access their data, and informing individuals
person by name, address or context is considered what regulatory bodies have authority
protected personal information under the direc- over the organization’s compliance with
tive. Reports from committees that identify com- the Framework
mittee members may also be considered personal
information.
262
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
Q 12-1. Your financial institution has been subject to several hacking attempts over the
last few weeks. While none have been successful, you worry that it might be a matter
of time. To keep your network secure, you have decided to update your network secu-
rity policies.
What is an important step to include in your network security policy?
A. Educate your online customers to detect phishing attempts and other fraudulent
email scams.
B. Disable auto deletion of old data, including access logs, and move them to an
archive server.
C. Only permit administrative connections via the Internet through HTTPS or SSH
connections.
D. Require confirmation from network engineering before resetting any lost passwords.
See Answer and Rationales
Q 12-2. Your organization has a large online presence, providing all key services online.
You have recently found out that a hacker has gained access to your secure network, steal-
ing millions of customer usernames and passwords. You think the access was gained via
social engineering.
Your company’s success depends on your keeping this data secure, so your organization
wants to put procedures in place to ensure it can prevent any such further attacks. As an
initial step you have terminated Internet access for engineering and IT.
What would be the MOST effective further action for your firm to immediately take to pre-
vent this specific type of attack from happening again?
A. Restrict external access on all routers and servers allowing administrative access only
from workstations in the engineering and IT departments.
B. Staff should not be allowed to download any materials from the Internet or private
disks to the organization’s local drives.
C. Require all customers to change their passwords on a regular basis to access their
accounts and require strong passwords.
D. Upgrade all network firewalls and ensure they are running current software.
See Answer and Rationales
263
@2019 Association of Certified Financial Crime Specialists
CHAPTER 13
ETHICAL
RESPONSIBILITIES
AND
BEST
PRACTICES
OVERVIEW
264
CHAPTER 13 • ETHICAL RESPONSIBILITIES AND BEST PRACTICES
.These tests may arise from the following repre- occur. Because financial crime invariably involves
sentative examples: illicit proceeds, there are many opportunities for
temptation. Many financial crime specialists in
• A private banking client who applies pressure the public and private sectors have been lured
to not file a required government report on into wrongdoing when they confront the chance
a transaction to earn many times their salaries by conducting a
• A public official who asks that a suspicious single transaction.
transaction be overlooked or obfuscated
• A judge or regulator who insinuates that Financial criminals usually go to great effort and
an unlawful payment to him or her would expense to obtain and conceal the proceeds of
achieve the result you want their crimes. Often, they attempt to manipulate
or corrupt employees of financial institutions
• A customer who asks you to misstate the and their pursuers, including law enforcement
facts about him so that he may be accepted agents, regulators, compliance officers, risk offi-
as a customer by your financial institution cers, lawyers, financial institution executives and
• A superior who asks you to ignore an internal others. Their goal is to frustrate the control and
policy to facilitate an unlawful transaction he compliance systems that have been built to com-
is advocating bat them. It is important that a financial crime
• The temptation to sell or trade on specialist remain on guard against ethical temp-
confidential information that comes to tations and violations. This can mean the differ-
you on the job ence between a successful career and a situation
that results in losing your job and your freedom.
• An employee who approaches you with
possible evidence of a financial crime Financial crime professionals work in many dis-
implicating a senior manager and asks you ciplines. Many of them, such as attorneys and
to suppress it accountants, must adhere to codes of ethics
• A request to ignore an item in a profit and promulgated by their professional associations.
loss statement that might show wrongdoing These professionals must always be sensitive to
these standards and the laws and regulations that
Examples of situations that test the ethical bear- govern their conduct. The work of financial crime
ings of diverse players in the financial crime arena specialists is closely tied to the law, but for them,
worldwide could fill up pages of this Manual. operating in a legal manner is not enough.
If one starts with the conclusion that nothing is Ethics go beyond obeying the law. It entails
worth risking one’s career and the well-being of adherence to a standard of conduct higher than
one’s family, and that it is important to always act the minimum required by law. To become a Cer-
with the highest integrity, ethical lapses will not tified Financial Crime Specialist (CFCS), financial
crime professionals must demonstrate knowl-
edge of the ethical standards that govern them
and a commitment to maintain them. The work
obeying the law… This chapter covers these ethical standards and
addresses ethical issues faced by certain groups
of specialists, such as public and private sector
265
@2019 Association of Certified Financial Crime Specialists
CHAPTER 13 • ETHICAL RESPONSIBILITIES AND BEST PRACTICES
investigators, compliance officers, regulators, tor deciding where to focus an investigation and
attorneys and employees of financial institutions, other similar situations.
corporations and other business entities.
If a fair resolution cannot be found, the financial
crime specialist should not continue favoring one
CODES OF CONDUCT client over another.
Apart from the routine “right or wrong” deci-
sions that financial crime specialists must make
each day, preventing, detecting and combating WHAT ARE ETHICS?
financial crime often offers a dimension of moral The dictionary defines ethics as, “The discipline
ambiguity that is difficult to define. This is where of dealing with what is good and bad; and with a
a strong code of conduct issued by the organi- moral duty and obligation.”
zation where the financial crime specialist works
helps guide the employees. However, a code of Ethics consists of the principles that guide us in
conduct is only as good as the supervision and deciding what is right and wrong. It establishes a
enforcement it receives from the organization sense of duty and obligation -- what we expect of
that issued it. ourselves and of others in any given situation.
When dealing with conflicts of interests among By seeking the guidance of someone else, we are
several clients, a Certified Financial Crime Spe- better positioned to make sound ethical choices.
cialist should consult the clients to resolve the On the other hand, an old adage on ethics says, “If
issues in a way that is acceptable to all. you have to ask about it, it’s probably wrong.”
A guiding principle in resolving conflicts of inter- Ethical decision-making should include the fol-
est should be the fair and equal treatment of the lowing steps:
clients. In these situations, one client should not
receive preferential treatment over another, such Identify the issues—It is important to mentally
as in deciding which client should have an invest- identify issues that present a real or potential
ment opportunity or a financial crime investiga- ethical dilemma, and to understand how one’s
actions affect others. We must weigh the expec-
266
@2019 Association of Certified Financial Crime Specialists
CHAPTER 13 • ETHICAL RESPONSIBILITIES AND BEST PRACTICES
tations of others about our conduct and how they When instituting conflict of interest rules for an
may affect us. It is difficult to act ethically if we organization, do the following:
don’t recognize issues as they arise.
• Develop a systematic and objective approach
Get the facts—Obtain as much information as for screening new clients or selecting
possible to illuminate the situation and obtain cases to pursue or embarking on any task
specific, objective information. One must take a where objectivity and ethical standards
broad view even when only partial information may be tested.
is available. One must consider how to find other • If possible, select a colleague who is
pertinent information. Consider the motivation not affiliated with the matter to screen
some persons may have in supplying partial or the relevant facts and the persons in a
incorrect information. particular situation.
• Designate a conflict of interest officer for
Consider alternative courses of action—In your organization or unit.
resolving ethical dilemmas, one must take a
broad approach, consider other alternatives and
how others will view our actions. One should UNDERSTANDING THE RESPECTIVE
decide which principles apply to a situation and ROLES IN YOUR ORGANIZATION
prioritize them. One should consider the rights of
other stakeholders, treat people fairly and act in Two of the most important principles that gov-
the best interests of the affected persons. ern the conduct of a financial crime specialist
are to constantly remember the rights, well-be-
Consider professional standards—Many pro- ing and obligations of one’s organization and to
fessional organizations issue written codes of honor these factors. One owes a duty of honesty
the standards of conduct, which provide a good and diligence to one’s organization, along with its
measure and test of possible courses of action. mission and constituency.
Experienced colleagues or supervisors may offer
valuable guidance in resolving ethical dilemmas. The work of every financial crime specialist
They may present other issues, share a new per- can involves potential conflicts of interest that
spective or identify areas that one was not view- threaten these interests. They must be recog-
ing objectively. nized and resolved ethically.
Make a decision—It is advisable to choose the INFORM THE ORGANIZATION AND CLIENTS
best option to resolve a particular situation. Act OF SCOPE AND COST OF PROJECTS
decisively and implement your plan even though Financial crime specialists are sometimes
this is sometimes difficult. engaged by clients or their organizations for a
specified project, such as representing a person
Act and assess—It is a good practice to assess or organization that is under investigation for for-
one’s actions and weigh whether they achieve the eign corrupt practices, fraud, money laundering
desired result. It is never wrong to ask yourself, or violation of the sanctions laws and regulations.
“Am I doing the right thing? Would an indepen- The clients or organization should be informed
dent person think that this action is correct and of the likelihood of certain outcomes so they can
fair? How would I react if this were done to me?” make informed decisions on the scope of the work,
the projected fees and costs, and the risk of rep-
utational harm and other negative consequences.
267
@2019 Association of Certified Financial Crime Specialists
CHAPTER 13 • ETHICAL RESPONSIBILITIES AND BEST PRACTICES
When preparing this plan and budget, the finan- The financial crime specialist, including clients
cial crime specialist is in a better position to iden- and superiors, should recognize that the objec-
tify the stages and expected costs. Thus, specialist tives of the project may change over time as more
should always be accurate in estimating expected information is gathered. It is advisable to main-
time frames and costs and avoid the temptation tain a continuing dialogue to refine the objectives
to provide unrealistically low estimates in order and other elements of the project and to docu-
to secure authorization, or to continue a matter ment the decisions in writing.
that he or she knows is unpromising.
