CFCS Study Manual PDF

6th Edition
CFCS CERTIFICATION
EXAMINATION STUDY MANUAL
Preparing For The Certified
Financial Crime Specialist Examination
CFCS CERTIFICATION EXAMINATION STUDY MANUAL
Association of Certified Financial Crime Specialists
Rivergate Plaza, 444 Brickell Avenue, Suite P60 Miami, FL 33131 USA
Tel: 786-530-8231 | Email: customerservice@acfcs.org
© Copyright 2018. All rights reserved. Association of Certified Financial

Crime Specialists. Miami USA Reproduction or transmission of any part of
this Manual without the express written authorization of the Association of
Certified Financial Crime Specialists is strictly prohibited and is a violation
of United States and other laws.
Notice: The Certified Financial Crime Specialist Examination Preparation

Manual is designed to help candidates prepare for the certification
examination. No warranty or representation is made that candidates will
pass the CFCS examination by using or studying this Manual. It is designed
to provide accurate and authoritative information concerning financial
crime and related subjects. In publishing this Manual, neither ACFCS, the
editors nor contributors is engaged in rendering legal or other professional
service. The services of a competent professional should be sought if such
assistance is required.
@2019 Association of Certified Financial Crime Specialists

CFCS CERTIFICATION EXAMINATION

STUDY MANUAL
Executive Editor
Brian Svoboda Kindle
Contributing Editors
Kenneth Barden, Esq.
Brian Golden, HSBC
Donald Semesky, Financial Operations Consultants
Karen Van Ness, Compliance Risk Solutions

SPECIAL ACKNOWLEDGMENT AND APPRECIATION

The CFCS Examination Preparation Study Manual was written and edited with the outstanding contri-
butions of experts and specialists. ACFCS extends special thanks and acknowledgment to these financial
crime professionals who shared their expertise and assistance.
Beth Berenbaum John Lash, Esq.

AML Consultant BDO
Samantha Dillhoff Moyara Rueshen
Fraud Specialist Monterey Institute of International Studies
Matteson Ellis, Esq. Sarah Satten
Miller and Chevalier Wells Fargo & Company
JR Helmig Margaret S. Silvers
Leveraged Outcomes Wells Fargo & Company
Bud Heng Sandra Stibbards
US OCDETF Pacific Region Camelot Investigations
Ron King Swathi Perpati
Retired Ernst & Young
Rebecca LaPorte Mohammad Zraiqat
AIG Advisor Group Pelican
RECOGNITION OF THE FINANCIAL CRIME SPECIALISTS WHO ASSISTED IN

CONSTRUCTING THE CFCS CERTIFICATION
ACFCS extends special thanks and acknowledgment to these financial crime professionals who shared
their expertise in the creation of the CFCS Certification Examination.
Heather Adams Joram Borenstein Lynn Correia

Accenture NICE Actimize Kroll Advisory Group
Albert Allison Daniel P. Boylan Annette Dance

Office of the City Auditor Bank of America Wells Fargo and Company
Scott Andersen Lorice E. Brown Nyron Davidson

KRyS Global Financial Services Ameritrade
Commission
Carlota Arias Delina Dhamo
Lozano Consultores Alice Campbell National Bank of Egypt
Research and Litigation
Kenneth Barden, Esq. Services Samantha Dillhoff
Fraud Specialist
Dan Barta Jeff Chapman
SAS IBM i2 Sonia Desai
Charles Schwab
Beth Berenbaum Martin Chung
AML Consultant ICDD Pte Ltd

Juan Ducali Rebecca LaPorte Ron Penninger

United Nations Federal Credit FINRA IBM i2
Union
John Lash, Esq. Patricia Potts
Annette Escobar, Esq. BDO Sightspan
Astigarraga Davis Tom Lasich Saskia Rietbroek

International Centre for Asset AML Services
Stanley I. Foodman Recovery International, LLC
Foodman & Associates, P.A.
Allen G. Love Guillermo Rodriguez
Brian Golden TD Bank Bangkok Bank NY Branch
HSBC
Alberto Lozano, Esq. Louis Sapirman
Amanda Gore Lozano Consultores Dun and Bradstreet
Botswana Directorate on
Corruption and Economic Michael M. Martens Nicole Saqui, Esq.
Crime Wells Fargo & Company Conrad & Scherer, LLP
JR Helmig Isabel Medrano Sara L. Satten

Leveraged Outcomes WestStar Bank Wells Fargo
Elizabeth Henry Michael McDonald, Esq. Lisa Schor Babin

Western Union Michael McDonald & Dun and Bradstreet
Associates
Katya Hirose Donald C. Semesky
FTI Consulting Tina Miller, Esq. Financial Operations
Farrell & Reisinger Consultants
Steven Johnston, Esq.
Economic Crime Unit of Deborah Morrisey Stephen J. Shine, Esq.
Alberta Justice DHS - ICE – HIS Prudential Financial
Marie Kerr Pamela C. Ogle Margaret S. Silvers

Shamrock Consulting Group Wells Fargo & Company Wells Fargo
Ron King Natasha Pankova Taft Jeffrey Sklar

Retired Bank Hapoalim SHC Consulting Group, LLC
Ben Knieff Holly R. Park James Slear

NICE Actimize Wells Fargo Thompson Coburn
Nikki Kowalski, Esq. Paul E. Pelletier, Esq. Steve Smith

JPMorgan Chase Mintz, Levin, Cohn, Ferris, SRS Consulting, Inc.
Glovsky
Ken Krys Delena Spann
KRyS Global United States Secret Service

TABLE OF CONTENTS
CHAPTER 1 ACFCS AND THE CHALLENGE OF FINANCIAL CRIME ..................................................................... 11
The Association of Certified Financial Crime Specialists ..................................................................................11
ACFCS Certification Examination ........................................................................................................................... 12
Construction of the CFCS Certification Exam ..................................................................................................... 13
Job and Career Benefits from CFCS Certification ............................................................................................... 14
Conclusion ..................................................................................................................................................................... 14
CHAPTER 2 FINANCIAL CRIME OVERVIEW, COMMONALITIES AND CONVERGENCE .................................15
Financial Crime Overview ......................................................................................................................................... 15
Defining Financial Crime and its Permutations .................................................................................................. 16
Technology Changes Complexion of Financial Crime .......................................................................................16
Globalization of Financial Crime ..............................................................................................................................17
Commonalities of All Financial Crimes ...................................................................................................................17
Capitalizing on the ‘Commonalities’ and Exploring ‘Convergence’ ................................................................ 21
Conclusion .................................................................................................................................................................... 22
CHAPTER 3 MONEY LAUNDERING.............................................................................................................................23
Overview ....................................................................................................................................................................... 23
The Financial
Action Task Force ...................................................................................................................................................... 24
Money Laundering Methods .................................................................................................................................... 25
The Three Stages of Money Laundering .............................................................................................................. 26
The Russian Laundromat ...........................................................................................................................................27
Money Laundering Indicators ................................................................................................................................. 29
Financial Institution Money Laundering Methods and Vehicles .................................................................... 32
The Egmont Group of Financial Intelligence Units............................................................................................ 33
Non-Financial Institution Money Laundering Vehicles .................................................................................... 36
The Odebrecht Corruption Scandal .......................................................................................................................37
The Role of Lawyers, Accountants, Auditors, Notaries and Other Gatekeepers ....................................... 38
Regulatory Frameworks for Gatekeepers............................................................................................................. 38
Real Property and Money Laundering .................................................................................................................. 39
Structures That Hide Beneficial Ownership ....................................................................................................... 43
The US Money Laundering Law ...............................................................................................................................47
Terrorist Financing .................................................................................................................................................... 48
Conclusion .................................................................................................................................................................... 56
Chapter 3 Practice Questions ..................................................................................................................................57
CHAPTER 4 UNDERSTANDING AND PREVENTING FRAUD .................................................................................59
Overview ....................................................................................................................................................................... 59
Understanding and Recognizing Types of Fraud ...............................................................................................60
Fraud in loans and mortgages ................................................................................................................................. 64
Insurance and health care fraud ............................................................................................................................ 70
Credit and debit card fraud ...................................................................................................................................... 71
Fraud in government benefits ..................................................................................................................................72
Internal Fraud ...............................................................................................................................................................72
Identity Theft and Fraud............................................................................................................................................74

Detecting and Preventing Fraud............................................................................................................................. 79

Basel Committee on Banking Supervision ............................................................................................................ 81
Benford’s Law............................................................................................................................................................... 84
The importance of an enterprise approach to fraud and financial crime ................................................... 85
Chapter 4 Practice Questions ................................................................................................................................. 86
CHAPTER 5 GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT .............................................. 87
Overview ........................................................................................................................................................................87
The World Movement to Combat Corruption ..................................................................................................... 88
Non-Governmental Organizations and Anti-Corruption Advocacy ............................................................. 89
Mechanisms That Facilitate Corruption ............................................................................................................... 92
Stolen Asset Recovery Initiative (StAR) ................................................................................................................. 92
The United States Foreign Corrupt Practices Act ............................................................................................. 94
PDVSA Bribery Scandal ............................................................................................................................................. 95
Case Study: US v. Chiquita Brands International, 2007 .................................................................................. 100
Top 10 Largest FCPA Penalties ............................................................................................................................... 101
The UK Bribery Act ................................................................................................................................................. 106
Bribery and Extortion ............................................................................................................................................. 109
Chapter 5 Practice Questions ................................................................................................................................. 111
CHAPTER 6 TAX EVASION AND ENFORCEMENT ................................................................................................... 112
Overview .......................................................................................................................................................................112
Tax Evasion is an Element in Virtually all Financial Crimes ............................................................................113
Tax Evasion vs. Tax Avoidance ................................................................................................................................114
International Scope of Tax Evasion .......................................................................................................................115
Falsifying Deductions to Under-report Income ................................................................................................. 117
Smuggling and Evasion of Customs Duty............................................................................................................. 117
Evasion of Value Added Tax (Vat) and Sales Taxes ............................................................................................. 117
Tax Fraud Through Offshore Entities .................................................................................................................. 119
Special Purpose Vehicles/Entities ........................................................................................................................120
Repatriating Undisclosed Assets ............................................................................................................................121
Demonstrating Tax Fraud in Legal Cases............................................................................................................122
Employment Tax Fraud ............................................................................................................................................122
Red Flags of Tax Fraud .............................................................................................................................................123
Investigative Techniques to Detect and Prove Tax Fraud...............................................................................123
The United States Foreign Account Tax Compliance Act 2010 (FATCA)......................................................124
The OECD’s Common Reporting Standard – An Evolution in Global Tax Compliance ...........................128
Chapter 6 Practice Questions ............................................................................................................................... 130
CHAPTER 7 ASSET RECOVERY ................................................................................................................................... 131
Overview .......................................................................................................................................................................131
Participants in An Asset Recovery Team .............................................................................................................132
Importance of Sound Planning ..............................................................................................................................133
Making the Case for Asset Recovery ....................................................................................................................133
Repatriation of Assets...............................................................................................................................................138
Information Sharing and Mutual Legal Assistance Treaties (MLATs) ..........................................................139
The Hague Convention.............................................................................................................................................139
Bankruptcy and Insolvency as Asset Recovery Tools........................................................................................141

Tracing, Forfeiture and Substitution of Assets .................................................................................................. 142

Other Evidence-Gathering Tools ..........................................................................................................................143
Enforcement of Judgments .....................................................................................................................................144
Third Parties That May be Held Liable to Financial Crime Victims ............................................................. 147
Chapter 7 Practice Questions.................................................................................................................................148
CHAPTER 8 FINANCIAL CRIME INVESTIGATIONS ................................................................................................ 149
Introduction ................................................................................................................................................................149
Civil Law and Common Law Systems ...................................................................................................................150
Criminal Law and Civil Law .....................................................................................................................................151
Private vs. Public Investigations ............................................................................................................................ 152
Investigative Techniques .........................................................................................................................................153
Open-Source Intelligence .......................................................................................................................................156
Practical Example: Finding Mary........................................................................................................................... 157
Conducting an Internet and Public Record Data Search ................................................................................158
Interviewing Techniques .........................................................................................................................................159
Affidavits ..................................................................................................................................................................... 160
Recorded Testimony ................................................................................................................................................. 161
Intelligence vs. Evidence.......................................................................................................................................... 161
Financial Crime Investigations Across International Borders .......................................................................162
Tax and Secrecy Havens ..........................................................................................................................................163
US Secrecy Havens ....................................................................................................................................................164
Information Sources for a Financial Crime Investigation ...............................................................................164
Legal Considerations ................................................................................................................................................165
CHAPTER 9 INTERPRETING FINANCIAL DOCUMENTS ....................................................................................... 168
Financial Crime versus Error..................................................................................................................................169
International Financial Reporting Standards (IFRS) .........................................................................................169
Understanding and Using Financial Statements ............................................................................................... 170
Types of Financial Statements .............................................................................................................................. 170
Income Statement or Statement of Earnings (Profit and Loss) ..................................................................... 170
Balance Sheet (Statement of Financial Position) ............................................................................................... 174
Statement of Cash Flows ......................................................................................................................................... 176
Other Types of Financial Records ......................................................................................................................... 176
The World Customs Organization (WCO) ........................................................................................................... 179
Analysis of Tax Returns ............................................................................................................................................182
Protecting the Evidence ..........................................................................................................................................183
CHAPTER 10 MONEY AND COMMODITIES FLOW ............................................................................................... 184
Overview ......................................................................................................................................................................184
Frequently Used Vehicles to Move Money ..........................................................................................................185
Checks and Bank Statements .................................................................................................................................186
Correspondent Bank Accounts ..............................................................................................................................186
Wire Transfers ............................................................................................................................................................ 187
Intermediary Banks .................................................................................................................................................. 187
Non-Bank Foreign Exchange Companies and Money Transmitters ............................................................ 191
Informal Value Transfer System Legality ............................................................................................................ 191
An Example of a Hawala Transaction ...................................................................................................................194

Commodities Trading to Move Money ................................................................................................................195

Common Indicators of Suspicious Activity .........................................................................................................195
Prepaid Cards and Their Financial Crime Risks ................................................................................................198
Digital Currencies ....................................................................................................................................................202
Human Trafficking and Financial Flows .............................................................................................................208
Chapter 10 Practice Questions................................................................................................................................211
CHAPTER 11 COMPLIANCE PROGRAMS AND CONTROLS .................................................................................. 212
Overview ......................................................................................................................................................................212
Organizational Overview of Financial Crime Controls....................................................................................213
Risk Assessments ....................................................................................................................................................... 215
Sanctions Compliance .............................................................................................................................................. 215
Office of Foreign Assets Control (OFAC)..............................................................................................................216
Sanctions Compliance Programs .......................................................................................................................... 217
Identifying and Reporting Unusual or Suspicious Activity ............................................................................220
The Evolving Compliance Landscape ...................................................................................................................221
Global Expectations for AML Compliance Programs...................................................................................... 222
Overview of the Risk-Based Approach ................................................................................................................ 222
Employee Onboarding and Monitoring ...............................................................................................................227
Investigating and Identifying Beneficial Owners .............................................................................................230
Detecting and Reporting Suspicious Activity ....................................................................................................231
Overview of AML Compliance Monitoring Systems........................................................................................ 233
Ongoing Testing and Due Diligence of Monitoring and Reporting Processes ......................................... 235
Chapter 11 Practice Questions...............................................................................................................................236
CHAPTER 12 CYBERSECURITY ...................................................................................................................................238
Overview .................................................................................................................................................................... 238
Recognizing and Detecting Cyber Financial Crime ........................................................................................240
Social Engineering ..................................................................................................................................................240
Account Takeover ..................................................................................................................................................... 244
Account Takeover Red Flags ...................................................................................................................................247
Planning A Cybersecurity Program .....................................................................................................................250
Other Network Security Standards and Industry Best Practices ................................................................ 254
Responding to a Cyber Incident ...........................................................................................................................257
Essentials of a Data Privacy Program ................................................................................................................. 259
International Data Privacy Laws and Regulations ...........................................................................................260
Chapter 12 Practice Questions .............................................................................................................................. 263
CHAPTER 13 ETHICAL RESPONSIBILITIES AND BEST PRACTICES ...................................................................264
Overview ..................................................................................................................................................................... 264
Codes of Conduct .....................................................................................................................................................266
What Are Ethics? .....................................................................................................................................................266
Understanding the Respective Roles in Your Organization .......................................................................... 267
Conflicts of Interest ................................................................................................................................................. 268
Privacy Considerations ............................................................................................................................................ 271
Chapter 13 Practice Questions ...............................................................................................................................275

CHAPTER 14 INTERNATIONAL AGREEMENTS AND STANDARDS ................................................................... 276

Overview ..................................................................................................................................................................... 276
United Nations ...........................................................................................................................................................277
Financial Action Task Force ................................................................................................................................... 278
Organization for Economic Cooperation and Development (OECD) ..........................................................280
Basel Committee and its Guidance .......................................................................................................................281
European Union Directives on Money Laundering ......................................................................................... 282
Wolfsberg Group ....................................................................................................................................................... 283
Conclusion .................................................................................................................................................................. 284
APPENDIX A REFERENCES AND RESOURCES ......................................................................................................285
APPENDIX B ANSWERS TO PRACTICE QUESTIONS .................................................................................................. 293

CHAPTER 1
ACFCS
AND
THE
CHALLENGE
OF FINANCIAL
CRIME
THE ASSOCIATION OF CERTIFIED FINANCIAL

CRIME SPECIALISTS
The Association of Certified Financial Crime Specialists (ACFCS)

was created to respond to the growing need for documented,
verifiable and certifiable knowledge and skill in the financial
crime field and to meet the career development needs of the
diverse and growing number of specialists in the private and
public sectors who work in this field.
11
CHAPTER 1 • ACFCS AND THE CHALLENGE OF FINANCIAL CRIME
To build the certification examination, ACFCS

took various steps over several months. Initially,
a group of diverse, expert professionals gathered
over several days to identify hundreds of job tasks
that are performed by financial crime specialists
in distinct occupations.
Once they identified the job tasks, their work was

distilled and framed into hundreds of questions
that went into a worldwide survey, asking spe-
cialists of many occupations and in many world
regions to evaluate the job tasks for importance,
gravity, frequency and other factors. The ACFCS
worldwide survey was also designed to determine
the skills, competencies and job tasks that should
be considered essential to test a candidate for the
The principal mission of ACFCS is to certify the
Certified Financial Crime Specialist certification.
skill, knowledge and expertise of financial crime
specialists across the full spectrum of financial
Nearly 400 specialists throughout the world
crime. It provides learning and continuing edu-
responded to the survey and provided the data
cation benefits that help financial crime special-
that is the foundation of the certification exam.
ists advance and elevate their careers. ACFCS is
The survey was designed by volunteer expert
also committed to providing its members and
professionals and ACFCS under the guidance of
the larger global audience with a community of
psychometric experts from a distinguished psy-
live and virtual networking opportunities that
chometric testing firm. The survey identified that
allow them to connect with other profession-
financial crime professionals need knowledge and
als worldwide.
skills in the topics listed below, which are also the
topics tested on the exam:
To achieve these goals, ACFCS counts on a pro-
fessional staff that has decades of experience in • Financial Crime Elements and Overview
managing highly regarded professional associa- • Money Laundering
tions. ACFCS is guided by a distinguished Advi-
• Corruption Enforcement and Investigation
sory Board that is composed of top international
experts in diverse fields. They guide the associa- • Money and Commodities Flows
tion and provide direction and assistance in the • Tax Evasion and Enforcement
development of its programs and services.
• Fraud Detection and Prevention
• Investigations
ACFCS CERTIFICATION EXAMINATION • Cybersecurity and Privacy
The CFCS certification examination is a universal • Sanctions Compliance
exam. It does not rely on the knowledge of laws
or regulation of any one country or region for the • Ethics
basis of the examination. It is also unitary, mean- • Compliance Programs and Controls
ing that it is not designed for any specific number • International Standards
of occupations or professions. Instead, it is built
to accommodate the job tasks and requirements • Asset Recovery
of all occupations in the financial crime field.
12
This Certification Examination Preparation Man-

ual is designed to provide you with instruction
that will prepare you for the examination. By
studying this manual, however, you should not
assume you will earn a passing grade on the exam.
Other knowledge and experience in diverse finan-
cial crime fields in the private/public sectors will
enhance your preparedness. This manual also
includes practice questions similar to those in the
actual exam and an extensive listing of references
you may wish to review for further preparation.
CONSTRUCTION OF THE CFCS

CERTIFICATION EXAM
“I was impressed
The CFCS certification examination is constructed
according to the same nationally recognized psy- by the breadth of
the exam. It is not
chometric standards as other distinguished pro-
fessional certifications. To meet the most exact-
ing standards, top financial crime, psychometric
and certification experts have devoted more than
one thousand hours, and hundreds of respondents US-centric or based
shared their answers and comments in the exten-
sive worldwide survey that ACFCS conducted.
just on money
laundering.” Juan
This process was overseen by a professional
staff with substantial experience in creating and
administering professional certifications. ACFCS
adheres to the principles of psychometric compe-
tency assessment to ensure that its certification Ducali, CFCS, CAMS,
exam is a fair, unambiguous legally defensible test
of knowledge and skill. Senior Compliance
In collaboration with ACFCS, a psychometric firm
assures security at hundreds of testing locations Officer, United Nations
worldwide, including more than 400 in the United
States and Canada. Candidates for the CFCS cer-
tification who meet the application requirements
Federal Credit Union
may take the proctored exam at any of these loca-
tions by appointment. Also, ACFCS offers online
proctored exams for those who are not close to a
testing center.
ACFCS is independent of all government agencies,

vendors, attorneys and consultants.
13
JOB AND CAREER BENEFITS FROM CONCLUSION

CFCS CERTIFICATION The effort against financial crime in the private
By earning the CFCS certification, a person will and public sectors faces growing challenges. The
validate his or her skills and earn an objective, skills and knowledge that professionals like you
verifiable credential of competence. The CFCS must acquire, refine and display to meet these
certification will enable financial crime spe- challenges have great value. We challenge you to
cialists to advance their careers and give them become a CFCS and stand on the cutting edge of
compelling evidence of an advanced level of pro- financial crime competence.
fessional skill. It will assure employers that the
work of discharging or managing organizational With thoughtful attention to the material in this
responsibilities, advocating for their interests Manual, you will go far toward success in the
and strategically promoting their cause is in the CFCS certification exam. Your work as a Certified
hands of someone who meets independent, rig- Financial Crime Specialist can offer enormous
orous standards of knowledge and skill in the benefits to your employer and organization, your
financial crime field. clients and your career. From the entire ACFCS
team, we wish you the best.
The CFCS certification provides a unique, mar-
ketable asset in a competitive workforce. It
demonstrates talent and skill. Those who earn
it can expect to be compensated accordingly.
Increasingly, organizations in the private and
public sectors around the world are certifying
their personnel as a visible sign of commitment
to competence and skill. The CFCS certification is
a timely embodiment of the “knowledge economy”
or “knowledge era” in which we now live.
With thoughtful attention to the

material in this Manual, you will
go far toward success in the CFCS
certification exam.
14
CHAPTER 2
FINANCIAL
CRIME
OVERVIEW,
COMMONALITIES
AND FINANCIAL CRIME OVERVIEW
CONVERGENCE
The world is awash in financial crime. No person or organiza-
tion, public or private, secular or religious, profit or nonprofit is
immune. Perpetrators of financial crime come in many forms,
often using the façade of sham or shell legal entities to conduct
their criminal activity.
The immense earnings of financial criminals and their global

co-conspirators are impossible to calculate but easily run into
the trillions of dollars annually. Notable examples of the sources
of illicit profits of financial criminals are the public and private
healthcare programs that many nations provide to their citizens.
The United States government, for example, claims its Medi-
care program suffers fraud losses of about $70 billion annually,
or the equivalent of $192 million daily. Just as with other finan-
cial crimes, the fallout goes beyond the healthcare programs
themselves. Higher taxes and insurance premiums, along with
increased government expenses to monitor and supervise the
integrity of the programs, are some of the consequences.
15
CHAPTER 2 • FINANCIAL CRIME OVERVIEW, COMMONALITIES AND CONVERGENCE
Much of this fraud, and thousands of other similar This Manual covers all of them, focusing mainly
instances worldwide, is facilitated by corruption on crimes that have a cash or economic advan-
of the participants in the programs or in the pub- tage as their primary objective. However, the
lic agencies that conduct them. Lax controls and Manual does not deal with some profit-motivated
auditing, poor supervision by regulators, inade- crimes, such as drug trafficking, illegal gam-
quate enforcement by investigative agencies and bling, nuclear trafficking, prostitution and similar
inattention to recovering the assets stolen by offenses. While these crimes are also motivated
financial criminals emboldens others and breeds by the desire to make money, they do not fit into
more financial crime. the financial crime categories in this Manual.
Government agencies and private sector victims For your needs, we will cover those crimes in
of financial crime fare poorly in recovering the which perpetrators possess or control the crim-
funds that are taken unlawfully from govern- inal proceeds. At that point, these criminals
ment programs and from private sector victims. become classic financial criminals who must
While estimates are inherently difficult, statistics engage in some of the common steps that all
issued by government agencies suggest that only financial criminals take. Money laundering is
2 to 5 percent of assets that private- and pub- present in all financial crimes and is a common
lic-sector victims lose to financial criminals is and essential element that all financial crimes
ever recovered. Asset recovery is addressed in its share, regardless of how they made their money.
own chapter of this Manual.
What is financial crime? A good working defini-
tion may be that it is a non-violent action that
DEFINING FINANCIAL CRIME AND ITS results in the unlawful taking, moving, hiding or
PERMUTATIONS disguising of money or other value by the use of
Permutations and perpetrators of financial crime guile, artifice, corruption or deception for the
constantly evolve. At any given moment, persons benefit of the perpetrator or of another.
in all parts of the world are conceiving new ways
to take money or gain economic advantage ille- Financial crimes include corruption, money laun-
gally from organizational and individual victims. dering, fraud, tax evasion and sanctions viola-
tions. Each of these categories has subsets, off-
Except for crimes of passion and those committed shoots or tributaries. For example, identity theft
to make an ideological statement, such as terror- and embezzlement are subsets of fraud. Corrup-
ism, all crimes are committed to make money or tion exists in both the public and private sectors.
gain an economic advantage. Even crimes of pure Money laundering may be practiced in many
passion sometimes have a financial element, such ways and may involve persons in all walks of life
as in the case of a person plotting the murder of and private and public-sector organizations. One
a family member to claim a life insurance policy. type of financial crime often overlaps another, as
is discussed below in the section dealing with the
Most financial crimes have four phases: commonalities of financial crime.
1. When the crime is being planned

2. When the crime is committed TECHNOLOGY CHANGES
3. When the proceeds are laundered COMPLEXION OF FINANCIAL CRIME
4. When the victim’s losses are identified and Financial crime is not static. It evolves and adapts
asset recovery is needed. to circumstances and opportunities. Identity
16
theft, for example, is not a new type of crime, but on financial institutions, businesses, and other
the advance of technology has spurred its growth organizations, all at a significant cost.
and made it a global menace. Similarly, cyber-
crime did not exist before the arrival of digital Even in the face of these mighty defensive and
technology and the Internet. offensive efforts composed of private- and pub-
lic-sector organizations, financial crime contin-
Financial crime today is more extensive, complex ues to grow. Financial criminals are industrious
and technology-driven than ever before; so are and find weaknesses, loopholes, negligence or
the government and private sector efforts against corruption to facilitate their crimes.
it. Investigative and enforcement procedures and
regulatory measures that seek to block or detect
financial crime need to grow at the pace of the GLOBALIZATION OF
evolving techniques of financial criminals. FINANCIAL CRIME
Financial crime flourishes when it crosses
New laws and regulations, multinational agree- national borders. By crossing these borders, the
ments, treaties and conventions, and working financial criminal complicates law enforcement
groups are all aimed at financial crime. Non-gov- efforts by forcing the agencies of one country to
ernmental organizations, such as the Financial obtain the cooperation of their counterparts in
Action Task Force (FATF), the Egmont Group, other countries for the purpose of gathering evi-
Interpol and others, have been formed in the past dence or locating suspects and witnesses. It usu-
fifty years to help public and private sector orga- ally causes the pertinent authorities to seek the
nizations to combat financial crime. assistance of an international treaty, convention
or agreement, or an international organization
Starting in 1990 with the creation of the US such as Interpol.
Financial Crimes Enforcement Network (FinCEN),
nations began creating agencies that have come This takes extra time, which favors the financial
to be known as Financial Intelligence Units (FIUs) criminal. As time passes, the financial criminal is
that facilitate international information sharing better able to find refuge for the financial crime
and cooperation. The success of these efforts proceeds, tamper with the evidence and even
often depends on the political will of nations to seek safe haven.
accept, adopt and enforce them.
The more than 60 “secrecy havens” around the
The patchwork of national and international globe, ranging from obscure islands, such as
requirements and standards places the duty to Nauru and Tortola, to long-standing havens, such
monitor, investigate, report, train and remediate as Lichtenstein and Switzerland, are a conve-
nient and vital resource for financial criminals to
move and hide their assets. These havens provide
financial criminals a crucial resource that com-
pletes the crime.
COMMONALITIES OF ALL
FINANCIAL CRIMES
There are many types of financial crime, such as
money laundering, fraud and corruption, each
with distinct subsets, such as terrorism and
17
COUNTRIES LISTED ON VARIOUS TAX HAVEN LISTS

Caribbean/West Indies Anguilla, Antigua and Barbuda, Aruba, Bahamas, Barbados,e,e British Vir-
gin Islands, Cayman Islands, Dominica, Grenada, Monserrat,a Netherlands
Antilles, St Kitts and Nevis, St. Lucia, St. Vincent and Grenadines, Turks
and Caicos, U.S. Virgin Islands a,e
Central America Belize, Costa Rica,b,c Panama
Coast of East Asia Hong Kong,b,e Macau, a,b,e Singaporeb
Europe/Mediterranean Andorra,a Channel Islands (Guernsey and Jersey),e Cyprus,e Gibralter, Isle of
Man, Ireland,a,b,e Liechtenstein, Luxembourg, Malta,ᵉ Monaco, San Marino,ᵃ,
Switzerlanda,b
Indian Ocean Maldives,a,d Mauritius, a,c,e Seychellesᵃ,
Middle East Bahrain, Jordan,a,b Lebanon a,b
North Atlantic Bermuda,e
Pacific, South Pacific Cook Islands, Marshall Islands,a Samoa, Nauru,c Niue,a,c Tonga,a,c,d Vanuatu
West Africa Liberia
A Table Listing Countries that Appear on Multiple Lists of Tax Havens Issued by Countries and NGOs, Including
the OECD, US Government and Others. Source: US Congressional Research Service Report in 2015,
“Tax Havens: International Tax Avoidance and Evasion”
threat finance, identity theft and commercial thief and other financial criminals, at some point,
bribery. But, they all share several constant com- must hide or disguise the criminal proceeds. The
monalities, which make them more alike than not. domestic or international movement of “clean”
money for the purpose of committing a financial
Recognizing and exploiting the commonalities crime, money laundering is a necessary function
helps private- and public-sector organizations of the financial criminal because it permits him to
build a cohesive, comprehensive and collabora- mask his involvement in the financial crime, evade
tive approach to financial crime, and maybe get the payment of taxes and move the money to
even better results. The issue of convergence is hide it from victims and government authorities.
discussed in this chapter. The broad reach of most money laundering laws
and the predicate crimes that activate prosecu-
Financial crimes have these commonalities: tions for money laundering, as well as the inter-
All financial crimes involve money laundering. national money laundering control standards of
At some point in the planning and execution of the Financial Action Task Force (FATF) and other
financial crimes, all of them involve money laun- world bodies, lend credibility to the fact that all
dering. A business involved in a foreign corrupt financial crimes involve money laundering.
payment, a public official who receives illicit pay-
ments, a violator of sanctions laws, an identity
18
All financial crimes result in tax evasion. It

would be a unique financial criminal who would
go to great lengths of stealing and disguising his
gains and still declare his criminal proceeds in an
income tax return. Tax evasion is committed by
the parties on both sides of most financial crime
transactions, such as those involving corruption.
Where a transaction involves official corruption,
for example, tax evasion is usually committed by
both parties of the transaction. The corrupter
falsifies his tax return by mischaracterizing the
withdrawal or transmission of funds or the gen- FATCA Report
eration of cash destined for the corrupt official.
The public official who receives the corrupt pay- securities dealers, insurance companies, com-
ment will either not report the income or falsify modities traders, money transmitters and other
its source on the tax returns that he may file. entities where the public can conduct financial
transactions.
Tax evasion is not only a financial crime in its own
right, but it is also a byproduct of other crimes. The FATF resources offer a wealth of information
The FATF announced in February 2012 that it was on financial crime, including the wide range of
expanding its “40 Recommendations” on money financial institutions that financial criminals use.
laundering after 22 years to include recommen- The FATF also publishes a wide range of financial
dation for measures against tax evasion. This can crime typologies and commentaries that finan-
be viewed as an important validation that financial crime specialists will find helpful. The many
cial crime and tax evasion are intertwined. types of financial institutions and businesses that
are implicated in financial crime cases attest to
Apart from this important step toward a more the indispensability of financial institutions to
active world effort against tax evasion, the enact- financial criminals and the diversity of them.
ment of far-reaching tax compliance laws with a
multinational reach, like the landmark US Foreign The vulnerability of these businesses to be lev-
Account Tax Compliance Act (FATCA) of 2010, is a eraged in a financial crime is compounded by
harbinger of a more active multinational assault the risks that their employees, who may be cor-
on tax evasion and its arrival as a top interna- rupted or compromised, present. All institutions
tional priority. These landmark developments, and businesses face this common threat of the
symbolized by FATCA and the OECD’s Common “enemy within.” These are the employees or insid-
Reporting Standard, are among the major finan- ers that can compromise operations, steal or leak
cial crime developments of the early part of the confidential information, corrupt internal pro-
21st century. They are discussed in the chapter cesses, rig technological settings and programs,
on tax evasion. weaken organizational defenses, assist inside or
outside financial criminals, and inflict harm that
All financial crimes require a financial institu- their unique position enables them to carry out.
tion. No financial crime of any magnitude can be
carried out without a financial institution. The A corrupt or compromised employee can wreak as
term “financial institution” covers more than much havoc or more in a private- or public-sector
banks. In the broad sense, it also includes private organization as any outside financial criminal can.
banks, credit unions, cooperative institutions,
19
The irony is that despite this ability to inflict so

much harm, employees or insiders often receive
far less screening and due diligence examination
than customers before they are placed on the job.
Financial institutions spend significant time and

money on due diligence reviews focused on cus-
tomers, but for employees or other insiders, they
spend relatively little in pre-employment screen-
ing and post- employment monitoring. Employees
are often hired with the prior review and approval
of only human resources departments. Investiga-
tion and vigilance of post-employment employee
and insider conduct is usually the responsibility
of corporate security departments.
Financial criminals appreciate the value of a

complicit insider and are eager to promote the
employment of an accomplice by an organization
that they targeting.
All financial crimes interface with government

agencies. Every financial crime produces or acti-
vates a pre-existing interface for a financial insti-
tution or affected business with a government
agency. For most financial institutions, a regu-
latory or supervisory agency that oversees com-
pliance will normally need to be informed of the
occurrence or the suspicion of a financial crime
in a Suspicious Activity Report1 (SAR) or other
communication with an agency.
If a financial crime occurs at or through a busi-

ness that is not required to file suspicious activ-
ity reports, the business will invariably interface
with a government agency when agents arrive to
investigate the crime or seek records pertaining
to the crime.
In most countries, data from suspicious activity

reports and other government reporting forms
are processed through government “financial
intelligence units.” More than 120 nations have
FIUs, which band together in a confederation
1. These are known as Suspicious Transaction Reports (STRs) in many jurisdictions.
20
known as the Egmont Group.2 The Group facili- multiple countries, especially in today’s elec-
tates the exchange of data and intelligence among tronic world.
its members, under security protocols, with the
goal of improving multinational efforts against The many bilateral agreements and multina-
financial crime. tional treaties, mutual legal assistance treaties,
tax information exchange agreements, financial
All financial crimes create the need for asset information exchange agreements, intergov-
recovery. All financial crime leaves someone ernmental agreements, extradition treaties and
poorer than they were before. The major recent other international cooperative agreements that
financial crimes, such as the Bernie Madoff Ponzi bear on financial crime underscore the interna-
scheme, the international bank mega-fraud of tional nature of these crimes.
Allen Stanford, the legal settlements scheme
of Scott Rothstein and others have left behind Some laws have an international focus by defi-
tens of thousands of victims with billions of dol- nition or by their very name. The US Foreign
lars in losses. Corrupt Practices Act (FCPA) is an example. The
placement of law enforcement agents of a coun-
Thousands of less-celebrated financial crim- try in their nation’s embassies overseas and the
inals worldwide leave millions of other vic- work of international organizations, such as
tims behind. Victims that have the resources to Interpol and the FATF, all highlight the cross-bor-
attempt to recover their assets rarely succeed in der nature of major financial crimes.
these efforts. Government agencies that seek to
recover funds that are stolen from government Financial crime often involves public or private
programs are no more successful in their efforts, sector corruption. Nothing facilitates financial
despite the strong asset recovery, legal and judi- crime more than a corrupt or complicit business
cial weapons they possess.3 insider or public official. Corruption is the engine
that drives most major international financial
Asset recovery is the neglected art of the finan- crime. Appreciation of the corrosive effect of cor-
cial crime continuum. The failure to recover the ruption has moved many organizations to mount
assets taken by financial criminals is a primary a broad, still blossoming assault on corrup-
cause of the growth of financial crime. The deter- tion in recent years, as evidenced in part by the
rent effect that successful asset recovery could revised 40 Recommendations of the FATF. Global
achieve is missing. Financial criminals have the anti-corruption is covered in its own chapter
pleasant reality that they rarely are required to of the Manual.
relinquish the money they take from their victims
— even if they go to prison. Asset recovery is dis- Public and private-sector corruption has many
cussed extensively in a later chapter. variations. Examples include the unlawful pay-
ment by a business to the employee of another
All (major) financial crimes involve more than one business to obtain trade secrets, or the bribery of
country. Whether it is the location of the financial a regulator to turn a blind eye to criminal activity
crime victim, the base of operations of the finan- in a financial institution or other type of business.
cial criminal or his co-conspirators, the home of
the financial institutions they use, or the coun-
tries where the criminal proceeds moved through
or were applied, all major financial crimes involve
2. To learn more, please click here: www.egmontgroup.org
3. While it is hard to ascertain an exact number for obvious reasons, it is estimated that five percent or less
of assets are recovered from financial crimes.
21
CAPITALIZING ON THE For example, some financial institutions have uni-