268
@2019 Association of Certified Financial Crime Specialists
CHAPTER 13 • ETHICAL RESPONSIBILITIES AND BEST PRACTICES
Similar situations exist in the public sector where Financial institution and corporate regulators
a government operation may be prolonged for often have rules or guidelines that govern how
improper motives. Financial crime specialists at the regulated entities should manage and prevent
government agencies must always remember that conflicts of interests. Most countries prohibit
their resources, including their salaries, are paid conduct that arises from conflicts of interest,
by the taxpayers, who are owed the same hon- such as insider trading or self-dealing. Conflicts
est dealings and conduct as are clients of private of interest can easily elevate from an ethical vio-
sector specialists. lation to a financial crime.
Some conflicts of interest are so significant they In other situations, a situation that begins as a
compel a decision to decline to undertake a mat- failure of internal controls and insensitivity to
ter or to withdraw from an existing one. In other ethical obligations can become a financial crime
situations, conflicts may be managed by adopting which brings severe financial consequences to
protective measures, such as obtaining written innocent individuals and organizations, includ-
waivers from one’s superiors or clients, disclos- ing reputational harm, governmental penalties or
ing potential conflicts to superiors or clients or prosecution and lawsuits by the victims.
blocking access to documents and other things
to prevent people and information from a dif- INFORMATION BARRIERS
ferent case from contaminating or affecting a Information barriers or “firewalls” can provide
current matter. strong protection against conflicts of interest at
private- and public-sector entities. These barri-
UNDERSTANDING & RESOLVING ers are intended to limit the flow of information
CONFLICTS AT DISTINCT PRIVATE AND between internal units and persons. They are
PUBLIC ENTITIES designed to allow employees of an organization
Everyone who works in the financial crime field to advance their legitimate activities without
has the obligation to place the interests of their exposure to information that may produce a con-
organization, customers, constituents and other flict of interest.
stakeholders above their own. Employees of
financial institutions in the broad sense of the Information barriers at private- and public-sec-
term, in particular, must recognize the purposes tor organizations may take various forms based
for which accounts, relationships or trusts they on the size and services the organization pro-
manage and oversee were created, and adminis- vides. They can be physical barriers, such as the
ter them accordingly. physical separation of units of employees in the
blocking of access to certain information by elec-
Institutions and commercial corporations must tronic means.
also ensure that their customers are treated hon-
estly, fairly and equitably, and that their employ- Information barriers should also include policies
ees are not extending undue privileges and ben- and procedures that explain problems that may
efits, intentionally or unintentionally, to some be encountered, how to resolve them and how
customers over others. to apply the organization’s policies. Some com-
mon controls on conflicts of interest at private-
Conflicts of interest may arise in transac- and public-sector organizations may include
tions or dealings involving insider or privileged the following:
information.
269
@2019 Association of Certified Financial Crime Specialists
CHAPTER 13 • ETHICAL RESPONSIBILITIES AND BEST PRACTICES
• Assessing the services, activities, functions Similarly, decisions to not follow certain onboard-
and distinct types of employees to identify ing or monitoring procedures should, of course,
where conflicts of interest may arise not be based on an expectation of financial gain
• Restricting employee access to information offered by the customer, or bonuses or other
through a system of multi-tiered access benefits from the organization for onboarding or
rights or similar limitations monitoring a customer.
• Written conflict of interest policies that Financial crime specialists, including compliance
clearly outline prohibited behavior and and risk management specialists, frequently have
provide guidance, instructions and examples access to a customer’s personal information. A
on avoiding conflicts of interest specialist must securely store and manage cus-
• Training programs that teach awareness of tomer information and access and retain if it is
and sensitivity to conflicts of interest and necessary for onboarding and monitoring and as
their ethical resolution required by law or regulations. The Data Security
• Secure methods to record and preserve and Privacy chapter of this manual cover other
relevant information at the start of an considerations in the handling of customer and
operation or a customer and business other sensitive information.
relationship to identify and manage
conflicts of interest BUILDING CONFLICT OF
INTEREST POLICIES
• Clear policies and instructions that govern
disclosure to the appropriate government When not properly managed, conflicts of inter-
authorities of internal lapses in honest and est can be a source of serious repercussions
proper conduct by the organization and and consequences. To manage conflicts effec-
its employees tively, business and government organizations
must have thoughtful and sound written policies
ETHICAL ISSUES IN ONBOARDING AND and procedures.
MONITORING CUSTOMERS
The key part of a sound process is the ability
Financial crime specialists who work in com- to identify all the parties involved in any case,
pliance and risk management sometimes have an account, business transaction or matter. By
latitude in the onboarding and monitoring of knowing who is involved, potential conflicts are
customers and customer activity. The ethical more readily identified.
considerations for persons who onboard and
monitor customers are similar to those that can At larger organizations, identifying conflicts
be used to resolve conflicts of interest. can be complicated. All relationships and con-
flicts may not be readily apparent. Poor internal
When deciding whether to onboard a customer communications can allow conflicts to go unde-
and monitor customer activity, a financial crime tected. Staff turnover also increases risk levels by
specialist must follow the policies and procedures increasing the loss of institutional knowledge.
of the organization. Compliance officers and
other employees should not subject a customer In conflict management, the staff and their rela-
to enhanced due diligence procedures, for exam- tives and business and personal connections are
ple, because of a personal bias against the cus- an important consideration. A conflict of interest
tomer or a “feeling” without supporting evidence. policy should alert pertinent units of an organi-
zation to possible conflicts in distinct types of
relationships. Developing and implementing a
270
@2019 Association of Certified Financial Crime Specialists
CHAPTER 13 • ETHICAL RESPONSIBILITIES AND BEST PRACTICES
system to capture and retrieve employee and cli- conflict of interest and ethics policies and the
ent information is essential to identify potential organization’s expectations and procedures.
conflicts of interest.
271
@2019 Association of Certified Financial Crime Specialists
CHAPTER 13 • ETHICAL RESPONSIBILITIES AND BEST PRACTICES
CONFLICTS IN THE INTERACTION OF A potential conflict also arises when a new case
INVESTIGATIVE TARGETS AND LAW will be affected by confidential information the
ENFORCEMENT AGENTS specialist learned in an unrelated situation. Pos-
It is not uncommon for a financial crime specialist session of this information could result in prej-
to interact with the subjects or targets of a case or udice to the prior client and affect one’s ability
investigation. These persons may make improper to fulfill the full obligations with the new client.
requests, such as to ignore or not disclose certain Similar conflicts may arise for specialists who
information, and may also offer unlawful com- work in government agencies.
pensation to look the other way.
The first step a financial crime specialist should
Any agreement to such a request is a betrayal take when a new matter arrives is to conduct a
of the duty to the organization. Such offers or “conflict of interest check.” This involves com-
requests should be reported immediately to the paring the names of all persons and entities that
appropriate superiors, including internal affairs were associated with a prior matter with those
officers, because they may amount to attempted involved in the new matter. The names of persons
bribery or extortion that should be reported to and entities that are connected to the new client
law enforcement authorities. or matter should also be checked against those
in prior matters. This process requires a current
If there is a duty to notify law enforcement list of all persons, organizations and clients with
authorities, legal counsel should be consulted to whom the financial crime specialist or the orga-
assure obedience with applicable laws and reg- nization had prior dealings.
ulations. Because of the harm that may result to
innocent parties, everything reasonable should The second recommended step is to determine
be done to verify the credibility of the allegations. overlaps in the work done in the past, and the
anticipated work in the new matter. When a name
FORMER AND CURRENT CLIENTS associated with a new matter is the same as one
AND COLLEAGUES in a prior matter, attention should be paid to
determine if a conflict exists. If a financial crime
A financial crime specialist may encounter con-
specialist is asked to take action against a former
flicts from work that he or she has previously
client, this poses a significant conflict of interest
performed, such as when a new matter is opened
and the specialist should decline the matter.
that involves persons with connections to prior
work done by the specialist or the organization.
272
@2019 Association of Certified Financial Crime Specialists
CHAPTER 13 • ETHICAL RESPONSIBILITIES AND BEST PRACTICES
The third step is to establish procedures that CONFLICTS BETWEEN THE CLIENT AND THE
assure that an overlap in names does not preju- FINANCIAL CRIME SPECIALIST
dice past or prospective clients. The greater the Many conflicts may arise between a financial
overlap, the greater the actions a financial crime crime specialist and his or her colleagues or cli-
specialist should take to prevent harm to the ents. Some are inherent in work performed for a
organization, matter or present or past clients. fee. Procedures should exist that ensure that all
work billed to a client is honestly and fairly per-
The following actions may be taken to prevent formed. A financial crime specialist has a respon-
harm when potential conflicts of interest arise: sibility to the organization, colleagues and clients
• Promptly disclosing to past or present to assure that work performed is authorized and
colleagues, clients or organizations the reasonably crafted to accomplish the ultimate
nature of a potential conflict of interest goal set by the organization.
• Asking these persons and organizations to Some conflicts arise from disagreements over
waive conflicts of interest that may exist, if it fees or difficulties of an organization or client to
is appropriate find an operation. An example is when a financial
• Creating a wall or other safeguards to ensure crime asset recovery specialist has agreed to pro-
that persons who were involved with a prior vide services on a contingent basis with the fees
matter will not see or have access to files of to be paid from a client’s winnings. If the client
the new matter and will not participate in it becomes unable to continue funding the case, the
• Declining to accept the prospective specialist faces the prospect of losing an opportu-
matter or case nity to collect a good contingency fee and may be
tempted to propose improper funding of the case.
Sometimes a conflict of interest cannot be These conflicts should be addressed quickly and
avoided in advance because its existence is not discussed in the initial engagement agreement.
known until a later stage. When conflicts are
discovered later, a complete, prompt disclosure Conflicts may arise for non-financial reasons,
to all affected parties must be made. In most such as when a superior or client imposes limita-
cases, skilled financial crime specialists can work tions that the financial crime specialist believes
with the affected persons to reach an accept- are unreasonable. A client may insist that the
able resolution. financial crime specialist focus on a target that
the specialist believes has little value to the case,
If a resolution cannot be found, the specialist for example. Or, when a superior or a client may
should not continue to work in a situation where ask the financial crime specialist to engage in ille-
one client may be favored over another. gal or unethical conduct. These problems must
be confronted directly and discussed with appro-
In government matters, similar conflicts to those priate persons in the organization. The financial
in the private sector may arise. A government crime specialist should document all pertinent
financial crime specialist should never compro- actions discussed and taken.
mise a proper action in order to obtain an advan-
tage in a present matter, unless a well-considered PROTECTING THE INTERESTS OF THE
decision favoring a concession is justified. A plea ORGANIZATION OR CLIENT
bargain, coupled with other inducements that A financial crime specialist should assure that he
government agents may offer to a target or infor- or she is not engaging in conduct that may harm
mants in a financial crime matter, is an example his organization or client. It is a good idea to fol-
of such a compromise. low the medical field’s Hippocratic Oath, “First,
273
@2019 Association of Certified Financial Crime Specialists
CHAPTER 13 • ETHICAL RESPONSIBILITIES AND BEST PRACTICES
do no harm.” Financial crime specialists perform This was illustrated in the mid-2000s when a For-
a valuable service when they advise their orga- tune 500 company hired private investigators to
nizations, colleagues or clients that the actions identify the source of leaks of confidential board
they are suggesting may be unproductive, coun- of director information to the media. The inves-
terproductive, harmful, improper or unethical. tigators used deceptive telephone calls to obtain
Examples include the following: banking and phone records of suspected persons.
When the scheme was discovered, the company
• Pursuing a civil action where the costs and several officers became the subjects of crim-
are expected to exceed the value of the inal investigations. The company paid a large fine
successful outcome or recovery and several officers were fired.
• Engaging in conduct likely to be offensive
to a court and result in sanctions or other By its very nature, financial crime is full of cir-
negative consequences to the client and the cumstances that may harm or destroy the repu-
financial crime specialist tations of persons. Being mindful and respectful
• Undertaking actions that will likely of the ethical obligations that a specialist car-
cause embarrassment or harm to an ries as part of the job is an essential part of all
organization or client financial crime positions and a crucial element
of the Certified Financial Crime Specialist (CFCS)
certification.
274
@2019 Association of Certified Financial Crime Specialists
CHAPTER 13 • ETHICAL RESPONSIBILITIES AND BEST PRACTICES
Q 13-1. Sallie Jones holds a significant administrative position in the Defense Department
of her home country, overseeing various information technology projects. Sallie’s husband,
Joe, was recently hired in sales by a software company, Company A. The CEO of Company
A is a personal friend of Sallie’s, and ultimately hired Joe.
Shortly after Joe was hired, the Defense Department and Company A entered into a con-
tract for the purchase of software. Joe was assigned to the account. Sallie was not involved
in the initial contract negotiations and did not know they were taking place. After the
contract was signed, Sallie was involved in the decisions to use the company on subse-
quent projects.
275
@2019 Association of Certified Financial Crime Specialists
CHAPTER 14
INTERNATIONAL
AGREEMENTS
AND
STANDARDS
OVERVIEW
From the local to the global, efforts to detect and prevent finan-
cial crime occur on many levels. As discussed in previous chap-
ters of this Manual, financial crime is a global plague that takes
place across borders and throughout the national and interna-
tional financial systems. That is why financial crime must also
be addressed on the international level.
276
CHAPTER 14 • INTERNATIONAL AGREEMENTS AND STANDARDS
This has long been recognized by governments ecuting and require the political will and com-
and their enforcement and regulatory agencies. mitment to implement them by laws, regulations
Through treaties, interagency arrangements and and enforcement.
international organizations, governments world-
wide have sought for decades to build cooperation This chapter will highlight the noteworthy inter-
concerning standards and procedures for policy, national standards and the organizations behind
regulation and enforcement concerning financial them. In many cases, the standards and agree-
crime. These efforts were spearheaded by North ments are only summarized briefly. When doc-
American and European nations in the past, but, uments or recommendations are referenced by
in recent years, many developing nations have name, the financial crime professional should
played a significant role. consult these sources. Links are provided
throughout the chapter and in the Appendix.
Developing consensus around best practices in
financial crime control has not been limited to
the public sector. Private sector groups, particu- UNITED NATIONS
larly in banking and financial services sectors, are The United Nations is the most visible interna-
increasingly active in setting international guide- tional body with 193 member nations. The nations
lines on compliance, ranging from your customer act similarly to a global legislative body, voting on
procedures to due diligence procedures for cus- a wide variety of policies and resolutions, which
tomers and third parties. are then are supposed to be implemented by
member countries. Many measures enacted by
Most recently, nonprofit organizations and advo- the UN are not legally binding, and are seen as
cacy groups have also established a major pres- mainly symbolic.
ence on the international level. Groups such as
Transparency International, Global Financial The UN can also propose multilateral trea-
Integrity, Human Rights Watch, and others have ties, known as conventions, which bind member
used lobbying and media campaigns to pressure nations to adopt legislative measures or regula-
governments, financial institutions and other tory policies to implement them. While imple-
corporations to act on important financial crime mentation often varies widely among UN member
issues ranging from corruption and tax evasion states, conventions can be powerful tools to drive
to secrecy havens. policy changes internationally.
Taken together, there is a clear trend toward One convention with significant effect in the
greater international cooperation and coordina- financial crime field is the United Nations Con-
tion on financial crime issues in the public and vention Against Corruption, which is discussed in
private sectors. New initiatives such as the US For- the Global Anti-Corruption chapter.
eign Account Tax Compliance Act of 2010 (FATCA)
have accelerated this trend. Therefore, a financial Another important international agreement that
crime specialist should know the principal actors originated with the UN is the United Nations Con-
and standards in the international arena. vention Against Transnational Organized Crime.
This convention was adopted in 2000 and has
There is no scarcity of international standards, been ratified by more than 175 member nations.
conventions and organizations that establish Generally, it commits signatories to adopt laws
standards of proper conduct in dealing with and enforcement mechanisms to combat human
financial crime. The great limitation on their trafficking, migrant smuggling and arms traf-
effectiveness is that these norms are not self-ex- ficking. Some of the measures required by the
277
@2019 Association of Certified Financial Crime Specialists
CHAPTER 14 • INTERNATIONAL AGREEMENTS AND STANDARDS
convention include money laundering and asset institutions and other organizations to combat
forfeiture laws to seize criminal proceeds. Signa- money laundering.
tories to the convention are monitored for com-
pliance with the treaty’s provisions by panels of The FATF’s stated purpose is to develop policies
UN-appointed experts under the direction of the to control and prevent money laundering and
UN Office on Drugs and Crime. terrorist financing. Over the years, the FATF 40
Recommendations have been revised to reflect
The United Nations also issues sanctions against the changing financial crime landscape. Before
countries that are deemed to be violating inter- the most recent amendments in 2012, the FATF 40
national principles. The sanctions impose prohi- Recommendations were revised in 1996, 2001 and
bitions on commerce and financial transactions 2003. After the terrorist attacks of September 11,
with the sanctioned countries. 2001, (9/11) the FATF issued nine special recom-
mendations aimed at the financing of terrorism.
UN sanctions originate with the UN Security
Council and commit UN member states that In early 2012, the FATF took its biggest step away
adopt them to comply with the limitations on from a strict focus on money laundering. It began
trade and transactions. These sanctions are simi- to emphasize the importance of targeting cor-
lar to those imposed by the US Treasury Depart- ruption and tax evasion, which are intertwined
ment’s Office of Foreign Assets Control (OFAC) with money laundering. Thus, the FATF’s recom-
and other nations. They typically include a list of mendations seem to be taking the same route
sanctioned entities, agencies or individuals. In the toward financial crime “convergence” that finan-
case of sanctions limiting financial transactions, cial institutions and government agencies around
they usually require the blocking of transactions the world are pursuing. (See Appendix for the
to or from the sanctioned entity and the placing FATF 40 Recommendations of 2012.)
of the funds in an interest-bearing account. They
do not require countries to detain or arrest per- As of early 2018, The FATF had 37 members, con-
sons or entities that are listed in sanctions lists. sisting of 35 jurisdictions and two regional orga-
nizations (the Gulf Cooperation Council and the
UN sanctions are sometimes used to deter coun- European Commission).
tries from taking aggressive military action
against other countries, or to punish coun- The FATF also has a global network of so-called
tries that do so. FATF-Style Regional Bodies (FSRBs) that follow
their own, albeit compatible, programs and pol-
icies. These bodies promote implementation of
FINANCIAL ACTION TASK FORCE the FATF 40 Recommendations by their members
The Financial Action Task Force, or FATF, was and advise FATF on regional issues and condi-
formed in 1989 by the G-7 nations, which then tions. There are eight regional FSRBs.
were Canada, France, Germany, Italy, Japan,
United Kingdom and the US. Since then, the FATF The FATF is strictly a policy-making body without
has evolved into the principal standard-setter of enforcement authority. To drive implementation
global anti-money laundering controls and poli- of its policies and recommendations, the FATF
cies for nations, financial institutions and other organizes programs of mutual assessments of
private sector organizations. The first formal nations. In an FATF mutual assessment, a nation
action of the FATF in April 1990 was to promul- submits to a review by teams of experts from
gate the “40 Recommendations,” which recom- other countries, who gauge the nation’s prog-
mend conduct by government agencies, financial
278
@2019 Association of Certified Financial Crime Specialists
CHAPTER 14 • INTERNATIONAL AGREEMENTS AND STANDARDS
ress toward full implementation of the 40 Rec- anti-money laundering baseline, financial crime
ommendations. specialists should read the full text of the 40 Rec-
ommendations, available at http://www.fatf-gafi.