‘COMMONALITIES’ AND EXPLORING fied fraud and AML departments that previously
‘CONVERGENCE’ operated separately. This has allowed fraud inves-
tigators to learn and capitalize on monitoring
By examining these commonalities, financial tools used by AML analysts and, at the same time,
crime specialists in the distinct component fields provided the AML analysts access to the investi-
of anti-money laundering (AML), fraud, global gative expertise of persons in the fraud units.
anti-corruption and others can determine if
adoption of a coordinated, integrated approach, If the common bonds that financial crimes share
instead of a splintered or siloed approach that now make the case for a centralized approach, then
characterizes financial crime efforts, is advisable. convergence may be the best course of action.
The commonalities seem to justify a deep exam-
Currently, many detection, prevention, regula- ination of the way financial crimes are dealt with
tory and enforcement efforts directed at finan- by private- and public-sector entities. They call
cial crime follow the siloed approach. A unified or for a streamlined, unified effort that improves
“converged” approach may allow private and pub- effectiveness.
lic entities to end underutilization of disciplines
and allow internal units to achieve greater effi-
ciency, economies and effectiveness. CONCLUSION
The global financial crime field is complex and
Understanding and appreciating the commonali-
rapidly evolving, but recognizing the common-
ties can lead to development of a cohesive, more
alities and intersections between all financial
effective global approach to financial crime in
crimes is a necessary starting point. Approaching
public- and private-sector entities. The culmi-
financial crime more holistically may offer a more
nation of this approach comes in the creation of
coordinated, efficient response in the compliance,
converged units with titles such as the Financial
investigative and enforcement fields. It also serves
Crime Risk Management Group within institu-
as a means to introduce the wide range of topics
tions and organizations. This approach has the
that will be covered in subsequent chapters.
potential to improve results, streamline proce-
dures, upgrade utility of information and intel-
ligence, increase collaboration among diverse
employees and organizations, and save money.
22
CHAPTER 3
MONEY
LAUNDERING
OVERVIEW
For financial criminals, money laundering is an indispensable,

ever-present element of all financial crimes. It can occur at the
beginning, middle or end of a crime, but it always happens. No
financial crime, such as fraud, corruption, tax evasion, viola-
tions of sanctions laws or others, may be committed without
acts of money laundering at some stage in the offense.
23
CHAPTER 3 • MONEY LAUNDERING
Money laundering is a crime that has existed since

the first time a person improperly or unlawfully
took something of value from someone else. Finan- THE FINANCIAL
cial criminals know that the detection of their illicit ACTION TASK FORCE
activity, or the manner by which the proceeds of
The Financial Action Task Force, or FATF,
the activity are derived, moved or utilized, will
was formed in 1989 by the world’s largest
unravel their scheme and usually lead to legal con-
and most economically powerful nations,
sequences in most countries.
the G-7 group of countries, which at the time
were Canada, France, Germany, Italy, Japan,
In effect, the detection of the movement of money
United Kingdom and United States. Since its
from the pockets of victims into the pockets of the
inception, the Financial Action Task Force
financial criminal is the most certain way to prove
has evolved into the principal standard-set-
the method and actors behind most financial crimes.
ter of global anti-money laundering norms
and policies adopted by nations, financial
Money laundering, broadly defined, is the process
institutions and other organizations.
of concealing the existence, source or application
of income, or the disguising of its source to give it
FATF was assigned to examine money laun-
the appearance of legitimacy. Efforts to detect and
dering techniques and trends, assess the
prevent money laundering typically revolve around
policy and enforcement action already
understanding the source and origins of funds.
undertaken at a national or international
level, and set out measures still needed to
In other words, money laundering is the act of
combat money laundering. The first formal
deception in the control, management or movement
action of the FATF in early 1990 was to pro-
of money or other assets that have been derived by
mulgate the “40 Recommendations,” a set
illegal means, or that came from legitimate sources
of recommended conduct for government
but are being moved to another location to finance
agencies, financial institutions and other
or perpetrate an illegal act.
organizations in combating money launder-
ing around the world.
Although it has been practiced for millennia, money
laundering took a long time to obtain formal desig-
In 2001, the development of standards in
nation as a crime, and even longer for money laun-
the fight against terrorism financing was
dering laws to evolve into potent weapons against
added to the mission of the FATF. In Octo-
financial and other profit-motivated crime.
ber 2001, the FATF issued the Eight Special
Recommendations to deal with the issue of
In 1986, the United States was the first nation to
terrorism financing. The continued evolu-
enact a law that classified money laundering, or the
tion of money laundering techniques led the
“laundering of monetary instruments,” as a crime.
FATF to revise the FATF standards compre-
It was prompted to act, largely, by the realization
hensively in June 2003. In February 2012, the
that international drug trafficking organizations
Recommendations underwent their most
were earning billions of dollars and using financial
significant revamping in almost a decade,
institutions and other legitimate businesses to hide,
with the release of the revised 40 Recom-
move and disguise their massive wealth. At the
mendations that merged the Special Recom-
same time, it recognized the negative effects of the
mendations back into the other standards.
involvement of criminal organizations in financial
institutions and other legitimate businesses as cus-
24
tomers and owners, together with their corrupt- In a sanctions violation, a corporation that wants
ing influence in government operations. to continue doing business with a sanctioned
country routes the money involved in a prohib-
Today, nearly every country has enacted money ited transaction through a third party that does
laundering laws with widely varying character- not reside in, or have direct relationships with,
istics. However, in general, they are all designed the sanctioned country. That is money laun-
to serve as a deterrent to financial and other dering as well.
criminals by criminalizing their relationships
with financial institutions and other legitimate In fact, any attempt or conduct designed to hide
businesses, reducing their wealth and increasing and conceal the source, movement, control or
the risk for financial institutions and other busi- ownership of money illegally derived is an act
nesses that knowingly do business with them. of money laundering. Similarly, a process that
involves the movement of money derived through
legitimate means, but which is intended or des-
MONEY LAUNDERING METHODS tined to be used to commit a crime, such as in
In one simple example, to carry out a Ponzi the above example of the corrupt foreign official,
scheme, the promoter must disguise the funds he is also money laundering under the laws of many
is paying to the initial victims of the scheme as nations, including the United States.
their “investment earnings” when they truly rep-
resent funds received from later victims. That is The Financial Action Task Force (FATF) is an
money laundering. intergovernmental organization formed in 1989
designed to establish global standards on money
Another example is a scheme in which a company laundering controls. It is based in Paris. Long
draws funds from its account in its home country ago, the FATF developed a working definition of
and transports the funds across national borders money laundering involving funds that originated
so that they may be given, through an interme- in illegal activity:
diary or “bagman,” to a public official in another
country. The purpose of the illegal payment is to 1. The conversion or transfer of property,
influence the official acts of the public official. The knowing that such property is derived
movement of those funds is money laundering. from a criminal offense, for the purpose of
concealing or disguising the illicit origin
of the property or of assisting any person
who is involved in the commission of such
an offense or offenses to evade the legal
consequences of his actions;
2. The concealment or disguise of the true
nature, source, location, disposition,
movement, rights with respect to, or
ownership or property, knowing that such
property is derived from a criminal offense;
3. The acquisition, possession or use of
property knowing at the time of receipt that
such property was derived from a criminal
An image of Charles Ponzi taken August 1920. That offense or from an act of participation in
year, Ponzi launched the investment fraud scheme such offense.
that would later come to bear his name.
25
• Smurfing, or using cash couriers to make

many (usually small) cash deposits in various
financial accounts
• Utilizing front companies, especially cash-
intensive businesses like bars and certain
retail stores
• Exchanging cash for commodities and assets
such as precious metals, precious stones, or
high-value luxury goods
• Changing currency into other financial
instruments like cashier’s or traveler’s checks
• Utilizing “gatekeepers”, either complicit or
unwitting, like attorneys or wealth managers
THE THREE STAGES OF to accept cash or move funds through
MONEY LAUNDERING their accounts
One of the widely accepted precepts of money • Using complicit or corrupted financial
laundering is that it is a process with three major institutions such as banks, broker-dealers
stages. While not every act of money laundering or MSBs that knowingly participate in a
necessarily executes each of these three steps, it criminal scheme
is still a viable investigation methodology.
• Purchasing digital currencies in cash via
direct contact with the sellers or online sites
1. PLACEMENT
that facilitate such transactions
Broadly, placement represents the initial entry of
funds into the financial system. In many scenar- In instances where criminals are dealing in large
ios this is the physical movement of the cash pro- quantities of cash, such as narcotics trafficking,
ceeds of a financial or other crime into a finan- placement can reduce the risks and logistical
cial institution, such as a bank, money services difficulties of storing and moving large volumes
business or securities broker-dealer. The primary of currency.
goal of placement is to gain access to the finan-
cial system, while distancing funds or assets from Placement is typically viewed as the stage in
their illicit source and origin. which launderers are most vulnerable to detec-
tion. Injecting large amounts of funds into the
As the first step in the money laundering process, financial system can lead to scrutiny from finan-
placement is often conducted in cash, but does cial institutions and initiate reporting to law
not need to be. It can take advantage of tradi- enforcement or regulatory agencies. Several
tional or non-traditional financial institutions, as examples of placement, such as structuring and
well as a wide range of non-financial entities. bulk cash smuggling, will be discussed in more
detail later in the chapter.
Some common placement methods include:
• Structured deposits, or deposits of cash in 2. LAYERING
financial institutions in amounts below a Layering, the second stage, separates criminal
jurisdiction’s currency reporting threshold proceeds from their source and origin through
layers of transactions. This means separating
26
the criminal proceeds and their source by the more difficult it is to uncover the location of the
creation of layers of financial transactions that funds, establish their susceptibility to recovery,
disguise their flow and reduce their ability to be and pin the crime on the perpetrator.
traced. It often involves multiple participants and
entities, like shell corporations and cross- border Electronic fund transfers are probably the most
transactions. important layering method that money launder-
ers use. Millions of transfers are sent annually
The more complex and numerous the layers con- worldwide because they provide the advantages
structed by the financial or other criminal, the of speed, distance and increased anonymity.
THE RUSSIAN LAUNDROMAT

First revealed by journalists with the Organized Crime and Corruption Reporting Project (OCCRP),
the “Russian Laundromat” was a name given to a complex money laundering scheme that moved an
estimated $20.8 billion in suspicious funds from Russia through banks in Moldova and Latvia, and
from there to financial institutions and businesses around the world.
The scheme was reportedly orchestrated by a group of Russian businessmen, some with criminal
pasts and most with ties to the Russian government. The arrangement had all the hallmarks of
a complex money laundering scheme, utilizing weak points in the company formation processes,
legal system and financial systems around the globe. It illustrates the ingenuity of sophisticated
financial criminals.
In simplified terms, the Laundromat functioned like this:

• The perpetrators behind the Laundromat formed a web of shell companies in Russia and
transferred funds to accounts at Russian banks held in the names of these companies.
• The scheme’s organizers also created a group of 21 shell companies in the UK, Cyprus and New
Zealand, under the names of fake directors and shareholders
• The next steps relied on exploiting the legal system in Moldova. Organizers would create a
fake “promissory note,” or document indicating that one of the Russian shell companies owed
money to one of the shells in the UK, New Zealand or Cyprus.
• Judges in Moldova would issue an order requiring the Russian company to pay the debt. This
created a seemingly legitimate business rationale to move the funds from Russian banks.
• About $8 billion was transferred to Moldindconbank in Moldova, to an account supposedly
controlled by the court, and another roughly $13 billion to Trasta Komercbanka in Latvia.
• As Latvia is a part of the European Union, the funds now appeared less risky and likely to
questioned by other financial institutions. The money was transferred from these banks to
accounts held at institutions all over the world.
The Russian Laundromat was unveiled in 2016 and has prompted investigations in several coun-
tries, including the UK, Moldova and Russia. Three officials of Moldova’s central bank, along with 15
judges, have been arrested in the case.
27
A good understanding of the layering pro-

cess helps collect evidence that can be used to
prove the concealment and knowledge of the
perpetrator.
Financial criminals also utilize complex asset

movement among entities a launderer controls.
Perpetrators of a laundering scheme can cre-
ate multiple shell corporations, trusts, offshore
accounts or even legitimate businesses, and shift
assets between them. These layering techniques
typically rely on corporate structures and vehicles
set up to disguise a money launderer’s ownership
of multiple accounts and entities. These include
shell corporations, trusts and offshore accounts. plexity, the better. Adding layers makes it increas-
ingly difficult to trace funds to perpetrator.
A good understanding of the layering process
helps collect evidence that can be used to prove 3. INTEGRATION
the concealment and knowledge of the perpe-
Integration puts laundered proceeds into the
trator. Clearly, as in the case described above, a
legitimate economy to appear legitimately
savvy financial criminal will not make an investi-
derived. This is the final stage in the money
gator’s life easy.
laundering process. Once the layering process
is complete, the criminal who is laundering the
Another viable method of layering leverages
illicit proceeds must make them look legitimate.
securities and financial instruments. A money
Detecting integration can require complex and
launderer might make multiple trades in securi-
resource-intensive investigative techniques, such
ties, such as stocks, bonds, options and commod-
as forensic accounting, informants and under-
ities, to conceal the source of funds, or purchase
cover operations.
securities and transfer them between entities the
launderer controls.
Competently done, integration makes it very diffi-
cult to distinguish between legitimate and illegit-
Other layering techniques can include:
imate funds. Front or shell companies, real estate
• Converting deposited funds into transactions, bearer shares, trusts, limited liabil-
multiple different financial instruments ity companies, international business companies,
or commodities, such as precious nominee ownership, corrupt bank employees or
metals or stones collaborative international trade partners are
• Transferring ownership of accounts, assets popular methods of integration used by shrewd
or properties between entities or persons money launderers.
controlled by the criminal
There are many methods of integration, but they
• Blending illicit proceeds into accounts with
commonly revolve around real estate and asset
the legitimate proceeds of a business
investments. The purchase of, or investment in,
actual or fictitious assets is one avenue to inte-
From the perspective of the money launderer, the
grate funds. As an example, a launderer could
more layers involved and the greater the com-
arrange to buy a property from an associate for
28
an inflated price. Laundered funds thus enter effects on society. Among them are the foster-
into the financial system as legitimate profit from ing of public corruption, unfair competition with
a property sale. legitimate businesses, and a weakening of finan-
cial institutions.
Trade-based money laundering is a popular inte-
gration method to launder funds across borders.
This involves using false or over-invoiced import/ MONEY LAUNDERING INDICATORS
export transactions. Trade-based laundering will It is always advisable to visit the websites of
be covered in more detail later in this chapter. appropriate government agencies in one’s coun-
try to view the indicators, recommended training
Other integration techniques can include: topics, suggested best practices and other vital
• Purchasing or investing in legitimate information that can serve financial crime offi-
businesses using laundered proceeds cers, including AML specialists. The websites of
many of these agencies and the umbrella organi-
• Making investments in securities with
zations under which they have banded together,
laundered funds
such as the FATF and the Egmont Group, are con-
• Business arrangements between entities tained in the References section of this Manual.
controlled by financial criminals, such
as zero-interest loans made between Searching open-source information is a vital ele-
shell companies, purported repayment of ment of financial crime due diligence, investiga-
debts between companies, false invoicing tions, historical reviews and analyses in all sit-
schemes and more. uations, especially where terrorist financing or
money laundering may be in play.
Lawyers, accountants and intermediaries, such
as company formation agents, can also play a One of the pioneers in building public and pri-
role in integration, with or without their knowl- vate sector defenses against money laundering
edge. Launderers can use consultants and other was Australia. It was one of the earliest countries
third parties to make financial transactions on to establish a Financial Intelligence Unit (FIU),
their behalf, such as purchasing assets or making which is called Austrac. This respected agency,
investments. They can also set up fictitious con- which has been in the forefront of the world effort
sultancies to funnel money back to themselves or against financial crime and its component, money
their associates. laundering, since 1990, published what it called
the following “non-exhaustive” listing of money
In general, the use of secrecy havens, coupled laundering indicators in 2009.
with one or more of these tactics, allows the
financial criminal and money launderer to con- Austrac recommended that financial institutions
ceal beneficial ownership from corporate records, and other business organizations should include
utilize nominee officers, managers and corporate these indicators in their training programs, but
directors as fronts, and distort the business lifes- warned that: “Money launderers and terrorism
pan of the offshore entities that were purchased financiers will continuously look for new tech-
or established for use in the money laundering niques to obscure the origins of illicit funds to give
activities. More on secrecy havens will be dis- the appearance of legitimacy to their activities.
cussed in later chapters. (Anti- Money Laundering and Counter Terror-
ist Financing) officers should continually review
Regardless of the stage or technique used, money their products, services and individual customers
laundering has serious economic and social
29
to ensure their internal AML/CTF systems and

training remain effective.”
There are more than 70 indicators of potential

money laundering that have been identified by
Austrac. We have grouped them below for clarity:
ACCOUNT PROFILE INDICATORS
• Same home address provided for funds

transfers by different people Australian Transaction Reports and Analysis
• Income inconsistent with customer profile Centre (AUSTRAC)
• Use of false identification documentation (to AUSTRAC oversees the compliance of Aus-
conduct transactions, etc.) tralian businesses, defined as ‘reporting
• Use of variations when spelling entities,’ with their requirements under the
names/addresses Anti-Money Laundering and Counter- Ter-
• Value of funds transfers inconsistent with rorism Financing Act 2006 and the Financial
customer profile Transaction Reports Act 1988.
• Unusual customer behavior These requirements include implementing
• Use of multiple accounts for deposits programs for identifying and monitoring
customers and for managing the risks of
ACCOUNT ACTIVITY INDICATORS money laundering and terrorism financ-
ing; reporting suspicious matters, threshold
• Account activity inconsistent with transactions and international funds trans-
customer profile fer instructions; and submitting an annual
• Account operated by someone other compliance report.
than the owner
• Common bank accounts identify and link In its intelligence role, AUSTRAC provides
“superannuates,” facilitators and organizers financial information to state, territory and
Australian law enforcement, security, social
• Large number of accounts held by customer justice and revenue agencies, and certain
with the same institution international counterparts.
• Numerous large deposits via ATMs
• Purchase of bank checks The intelligence provided has been analyzed
by highly qualified AUSTRAC personnel who
• Purchase of bank drafts by third parties use sophisticated tools to identify infor-
• Numerous loan applications for less than (a mation that can assist AUSTRAC’s partner
specific dollar figure) agencies to investigate and prosecute crim-
• Same or similar methods used to acquire inal and terrorist enterprises in Australia
more than one bank loan and overseas.
• Transactions inconsistent with

customer profile
30
• Use of student accounts after their departure • Outgoing transfer with corresponding
from the country incoming funds transfer – appears to be a
• Significant cash withdrawals from ‘u-turn’ transaction or ‘round tripping’
superannuation accounts • Purchase of travelers checks with cash
• Unusual bank account activity into and out of • Withdrawing all, or nearly all, funds from an
superannuation account(s) account within a short period of time
• Use of inactive account • Structuring of funds transfers or
transactions
GAMBLING INDICATORS • Similar transactions conducted over a short
• Betting accounts with large deposits but with period of time
minimal betting activity • Use of stored value cards
• Cash withdrawals from betting accounts in
checks and vouchers INTERNATIONAL ACTIVITY INDICATORS
• Client is a known frequent gambler and/or • Funds transferred to overseas account but
high roller at a casino then withdrawn in (the country)
• Large funds transfers after gambling activity • Funds transfers to numerous offshore
• Structuring of gambling purchases, payouts jurisdictions with no business rationale
and withdrawals • Departure from (the country) shortly after
• Unusual pattern of phone betting making funds transfers
transactions • Funds transfers involving a tax haven
• Multiple deposits made to same overseas
BUSINESS ACCOUNT INDICATORS account by different people
• Company account used for personal use • Large international funds transfers
• Business activity inconsistent with • Use of multiple remittance service providers
business profile to transfer funds to common overseas
• Use of false company beneficiaries
• Use of false invoices • Use of multiple remitters in the same

geographical location
TRANSFER, DEPOSIT AND WITHDRAWAL • Use of international credit card
PATTERN INDICATORS
INDICATORS INVOLVING REAL PROPERTY
• Frequent cash deposits made over a short
period of time • Client purchases or sells real estate
above or below the market value while
• Frequent check deposits
apparently unconcerned about the economic
• Large cash deposits disadvantages of the transaction
• Large cash transactions conducted over a • Low-value property purchased
short period of time with improvements paid for in cash
• Large cash withdrawals with a bank check before re-selling
• Multiple funds transfers below a specific • Purchase of high-value assets (e.g., real
dollar figure estate, luxury vehicles)
31
THIRD PARTY ACTIVITY INDICATORS

• Use of third parties to conduct international
funds transfers
• Use of third parties to conduct transactions
• Use of third party accounts
• Use of family member accounts
• Use of gatekeepers (e.g., accountant)
• Third parties used to open bank accounts
MULTIPLE TRANSACTION RED FLAGS

• Multiple funds transfers conducted from the
same location • Transactions which are inconsistent with the
• Multiple funds transfers involving a high-risk account’s normal activity
drug country • Deposits were structured below the
• Multiple funds transfers to common reporting requirements to avoid detection
beneficiaries • Multiple cash deposits and withdrawals with
• Multiple geographical locations used to suspicious references
conduct transfers • Frequent domestic and international
• Multiple low-value funds transfers ATM activity
• Multiple transactions occurring on the same • No business rationale or economic
day from different geographical locations justification for the transaction
• Multiple transactions occurring on the same • Unusual cash activity in foreign
day to the same beneficiary bank accounts
• Multiple transactions on the same day • Multiple cash deposits in small amounts in an
account followed by a large wire transfer to
INDICATORS LINKED TO FINANCIAL another country
TRANSACTIONS • Use of multiple foreign bank accounts
• The use of funds by the non-profit
organization is not consistent with the
FINANCIAL INSTITUTION
purpose for which it was established
MONEY LAUNDERING METHODS
• The transaction is not economically justified
considering the account holder’s business
AND VEHICLES
or profession Money laundering may be conducted through
virtually every type of entity, vehicle or institu-
• A series of complicated transfers of funds
tion, including offshore entities, wire transfers,
from one person to another as a means
trusts, Hawala, securities dealers, car dealers,
to hide the source and intended use
correspondent accounts, or wherever the crim-
of the funds
inal proceeds find the point of least resistance.
32
THE EGMONT GROUP OF FINANCIAL INTELLIGENCE UNITS

The Egmont Group of Financial Intelligence Units is an informal international gathering of finan-
cial intelligence units (FIUs). The Group, formed in 1995, took its name from the palace in Brussels
where the meeting took place.
The Egmont Group defined an FIU as a central, national agency responsible for receiving (and, as
permitted, requesting), analyzing and disseminating to the competent authorities’ disclosures of
financial information: (i) concerning suspected proceeds of crime and potential financing of terror-
ism, or (ii) required by national legislation or regulation, in order to counter money laundering and
terrorism financing.
The goal of the Egmont Group is to provide a forum for FIUs around the world to improve cooper-
ation in the fight against money laundering and financing of terrorism and to foster the implemen-
tation of domestic programs in this field. The Egmont Group provides support to member FIUs in
the following ways:
• Expanding and systematizing international cooperation in the reciprocal exchange of

information;
• Increasing the effectiveness of FIUs by offering training and promoting personnel exchanges
to improve the expertise and capabilities of personnel employed by FIUs;
• Fostering better and secure communication among FIUs through the application of technology,
such as the Egmont Secure Web (ESW);
• Fostering increased coordination and support among the operational divisions of
member FIUs;
• Promoting the operational autonomy of FIUs;
• Promoting the establishment of FIUs in conjunction with jurisdictions with an AML/CFT
program in place, or in areas with a program in the early stages of development.
33
However, financial institutions are a particularly third bank may be “nested” in the correspondent
important vehicle to criminals for the disposal account, conducting improper or illegal transac-
and movement of criminal proceeds. They have tions with that access.
vulnerable operations, customers and relations
that can serve money launderers well. It is also a best practice to prohibit the establish-
ment of correspondent accounts for foreign shell
Following is a partial listing of some of the vul- banks that have no physical presence and are vir-
nerabilities. tual shams that exist only for the convenience of
money launderers and other criminal interests.
CORRESPONDENT BANKING ACCOUNTS
This is a bank service by which a bank in other PAYABLE-THROUGH ACCOUNTS
geographic locations, often called the ‘respon- Sometimes, a correspondent bank allows the
dent bank,’ is allowed to establish an account at customers of a foreign bank to conduct trans-
the correspondent bank through which actions for themselves through accounts called
payable-through accounts. These types of rela-
it may conduct specific transactions. Many banks tionships are fraught with dangers for the corre-
have multiple correspondent accounts around spondent account for various reasons. For exam-
the world, which allows them to conduct inter- ple, the local bank may lack knowledge about the
national financial transactions for themselves foreign bank’s customers and the nature of their
and their customers where they have no phys- transactions. There is also the possibility that the
ical presence. Large global banks often act as foreign bank may be allowing transactions by its
correspondents for many other banks worldwide. customers that are prohibited under local law or
These so-called respondent banks receive various that the correspondent bank normally does not
services through their correspondent accounts, allow to be conducted.
including wire transfers, foreign exchange ser-
vices, cash management, check clearing and CONCENTRATION ACCOUNTS
other services. Concentration accounts are internal accounts
established to facilitate the processing and set-
Correspondent banking relationships often force tlement of multiple or individual customer trans-
a financial institution to execute the transactions actions within the bank, usually on the same day.
for customers of another bank. Thus, the corre- These accounts are also known as special-use,
spondent bank provides services for customers omnibus, settlement, suspense, intraday, sweep
which it has not fully identified or about whom or collection accounts. Concentration accounts
it has no adequate knowledge of. Correspondent are frequently used to facilitate transactions
accounts are also known for the large sums that for private banking, trust and custody accounts,
are involved in the transactions, thus raising the funds transfers and international affiliates.
stakes of the host correspondent bank.
PRIVATE BANKING
It is a best practice for a financial institution to
identify the true owners of a foreign bank that Private banking is a banking service for wealthy
seeks to establish a correspondent account and individuals that provides personalized and often
to examine deeply the account activity that is confidential services. It is a lucrative, competitive
contemplated for the account to protect against and worldwide industry that has played a role in
money laundering. A correspondent account many major money laundering cases in recent
must also guard against the possibility that a years. Private banking fees are often based on the
34
size of “assets under management” that the cus- MONEY TRANSMITTERS

tomer has deposited with the financial institution. These businesses transfer funds for customers by
receiving cash from their clients which is trans-
ONLINE OR INTERNET BANKING ferred to designated beneficiaries, often in other
These accounts often offer funds transfers, cash countries. More details on money transmitters
management, bill payment, loans and investment will be provided in Chapter 11, Compliance Pro-
services. The FATF warns that Internet or tele- grams and Controls.
phone banking creates distance between banker
and client and lessens the physical contact on SECURITIES BROKER-DEALERS
which traditional client identification rests. Broker-dealers, in general, facilitate the purchase
These services make it more difficult to detect and sale of securities for individual and corporate
money laundering because, in some circum- members of the public for whom they maintain
stances, normal monitoring cannot be conducted. accounts. They are subject to significant money
Online banking, by eliminating personal contact laundering risks.
between the institution and the customer, makes
it more difficult to know who controls an account.
100 95%
90
80
70
60
50
40 35%
30
20%
20 15%
12%
10 4%
1%
0
Financial Money Casinos Trust Law Firms Internet Prepaid
Institutions Service Companies Payment Card
Businesses and/or Systems Providers
Accounts
Sectors and/or Services
PERCENTAGE OF MONEY LAUNDERING CASES INVOLVING THE USE OF DIFFERENT SECTORS . SOURCE:
FINANCIAL TRANSACTIONS AND REPORTS ANALYSIS CENTRE OF CANADA (FINTRAC)
35
NON-FINANCIAL INSTITUTION
MONEY LAUNDERING VEHICLES
As stated above, there are few instrumentalities,
entities, organizations or individuals that do not
pose a risk of being used for money laundering
activities; financial institutions are not the only
avenue for money laundering. The following list
and brief explanations highlight some of the
more important persons, entities and instru-
ments that should receive scrutiny, particularly
by financial institutions that are asked to open an
account relationship, or commercial entities that
are liable under global anti-corruption rules and
regulations. tomer identification procedures, for bets or pro-
ceeds over a certain threshold -- the same as
INSURANCE other financial institutions.
Life insurance and annuities contain the highest
money laundering risk in the insurance realm. DEALERS IN PRECIOUS METALS,
Money launderers can purchase insurance poli- JEWELRY AND ART
cies and then later redeem them and request the Precious metals, jewelry and art have great
funds be deposited into a bank account. Insur- money laundering vulnerabilities because of the
ance policies with certain characteristics are way they are traded and bought and sold. Money
much more attractive to launderers than others, launderers value them in their trade because
including transferable policies and those with a of their high intrinsic value, convertibility and
cash surrender value. potential anonymity in transfers.
Also, contracts for annuities may allow the ben- POLITICALLY EXPOSED PERSONS
eficiary, who could be a financial criminal, to
exchange illicit funds for an income stream. Pay- For years, corruption of public officials has been
ments from annuities are usually made monthly. a primary concern of many nations and inter-
national bodies, including some of the principal
CASINOS players in formulating global standards on money
laundering. They recognize that public corrup-
Casinos generate and receive substantial cash tion is a principal facilitator of financial crime and
and are vulnerable to money laundering via facil- a destabilizing element to nations, contributing
ities they offer to their customers to manage to poverty, reduced social services, and poorer
and dispose of money. Inserting illicit funds into fiscal health. For these reasons, public officials
a gambling operation and then cashing out the or Politically Exposed Persons (PEPs), are now a
funds as gambling proceeds is a popular method focus of public and private sector efforts in the
to launder funds, due to the relative anonymity of control of money laundering.
many gambling venues and the ability to conceal
sudden spikes in income as winnings. Exactly who is considered a PEP can vary based
on the laws and regulations of different jurisdic-
In many jurisdictions, casinos are required to file tions. Most use some variation on the definition
transaction reports, as well as undertake cus- provided by the FATF in its 40 Recommendations.
36
• Foreign government officials, such as heads Often, that reach is augmented by the simulta-
of state, legislators, judicial or military neous enforcement of the money laundering and
officials, officials in political parties, or other other laws in a particular case.
more senior appointed officials
• Officials at state-owned enterprises, such
as a government-controlled oil company
executive or administrator of a state-run
health system
• Domestic government officials such as
THE ODEBRECHT
heads of state, legislators, judicial or military CORRUPTION SCANDAL
officials, officials in political parties, or other
more senior appointed officials In March 2014, federal law enforcement
agents in Brazil were pursuing an inves-
• Officials of international organizations – This tigation into an alleged money laundering
includes non-governmental organizations ring when they uncovered a much wider
like the Red Cross and global sporting bodies network of corruption and financial crime.
like FIFA, among others
• Close associates can include business The probe, later dubbed “Operation Car
partners, individuals connected through Wash,” would expose an enormous bribery
a charity or non-profit venture, or even scheme involving two of Latin America’s
social connections like an official’s largest companies, the Brazilian state-
long-time friends owned oil company Petrobras and con-
struction firm Odebrecht.
Not every government employee or official is nec-
essarily a PEP - the FATF’s definition only includes Odebrecht was revealed to have made
government officials in “prominent positions.” over $800 million in corrupt payments to
Some countries consider only officials in “prom- government officials to win contracts and
inent positions” to be PEPs, while others cast a secure business in twelve countries. Doz-
wider net that includes less senior roles. Likewise, ens of high-level political figures, includ-
whether or not domestic officials are considered ing the former presidents of Brazil, Peru
to be PEPs will vary country by country. and Colombia, were investigated for tak-
ing funds connected to Odebrecht.
Some institutions have developed their own
internal lists of roles and responsibilities that The sweeping case ultimately led to a
qualify as “prominent positions.” This practice record-setting $3.5 billion penalty on
can prove useful when screening customers for Odebrecht and its petrochemical unit,
their PEP status, as required in customer due dil- Braskem S.A from the US Department of
igence programs. Chapter 11 on Compliance Pro- Justice and enforcement agencies in Brazil
grams will feature more on this topic. and Switzerland.
Apart from that, various nations, particularly the It is considered one of the largest corrup-
United States with its Foreign Corrupt Practices tion scandals in history. It is also a glaring
Act (FCPA), the United Kingdom with its UK Brib- example of the potential money launder-
ery Act and Canada with its Corruption of For- ing threat presented by politically-ex-
eign Public Officials Act (CFPOA), have enacted posed persons, or PEPs.
legislation with substantial extraterritorial reach.
37
These anti-corruption laws, which are addressed Recognizing the roles and abilities that different
in the chapter on global anti-corruption, place types of gatekeepers possess in your jurisdiction
greater compliance pressure on banks and other will help you better identify and assess their risks.
financial institutions that are the primary focus
of money laundering laws and regulations. Not
only may these businesses be involved directly REGULATORY FRAMEWORKS
in a Foreign Corrupt Practices Act violation, they FOR GATEKEEPERS
may also be implicated, knowingly or through The FATF and certain other international stan-
“willful blindness,” in facilitating the foreign cor- dard-setting bodies recommend that jurisdic-
rupt payment. tions impose AML/CTF regulations on gate-
keeper roles.
THE ROLE OF LAWYERS, In 2003, the FATF recommended that gatekeep-
ACCOUNTANTS, AUDITORS, ers be considered Designated Non-Financial
NOTARIES AND Businesses and Professions (DNFBPs), which
OTHER GATEKEEPERS would make them subject to compliance with
The global financial system is not composed of the regulatory framework laid out in the 40 Rec-
banks and other financial institutions alone. A ommendations.
wide range of facilitators – professionals who
move funds for clients, help manage assets or This would generally mean that gatekeepers are
interact with financial institutions, provide tax expected to implement AML compliance control
advice, purchase real estate, or form trusts and using a risk-based approach, similar to require-
legal entities – can help open the door to the ments for financial institutions. This includes
wider financial system. the following:
• Implementing customer
Like financial institutions, they, too, are vulner- identification measures
able to being exploited in money laundering and
financial crime schemes. These professionals are • Conducting due diligence on clients
often referred to as “gatekeepers” because they and transactions for AML and
can provide “access (knowingly or unwittingly) to financial crime risks
various functions that might help a criminal with • Reporting on suspicious transactions or
funds to move or conceal, per the FATF. client activity to their jurisdiction’s financial
intelligence unit
Types of professions considered to be gatekeep- • Maintaining records in the case they are
ers can vary somewhat by jurisdiction – profes- needed for regulatory compliance or law
sions can have different abilities, roles and limita- enforcement investigations.
tions in different countries.
Not every country has adopted this regulatory
For examples, notaries in many countries with framework for gatekeepers. In many Latin Amer-
civil law systems – such as Latin American coun- ican, Asian and European countries, most gate-
tries and most European countries – can help keeper professions are subject to AML compli-
clients form companies, create trusts, draft con- ance regulations. In the US and Canada, lawyers
tracts and provide many other legal services. In and other legal professionals have no govern-
other countries, such as the US and UK, notaries ment-mandated regulations, only voluntary stan-
play a much more limited role, primarily acting as dards put forth by industry groups.
witnesses when important documents are signed.
38
ASSESSING THE RISKS OF GATEKEEPERS tain types of clients and provide certain low-risk
Gatekeepers are generally considered a medium services. If a gatekeeper does not generally pro-
to high risk by banks and other financial institu- vide services that facilitate transactions, hold
tions that might hold accounts or conduct trans- assets or create or manage legal entities, only
actions with these professions. Certain services has domestic clients, and/or interacts with their
provided by gatekeepers are riskier than others, clients face-to-face, then they would generally
and the types of functions a gatekeeper offers, be considered lower-risk than other types of
along with the geographic reach and the custom- gatekeepers.
ers served, will significantly impact the gatekeep-
er’s AML risk. One final factor that can impact gatekeeper risk
is “professional secrecy.” In many countries, some
A 2013 report on gatekeeper risks by the FATF gatekeeper roles, such as attorneys, have tradi-
assessed SAR/STR filings made by attorneys and tionally enjoyed a high level of secrecy in their
other gatekeepers. It found the most common dealings with clients. In some countries, this
services that came up in SAR/STR reports filed secrecy is legally mandated. One example of
by gatekeepers: “professional secrecy” is the attorney-client privi-
lege in jurisdictions, such as the US.
• Real estate transactions
• Formation of trusts
• Formation of companies, and mergers and REAL PROPERTY AND
acquisitions of existing companies MONEY LAUNDERING
• Trust and company services – i.e., acting as a Also known as asset conversion and typically
trustee or corporate agent done during the integration phase of money
laundering, this is the purchase of goods -- typ-
Along with the nature of services, the way a ically high-value and portable items such as gold,
gatekeeper interacts with clients impacts the precious stones or vehicles. Real estate is also a
risk. Some factors that increase risk include common target for asset conversion schemes. We
the following: will focus on vehicles and real property here; pre-
cious metals and art are discussed elsewhere in
this chapter.
• Interfacing with domestic or international
politically-exposed persons (PEPs) and other
high-net-worth clients
• Taking on the role as third parties to
financial transactions
• Being a nexus to high-risk countries
Working with cash-intensive businesses
In summary, gatekeepers that provide higher-risk

services (such as real estate transactions) to high-
er-risk clients (such as international PEPs) should
obviously be considered higher risk for money
laundering and financial crime.
By the same token, some gatekeepers would be

considered lower risk if they only deal with cer-
39
REAL ESTATE MONEY LAUNDERING STRATEGIES