This assessment may lead to public exposure org/topics/fatfrecommendations.
of deficiencies in money laundering and finan-
cial crime policies and enforcement. This expo- To show their scope and the topics they cover, a
sure and the potential political embarrassment listing of the recommendations follows:
and public outcry that may follow exerts pres-
sure on nations to comply with the FATF’s Rec- • Anti-money laundering and
ommendations. terrorist financing
1. Assessing risks and applying a risk-
Additionally, since 2000, the FATF has published based approach
a so-called “blacklist” of nations that refuse to 2. National cooperation and coordination
follow the FATF Recommendations or to comply
with its international standards on money laun- • Money Laundering and the confiscation of
dering and financial crime enforcement. The associated proceeds and instrumentalities
blacklist proved to be so effective that all coun- 3. Money laundering offense
tries were removed by 2008, although the FATF 4. Confiscation and provisional measures
still publishes a semi-annual list of “high- risk and
non-cooperative” countries. • Terrorist financing and the financing of
proliferation
40 RECOMMENDATIONS OF THE FINANCIAL 5. SR-II [Special Recommendation on
terrorist financing II] related to the
ACTION TASK FORCE
terrorist financing offense
The 40 Recommendations can be found at the
6. SR-III [Special Recommendation on
FATF website, www.fatf-gafi.org. They are listed
terrorist financing III] addressing targeted
in seven broad categories and focus on pol-
financial sanctions related to terrorism
icy measures for nations and best practices for
and terrorist financing
financial crime controls at financial institutions
and corporations. 7. Proliferation and related targeted
financial sanctions
Although primarily focused on money launder- 8. Non-profit organizations
ing and terrorist financing, the FATF Recommen-
dations have increasingly branched out to cover • Preventive measures
financial crime as a whole. The 2012 version of 9. Secrecy laws of financial institutions
the recommendations, for example, included pro- 10. Customer due diligence standards
visions directing countries to make tax crimes
11. Record keeping requirements
predicate offenses for money laundering cases
and calling for enhanced scrutiny of political- 12. Politically exposed persons (PEP)
ly-exposed persons (PEPs) to combat corruption. 13. Correspondent banking
14. Money or value transfer services
The 40 Recommendations apply directly to
compliance professionals. Many of the Recom- 15. Emerging or new technologies
mendations have been widely implemented as 16. Wire transfers
key elements of compliance programs at finan-
17. Third parties and reliance on their data
cial institutions worldwide. Because of their
and reporting
importance and broad acceptance as a global
279
@2019 Association of Certified Financial Crime Specialists
CHAPTER 14 • INTERNATIONAL AGREEMENTS AND STANDARDS
280
@2019 Association of Certified Financial Crime Specialists
CHAPTER 14 • INTERNATIONAL AGREEMENTS AND STANDARDS
funded by members countries based on a formula The Working Groups, as well as other OECD
that takes into account the size of each mem- groups such as the CleanBizGov Initiative, pro-
ber’s economy. mote greater public and private sector transpar-
ency, issue reports and publications that are use-
The OECD may develop standards and models, ful for financial crime specialists. All are available
recommendations or guidelines. OECD publica- on the OECD website at http://www.oecd.org.
tions play an important role in disseminating the
OECD’s programs and positions. Because of the
OECD’s diverse focus, the standards it promotes BASEL COMMITTEE AND
apply in a number of financial crime fields. One ITS GUIDANCE
of the most important is the OECD Anti-Bribery The Basel Committee is an international body
Convention, which contains provisions seek- consisting of senior representatives of central
ing enactment of laws to criminalize bribery of banks and government banking regulatory agen-
foreign public officials in international business cies. Originally intended as a forum to discuss
transactions. It also provides a host of related bank supervision issues when it was established
enforcement measures. The Convention on Com- by the Group of 10 countries in 1974, it has evolved
bating Bribery of Foreign Public Officials in Inter- into a body that sets international standards on
national Business Transactions and Related Doc- banking supervision generally, including stand-
uments is discussed in the Global Anti-Corruption ards on financial crime compliance.
chapter, and a link is included in the appendix.
One of the most important documents of the
The OECD has also been active in building inter- Basel Committee is the Basel III Accords, a com-
national cooperation on tax evasion and tax prehensive set of measures designed to reinforce
avoidance. In addition to helping create formal the regulation, supervision and risk management
tax treaties, the OECD member countries have of the banking sector. Although it is an important
used the organization as a forum for increased document for the financial sector, its recommen-
cooperation for the exchange of tax information dations do not directly touch financial crime and
among countries. In April 2013, the OECD called is not addressed in detail here.
for member states to implement a system of auto-
matic exchange of financial account information CUSTOMER DUE DILIGENCE FOR BANKS
for tax purposes, similar to the model estab-
lished by the US Foreign Account Tax Compli- The Basel Committee publication, Customer Due
ance Act. This later became the Common Report- Diligence for Banks, is another significant guide-
ing Standard. line, particularly for compliance officers. It pro-
vides guidance on the elements and implemen-
To help execute the provisions of its conventions, tation of customer due diligence programs for
the OECD organizes Working Groups, composed banks and explains key elements of a “know your
of experts from member nations. The Working customer” policy, including policies for accept-
Groups collect information from OECD members ing customers, identifying customers, ongoing
on how they are implementing the policies of the monitoring of accounts and transactions and
conventions and issues reports on the progress of risk management. It also discusses the key role
member states, similar to the FATF mutual evalu- of supervisors and managers in the KYC process
ation process. The Working Group on Bribery, for and best practices for implementing KYC across
example, oversees implementation of the OECD national borders.
Anti-Bribery Convention.
281
@2019 Association of Certified Financial Crime Specialists
CHAPTER 14 • INTERNATIONAL AGREEMENTS AND STANDARDS
The Customer Due Diligence standards range In many respects, Directives mirror the FATF Rec-
from the general, such as recommending that due ommendations. EU member states are allowed
diligence is proportionate to the customer risk, to to independently enact more stringent AML and
the much more specific. For example, the stand- financial crime policies than those specified in
ards recommend that a customer’s first payment the Directives. As of early 2018, EU authorities
through an account in the customer’s name with had implemented the 4th AML Directive, which
another institution should be subject to similar aligned the EU’s AML regime with the revised 40
customer due diligence standards. Recommendations of the FATF released in 2012.
In addition to financial institutions, the commit- The EU’s governing bodies also agreed to a pack-
tee says customer due diligence principles should age of amendments and enhancements, known
be developed for non-bank financial institutions as the 5th Directive, that expanded corpo-
and mediators of financial services, such as rate transparency through publicly accessible
accountants and lawyers. national registries.
CONSOLIDATED KNOW YOUR CUSTOMER The Directives apply not only to the financial sec-
(KYC) RISK MANAGEMENT tor but also to lawyers and accountants, casinos,
estate agents, trust and company service provid-
The Committee published the Consolidated
ers and high value dealers. All persons subject to
KYC Risk Management in October 2004, which
the Directive must be supervised for AML con-
includes guidelines for policies and procedures
trols by a competent authority.
governing “know your customer” operations
at banks. In a brief nine pages, it provides a
These are some of the other highlights of
good high-level overview of KYC processes and
the Directives:
best practices.
• Cover terrorist financing as well as
It also covers management and oversight of KYC money laundering.
programs, policies for customer identification
• Contain detailed customer due diligence
and acceptance, and recommendations for trans-
standards. In particular, it states that:
action and account monitoring. In addition, it
addresses how institutions should have a global » CDD is defined as including not just
process for KYC, shared among all branches and customer identification and verification,
businesses lines, as well as information-sharing but also establishment of the purpose and
across the entire business subject to privacy laws. intended nature of the business relationship
and ongoing monitoring
» CDD applies to new and existing customers
EUROPEAN UNION DIRECTIVES ON
» It requires identification of beneficial
MONEY LAUNDERING
owners and verification of the beneficial
European Union Directives on Money Laundering owner’s identity.
are the key AML policy for EU member countries.
» It contains guidelines for simplified
Directives specify the legal and regulatory frame-
due diligence for certain low risk
work that EU nations are required to implement
situations, and requires enhanced due
concerning money laundering controls. Direc-
diligence in situations that present a
tives imposes major compliance requirements on
higher money laundering or terrorist
banks, other financial institutions and gatekeep-
financing risk – including non-face-to-
ers that operate in or do business in EU nations.
face business, ‘politically exposed persons’
282
@2019 Association of Certified Financial Crime Specialists
CHAPTER 14 • INTERNATIONAL AGREEMENTS AND STANDARDS
283
@2019 Association of Certified Financial Crime Specialists
CHAPTER 14 • INTERNATIONAL AGREEMENTS AND STANDARDS
mediaries. For example, the Principles state that tionnaire forms from financial institutions. The
in certain circumstances banks may rely on the Repository can be a valuable resource for other
intermediary to collect information and docu- institutions conducting due diligence, as well as
ments required for customer due diligence. investigators and regulators attempting to assess
a bank’s governance and AML program.