Real estate has served as a vehicle to launder As discussed in the introductory chapters, finan-
criminal proceeds and disguise beneficial owners cial crime schemes are incredibly varied and
since the earliest days of the money laundering diverse, and limited only by the creativity of the
era in the 1980s. Criminal proceeds can be fun- financial criminal. So, too, are strategies to laun-
neled to real estate transactions through con- der criminal proceeds. As money laundering can
tract deposits, down payments, mortgages, trust be conducted through virtually any transaction
accounts and in the construction process. Off- involving the exchange of assets or other objects
shore corporations, whose true ownership is neb- of value, it would be impossible to fully outline all
ulous at best, often serve as the owners of record money laundering strategies here.
of real estate. Escrow funds maintained in escrow
accounts that are purportedly destined for legit- There are, however, methods that remain consis-
imate expenses in a real estate transaction may tently and globally popular with money launder-
actually be something else. Escrow accounts are ers, and several are briefly outlined here. Many of
vulnerable to money laundering because of the these are described in more detail in other chap-
many transactions that are conducted through ters of the manual. Where that is the case, the
them by the various parties that are involved in chapter is given.
the transaction, including attorneys, title insur-
ance agents, inspectors, bank mortgage officers, INTERNATIONAL TRADE PRICE
appraisers and others. MANIPULATION
For more than 20 years, well-respected aca-
VEHICLES demic studies have shown that the over-pric-
Many money laundering cases worldwide have ing or under-pricing of imports and exports in
involved businesses that sell or trade various international trade facilitates money laundering,
types of vehicles, including automobiles, boats, and other financial crimes, including fraud, cor-
airplanes and motorcycles. These businesses con- ruption and tax evasion. This is commonly called
front many money-laundering risks, including the “trade-based money laundering,” and remains a
receipt of cash, transactions with the proceeds of popular method to conceal illicit proceeds and
illegal activity, the layering of transactions with move them across international borders. Com-
the proceeds of financial and other crime, the modities that are to be shipped may be falsely
payment of vehicles by third parties and more. priced in the shipping documents as higher or
40
lower to accommodate the direction in which the frequently no apparent connection between the
money launderer wishes to move the money. To various accounts and deposits involved.
provide the trade transaction with an air of legit-
imacy, the money launderers may choose to use STRUCTURING
a financial institution to obtain trade financing Structuring is a close companion to smurfing.
and the documentation that goes with it. A more Structuring involves splitting up funds into mul-
thorough examination of trade-based money tiple deposits below certain thresholds to avoid
laundering can be found in Chapter 10, Money triggering reporting requirements. Most juris-
and Commodities Flow. dictions have imposed regulations requiring
many types of financial institutions to report
BLACK MARKET PESO EXCHANGE (BMPE) transactions above a certain amount. In the US,
In simple terms, this is a process by which money for example, institutions are required to file a
derived from illegal activity in one country is Currency Transaction Report (CTR) for depos-
purchased by peso brokers, who sell currency or its above $10,000. Structuring of deposits aims
monetary instruments to legitimate businesses. to avoid this reporting requirement and escape
This method is also widely used for legitimate detection of federal authorities.
purposes in many countries, including Colom-
bia. A more thorough description of BMPE, as it In many jurisdictions, structuring is illegal in and
is commonly known, is available in Chapter 10, of itself, and institutions are required to monitor
Money and Commodities Flow. for patterns of deposits that indicate structuring
is taking place.
PREPAID CARDS AND E-CASH
Smart cards are an ever-present money launder- BULK CASH SMUGGLING
ing threat because they store value in electronic Criminal operations, such as narcotics or human
form that serves as the equivalent of currency. trafficking, often generate large amounts of hard
Some countries allow prepaid, or “smart” cards, currency. In order for this cash to be concealed,
to carry unlimited value, while others place mon- placed within the financial system or utilized by
etary limits on them. More on prepaid cards, a financial institution, it often must be smuggled
virtual currencies and other evolving payment into another jurisdiction. This is referred to as
systems can be found in Chapter 10, Money and bulk cash smuggling.
Commodities Flow.
While the term is sometimes used to describe
SMURFING the movement of large amounts of cash within a
Smurfing, which is sometimes called structuring, jurisdiction, typically bulk cash smuggling takes
is a well-known money laundering method that is place across national or jurisdictional bound-
considered a crime in most countries. Smurfing aries. Many jurisdictions have laws prohibiting
involves dividing illegal proceeds between multi- bulk cash smuggling, as it can violate reporting
ple persons, known as “smurfs,” who then make requirements for cross-border currency transac-
multiple deposits into many separate accounts, tions above a certain threshold.
often at different institutions, to avoid report-
ing thresholds. In one example of a typical bulk cash smuggling
operation, money from the sale of narcotics is
These smaller deposits can then be transferred collected and sorted in a central location. Smaller
and consolidated into a single account. Smurf- bills are exchanged into larger bills, which are
ing can be difficult to detect because there is then packed for transport. Once prepared, the
41
cash can be moved across the border in a vari- bulk cash smuggling to help financial institutions
ety of ways. It may be carried across in multiple spot the activity:
small shipments by cash mules crossing illegally
or legally, hidden in personal luggage or vehicles. • An increase in the sale of large denomination
It may be packed in with consumer, industrial notes from a financial institution in one
or agricultural goods and shipped commercially. jurisdiction to another institution in a
Sophisticated criminal gangs may use surveil- bordering jurisdiction
lance and intelligence-gathering operations to • Large volumes of small denomination notes
help cash shipments move across the border being sent by currency exchange houses
successfully. in one jurisdiction to their accounts at a
financial institution in another jurisdiction,
Regardless of the methods, bulk cash smuggling or sold by the exchange directly to an
operations can involve financial institutions in institution in another jurisdiction.
multiple jurisdictions at several steps during the
process, either to obtain high-denomination cur- Large volumes of small denomination notes
rency in exchange for smaller bills or to ultimately being exchanged for large denomination notes at
place the smuggled cash. The border between the an institution
US and Mexico is a prominent location for smug-
gling operations conducted by Mexican drug
cartels. Consequently, US enforcement agencies
have assembled the following list of red flags for
$3 Million in US Currency Seized by Law Enforcement in the US City of San Diego as Part of an Effort Targeting
Bulk Cash Smuggling. SOURCE: US Customs and Border Protection
42
CASH-INTENSIVE BUSINESSES STRUCTURES THAT HIDE

By the nature of their business models, cer- BENEFICIAL OWNERSHIP
tain business organizations pose greater money Beneficial ownership is a key concept in the
laundering challenges than others for the simple financial crime field. In simple terms, a beneficial
reason that they principally operate in currency. owner is someone who ultimately controls and
Since the principal attractiveness of currency to enjoys the benefits of an asset without being the
money launderers is that it leaves no trail, busi- nominal owner of that asset. A person or group
nesses that operate in cash, such as restaurants, can be the beneficial owner of a financial account,
privately owned ATMs, vending machine compa- security, physical property or nearly any other
nies, retail stores and casinos merit special scru- asset. A more complete discussion of beneficial
tiny for money laundering activity and should be ownership, especially as it relates to financial
considered high risk by financial institutions. accounts, can be found in Chapter 11, Compliance
Programs and Controls.
Another scheme prevalent in cash-intensive busi-
nesses is blending. This involves using a legiti- Beneficial ownership of assets and accounts
mate business to mingle illicit funds with legiti- allows financial criminals to control illicit funds,
mately-derived proceeds. Often, the business is assets or property while obscuring the criminal’s
complicit in the laundering scheme, or is wholly connection to them and distancing the proceeds
owned or created by the launderer. from their source. Most sophisticated finan-
cial crime schemes will take advantage of one or
LENDING more mechanisms and structures to conceal the
Loans extended by a financial institution for any perpetrator’s beneficial ownership of criminal
purpose, including real estate financing, busi- proceeds. Several of the more common ones are
ness loans and other extensions of credit, have described below.
their own money laundering vulnerabilities about
which financial institutions and other businesses SHELL COMPANIES
should be aware. Due diligence procedures fol- Shell companies have no physical presence, nor-
lowing internal risk-based approaches should be mally have concealed owners, and sometimes
applied to the parties involved in a loan, including project the image of being a solid, normal busi-
the ultimate beneficiaries, as well as to the use ness with funds that are legitimate. For the most
and application of the loan proceeds. Financial part, they are companies that exist only on paper.
institutions and others that extend credit should They can hold bank accounts and conduct finan-
be particularly alert to the money laundering cial transactions while providing no signs that
possibilities that arise from the collateral that is they are a shell. Shell companies usually conduct
provided by the borrower for the loan. no business themselves.
Money launderers also make loans among com- There are many legitimate reasons to form a shell
plicit entities, usually combined with other mech- company. In some instances, shell companies
anisms like offshore accounts, legitimate busi- can make it easier to invest overseas, help shield
nesses and shell corporations, loans and financing a company from liability, or transfer profits to
arrangements. This can allow launderers to inte- reduce taxes in a way that is completely legal.
grate large amounts of funds. In one example, a
launderer could set up a shell corporation and a However, many characteristics of shell compa-
legitimate business. The launderer can then make nies also make them highly attractive to financial
a loan to the legitimate business from the shell criminals. Typically, they are easy and inexpen-
corporation, using illicit funds. sive to incorporate, and, in many jurisdictions,
43
they can be established anonymously through cial owners behind shell companies in criminal
attorneys and third parties called “company for- investigations.
mation agents.” In some jurisdictions, shell com-
panies can be formed online through company SHELF COMPANIES
formation agents and with little to no informa- A similar concept to a shell company, the shelf
tion collected on the beneficial owners behind company is a corporation that has no activity or
the shell company, for less than $1,000. business. The name refers to how these com-
panies are formed and then left to “age,” or are
Most importantly, shell companies are an anon- “put on a shelf.” Some shelf companies may be
ymous, or at least concealed, vehicle to access completely inactive for years before being sold
the international financial system. To further off to a buyer.
obscure ownership, many financial criminals will
operate through layers of shell companies, which There are a number of reasons why buyers may
can make it very difficult to trace funds or assets want to purchase a shelf company, and some are
back to the ultimate owner. completely legitimate. In many jurisdictions, it is
simply easier to purchase a pre-existing company
Consequently, shell companies have become a than to set up a new one.
fixture of financial crime schemes of all varieties.
Almost any sophisticated money laundering, fraud In other cases, a businessperson may have an eas-
or corruption operation involves at least one shell ier time gaining interest from investors, securing
company at some point the process. Historically, loans or winning government contracts with a
certain nations and jurisdictions have become company that appears to have been in business
popular locations to form shell companies. There for several years. However, those same qualities
is often an overlap between these jurisdictions of apparent legitimacy and longevity are what
and those labeled as “secrecy havens.” make a shelf corporation appealing to finan-
cial criminals.
Discerning beneficial owners behind shell corpo-
rations can be very difficult when conducting due NOMINEES
diligence or investigations. One potential source
of information is the corporate registry for a given A nominee is a person, company or entity into
jurisdiction, many of which are accessible online. whose name assets, securities or property is
The information that can be obtained from such transferred, while leaving another person or
registries varies substantially between jurisdic- entity as the real owner. Nominee accounts are
tions, but it can include details such as the com- common among securities broker-dealers, who
pany name, the name of the company formation can hold securities for their customers and trade
agent, company directors or board members, and them much more easily. Like all the structures
sometimes a physical address for the company. listed here, nominees can be used for legitimate
purposes. A nominee’s ability to conduct transac-
While this information may not be particularly tions at a distance from the owner of assets, how-
revealing in and of itself, it can provide leads that ever, makes nominees a useful avenue for money
can be useful for discovering the company’s true laundering, particularly in the later stages like
owner. A 2012 survey of law enforcement agencies layering and integration.
in the European Union, for example, found that
company directors and shareholders were some FRONTS
of the most useful leads for unearthing benefi- In general terms, a front is a company or orga-
nization that is established and controlled by
44
another company or entity but that gives the the funds to be available from another “banker”
impression it is not affiliated or connected to the in another country. Later, the bankers settle
entity controlling it. In the financial crime con- their transactions. Hawala is attractive to money
text, fronts are often seemingly legitimate busi- launderers because they leave a slight audit trail
nesses with a physical presence and actual oper- and the identities of the customers who receive
ations, but whose primary purpose is to launder the funds are known only by the “bankers.”
criminal proceeds. An example is a restaurant More information about ITVS will be provided
formed by an organized crime ring that, while in Chapter 10.
open for regular business hours and serving cus-
tomers, mainly exists to take in money from nar- CHARITIES AND NONPROFITS
cotics trafficking. Charities and other nonprofit organizations can
also serve as money laundering vehicles. They
TRUSTS have access to significant funding sources, often
Trusts are legal entities created by a “settlor” to have a presence worldwide, and, in some juris-
manage property for a beneficiary. The settlor dictions, are subject to little regulation. Moreover,
transfers property that he owns to the trust. This “donors” can often make contributions to chari-
property is managed by a trustee according to the ties anonymously, providing a convenient vehicle
terms described in the trust. Trusts can be mis- to launder funds or move money across borders.
used for hiding money and hiding the identity of
the true beneficiary. Trusts are convenient vehi- In recent years, charities and nonprofit orga-
cles for money laundering and usually permit pay- nizations have emerged as a significant risk for
ments to beneficiaries that could disguise money terrorist financing, as well as corruption. Cor-
laundering. Usually, the payments need not be rupt officials will sometimes request that bribes
explained or justified. The trustees are often law- be paid to charities under their control, as will
yers who hold the assets in trust for others. be discussed further in later chapters. Terrorist
organizations will also use charitable operations
BEARER BONDS AND SECURITIES as covert fundraising operations to gather funds
These are convenient tools of money launderers from supporters overseas. Many of the same red
because they belong to the person who carries flags of money laundering discussed previously
them, thus the name “bearer.” Bearer shares are also apply, such as in these examples:
transferred by a physical delivery from one per-
son to another. • Charities and nonprofits that conduct wire
transfers to countries where they have
HAWALA AND INFORMAL VALUE no operation
TRANSFER SYSTEMS • Charities and nonprofits that operate in high-
Hawala and other underground banking proce- risk countries
dures are often called informal value transfer sys- • Charities and nonprofits with a vague
tems (IVTS). They are most popular with persons description of their purpose and services
from Africa and Asia and involve the transfer of
• Charities and nonprofits that have no obvious
value outside the regular banking system. These
physical presence or operate from a P.O.
informal value transfer systems have existed for
centuries and facilitate the secure movement of • Box would both be potential
funds. Persons who wish to send funds to rel- money launderers.
atives in another country place funds with a
hawala banker. For a fee, the banker arranges for
45
CORPORATE REGISTRIES • Date of the company formation, and date

Corporate registries collect and store informa- when the company was dissolved, if no longer
tion pertaining to corporations and other legal in existence
entities created within a given jurisdiction. They • Articles of incorporation and other company
are typically maintained by a government agency formation documents, such as bylaws
or department. Depending on the jurisdic-
• A physical address of the corporation, or
tion, there may be a single registry for an entire
address of the company formation agent
nation, or multiple registries for different states,
regions or cities. • Name and address of a registered agent
for the company
As storehouses for corporate information, reg-
istries serve several functions. They record the Roughly half of the jurisdictions surveyed also
creation or incorporation of a new legal entity, had the following information in their corpo-
collect information on that entity as required rate registries:
by the laws and regulations of their jurisdiction, • Names and addresses of the legal entity’s
and typically make certain information about directors or officers
legal entities available publicly. Registries exist to
• Names and addresses of the shareholders,
identify entities for tax purposes and allow other
members or other legal owners of the
companies and financial institutions to collect
legal entity
information on the corporations and legal enti-
ties they are doing business with.
One very significant piece of information was
missing from almost all corporate registries – the
Due to the widespread presence of corpora-
beneficial owner or owners of the legal entity.
tions, both legitimate and illegitimate, in finan-
Only one jurisdiction, Jersey, required this infor-
cial crime schemes, corporate registries are key
mation to be supplied at the time of entity forma-
sources of information in investigations, enforce-
tion. This fact points to the shortcomings of cor-
ment actions and due diligence. As mentioned,
porate registries as a resource for financial crime
however, the quality and type of information that
investigations.
can be obtained from corporate registries varies
substantially between jurisdictions.
More recently, some nations have taken steps to
address the lack of beneficial ownership infor-
In 2011, the World Bank conducted a global study
mation in corporate registries. The European
of corporate registries to determine the infor-
Union’s 4th and 5th AML Directives, instituted
mation on legal entities could be found. The full
in 2017, require EU member states to imple-
report, based partly on that study, is titled “The
ment registries that collect beneficial ownership
Puppet Masters.” It is a useful resource for all
information. In 2016, the United Kingdom began
financial crime professionals and can be found
requiring many types of legal entities to list their
here: http://star.worldbank.org/star/publica-
beneficial owners at the time of formation in its
tion/puppet-masters.
national corporate registry. Despite this progress,
beneficial ownership information is still unavail-
Of the 40 jurisdictions surveyed, the World Bank
able directly from the registries of most jurisdic-
found the following information was usually
tions, including the US.
available from the corporate registry:
• The name and type of the legal entity Further compounding the difficulties of corpo-
rate registries as an investigative source is the
46
fact that information in them can often be out- THE US MONEY LAUNDERING LAW
dated and inaccurate. Many corporate registries Because it is one of the oldest and most powerful of
are not updated on a regular basis, and most do its kind in the world, it is helpful to study the pro-
not conduct due diligence on the information provisions of the US money laundering law. Enacted
vided, instead relying on the person or company in 1986, the US law has a specific “extraterritorial”
registering the legal entity to provide accurate provision which, at the time of its enactment, was
and true information at the time of incorporation. unique for its far-reaching applicability.
Despite these weaknesses, registries can be a This US law is proof that money laundering is a
valuable starting point in an investigation. Infor- part of all financial crimes. Anyone who works in
mation obtained from them, such as the names financial crime should understand the architec-
and contact details for registered agents or ture and “extraterritorial” reach of this law, which
shareholders, will typically require further inves- carries a maximum penalty of 20 years in prison. It
tigation and verification before the true owners can be applied to anybody, for virtually any trans-
behind a legal entity can be discerned. action or activity related to a crime, anywhere in
the world. The US uses it often against fraudsters,
Many jurisdictions have national or regional tax evaders, persons engaged in foreign corrupt
registries that can be publicly accessed online. practices and other financial criminals. The law’s
Additionally, a number of international bodies more than 220 “specified unlawful activities (SUA)”
maintain websites that can either be used to find are a prerequisite to prosecution and a catalogue
corporate registry information directly, or have of financial crimes. These are also known as pred-
links to corporate registries of various jurisdic- icate offenses. The law permits government civil
tions. Names and links to these organizations and actions and the appointment of “federal receivers”
regional registries are provided below. In the US, by US judges to pursue stolen assets worldwide,
corporate registries are maintained at the state armed with US government financial data and
level, and can be accessed by searching online for assistance from US treaty partners.
the registry of a given state.
The law may be used only if the proceeds of at
• International Association of Commercial least one designated underlying crime are present
Administrators (IACA) in the laundering transaction. Without the pro-
http://www.iaca.org/ ceeds of at least one of more than 200 SUAs, no
• Corporate Registers Forum (CRF) prosecution for money laundering can proceed.
http://www.corporateregistersforum.org
It is important to note that not all the listed
• European Business Register (EBR) SUAs are US crimes. Certain foreign crimes
http://www.ebr.org/section/4/index.html are included among the SUAs and may serve as
• European Commerce Registers’ Forum the basis of a prosecution if their proceeds are
http://www.ecrforum.org/ part of a US transaction or are conducted with
• Association of Registrars of Latin America a US entity.
and the Caribbean (ASORLAC)
http://www.asorlac.org/ingles/portal/ The law asserts “extraterritorial jurisdiction” if
default.aspx the “conduct … is by a US citizen or, in the case of
a non-United States citizen, the conduct occurs
47
in part in the United States” and more than • Procure goods and supplies
$10,000 is involved. • Fund other ongoing operations
The SUAs include virtually every US crime that By that same token, money is the terrorist organi-
produces money or an economic advantage, zation’s weak point. By helping to identify and cut
including fraud, corruption, bank fraud, copy- off these funding sources, financial crime profes-
right infringement, embezzlement, export vio- sionals play a critical role in combating terrorism.
lations, illegal gambling, racketeering and even
environmental crimes. In most jurisdictions, terrorist financing is cov-
ered by the same legal framework established by
The SUAs include some foreign crimes, such as anti-money laundering laws and regulations. This
bribery of a foreign official, embezzlement from a means that customer due diligence, monitoring
government, “misappropriation, theft, or embez- and reporting related to terrorist financing risk
zlement of public funds” by a foreign official, are an essential part of an anti-money laundering
fraud against a foreign bank, extortion, narcot- compliance program.
ics offenses, kidnapping and robbery. They also
include violations of the Foreign Corrupt Prac- Like other money launderers, terrorist financiers
tices Act and the Trading with the Enemy Act. By have shown considerable resourcefulness and
including violations of the Foreign Corrupt Prac- adaptability in the ways they move funds and
tices Act, the money laundering law raises the conceal their financial activities, utilizing many
specter that a company or an individual could be of the same channels and methodologies as other
accused of both offenses simultaneously. Each financial criminals.
violation is deemed to stand on its own.
In one example, the director of the Financial
It is also possible for an individual or company to Crimes Enforcement Network, the national finan-
violate the money laundering law when conduct- cial intelligence unit for the US, stated that nearly
ing transactions with nations, organizations and 20 percent of international terrorism cases being
individuals that are subject to sanctions by the investigated by the FBI in 2014 had related Suspi-
US or other countries. cious Activity Reports and Currency Transaction
Reports associated with them. This reporting
helped further investigations connected to the
TERRORIST FINANCING self-styled Islamic State, Al-Qaeda and other ter-
Detecting and preventing the movement of funds rorist groups.
tied to terrorism is one of the most important
and challenging components of anti-money laun- Consequently, activity detected and reported
dering compliance, investigations and enforce- through AML compliance programs can be crit-
ment. In some cases, it can literally be a matter of ical to support law enforcement efforts against
life and death. terrorist groups. This section examines terrorist
financing models, methods to conduct transac-
Money is essential to terrorist organizations, and tions, emerging risks and red flags of transac-
not only for carrying out attacks. Terrorist groups tions potentially linked to terrorism.
need financing to accomplish the following:
• Recruit new members, and pay

existing members
• Create and disseminate propaganda
48
FUNDRAISING MODELS OF espoused by terrorist organizations, or may

TERRORIST FINANCING be attempting to use these organizations
Traditionally, terrorist financing relied on rais- to further their own ends. In some cases,
ing funds from various backers, moving them financial support comes directly from
through legitimate and underground financial government agencies, such as security forces
networks, and ultimately dispersing them to ter- or intelligence agencies. In other instances,
rorist organizations or cells. This fundraising was, the financing flows more indirectly through
and still is, often conducted in other countries to wealthy and influential individuals connected
be funneled to terrorist groups operating over- to governments, political parties or ruling
seas, especially in conflict regions. families, though it may still be sanctioned
by the state.
Fundraising could come from a variety of sources:
These fundraising models can pose a unique chal-
• Individual contributors, ranging from small lenge to detection and prevention not necessarily
amounts from low-level backers on a one-off shared by other forms of money laundering. The
basis to larger and more consistent funding funds flowing to terrorist organizations may be
streams from wealthy individuals. legally derived, at least in the initial steps.
• Nonprofits, charities and foundations,
ranging from radicalized religious For example, an individual “donor” employed in
organizations and their followers to sham the UK may withdraw a small portion of his legit-
charitable groups that act as fronts for imate monthly paycheck in cash, and use it to
terrorist funding. In some cases, nonprofits send a money order to a family member overseas.
may have some legitimate operations and
unwitting donors, while skimming funds From one perspective, this transaction seems like
off for terrorist organizations. In other a fairly routine remittance payment. Unknown
instances, nonprofit services may be misused to the financial institutions involved, the fam-
to support terrorist groups, helping them ily member receiving the money order is then
with recruitment, supplies or other forms passing the funds along to an associate of a ter-
of assistance. rorist organization. These types of transactions
Not surprisingly, studies by the FATF have emphasize the need for robust monitoring typol-
found that non-profits providing services ogies and a keen awareness of the geographic
within areas that have active terrorist risks associated with payments of all sizes.
organizations are most vulnerable to misuse
by terrorist financiers. Nonprofits involved in Another challenge arises when terrorist groups
humanitarian services in conflict regions are sometimes use funding to provide social goods
also at higher risk. and services. A terrorist organization may fund a
school or a medical facility in a region where they
• Legitimate businesses, operated or operate, for example.
controlled by the associates of terrorist
organizations. These may act as fronts to This may be done as a recruitment tool, to gain
accept funds directed to the organization or support of the local populace, or as a cover for
have a portion of their legitimately-derived illicit activities. These social services organiza-
revenues redirected to terrorist groups, or tions may open bank accounts, receive payments
some combination of the two. and conduct their own seemingly legitimate
• Nation-state backers, which may be financial transactions.
ideologically aligned with the causes
49
SELF-FUNDING THROUGH itant division of Hezbollah on money laundering

CRIMINAL ACTIVITIES charges. The four operatives were reported to be
Although the fundraising-based model of terror- working with South American drug cartels, using
ist financing remains prevalent, terrorist orga- Hezbollah’s international network of members
nizations are increasingly turning to large-scale and financiers to move cocaine and other drugs
criminal activities to self-finance their operations. to European markets, and launder the proceeds
on behalf of cartels.
Terrorist organizations, such as the Taliban and
Al-Qaeda, are engaging in transnational drug This blurring of the lines between transnational
trafficking and human trafficking to raise funds. organized crime and terrorist financing should
Others, such as the Islamic State and Boko Haram, encourage compliance professionals and law
are conducting massive extortion schemes in enforcement to dig even deeper when conduct-
controlled territories and by the theft of coming investigations or reporting suspicious money
modities like oil and gas. Trafficking in stolen laundering activity.
antiquities, illegal wildlife and assets like gold and
precious metals are also lucrative funding outlets METHODS TO CONDUCT
in recent years. TERRORIST FINANCING
Like others in the money laundering space, ter-
These activities and the financing streams they rorist financiers generally weigh several factors
generate bring terrorist groups more in line with when determining how to move funds and con-
the operations of traditional organized crime, duct transactions, regarding their speed, cer-
leading terrorist organizations to adopt similar tainty, expense and risk of detection.
money laundering methodologies – from complex
corporate structures to trade-based laundering. Ideally, financiers want a high degree of speed
and certainty, and low degree of expense and risk.
Many experts have also noticed another worrying How this translates into transaction methods can
trend – increased levels of coordination between change greatly based on a terrorist organization’s
terrorist organizations and transnational orga- circumstances and geographic region.
nized crime rings unaffiliated with any ideolog-
ical or religious cause. These relationships are For example, sending $50,000 through a wire
usually profitable matters of convenience, driven transfer might seem to be faster and more certain
by overlapping territories, activities or goals. than using a cash courier to move funds overseas.
But for a Taliban cell operating out of a remote
Observers have noted a particularly strong con- area of rural Pakistan, accessing the banking sys-
nection between narcotics cartels and terrorist tem might be more difficult and prone to detec-
organizations. In Afghanistan, the Taliban has tion than sending someone to physically trans-
long supplied narcotics cartels in Eastern Europe, port the cash.
Southeast Asia and other regions. In 2012, a
United Nations assessment found that a third of TERRORIST FINANCIERS USE A
the Taliban’s estimated $400 million budget came VARIETY OF METHODS:
from the production and trade of poppies, the
Cash couriers or mules. Physical transportation
precursor ingredient in heroin and opium.
of currency has long been a fixture in terrorist
financing schemes. Despite the risk of detection,
More recently, in 2016, the US Drug Enforce-
cash couriers can circumvent the monitoring
ment Agency arrested several members of a mil-
and reporting that might be triggered by mov-
50
ing funds through the formal financial system. Manual. Hawala is one of several informal sys-
Couriers can also be very useful in the conflict tems around the world, such as Fei Ch’ien or “Fly-
zones or underdeveloped regions where terrorist ing Money” in China.
groups frequently operate because cash is often
the only means to conduct transactions. Although they have existed for hundreds of years,
hawala systems came under greater scrutiny after
In more recent years, “foreign terrorist fight- the September 11th terrorist attacks in New York
ers” traveling to support terrorist groups have in 2001. Investigations in the wake of that attack
become another type of cash courier. Residents found that Al-Qaeda routinely used hawalas as
from other countries traveling to conflict zones to one of their primary transaction methods.
militarily support terrorist groups, often referred
to as foreign fighters, are not a new phenomenon. More recently, an attempt to bomb Times Square
in New York in 2010 was bankrolled through
However, after the Islamic State launched its cam- hawala transactions. The would-be bomber,
paign to form a so-called “caliphate” and actively located in Connecticut in the US, received two
courted foreign supporters to travel to its terri- payments of about $5,000 and $7,000 trans-
tory, the number and volume of FTFs increased. mitted from a Taliban-linked organization in
Rising incidences of online recruitment and radi- Pakistan through hawaladars in Massachusetts
calization have also boosted the numbers of FTFs. and New York.
Many foreign fighters traveling to support Money services businesses. Money services
Al-Qaeda, the Islamic State and other groups in businesses include a wide range of businesses,
Syria and Iraq brought currency with them. In such as currency exchanges, check cashers and
some cases, these funds made up a substantial money transmitters. While MSBs are covered by
portion of a terrorist group’s budget. the same AML regulatory requirements as other
financial institutions in most jurisdictions, many
Hawala networks and other informal value trans- do not hold accounts for customers, and often
fer systems. Methods for moving funds that exist have fewer opportunities to conduct in-depth
outside of the formal financial system, hawalas customer due diligence or develop detailed cus-
are described in more detail in other parts of this tomer profiles that could help detect suspicious
transactions.
Combined with the fact that many accept cash in

the initial stages of transactions, this can make
them vulnerable to use to by terrorist financiers.
Larger money transmitters often have tens of
thousands of agents all around the world, with
a global reach that is unmatched by even the
largest banks.
Terrorist financiers will sometimes exploit MSBs

to raise funds under the cover of remittance pay-
ments from immigrant communities located in
other countries. In recent years, fundraisers for
the terrorist group Al-Shabab in Somalia have
attempted to raise funds using small payments
51
from various Somali immigrant communities in ing suspicious trade transactions remains low in
the United States. many countries.
Unlicensed MSBs are also common in many Some terrorist groups have also utilized gold,
countries. These may operate with minimal diamonds and other precious metals and stones
record-keeping and little to no customer due dili- as a means of financing. Precious stones, in par-
gence, increasing their attractiveness to terrorist ticular, are high-value assets that can be easily
groups. MSBs can often move funds rapidly and transported, concealed and converted into cur-
at low cost, with cash available to recipients in a rency in another jurisdiction. Many countries in
matter of hours. the Middle East and Asia have thriving gold mar-
kets, making it easy to transfer gold into cash
Banks. Despite the level of scrutiny and attention and less likely that large transactions in gold will
paid to terrorist financing within the banking seem out of place.
sector, depository institutions, such as banks and
credit unions, can still be vulnerable to terrorist Prepaid and stored-value cards. In 2015, a group
financing transactions. of individuals paid for hotel rooms in Paris using
prepaid cards. The next day, these individuals
Counter-terrorist financing controls are not con- carried out a terrorist attack on the Bataclan
sistently applied in every jurisdiction or at every nightclub and surrounding areas in the city that
institution. Terrorist financiers have been known left 130 dead and many others injured.
to exploit correspondent accounts held by insti-
tutions with weak controls to move substantial This incident raised the scrutiny on prepaid cards
amounts of funds. In less common but nota- as a tool for financing terrorist attacks. Stored-
ble cases, financiers have essentially taken over value cards that are rechargeable or tied to an
compromised banks to hold funds or conduct account often require more rigorous due dili-
transactions. gence and monitoring of customer usage. How-
ever, lower-value cards that cannot be reloaded
Like other forms of money laundering, terrorist and are often purchasable in cash are still avail-
financing can stay under the radar by utilizing able in many jurisdictions, with few to no restric-
small transactions, or seemingly legitimate trans- tions on who purchases them.
actions, between individuals or business entities.
In one older but still notable example, the Sep- Because they are highly portable and easy to
tember 11 attacks were largely financed by trans- conceal, prepaid cards may be a viable funding
actions that moved through large regional and method for some smaller-scale terrorist attacks.
international US banks headquartered in the US. Recently, the European Union tightened reg-
ulations on prepaid cards to reduce the dollar
Trade-based money laundering and commod- threshold of cards that could be purchased with-
ities movement (TBML). With terrorist groups out customer identification and documentation.
moving closer to transnational organized crime
in their operational structure and activities, EMERGING RISKS AND
their increased use of trade as a money-launder- TERRORIST FINANCING
ing vehicle is no surprise. TBML offers the abil- Like all financial criminals, terrorist financiers
ity to move large amounts of funds across bor- will exploit any and all methods available to obtain
ders, and, although governments have boosted and move funds. This includes new payment sys-
efforts at trade transparency, the risk of detect- tems, online tools to solicit donations and fraud
schemes to raise funds, among other mechanisms.
52
In the UK, individuals supporting terrorist groups

have used “vishing” frauds to finance their own
travel to Syria and other conflict zones, or fund
others. The fraudsters call target victims on
the phone purporting to be bank officials or law
enforcement, and convince victims their accounts
were somehow compromised. The victims, often
elderly adults, are directed to transmit funds into
the fraudster’s account, or provide cash directly
to a courier who is sent to pick it up.
Once received, the fraudsters used MSBs and

sent small transactions under the reporting limit
to transmit funds to Middle Eastern countries.
To date, assessments by law enforcement and
national financial intelligence units have found SOCIAL MEDIA, ONLINE
limited cases in which terrorist groups are using CROWDFUNDING AND FINTECH
these newer methods to raise or transmit funds, Social media sites, such as Facebook, Twitter
usually in small amounts. For the time being, use of and Instagram, have provided an unprecedented
the formal financial sector, self-funding through global platform for terrorist groups to recruit,
criminal activities, and techniques such as TBML radicalize and self-promote.
still appear to be decidedly more widely used.
Groups and individuals affiliated with terror-
However, as new tools and techniques become ist organizations have also used social media as
more mainstream, it is likely that terrorist finan- a straightforward fundraising tool, posting calls
ciers will exploit them with increasing regularity. for donations with wire transfer coordinates or
account information for funds transfers on Face-
FRAUD SCHEMES book, for example.. In other instances, fundraisers
Members of terrorist groups and their backers might use postings on social sites to attract inter-
have been known to use a variety of different est, then follow up with potential donors using
fraud schemes to support themselves or raise more private and secure messaging applications.
funds. In some European countries, sympathiz-
ers and members of terrorist organizations have In the wake of the San Bernardino terrorist
used fraudulent tax refund applications and gov- attack in the US in December 2015, it was widely
ernment benefits to raise funds. They have used reported that the attacker had obtained a per-
credit cards obtained through stolen identities. sonal loan from an online peer-to-peer lend-
ing service. Although there was not a direct
In one example, a group of individuals in Spain line between the loan and the funding needed
faked traffic accidents and filed fraudulent insur- to carry out the attack, the incident still raises
ance claims in an effort to raise funds for FTFs concerns over how a subset of new “fintech” ser-
traveling to support the Islamic State and for vices could be used for terrorist financing. Peer-
another group called the Movement for Unity and to-peer lenders may be less well-versed in CTF
Jihad in West Africa. compliance and less regulated than other types
of financial institutions.
53
Organized crowdfunding sites have also been LONE WOLVES AND SMALL-
misused by those seeking to fund terrorism. CELL TERRORISM
Crowdfunding sites enable individuals to quickly In recent years, the rise of so-called “lone wolf”
and easily set up a fundraising page and start and small-cell terrorists have posed a new and
soliciting donations, possibly under false pre- troubling issue for financial institutions and law
tenses or in the name of sham nonprofit organi- enforcement.
zations. In some cases, donors may not be aware
their contributions are funding terrorism. Historically, many terrorist plots have typi-
cally required multiple participants, a degree of
DIGITAL CURRENCIES coordination with supervisors or superiors and
Some individuals have gone beyond payment technical skills, such as bombmaking. Lone-wolf
cards and bank transfers, making the leap to dig- or small-cell attacks involve one or a handful of
ital currencies to solicit funds for terrorist orga- participants, and usually rely on readily avail-
nizations online. able weapons or techniques. Attackers may be
self-motivated by online propaganda, or have
In 2015, the US arrested an Islamic State backer only limited contact with handlers from terrorist
named Ali Shukri Amin for using Twitter to organizations.
spread information on how to use bitcoin to fund
the terrorist group, in part by sharing an article For these reasons, lone-wolf attacks have low
Amin had written titled “Bitcoin and the Char- funding needs and create only a small financial
ity of Jihad.” footprint, with transactions that can be very dif-
ficult to distinguish from legitimate activity. The
Bitcoin’s relative anonymity, the irrevocability of attack on French magazine Charlie Hebdo in 2015
transactions and the ability to move funds across was thought to be funded primarily through a
national borders are all appealing to terrorist 6,000 Euro personal loan obtained with fraudu-
financiers. In many situations, however, convert- lent documents and the sale of a used car. Com-
ing digital currencies into the real-world fund- pared to other small-cell attacks, that was a
ing that terrorist groups need to operate may be relatively complex plan, involving firearms and
challenging and impractical. three attackers. Attacks using knives and vehicles
already owned by the perpetrators require even
As of late 2017, law enforcement investigators less funding.
and analysts have noted relatively few instances
of terrorist groups moving substantial amounts A report by a Norwegian armed forces research
of funds through virtual currencies. With digital group that looked at 40 terrorist plots in Europe
currencies and online payment systems becom- between 1994 and 2013 found that about 75 per-
ing more common and widely accepted, this is cent cost less than $10,000. Some funding meth-
likely to change in the future. ods used by lone actors and small cells include
the following:
In early 2017, Indonesia’s national financial intelli-
• Self-funding through legitimate means,
gence unit reported that Bahrun Naim, one of the
such as employment income, sale of goods or
country’s most notorious militants and a mem-
possessions, government benefits or income
ber of ISIS, used online payment services, such as
of a spouse or family member.
PayPal and bitcoin, to transfer money to his col-
leagues to fund terrorist activities. • Low level crime, including petty theft, small
scale fraud and drug dealing. There is an
54
increasing body of evidence suggesting that media. Online radicalization plays a big role in
lone actors and small cell attackers often motivating many lone actors, and, in some cases,
have criminal histories. warning signs of extremism could be found on
• Small-scale fundraising, usually limited these individuals’ social media accounts.
to the attacker’s family, friends and direct
connections. RED FLAGS OF TERRORIST FINANCING
Due to the overlap with general money launder-
Detecting activity linked to lone actors and small ing methods and techniques, many of the same
cells can be very challenging for financial insti- red flags covered in previous sections also apply
tutions. Some institutions have sought to create to terrorist financing.
lone wolf monitoring typologies to watch for the
purchase patterns sometimes associated with The Egmont Group, a confederation of national
these attacks, such as weapons, body armor or financial intelligence units of more than 130 coun-
survival equipment. tries, analyzed nearly two dozen cases involving
terrorism and identified these indicators:
Institutions are also conducting increased due
diligence and ongoing review of customer’s social
PERCENTAGE OF TERRORIST ORGANIZATIONS WHO HAD RAISED FUNDS FROM VARIOUS SOURCES,
FROM A STUDY OF 40 TERRORIST CELLS OPERATING IN EUROPE. SOURCE: NORWEGIAN
DEFENCE RESEARCH ESTABLISHMENT
55
• Frequent domestic and international • Inclusion of an individual involved in the

ATM activity transaction on the United Nations 1267
• Unusual cash activity in foreign Sanctions list
bank accounts • Media reports that the account holder is
• Multiple cash deposits in small amounts in an linked to known terrorist organizations or is
account followed by a large wire transfer to engaged in terrorist activities
another country • Beneficial owner of the account not
• Cash or ATM withdrawals in or near properly identified
regions of conflict • Use of nominees, trusts, family member or
• Use of multiple foreign bank accounts third-party accounts
• “Many-to-one” transaction clusters, or • Use of false identification to open the

an account receiving many low-value account or conduct the transaction
transactions from other accounts, which Abuse of non-profit organizations
could indicate fundraising activity
CONCLUSION
• Long periods of account inactivity,
Detecting and preventing terrorist financing
followed by account usage (especially cash
is one of the most important roles for financial
withdrawals) in other countries, which could
crime professionals. A thorough understand-
indicate individuals acting as foreign fighters
ing of anti-money laundering fundamentals is
• Multiple cash deposits and withdrawals with the starting point, but professionals should seek
suspicious references to learn more.
• The parties to the transaction (owner,
beneficiary, etc.) are from countries By understanding common methods used to raise
known to support terrorist activities and and conceal terrorist funds, emerging risks in
organizations new technologies and payment systems, red flags
of terrorist transactions and characteristics of
• Use of false corporations, including
lone actor attacks, you will be better prepared to
shell-companies
help combat this insidious threat
56
CHAPTER 3 PRACTICE QUESTIONS
Q 3-1. Chuck Smith conducted a Ponzi scheme by luring innocent domestic investors
to invest. He claimed they would get a steady stream of payments over time and would
receive a handsome return on their investment. The transaction worked as follows:
• All investors resided in Smith’s country and wired money to Smith in order to make an
investment based on his statements, which later turned out to be false.
• Smith next moved the funds to an offshore bank account.
• Smith then transferred some of the funds from new investors to previous investors,
claiming it was money generated by their investment.
• Smith used the remaining funds to purchase cars and other luxury gifts to create the
appearance that he was successful.
The underlying criminal activity in this case is wire fraud. At which point did money laun-
dering FIRST take place?
A. When the investor wired money to Smith based on his false statements
B. When Smith transferred some of the funds from new investors to previous investors,
claiming it was money generated by their investments
C. When Smith used the remaining funds to purchase cars and other luxury gifts to
create the appearance that he was successful
D. When Smith wired funds to the offshore bank account
See Answer and Rationales
Q 3-2. A compliance officer at a major insurance company has recently noticed a pat-
tern of potentially suspicious transactions from a long-time customer. The customer is
employed in a consulting position that requires her to travel internationally on an unpre-
dictable schedule, and she often resides overseas for extended periods. The customer has
several properties insured with the company for large amounts. In the past three years,
she has overpaid her premiums numerous times and then requested a refund be issued.
Concerned that the customer may be laundering funds through the overpayment of pre-
miums, the officer is investigating the transactions.
Which fact would BEST indicate money laundering may be taking place?
A. The customer often requests that refunds be made by wire transfer to banks outside
of the country.
B. The customer makes the overpayments at different times of the year and in
varying amounts.
57
C. The customer has recently taken out a sizable new insurance policy on a commercial
property with your company.
D. The customer has requested that refunds on excess premiums be made to an attorney.
Q 3-3. A financial institution holds an account for a charitable organization whose stated
mission is to promote literacy in the local community. The charity derives most of its
financial backing from periodic fundraising drives that take in hundreds of small dona-
tions from individual donors.
Recently, the institution conducted a due diligence investigation and noticed unusual
activity in the charity’s account.
Which of these is a red flag for potential terrorist financing?
A. The charity recently purchased a large insurance policy which does not have a
surrender clause and cannot be used as collateral.
B. The charity does not have a long-term leasing agreement on a physical property in a
nearby town.
C. The transaction history indicates a pattern of wire transfers to countries with no
previous connection to the charity’s activities.
D. The transaction history for the charity shows a large number of small cash deposits.
Q 3-4. You are the chief anti-money laundering officer of a full-service bank, and you are
designing a risk-based customer acceptance program to determine the Terrorist Financ-
ing risks specific to not-for-profit (NFP) organizations.
Knowing the elevated risk that NFPs pose, which enhanced due diligence activity is most
essential for these types of client relationships?
A. Monitoring the financial activity in relation to the stated purpose and objectives
of the entity.
B. Obtaining a copy of the organization’s charter.
C. Establishing who controls the organization and its financial activities.
D. For NFPs, customer acceptance requirements are the same as for any other customer.
58
CHAPTER 4
UNDERSTANDING
AND
PREVENTING
FRAUD
OVERVIEW
For financial institutions, government agencies, companies and

individuals worldwide, fraud is not only a constant headache,
but a major operational and financial risk, in addition to causing
harm to their reputations. Fighting fraud is now an escalating
war. Even private sector organizations and government agen-
cies with the most advanced tools and procedures to detect and
prevent fraud sometimes feel like they are falling behind. The
technical advancements and globalization of fraud will continue
to provide increasing challenges to an organization’s ability to
manage fraud in all of its manifestations. Some of the key trends
today include the following:
59
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
• Greater professionalism in fraud practices

through smarter attacks (especially online)
result in bigger payoffs, which, of course,
attracts more talented thieves
• Increased “sharing” of fraud practices from
fraudster to fraudster, often facilitated by
online communications
• More fraud perpetrated from
offshore locations
• More fraud perpetrated by
organized crime rings
• More technical fraud or cybercrime, such as
hacking and other Internet-related activities, Perpetuation of the high returns requires an
that go hand-in-hand with more traditional ever-increasing flow of money from new inves-
fraud activities tors to keep the scheme going. The scheme is
named after Charles Ponzi, who became notori-
• More collusion between merchants, ous for using the technique in the 1920s. Ponzi
fraudsters and organization insiders did not invent the scheme, but his operation took
in so much money that it was the first to become
The increase in fraud-related regulations from well-known throughout the United States.
government authorities has caused a significant
impact on the efforts of private sector organiza- Ponzi schemes have received a lot of attention in
tions to better detect and prevent fraud, especially recent years as they have proliferated, particu-
in the areas of identity theft and account-takeover. larly during the economic downturn starting in
Regulations and governmental guidelines require 2008. One of the best-known schemes was the
increasingly tougher fraud prevention measures. exceptionally large Bernie Madoff scheme, but
Implementing effective fraud detection, preven- Ponzi schemes occur in all shapes and sizes. The
tion and security regimes is a critical part of an Ponzi scheme eventually -- and almost inevitably
organization’s ability to control operational risk. -- collapses on itself because it is an investment
that doesn’t exist and could never deliver the
returns it promises. At some point, the scam gets
UNDERSTANDING AND RECOGNIZING so large that it cannot keep up with the “returns”
TYPES OF FRAUD to the investors above them, although skilled
fraudsters like Madoff have sometimes managed
PONZI AND PYRAMID SCHEMES to run Ponzi schemes for years or even decades.
A Ponzi scheme is a fraudulent investment oper-
ation that pays returns to its investors from their The Madoff scheme signaled a significant red flag
own money or the money paid by subsequent that can help differentiate Ponzi schemes from
investors, rather than from profit earned by the legitimate investment opportunities. While the
individual or organization running the operation. rest of the securities market was declining and
This person is normally called the “promoter.” A even experiencing low levels in terms of share
Ponzi scheme usually entices new investors by prices and market or investment fund perfor-
offering higher returns than other investments mance, the Madoff investment vehicle seem-
in the form of short-term returns that are either ingly continued to achieve impressive, consistent
abnormally high or unusually consistent. returns. The façade that Madoff created for his
60
victims was that he was a shrewd investment AFFINITY FRAUD

manager who had an uncanny knack for invest- This type of fraud scheme refers to scams that
ing in the stock market that other broker-dealers target members of groups which share some cen-
did not have. tral demographic characteristic, such as mem-
bers of the same religion, ethnic community or
Fraudsters, such as those who perpetrate Ponzi profession. Typically, the fraudster is – or claims
schemes, are able to take advantage of even to be – a member of the targeted group, and, in
wealthy, intelligent, sophisticated people. They many cases, will recruit community leaders and
are very good at what they do and feed off of trust trusted members to contribute funds to the fraud
and friendship. They use this as their weapon to scheme, help promote it, or both.
accomplish their goal.
From a fraudster’s perspective, close-knit groups
Some of the red flags of Ponzi schemes include that value trust and community ties are partic-
the following: ularly attractive targets. These groups may be
slower to accept they have been victimized by a
• Investment returns that are “too
fraudster and less likely to report to law enforce-
good to be true”
ment or cooperate with an investigation, espe-
• Investment statements that show continued cially if community leaders are involved.
growth or performance contrary to
market trends In recent years in the US, affinity scams have tar-
• Unusual/absent fee structure geted groups as diverse as Amish communities,
active-duty military personnel, Chinese immi-
• Lack of substance behind the investment,
grants and Mormon church members.
such as when due diligence reveals little
information on the investment or the
In many affinity frauds, the underlying mecha-
company or individual offering it
nism is a Ponzi scheme, pyramid scheme or other
investment in a non-existent security. As such,
In pyramid schemes, the promoter promises
red flags will be similar to other securities fraud
big profits to investors based on their ability to
typologies, including the following:
recruit other persons to join the investment
opportunity and not based on sales or investment • Investment opportunities with terms
results. This is the primary difference between a presented verbally, and little to no
Ponzi and pyramid scheme, although functionally information in writing
they often operate similarly. Some possible red
• Investors are pressured with a sense of
flags of a pyramid scheme include the following:
urgency. The investment is presented as a
“limited-time offer” or only a short window to
• Recruiting of new investors or participants get involved
takes place in an unlimited chain, with new
• The investment is presented as an “exclusive
recruits immediately recruiting others
opportunity” or limited only to participation
• Promotion or advancement to new levels of by certain individuals with demographics
the scheme or new investment opportunities that match the group targeted in the
that are dependent on recruiting others affinity scam.
• Excessive incentives to recruit other
participants or investors
61
SECURITIES FRAUD stock who are unaware of the falsity of the

Securities fraud involves some form of misrepre- information become victims of the scheme
sentation around a “security,” which can be vir- once the price falls.
tually any tradable asset or financial instrument. • Perpetrators of pump-and-dumps often
This misrepresentation can include intentionally take advantage of “penny stocks” as the
inaccurate or misleading information to encour- means to carry out their scheme. In the US,
age the investment. It can also include selling a the Securities and Exchange Commission
security that is illegal in the jurisdiction in which defines penny stocks as securities that
it is offered, or that simply does not exist at all. trade for less than $5 a share and are
not listed on a national exchange. Other
Securities fraud can take many forms, including countries use similar criteria. The low
insider trading, stock manipulation, stock options share price and typical low levels of trading
fraud, “pump-and-dump” schemes, false informa- taking place among penny stocks makes it
tion and withholding key information to inves- relatively easy to run up their share price in
tors. Some common types of securities fraud are the pump phase.
described below.
• Short-selling or “scalping” schemes. The
scheme takes a similar approach to the
In countries with stock exchanges, such as the US,
“pump and dump” by disseminating false or
UK, Canada, Japan, China, Mexico, Singapore and
fraudulent information in an effort to cause
India, laws prohibit fraud in the offer, purchase
price decreases in a particular company’s
and sale of securities. The securities regulatory
stock. Perpetrators will short-sell that stock,
agencies of these nations monitor the capital
or bet that its price will decline, in order to
markets and regulate the conduct of the partici-
profit from the negative news.
pants in order to prevent fraudulent activities.
Insider Trading. Though most often associated
Misrepresentations are basically the equivalent
with illicit activity, insider trading can be con-
of false statements, which are defined as dec-
ducted legally. Most jurisdictions allow company
larations or statements that mislead or create a
“insiders” – employees, officers, directors and
false impression and are made with the intent to
large shareholders – to buy and sell securities in
deceive, manipulate or defraud.
their own companies, provided these transactions
The following are some examples of the more
prevalent types of securities fraud:
Market manipulation schemes. Financial crimi-
nals use two basic methods for trying to manip-
ulate securities markets for their personal profit:
• “Pump-and-dump” schemes. The perpetrators

typically disseminate false and fraudulent
information in an effort to cause dramatic
price increases in thinly traded stocks or
stocks of shell companies (the “pump”), then
immediately sell off their holdings of those
stocks (the “dump”) to realize substantial
profits before the stock price falls back to
its usual low level. Any other buyers of the
62
are properly recorded and reported to securities Some indicators of insider trading include
industry regulators. Trades that equally benefit the following:
all shareholders that are conducted by a company
employee or insider are not considered insider • An individual buys or sells substantial
trading. An example would be stock repurchases. amounts of a company’s stock or
other equities shortly ahead of a major
Insider trading becomes illegal, however, when announcement
an individual is buying or selling a security based • A service provider in an advisory role trades
on information not available to the general pub- heavily in a company’s equities soon after
lic. That is a violation of a relationship of trust being engaged in a professional capacity
and confidence. by the company
• An individual with little or no history of
Examples of illegal insider trading cases include investing suddenly invests heavily in an
the following: equity of one company, even borrowing
• A company’s officers or directors may trade funds to do so
shares after they learn crucial, confidential
information, such as news of a merger or Stock options fraud. Stock options are generally
acquisition, a new product launch, the given as incentives to corporate employees. The
pending release of an earnings report, etc. employees are given the option to buy stock at
The information could also be negative in a specified future date. The price of the stock is
nature. A company may be the subject of set when the stock option is given. If the price of
an investigation or regulatory enforcement the shares increases, the employee profits from it.
action, for example. Stock options fraud involves backdating the date
the option was given to a time when the share
• A corporate insider may share confidential was trading at a lower price. This guarantees that
information with a friend or family member, the stock option will be assured a profit when
who then buys or sells shares based on the it is granted.
tip. In such a case, both persons may be
charged with insider trading. Prime bank note fraud. Prime bank note fraud
• Lawyers, public accountants or other has become increasingly prevalent in recent
corporate advisory roles may trade on years. This fraud scheme typically involves selling
confidential information related to clients fake deposit certificates to an offshore account
gathered in their professional capacity to investors with the promise of quick and highly
• Government employee trades based on profitable returns on the investment. As part of
non-public information gained through their the prime bank note fraud, the perpetrator con-
employment can also violate insider trading vinces the investor/victim to send money to a for-
laws. For example, a regulator who discovers eign bank. The money is eventually transferred to
sensitive data about a company’s financial an offshore account controlled by the perpetrator,
status during a routine examination may use who then uses the funds for personal expenses,
that information to trade in the company’s usually having laundered the funds to erase the
stock, in violation of confidentiality. paper trail.
Typically, these schemes offer a guarantee of a

high yield on the victim’s investment in a rela-
tively short time. These guarantees, for example,
63
assert that investors will enjoy a profit of more Front-Running. Securities broker-dealer firms
than 2000 percent in about one year. will sometimes receive orders from clients to
buy or sell a security which are likely to impact
Further, to establish legitimacy, the schemers will the security’s price. This is especially true of
claim to have access to bank “guarantees” that firms with large institutional clients, who may
are being issued by select “prime banks.” This be transacting in large quantities of securities.
is where the term “prime bank guarantee” orig- An employee of the broker-dealer could trade
inated. To appear more legitimate, the promot- in the security in his own personal account
ers use the term “prime bank debenture,” and ahead of executing the client’s order, then take
require that their investors sign non-disclosure advantage of the price change for his own ben-
agreements and non-circumvention agreements. efit. This “front-running” ahead of client orders
They usually insist that these forms are “required is considered unethical in all jurisdictions, and
by the International Chamber of Commerce” or a illegal in most.
similar international body in order to complete
the transaction. Similarly, an employee of a broker-dealer could
trade in securities ahead of pending buy-or-sell
The following are red flags of prime recommendations or investment analysis that the
bank note fraud: firm will soon be presenting to a client.
• Excessive guaranteed returns
• Fictitious financial instruments, FRAUD IN LOANS AND MORTGAGES
such as medium-term bank notes or Financial crime is adaptable in order to capital-
debentures, bank guarantees and offshore ize on new opportunities and present-day cir-
trading programs cumstances. Thus, when there is a push to offer
• Extreme secrecy home ownership to a greater number of persons,
• Exclusive opportunity the incidence of mortgage fraud is likely to rise.
When a new government program is created to
• Claims of inordinate complexity extend benefits to certain persons and entities,
such as healthcare programs, financial criminals
Equity Crowd-Funding via the Internet. A secu- normally find ways to abuse the program.
rities option which makes it possible for a start-
up company to solicit investors over the Inter- Mortgage fraud usually requires at least two per-
net or through social media with a lot less work sons to collude for the fraud to succeed. A per-
and cost than might be required for traditional son applying for a mortgage loan may grossly
capital investment. The program is supposed to inflate the value of the property to be mortgaged
make it easier for new companies to raise capi- or inflate his income to increase the chance the
tal and grow. mortgage loan will be given. Often, this person
has the help and collusion of an insider at the
This is a relatively new and expanding investment financial institution that extends the mortgage.
field. Because the screening is minimal, there is a
concern about it becoming a new avenue for secu- The institution employee or other insider, in col-
rities fraud. Because investors that are attracted laboration with property appraisers who are also
to these small, minimally screened, and arguably colluding, will obtain an appraisal with an inflated
risky investments, they may become easy targets value of the property that justifies a larger mort-
for con artists. gage loan by the financial institution for which he
works. The inflation of the loan amount extended
64
by the institution increases the institution’s material fact or other information on a mortgage
risk, as well as the illicit proceeds the conspir- or loan application to obtain a loan, or to obtain
ators derive. a larger loan than the lender would typically
grant, if the application information was true and
In another type of credit extension, a financial correct. Mortgage fraud was one of the leading
institution can be defrauded by the illegal use of causes of the housing meltdown that occurred
loan proceeds that a borrower has been granted. in the US and other countries in the mid to late-
The fraudulent application of loan proceeds 2000s. Mortgage scams continue to occur, result-
increases the institution’s risk. The misrepre- ing in poorly-performing mortgage portfolios
sentation by a borrower about the ultimate use for lenders and investors, as well as consumers
of the proceeds of a loan can subject that indi- unable to make mortgage payments, falling into
vidual to a separate crime that is recognized in default and becoming a risk for foreclosure.
many countries -- submitting false statements to
a financial institution from which a credit exten- Mortgage fraud consists of a number of different
sion is sought. methods and approaches:
Mortgage and loan fraud involves an intentional Income fraud. This involves overstating the bor-
material misrepresentation or omission of a rower’s income in order to qualify for a mortgage
FIGURE 1: Annual MLF SAR Filings, 2001-2011
100000
90000
80000
70000
60000
50000
40000
30000
20000
10000
0
2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011
SUSPICIOUS ACTIVITY REPORTS MADE TO US REGULATOR FINANCE INVOLVING MORTGAGE FRAUD HAVE
SHOW N A STEADY INCREASE
65
or for a larger loan amount. Prior to the recent est appraiser or a legitimate appraisal that has
housing downturn and legislative incentives been altered.
requiring lenders to change lending practices,
these typically involved “stated income” or “liar Cash-back fraud. This involves deliberate infla-
loans.” In these instances, the borrower, or a loan tion of a property’s price in order to provide the
officer working on behalf of the borrower (with or borrower with a “rebate” which is not disclosed
without the borrower’s knowledge), would state a to the lender. The seller as well as the real estate
specific income without verification. agent can participate in the scheme and all can
share in the “rebate.” This scheme requires a
Today, these types of loans typically involve an fraudulent appraisal to be successful.
alteration or forgery of income verification doc-
uments, tax returns or bank account statements “Shot-gunning” fraud. This occurs when multiple
in order to satisfy the income requirements. The loans for the same property are obtained with
fraud occurs when the borrower qualifies or different lenders at the same time and for a total
attempts to qualify for a loan, which their true amount in excess of the property value. This type
income would not support. of fraud leaves lenders greatly exposed to losses
because subsequent mortgages are junior to the
Employment fraud. This is another version first mortgage recorded.
of income fraud which involves claiming self-
employment in a non-existent company, or a Lender Fraud. This involves fraudulent lenders or
claim of a higher position in a real company, to mortgage brokers who victimize unwitting bor-
justify the representation of a fraudulently com- rowers or lenders who actually fund or purchase
piled income figure. the loans. Indicators of lender fraud include a
lack of a license (lenders are typically licensed by
Occupancy fraud. This usually involves a bor- the state or jurisdiction in which they operate),
rower that obtains or attempts to obtain a mort- loan terms that are too good to be true, and/or
gage claiming that they will occupy the residence, loan documentation that is incomplete, blank or
thereby obtaining a lower interest rate on the unintelligible.
note. In actuality, the borrower never plans to
occupy the residence. In addition, larger loans Foreclosure scams. The housing and economic
are typically allowed for owner-occupied dwell- crisis that afflicted several countries has resulted
ings than for income properties, for which delin- in an increase in the incidence of mortgage fore-
quency rates are substantially higher. closure scams. Perpetrators of these scams tar-
get people at risk of losing their homes. These
Appraisal fraud. This pertains to a deliberate include mortgage modification scams, as well as
over- or under-statement of the property’s true “foreclosure rescue” buyers who try to rush the
value to perpetrate a fraud. An over-statement of sale of house without the proper forms having
value enables the property owner to obtain more been completed.
money than the property is worth in the form
of a cash-out refinance; or an organized effort Buy and bail fraud. As the name implies, this
to generate a for-profit mortgage fraud scheme. form of fraud involves buying a new home with
An under-valuation of the property enables a the intention of abandoning mortgage payments
buyer/borrower to get a lower price on a fore- on the old home. Although there are a variety of
closed home, or to persuade a lender to reduce reasons why a homeowner might do this, some
the balance in the case of a loan modification. less insidious than others, it is still considered
These frauds typically involve either a dishon- fraudulent. Buy and bail schemes typically involve
66
homeowners who draw up false rental agree- associates to make a property seem less appeal-
ments on their current home, and then use these ing. Parties might submit inflated or falsified
agreements as part of the documentation needed repair estimates claiming that expensive work is
to secure a loan on a new home. Once they have required, or physically damage the property to
obtained the new home and moved, they stop discourage legitimate buyers.
making payments on their old home.
In another variation on flopping, the owner is
FLOPPING an innocent victim, and the fraudster conspires
Fraudsters often seek to take advantage of indi- with a real estate agent responsible for selling
viduals who are struggling to make mortgage the property. The agent could list the property
payments on a property they own, or to collab- at an inflated price to fend off other offers, then
orate with these individuals to defraud a lender. drop the price just before the fraudster arrives
One technique referred to as “flopping” exploits to make an offer. Or, the agent might steer the
the mechanism of short sales to fraudulent ends. deal directly to the fraudster, rejecting any other
offers without informing the seller.
In a short sale, a mortgaged property is sold for
less than the value of the outstanding loan. The From the perspective of the financial institution
lender accepts the sale price in exchange for set- involved in the short sale, flopping schemes can
tling the loan, as this might be ultimately less be hard to detect without a thorough investiga-
expensive or more expedient than foreclosing on tion. One indicator can be repeated instances of
the property. similar claims from property owners in the same
geographic area. For example, several owners in a
The basic steps of a flopping scheme are city who are all using the same real estate agency
outlined below: may submit expensive repair estimates listing
very similar types of damages.
• A fraudster approaches an owner who is
struggling to make mortgage payments and
at risk of foreclosure with an offer below the
amount owed on the loan.
• The owner communicates the fraudster’s
offer to the lending institution, who accepts
as settlement of the mortgage.
• The fraudster immediately resells the
property to another buyer that had been
previously secured and makes a tidy profit.
While somewhat unsavory, this arrangement is

not necessarily illegal, depending on the juris-
diction. However, flopping schemes often rely on
collusion with owners or realtors to drive down
the sale price of the property or misdirect other RED FLAGS OF FRAUD IN LOANS
buyers away from making offers, and this is where AND MORTGAGES
they veer into outright fraud. Like all other areas of financial crime, red flags of
fraud in loans and mortgages are situation-spe-
To convince a lender to accept a low sale price, cific, and their applicability will vary based on
fraudsters might work with owners and other
67
the nature of the transaction and the custom- FRAUD IN FINANCIAL REPORTING
ers involved. AND ACCOUNTING
An organization’s financial books and records and
While some of the red flags below are spe-
accounting practices are vulnerable to a wide vari-
cific to mortgages in real estate transactions,
ety of fraudulent manipulation, from deceptive
most apply to other types of credit extended by
tricks to boost purported earnings to techniques
financial institutions, such as personal loans or
to conceal internal theft and embezzlement.
vehicle loans:
• Discrepancies or inconsistencies in different Fraud in financial reporting alone is a financial

documentation, such as an individual’s tax ID crime, but it can also be used to further many
number, address, etc., that varies or appears other criminal schemes. For example, financial
altered, within the loan file records could be altered to conceal bribe pay-
ments, or fictitious invoices could be generated
• Same information for multiple parties in
as part of money laundering schemes.
transaction (i.e., applicant and the listed
employer have same phone)
Although not an exhaustive list, some com-
• Information provided for an applicant’s mon types of fraud in financial reporting are
employment is vague, inconsistent or listed below.
unreasonable (i.e., employer’s address is
only a PO Box or matches the current FRAUDULENT REVENUE RECOGNITION
address of the resident; the company
Almost all companies seek to consistently grow
name or applicant’s job title are generic or
their revenues, and companies often have some
non-descriptive)
flexibility in how they choose to recognize
• Information provided for an applicant’s their earnings, as long as record-keeping does
income is questionable or unreasonable not deviate from “GAAP,” or generally accepted
(i.e., the income appears out of line with accounting principles.
the nature of employment, the applicant
reports high income but shows no deposits in However, a pressure to boost revenue can lead a
financial accounts) company to engage in improper sales practices or
• Not an arms-length transaction, meaning deceptive accounting:
there are ties between the buyer and the • Hidden or side agreements in sales
seller of a property, which can increase the arrangements. To create a short-term
risk of collusion revenue increase, company employees might
• No real estate agent involved in facilitating negotiate sales agreements that are later
the transaction altered or revoked due to hidden terms and
conditions. This is done to book the revenue
• Loan applicant has history of defaults or
of the sale before it is fully completed. These
bankruptcies
terms are made verbally or through messages
• Issues with property taxes; unsure if they left off the actual sales contract and might
have been paid and who is paying them? include refunds, exchanges, different
payment terms or right of return.
There is nothing inherently wrong with
allowing customers to make returns
or otherwise modify a sale when done
legitimately. However, it veers into the realm
68
of fraud when it is done outside of the proper employee could change the account details
channels and with erroneously recorded on the invoice to an account under their
revenue without provisions for returns, control, and then re-submit the original
cancellations or other modifications. invoice for payment.
• Altering dates or holding open accounting • Alternately, an employee colluding with a
periods. By changing the dates on certain vendor or other third party could inflate the
documentation, like shipping documentation value of a legitimate invoice, and then receive
or purchase orders, a company can some percentage of the transaction back
deceptively record revenue in one accounting from the conspirator. In both cases, the
period that should have accrued in another. employee would typically be someone with
Likewise, a company could improperly access to the systems used for a company’s
extend its accounting period, holding open accounts payable.
its receivables to record sales that should
have fallen into the next period.
• Creation of wholly fictitious sales and
customers. Although this technique is more
vulnerable to detection in audits, there have
been numerous cases where companies
simply falsified sales transactions, and
likewise created false customers to match
corresponding entries in their accounts
receivables.
FALSE INVOICING SCHEMES

False invoices are a multi-purpose tool in an array
of financial crime schemes - Providing cover for
bribe payments, or lending an air of legitimacy
to money laundering transactions between shell
companies, or many other applications.
False invoicing schemes are also one of the most

common methods that employees use to mis- Vendors themselves can also engage in false
appropriate funds from employers. This can be invoicing schemes, without the assistance of an
done in the following ways: insider within the company. In this case, it is a mat-
• Creating a fictitious invoice for goods or ter of playing the odds. The vendor assumes that
services that were never delivered, and a certain percentage of false, inflated or duplicate
submitting it for payment. An employee may invoices will simply slip through the cracks and
be acting alone, by submitting false invoices be paid by the company that receives them.
from companies they control, or working
with others. In some instances, employees Like other internal fraud schemes, separation of
collude with an organization’s vendors to duties and multi-step review can be a powerful
create and approve fake invoices. tool to reduce the risk of false invoicing schemes.
• Modifying a legitimate invoice, inflating its This can be as simple as implementing a two-
value, or submitting duplicate invoices. An stage process for approving invoices:
69
1. One employee checks the invoice to confirm At the earliest stage of a new relationship with a
it is for a legitimate product or service. customer, a financial institution must assure that
2. A second employee reviews and the person seeking to open an account or estab-
authorizes payment. lish a business relationship is the true beneficial
owner of the funds to be invested or deposited.
When investigating a company’s records for indi- If a business organization is involved, the insti-
cators of false invoicing, red flags can include tution should ensure that the person seeking to
the following: establish the relationship is the real principal of
• Invoices missing common details and the entity or can and will identify that person.
information, such as no address being
provided, a tax ID number is not given, etc. The nature and size of a relationship usually deter-
• The company name listed cannot be found in mines the degree of due diligence that an insti-
the jurisdiction’s corporate registry. tution should take to investigate and verify ben-
eficial ownership and the principals of an entity.
• The invoice and/or supporting documents Financial criminals invariably use nominees and
are vaguely worded or copied from fronts in their business and financial transactions
other invoices. to hide and disguise their involvement.
• No purchasing order that matches the
information is provided in the invoice. If the account to be opened or business to be
• The goods described on the invoice cannot conducted is of sufficient size and importance, an
be found in the company’s inventory, or the institution or business should exercise enhanced
services cannot be accounted for. due diligence to ensure that persons are who
they say they are and that no nominees or fronts
• Multiple invoices contain the same are shielding the true parties in interest. In situa-
invoice number. tions of sufficient gravity and size, the institution
• There are multiple invoices with the same should go beyond its walls and seek facts inde-
amount on the same date, or from the same pendently from appropriate sources and conduct
vendor on the same date. enhanced due diligence.
• The invoice contains errors or misspelling.
If the institution or business confirms that the
FRAUD IN OPENING AN ACCOUNT beneficial owner is not the person who appears
at the institution seeking to establish the rela-
Financial institutions are vulnerable to fraud in tionship, it should decline the relationship in the
many ways, and the old adage, “Know Your Cus- absence of a satisfactory explanation. If none is
tomer,” is as effective a safeguard against exter- provided, in addition to declining the relationship,
nal financial crime as any government regulation. the institution should probably report the event to
One way to prevent fraud risk is to ensure that an the appropriate authorities as suspicious activity.
application for a new account or relationship by
an individual or entity is fully vetted.
INSURANCE AND
A good way for a financial institution to prevent HEALTH CARE FRAUD
future problems with a customer is to take rea-
sonable due diligence steps when the potential Insurance and health care fraud is a growing
new customer seeks to establish a relationship. and increasingly expensive problem. Although
The applicant should be asked to corroborate all health care fraud can be perpetrated by individ-
the information, and the institution must verify uals, the largest and most successful schemes
the information. usually involve health care providers colluding
70
to overcharge a private or government health

insurance agency. Typically, the health care pro-
vider orders tests and services that are not actu-
ally needed by the patient, bills for services the
patient never receives, or bills for an office visit
that never occurs.
Health care insurance fraud costs government

medical and health insurance programs, such
as Medicare in the US, hundreds of billions of
dollars in fraudulent charges and investigations.
Much of this money is never recovered, which is a
good example of the poor results of asset recov-
ery efforts directed at fraudsters in the US and
most countries.
kers” who embezzle customer premiums may not
There are many types of health care even be licensed.
insurance fraud:
• Upcoding – billing for a higher covered CREDIT AND DEBIT CARD FRAUD
service than performed.
A lost or stolen credit or debit card is an easy
• Using the wrong procedure code to get source and target of fraud. Even if the victim
something covered that would not be immediately reports the card as missing or stolen
covered under its proper code. A sign of this - which most financial institutions and other card
type of fraud is that the provider tried the providers require in order to limit personal liabil-
non- covered code before. ity on fraudulent charges - a fast-acting thief has
• Breaking up a “package” into individual adequate time to quickly incur charges before the
procedures, which is usually more card is disabled.
expensive. An example might be laboratory
and blood work In recent years, credit and debit card fraud has
moved away from the theft of individual cards
• Setting up fake clinics, often involving shell
and toward the theft of large amounts of credit
companies with no physical location or just
and debit card information through hacks and
postal boxes to submit claims.
data breaches. It has also become increas-
ingly sophisticated, with organized crime rings
When a health care provider commits insurance
launching complex operations to steal credit
fraud, the costs can be greater than the monetary
cards and engage in hundreds or thousands of
loss. Health insurance fraud can also be damag-
fraud schemes worldwide in short time periods.
ing to the patients in the provider’s care, as the
More information on how data breaches play into
treatment or tests prescribed may be inappropri-
financial crime schemes will be discussed in the
ate or even harmful.
Cyber Security chapter.
One of the most common forms of insurance
Credit and debit card fraud schemes include
fraud involves insurance brokers keeping the cus-
the following:
tomer’s premium payments rather than applying
them to the intended insurance plan. These “bro-
71
• Tampering with card readers at ATMs and Some fraud in government benefits may actually
other point-of-sale locations, typically by be occurring with “good intention.” This can hap-
inserting skimmers to steal card numbers pen when another entity is trying to get benefits
and passwords. for a person without proper ID, and allows the fil-
• Online theft of numbers through ing of the benefits knowing that the ID provided
compromises of online security. is not valid. While helping someone in need with
this stolen ID, the perpetrator is also creating a
• Identity theft to apply for credit and debit separate victim of identity theft.
cards, such as “too good to be true” credit
card offers through which the fraudsters Fraud in government benefits can often involve
obtain the individual’s personal information collusion of two or more individuals, as well as
and then use that to apply for other cards. collusion between outside actors and govern-
• Physical theft of the card. ment employees.
• Internet fraud schemes, which involve the
use of unlawfully obtained credit card
numbers to order goods or services online.
INTERNAL FRAUD
Internal theft and misappropriation of assets
by employees and insiders of a business organi-
FRAUD IN GOVERNMENT BENEFITS zation are rampant in all countries. A business
Fraud in government benefits is generally perpe- can take several steps to minimize exposure to
trated by identity theft. Using a stolen identity, the these crimes.
fraudster can assume to be the proper recipient
of benefits intended for someone else. This type As in the case of financial institutions seeking to
of fraud is typically perpetrated with the help prevent threats posed by the “enemy within,” the
of knowing the victim’s identification or Social first step businesses should take start at the door
Security numbers (or other identifier), through of the human resources department. Hiring wisely
which access to benefits is typically verified. through thorough examination of applicants is
crucial in minimizing internal theft and misap-
Fraud against government agencies takes many propriation. Thorough interviews, vetting of all
forms. It can be as basic as improperly apply- important aspects of a candidate’s background,
ing for and receiving benefits of small amounts prior job and independent references is crucial.
offered by a social welfare program. Or, it can
involve large sums under large contracts, such Background checks, due diligence and examina-
as those with military and aerospace agencies, in tion of criminal records are also indispensable
which a contractor in the private sector inflates steps. Depending on the sensitivity of the position
costs or furnishes subpar materials to the agency and the potential fraud risk it poses, companies
or performs improperly under the contract. should also consider screening employees against
PEP lists, sanctions lists and negative news scans.
In some cases, financial criminals even recruit Not all of these screens may be required for
the help of prisoners who provide their identifi- every position, but they could be applicable for
cations, such as their Social Security number if higher risk roles. All of these policies and pro-
they are in the US, to pose as legitimate appli- cedures should form part of a pre-employment
cants seeking student loans, unemployment ben- screening program.
efits, tax refunds or other government benefits.
A code of ethics explaining acceptable and unac-
ceptable conduct and a program of mandatory
72
financial disclosure for key employees should also business ties to the vendor, this may warrant
be required. further investigation.
• Sudden changes in the employee’s spending
Financial institutions and other businesses habits and lifestyle—As obvious as this seems,
should also strongly consider establishing an this red flag remains a fixture in internal
anonymous telephone line or similar mechanism fraud schemes. If an employee suddenly
that employees can use to report theft and other starts purchasing expensive luxury goods,
dishonest acts. buys a house or other assets that don’t
match their salary, or otherwise starts living
This reporting mechanism should be sepa- beyond their known income, it warrants
rate from the usual reporting that takes place careful scrutiny.
through the lines of business – In other words, an
employee reporting to their superior, who then • Employees that have overlapping roles
may escalate it to their superior, and so on. If with access to the company’s funds or
there is no option to report outside of the typ- accounts—A lack of clear division of duties
ical reporting through the chain of command, is a weak point for fraudulent behavior. If
employees may be unwilling to speak up for fear one employee is responsible for generating
of retaliation, and will have nowhere to turn if invoices and approving their payment, or
their managers are the ones actually involved in adding new vendors to a company’s system
the suspected fraud. and then approving them, this creates
vulnerabilities for fraud. Organizations
Close observation of employee behavior may should carefully scrutinize these roles
also provide telltale signs of vulnerabilities to and consider adding a separate layer of
the “enemy within.” Some common indicators authentication.
and risk areas for potential involvement in insider
fraud include: It is worth noting that organizations should
always be cautions when developing programs
• Resistance to taking vacation/sick days to review employees for insider fraud risk. Legal
or refusal to share job responsibilities—If issues arise in monitoring employee behavior and
an employee rarely takes vacation or sick legal counsel of a business or institution should
time, or is resistant to sharing their duties be consulted before implementation of new pol-
with another employee, it could indicate icies. For example, monitoring employee use of
something more sinister than sheer devotion social media may raise privacy and other issues
to the job. This is particularly true of roles on which a lawyer should advise the business
with access to a company’s books and or government agency that is contemplating
records or payment processing functions. a new policy.
Likewise, when an employee declines a
promotion or reassignment to a different Internal misappropriation can be the work of
area of the company, this can raise red flags. low-level as well as higher rank employees. They
• Employees with close ties to a vendor or should all be monitored on a risk basis, and the
other third party—An employee that seems risks posed by senior-level staff should not be
abnormally close to a vendor or vendors ignored. Often, higher ranking staff is capable
should raise questions. For example, if an of inflicting far more harm on a business than
employee contacts a vendor more often employees at the lower levels.
that is necessary for business purposes,
advocates on their behalf, or has non- Internal controls aimed at reducing insider fraud
do not necessarily need to be complicated. Sim-
73
ple mechanisms like division of duties and “mak- credit cards, and to delay the discovery of the
er-checker” models can be highly effective at identity theft by the victim.
detecting certain types of fraud. For example,
one employee could be tasked with creating new Identity theft and identity fraud are terms used
vendor invoices in a company’s payment sys- to refer to all types of crime in which someone
tem, and another employee assigned to review wrongfully obtains and uses another person’s
and approve. personal data in some way that involves fraud
or deception, typically for economic gain. With
One thing is certain. If no internal controls exist, enough identifying information about an indi-
or if those that exist are not enforced, temptation vidual, a criminal can take over the individual’s
lures employees. identity to conduct a wide range of crimes, such
as false applications for loans and credit cards,
fraudulent withdrawals from bank accounts, or
IDENTITY THEFT AND FRAUD obtaining other goods, services or privileges
Identity theft is a giant menace of the 21st cen- which the criminal might be denied if he were to
tury. Often, perpetrators are employees of busi- use his real identity.
nesses, including doctors’ offices, government
agencies and financial institutions. The goal of If the financial criminal takes steps to ensure that
identity thieves is to uncover the identities of pri- bills for the falsely obtained credit cards, or bank
vate individuals in order to obtain the numbers statements showing the unauthorized withdraw-
and other characteristics of their credit cards, als, are sent to a physical or e-mail address other
place of employment, residences, children, family than the victim’s, the victim may not become
members, friends, vehicles and other personally aware of what is happening until the criminal has
identifying information. already inflicted substantial damage on the vic-
tim’s assets, credit and reputation.
By learning a person’s personal information, an
identity thief can penetrate a bank account, use OVERVIEW AND METHODS OF
their credit cards, receive government benefits, IDENTITY THEFT
seek a tax refund in someone else’s name and Identity theft is one of the fastest growing types
more. There are various red flags that indicate of consumer fraud and considered one of the
a person has been the victim of identity theft. leading threats to deposit accounts at banks and
These include unusual activity in personal finan- other financial institutions. It can be perpetrated
cial accounts, unknown charges on credit card by a wide variety of means, including some popu-
statements, notification by a tax agency that lar methods listed below:
more than one tax return was received in your
• Account takeover or account hijacking where
name, and other harrowing occurrences.
a fraudster captures a customer’s personal
information and uses it to take over a
Defensive measures against victimization by an
financial account
identity thief include using care about where
Personal Identification Numbers (PIN) on credit • New account fraud in which a fraudster
cards and ATM cards are written and monitoring assumes the identity of a real person to open
the volume of mail a person receives. A substantial a phony account
drop in mail may indicate that someone has sent • Collusion between the fraudster and
a change-of-address card to the postal authori- customer, or between fraudster and
ties in order to have access to and to read one’s employees of an organization
mail and determine a person’s bank accounts and
74
74,915
Theft Type
Credit Card Fraud
Employment or Tax Related Fraud
Phone or Utilities Fraud
124,784
133,015
55,558
235,670
46,920
133,944
123,215
101,174 82,051
46,810 49,379 55,045