The Principles cover situations that may warrant
enhanced due diligence, including customers
located in high-risk jurisdictions and PEPs. They CONCLUSION
also provide direction on recommended actions While they may sometimes seem remote from a
to take when unusual or suspicious activities are professional’s day-to-day duties, international
detected, as well as ongoing customer monitor- standards and agreements, as well as the orga-
ing and screening. nizations that develop them, are an essential ele-
ment of the financial crime field. Many standards
In addition to its Statements and Principles, the contain guidance on compliance and enforce-
Wolfsberg Group also created the “International ment best practices that can be applied at finan-
Due Diligence Repository,” a database of due dil- cial institutions and government agencies. Oth-
igence information and documentation on finan- ers raise awareness of key policy or regulatory
cial institutions. weaknesses that are not being addressed in the
public and private sectors.
According to the Wolfsberg Group, the Reposi-
tory includes information on each financial insti- Whatever their source and purpose, these stan-
tution’s license (and the licenses of their sub- dards serve as a reminder of the vast and complex
sidiaries) and copies of corporate governance spectrum of financial crime. Preventing finan-
documents, such as company by-laws, Articles or cial crime is a global battle fought on many levels,
Certificate of Incorporation, and Memorandum, which extends from the smallest transaction at a
Articles or Certificate of Association. local bank to the halls of the United Nations.
284
@2019 Association of Certified Financial Crime Specialists
APPENDIX A
285
@2019 Association of Certified Financial Crime Specialists
APPENDIX A • REFERENCES AND RESOURCES
Money Laundering Using Trust and Company Ser- Fraud Prevention Best Practices
vice Providers http://www.freddiemac.com/singlefamily/pdf/
http://www.fatf-gafi.org fraudprevention_practices.pdf
Evaluates the effectiveness of the practical imple- Detailed explanation of best practices for fraud pre-
mentation of the Financial Action Task Force Forty vention by Freddie Mac, a US federal housing agency.
Recommendations and Nine Special Recommenda-
tions (the FATF 40 + 9 Recommendations) as they Fraudulent Transfer Claims and Defenses In
relate to Trust and Company Service Providers. Ponzi Schemes
http://www.dgdk.com/tasks/sites/dgdk/assets/
Operational Issues Financial Investiga- image/AIRAFraudulentTransferFinal2.pdf
tions Guidance These materials outline issues arising from fraud-
http://www.fatf-gafi.org/media/fatf/documents/ ulent transfer claims brought by trustees against
reports/Operational%20Issues_Financial%20investi- investors and salespeople and the defenses which
gations%20 Guidance.pdf can be asserted to those claims.
Guidance created by FATF. In this revision, emphasis
was given to the operational anti-money launder- Identity Theft Red Flags
ing/countering the financing of terrorism (AML/ http://www.ftc.gov/
CFT) framework. os/2009/06/090611redflagsfaq.pdf
Frequently asked questions about the Identity Theft
Specific Risk Factors in Laundering the Proceeds Red Flags rules.
of Corruption
http://www.fatf- gafi.org/media/fatf/documents/
Audit Standard #5
reports/Specific%20Risk%20Factors%20in%20
http://pcaobus.org/standards/auditing/pages/
the%20Launderin g%20of%20Proceeds%20of%20
auditing_standard_5.aspx#testingcontrol
Corruption.pdf
Lists how an auditor should test for effective controls
Discusses the interrelationship between corrup-
in an institution.
tion and money laundering, discovers the most
common methods used to launder the proceeds
Statements on Auditing Standards #99 Consider-
of corruption, and highlights the vulnerabilities
ation of Fraud in a Financial Statement Audit
leading to an increased risk of corruption-related
http://www.aicpa.org/Research/Standards/Audi-
money laundering.
tAttest/DownloadableDocuments/AU- 00316.pdf
286
@2019 Association of Certified Financial Crime Specialists
APPENDIX A • REFERENCES AND RESOURCES
287
@2019 Association of Certified Financial Crime Specialists
APPENDIX A • REFERENCES AND RESOURCES
domestic and international financial systems to laun- United Nations Convention Against Corruption
der the proceeds of corruption. http://www.unodc.org/unodc/en/treaties/CAC
Introduces a comprehensive set of standards, mea-
The Puppet Masters sures and rules that all countries can apply in order
http://www1.worldbank.org/finance/star_site/pub- to strengthen their defenses against the most preva-
lications/Puppet-Masters.html lent forms of corruption.
Using cases, interviews with investigators, corporate
registries, financial institutions and case studies, the CHAPTER 6: TAX EVASION
book puts forward policy recommendations to guide AND ENFORCEMENT
national legislation and regulations, as well as inter-
national standard setters, on issues of public corrup- FATCA Model 1A
tion and beneficial ownership. http://www.treasury.gov/resource-center/
tax-policy/treaties/Documents/FATCA-Re-
ciprocal-Model-1A-Agreement-Preexist-
Putting Corruption Out of Business
ing-TIEA-or-DTC-11-4-13.pdf
http://www.transparency.org/news/feature/put-
ting_corruption_out_of_business Template of FATCA Model 1A Agreement.
Online results of a survey on the way business people
perceive corruption in their work. FATCA Model 1B
http://www.treasury.gov/resource-center/
tax-policy/treaties/Documents/FATCA-Non-
Recommendation of the Council for Further Com-
reciprocal-Model-1B-Agreement-Preexist-
bating Bribery of Foreign Public Officials in Inter-
ing-TIEA-or-DTC-11-4-13.pdf
national Business Transactions
http://www.oecd.org/daf/anti-bribery/oecdanti- Template of FATCA Model 1B Agreement.
briberyconvention.htm
The Recommendation was adopted by the OECD in FATCA Model 2
order to enhance the ability of the 39 States Parties http://www.treasury.gov/resource-center/tax-pol-
to the Anti-Bribery Convention to prevent, detect icy/treaties/Documents/FATCA-Model-2-Agree-
and investigate allegations of foreign bribery and ment-Preexisting-TIEA-or-DTC-11-4-13.pdf
includes the Good Practice Guidance on Internal Template of FATCA Model 2 Agreement.
Controls, Ethics and Compliance.
FATCA User Guide
Transparency in Corporate Reporting: Assessing https://www.irs.gov/pub/irs-utl/froug.pdf
the World’s Largest Companies A 75-page guide created by the US Internal Revenue
http://www.transparency.org/whatwedo/pub/ Service that covers FATCA’s purpose, regulations,
transparency_in_corporate_reporting_assessing_ and steps needed to comply. The guide is primarily
the_worlds_largest_companies intended for non-US institutions with FATCA compli-
Reading material on corruption and bribery from ance obligations.
Transparency International. This study analyzes the
transparency of corporate reporting on a range of OECD Tax Transparency Report on Progress 2016
anti-corruption measures among the 105 largest pub- https://www.oecd.org/tax/transparency/GF-annu-
licly listed multinational companies. al-report-2016.pdf
This 2016 Report on Progress publication describes
UK Bribery Act the progress made since the OECD’s Global Forum
http://www.legislation.gov.uk/ on Transparency launched its peer review mecha-
ukpga/2010/23/contents nism in 2010.
The original text of the 2010 UK Bribery Act.
288
@2019 Association of Certified Financial Crime Specialists
APPENDIX A • REFERENCES AND RESOURCES
CHAPTER 7: ASSET RECOVERY FATF Guidance for Financial Institutions for Detect-
Asset Recovery Handbook ing Terrorist Financing
https://star.worldbank.org/star/sites/star/files/ http://www.fatf- gafi.org/media/fatf/documents/
asset_recovery_handbook_0.pdf Guidance%20for%20financial%20institutions%20
in%20detectin g%20terrorist%20financing.pdf
Describes approaches to recovering proceeds of cor-
ruption located in foreign jurisdictions; identifies the Detailed report on how to detect terrorist financing.
difficulties that practitioners are likely to encounter;
suggests strategic and tactical options to address the Tracing Stolen Assets
challenges; and introduces good practices. http://www.baselgovernance.org/fileadmin/docs/
publications/books/asset-tracing_web- version.pdf
Barriers to Asset Recovery A guide published by the Basel Institute on Gover-
https://star.worldbank.org/star/sites/star/files/ nance that explains how to trace stolen assets.
Barriers%20to%20Asset%20Recovery.pdf
Recommends the implementation of new policies and Investigative Dashboard
operational procedures to foster trust and mentor http://www.datatracker.org/category/wwd/
other jurisdictions; legislative reforms to facili- elastic-list
tate freezing and confiscation of stolen assets; and Investigative Dashboard includes several databases
better application of existing anti-money launder- that allow collaboration and data-sharing between
ing measures. investigative reporters across the world.
289
@2019 Association of Certified Financial Crime Specialists
APPENDIX A • REFERENCES AND RESOURCES
Provides guidance on the International Financial Provides an overview and lists of OFAC sanctions
Reporting Standards, a global system of accounting related to individual terrorists, designated terrorist
and bookkeeping principles that is gradually gaining organizations, and affiliated businesses, nonprofits
wider international acceptance. and legal entities.
International Organization of Securi- Provides general information about the three distinct
ties Commissions sanctions programs designed to combat the prolifer-
http://www.iosco.org ation of weapons of mass destruction.