40,062
37,443
2013 2014 2015 2016 2017

Number of Identity Theft Cases Reported to the US FTC by Year and Type, 2013 - 2017
75
COMMON TECHNIQUES USED BY simplistic and based on human nature. The roots
IDENTITY THIEVES of social engineering reach back to the days of tra-
Creating fake online identities. Fraudulent iden- ditional ‘con’ men and leverage the same skills to
tities play a significant role in many high pro- convince a victim to reveal sensitive information.
file financial fraud crimes. With today’s Internet
capabilities, fraudsters can easily create new or Leveraging technology. Fraudsters capitalize on
fake identities. Utilizing social networks, blogs, the speed and anonymity afforded by new tech-
forums, email accounts, domain creation, website nologies to perpetrate identity theft and identity
creation and various internet accesses, the fraud- fraud, including the following:
ster can create an entire false persona, including • Using handheld skimmers and other devices
name, address, telephone number, email address, that lift account information when the
website, etc., and represent it as real. Once this individual swipes his or her debit or credit
basic identity is created, the fraudster can file card at an ATM or point-of-sale location,
for a sole proprietorship or set up a corporation such as in a store
using the identifiers of the false persona.
• Getting people to disclose sensitive
The fraudster can then obtain a government tax personal data by sending them phony emails
or other identification number for the business (Phishing), text messages (Smishing) and
and open a new bank account for it. From all the phone calls (Vishing)
information associated with this person and busi- • Using malicious software to capture
ness, it can appear to be a legitimate entity. and transmit personal information to
counterfeiters over the Internet (Malware)
Social engineering. Fraudsters also engage in • Using peer-to-peer computer technology,
social engineering to perpetrate identity theft. such as the kind found on music-sharing
Social engineering typically refers to methods sites, to search personal computers for
and techniques used to manipulate people into password files, account numbers and
performing actions or revealing confidential other information
information in order to gather data, commit fraud
or gain access to computer systems or networks. Internal fraud. Studies of crime data have shown
The basic tools used to obtain information are that a high percentage of identity theft starts
with the theft of personal data by an organiza-
tion’s employee. This confluence of identity theft
and employee corruption is an important trend
for financial institutions and other business orga-
nizations to recognize and protect against with
appropriate fraud tools.
SYNTHETIC IDENTITY FRAUD

Synthetic ID fraud is one of the fastest-grow-
ing fraud types, impacting both individuals and
financial institutions. In synthetic ID fraud, bits
and pieces of information from a real person are
mixed with invented data to create an entirely
new identity.
A CREDIT CARD SKIMMER INSTALLED AT AN ATM
76
It starts with a real tax identification number, than one source, rather than relying solely on a
usually belonging to a child. Because it belongs credit report.
to a real person, the tax ID will often show up
as a valid number in credit reporting and other Issues with an applicant’s tax ID number can also
checks used by financial institutions. be a red flag. If the tax ID number does not match
the other information provided for the applicant,
Tax identification numbers belonging to children or matches a different person, this can be an indi-
are preferred because children typically don’t cator of synthetic ID fraud.
have much of a presence in the financial system.
They usually aren’t applying for accounts, check- RED FLAGS OF IDENTITY THEFT
ing their credit report or doing other activities Due to the prevalence and increasing growth
that might lead to detection. The fraudsters will of identity theft, various countries have pushed
then create a fake name and other details around financial institutions and other organizations to
this stolen identification number, including a real incorporate the following into their fraud surveil-
address (usually a PO box or mail drop). lance systems:
Using this new identity, criminals now have sev- • A layered approach that combines scanning
eral years to set up accounts, establish a credit software with other monitoring tools to
history, get credit cards and obtain personal proactively identify and defend against
loans. Fraudsters might nurture these synthetic identity theft
IDs for years, making card payments and ser- • Improved authentication procedures,
vicing loans, to increase the amount of credit including layers and token or biometric
extended to them. At some point, they will max authentication devices and procedures
out their credit cards and loans and disappear.
• Implementation of fraud detection software
In one notable recent case, a fraud ring created to identify account takeover
nearly 7,000 synthetic IDs and used them to
obtain more than 25,000 credit cards, as well as Because so much fraud committed now involves
loans. The scheme went on for years, and ulti- the illegal use of stolen customer or internal data,
mately led to more than $200 million in losses laws and regulations concerning the safeguarding
from financial institutions. of confidential customer data have been enacted
in many jurisdictions. In particular, financial
Financial institutions are still struggling with how institutions are often required to make their own
to manage the risks of this form of fraud. Like assessments of potential red flags of identity
some forms of loan fraud, synthetic ID fraud is theft within their processes or procedures and to
often written off as a credit loss, and never rec- implement methods for detecting and preventing
ognized as a criminal incident. This misclassifi- these red flags.
cation reduces the likelihood that an institution
will build controls around synthetic ID fraud, or For example, the US Federal Trade Commission
report it appropriately to law enforcement. and other regulators implemented the FACT Act
in 2009, which established key red flag catego-
Since synthetic IDs usually do not have a credit ries and specific examples indicative of identity
history, institutions should be careful and con- theft. These red flags are broadly applicable and
duct thorough due diligence when dealing with are consistent with identity theft red flags or sce-
so-called “thin file” applicants. Institutions narios identified by regulators in other countries.
should also verify applicant information from one The following are key red flags:
77
• Alerts, notifications and warnings from a » A social security or other identifier number,
credit reporting company: as well as address or phone number that has
» A fraud alert on a credit report been used by other people opening accounts
» A notice of credit freeze in response to a

request for a credit report • An applicant who cannot provide identifying
information beyond what is generally
» A notice of address discrepancy provided by available from a wallet or credit report,
a credit reporting agency such as a person who cannot answer a
» A credit report indicating a pattern of challenge question
activity inconsistent with historic activity • Suspicious account activity:
» An unusual number of recently established » Soon after the organization is notified of a
credit relationships or change of address, requests are made for
» account closing(s) because of account new or additional credit cards or to add
privilege abuse users to an account.
» A new account that is used in ways
• Suspicious documents: associated with fraud. For example, the
» Identification that appears to be customer does not make the first payment
altered or forged or makes only an initial payment, or most of
the available credit is used for cash advances
» The person presenting the identification or for purchases of merchandise, such
does not look like the photo or match the as jewelry or electronics, which is easily
physical description converted to cash
» Information on the identification differs » Account usage patterns are different
from what the person presenting is saying, from historical activity, such as sudden
or does not match other information, such non-payment or increase in the use of
as a signature card or previous signatures available credit
» An application looks like it has been altered, » Mailed statement is returned as
forged or torn up and reassembled undeliverable, or the customer reports
that he or she is not receiving the account
• Suspicious personal identifying statements in the mail
information: » Customer reports unauthorized charges
» Inconsistencies with other information, such on the account
as an address that doesn’t match the credit
report; use of a social security number or • Notice from other sources, such as reports
national identifier that does not match from a customer, a victim of an identity theft
» An address, phone number, or other or law enforcement authorities
personal information that has been used on
an account known to be fraudulent The following are signs of identity theft that an
» A fake address, an address for a mail individual should be on the alert for:
drop or prison, an invalid phone number • Certain mail, particularly financial
or one that is associated with a pager or statements and bills, is no longer
answering service being delivered
• Unfamiliar charges on bank statements
78
• The tax authorities reporting the receipt

of multiple tax returns using one’s name or
national identifying number
• Calls from collection agencies about
unfamiliar debts
• Decline of medical benefits because you have
reached the annual benefit maximum
• A signature that is not yours on distinct
applications
INTERPLAY OF IDENTITY THEFT WITH

OTHER TYPES OF FRAUD
Government benefits fraud. The commonality
in government benefits fraud is often identity
theft or the willingness on the part of someone fits are plentiful, collusion between veterans and
to fraudulently provide their identity toward gov- employees of the pertinent government agency
ernment benefits fraud, often for a small percent- can perpetrate veteran’s benefits fraud. The
age or fee. A sophisticated thief may take the time government employees have easy access to the
to alter supporting identity documents, such as qualifying persons they need to recruit, such as
a driver’s license, to make sure that everything veterans who would qualify for benefits but have
matches on the fraudulent application he submits. no need for them. They can be used to complete
fraudulent applications. The employees hold the
Medicare fraud. Typically, this involves one or threat of a fraudulent claim against the veterans
more stolen identities which are then used to bill and receive a portion of the benefit. Fraudulent
a government program, such as Medicare in the claims may also include misstatement of injury or
US. This type of fraud can be conducted using a illness to qualify for a claim.
shell company with a P.O. Box address that is rep-
resented as the “clinic” where treatment is pro-
vided. The perpetrators use stolen identities to DETECTING AND
process fraudulent claims. PREVENTING FRAUD
In recent years, regulatory expectations around
Student loan application fraud. Identity thieves fraud detection and prevention have increased
or willing accomplices take a fee for applying as substantially. At the same time, due to easy
“straw students” (in countries that provide pro- access to information online and through social
grams supporting loans to college students). This networks, institutions and businesses face grow-
allows the fraudster to accumulate large amounts ing reputational risks from fraud. Consequently,
of financial aid from student loan applications. institutions and other companies and organiza-
This type of fraud can be especially successful tions are focusing more now on implementing
because, generally, the loans do not have to be effective governance, risk and compliance (GRC)
repaid until after the student completes college. programs. GRC is viewed as critical to address
It can take a few years for the lender to realize and correct organizational weaknesses that lead
that the borrower is not repaying the loan. to significant operational risk, losses or regu-
latory action.
Veteran disability benefits. In the US and other
countries where military service veteran’s bene-
79
For many companies and institutions, fraud is a Identify the organization’s universe of potential
key risk to profitability and reputation. Imple- risks. Determine the fraud schemes and scenar-
menting effective fraud detection, prevention and ios that typically affect the institution or orga-
security systems has become a critical part of an nization, or firms like it. Assess the potential for
organization’s ability to control operational risk. these schemes and scenarios based on past inci-
Integrating fraud detection and prevention into dents of fraud, the culture of the organization
the organization’s overall GRC framework can and its current framework of internal controls.
produce substantial benefit, including a better
understanding of the impact of financial crime Most FRAs focus on identifying fraud risk in six
on the organization, improving return on risk and key categories:
compliance investments, enhancing the organi-
zation’s reputation and cultivating customer trust. • Fraudulent financial reporting
• Misappropriation of assets
FRAUD RISK ASSESSMENT AND RATING • Expenditures and liabilities for an
Conducting a fraud risk assessment (FRA) is an improper purpose
essential step in the process of detecting and • Revenue and assets obtained by fraud
designing controls to prevent the specific types of
fraud the organization faces. The FRA can be con- • Costs and expenses avoided by fraud
ducted by internal or external auditors or consul- • Financial misconduct by senior management
tants, or through some combination. It does not
necessarily identify exactly the types of fraud Analyze the likelihood of each scheme or sce-
occurring in the organization. Instead, it focuses nario occurring. The FRA must consider not only
detection efforts on specific fraud schemes and the possible risk, but the likelihood that a partic-
scenarios that could occur, as well as on incidents ular fraud will occur. International auditing stan-
that have occurred in the past. This information dards specify four risk levels:
enables the organization’s risk management and 1. Remote
audit teams to make recommendations to senior
management and support the implementation of 2. More than remote
fraud prevention controls designed for the iden- 3. Reasonably possible
tified risks and vulnerabilities. 4. Probable
Following are the steps that normally accompany Assess the materiality of risk. The FRA team
a comprehensive fraud risk assessment: should identify fraud risks that could have an
important financial impact on the organiza-
Create a ‘fraud risk assessment’ team. The FRA tion and its stakeholders, such as shareholders
team should include senior internal audit and risk and lenders. The three levels of materiality are
management personnel or an experienced out- inconsequential, more than inconsequential and
side certified fraud examiner or consultant with material. Any risks that are deemed more than
experience in conducting FRAs. According to the inconsequential or material must be addressed by
Basel Committee on Banking Supervision, the gathering more detailed information or evidence
internal audit plan should be based on a method- of potential fraudulent activity. This step should
ical control risk assessment that documents the take into account the risk tolerance of the firm.
organization’s significant activities and their
associated risks, as well as the principles of the Assess risks in the context of existing anti-
risk assessment methodology. fraud controls. The FRA team should evaluate
the effectiveness of existing controls in prevent-
80
ing the specific fraud scenarios which have been FRAUD DETECTION IN CUSTOMER
identified through the preceding steps. The ulti- ONBOARDING AND MONITORING
mate objective of the fraud risk assessment is to “New account” fraud is a significant challenge and
guide the organization’s auditors to implement has become a main conduit for identity theft and
specific measures to detect fraud, and senior risk other types of fraud. Fraudsters and criminal
management professionals to establish or adjust organizations that target financial institutions
anti-fraud controls to reduce the risk of fraud. take advantage of gaps in employee training and
communication and the pressures that frontline
As part of the risk assessment, the FRA team employees typically face to provide good service
and the internal audit department must consider and bring in new accounts.
whether and how anti-fraud controls can be cir-
cumvented or overridden by management and A good Customer Identification Program (CIP)
others. They should also analyze both internal can do far more than satisfy regulatory require-
and external threats to confidential electronic
data and computer and network security.
KEY ELEMENTS OF A FRAUD BASEL COMMITTEE ON

COMPLIANCE PROGRAM BANKING SUPERVISION
Anti-fraud environment The Basel Committee on Banking Super-
vision (BCBS) is a committee of banking
• Proper tone set by senior management supervisory authorities that was estab-
• Strong, ethical corporate culture lished by the central bank governors of the
Group of Ten countries in 1974. It provides
• Meaningful code of conduct
a forum for regular cooperation on bank-
ing supervisory matters. Its objective is to
Education and training enhance understanding of key supervisory
• Anti-fraud training programs issues and improve the quality of banking
supervision worldwide. The Committee
• Data and information security
also frames guidelines and standards in
training programs
different areas - some of the better known
• Open communications with employees, among them are the international stan-
vendors, suppliers and customers dards on capital adequacy, the Core Princi-
ples for Effective Banking Supervision and
Proactive detection the Concordat on Cross-Border Banking
Supervision.
• Effective fraud tip hotlines
• Whistleblower protections The Basel Committee formulates broad
• Punishment protocol supervisory standards and guidelines, and
recommends statements of best practice
Investigation and follow up in banking supervision (such as the “Basel
III Accord”, for example) in the expectation
• Empowered audit committee with oversight that member authorities and other nations’
of fraud prevention program authorities will take steps to implement
them through their own national systems,
Other key areas whether in statutory form or otherwise.
• Procedures to protect sensitive information
81
ments associated with an anti-money laundering • To prevent fraud, customer identification

compliance program. It can also assist the firm should leverage third-party data and sources,
in reducing or preventing fraud by improving the such as credit reports and other sources
ability of the firm’s front-line employees to ver- of identifying information, to help validate
ify whether application information is fraudulent the information provided by the customer
for a customer opening a new account or seeking or applicant:
to transact with the organization. Not only must • Check if the customer or applicant has used
the credit side of the institution or organization or is using more than one national identifying
guard against fraud, deposit accounts are also number, a Social Security number in the US,
vulnerable to fraud. or other commonly used identifier typically
used for the purposes of identity verification.
A sound Know Your Customer/Customer Due Dil-
igence (KYC/CDD) program includes robust cus- • Review an individual’s address
tomer identification and account-opening proce- history relating to their national
dures, which allows the institution to determine identifying number or
the true identity of each customer and to assess • Social Security number. Often, a fraudster
the risk or potential risk presented by the cus- has numerous such numbers associated with
tomer. As part of the customer onboarding pro- his or her identity.
cess, the organization should perform due dili- • Review how the person’ s surname, or family
gence as follows: name, appears in the credit report or other
• Gather and verify customer identification third-party information compared to how the
materials in paper documents and electronic name is spelled on the account or application
identity verification documents at the start of the relationship.
• Verify and authenticate the • Check the usage of mail drop locations or
customer’s identity rental mailboxes, which could be a sign of
multiple or false identifications.
• Screen the customer against national and
international sanctions lists and other watch OVERVIEW OF FRAUD MONITORING AND
lists, such as known or suspected fraud lists DETECTION SYSTEMS
from internal and external sources, including
law enforcement sources Because of the volume of customers, transactions
and data involved in monitoring and surveillance,
• Document the normal and expected business as well as evolving fraud trends and its shifting
activity for each customer, including sands, some organizations leverage specialized
occupation and business operations technology to help meet their fraud detection
• Document the customer’s relationship and reporting requirements.
within the organization and its subsidiaries,
including all the lines of business Data Mining Tools. Data mining is an effective
and widely used approach for discovering and
Many of these steps also apply to organizations detecting fraud. Data mining is used to detect
that are seeking to develop or strengthen inter- patterns of activity or transactions which are
nal procedures to guard against signs of corrupt anomalous, or “stand out,” from typical customer
activities by their own employees or through or business activity. It can also be used to discover
third parties with foreign public officials and previously unknown relationships between cus-
their family and associates. tomers, accounts and entities transacting with or
through the firm or financial institution.
82
Suspicious patterns are symptoms of fraud, not an important part of the account and relationship
evidence of it. Typically, further investigation opening process.
must be done to determine whether the activ-
ity is actually fraud (or another form of financial Point fraud detection products. Most business
crime) or is legitimate. Therefore, data mining organizations, including financial institutions,
tools must be combined with other capabilities have invested in products and processes to iden-
which facilitate the review and investigation of tify and prevent fraud on a product or channel-
the identified exceptions. specific basis. Traditionally, they have focused on
employing “point solutions” which focus on a rel-
Data mining tools have evolved substantially and atively narrow scope of behavior or fraud.
are able to analyze much larger sets of data in a
much faster timeframe. Data mining techniques Point solutions can be very effective for specific
have been integrated into many software solu- problem areas, such as check fraud and check
tions targeted at fraud detection. kiting, ATM fraud, credit card fraud, and for
establishing mechanisms to help protect access
Predictive analytics. Predictive analytics are through remote channels, such as online or mobile
widely used in fraud detection and prevention banking and other services. Point solutions may
efforts. Many predictive analytical techniques use one or a combination of fraud detection tech-
were pioneered by the credit card industry, and niques, including predictive analytics and rule
in recent years have been leveraged in other patterns, to detect the specific type of fraud for
areas including payments, online banking access, which the solution specializes.
account opening and small business fraud. Like
data mining techniques, predictive analytical Unfortunately, fraudsters do not stick with one
models have been integrated into many fraud channel, line of business or product. Deploying
detection software solutions. multiple fraud detection solutions does not sup-
port the ability to share and consolidate critical
Predictive analytics look at potential risk factors information among fraud detection silos, which
to detect the likelihood of fraudulent activity and leaves the organization and its customers vulner-
develop models which can be leveraged for real able to more sophisticated fraud schemes. Each
time monitoring. For example, analytical models of the major areas of fraudulent activity—activity
evaluate transactions to identify subtle patterns creating the most challenges for firms in terms of
of behavior indicative of fraud, or activities that losses, customer service issues, and reputation—
are atypical for an account or customer. Fraud typically involve more than one type of mecha-
analytical models are an excellent complement nism, channel or product.
to other detection techniques, such as reports
or rule patterns (which detect known patterns of Although point solutions offer significant capa-
fraudulent activity). bilities in specific areas of fraud, they can gen-
erate high levels of “false positives” and may not
Analytic modeling provides flexibility because it be well-integrated into the overall fraud and risk
allows successful automated detection of a broad management regime of the organization.
spectrum of suspicious activity, including activity
not previously recognized as fraudulent. Analyti- Fraudsters, who sometimes associate with orga-
cal models can also predict the likelihood or pro- nized crime, often use smarter and more sophis-
pensity of fraud based on attributes of the cus- ticated methods to gain access to financial data
tomer or entity seeking to do business with the in an organization. Sometimes collusion among
firm or financial institution, and, therefore, are merchants, fraudsters and organization insiders
83
exists. For this reason, many organizations have help prevent and reduce losses by automatically
implemented enterprise-wide fraud detection uncovering and focusing investigations on the
systems, including transaction monitoring and most urgent and actionable alerts.
case management systems to support a broader
view of fraud across various channels and types Internal reports. These are internally generated
of products and services. reports or systems, such as exception reports,
incident reports and leads databases, which help
Transaction Monitoring Systems. This is an flag activities and provide important ancillary
automated system, either a proprietary applica- information used for analyzing or investigating
tion or vendor-provided, for ongoing scanning alerts or cases.
of transaction, customer and entity data. It fil-
ters, compiles and summarizes transaction data Third party data. These can be reports, online
and flags or issues alerts on situations of poten- research portals and public record and propri-
tially suspicious or fraudulent behavior. Detec- etary data sources and analytics provided by
tion is typically achieved through implementa- third-party data vendors and repositories. These
tion of fraud detection scenarios that fall into
three categories:
• Rules-based scenarios which identify specific
patterns of behaviors related to fraud
BENFORD’S LAW
typologies or red flags. When hunting fraud in financial documents,
Benford’s Law can be a useful tool. It is a
• Statistical profiling scenarios which
mathematical theory that says certain digits
identify unusual activity by modeling
appear more frequently than others at cer-
typical or expected activity profiles for a
tain positions in real world data sets.
specific customer or type of customer and
identifying outliers.
Benford researched all different sorts of data
• Predictive analytical models which provide sets- from the size of butterfly wings to the
automated detection of a broad spectrum surface area of rivers - and found the same
of suspicious activity, including activity principle held true: The number 1 appears as
not previously recognized as fraudulent. the first digit about 30% of the time, and the
Analytical models can also predict the number 9 appears first less than 5% of the
likelihood or propensity of fraud. time. The numbers 2 through 8 have different
probabilities of appearing as the first digit.
Some software solutions leverage or combine
multiple types of approaches to help improve Benford’s Law applies to account transac-
detection capabilities. In addition, most transactions, bank transfers and wire transfers, and
tion monitoring systems also provide alert and can be used in investigations and foren-
investigations management systems to facilitate sic accounting.
and document the analysis and investigation of
alerts and cases. Comprehensive alert and case For example, an investigator might analyze
management can automate processes and reduce a company’s financial statements and note
investigative costs. that the number 9 is the first digit 25% of
the time. This will merit closer scrutiny and
Enterprise case management built specifically for could indicate fraud
financial crime investigators can provide a single
view of fraud, risk and compliance status. It can
84
may include credit record information, as well events as they are happening, particularly more
as more sophisticated predictive analytics. This complex, cross-channel fraud schemes, and tak-
information can be used at the time of account ing action before assets have disappeared are
opening for Know Your Customer and due dili- critical to minimizing losses and then meeting
gence purposes, and to support alert analysis and the challenging task of recovery.
investigations of suspicious or unusual activity.
A centralized approach that combines real-time or
near real-time fraud detection with sophisticated
THE IMPORTANCE OF AN analytics often facilitates early detection of fraud
ENTERPRISE APPROACH TO FRAUD schemes and their participants and enhances
AND FINANCIAL CRIME loss prevention and mitigation. An organization
should determine what the recommendations
In their efforts to more successfully man-
or requirements of its regulators indicate about
age financial crime and compliance, business
these approaches.
organizations, including financial services enti-
ties, often recognize the need to take an enter-
Establishing an enterprise fraud management
prise-wide approach to fraud management. Many
system, manual or automated, can be a key step
of them, especially larger ones, are establishing or
in better integrating fraud detection and preven-
have already established financial crime units or
tion into the organization’s overall governance,
financial intelligence units as a first step toward
risk and compliance framework. This can provide
targeting fraud in a more comprehensive way.
many benefits, including a better understanding
The effectiveness of this approach often depends
of the impact of financial crime on the organiza-
on the ability to bring together and coordinate
tion, and improved return on risk and compliance
existing point fraud detection software.
investments, protection of the organization’s rep-
utation and maintenance of customer trust.
.A comprehensive fraud detection approach must
provide a single point of analysis for account and
customer activity and also enable the monitor-
ing and detection of complex behavior and pat-
terns that may indicate broader issues. Exposing
85
Q 4-1. The CFO of a large public corporation sees that the company’s quarterly numbers
are going to exceed analysts’ expectations. Knowing the stock price will probably make
a big jump when this news is released, he makes several large open stock repurchases,
which increases the intrinsic value of the tens of thousands of shares he already owns.
He then mentions the earnings report to his wife, and she buys 1,000 shares of stock in her
personal trading account. Her broker, who knows that she is married to the CFO of this
company, feels that she must know something, so he recommends it to many of his clients
who buy some very large blocks.
The quarterly numbers are released, and the stock makes a big move as expected. Which
individual in this scenario has committed insider trading?
A. The CFO
B. The CFO’s wife
C. The wife’s stockbroker
D. The stockbroker’s clients
86
CHAPTER 5
GLOBAL
ANTI-CORRUPTION
COMPLIANCE
AND
ENFORCEMENT
OVERVIEW
Corruption is an unfortunate reality throughout the world in

developed and underdeveloped countries alike. It weakens and
undermines democratic institutions, distorts national econ-
omies, contaminates business practices, fosters government
instability, discourages external investments, unjustly enriches
public officials and private sector business people, worsens
social conditions and public services, and impacts hundreds of
millions of people each day.
87
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
And it gives corporations an unfair competitive by an employee of a regular government agency.

advantage by buying government employees, and These corrupt acts may also violate other crimi-
props up poorly-run companies at the expense of nal laws, such as those dealing with commercial
rivals unwilling to make corrupt payments. bribery, conspiracy, money laundering and others.
For all these reasons, corruption and its many This means that all public functions, especially in
deleterious consequences have gained great countries where corruption is pervasive, may be
public and international attention in the past corroded and distorted to accommodate the cor-
two decades. rupt interests of the public officials. A legislator
may be corrupted to advance a legislative proj-
Official corruption, which refers to the dishon- ect, conduct an investigation or kill a bill that is
est acts of public officials, can take many forms. pending in the legislative body. This corrupts the
It can be bribery, extortion, embezzlement, kick- laws that guide business and other dealings and
backs, influence peddling, nepotism and alliances on which judicial decisions in business transac-
with criminal elements. tions are based.
Official corruption is not limited to employees Similarly, there is widespread corruption world-
in the executive branch of government, such as wide in the judicial branch of government. This
heads of state, ministers, law enforcement offi- means judges who are sworn to impartiality and
cials, inspectors, regulators and other func- fair dealings with parties that appear before them,
tionaries. Official corruption is also widespread are corrupted by a party to rule in a certain way
around the world in the legislative and judicial or prohibit someone from taking action, or com-
branches of government. In addition, many coun- pelling persons to do certain things. This goes to
tries’ governments create state-owned commer- the heart of the law and pollutes the legal sys-
cial enterprises that compete with private sector tem to the point where the public, whose tax dol-
businesses that do the same things. These state- lars support the system, loses confidence in the
owned enterprises engage in many commercial courts and respect for the judiciary and the law.
activities typically performed by private sec-
tor entities. Official corruption, which is often called public
corruption, is also rampant in many countries
State-owned airlines are an example. They fly where organized crime, drug traffickers and
commercial routes alongside private sector air other criminal enterprises shower public officials
carriers and have employees that perform simi- with money and expensive gifts to neutralize the
lar jobs as those in private airlines. The employ- laws and their enforcement. This creates an envi-
ees of these state-owned companies are as prone ronment in which the more traditional financial
to corruption as those of standard government criminals - who do not dirty their hands with
agencies. In general, the laws of most countries drugs, human trafficking and the like - find public
deem corruption by persons who work at state- officials more receptive to their corrupt payments.
owned entities in the same light as corruption by
employees of regular government agencies.
THE WORLD MOVEMENT TO
If an employee of a state-owned airline, for exam- COMBAT CORRUPTION
ple, seeks or obtains an unlawful payment for the Recognizing this, major international bodies have
performance of an official act related to the air- increased international pressure on nations to
line, it is a corrupt act just as if it were performed intensify their efforts against corruption over
88
roughly the past 15 years. This has resulted in the In the anti-corruption field, NGOs may be divided
enactment of laws by various nations, notably the into two groups:
United Kingdom, which enacted its far- reaching 1. Those that are associated with or supported
Bribery Act in 2010. by governments, sometimes through
international bodies like the Organization for
In addition, this surge in international attention Economic Cooperation and Development
to corruption has caused other nations to amend
their laws and step up their enforcement activ- 2. Those that are non-profit entities that are
ity. The notable example is the US, which has not officially supported by or connected to
greatly increased the enforcement and regula- a government
tory efforts under the Foreign Corrupt Practices The two types of NGOs often engage in similar
Act. The FCPA, which became law in 1977, is the work and partner with each another, thus blur-
grandfather of such laws around the world that ring the distinctions. Typically, however, NGOs
prohibit and criminalize corrupt payments to for- connected to national or international bodies are
eign public officials. more active in creating and promoting anti-cor-
ruption policies and standards, while unaffiliated
The new international standards that have non-profit agencies normally focus on anti-cor-
evolved from these accelerated and intensified ruption advocacy.
efforts have served as a beacon for nations that
wish to improve their mechanisms to prevent, One of the best-known of the unaffiliated enti-
deter and prosecute corruption in their govern- ties is Transparency International (TI), which is
ment functions. headquartered in Germany and has chapters in
100 countries. The chapters have considerable
latitude to choose the projects they will pursue.
NON-GOVERNMENTAL
ORGANIZATIONS AND ANTI- TI’s anti-corruption work is wide-ranging, but
CORRUPTION ADVOCACY some of its most important work is its research,
analysis and reporting on corruption issues. TI is
Non-governmental organizations (NGOs) play a
one of the key sources of information on global
significant role in these efforts. They have raised
corruption, which is facilitated by the data it
awareness of the effects of corruption, advocated
receives from its network of chapters. One signif-
for transparent government and business prac-
icant TI publication is the Corruption Perceptions
tices, and created and assisted anti-corruption
Index, an annual report that assigns rankings to
monitoring efforts.
all countries based on their “perceived levels of
89
corruption, as determined by assessments and impoverished country of billions of dollars. The

opinion surveys.” suit led French authorities to seize $250 million
in property owned or controlled by the dictator’s
There are thousands of non-profit entities world- son, including luxury cars, real estate, art and
wide that are dedicated in whole or in part to other valuables located in France.
anti-corruption advocacy, monitoring and public
policy. Sometimes, these groups have urged law Many nations, such as the US, have laws that per-
enforcement agencies to investigate and bring mit the seizure and confiscation of the assets of
corruption cases to court. On some occasions, corrupt foreign figures and the sharing of the
under the laws of a particular country, they have proceeds of these cases with the nation that was
brought civil lawsuits themselves. victimized by the corruption.
A recent example occurred in France. Three pri- Organization for Economic Cooperation and
vate sector organizations sued Teodoro Obiang, Development (OECD). This important multi-
the son of the dictator of Equatorial Guinea, who national organization, which also serves as the
was suspected of having plundered his oil-rich parent of the Financial Action Task Force, plays
An Image of TRANSPARENCY INTERNATIONALE’S CORRUPTION PERCEPTIONS INDEX 2017. Darker Colors

Indicate Higher Levels of Perceived Corruption. Source: Transparency International
90
a significant role in fostering and strengthening

international anti-corruption policies. It does
this primarily through its Anti-Bribery Conven- As of January
2019, 40 nations
tion, which has the official title of the Convention
on Combating Bribery of Foreign Public Officials
in International Business Transactions. The con-
vention requires signatory countries to enact
laws that criminalize bribery of foreign public had signed
the Convention…
officials, such as the US Foreign Corrupt Prac-
tices Act (FCPA) does.
The convention also commits signatory nations tion, monitoring and finance systems in the gov-
to a two-stage review by other signatory coun- ernment agencies.
tries on their anti-corruption laws, policies and
enforcement and regulatory resources. In the In partnership with the United Nations Office on
first stage, the examining nation reviews the laws Drugs and Crime, the World Bank also adminis-
to ensure they are complete and in keeping with ters the Stolen Asset Recovery Initiative, known
the mandates of the Convention. The second as StAR. The program is intended to “support
phase assesses how well the nation is implement- international efforts to end safe havens for cor-
ing and enforcing its laws and how often its agen- rupt funds” and help countries that lose funds
cies bring cases. and other resources because of corruption to
recover the stolen assets.
As of January 2019, 40 nations had signed the
Convention, including Bulgaria, Iceland, New StAR also trains personnel of law enforcement
Zealand, Colombia, France, Germany, the US, agencies and other government agencies, as
the UK, Brazil and Turkey. The Convention has well as private sector entities on asset recovery.
prompted nations to amend corruption laws that It produces reports, handbooks and guides on
predate the Convention, including the US, which asset recovery.
amended the FCPA in 1998 to bring it in line with
the Convention’s requirements. United Nations Office on Drugs and Crime
(UNODC). The UNODC maintains an open source
World Bank. One of the most visible and import- database of corruption-related legal cases and
ant NGOs, it is an international financial institu- information, called Tools and Resources for
tion that extends loans and financing to devel- Anti-Corruption Knowledge, or TRACK. The
oping countries. One of its primary goals is to UNODC provides training on anti-corruption
reduce poverty by encouraging international enforcement and good governance practices to
trade and investment. Projects funded by the government agencies and other NGOs through
World Bank are often the targets of corrupt prac- numerous publications and training documents,
tices among the nations that receive assistance as well as its International Anti-Corruption Acad-
and the contractors and service providers that emy located in Austria. It also conducts research
implement them. As a result, over the past decade, on corruption and produces country- specific
the Bank has actively developed and promoted reports on corruption risks.
anti-corruption and good governance programs.
Many of them provide training, technical assis- United Nations. The United Nations Convention
tance and technology to recipient nations with against Corruption, which was introduced in
the goal of improving management, administra- 2003, establishes worldwide standards of con-
91
trols directed at official corruption and mecha- rupt official may ask that a payment be made to
nisms. By the end of 2012, it had been signed by a non-profit entity which he or she controls or
140 nations. Signatory nations commit to crimi- benefits from.
nalize bribery, implement laws and regulations
intended to prevent corruption, and cooperate
on asset recovery in corruption cases. Signatory
nations may seek and obtain the assistance of
other signatories to combat corruption. STOLEN ASSET RECOVERY
There are other prominent private sector organi-
INITIATIVE (STAR)
zations that render valuable services to the world Assets stolen by corrupt leaders at the
community on the combat of official and private country level are frequently of stagger-
sector corruption. These include Global Witness, ing magnitude. The true cost of corrup-
which was formed in 1993 to combat corruption far exceeds the value of assets stolen
tion, natural resource exploitation, human rights by the leaders of countries. This would
abuses and poverty; and the Group of States include the degradation of public institu-
Against Corruption, which is a dependency of the tions, especially those involved in public
Council of Europe and monitors implementation financial management and financial sector
of multilateral agreements that seek to com- governance, the weakening if not destruc-
bat corruption. tion of the private investment climate, and
the corruption of social service delivery
These international bodies, NGOs and other mechanisms for basic health and educa-
organizations around the world offer information programs, with a particularly adverse
tion, training resources and expertise that can impact on the poor. This “collateral dam-
be a very valuable resource for financial institu- age,” in terms of foregone growth and
tions, commercial entities and national, provin- poverty alleviation, will be proportional
cial and local governments in their compliance, to the duration of the tenure of the cor-
investigation and enforcement efforts. Finan- rupt leaders.
cial crime specialists should always keep these
resources in mind. Addressing the problem of stolen assets is
an immense challenge. Even though coun-
tries as diverse as Nigeria, Peru and the
MECHANISMS THAT Philippines have enjoyed some success in
FACILITATE CORRUPTION asset recovery, the process is time-con-
suming and costly.
Throughout the world, there is a wide variety of
mechanisms and vehicles that facilitate the plan-
The Stolen Asset Recovery (StAR) initia-
ning and execution of corruption.
tive was launched jointly by the UN Office
on Drugs and Crime (UNODC) and the
Here is a listing of some common vehicles for
World Bank Group (WBG) to respond to
corruption. Additional information on how these
this problem.
can be applied can be found in the money laun-
dering section.
Charitable and non-profit organizations. - Non-

profit organizations and donations to charities
represent popular corruption vehicles. A cor-
92
In guidance on the Foreign Corrupt Practices Act, diligence on businesses that receive payments
the US Department of Justice lists five questions may reveal fictitious businesses that are corrup-
to consider when making charitable payments in tion vehicles.
a foreign country:
Payments through loans. An organization or
• What is the purpose of the payment? individual could use loans to disguise corrupt
• Is the payment consistent with the company’s payments in several ways. A payer could give a
internal guidelines on charitable giving? bribe to the recipient directly, but then record it
• Is the payment at the request of a as a legitimate loan in its books and records. A
foreign official? company or individual could also give an actual
loan to a government official or entity, but pro-
• Is the foreign official associated with the vide it on very favorable terms, such as at a low
charity, and if so, can they make decisions interest rate if not interest-free.
impacting your business?
• Is the payment conditioned upon receiving Gifts, travel, entertainment and other personal
businesses or other benefits? expenses. These are often a cover for corrupt
dealings with a public official and his family and
Political campaigns. Elected public officials have associates. For example, a public official who asks
political organizations through which corrupt a business person for financial assistance to pay
payments may be made. The official may also his daughter’s college education may be seeking
use a nominee or ‘front’ to create a company that a bribe. Companies that provide an official the
provides services to the campaign and which may free use of their apartments, cars or airplanes, in
serve as a vehicle for corrupt payments. effect, may be bribing that official.
Fictitious employees. A corporation or other Alternately, a company might pay a government

organization can falsely increase its payrolls with official directly, then record payments in its
fictitious employees in order to disguise evidence books and records as fictitious gifts, travel and
of corrupt payments. It could also convey bribes entertainment expenses. This is one reason why
by issuing checks to employees that have already strong policies on expense documentation and
left the company, or by directly adding govern- record-keeping are important in the anti-corrup-
ment officials, their family members or their tion context.
associates to the company payrolls. A company
could also corruptly provide services to govern- This does not mean that any funds spent on gifts,
ment officials by loaning employees to a political travel and entertainment are illegitimate or ques-
campaign while it continues to pay their salaries. tionable, but companies should exercise caution
and avoid anything approaching lavish expendi-
Financial crime specialists investigating corrup- tures on government officials. Some examples of
tion should carefully scrutinize the checks issued improper travel and entertainment, provided by
to company employees to determine if employ- the US Department of Justice and based on real-
ees on payroll are still working for the company world cases, include:
and if they appear to be qualified for their posi-
tion and salary. • A $12,000 birthday trip for a government
official from Mexico that included trips to
Fictitious businesses. A corrupt official may sub- wineries and expensive dinners
mit invoices for nonexistent services in the name • A trip to Italy provided to eight Iraqi officials
of a shell corporation that he or she controls. Due that consisted mainly of sightseeing and
93
included $1,000 in spending money given to

each government official
• $10,000 spent on dinners, drinks and
entertainment for government officials
OTHER CONDUITS FOR CORRUPTION

In addition to those vehicles, there are numer-
ous other conduits to execute corrupt payments.
Here is a listing of some common conduits:
Offshore accounts in third countries held in the
names of nominees or family members
returns and fraudulently alter books and records.
• Third parties or nominees that front for One financial crime begets another and another.
corrupt officials
• Shell companies and trusts in offshore
secrecy havens
THE UNITED STATES FOREIGN
CORRUPT PRACTICES ACT
• Nominees or “bagmen” to hide the identity of
the true beneficial owners The US Foreign Corrupt Practices Act (FCPA) has
several distinctive features that deserve expla-
• Gatekeepers, such as lawyers and notaries, nation and analysis because they teach many
who create corporations, open bank lessons, even though it is a US law. The FCPA is
accounts, transfer proceeds, purchase the world’s oldest and most frequently enforced
property, courier cash and perform anti-corruption law and it can punish companies
other services worldwide for violating it. Understanding its pro-
• Diplomatic pouches carried by foreign visions is necessary for financial crime profes-
service officers that are protected from sionals in all countries.
search or seizure
• Embassy bank accounts maintained by a Another reason why attention to the US and Brit-
country’s embassies in other countries, ish anti-corruption laws is important is because
which may be available for use by public their global enforcement touches on private sector
officials of the embassy’s home country organizations, business people and professionals.
• Correspondent accounts maintained in other The roots of the FCPA can be traced back more
countries by the financial institutions of the than three decades. In the mid-1970s, a series
country where the corrupt official resides of corporate bribery scandals made headlines
• Using state-owned companies that are worldwide and triggered unprecedented gov-
commercial entities owned by a government, ernment scrutiny of transnational corrupt busi-
which may offer facilities and personnel to ness practices.
execute a corrupt scheme
Investigations of international corporate brib-
Corruption breeds other financial crimes. Often it ery began in the US, when the political scandal
is part of larger financial crimes. To hide evidence known as ‘Watergate’ led to a wider probe of
of their corruption, officials that take bribes and domestic corporate corruption. These inquiries
companies that pay them usually falsify their tax unearthed evidence not only of illegal political
contributions inside the US, but also widespread
94
bribery of non-US public officials by US compa- The FCPA also applies to non-US persons who
nies overseas. reside in the US and to non-US entities that are
registered with the SEC as an “issuer” of securi-
One example involved Lockheed Martin Corpo- ties, meaning any company whose stocks or secu-
ration. An investigation in 1975 by a US Senate rities are traded on US exchanges. Even a non-US
subcommittee exposed that the US aerospace company with no offices, employees or physical
company had paid $22 million to high-ranking presence in the US may be criminally prosecuted
government officials in four countries to secure in US courts for bribery it committed anywhere in
airplane contracts. The fallout was global. In the world. This makes it a truly international law.
Italy, the scandal forced the sitting president to
resign. In the Netherlands, evidence implicating In a prosecution for violation of the FCPA, viola-
the country’s prince taking corrupt payments tors may face the judicial precept known as “will-
disgraced the royal family. Japan’s prime minis- ful blindness.” This means that persons or entities
ter was arrested and convicted on charges con- that may not have direct knowledge of corrupt
nected to his accepting bribes. payments may still be held responsible if they
were “willfully blind” to the payments and delib-
The US SEC subsequently found evidence impli-
cating more than 400 US corporations that had
paid $300 million in bribes to non-US public offi-
cials and political entities. The resulting outcry in PDVSA BRIBERY SCANDAL
the US and abroad led the US Congress to pass
In early 2018, the US Department of Jus-
the FCPA. It was enacted into law in 1977.
tice released the opening salvo in what
would become a broad campaign against
KEY PROVISIONS OF THE FCPA corruption tied to Venezuela’s state-
The FCPA is a sweeping anti-corruption law that owned oil company, Petroleos de Venezu-
has criminal and civil provisions. It makes it a ela S.A (PDVSA).
crime for US individuals and entities, including
corporations and non-profit organizations, to US prosecutors indicted five former offi-
“corruptly offer, promise or provide anything of cials of PDVSA for accepting tens of mil-
value to a foreign official for the purpose of obtain- lions in bribes to steer contracts to two
ing or retaining business.” The term “foreign offi- US-based businessmen. As the officials
cial” has been interpreted very broadly by US were not US persons, some were outside
law enforcement and regulatory agencies. It has the scope of the FCPA, but still subject to
come to mean not just elected officeholders, but US money laundering laws. Four of the
also political appointees and virtually all employ- officials were arrested in Spain, while a
ees of a state agency or state-owned company. fifth was at large as of early 2019.
The FCPA also imposes record-keeping and In a separate case later in the year, pros-
accounting duties on certain entities. These are ecutors in Miami indicted a US citizen
known as the “books and records” provisions and and former German banker for their role
are enforced by the SEC. The provisions require in embezzling $1.2 billion from PDVSA. In
companies to create effective controls that are that instance as well, prosecutors com-
designed to prevent and detect corrupt payments. bined corruption and money laundering
Companies that violate these provisions can face charges, showing a clear connection.
civil penalties.
95
ILLEGAL PAYMENTS UNDER THE FCPA

A bribe or corrupt payment may be “anything
of value.” A bribe can just as easily be conveyed
by a gift of expensive luxury goods, lavish trips
to a high-end resort, contributions to a charity,
the hiring of a public official’s relatives or associ-
ates. The illegal payments need not be briefcases
full of cash.
Not only may other laws come to play in a foreign

corrupt practices case, many of the same red
flags and techniques that are used to detect and
investigate other financial crimes may be applied
to foreign corruption cases.
erately avoided knowledge of the facts. The will-
ful blindness precept also applies in money laun-
For conviction, the FCPA requires that a payment,
dering cases where a person alleges that he or
gift or offer of payment must be made with “cor-
she did not know of the illicit origin of the funds
rupt intent.” One way to demonstrate that is by
involved in a transaction.
showing that payments were intentionally con-
cealed or disguised through off-the-books trans-
Non-US companies are justified to be concerned
actions or non-transparent payment schemes.
about FCPA enforcement by the US Depart-
Corrupt intent may also be shown if the payment
ment of Justice and the SEC. Nine of the 10
was used to convince a foreign official to abuse
largest penalties for FCPA violations have been
his or her position.
imposed on non-US companies, including enti-
ties based in Germany, France, Japan, the Neth-
Under the FCPA, corrupt payments do not have to
erlands and the UK.
be actually made to violate the act. A conspiracy
to make corrupt payments to a foreign official is
The FCPA covers only payments to foreign gov-
also a violation of the FCPA, even if no payment is
ernment officials, and not bribes or other corrupt
actually made.
payments to private companies or individuals,
which are normally classified as commercial brib-
DEFINING A ‘FOREIGN OFFICIAL’
ery. In addition, the FCPA covers only the makers
UNDER THE FCPA
of corrupt payments, and not the recipients. For-
eign officials who accept corrupt payments may The FCPA has an open-ended definition of who
not be prosecuted under the FCPA. can be considered a government official. It pro-
hibits corrupt payments to any “foreign,” or
However, this has not prevented US enforcement non-US, official of a “government or any depart-
agencies from using other laws, such as the US ment, agency or instrumentality.” Unfortunately,
money laundering laws, to pursue foreign offi- it does not define these terms.
cials. In this respect, the FCPA intersects with
other laws, such as those dealing with money This language has given the US Department of
laundering, conspiracy and international travel Justice and SEC the latitude to institute FCPA
for the purpose of committing corrupt acts. actions against a wide range of entities and actors.
In recent years, the US has successfully prose-
96
cuted corporations and individuals for bribing business tasks, including marketing and distrib-
officials in national, state and local governments, uting new products, providing legal consultation,
as well as regulators, law enforcement agents, and acting as intermediaries between the com-
political parties and their candidates. pany and government officials. Common exam-
ples of these intermediaries are attorneys, sales
Another important term in the FCPA is “instru- agents, distributors, consultants, accountants
mentality.” US agencies have interpreted it to and lobbyists.
include state-owned enterprises (SOEs), such as
utility companies, airlines and other state- owned Third parties in the setting of possible foreign
businesses. FCPA cases have involved employees corrupt acts are some of the biggest compliance
of SOEs, including managers of so- called sover- and liability risks that a business organization
eign wealth funds, directors of a telecommunica- can face. The FCPA guidance by the US Justice
tions utility and medical professionals employed Department and SEC devotes considerable atten-
by state-run healthcare systems. State-owned tion to third parties and the liability that can flow
enterprises are very common in many nations, from their actions.
and, in some nations, they have a monopoly or
near-monopoly on industry sectors such as trans- Many companies have faced FCPA enforcement
portation, energy production and infrastructure, actions as a result of corrupt payments made
and health care systems. by third parties. One high-profile situation that
erupted in mid-2012 involved Wal-Mart’s Mexican
FPCA cases have also involved companies and subsidiary, Wal-Mart de Mexico. An investiga-
individuals for corrupt payments to employees of tion and report by the New York Times revealed
entities that are not wholly-owned by a foreign that Wal-Mart de Mexico had retained attorneys,
government. US agencies have determined that known as “gestores,” to help obtain permits from
foreign companies or entities can be considered federal, state and local government agencies. The
an “instrumentality if a foreign government has attorneys were said to have made widespread
a controlling interest or otherwise exerts con- payments to Mexican government officials. Wal-
trol over them.” Mart is under investigation by the Justice Depart-
ment and SEC and has launched a broad internal
In November 2012, the US Department of Jus- investigation.
tice and the SEC issued guidance to the public
on compliance with the Act and best practices Middlemen who assist companies in dealing with
in meeting the duties it imposes. They indicated governmental agencies are fixtures of the busi-
they would most likely not pursue an enforce- ness environment worldwide. Carefully vetting
ment action against an enterprise in which a and monitoring of the third parties that are hired
foreign government held less than a 50 percent is essential to avoiding FCPA violations. Experts
ownership stake. say the anti-corruption compliance measures
that companies and individuals should take
These expansive interpretations of “foreign offi- when employing third parties should include
cial” and “instrumentality” have been challenged, the following:
but no US court has limited the broad approach 1. Thorough reviews of the third party’s
of these government agencies. background, reputation and experience,
paying special attention to their connections
THIRD-PARTY LIABILITY UNDER FCPA with government officials. Abnormally high
Companies and individuals that operate overseas fees charged by them can be a red flag of
frequently employ third parties for a variety of corrupt payments.
97
2. Contract terms that explicitly describe all ing a corruption case should be aware that con-
services to be performed, and the fees or tracts, payments and business arrangements
expenses that are expected to be charged with third parties are common mechanisms for
and incurred. Contracts should include corrupt payments.
warranties that formally commit the third
party to complying with the FCPA and other In some cases, third parties may be paying bribes
anti-corruption standards. on a company’s behalf without the knowledge
3. Continuous oversight and monitoring of or authorization of the company. In other cases,
third parties after a contract is signed, to companies may seek out third parties in order to
include periodic updating of the review of facilitate or obscure bribe payments, or ignore
the third party, requirement of ongoing anti- evidence that third parties are making corrupt
corruption training, and annual certification payments on their behalf.
that the third party is compliant with the
FCPA and local laws. In these situations, various red flags such as the
following may be used to indicate that a third
4. The due diligence procedures exercised on party may be involved in a corruption scheme:
third parties should be risk-based, taking
into account the geographic area, past
history and the business rationale for hiring • Fees that are much higher than other
them and other factors. third parties in the same sector, without a
compelling business rationale
RED FLAGS OF CORRUPTION IN THIRD- • Requests for abnormal or strange
PARTY PAYMENTS compensation arrangements, such
as excessive commissions or unusual
A financial crime specialist who is reviewing a
reimbursements
company’s compliance program or investigat-
A View of the Bonny Island Natural Gas Facility in Nigeria. The US Company Halliburton was Fined $579 Million for
Paying Bribes to Secure Contracts Related to the Facility Worth $6 Billion
98
• Requests that payments for services be made SUCCESSOR LIABILITY

to offshore accounts A company that purchases or merges with a com-
• Third parties who have little experience in pany overseas should be concerned about liability
the field they purportedly work in for FCPA violations under the concept known as
“successor liability.” This means that if Company
• Vaguely worded invoices from third parties or
A acquires, merges or enters into a joint venture
that do not describe the services rendered
with Company B, Company A may be held liable
• Close ties or past associations with for the prior FCPA violations of Company B.
government officials
• Third parties who seek to enter into a Successor liability has emerged as a large FCPA
business arrangement at the request of a risk for multinational corporations. One of the
government official largest FCPA penalties of all time was $579 million
imposed against the US corporation Halliburton
• The use of shell companies to conduct
in 2009. This arose from corrupt payments to
transactions, or third parties that are
Nigerian officials that were made by Halliburton’s
themselves a shell company
foreign partner in a joint venture.
OTHER METHODS OF CONCEALING
Conducting due diligence on a company prior to
CORRUPT PAYMENTS
engaging in a merger and acquisition or joint ven-
There are a range of mechanisms to conceal cor- ture can be essential to avoiding liability. Pre-ac-
ruption and the related payments. The few rep- quisition or pre-venture due diligence should
resentative examples listed here are intended to include a thorough review of a company’s finan-
underscore the diversity of corrupt payments, cial records and documents to look for evidence
not to serve as an exhaustive list. of present or past corrupt payments. The due dil-
igence procedures should look closely at records
Spotting evidence of corrupt payments involves that reflect travel, gifts and entertainment
more than simply checking off a list of red flags. expenses, payments to third parties, and sales
It relies on a careful examination of whether pay- records showing high sales or large commissions
ments or transactions have a convincing ratio- paid to salespersons overseas.
nale that fits the underlying business arrange-
ment, and whether they are transparently and These reviews should take into account risk fac-
accurately documented. tors such as the characteristics of the country,
where the company operates and its relationship
Many concealment methods are seen and or ties with foreign governments. A company that
exploited in other financial crimes, which empha- operates in a country where bribes and corrup-
sizes the close ties between corruption, fraud, tion are culturally acceptable, as is often the case
money laundering and tax evasion. The same in the high-risk industries of oil and gas, would
investigative techniques employed in other finan- clearly require more extensive due diligence than
cial crime cases may be used to detect corrupt one in a traditionally low-corruption jurisdiction.
payments and deeds.
Pre-acquisition due diligence should also exam-
Bribe payers and recipients are tirelessly creative ine a company’s anti-corruption compliance pro-
in designing strategies to conceal corrupt pay- grams to assess soundness and identify weak-
ments, and financial crime professionals should nesses. Compliance programs will depend on
be equally creative in identifying and flush- the type of business and level of risk but should
ing them out. include at least annual employee training, docu-
99
mented anti-corruption policies and procedures, employees as soon as possible after a merger or
certification of third parties, and a mechanism acquisition. The importance of providing train-
to report suspected bribery and anti-corruption ing to employees of newly acquired companies
legal violations. in mergers and acquisitions is continually high-
lighted by US enforcement agencies, who stress
When an acquisition is completed, the two com- that it should happen within a short timeframe
panies should integrate their compliance pro- once the acquisition is complete.
grams and ensure they are consistent across all
offices, branches or subsidiaries. This includes BOOKS AND RECORDS
providing consistent and adequate training to all PROVISIONS OF THE FCPA
CASE STUDY: US V. CHIQUITA BRANDS INTERNATIONAL, 2007

In a historic 2007 case of bribery and corruption, Chiquita Brands International, a multinational
corporation and one of the world’s largest banana producers at the time, was convicted of engaging
in a transaction with a terrorist organization. Chiquita was the first major US company to face a
conviction of this kind.
Chiquita’s Colombian subsidiary, C.I. Bananos de Exportacion, S.A., or “Banadex,” was the com-
pany’s most profitable banana-producing operation. The case revealed that Banadex gave at least
$1.7 million in 100 separate payments to a Colombian terrorist group, the Autodefensas Unidas de
Colombia or the United Self Defense Forces of Colombia (AUC), from 1997 to 2004. The company
also made payments to another terrorist organization, the Revolutionary Armed Forces of Colom-
bia, or FARC. Both were violent paramilitary organizations known to kidnap and murder civilians to
further their agendas.
AUC was labeled a foreign terrorist organization (FTO) by the US Secretary of State in 2001 and a
Specially-Designated Global Terrorist in 2003. These designations made it illegal for US entities
to enter into business with or otherwise support the AUCFrom 1989-1997, Banadex paid FARC for
rights to grow bananas in a region of Colombia. In 1997, the leader of the AUC met with the general
manager of Banadex and explained his intentions to remove FARC from power and institute AUC
as the ruling group in the area. The AUC leader threatened the general manager, saying that harm
would come to Banadex personnel and property if he did not provide regular payments to AUC.
Banadex paid AUC regularly until 2004.
It was revealed in the case that at least 10 top executives knew about and approved the illegal activ-
ities. Chiquita even received counsel about this predicament and was very strongly advised to stop
payments. The company ignored the legal advice and continued to produce bananas in the terror-
ist-controlled regions.
After three years of investigations and legal proceedings, Chiquita pleaded guilty to making $1.7
million in illegal payments to designated terrorist groups. The company was fined $25 million and
agreed to adopt a large-scale corporate integrity program in the case settlement. Although the
Department of Justice considered individual prosecution of Chiquita executives, none was pursued.
100
The bribery provision is the most widely known

and historically the most aggressively enforced
TOP 10 LARGEST
element of the FCPA. However, the law contains
a ‘books and records’ provision that creates its FCPA PENALTIES
own anti-corruption compliance duties, with Fines, civil penalties, disgorgement & inter-
stiff penalties for corporations and individuals est ranging into the nine-figure amounts
that violate it. are not uncommon. Below were the 10
largest cases as of early 2018:
As previously mentioned, the books and records
provision is enforced by the SEC, and applies • Telia Company AB (Sweden): $965
only to entities who are registered as “issuers” of million in 2017
securities with the SEC. This includes US and for-
eign corporations whose stocks, bonds and other • Siemens (Germany): $800
investment devices are traded on US exchanges. million in 2008
The provision requires such issuers to “make VimpelCom (The Netherlands): $795
and keep books, records, and accounts, which, million in 2016
in reasonable detail, accurately and fairly reflect Alstom (France): $772 million in 2014
the transactions and dispositions of the assets of • KBR/Halliburton (US): $579
the issuer.” million in 2009
• Teva Pharmaceutical (Israel): $519
Legal professionals and FCPA advisors sometimes million in 2016
joke that this provision requires companies that
make corrupt payments to accurately record • Keppel Offshore & Marine (Singapore):
them as such in their books and records. In prac- $422 million in 2017
tice, the books and records provision frequently • Och-Ziff (US): $412 million in 2016
comes into effect in FCPA cases because compa- • BAE (UK): $400 million in 2010
nies or individuals who make bribes or other cor-
rupt payments rarely, if ever, accurately record
them in their accounts.
This includes management oversight of the exe-
As a result, a company or individual that vio- cution of transactions and access to an issuer’s
lates the FCPA’s bribery provision very often vio- assets only with management authorization. It
lates the books and records provision as well. A also requires issuers to ensure that transactions
defense contractor that authorizes a consultant are recorded in a manner that allows financial
to pay a $100,000 bribe to a government minister statements to be prepared according to ‘generally
to secure weapons contracts, and then disguises accepted accounting principles (GAAP).
the expense as “consulting fees” in its accounts,
has violated the books and records provision and, GAAP is a set of standards used at US companies
consequently, faces the civil fines and other pen- and issuers that govern how financial statements
alties the SEC can impose. should be prepared, presented and reported.
While it is not necessary to delve into these stan-
The provision also requires issuers to “devise dards for the purposes of this manual, a financial
and maintain a system of internal accounting crime professional involved in FCPA compliance
controls sufficient to provide reasonable assur- or investigation would be well advised to have a
ances” that transactions are conducted with general understanding of GAAP.
proper oversight from a company’s management.
101
In the past, the SEC has played a secondary role in Violations of the books and records provision also
enforcing the FCPA. The increased enforcement carry significant penalties. For companies, violat-
of the FCPA over the past decade has been led ing the books and records provision can result in
primarily by the Justice Department, which has a criminal fine of up to $25,000 and a civil fine
typically launched investigations and assessed of up to $725,000 per penalty. For individuals,
the largest monetary penalties in settlements. penalties are even more severe. Individuals face
SEC civil fines for books and records violations criminal fines up to $5 million and civil fines of
were usually added to cases that were initiated by up to $150,000, as well as prison terms as long
the Justice Department, and focused mainly on as 20 years.
violations of the bribery provision.
Instead of pursuing criminal cases, the US Justice
In recent years, that trend has shifted, and the Department often employs Deferred Prosecution
SEC has begun to pursue companies for violat- Agreements (DPA) to settle FCPA cases against
ing the books and records provision even when companies. This usually includes monetary pen-
they were not charged with violating the bribery alties and other remedial measures, but no crimi-
provision. Of the eight SEC enforcement actions nal charges brought against the company or indi-
against corporations in 2012, four were civil cases viduals. The terms of a DPA normally include a
that only charged books and records violations. criminal fine and assurances by the company that
The SEC collected more than $57.4 million in dis- it will not violate the FCPA again and will improve
gorgements from those cases. its anti-corruption compliance program. Often a
company may be required to conduct a full audit
In total, the SEC collected $118 million from com- of its compliance program and submit a written
panies in 2012 in FCPA cases. Financial crime pro- plan for augmenting it.
fessionals should note that this heightened SEC
enforcement increases the pressure on compa- DPAs, which are publicly available at the US Jus-
nies to implement robust accounting controls and tice Department’s website, serve as a resource for
ensure adequate oversight by company directors. financial crime specialists who seek to fashion
compliance programs and measures that reduce
CRIMINAL AND CIVIL PENALTIES the risk of FCPA violations.
UNDER THE FCPA
The cost of facing an enforcement action runs
The FCPA imposes substantial criminal and civil
beyond the penalties and the remediation pro-
penalties. One recent example is the settlement
cedures that may be imposed. At a multinational
that the Swedish telecommunications corpora-
corporation, such as Siemens, these reviews can
tion, Telia, reached with the Justice Department
involve international teams of legal professionals,
and SEC for bribery of government officials in
investigators, forensic accountants and auditors,
Uzbekistan in 2017. It exceeded $900 million in
in addition to internal staff that is distracted from
civil and criminal penalties.
its normal work for long periods. Companies that
are penalized for FCPA violations have suffered
Companies that violate the law’s bribery pro-
considerable declines in their stock price, as well
vision face criminal fines of up to $2 million per
as lawsuits by shareholders. The reputational
violation, and civil penalties of up to $16,000 per
harm is also large.
violation. Individuals who violate the anti- bribery
provision face criminal fines of up to $250,000
per violation, civil penalties of up to $16,000, and
sentences of up to five years in prison.
102
FCPA AND ANTI-CORRUPTION and other entities and connections to govern-

COMPLIANCE PROGRAMS ment agencies, officials or their family members
All organizations should establish systems and or associates. The risk assessment should also
controls to detect and prevent corrupt pay- examine the organization's employees and their
ments. This is known as anti-corruption com- respective formal or informal ties to govern-
pliance. In the past decade, it has become an ment officials.
essential responsibility for businesses and orga-
nizations worldwide. KEY ELEMENTS OF AN EFFECTIVE ANTI-
CORRUPTION COMPLIANCE PROGRAM
Because of the increased attention to corruption In November 2012, the US Justice Department
and the financial malfeasance of public officials and SEC issued a 120-page “Guidance on the US
in countries that have suffered through difficult Foreign Corrupt Practices Act1.” Financial crime
economic times, anti-corruption compliance has specialists who work in the anti-corruption field
become almost an essential part of doing busi- should familiarize themselves with the entire
ness. It extends beyond the FCPA. document, which is available on the website of
the US Justice Department. A link is included in
The UK Bribery Act, like all other anti-corruption the Appendix.
laws with a broad reach, also generates compli-
ance responsibilities. Most nations have national, In addition to this guidance, other governments
state and local, bribery and corruption laws that as well as non-governmental organizations, have
must also be recognized and factored into an issued guidance on anti-corruption compliance
organization’s anti-corruption compliance pro- programs. In 2010, the UK's Financial Services
gram. These laws vary widely in scope, design and Authority (which became the Financial Conduct
penalty, and a financial crime specialist whose Authority in 2013), the principal financial industry
responsibilities include anti-corruption compli- regulator in the UK, issued guidance on the Brib-
ance is well-advised to understand the laws of ery Act that included six elements of success-
the jurisdiction in which they operate. ful compliance.
Private business entities are not the only ones Guidance by industry associations and nonprofit
that must consider and implement anti- cor- organizations, such as the International Cham-
ruption compliance programs. International ber of Commerce's Rules on Combating Corrup-
non-profit and non-governmental organizations, tion and Transparency International's Business
which often operate in countries where corrup- Principles for Countering Bribery, are also useful
tion is widespread, frequently have their own resources for financial crime specialists.
compliance and training programs.
The US Justice Department and SEC Guidance
Like compliance programs in other financial included several “hallmarks” of an FCPA com-
crime fields, such as anti-money laundering, anti- pliance program. The following summary is
corruption compliance should be tailored to the intended as a general overview of these hall-
organization, its operations and risk profile. Com- marks, incorporating and expanding on them
pliance should start with a thorough risk assess- with guidance from other public and private-
ment, taking into account the geographic regions sector organizations.
in which it operates, its products and services,
its relationships with corporations, third parties
1 You can download this important guidance here: http://www.justice.gov/criminal/fraud/fcpa/guidance/
103
US enforcement agencies say they take the ade-

quacy of compliance programs into account when
they make decisions concerning the initiation or
termination of enforcement actions. They add
that a company with a robust, risk-based com-
pliance program will receive “meaningful credit”
if a violation occurs. This may include a decision
not to prosecute or pursue a civil action against
a company that has an effective compliance pro-
gram in place. That is called a “declination.”
The Justice Department demonstrated this will-

ingness to decline prosecution in a case involv-
ing a subsidiary of Morgan Stanley in China. A
that the organization will avoid doing business
Morgan Stanley employee was found to have
with an organization or entity that engages in
paid several million dollars to a Chinese official
corrupt activities.
in real estate deals and was charged with FCPA
violations. The Justice Department announced
Effective procedures for risk assessment and
it would not charge Morgan Stanley because
internal audit. Before an organization can imple-
the company had a well-documented and thor-
ment policies and procedures to prevent corrup-
ough compliance program, including more than
tion, it must first understand where the risks for
30 training sessions for the employee in question
corruption lie. Procedures to assess risk, there-
over seven years.
fore, form a bedrock for anti-corruption com-
pliance. There are several steps an organization
Beyond risk assessment, other key elements of an
should consider when conducting its risk assess-
effective program include the following:
ment. Assessing risk relies on many factors, and
the following ones should not be deemed to be an
Commitment from senior management to
exhaustive list.
anti-corruption compliance. This has been found
repeatedly as a recommended best practice in • Choosing and analyzing data. All
FCPA enforcement actions and in the guidance organizations rely on data to assess risks,
from the UD and other nations with anti-cor- from financial reports and audit findings
ruption laws. Commitment from top-level man- to corruption indexes issued by non-
agement can include both words and actions governmental groups. One of the first
from an organization's directors. These measures steps in assessing risk is to determine what
are designed to explain and clarify an organiza- data will be used and how they will be
tional culture in which bribery and corruption organized, weighted and analyzed. For larger
are viewed as unacceptable, and compliance and multinational organizations in particular,
reporting of violations is encouraged. this can be a significant step that requires
considerable time and resources.
Valuable elements of the expression of commit-
• Determining key areas of risk. Before
ment by senior management would include the
drilling down on more specific risks, such as
participation of senior management in anti-cor-
in a certain service, third party or overseas
ruption training programs, statements to employ-
subsidiary, for example, it is helpful to
ees expressing a no-tolerance policy for violations
look at broad areas that might present
of the compliance program, and a commitment
corruption risks.
104
This could include examining internal risks, no-tolerance policy for employee involvement
such as a lack of consistent training or in corrupt activities.
unclear gifts and entertainment policies. It • Standards of behavior for the organization's
may also include assessing geographic risks employees, which may include an anti-
to determine if an organization operates in corruption agreement written into
a jurisdiction with weak anti-bribery laws or employment contracts.
enforcement, a widely recognized history of
commercial or governmental corruption, or • Procedures on the actions that should be
a culture in which gift-giving and bribery is taken if bribery or corruption is detected,
considered the norm. It should also examine and a clear chain for escalating corruption
the risks in its existing partnerships to issues upward to senior management.
determine if the partners are exposed or
prone to corruption through relationships To build anti-corruption policies and procedures,
or contributions to public officials, political organizations should examine pre-existing com-
parties or associations, charitable groups pliance programs in related fields, such as fraud
or ventures. and money laundering. It is possible to apply
certain tools from other compliance regimes,
• Determining expertise. An accurate risk such as anonymous reporting telephone lines or
assessment can be challenging based solely transaction monitoring systems, to anti-corrup-
on the knowledge and expertise that is tion programs.
required to carry one out. An organization
must determine if it has the proper skills An organization should also solicit advice and
among its employees and executives to suggestions from employees when it is creat-
properly assess risk, and understand ing anti-corruption procedures and policies.
what internal and external personnel and Employees often have great expertise and on-the-
expertise it needs or plans to use. ground experience concerning the challenges
and risks of corruption settings and players.
Clearly articulated compliance policies, proce- Involving employees may help create a sense of
dures and code of conduct. This encompasses ownership in the compliance program and assist
a company's documented anti-corruption com- in building a compliance culture.
pliance program and existing procedures to
implement them. Some measures could include Compliance program oversight and monitoring
the following: by senior management, autonomy and adequate
• A clear statement of commitment to adhering resources. US and UK agencies make clear that
to anti-corruption statutes and regulations, an organization should designate members of
including the FCPA, UK Bribery Act senior management to supervise the anti-cor-
and local laws. ruption compliance program. These persons
bear ultimate responsibility for ensuring that the
• Direction on how, when and in what amounts program is robust and effective, and should have
employees are allowed to pay for gifts, direct access to the top levels of authority in the
hospitality or entertainment for foreign organization. This usually includes the board of
officials or their families and associates. This directors and the audit committee.
includes procedures to ensure that payments
are legal and transparently recorded, and an Senior management must ensure that the com-
approval process exists for such expenses. pliance program has adequate resources to
• An explicit written statement prohibiting effectively detect and prevent corruption. Such
bribery and corruption, possibly including a resources should include a compliance staff,
105
funding and tools, such as databases and transac- and incorporated into an organization’s audit and
tion monitoring systems. The resources may also review of its program.
include external legal counsel, investigative pro-
fessionals or technical support services. Orga- Updating compliance programs through testing
nizations should consider their risk profile, size and review. An organization should audit its com-
and organizational complexity, and the services pliance program on a periodic basis, as well as in
or products they offer when they are determining response to changing market conditions, service
the resources that will be adequate to build and or product offerings, or partnerships and busi-
maintain the compliance program. ness arrangements. When it opens a new office
overseas, it should thoroughly review its com-
Ongoing training for employees and third par- pliance policies and procedures to ensure they
ties. Training is another crucial element of anti- are adequate for conditions and risks in the new
corruption compliance. It should include the jurisdiction.
provision to employees and third parties of full
information on the relevant anti-corruption laws Organizations must also take into account any
and regulations in the jurisdiction where an orga- changes to applicable laws and enforcement pol-
nization operates, and full details on the organi- icies in all countries where it operates. Periodic
zation’s anti-corruption policies. Comprehensive review and updates of compliance programs
direction on how to report suspected instances should include how the review results will be
of corruption must be included, via escalation to reported, to whom within the organization the
higher authorities. report shall be given, and how and when the rec-
ommended changes shall be implemented.
The training should clearly delineate the dis-
ciplinary measures that will be taken against Risk-based due diligence on third parties and
employees who violate the policies. Many orga- transactions. These include acquiring knowledge
nizations require termination of those employ- of the third party's reputation and associations,
ees and notification of the proper authorities of an understanding of the business rationale for
possible criminal or civil violations. Some organi- hiring the party and the expected services the
zations have implemented measures that incent party is expected to provide, and ongoing moni-
proper behavior, such as employee bonuses for toring and due diligence of the third party.
commendable adherence to the anti-corrup-
tion policies.
THE UK BRIBERY ACT
Procedures for confidential reporting of cor- Like the FCPA, the Bribery Act of the UK stands as
ruption violations and internal investigation. If an anti-corruption law with international scope
suspected bribery or corruption arises, organiza- and broad applicability on entities that are sub-
tions should have processes for employees at all ject to its provisions. In many ways, the Brib-
levels to report potential violations confidentially. ery Act goes beyond the FCPA in the behavior it
These mechanisms should include a clear chain prohibits, and the criminalization of commercial
of command for escalating the reports upward bribery, in addition to bribery of government offi-
in the organization's hierarchy, and appropriate cials. It also contains fewer exceptions than the
procedures to inform regulatory and enforce- FCPA. For example, it prohibits "facilitation pay-
ment authorities, where appropriate. Investiga- ments," whereas the FCPA does not. The Brib-
tive steps should be documented and if weak- ery Act also criminalizes domestic corruption
nesses in a compliance program are identified and the acceptance of bribes by UK citizens. In
during the investigation they should be corrected
106
KEY PROVISIONS OF THE UK BRIBERY ACT