290
@2019 Association of Certified Financial Crime Specialists
APPENDIX A • REFERENCES AND RESOURCES
291
@2019 Association of Certified Financial Crime Specialists
APPENDIX A • REFERENCES AND RESOURCES
most directly to lawyers, it also covers conflicts institutions. They cover a wide array of topics, from
of interest. general subjects such as AML and terrorist financing
to more industry specific guidance on prepaid cards,
Model Code of Ethics trade finance and correspondent banking.
http://www.iosco.org/library/pubdocs/pdf/
IOSCOPD217.pdf United Nations Security Council Sanctions
Provides the collective views on ethics of the http://www.un.org/sc/committees/list_
self-regulatory organizations that make up the Secu- compend.shtml
rities Commissions SRO Consultative Committee. Provides more information on the countries and
organizations targeted for sanctions by the United
CHAPTER 14: INTERNATIONAL Nations Security Council. Also provides lists of sanc-
AGREEMENTS AND STANDARDS tioned countries and entities.
United Nations Office on Drugs and Crime 4th European Union Directive on Money Laundering
http://www.unodc.org http://eur-lex.europa.eu/legal-content/EN/TXT/
The Department of the UN that oversees a variety PDF/?uri=OJ:JOL_2015_141_R_0003&from=ES
of financial crime-related initiatives and treaties, The key AML policy for EU member countries, the
including the Convention Against Corruption. Also Directive lays out the legal and regulatory framework
includes relevant links, research and news related to that EU nations are required to implement regarding
the UNDOC projects and initiatives. money laundering controls.
292
@2019 Association of Certified Financial Crime Specialists
APPENDIX B
ANSWERS TO
PRACTICE QUESTIONS
CHAPTER 3 – MONEY LAUNDERING:
Q 3-1. Chuck Smith conducted a Ponzi scheme by luring innocent domestic investors to invest. He claimed
they would get a steady stream of payments over time and would receive a handsome return on their
investments. The transaction worked as follows:
• All investors reside in Smith’s country and wired money to Smith in order to make an investment in reliance on
his representations, which later turned out to be false.
• Smith next moved the funds to an offshore bank account.
• Smith then transferred some of the funds from new investors to previous investors claiming it was money
generated by their investment.
• Smith used the remaining funds to purchase cars and other luxury gifts to create the appearance that he
was successful.
The underlying criminal activity in this case was wire fraud. At which point did money laundering FIRST take place?
− A. When the investor wired money to Smith in reliance on his false representations
− B. When Smith transferred some of the funds from new investors to previous investors claiming it was
money generated by their investment
− C. When Smith used the remaining funds to purchase cars and other luxury gifts to create the appear-
ance that he was successful
" D. When Smith wired funds to the offshore bank account
Answer A is incorrect because the investors’ funds could not be considered proceeds of illegal activity until
they were in the possession of the Ponzi schemer. The transaction was therefore not an act of money laun-
dering, although it could be considered a “specified unlawful activity.”
Answer B is incorrect because the question asks for the first instance money laundering took place. Although
this could be considered money laundering, it is not the first occurrence.
Answer C is incorrect for the same reason as Answer B.
Answer D is correct because this is the first instance where Smith had obtained the proceeds of a criminal
activity and was conducting a transaction with them. It is the most appropriate first instance of money laun-
dering in this scenario.
293
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
Q 3-2. A compliance officer at a major insurance company has recently noticed a pattern of potentially
suspicious transactions from a long-time customer. The customer is employed in a consulting position
that requires her to travel internationally on an unpredictable schedule and she often resides overseas
for extended periods. The customer has several properties insured with the company for large amounts.
In the past three years, she has overpaid her premiums numerous times and then requested a refund be
issued. Concerned that the customer may be laundering funds through the overpayment of premiums, the
officer is investigating the transactions.
Which fact would BEST indicate money laundering may be taking place?
− A. The customer often requests that refunds be made by wire transfer to banks outside of the country.
− B. The customer makes the overpayments at different times of the year and in varying amounts.
− C. The customer has recently taken out a sizeable new insurance policy on a commercial property with
your company.
" D. The customer has requested that refunds on excess premiums be made to an attorney.Q 3-3. A financial insti-
tution holds an account for a charitable organization whose stated mission is to promote literacy in the local com-
munity. The charity derives most of its financial backing from periodic fundraising drives that take in hundreds of
small donations from individual donors.
Answer A is incorrect because it cannot be considered unusual activity due to her customer profile. In the
scenario, we state “The customer is employed in a consulting position that requires her to travel internatio-
nally on an unpredictable schedule and she often resides overseas for extended periods.” As such, requesting
wire transfers to banks outside her country would not be out of the ordinary for this customer.
Answer B is incorrect because the nature of the overpayments actually matches the customer profile. The
fact that she travels on an “unpredictable schedule” supports the fact that the activity is happening at dif-
ferent times of the year. Also, the fact that she “has several properties insured with the company for large
amounts” contributes to the fact that the overpayments are in different amounts.
Answer C is incorrect because it is largely irrelevant to the scenario, and the fact that she already has several
large policies with the company makes it consistent with her profile.
Answer D is correct because it incorporates a classic red flag of money laundering, in that the refunds of the
overpayment of premiums are being sent to a third party.
294
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
Q 3-3. A financial institution holds an account for a charitable organization whose stated mission is to
promote literacy in the local community. The charity derives most of its financial backing from periodic
fundraising drives that take in hundreds of small donations from individual donors.
Recently, the institution conducted a due diligence investigation and noticed anomalous activity in the cha-
rity’s account.
− A. The charity recently purchased a large insurance policy which does not have a surrender clause and cannot be
used as collateral.
− B. The charity has no long-term leasing agreement on a physical property in a nearby town.
" C. The transaction history indicates a pattern of wire transfers to countries with no previous connection to the
charity’s activities.
− D. The transaction history for the charity shows a large number of small cash deposits.
Answer A is incorrect. It would not be uncommon for an insurance policy to lack a surrender clause and
collateral. Those features actually increase the risk that an insurance policy could be used in a financial
crime scheme.
Answer B is incorrect. A lack of long-term lease is not generally indicative of terrorist financing or other
financial crime, is not the best choice of the options given here.
Answer C is correct. Wire transfers to other countries outside of an entity’s operation are an indicator of
potential terrorist financing, especially in the case of non-profits and charities.
Answer D is incorrect. As the scenario states, the charity obtains its funding from drives that take in hun-
dreds of small donations. This would be consistent with the deposit activity indicated here.
295
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
Q 3-4. You are the chief anti-money laundering officer of a full-service bank, and you are designing a risk-
based customer acceptance program to determine the Terrorist Financing risks specific to not-for-profit
(NFP) organizations.
Which enhanced due diligence activity is most essential for these types of client relationships due to the elevated
risk that NFPs pose?
− A. Monitor the financial activity in relation to the stated purpose and objectives of the entity.
" C. Establish who controls the organization and its financial activities down to a low threshold
− D. For NFPs, customer acceptance requirements are the same as for any other customer
Answer A is incorrect. Conducting monitoring of transactions based on the expected activity and purpose of
account is a minimum requirement for any customer, and would not be considered enhanced due diligence
in response to higher risk.
Answer B is incorrect. Obtaining a charter or other formation documents would be a typical part of the cus-
tomer onboarding process, and would not generally be considered enhanced due diligence.
Answer C is correct. Capturing ownership of NFPs, and going beyond the typical threshold to gain more
thorough understanding of the control structure and risks posed by an entity, is a key step for enhanced
due diligence
Answer D is incorrect. According to best practices from the FATF and others, NFPs should generally be con-
sidered as elevated above the standard risk, and require additional measures for customer due diligence.
296
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
He then mentions the earnings report to his wife, and she buys 1,000 shares of stock in her personal trading account.
Her broker, who knows that she is married to the CFO of this company, feels that she must know something, so he
recommends it to many of his clients who buy some very large blocks.
The quarterly numbers are released, and the stock makes a big move as expected. Which individual in this scenario
has committed insider trading?
− A. The CFO
Answer A is incorrect due to the fact that while the CFO clearly had insider information, he did not execute
any trades or participate in any actions that personally benefitted him. The large stock repurchases would
likely indirectly benefit him since they reduce the liquidity in the marketplace and increase the intrinsic
value of the remaining outstanding stock, of which he owns a great deal. Therefore, any subsequent good
news (like beating analyst projections) would have a greater positive impact on the stock price. However,
since this action benefits ALL shareholders it cannot be considered insider trading.
Answer B is correct because the wife had insider knowledge and executed a trade that personally benefitted
her. While she did not hold an insider position, she still had the requisite insider knowledge to commit insi-
der trading. Nowhere in the scenario does it say that the husband had knowledge of this action. If he did, he
might be considered in violation of insider trading rules as well. In real life, the CFO might be hard pressed
to prove he had no knowledge of this trade. In this scenario, choosing between answer A and B is clear due
the fact the CFO’s wife actually executed the trade, and there is no mention of the CFO having knowledge.
Answer C is incorrect due to the fact that the stockbroker did not have any insider knowledge. Since corpo-
rate officers are required to report on their trades, following the actions of known insiders is common in the
marketplace and not illegal.
Answer D is not correct because the clients are even further removed from insider knowledge.
297
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
− A. Providing investment and banking services in Norway poses the highest risk for corruption due to a history of
bribery by Norwegian state-owned oil companies.
" B. Providing services in India poses the highest risk for corruption due to the prevalence of state-owned entities
and Politically-Exposed Persons (PEPs).
− C. Providing investment and banking services in Botswana poses the highest risk for corruption due to wide-
spread graft in government contracts.
− D. Providing services in Chile poses the highest risk due to connections between the Chilean government and
international organized crime rings.