The Bribery Act contains sections that create a
blanket "offense of bribing another person," and
a prohibition of "bribery of foreign officials." In
addition, it makes it an offense to request, accept
or agree to accept a bribe. This is a crucial differ-
ence from the FCPA, which only covers the payers
or givers of bribes but not their recipients.
The offense of bribing another person is broadly

defined. It includes bribes given or promised to
any person in a public or private capacity. It covers
any person who "offers, promises or gives a finan-
cial or other advantage…intending the advantage
this manual, coverage of this law will focus on its to induce a person to perform improperly or to
international provisions. reward a person for improperly performing…any
of the following functions or activities:"
Legislation to strengthen the UK's corruption
laws was first proposed in the early 1970s, but it • "Any function of a public nature," which
took more than three decades of parliamentary includes duties and efforts undertaken by
debate and stalled bills before the Bribery Act government officials
was passed in 2010. The act replaced three previ- • “Any activity connected with a business”
ous British corruption laws, all almost a century
old, which had been criticized as outdated and • “Any activity performed in the course of a
inadequate by the Organization for Economic person’s employment”
Cooperation and Development (OECD) during the • “Any activity performed by or on behalf of a
ratification process of at the OECD's Anti-Brib- corporation”
ery Convention.
A bribe does not have to be conveyed in cash or
Although it was widely recognized as a stringent other tangible assets to be an offense under the
anti-corruption measure when it was enacted, Bribery Act. Any “financial or other advantage”
enforcement under the law has been limited, with may be deemed a bribe. This could include gifts
only a handful of cases as of early 2018. The law and entertainment expenses, donations to char-
only applies to offenses committed after July 1, ities or even non-financial inducements, such as
2011, the date it became effective. In January 2017, favorable publicity.
the UK’s Serious Fraud Office (SFO) brought one
of the most notable cases under the Bribery Act, As the law states, commercial bribery, or bribes
charging engineering firm Rolls-Royce with con- given by one employee or representative of a
spiracy to engage in corruption and failure to corporation to another, is prohibited. This is a
prevent bribery. key divergence from the FCPA, which only cov-
ers bribes given or promised to foreign officials.
Rolls-Royce entered into a deferred prosecution A function or activity can also be considered
agreement and paid a penalty of roughly $800 “improperly performed” if someone is bribed in
million to the SFO, US Justice Department and order to prevent him or her from doing some-
Brazilian authorities in a global settlement. thing, rather than actively undertaking an action.
107
Section 6 of the Act explicitly covers bribery of

foreign officials. Its operative provisions are simi-
lar to the FCPA and state that a person commits a
violation if they “offer, promise or give any finan-
cial or other advantage” to a foreign official or to
another person at the request of the official. The
offer of financial or other advantage must include
the following:
• Be made to influence the foreign official in

their official capacity
• Be intended to obtain business, retain
business or gain an advantage in the business
• Not be permitted or expressly required
defines it to include any corporation or partner-
by the relevant written law in the foreign
ship formed under UK law, as well as any corpo-
official's jurisdiction
ration or partnership that "carries on business" in
any part of the UK. "Commercial organizations"
Unlike the FCPA, bribery of a foreign official
are not just for-profit companies. Non-profit
under the UK Bribery Act does not require "cor-
organizations and charitable foundations are
rupt intent" on the part of a person paying a bribe.
also covered.
As mentioned above, there is no "facilitation pay-
ment" exemption. Payments to speed up a rou-
In guidance on the law that it issued, the UK Min-
tine government function are considered bribes
istry of Justice indicated that it will ultimately be
to a government official. Although this may be an
up to the courts to define what activities count
impediment to conducting business in some cir-
as "carrying on business" in the UK. The Ministry
cumstances, many corporations and government
said it would use a "common sense approach" that
agencies already have no-tolerance bribery poli-
weighs if an organization had actual commercial
cies that forbid facilitation payments.
operations within the UK. According to the guid-
ance, an organization would automatically qualify
Corrupt activities do not necessarily have to take
as "carrying on business" if it was traded on the
place in the UK to be subject to the Bribery Act.
London Stock Exchange.
A person or entity that pays a bribe could poten-
tially still be prosecuted even if the entire brib-
Under the Bribery Act, a commercial organization
ery scheme occurred in a country outside the UK,
may be held liable for failing to prevent bribery by
provided the briber or recipient had a "close con-
an "associated person," which can include a wide
nection" to the UK. This includes British citizens,
range of contractors, agents and other third par-
corporations formed in the UK and individuals
ties operating on behalf of the organization. The
who normally reside in the UK.
guidance states that the definition of "associated
person" was left open-ended in order to cover the
FAILURE TO PREVENT BRIBERY broad range of other companies or individuals
Section 7 of the Bribery Act creates a standalone that could perform services for an organization.
offense of "failure by a commercial organization
to prevent bribery." Under the Bribery Act, organizations have a com-
plete defense to the charge of failing to prevent
The law casts a wide net on what may be con- bribery if they can show they had "adequate pro-
sidered a "commercial organization." It broadly cedures in place to prevent persons associated
108
with [them] from bribing." The Bribery Act does • Communication (including training).
not specify what “adequate procedures” are. Organizations should use thorough internal
and external communication to ensure that
COMPLIANCE WITH THE UK BRIBERY ACT anti-corruption policies are recognized,
Although the Bribery Act exceeds the scope of accessible and understood by all employees,
the FCPA in several ways, many of the essential as well as third parties. This includes a
compliance procedures and practices apply under training program based and focused on the
both laws. The UK guidance lays out six "princi- corruption risks faced by an organization.
ples" it says should form part of an organization's • Monitoring and Review. The anti-corruption
compliance program. They are summarized here compliance program of an organization
for reference, but a financial crime specialist con- should undergo auditing and testing
ducting a project or investigation related to the regularly, especially after significant changes
Bribery Act should refer to the full guidance that to the organization's business lines, services
is included in the Appendix: or operations, such as opening a new
affiliate overseas.
• Proportionate Procedures. An organization
should adopt processes and controls to Financial crime specialists should understand and
prevent bribery that are proportionate to be aware of how the UK Bribery Act differs from
the scale and complexity of its activities. the FCPA, including the absence of an exemption
This principle stresses that all compliance for facilitation payments and the coverage of the
programs must be tailored to the specific Bribery Act of all bribery, not just bribery of for-
circumstances of the organization. The eign officials.
guidance underscores that procedures must
be "clear, practical, accessible, effectively UK BRIBERY ACT PENALTIES
implemented and enforced." Violations of the Bribery Act carry stiff penalties.
• Top-Level Commitment. The guidance Individuals found guilty of violations face up to 10
recommends that the top management of years in prison and an unlimited fine. A “commer-
an organization, from CEO to the board cial organization” found guilty of failing to pre-
of directors, must have a demonstrated vent bribery also faces an unlimited fine.
commitment to preventing bribery, which
should be communicated to the entire Individuals and organizations found guilty may
organization. have assets confiscated under another British
law, known as the Proceeds of Crime Act. A com-
• Risk Assessment. Organizations should pany director or senior manager who violates the
conduct a well-informed, documented Bribery Act may be disqualified from serving as
and regularly-updated risk assessment by a director of any company or from taking part in
determining the nature and extent of its the formation or management of any company.
possible external and internal corruption
risks. This risk assessment should include
third parties and other persons and entities BRIBERY AND EXTORTION
associated with the organization.
Bribery and extortion have many characteristics
• Due Diligence. Organizations should conduct in common, and the lines between the two can
appropriate due diligence on all persons or become blurred. There are key differences, how-
entities that perform services, including third ever, and for the purposes of investigating and
parties such as attorneys and sales agents,
based on their risks.
109
preventing corruption, it is important to under- application for a license for an insurance company
stand their distinctions. if the applicant does not pay a certain amount to
his nominee.
Both are criminal acts that involve a giver pro-
viding assets, services or other articles of value Extortion typically involves the threat of harm
to a recipient. One major difference between the against a person or entity, whereas bribery
two is what the recipient will do in response to involves the offer of some benefit for a person
receiving the asset or article of value from the or entity. To be considered extortion, the threat
giver. In bribery scenarios, a giver is provid- must be credible and the harm must be immedi-
ing something of value in exchange for a benefit ate and tangible.
offered by the recipient.
Both the FCPA and UK Bribery Act have exemp-
In extortion, the recipient is typically not offer- tions to making corrupt payments if the payments
ing to provide anything of benefit to the giver. are made under real duress, and the company or
Instead, he or she is threatening to take an action individual is in legitimate danger from a credible
or engage in conduct that will harm the giver if threat. Even so, companies or individuals looking
he or she does not provide something of value, to remain compliant with anti- corruption laws
usually of a specific amount or to comply with such as the FCPA should understand that, in most
the recipient’s demands. For example, a com- circumstances, they will not be able to protect
missioner of insurance may threaten to reject an themselves from liability by claiming extortion.
110
Q 5-1. You are a compliance analyst at a multinational financial institution that provides
banking and investment services to large institutional customers. Your institution is cur-
rently seeking new business opportunities providing services to universities, hospitals and
other institutions with potential ties to political officials and government agencies. Your
institution plans to expand into Norway, India, Botswana and Chile and has asked you to
assess the corruption risks of offering its services in each nation.
What is an accurate risk rating for these countries?
A. Providing investment and banking services in Norway poses the highest risk for
corruption due to a history of bribery by Norwegian state-owned oil companies.
B. Providing services in India poses the highest risk for corruption due to the prevalence
of state-owned entities and Politically-Exposed Persons (PEPs).
C. Providing investment and banking services in Botswana poses the highest risk for
corruption due to widespread graft in government contracts.
D. Providing services in Chile poses the highest risk due to connections between the
Chilean government and international organized crime rings.
Q 5-2. A pharmaceutical sales representative from Company X visits a hospital in the

country of Rachmanistan in order to discuss the benefit of his company’s latest drug. The
hospital’s chief of internal medicine, Dr. Y, agrees to meet with him to learn more about
the drug and suggests meeting over dinner at a local bistro. The week after the dinner
takes place, the sales rep sends Dr. Y a gift basket as a token of gratitude for taking the
time to speak with him. Company X is publicly traded in the United States and the health-
care industry in Rachmanistan is entirely government-owned.
Which statement is NOT true?
A. Paying for Dr. Y’s dinner is permissible under the United States’ Foreign Corrupt
Practices Act.
B. Dr. Y is a medical professional and thus exempt from the United States Foreign
Corrupt Practices Act.
C. Dr. Y can be considered a foreign public official under the United States Foreign
Corrupt Practices Act because he is a high-level employee at a government-
owned entity.
D. Sending Dr. Y a gift basket is permissible under the United States Foreign Corrupt
Practices Act.
111
CHAPTER 6
TAX
EVASION
AND
ENFORCEMENT
OVERVIEW
There is an old adage that says that “the only things in life that
are certain are death and taxes.” While financial criminals may
not be able to cheat death, they certainly try, and mostly suc-
ceed, in evading their taxes. For obvious reasons, corrupt offi-
cials, money launderers, Ponzi schemers and others usually can-
not declare their criminal proceeds on their tax returns. This
would threaten their criminal operation with exposure. Even if
they are able to make their criminal proceeds appear legitimate
for tax purposes, financial criminals who steal and cheat for a
living typically have few qualms about evading taxes.
112
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
As a result, tax evasion is a constant element of

virtually all financial crimes. For this reason,
suspected criminals are sometimes charged
with tax evasion when there is insufficient evi-
dence to accuse them of the criminal activity
that produced the money. The famous gangster,
Al Capone, is the poster child and most famous
example of this law enforcement approach. It has
also been used successfully against organized
crime figures in the US and Europe for several
decades, and continues to be employed against
money laundering masterminds, various types of
fraudsters, corrupt politicians and many others.
FIGURE 1 – An Image of Notorious Gangster Al
Tax enforcement procedures and capabilities Capone Upon His Arrest in 1931. Capone Ran a Far-
Reaching Criminal Organization, but was Ultimately
vary greatly from nation to nation. For example,
Taken Down on Tax Evasion Charges
the US Internal Revenue Service has a unit called
Criminal Investigation, which is notable for its
skill pursuing tax evasion by US citizens. Some growing international crackdown on all types
jurisdictions lack the resources, capacity or polit- of tax evasion, domestic or through overseas
ical will to seriously pursue tax enforcement. accounts and entities. One sign of the growing
recognition of tax evasion as a vital element of all
financial crime is the inclusion by the Financial
TAX EVASION IS AN ELEMENT IN Action Task Force of tax evasion as a predicate
VIRTUALLY ALL FINANCIAL CRIMES offense for money laundering in its revised 40
Recommendations in 2012.
In addition to its serving as a vital component
of all financial crimes, tax evasion is a financial
Along with many EU countries, the US has spear-
crime in its own right, even if tax-evading indi-
headed this tax evasion crackdown. One major
viduals or organizations derived their funds from
US initiative is the enactment of the US Foreign
a legitimate source. In the financial crime arena,
Account Tax Compliance Act of 2010 (FATCA). This
tax evasion is a component or necessary step in
law requires all financial institutions outside the
most other financial misdeeds, including corrup-
US to report the existence of certain accounts
tion, fraud and money laundering.
held by US persons in their facilities. They must
report this information to the Internal Reve-
Globally, virtually all nations have enacted laws
nue Service, the US government’s tax authority.
that criminalize tax evasion and related offenses,
FATCA is not only a dramatic new global tax com-
such as conspiracy to commit tax fraud. Finan-
pliance initiative, but it also has implications in all
cial crime specialists who perform their jobs in
fields of financial crime.
other nations should always be aware of the tax
ramifications of any financial crime that they are
FATCA has led many nations to negotiate and
investigating.
sign bilateral agreements with the US fostering
cooperation and a greater exchange of tax infor-
In recent years, starting in the wake of the 2008
mation on their respective citizens. Perhaps more
global financial crisis, national governments,
importantly, it has helped foster the adoption of a
starving for tax revenues, have confronted tax
multilateral system of tax information exchange
evasion more aggressively. This has produced a
113
created by the OECD, known as the Common • Tax evasion is escaping payment of taxes by
Reporting Standard. This will be discussed in illegal means, such as by hiding the true state
more detail later in this chapter. of one’s finances from tax authorities or not
filing required tax documents.
This chapter provides a general overview of what • Tax avoidance is sometimes referred to as
tax evasion entails and the avenues and mecha- tax mitigation and is the legal use of the tax
nisms through which it is conducted. It also cov- laws and regulations to one’s advantage to
ers some common schemes of tax evasion and reduce the taxes that are payable by means
key indicators that suggest tax fraud is occurring. that are approved by the law or regulations.
Additionally, it provides guidance on conducting Some methods of tax mitigation are common,
investigations into tax evasion and using tax doc- such as making use of pension plans or
uments in financial crime investigations, generally. retirement accounts in the US that postpone
tax until retirement.
Often, tax information that a person or busi-
ness organization has prepared and filed can Although governments have always had enforce-
be a critical source when investigating a finan- ment authority over illegal tax evasion, recent
cial criminal or building a legal case against one. economic downturns and reduced public reve-
Although many jurisdictions have tight secrecy nues have forced governments and taxing author-
laws restricting access to tax information, it can ities to closely look at tax evasion methods and so
be very valuable for a wide range of matters. All called “aggressive” tax avoidance in an effort to
financial crime professionals should have famil- detect violators and increase tax revenue.
iarity with tax evasion and enforcement issues.
Sometimes, investigating a criminal as a tax Other terms that the financial crime specialist
evader can be a very effective step in unraveling may need to know include the following:
the larger financial crime scheme.
• Tax shelter is a mechanism by which a
taxpayer may protect assets or income from
TAX EVASION VS. TAX AVOIDANCE taxation or at least delay the application
As a financial crime specialist, it is important to of taxes. Common forms of tax shelters
distinguish between legal methods to reduce tax may include investments in pension plans
liabilities and illegal avenues to reduce taxes or and real estate. It is important to note that
evade paying taxes. It is common among tax- many types of tax shelters are completely
payers to minimize taxes applicable to income legal. Where tax shelters may cross the
and other assets. The tax regimes of many juris- line into tax evasion is when they are solely
dictions recognize legitimate methods to min- designed for the purpose of avoiding taxes.
imize or remove tax consequences for certain In these cases, they may be deemed abusive
transactions, but uniformly prohibit and punish by tax authorities and subject the pertinent
tax evasion. taxpayers to criminal or civil penalties.
• Tax havens are jurisdictions that provide
However, not following applicable tax laws or uti- secrecy or other means of protecting assets
lizing unlawful methods to escape taxation can be placed there from being taxed by other
a violation of law and subject the taxpayer to seri- jurisdictions. Tax havens may be states,
ous penalties. Generally, many courts have rec- countries or territories with low taxes
ognized that individual taxpayers may reduce the or no taxes at all. It is not uncommon for
amount of taxes that would otherwise be appli- corporations or individuals, usually high-
cable if lawful means authorized by law are used. wealth individuals, to physically relocate
114
to these jurisdictions or shift assets there that fail to apply the law openly, fairly and
by opening subsidiaries or shell companies. consistently are indicators of a lack of
As economies have become increasingly transparency. Also contributing to a lack
globalized in recent years, this has led to of transparency are limited regulatory
fears of tax competition among jurisdictions, oversight and enforcement powers, and
as nations compete to offer lower tax the government’s inability to access
burdens. Global tax compliance efforts, like financial records.
FATCA, are partly intended to stem such tax • No requirement for a substantive local
competition. presence, which allows individuals and
corporations to set up shell companies
There is no one universally accepted definition and other entities without the need to be
of a tax haven. One simple definition proposed physically located in the haven, sometimes
by some economists is a jurisdiction with tax with nothing more than a PO Box.
laws that are purposefully designed to cater to
individuals and corporations looking to avoid • Self-promotion as an offshore financial
taxes. Often, these jurisdictions will alter their center. Before more recent reforms, nations
laws to make them more attractive to persons such as the Cayman Islands and jurisdictions
and entities. such as Jersey and Guernsey, often
advertised their offshore financial services,
Additionally, many havens have bank secrecy and indirectly or directly, giving the impression
data privacy laws designed to severely restrict they were a tax haven.
the tax information that may be shared with gov-
ernment and law enforcement agencies in other
jurisdictions. For this reason, tax havens are also
INTERNATIONAL SCOPE
referred to as “secrecy havens.” Many havens also OF TAX EVASION
have extradition laws or treaties that only permit By nature, tax evasion is difficult to quantify. This
extradition for a limited number of crimes, usu- is particularly true of offshore tax evasion, as
ally violent ones, and exempt financial crimes like funds are often disguised by complex legal struc-
tax fraud from extradition. tures and hidden in tax haven accounts with little
transparency.
One useful working definition of tax havens
comes from the Government Accountability Estimates of the scope of tax evasion exist, how-
Office (GAO), the US Congressional watchdog ever. A 2012 report by anti-tax evasion advo-
agency. In a December 2008 report on the use cacy group, Tax Justice Network, estimated that
of tax havens by US corporations, the GAO pro- between US$21 trillion and US$32 trillion is kept
vided the following characteristics as suggestive undisclosed to tax authorities in secrecy havens
of a tax haven: worldwide. This represents between 24 percent
and 32 percent of total global investments. In an
• No or nominal taxes. older 2007 estimate, the OECD estimated that
• Lack of effective exchange of tax information untaxed capital held offshore amounted to US$5
with foreign tax authorities. trillion to US$7 trillion, or approximately 6 to 8
• Lack of transparency in the operation of percent of total global investments.
legislative, legal or administrative processes,
particularly in functions such as the Some rough calculations reveal the amounts at
formation of companies. ‘Secret rulings,’ stake. Taking the OECD’s conservative $7 tril-
negotiated tax rates and other practices lion number and assuming those untaxed assets
115
would earn just five percent each year, and these Because much of the revenue lost from tax eva-
earnings would be subject only to a 20 percent sion is in more developed countries, the OECD
tax rate, nations are losing $70 billion a year from has taken a lead in developing international stan-
undisclosed offshore assets. Some estimates dards for transparency and exchange of informa-
are far higher. tion concerning tax matters.
The advantages of tax havens1 basically may be Tax evasion. In broad terms, tax evasion or tax
classified in four categories: fraud is the willful violation of one’s legal duty to
Asset holding. The first step of asset holding pay mandatory taxes to the government. At its
involves forming a corporation, trust or other most basic level, tax evasion may be as simple as
legal entity. In more complex arrangements, a misstating facts and numbers on a tax return, or
trust will be formed that controls a company. failing to file a required form. Other straightfor-
Typically, the entity will be formed in one tax ward examples include the following:
haven and administered in another. The purpose • Underreporting of income
of the entity is to hold assets, which may include
physical properties, investments, funds or other • Overstating deductions and losses
companies. By transferring the control and own- • Overstating dependents
ership of such assets into an entity in a haven, • Filing returns on behalf of another without
the assets are often no longer able to be taxed authorization (identity theft)
in other jurisdictions. Asset holding is sometimes
done to avoid or evade a specific type of tax, such Tax evasion schemes can also be extraordinarily
as inheritance tax. complex, involving offshore accounts and multi-
ple layers of corporate entities and legal trusts
Trading and other business activity. To minimize that make the true owner of assets very diffi-
taxes, businesses that operate online or remotely, cult to determine. While international efforts to
or require only minimal staff, will sometimes increase transparency and the exchange of tax
relocate to havens. These may include certain information between jurisdictions have made
investment and financial services companies, as strides in recent years, there are still many ave-
well as technology groups. Historically, a key use nues for the creative financial criminal to dodge
of havens for corporations attempting to mini- taxes and disguise assets.
mize taxes was in transfer pricing schemes.
A few of the more notable tax evasion and fraud
Transfer pricing. This allows companies to shift schemes are outlined below. Specific varieties
pre-tax profits and losses between subsidiaries of tax evasion depend heavily on the tax laws of
and legal entities they control in order to reduce the nation or jurisdiction where the fraud takes
their overall tax burden. In general, such schemes place, and these laws can vary widely. As a result,
are legal, although there are limitations on them the financial crime specialist should be aware of
in the tax laws of many nations. The Organiza- tax fraud schemes that are tailored to exploit the
tion for Economic Cooperation and Development laws of their jurisdiction.
(OECD) has produced guidelines on conducting
transfer pricing that many of its member nations
have adopted, but the practice remains contro-
versial. Recently, the UK has indicated that fur-
ther international cooperation is needed to limit
what is characterized as transfer pricing abuses.
1 Please note that not all of these are illegal.
116
FALSIFYING DEDUCTIONS TO SMUGGLING AND EVASION OF

UNDER-REPORT INCOME CUSTOMS DUTY
Falsifying deductions in a tax return filed by a per- Simply put, smuggling is moving goods or prod-
son or business organization are a common way ucts across national or jurisdictional boundaries
to evade taxes. Tax laws normally allow taxpay- by covert means, without paying the required tax.
ers a wide range of deductions from their income. One of the oldest forms of tax evasion, smuggling
Falsifying these deductions reduces taxes and is a is still commonplace in many jurisdictions with
crime in most countries. Depending on a nation’s high tariffs or customs duties on imported and
tax laws, permissible deductions vary widely. For exported goods.
example, many tax laws allow deductions for
medical expenses, which can include payments In many cases, developing nations are most reli-
to doctors, dentists, surgeons, medical insurance, ant on customs duties, especially since they often
prescription drugs, medical devices and other lack effective income taxes or enforcement or tax
related costs. A taxpayer may fabricate false structures, or they have low rates of compliance
receipts for these payments to reduce his taxes. with these taxes. Two common forms of evasion
of customs duties are through under-invoicing
Another way to falsify medical deductions is to and misdeclaration of an import. These schemes
disguise payments for non-deductible medical are intended to misrepresent the type or quantity
expenses, such as the cost of cosmetic surgery, of a product that is in international commerce
by making it appear the payments were for nec- in order to falsely lower the tax or duty required.
essary medical surgery. Misdeclaration, or claiming that an import or
export is a different type of product, is often used
It is more difficult to fabricate receipts for deduct- when there are high customs duties on a certain
ible expenses for taxes paid to state or provincial type of product, such as tobacco goods.
governments, including property taxes paid on
real estate the taxpayer owns. Tax payments to Gross valuation overstatement. As the name
these government agencies may be easily verified implies, this involves inflating the value of prop-
by these agencies. erty, assets or services above the correct value
when that value of property or service is used to
The falsification of deductions for charitable claim a deduction or tax credit.
contributions is also a frequent occurrence. To
establish if the contributions were actually made,
receipts for the purported contributions and EVASION OF VALUE ADDED TAX
the records of the charitable organization must (VAT) AND SALES TAXES
be examined. With the notable exception of the US, the value
added tax (VAT) is a common type of tax globally.
All deductions claimed in a tax return are now It is charged and collected on the consumption of
more susceptible to being proved or disproved goods and usually levied in place of sales tax. VAT
by the electronic data that virtually all financial is charged by the seller to the buyer of an item,
transactions leave behind, including those per- which means that typically, producers of goods
taining to tax deductions that are claimed. The collect VAT from the consumers. This allows
electronic records of taxpayers and of the orga- producers to evade VAT by underreporting their
nizations and agencies that are subjects of sus- amount of sales.
pected falsified deductions must be examined.
The skills of a computer forensics specialist should To prevent their residents from going to other
sometimes be sought in these investigations. jurisdictions to avoid VAT, most jurisdictions that
117
A Depiction of Carousel VAT Fraud Taking Place within the European Union. Source: Dutch Tax
and Customs Administration
118
use VAT also legally mandate residents to report ers before being exported. One or more of those
and pay the tax on items purchased in another sellers will pocket the VAT instead of paying it to
jurisdiction. This can be difficult and resource-in- the government.
tensive to enforce. Consequently, most nations
target VAT enforcement efforts at luxury items In many jurisdictions, exporting products incurs
and other high-cost goods. no VAT tax. The exporter will then reclaim VAT
from the government for the full value it was
Carousel Fraud. This is a variety of tax fraud that charged by the sellers, but due to the “missing
goes by several names, including “missing trader” traders” further back in the chain, that VAT was
fraud. It exploits the mechanism for collecting never paid to the government in the first place.
VAT in order to effectively pocket tax revenues.
Carousel fraud is prevalent in the European
Understanding carousel fraud requires knowl- Union, due to the number of nations that use VAT
edge of the mechanics of VAT. Any company that and the fact that EU member states do not charge
buys and sells products will charge VAT to the VAT on exports. Carousel frauds are often perpe-
consumers of its goods, and pay VAT to the pro- trated by organized crime rings because of the
ducers it purchases from. The rate of VAT charged number of persons needed and relative complex-
changes depending on the step in the buying and ity of this type of fraud scheme.
selling process. Essentially, VAT tax is charged
each time a product moves through the supply
chain to its ultimate consumer. An office supply
company, for example, will charge individuals VAT
when they buy a box of printer paper. The same
supply company would have already paid VAT on
the same box of paper when it purchased it from
the manufacturer.
The office supply company would then turn over

the net VAT (what it collected from consumers
subtracted from what it paid to the manufac-
turer) to its jurisdiction’s tax authority. Compa-
nies effectively act as tax collectors for govern-
ments under VAT systems.
This allows the fraudster, the person who com-

mits fraud, to charge VAT on the sale of goods, and TAX FRAUD THROUGH
then instead of paying this to the government’s
OFFSHORE ENTITIES
collection authority, to simply abscond, taking the
VAT with him. The term “missing trader” refers to Offshore companies and other entities are among
the fact that the trader goes missing with the VAT. the most common and widespread avenues for
evading taxes globally. An offshore account is sim-
More sophisticated schemes are typically ply one held in a different country or jurisdiction
referred to as “carousel fraud,” as they usually than the one where the accountholder resides
involve moving products around between multi- and has tax liability. Often, offshore accounts are
ple sellers and sometimes countries. In a carou- held in tax havens.
sel fraud, products will be sold to several trad-
119
International Business Companies (IBCs). These owned by the group and only underwrites their
are a form of legal entity that is typically incor- own operations. In tax evasion schemes, individ-
porated in tax or secrecy havens, such as Panama, uals or companies will form a captive in order to
the British Virgin Islands and the Seychelles, as claim a tax deduction on their insurance premium,
well as emerging offshore destinations, such as and then devise methods to return the premiums
Ireland and Singapore. IBCs are intended to exist paid to the participants.
solely for the purpose of conducting international
trade or financial transactions and typically can- Regardless of their layers or complexity, one
not conduct business in the jurisdiction in which thing that tax evasion structures usually have
they are incorporated. The attraction of IBCs for in common is the facilitation and involvement of
tax evasion purposes stems from their secrecy. third parties. Law firms, private banks, accoun-
Typically, in tax havens, a tax identification num- tants, auditors and others all may play a role in
ber is not required to open a bank account for an establishing tax shelter arrangements or offshore
IBC, and limited or no ownership information is operations, and in secrecy havens these third
publicly available. parties may form a thriving industry sector. In
some financial crime matters, these intermedi-
Offshore Trusts. These are another type of legal aries may be a good source of information and
entity typically formed in tax or secrecy havens. potential evidence on the whereabouts, transac-
The main advantage of a trust is that it can be tions and assets of a financial criminal.
used to cloak ownership of accounts or assets.
Many jurisdictions either do not collect infor-
mation on the beneficial owners behind such SPECIAL PURPOSE
trusts, or do not publicly share such ownership VEHICLES/ENTITIES
information. A special purpose entity (SPE) is also referred to
as a special purpose vehicle (SPV), or a financial
Personal Investment Corporation (PIC). Also vehicle corporation (FVC). SPEs are also referred
referred to as an “offshore company,” PICs are to as “bankruptcy-remote entities” or “derivatives
another means for shifting tax liability from an product companies.”
individual to a corporate entity formed in an off-
shore jurisdiction, typically a secrecy haven. Indi- A SPE is a subsidiary corporation and a legal
viduals can transfer assets and property to a PIC entity, usually a limited company, created with
and retain beneficial ownership over them, yet the purpose of executing some type of specific
avoid paying the appropriate taxes. Frequently, or temporary objective. The main reason com-
there are multiple layers in the formation and panies create SPEs is to help protect them from
control of PICs. An offshore trust may open a PIC financial risk. There are situations in which com-
with a law firm acting as nominee, burying the panies abuse the power of SPEs, such as in the
individual or entity that truly controls the assets case of Enron, but that aside, SPEs are legal, inno-
and, in some cases, completely obscuring the vative and widely used. SPEs provide a range of
ownership of assets. securities backed by assets, such as cash flow
on car loans, credit-card and home-equity debt,
Captive Insurance Companies. Like other tax manufactured-housing loans, student loans and
evasion vehicles, captive insurance companies equipment leases. Additionally, companies trans-
can be completely legitimate and formed for real fer assets to SPEs for management or use them to
business reasons. A captive insurance company is finance a project.
formed when a group of businesses or individu-
als creates an insurance company that is wholly
120
The establishment of an SPE is similar to the cre- The company established these numerous enti-
ation of a company in that there must be pro- ties to shield itself from mark-to- market losses
moters or sponsors. A sponsoring company will in its growing equity investment business. When
isolate certain assets into the SPE. This isola- these investments started going downhill, Enron
tion of assets is important for providing com- attempted to support the SPEs with its own stock,
fort to investors because there are fewer risks which was only a temporary solution at best.
associated with it. With the assets and activities
distanced from the parent company, the perfor- Although Enron’s use of SPEs was illegal, many
mance of the new entity will not be affected by companies use these vehicles to legally con-
the ups and downs of the originating entity. Ulti- duct “off-balance sheet” transactions. As long as
mately, a good SPE should be able to stand on its SPEs are not abused, they can be very beneficial
own, independently of the sponsoring company. to companies.
There are several main reasons for creating SPEs.