Answer A is incorrect, as while there have been some FCPA cases involving Norwegian state- owned oil
companies, Norway is still considered to be a highly transparent and compliant jurisdiction by international
organizations. This question relies on some knowledge of commonly-used standards and resources used to
rate corruption and financial crime risks internationally, such as the Transparency International Corruption
Perceptions Index, Basel Committee AML Index, and FATF lists of high-risk and non-cooperative jurisdictions.
Answer B is correct as state-owned entities and public-private partnerships are very prevalent in India, and
the country has a history of corruption among public officials. India is generally considered a higher risk for
corruption than the other nations listed here.
Answer C is incorrect, as while Africa is generally considered to be high-risk for corruption, Botswana is
widely recognized as a clean nation that has taken considerable efforts in recent years to combat corruption
and ensure transparent governance.
Answer D is incorrect and simply intended to distract the test-taker. While organized crime groups oper-
ate in Chile like any other country, there is little to suggest they have close ties to government agencies
within Chile
298
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
Q 5-2. A pharmaceutical sales representative from Company X visits a hospital in the country of Rachman-
istan in order to discuss the benefit of his company’s latest drug. The hospital’s chief of internal medicine,
Dr. Y, agrees to meet with him to learn more about the drug and suggests meeting over dinner at a local
bistro. The week after the dinner takes place, the sales rep sends Dr. Y a gift basket as a token of gratitude
for taking the time to speak with him. Company X is publicly traded in the United States and the healthcare
industry in Rachmanistan is entirely government-owned.
− A. Paying for Dr. Y’s dinner is permissible under the United States’ Foreign Corrupt Practices Act.
" B. Dr. Y is a medical professional and thus exempt from the United States Foreign Corrupt Practices Act.
− C. Dr. Y can be considered a foreign public official under the United States Foreign Corrupt Practices Act because
he is a high-level employee at a government-owned entity.
− D. Sending Dr. Y a gift basket is permissible under the United States Foreign Corrupt Practices Act.
Answer A is incorrect because taking someone to dinner, as long as it is not excessively extravagant, is per-
missible. This is reinforced by the section of the scenario that says that they “had dinner at a local bistro,”
rather than a fancy restaurant.
Answer B is correct because Dr. Y is not exempt due to the fact that he is a medical professional. Medical
professionals can still be considered public officials under the FCPA, and there are no exemptions for product
type or profession.
Answer C is incorrect because he can, in fact, be considered a public official because he is a high-ranking
employee of a state-owned enterprise. The definition of public official is intentionally broad in this law to
prevent state owned business employees from leveraging their position to affect bribes.
Answer D is incorrect because sending a gift basket can be considered a ‘token gift’ under the FCPA. Token
gifts are an intentionally vague definition, but a simple gift basket would qualify. There is no indication that
there were any high value items, such as champagne or caviar, as a component of this gift basket.
299
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
What would MOST likely trigger further investigation by the compliance department in the bank?
" A. Numerous deposits of tax refund checks in the names of different individuals but with common addresses
− B. Multiple deposits of checks in the same amount written by different tax service customers
− D. A request by the customer to have payments made to the Tax Office through a certified check process
Answer A is the correct answer due to the fact that this is a classic red flag for tax fraud. Multiple tax refund
checks for different individuals going to the same address should set off warning alarms in nearly every
jurisdiction.
Answer B is incorrect because this perfectly fits the customer’s profile. The deposit of checks from different
tax service customers is what you would expect as each customer paid their bill for the service. You would
also expect many of them to be in the same amount for a typical tax preparation service since the fee for tax
preparation would be the same for many customers.
Answer C is incorrect because, once again, this fits the customer profile. You would expect variances depend-
ing on the calendar cycle as this is largely a seasonal business based on tax reporting deadlines.
Answer D is incorrect because there is no indication of tax fraud in this response. The customer is making
payments to his jurisdiction’s tax authorities using a certified check, which is simply a check for which a bank
has confirmed sufficient funds exist to cover the amount of the check. This is not a viable means to commit
tax fraud, and would more likely indicate no fraud is taking place.
300
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
Q 6-2. A regional bank operates within a country that has a Model 1 agreement in place with the United
States to implement the Foreign Account Tax Compliance Act (FATCA). The institution already has a FATCA
compliance program in place, but recently, there have been media reports suggesting US tax evaders are
using the bank’s country as a haven for undisclosed assets.
The bank has some US accountholders, and is reviewing its FATCA compliance program in response to the
news reports.
− A. The bank must register and report US accountholders directly with the US Internal Revenue Service (IRS)
− B. The bank must institute a 30% withholding on the accounts of its US customers
− C. The bank must confirm that U.S. customers filed a Form 8938 with the IRS to disclose their accounts
" D. The bank is required to report certain details about US accountholders to its country’s tax authorities
Answer A is incorrect. As the scenario states, the bank is located in a country with a Model 1 agreement in
place to implement FATCA. Under the terms of a Model 1 agreement, institutions do not have to report infor-
mation directly to the IRS, they report to their country’s own tax authorities instead.
Answer B is incorrect. FATCA does not require institutions to impose the 30% withholding on US accoun-
tholders by default. The withholding is a penalty intended for accounts or institutions who refuse to coop-
erate with FATCA requirements.
Answer C is incorrect. US persons with accounts in other countries are required to file Form 8938 with the
IRS, but this is an obligation of the taxpayer. Financial institutions are not required to ensure that taxpayers
have filed the required form.
Answer D is correct. Under FATCA and a Model 1 agreement, a bank would be required to report information
on US persons to its own tax authorities, who are then responsible for transmitting it to the IRS.
301
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
To ensure these documents are properly received in evidence in the US, which two are acceptable methods of
requesting such evidence?
" A. Letters Rogatory through the authority designed by Venezuela or other authority allowed by such law
" C. Transmission through a private party, such as an attorney, in Venezuela, if private law so provides
− D. Issuance of subpoena duces tecum and scheduling of place and time for the party to make itself available
for examination
Answer A is correct because Letters Rogatory are a viable means to request information in a legal matter
across borders in a way that maximizes the likelihood that it can be used as evidence. From the study man-
ual: “A Letter Rogatory is a request from one judge to another judge in another country seeking assistance in
obtaining information, documents or testimony in a particular legal matter.”
Answer B is incorrect because directly asking the target of the discovery request for the documents holds
no legal weight. It is extremely unlikely that this will be successful in an adversarial case, particularly in
a fraud case.
Answer C is correct because this is a viable method of requesting cross border documents under The
Hague Convention.
Answer D is incorrect because a subpoena duces tecum is not an internationally used legal order. Even if it
was, making a party available for examination does nothing to advance the effort of getting the documents
produced, which is the focus in this scenario.
302
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
1. The corporation’s sources of funds for the purchase of the items are large check deposits from a small
number of other Florida export companies.
2. Each of the customer business accounts is funded by small checks from numerous personal accounts
that are domiciled in banks in New York or South Florida. Each deposit is for less than $3,000 and for
an amount in even $100 dollar increments. increments.
What is this money laundering scheme known as?
− D. Carousel Fraud
Answer A is incorrect because the fact pattern described bears no resemblance to transfer pricing. Trans-
fer pricing schemes are a method of allocating profits between different branches or subsidiaries of a legal
entity in order to reduce the entity’s overall tax burden.
Answer B is correct because the pattern of transactions is indicative of BMPE. There is unusual deposit
activity that is indicative of structuring, followed by lump-sum payments to US appliance exporters. Another
indicator is the parties and locations involved. An exporter in the US sending appliances to Colombia is a
classic example of BMPE.
Answer C is incorrect because there is no cross-border movement of large volumes of cash in described in
this scenario, and no other red flags or suspicious activity that would indicate the exporter is involved in bulk
cash smuggling
Answer D is incorrect in part because carousel fraud is a tax fraud scheme, not a money laundering scheme.
It hinges on abusing the value-added tax (VAT) system, which is common in Europe but not present in the US,
where this investigation is taking place.
303
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
Q 10-2. A young woman, who is a national of Country A, works as a caregiver for a family in the US. She
sends much of her earnings to support her family back in Country A by giving the amount in cash to a local
grocer, whose family heritage is also in Country A. Once the grocer receives the cash, he calls his partner
who runs a market in one of the larger cities in Country A. From there, the young woman’s family can pick
up the money sent.
What is the name commonly used to describe this form of remittance transaction?
− A. Cash transfer
" B. Hawala
− C. Referral Banking
Answer A is incorrect because Cash Transfer is not a real type of funds transmission. It is the colloquial term
used for Money Transmitter Business (MSBs) services; but there is no actual transfer taking place here.
Answer C is incorrect as this has nothing to do with referral banking. This response is simply a distraction.
Answer D is incorrect because the fact pattern described here bears little relation to Black Market Peso
Exchange, which typically involves the movement of both currency and goods across borders and the pres-
ence of currency brokers, and is not a trust-based informal value transfer system as described here.
304
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
− A. An increase in domestic wire transfers between another bank within your jurisdiction and your finan-
cial institution
− B. A significant number of cash withdrawals, all under $10,000, from your financial institution
" C. Large amounts of small denomination currency being sent from a Foreign Financial Institution (FFI) to their
account at your bank
Answer A in incorrect because the alert received was for bulk cash smuggling into your jurisdiction. The fact
that the transfers are all taking place within your jurisdiction eliminates this answer.
Answer B is incorrect as bulk cash smuggling would result in large cash deposits into your institution; not
withdrawals. The amounts being under $10,000 is a red herring because it is close to many jurisdiction’s
reporting threshold.
Answer C is correct as this is a classic red flag of bulk cash smuggling. When physically smuggling large
amounts of cash across a border most criminals would want to reduce the physical bulk of the cash by con-
verting as much as they could into larger denomination bills. This would result in significant amount s of
small denomination currency being sent by foreign banks into your jurisdiction.
Answer D is incorrect as ACH transactions usually have no connection to bulk cash smuggling. Also, these
are domestic transactions, which would indicate they are not connected to any cross-border cash-smug-
gling operation.
305
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
Q 11-2. A US bank receives a letter of credit from an issuing bank in connection with the purchase of wheat
from a bank customer. The buyer/applicant is located in Belarus, a country in which certain senior govern-
ment officials are on the US Specially Designated National (SDN) List. The country is not, however, subject
to comprehensive US sanctions.
The buyer is determined to be a joint venture in which a Belarus SDN has a 50% interest through two separate
companies wholly owned by the SDN. Each has a 25% interest in the joint venture. No funds have yet been received
by the bank.
− A. The letter of credit can be processed and the funds paid because the customer is not on the SDN List and the
SDN does not have a majority or controlling interest.
− B. The letter of credit can be processed and the funds paid because the US Office of Foreign Assets Control
(OFAC) has issued general licenses exempting food from US sanctions.
" C. The letter of credit must be blocked by the US bank and reported to OFAC even though no funds have yet
been received.
− D. The letter of credit cannot be accepted or acted on so it must be returned to the advising bank with notice that
any funds received will be blocked.
Answer A is incorrect because one of the customers involved in the transaction is in fact an SDN. The buyer
mentioned in the scenario is said to be a joint venture that is 50% owned by two persons on the SDN list.
Under US sanctions regimes, if a person or entity on an SDN list has a 50% or more ownership stake in an
entity or company, that entity or company is subject to the same restrictions as an SDN, including blocking
of transactions.
Answer B is incorrect because US sanctions regimes are country, person or entity-specific. OFAC does not
issue blanket licenses exempting an entire class of good or transaction from sanctions. While under some
sanctions laws food and agricultural goods are exempt from sanctions, in other cases they are not.
Answer C is correct because it accurately describes the steps the bank must take in order to remain com-
pliant with OFAC sanctions laws. The buyer was found to be an SDN, which requires the bank to block the
transaction.
Answer D is incorrect because notifying the parties to a sanctioned transaction that it would be blocked is
explicitly prohibited by US sanctions laws. Funds or financial instruments involved in sanctioned transac-
tions are typically required to be blocked, and are not returned to any of the parties in a transaction.
306
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
Q 11-3. A small regional bank has recently started using a new transaction monitoring tool that utilizes
several custom scenarios to identify specific activity which was defined by the Financial Crimes Compli-
ance team. There are five scenarios that are live in production. The Analytics team within Financial Crimes
Compliance has performed some research on the scenarios and is ready to make recommendation to man-
agement regarding possible changes to the scenarios.
Which scenario(s) should the Analytics team recommend making changes to first?
− A. Scenario A that has generated 100 alerts in the past three months and 50% of those have been deemed suspi-
cious and a suspicious transaction report was filed.
− B. Scenario B that has generated 180 alerts with a 95% false positive rate.
" C. Scenario C that has generated no alerts and there appears to be a problem with the mapping of data.
− D. Scenarios D and E that were put into production in the last 30 days to address a matter requiring attention
from a regulator.
Answer A in incorrect as this appears to be a well performing scenario. It is generating alerts, and the per-
centage of those that were actually deemed suspicious is reasonable.
Answer B is incorrect because while the false positive rate is far too high, it is at least generating alerts and
some are still deemed suspicious. The false positive rate is clearly an issue that will have to be addressed, but
this scenario would not be the one that would need to be addressed first. There will often be scenarios on
the live exam that require you to pick the best answer. In this case, this is not the best answer.
Answer C is correct as this clearly is a broken scenario since not one alert has been generated. The fact that
there appears to be a problem with the mapping of the data only reinforces the conclusion that this scenario
must be addressed first.
Answer D is incorrect as there is no evidence that the scenarios are not performing as expected.
307
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
CHAPTER 12 – CYBERSECURITY
Q 12-1. Your financial institution has been subject to several hacking attempts over the last few weeks.
While none have been successful, you worry that it might be a matter of time. To keep your network secure,
you have decided to update your network security policies.
" A. Educate your online customers to detect phishing attempts and other fraudulent email scams.
− B. Disable auto deletion of old data, including access logs, and move them to an archive server.
− C. Only permit administrative connections via the Internet through HTTPS or SSH connections.
− D. Require confirmation from network engineering before resetting any lost passwords.
Answer A is correct as this is a recommended step in all network security policies. While not high tech or
glamorous, educating your staff and your customers to recognize phishing and fraudulent emails is a funda-
mental and highly successful way to prevent fraud.
Answer B is incorrect as this is the opposite of a good data retention policy, and has nothing to do with a
network security policy.
Answer C is incorrect as a good security policy will not allow any administrative connections through the
internet, even via secure connections like HTTPS or SSH. Administrative connections are those that allow
you to log into internal devices and make changes to how they function. This task should only be allowed
from internal connections.
Answer D is incorrect as it is not very scalable and network engineering is the wrong group to manage this
anyway. There are hundreds of password resets that are performed every day by most large financial insti-
tutions. There is no way that the network engineering staff would be able to keep up with the requests. They
would also have no way to determine if the requests should be approved or denied.
308
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
Q 12-2. Your organization has a large online presence, providing all key services online. You have recently
found out that a hacker has gained access to your secure network, stealing millions of customer user-
names and passwords. You think the access was gained via social engineering.
Your company’s success depends on your keeping this data secure, so your organization wants to put procedures
in place to ensure it can prevent any such further attacks. As an initial step you have terminated internet access for
engineering and IT.
What would be the MOST effective further action for your firm to immediately take to prevent this specific type of
attack from happening again?
" A. Restrict external access on all routers and servers allowing administrative access only from workstations in
the engineering and IT departments.
− B. Staff should not be allowed to download any materials from the internet or private disks to the organization’s
local drives.
− C. Require all customers to change their passwords on a regular basis to access their accounts and require
strong passwords.
− D. Upgrade all network firewalls and ensure they are running current software.
Answer A is correct as this is a viable and recommended security strategy. Not only should administrative
access be restricted to only internal computers (no outside internet connections), it should be restricted to
only those groups that have a viable business purpose for logging into those devices, such as engineering
and IT. If someone manages to acquire information to access the network, via social engineering or other-
wise, there is not much they would be able to do with that information if they had to be sitting at a desk in
your engineering department to actually use it.
Answer B is incorrect. While this is a viable, if extreme, security measure, it does not prevent this specific
type of attack from happening again. Though a common security measure in some very secure government
and private-sector facilities, it does nothing to prevent social engineering attacks. The question specifically
asks for ways to prevent that type of attack.
Answer C is incorrect. While this too is a viable customer security policy, it would not be a component of a
network security policy. It also would do nothing to prevent social engineering attacks.
Answer D is incorrect. Once again, upgrading firewalls and ensuring they are running current software is a
good network security policy, but does not prevent “this specific type of attack from happening again.”
309
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
Shortly after Joe was hired, the Defense Department and Company A entered into a contract for the purchase of
software. Joe was assigned to the account. Sallie was not involved in the initial contract negotiations and did not
know they were taking place. After the contract was signed, Sallie was involved in the decisions to use the company
on subsequent projects.
− A. When the CEO of Company A paid for a dinner with Sallie and her husband during the hiring process
for her husband
− B. When she continued to maintain a close friendship with the CEO of a vendor of the Defense Department
" C. When she was part of the subsequent decision process knowing that her spouse had a financial interest
in the matter
− D. When she did not disclose her conflict of interest during the initial contract negotiations
Answer A is incorrect as paying for the dinner in itself is not an ethical violation, and this dinner pre-dates
any other interaction with Company A and the Defense department.
Answer B is incorrect as maintaining a close friendship with someone, regardless of the business relation-
ship, is not an ethical violation. Only if you allow that relationship to influence your decisions does it cross
the line into an ethical issue.
Answer C is correct because there is a clear conflict of interest in this case. Sallie should have recused her-
self from the decision-making process once her family had a financial interest in the selection of the vendor.
Answer D is incorrect because she had no reason to disclose a conflict of interest because she was not part
of the decision-making process to select the vendor.
310
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
Q 13-2. The CEO of Company X, a publicly traded corporation, caused Company X to enter into a trans-
action with Company Y in which the CEO is a shareholder. The CEO failed to inform the shareholders of
Company X of his interest in Company Y. However, the transaction will greatly benefit Company X as well
as Company Y.
Answer A is incorrect as insider trading involves using insider knowledge to make open market trades to a
person’s personal benefit.
Answer B is correct. A person with a fiduciary responsibility to others (like other shareholders) entering a
transaction with another company in which he has a financial interest is self-dealing. Even though the trans-
action benefited both companies, the CEO would have been required to disclose the relationship beforehand,
which he did not. There could have been another, more beneficial, transaction that might have been con-
sidered if all of the facts were known. In many jurisdictions, this is not only an ethical violation, but a legal
one as well.
Answer C is incorrect as selling away is when a broker solicits you to purchase securities not held or offered
by the brokerage firm. As a general rule, such activities are a violation of securities regulations, but that did
not occur here.
Answer D is incorrect as there is clearly an ethical violation here. The self-dealing would not have been con-
sidered an ethical violation if he disclosed the relationship first though.
311
@2019 Association of Certified Financial Crime Specialists