They may help with securitization, or assist com- REPATRIATING
panies with isolating high-risk projects from a UNDISCLOSED ASSETS
parent organization. This also allows other inves- Once their proceeds are safely placed in a cor-
tors to take a share of the risk. porate entity, shelter or haven, a financial crim-
inal still faces the dilemma of how to access
Multi-tiered SPEs also allow multiple tiers of debt and repatriate his or her assets without alerting
and investment, or can be used for asset transfer. the tax authorities or law enforcement within
For example, many permits that are required to the jurisdiction in which they reside. There are
operate certain assets are either non-transfer- myriad avenues:
able or difficult to transfer. By having an SPE own
the asset and the permits, the SPE can be sold as • Credit cards set up to draw from a tax
a self-contained package. evader’s off-shore account
• Loans from offshore lenders, shell
Another reason companies create SPEs is to help corporations or legal entities ultimately
maintain the secrecy of intellectual property.. controlled by the tax evader
Finally, SPEs are used in financial engineering • The use of property held by offshore entities
schemes. The main goal is usually avoidance of at zero or below-market rental
tax or manipulation of financial statements. • False invoices for services or goods that a tax
evader charges to an offshore entity that they
Sometimes, SPEs are illegally used. In these cases, ultimately control
SPEs are typically used to hide debt or ownership, • Scholarships or charitable foundations
or to obscure relationships between different that covertly funnel funds to a tax evader’s
entities which are actually related to each other, relatives or associates
like in the case of Enron. SPEs sometimes even
allow tax avoidance strategies that are unavail- In addition to these, it is not uncommon for
able elsewhere. third parties to facilitate the movement of funds
or assets from a tax evader’s offshore accounts
Enron is the biggest example of the misuse of to their jurisdiction of residence. In extreme
SPEs. In total, by 2001, Enron had used hundreds instances, employees of law firms or private
of SPEs to hide its debt. Enron used the SPEs for banks have physically brought cash or high-value
more than just avoiding accounting conventions. assets to tax evading clients in other jurisdictions.
121
Such was the case with the “client advisors” at government the taxes employees pay and that
Swiss banks Wegelin and UBS, who would fly to employers withhold.
the US to meet with wealthy US tax evaders and
purchase artwork, jewelry and other luxury items Common employment tax fraud schemes include
with funds from Swiss accounts to assist them in the following:
transferring assets. Third party withholding fraud. Many smaller
businesses rely on payroll service providers or
other third-party employment firms to manage
DEMONSTRATING TAX FRAUD the process of the withholding taxes employees
IN LEGAL CASES pay. Just like the employers themselves, however,
The tax codes of many jurisdictions are highly these companies can collect the employment tax
complex, and reporting requirements are not but fail to report it to the appropriate tax author-
always widely known or intelligible to an average ities. Companies should be aware of this type of
taxpayer. As a result, the courts of many nations tax fraud, as it can result in liability to the com-
have established a relatively high standard for pany and to the third-party perpetrator.
proving tax fraud, recognizing that mistakes
are common. Typically, a government must go Worker status misstatement or falsification.
beyond showing that a taxpayer misstated his or Employers may improperly categorize a full-time
her taxes or did not pay any taxes, and demon- employee as part time, or record an employee
strate that a taxpayer actually had the intent to as a contractor in order to lessen or avoid
commit fraud. certain taxes.
While these cannot be considered evidence or Pyramiding. This refers to a company that with-
proof, the following are useful as indicators sug- holds taxes from employees, such as for Social
gesting tax fraud: Security in the US, but willfully fails to pay them
to the appropriate tax agency. These schemes
• Repeated patterns of underpayment of taxes tend to have a short lifespan. The title “pyramid”
• Lack of records to substantiate income, refers to the manner in which as tax withholdings
deductions and other items in tax filings which are not being turned over to the govern-
• Extensive use of cash transactions ment agency build up, it becomes more difficult
for the employer to catch up on the back-tax lia-
• Destruction or alteration of financial records, bility it owes.
especially those pertaining to tax liability
• Failure to provide an accountant or other tax Cash payments. If the employer has large, unex-
professional with necessary information to plained periodic cash payments, or other infor-
prepare tax returns or filings mation suggests that employees are being paid in
cash, it is a likely indicator of tax fraud because of
cash payments. It is not uncommon for employers
EMPLOYMENT TAX FRAUD to pay employees in cash to evade the employ-
Tax evaders are not only drawn from the ranks ment tax requirements.
of the wealthy or from multinational corpora-
tions. Businesses of all sizes engage in tax evasion Offshore employee leasing. This refers to when
and employment tax fraud schemes are prevalent a taxpayer resigns from his employment posi-
mechanisms for doing so. These schemes take tion and signs an employment contract with an
a variety of forms, but usually revolve around offshore employee leasing company, which indi-
improperly withholding or not paying to the rectly leases his services to his original employer.
122
The employee performs the same services before • A significant or repeated pattern of incorrect
and after entering into the leasing agreement or understated income on tax returns
and generally receives the same payment for his • Applications and tax and related documents
services. However, his salary is sent offshore as that appear to be backdated
“deferred” compensation, in which employment
and income taxes may be avoided. • Use of multiple identification numbers
by a single person or entity, or the
use of incorrect or non-existent
RED FLAGS OF TAX FRAUD identification numbers
Because of the thin line that sometimes exists • Submission of false wage and
between outright tax evasion and aggressive but other statements
legal tax avoidance schemes, pointing to specific
actions or behaviors as definitive red flags can be
difficult in the tax enforcement field. As a result, INVESTIGATIVE TECHNIQUES TO
the financial crime specialist should know the tax DETECT AND PROVE TAX FRAUD
laws of the pertinent jurisdiction well, or consult For the most part, investigative methods that
with a tax professional before pursuing an inves- focus on tax evasion overlap with financial crime
tigation or legal action related to tax fraud. investigative methods. A financial crime special-
ist who is an investigator of his or her country’s
Some acts or situations are fairly clear indicators tax agency must access tax documents and have
that tax fraud by an individual or organization knowledge of how to obtain tax information that
is occurring. Some potential red flags include is typically out of the reach for other financial
the following: crime specialists.
• Deliberately ignoring or failing to follow
Like other financial crime investigations, a tax
advice of an accountant, attorney or
fraud investigation usually starts by gathering
return preparer
relevant records and other data that provide evi-
• Knowingly failing to inform a tax professional dence of the tax affairs of the subject. The inves-
of all the relevant facts for the accurate tigator records where, when and from whom the
preparation of tax filings or returns information was obtained and pursues the leads.
• In the case of tax fraud by a business, Tax evasion or suspicious behavior by a taxpayer
evidence or testimony from employees about is often a sign that a larger fraud or financial
irregular withholding of taxes or suspicious crime has occurred.
business practices
As with all financial crime investigations, all doc-
• Destroying or altering books and records,
uments and other evidence obtained must not
especially if it occurs just before or after an
be modified by the investigator in any way. The
• audit or examination by tax authorities investigator must also maintain a clear chain of
• The sudden transfer of assets in a manner custody to log how the custody and control of the
that suggests concealment, or the diversion records changed or progressed from the time it
of funds by company officials or trustees, was initially obtained to the time it is used in a
especially to an offshore location or legal proceeding. A financial crime professional
secrecy haven investigating tax evasion and other fraud must
always strive to obtain the taxpayer’s explanation
for discrepancies in financial records and other
123
documents, and ensure that their explanations ties that provide a framework for sharing infor-
are recorded clearly and accurately. mation in criminal or civil tax investigations. A
model TIEA was originally developed by the
In some circumstances, financial crime spe- OECD’s Global Forum Working Group on Effec-
cialists will investigate a case in which a tax tive Exchange of Information and have since been
return has not been filed, and tax or other fraud adopted by dozens of countries worldwide.
is suspected.
Jurisdictions negotiate the terms of TIEAs
When conducting a tax evasion investigation, the between themselves, and the specifics may vary
first contact with the subject presents a crucial slightly depending on the countries involved.
opportunity to obtain the point of view of the Generally, TIEAs allow one jurisdiction to request
taxpayer and other important information. Tax a wide range of information that is “foreseeably
evasion investigations often follow an audit by the relevant” to the enforcement of tax laws, includ-
examiners of the tax agency, in which the subject ing details on financial accounts and beneficial
taxpayer may not be aware that the agency may ownership information on companies or trusts.
be considering a criminal tax evasion investiga- Information shared is usually subject to strict
tion focused on him or her. confidentiality requirements, and can only be
shared with courts or judicial bodies for the pur-
As a result, the subject may provide informa- poses of determining criminal or civil tax issues.
tion or access to financial and other documents
that they would otherwise take pains to conceal, The OECD maintains a database tool that allows
which may be difficult to obtain in later stages of anyone to view the TIEAs that a country has in
the investigation. place with other countries. This can be a useful
resource for understanding the overall tax com-
Some questions that should be asked in the initial pliance and potential tax evasion risk on a juris-
interview of the target taxpayer are as follows: diction level. If a country does not have many
TIEAs in place, or is not effectively following up
• Who was responsible for preparing the tax on requests for information, it could indicate that
documents and returns? the jurisdiction has lax tax compliance or is act-
• Who was responsible for approving ing as a secrecy haven.
the statements, including income,
deductions and expenses, cited in the tax
filing or returns? THE UNITED STATES FOREIGN
• Who was responsible for management of the ACCOUNT TAX COMPLIANCE ACT
person’s income or business affairs? 2010 (FATCA)
• How were the person’s income or business A landmark tax reporting law, the 2010 US For-
receipts calculated and documented for eign Account Tax Compliance Act is one of the
tax filings? most sweeping changes to international tax com-
pliance and enforcement ever enacted. Targeting
TAX INFORMATION US tax evaders with undeclared assets offshore,
EXCHANGE AGREEMENTS FATCA compels all financial institutions outside
the US to collect and report to the US Internal
When conducting investigations across national
Revenue Service the US persons that maintain
borders, tax information exchange agreements
accounts at their institutions. Failure to do so will
can be powerful resources. Tax information
subject the pertinent non-US institutions to a 30
exchange agreements (TIEAs) are bilateral trea-
124
percent withholding tax on US income, in addi- $50,000 for an individual and $250,000 for a
tion to other applicable taxes. corporation must then be reported to the IRS.
2. Non-US institutions that do not comply with
Although it is a US law, FATCA’s reporting require- the law are subject to a 30% withholding
ments cover banks and other financial institu- tax on certain payments originating in the
tions in all jurisdictions, making it a truly global US, as said above. Payments subject to the
law. Non-US financial institutions may face con- tax include income, rents, dividends, wages,
siderable challenges and steep costs to comply and certain interest payments. These are
with FATCA, according to several studies. known as “fixed or determinable annual or
periodical” (FDAP) payments.
FATCA was inspired by a tax evasion scandal
centered on UBS, one of Switzerland’s largest 3. US persons with offshore accounts must
banks. UBS was found to have maintained secret file a new IRS Form 8938 with the IRS along
bank accounts for about 52,000 US persons who with their annual income tax return if
wanted to evade their US taxes. UBS was prose- their accounts hold more than $50,000. US
cuted by the US Department of persons that fail to file this new form may be
subject to a penalty of up to 40 percent of
Justice, leading to the disclosure of more than the account value.
4,000 US taxpayers who had hidden accounts at
UBS. The case provoked the US Congress and July 1, 2014, was the first effective date of many
paved the way for FATCA. of FATCA’s key provisions. Because of the sheer
complexity and scale of the law, provisions took
According to estimates at the time of FATCA’s effect in stages through 2017.
implementation, the IRS expected to recover $8
billion in tax revenue from offshore accounts over FATCA is phased in over a long period of time
the next 10 years. The total may be far higher. to allow the US and other nations to resolve the
Because of the close ties between tax evasion legal obstacles that stand in the way of the law’s
through offshore accounts and other financial implementation. Many jurisdictions do not permit
crime, FATCA has the potential to unearth mil- financial institutions in their territory to share
lions in criminal proceeds linked to corruption, tax information and other financial information
money laundering, fraud and sanctions violations, with the US and other nations. Some nations and
in addition to tax evasion. other jurisdictions, including many EU coun-
tries, forbid exchange of tax information that is
FATCA has three key operative provisions: automatic and not in response to a court order
or formal government request. As a result, many
1. Non-US financial institutions, which can nations must amend their laws and regulations to
include banks, broker-dealers and investment permit FATCA compliance.
firms, depending on the non-US jurisdiction
and other circumstances, must identify any INTERGOVERNMENTAL
US persons who hold accounts and gather FATCA AGREEMENTS
their names, addresses and tax identification
numbers, as well as their account balances, In the process of implementing the worldwide
deposits, withdrawals and other information. obligations that FATCA imposes on financial insti-
US persons include individuals and business tutions in other countries, the US Internal Reve-
organizations formed in the US. Information nue Service has pursued and succeeded in cre-
on any US accountholders with more than ating “Intergovernmental agreements,” or IGAs,
with other nations. As of April 2014, dozens of
125
nations in various parts of the globe2 have signed partner country’s tax authority for information
IGAs with the US. It is very likely that many more on recalcitrant accountholders. This informa-
nations in all parts of the world will sign these tion may be collected and reported to the IRS on
agreements with the US. In essence, IGAs outline an aggregate basis. The IRS may also request US
how the signatory nation and its financial institu- financial institutions for information about pay-
tions will comply with the reporting requirements ments to non-US institutions that refuse to com-
of FATCA. The US has developed two template ply with FATCA.
IGAs, Model I and II, which are outlined below:
One potential problem for organizations that is
• The Model I agreement, released in early present in multiple jurisdictions is the manage-
2012, requires non-US institutions to report ment of FATCA due diligence requirements under
information on US accountholders to their two models. Institutions may be required to build
own tax authorities, which would collect the multiple systems to meet the requirements of
information and deliver it to the IRS. applying the two models to local laws.
• The Model II agreement requires non-US
institutions to report information on US FATCA COMPLIANCE FOR US INSTITUTIONS
accountholders directly to the IRS instead of While non-US institutions shoulder much of the
their own tax authorities. It allows non-US data processing and reporting burden under
institutions to exchange tax information FATCA, US institutions are not exempt from
with the IRS on request and supplement it major challenges. Among other things, they are
when necessary. FATCA partner countries required to enforce the 30 percent withholding
that enter a Model II IGA must enable its tax imposed on noncompliant non-US institu-
reporting institutions to register with the tions. Consequently, US institutions must be pre-
IRS and comply with FATCA’s due diligence, pared to sort and classify their accounts to know
reporting, and withholding requirements. which of them is held by overseas institutions that
are FATCA compliant, non-compliant or exempt.
The Model I and II templates produce distinct
IGAs, each with varying terms. Financial crime US institutions must also conduct ongoing mon-
specialists should know if a country of interest itoring of the accounts they house for foreign
has entered into an IGA with the US Treasury institutions in case their FATCA compliance status
Department and review its provisions. changes. To ease this process for US institutions,
the IRS created an online FATCA registration
Both models allow the IRS to request more infor- “portal.” The portal includes access to a database
mation about so-called “recalcitrant accoun- of FATCA-compliant non-US institutions.
tholders,” or US persons who refuse to provide
information required for FATCA compliance. The bi-national IGAs also present compliance
Depending on the terms of an IGA, non-US burdens. Many of the agreements call for recip-
institutions may be required to close accounts rocal reporting, which requires US institutions
of recalcitrant taxpayers under some circum- to identify accountholders of a nation that has
stances, but not all IGAs require this. signed an IGA with the US Treasury Department
and to report these accountholders to the appro-
Model I agreements allow the IRS to request priate nation’s tax agency.
more information on recalcitrant accountholders
from the partner nation’s tax authorities. Model II This places US institutions in similar situations as
also allows the IRS to make group requests to the their counterpart institutions abroad. This means
2 A list of FATCA IGAs is available here: http://www.treasury.gov/resource-center/tax-policy/treaties/Pages/FATCA.aspx
126
they will be required to classify their accounts by

citizenship or tax nationality, collect supporting
documents and monitor accounts for changes in
status. Adding to that analytic and compliance
headache are the differences in IGAs described
above, which could require US institutions to col-
lect different account information or identifying
documentation based on the terms of the IGA
with a particular FATCA partner-nation. In time,
there may be dozens of different IGAs that US
institutions will have to comply with.
FATCA COMPLIANCE FOR NON-US

INSTITUTIONS
It was not until January 2013 that the US Inter-
nal Revenue Service released the final regula-
tions on FATCA, which were enacted in 2010. As a
result, the international financial services indus-
try had been facing considerable uncertainty on
how to proceed. The final rules that were issued
by the IRS finalize a step-by-step process for US
account identification, information reporting and
withholding requirements for foreign financial
institutions (FFIs), other foreign entities and US
withholding agents. They are contained in more
than 500 pages of regulatory language, examples
and other provisions that have earned for FATCA
and its regulations a well-earned reputation for
complexity.3
Even with final rules in place, non-US institutions

still face considerable compliance challenges.
There is no one-size-fits-all FATCA compliance

standard or template. Complying with the law
and the regulations will depend on the type of
institution and its customers, as well as whether
an institution is located in a jurisdiction with a
FATCA IGA with the US Treasury Department.
Differences aside, the key first step for all non-US

institutions is to gather the records and other
data it has on accountholders, determine the
data that are or were being collected at the time
3 The final regulations for FATCA are available from the IRS site at
http://www.irs.gov/PUP/businesses/corporations/TD9610.pdf
127
the customer relationship was established, and THE OECD’S COMMON REPORTING
understand the gaps that exist in the customer STANDARD – AN EVOLUTION IN
information. It makes little sense for institutions GLOBAL TAX COMPLIANCE
to take any implementation steps without first
understanding the customer data they have. A Efforts to boost global financial transparency
strategy to identify and gather the missing ele- and augment tax compliance did not end with
ments, if any, would be required. the implementation of FATCA. Instead, the US
was only the start of a larger and more globalized
Other steps advisable to take or consider for effort - The Common Reporting Standard issued
FATCA compliance include the following: by the OECD.
• Analyzing your customer procedures and Prompted by the creation of FATCA and by
amending them, if necessary, to capture European Union efforts to increase financial
information pertaining to a customer’s data-sharing for tax purposes, in 2014, the OECD
citizenship status or tax nationality, along developed a framework for automatic tax informa-
with related documents and records. tion exchange that can be adopted by any nation.
• Classifying customer accounts by
appropriate categories, including those for Instead of FATCA’s unilateral reporting structure,
US and non-US persons by compliant and in which all countries are effectively required to
“recalcitrant” status. Institutions will need to report to US tax authorities, the Common Report-
have or develop systems to monitor account ing Standard (CRS) is a multilateral system. Each
activity related to other institutions to country that agrees to participate must direct
classify them by FATCA-compliant and non- its financial institutions to identify accounthold-
compliant status. ers from all other participant countries, and
report account information to tax authorities.
• Building or acquiring new monitoring This information is then shared between the tax
systems to detect and flag any changes to authorities of all participant countries annually,
accounts that affect how they are reported on an automatic and ongoing basis, beginning in
for purposes of FATCA. September 2017.
• Develop procedures and data systems to
process and report to the IRS, or other While there are notable differences, the steps
appropriate tax authorities under an IGA required to comply with the CRS and the infor-
agreement, the appropriate documentation mation on financial accounts being captured and
when an account’s status is in question or exchanged are broadly similar to the require-
has changed. ments of FATCA. The CRS covers both individual
• For financial institutions in nations with and legal entity accounts, including trusts and
certain bank secrecy laws, obtaining a signed foundations.
waiver form from account holders indicating
they consent to have their account data The CRS itself consists of four parts:
reported to the IRS. 1. A model Competent Authority Agreement
that lays out the legal framework countries
adopt to participate in automatic exchange.
It is functionally similar to the Model I and II
agreements under FATCA.
128
2. Standards that establish how information information was only shared when one country
should be collected, verified and reported to requested it from another under the terms of
tax authorities a tax information exchange agreement. These
3. Commentaries that provide further requests were usually only made as part of crimi-
information on the Standards and Competent nal or civil investigations, and, in many cases, the
Authority Agreement exchange process was slow.
4. Technical guidance to support the data The automatic and ongoing exchange under
collection and transmission required the CRS greatly increases the level of transpar-
under the CRS ency in the global financial system. The frame-
work cuts down on the ability of tax evaders and
As of early 2017, there were more than 100 juris- other financial criminals to shield assets from tax
dictions that had agreed to implement the CRS. authorities by moving them offshore.
The Common Reporting Standard requires finan-
cial institutions to report generally the same It should be noted that like FATCA, the CRS con-
information as FATCA, with some notable differ- tains loopholes – certain legal entities and types
ences. Each signatory country must gather the of financial institutions are not subject to report-
following information: ing, for example. Also, like FATCA, dozens of
• The name, address, taxpayer identification countries have not agreed to implement the CRS,
number and date and place of birth of each including large economies like the US.
customer covered by reporting requirements.
This includes most individual accounts and Although tax and secrecy havens have not been
accounts for certain legal entities. eliminated, the CRS tightens the net on tax eva-
sion. With fewer places to hide, tax evaders are
• The customer account number being forced to resort to methods that are less
• The name and identifying number of the convenient, more expensive and potentially eas-
Reporting Financial Institution ier to detect.
• The account balance or value as of the end
of the relevant calendar or, if the account As tax evasion is closely connected to other forms
was closed during such year or period, the of financial crime, this movement toward tax
closure of the account transparency also has ramifications for enforce-
ment efforts against money laundering, corrup-
This represents a significant evolution in global tion and fraud.
tax compliance and financial account transpar-
ency. Previously, this type of financial account
129
Q 6-1. Your bank holds a business account for a local tax preparation service.
What would MOST likely trigger further investigation by the compliance department
in the bank?
A. Numerous deposits of tax refund checks in the names of different individuals but with
common addresses
B. Multiple deposits of checks in the same amount written by different tax
service customers
C. Variances in the frequency of transactions depending on the calendar cycle
D. A request by the customer to have payments made to the Tax Office through a
certified check process
Q 6-2. A regional bank operates within a country that has a Model 1 agreement in place
with the US to implement the Foreign Account Tax Compliance Act (FATCA). The insti-
tution already has a FATCA compliance program in place, but recently, there have been
media reports suggesting US tax evaders are using the bank’s country as a haven for undis-
closed assets.
The bank has some US accountholders and is reviewing its FATCA compliance program in
response to the news reports.
Which statement is true about this bank?
A. The bank must register and report US accountholders directly with the US Internal
Revenue Service (IRS).
B. The bank must institute a 30 percent withholding on the accounts of its US customers
C. The bank must confirm that US customers filed a Form 8938 with the IRS to disclose
their accounts.
D. The bank is required to report certain details about US accountholders to its
country’s tax authorities.
130
CHAPTER 7
ASSET
RECOVERY
OVERVIEW
Whatever the financial crime, there is a certain and common

element. The financial criminal leaves someone or something
behind in poorer condition than they were before the crime.
Whether it is a fraud, corruption, tax evasion or money launder-
ing, at the conclusion of the offense, there is money or some-
thing of value in the hands or control of the financial criminal
that does not belong to him and should be recovered.
131
CHAPTER 7 • ASSET RECOVERY
Financial crime creates the opportunity or other resolution of the offense that the financial
necessity to recover assets that have been ille- criminal has committed.
gally taken. Consequently, asset recovery is the
essential endgame of all financial crime. The final phase is where the asset recovery pro-
fessionals trace and recover the financial crime
Because of this necessity, the skills and special- proceeds. Unless the proceeds of the financial
ized knowledge of investigators, lawyers, forensic crime are recovered, the victim and the gov-
accountants and other professionals who under- ernment agencies that investigate, prosecute or
stand the unique challenge of asset recovery assure compliance by entities through which the
efforts are at a premium. Asset recovery skills criminal proceeds flowed, the game is lost, even if
in financial crime cases are crucial because so the perpetrators go to prison.
much of the asset recovery work that needs to be
done in the wake of financial crime depends on
private resources. Government agencies, which PARTICIPANTS IN AN ASSET
have heavy workloads, usually devote compar- RECOVERY TEAM
atively few resources to tracing and recovery of Asset recovery operations are typically con-
financial crime proceeds of the huge number of ducted by teams of professionals, each with their
cases they must handle. own distinct skill set and focus. Private- and
public-sector asset recovery teams have more in
The level of recovery of all financial crime pro- common than most people realize. They typically
ceeds is very low. Of an estimated $500 billion in have similar team members who do similar jobs:
criminal proceeds that are generated each year
in the US alone, for example, no more than $5 • Investigators. In the public sector, they
billion is recovered through government asset are called special agents, detectives or
recovery efforts. It is estimated that private sec- commanders, and in the private sector they
tor asset recovery efforts recover even less from are called private investigators.
financial criminals. • Forensic Accountants. The private sector
usually calls them forensic accountants
Although there are significant overlaps with other while the public sector calls them auditors,
elements of financial crime, including investiga- examiners and reviewers.
tions, compliance and prosecutions, asset recov-
ery requires unique proficiencies and skills, and • Lawyers. They are called prosecutors in
poses distinct challenges. These skills are not the government and receivers, insolvency
always the same as those required to investi- professionals, lawyers and trustees in the
gate the financial crime and its perpetrators. In private sector.
the same way, asset recovery skills are not the • Investigative Analysts. They are sometimes
same as those used to detect and document the referred to as intelligence analysts in
disguising, hiding and laundering of the crimi- the public sector and litigation support
nal proceeds. specialists in the private sector.
Asset is the fourth phase of financial crime inves- Receivers, trustees, monitors, “private attor-
tigations. First is the investigation of the crime neys general” and other fiduciaries are usually
and the perpetrators. Next is the investigation appointed by a court to undertake the process
of the money laundering by the perpetrators of mustering out the affairs of a legal entity that
and any accomplices. Third is the prosecution or has served as a vehicle for the financial crimes
perpetrated by its principals. The laws of many
132
countries, including the US, United Kingdom, The value of an asset should be determined
Canada and Australia, provide for the appoint- before any action is taken. Its value includes both
ment of these persons to undertake the manage- its monetary worth as well as its importance to
ment and control of such entities and to search the financial criminal. Assets that appear to have
for, identify and attempt to recover their assets. a high market value may be heavily encumbered
As is explained below in this chapter, there are with mortgages, liens or other legal impediments.
many legal and equitable tools that these fiducia- This makes their monetary value low or possibly
ries have at their disposal in a worldwide search even negative. Still, if a government agency views
for assets to compensate the victims. an asset as being worth little, but recognizes that
it plays an important role in the criminal activi-
Asset recovery teams in the private and public ties of an organization or financial criminal, sei-
sectors use similar legal and investigative asset zure must be considered regardless of its value.
tracing and recovery tools. Government agents However, it should be kept in mind that even sei-
have search warrants and seizure warrants, while zure of an asset costs money.
the private sector has civil search warrants and
other tools that courts of equity may give them, 2 How much will it cost to maintain and preserve
as described below. the asset during the asset recovery process?
After an asset is seized or taken in an asset recov-
With court orders, government agents can forc- ery effort, the asset recovery team must store and
ibly enter premises, while private investigators maintain it until a court orders the divestiture and
may obtain court orders that allow them to “break return of the asset to the victim, the victim‘s rep-
and seal” the premises of financial crime perpe- resentative or a government agency order. If the
trators or their accomplices. asset requires maintenance and upkeep during
this time before a final order by a court, the cost
This chapter of the manual explains tools and of maintaining the asset may escalate rapidly.
resources that asset recovery specialists have,
the knowledge they should have about asset trac- 3. Are there potentially innocent owners of the
ing, and the recovery weapons and skills they asset who may impede or prevent recovery?
should ensure their team has. This chapter will
also cover the unique issues that multinational Sometimes, an asset targeted in an asset recovery
asset recovery efforts confront, and how they effort is owned by a third party, even in the case
should be dealt with. of money that has been taken in a financial crime,
such as in the case of charitable contributions by
the financial criminal or funds contributed to a
IMPORTANCE OF SOUND PLANNING political campaign. If the financial criminal is not
the owner and the owner of the asset is not impli-
Sound pre-seizure planning is a must for effective
cated in the financial crime or the illegal move-
asset recovery in both the public and private sec-
ment of the financial crime proceeds, freezing or
tors. Even when an asset recovery team has the
seizure of the asset may not be an appropriate
legal authority to freeze, seize or take an asset, it
course of action.
may not be in the best interest of the overall asset
recovery effort to do so.
MAKING THE CASE FOR
Before doing so, an asset recovery team in both
sectors should consider the following:
ASSET RECOVERY
For law enforcement and other government agen-
1. Does the asset have value?
cies, a successful seizure of an asset is the begin-
133
ning of the asset recovery process. Presenting a An actual or appraised value for each item or
strong case to a prosecutor for seizure and ulti- asset that is the target of an asset recovery
mate recovery is a vital first step. Government effort. The value and nature of an asset may
agents and investigators should submit complete determine the type of legal procedure to be initi-
and accurate requests to the prosecutor or other ated in various jurisdictions. Certain jurisdictions
legal officer detailing the probable cause for sei- permit the seizure, freezing or ultimate recov-
zure, freezing and ultimate recovery. The sub- ery of assets of a certain value by an adminis-
mission should list the potential claimants that trative action. Assets that do not fall into those
may emerge and full information about such per- categories in these jurisdictions may be recov-
sons and their likely claim. The investigators are ered only through judicial proceedings and not
often required to furnish the legal officer sup- administratively.
plemental investigative reports as they learn new
information. Names and full contact information of all per-
sons who may have a legal or other interest in an
Below are the recommended elements of a report asset that is the focus of an asset recovery effort
by investigators to a government legal officer or that has been frozen or seized. The laws of
or prosecutor before an asset recovery effort is most jurisdictions require that names of poten-
commenced, or when seizure of an asset is being tial claimants with an interest in an asset that is
considered, which also largely apply to private sought to be frozen or seized be received prior
sector asset recovery teams. formal notification of the contemplated action.
For this reason, it is important that the legal offi-
The presentation or submission to the legal officer or prosecutor in an asset recovery effort have
cer or private sector lawyer should be organized the accurate names, addresses and full contact
so that relevant information that allows evalua- information of the potential claimants so that
tion of the case is found quickly. These are the they may be provided with legal notices in accor-
items of information that a prosecutor or other dance with the law.
legal officer in the private and public sectors
would normally request: A listing of all registered owners and persons
holding liens on assets that are the focus of a
A list of each tangible or intangible assets, and seizure, freezing or other asset recovery effort.
pieces of property for which asset recovery is Property owners routinely record their vehicle
sought. For purposes of presentations in court, and interests in real estate in the records and
the prosecutor or legal officer must accurately files maintained by government offices. These
list each item, with complete description of the databases, which are normally accessible by the
asset. It is important that the asset recovery general public, must be searched. Parties with
team is mindful of the passage of time because recorded interests affecting the targeted assets
many jurisdictions prescribe the number of days must be listed in the reports presented to the
that an asset recovery team in the government legal officers in a public or private sector asset
or private sector has to commence or complete recovery effort so that they may receive the
procedures, including applications to the courts. required legal notice of the action. The legal offi-
The location of an asset is important because cer or prosecutors must evaluate this information
legal issues pertaining to the rights of parties in to determine if the potential claimants have legit-
other jurisdictions must be addressed, and there imate claims or have the legal status that is nor-
must be certainty that the asset recovery team is mally called “innocent owners.”
legally empowered to act in the jurisdiction.
134
A statement explaining the legal theory and ANCIENT AND POWERFUL EQUITABLE
justification or probable cause for the seizure, POWERS OF COURTS
freezing or ultimate recovery of each item or The equitable powers of the court are based on
asset. A legal officer or prosecutor needs and the principle, “Where there’s a wrong, there’s
benefits from a concise description of the the- a remedy -- if you come with clean hands.” An
ories of seizure, freezing or recovery that the asset recovery team has potent weapons based
asset recovery team will pursue. The description on these judicial equitable powers. A court may
should include the full justification, or “probable compel disclosure of information, issue civil
cause,“ that the asset recovery team will pursue, search warrants and “break and search” orders,
which justifies the seizure, freezing or recovery. rewrite contracts, transfer property, require the
The investigative or analysis team that provides examination of documents, and enter orders per-
information to the legal officer or prosecutor mitting the seizure of assets.
should strive to furnish full information to jus-
tify the recovery of the asset and linking its pur- Equity is the name given to a set of principles that
ported owner to the underlying financial crime. are applied in common law jurisdictions, such as
the US, United Kingdom, Canada, Australia and
Complete copies of all investigative and analy- other nations that inherited a system of law from
sis reports and search warrants or other court England. The principle of equitable relief is also
orders. Legal officers and prosecutors must intended to supplement and complement the
review the investigative reports to evaluate the remedies and relief that statutory law provides.
basis of seizure, freezing and ultimate recovery of Equitable relief is also intended to apply where
specified assets. In the case of a government asset the application of statutory law may be unduly
recovery effort, search warrants must contain harsh, unfair or inequitable. Although equity in
a statement of probable cause that summarizes that name is not known in civil law systems, such
the investigation and the evidence leading to the as those that operate in continental Europe, Latin
search for and subsequent seizure of an asset. America and most of Asia, those systems have
and apply broad rules that give judges similar
Copies of all seizure orders, warrants or other powers to fashion remedies to meet inequitable
court orders previously issued in the case. Prior circumstances.
orders of the court, including a seizure order or
warrant, will detail the justification or “probable Equitable powers constantly adapt and evolve to
cause“ that justified the taking of an asset. meet new circumstances, particularly in the busi-
ness and commercial environment. Common Law
The laws of most nations, including the US, courts have invented a host of equitable remedies
require that a government asset recovery, or that are powerful tools for asset recovery. These
“forfeiture,“ action must be commenced within a include things such as so-called Mareva Injunc-
specific time from the date an asset was frozen tions, Anton Piller Orders and Norwich Pharma-
or seized. Government investigators, and often cal Orders that may be used in the investigation
those in the private sector, should recognize that and initial steps of asset recovery cases. They can
legal officers and prosecutors have minimum also require a party to permit a legal represen-
thresholds of property value in asset recovery tative of another party to search premises and
cases. These thresholds are dictated by consider- remove evidence.
ations of the proper and efficient use of legal and
judicial resources. Among the powerful weapons that a court of
equity may wield in asset recovery and other
cases are these:
135
• Restraining and mandatory injunctions In addition, the embassies in other countries of

that compel certain action or inaction by a an asset recovery team‘s country can provide
specified person or entity helpful “back channel“ assistance in various ways,
• Civil search warrants that permit private including location of witnesses, authentication of
sector asset recovery teams, accompanied documents or direction to useful public sources
by law enforcement authorities, to search of information in that country that may uncover
designated premises for evidence the true beneficial owner of corporations and
other legal entities. Often, this is the most daunt-
• Break and search orders that permit the ing task in an international asset recovery effort.
forcible entry into businesses or residences,
usually in the company of law enforcement Victims of financial crime, and often government
authorities, to search for evidence pertaining agencies, may undertake various legal actions to
to a financial or other crime seek to recover the assets they have lost in a finan-
• Accounting that compels a person or entity cial crime. For example, through their represen-
to document the source and application of tatives, victims may apply to a court to freeze an
funds, which are the subject of a financial asset or its transfer or consumption and request
crime or other investigation, or to require a the judicial imposition of a constructive trust to
broader accounting ensure that the assets are not dissipated.
• Appointment of receivers who essentially
represent the court in undertaking the FREEZING ORDERS AND “MAREVA
management and control of a specified entity, INJUNCTIONS”
including its assets and property, that are One of the most powerful tools in international
linked to a financial or other crime or to its asset recovery is a freezing order. In many juris-
insolvency or bankruptcy dictions, it is called a Mareva injunction. The
• Writ of assistance to a sheriff or court official name comes from a 1980 British case, Mareva
that requires the designated officials to Compania Naviera SA vs. International Bulk Car-
provide assistance to the representatives of riers, SA, in which the court order restrained a
the victims of a financial or other crime party from removing assets from the jurisdiction
and from dealing with any assets wherever they
• Authentication of records, or ‘back channel’ were located.
assistance, on beneficial owners
Freezing orders are usually sought against the
Through whatever appropriate means evidence persons who hold an asset or other property. In
and records are located and obtained, an asset jurisdictions where freezing orders are estab-
recovery team must ensure that the documen- lished or permitted, such as in the United King-
tation may be used in subsequent legal proceed- dom, Canada and the US, there must be an argu-
ings that seek to achieve repatriation of assets. ably good case on the merits, strong evidence
Various international agreements, in addition to that the assets are located in the jurisdiction or
local laws of most nations, provide procedures for outside the jurisdiction if a global order is sought
the authentication of records obtained in other from the court, and evidence that a definable
countries. The foreign ministries of most coun- risk exists that the person holding the asset may
tries or the office of a nation‘s chief legal officer unjustifiably dissipate it to frustrate enforce-
normally have units that facilitate the necessary ment of an asset recovery effort or a judgment
authentications. entered by a court.
136
Freezing orders are powerful and can be used is shown that the target of the effort is likely to
effectively with a variety of assets, especially destroy evidence to frustrate the investigation.
bank accounts or real property. Freezing orders
typically require that the asset not be transferred LIS PENDENS
or removed without a court order. While these A lis pendens is simply a written notice that a law-
orders do not guarantee recovery of the assets, suit or claim affecting title or an interest in spe-
they assure that the assets will not be transferred cific real property has been filed.
or dealt with in a prejudicial or harmful manner
until the case is concluded. Lis pendens, which is Latin for “suit pending,” is
the notice of a pending action and is filed with
A freezing order should be sought in the place and certified by the clerk or secretary of a court
where the financial criminal or his accomplices it is subsequently recorded in the official regis-
reside or hold property. Sometimes, it is possi- try of the place where the property is located. It
ble to obtain a worldwide Mareva order from a notifies persons with an interest in the subject
court if the financial criminal has fled the juris- real property that a claim on the property exists.
diction, but not all countries recognize these The recording of the lis pendens informs anyone
global orders. interested in buying or financing the property
that there is a potential claim against it.
Other well-known judicial tools provide assis-
tance in asset recovery efforts in common law A lis pendens must include a legal description
countries or jurisdictions. The terms by which of the property. Usually, in common law juris-
these tools are known are included in parentheses: dictions, the party who filed a lis pendens is not
required to show a substantial likelihood of suc-
NORWICH PHARMACAL (PURE BILL OF cess on the merits, but only a connection between
DISCOVERY) AND BANKERS TRUST the ownership of the property and the dispute in
ORDERS (PRODUCTION ORDER) the pertinent lawsuit.
These orders by a court, usually under seal and
accompanied by so-called anti-tip-off or gagging LETTERS ROGATORY
restraints, are injunctions that typically seek dis- A letter rogatory is a request from one judge to
closure of confidential records and information another judge in another country seeking assis-
from financial institutions and other businesses. tance in obtaining information, documents or
The orders usually require a third party to dis- testimony in a particular legal matter. Letters
close certain documents or information to the rogatory are not treaties, but they provide a
party that sought the orders. For example, a third means by which private- and public-sector per-
party could be a financial institution that has rel- sons and agencies may obtain international assis-
evant information and records. tance in a case. Letters rogatory can help gather
financial evidence, including bank records, and
ANTON PILLER ORDERS (STAND help to restrain assets. Compliance with a letter
AND DELIVER) rogatory is discretionary on the part of the court
These are search and seizure orders that may be that receives it, and the process is usually slow.
executed simultaneously at homes and offices of Without an effective advocate in the jurisdiction
the targets they are issued on. An Anton Piller that receives it, a letter rogatory may not succeed
order is intended to preserve evidence that may in obtaining the desired assistance.
be crucial to a worldwide asset tracing case. It
can be obtained to preserve evidence where it Each country has its own laws and practices for
the receipt and execution of letters rogatory. Exe-
137
cution of letters rogatory must be in strict com- There are no standard procedures that asset
pliance with domestic law. The process is marked recovery teams must follow for successful repa-
by these uncertainties: triation of assets. No two cases, and the laws of
no two countries, are alike. Asset recovery cases
• Letters rogatory are usually transmitted via sometimes encounter difficulties that stem from
diplomatic channels and must be processed local corruption, especially in the final stages
through a court and the diplomatic agencies. when repatriation is sought.
Diplomats may refuse to act if a letter is
deemed inconsistent with their nation’s Asset recovery teams must obtain a judicial order
public policies. to repatriate assets after they are located and
• Requests must contain certain information, frozen to prevent dissipation or flight. The order
including a description of the facts and must divest the financial criminal and his accom-
details of persons and entities involved. The plices of the asset and place title in the control or
letters may be returned for clarification to the names of the victims, their representatives or
the judge in the requesting country. a pertinent government agency.
• Nations sometimes refuse to execute letters
rogatory in a criminal matter until formal Mareva injunctions or other court orders at the
criminal charges have been filed in the start of a case that preclude the financial crim-
requesting country. This policy makes letters inal or his accomplices from transferring or liq-
rogatory unavailable during the investigation uidating assets are essential initial steps. The
when they are often most needed. laws of certain jurisdictions allow creation of
so-called asset protection trusts. A trust protec-
• In some countries, secrecy laws do not tor appointed by the court usually may transfer
permit bank records to be obtained by assets from one jurisdiction to another.
means of letters rogatory unless other laws
authorize this disclosure. STATUTES OF LIMITATION
An asset recovery team must also observe stat-
REPATRIATION OF ASSETS utes of limitation as a potential obstacle in its
case. Statutes of limitations vary from jurisdic-
In asset recovery cases, it is not enough to freeze
tion to jurisdiction and encourage prompt reso-
assets. To succeed, they must be repatriated.
lution of cases. However, statutes of limitations
Repatriation of assets from foreign hiding places
can also sometimes benefit financial criminals,
is the crucial final step that private and public
if they succeed in concealing their conduct and
asset recovery teams must accomplish. It may be
assets until the statute of limitation expires. The
fraught with complications.
time period that a statute of limitation prescribes
is easily learned in any jurisdiction, and should
In repatriating assets, government asset recovery
be one of the first things an asset recovery team
teams often have unique international weapons
does. Often, these statutes impose different time
that can provide substantial help in the recov-
limitations for different types of legal actions.
ery. Private sector asset recovery teams may also
have access to powerful government weapons in
One way to mitigate the negative effect of a stat-
certain circumstances if they convince govern-
ute of limitations that expired or is about to expire
ment investigators, prosecutors or judges to uti-
is to enter into “tolling“ and standby agreements
lize them on their behalf. The discussion below
with adverse parties by which they agree to
about Mutual Legal Assistance Treaties (MLATs)
ignore the statute of limitations problem. That is
covers this.
unlikely when you are dealing with the financial
138
criminal and his accomplices unless a bargaining

or negotiation benefit can be extended in return.
THE HAGUE CONVENTION
DISCOVERY The Convention on the Taking of Evidence
Discovery is the process by which parties in a Abroad in Civil or Commercial Matters --
legal dispute, including financial crime victims more commonly referred to as the Hague
and their representatives, may obtain informa- Evidence Convention, is a multilateral
tion from opposing parties in a case. In asset treaty which was drafted under the aus-
recovery cases, the information may pertain pices of the Hague Conference on Private
to the nature, location and value of a particular International Law. The treaty was nego-
asset and other things of value. The US has very tiated in 1967 and 1968 and signed in The
broad discovery rules in civil litigation, but dis- Hague on March 18, 1970. It entered into
covery is also permitted in other common law force in 1972. It allows transmission of
countries, such as the United Kingdom, Canada, letters of request (letters rogatory) from
Australia and others. one signatory state (where the evidence is
sought) to another signatory state (where
Countries that operate in what is known as the the evidence is located) without recourse
civil law system, generally, do not have similar to consular and diplomatic channels.
discovery rules, although other measures exist
that provide mutual disclosure of pertinent evi- The Hague Evidence Convention was not
dence between the parties. the first convention to address the trans-
mission of evidence from one state to
Distinct discovery options and rules apply in another. The 1905 Civil Procedure Con-
civil and criminal cases in countries that per- vention — also signed in The Hague — con-
mit discovery. In criminal cases in most coun- tained provisions dealing with the trans-
tries, the defendants may not be forced to pro- mission of evidence. However, that earlier
duce evidence that represents self-incrimination. convention did not command wide sup-
Often, this privilege is guaranteed by the nation‘s port and was only ratified by 22 countries.
constitution, such as in the US. In the US, cor- The United States initiated the negotia-
porations do not receive this protection against tions that led to the creation of The Hague
self-incrimination. Evidence Convention. However, insofar as
requests to United States courts are con-
cerned, the use of the Hague Evidence
INFORMATION SHARING AND Convention has been replaced in large
MUTUAL LEGAL ASSISTANCE part by the simpler discovery provision
codified at 28 U.S.C. § 1782 (see Section
TREATIES (MLATS) 1782 Discovery).
An information-sharing agreement is an under-
standing between government agencies by which Between states of the European Union,
they agree to exchange information that assists the Hague Evidence Convention has
them in their work, including asset recovery. largely been supplanted by Council Regu-
These agreements can be in the form of a formal lation (EC) No. 1206/2001 on Cooperation
agreement, protocol, memorandum of under- Between the Courts of the Member States
standing, exchange of letters, or a treaty or con- in the Taking of Evidence in Civil or Com-
vention. The Hague Convention, for example, pro- mercial Matters.
vides for international cooperation in obtaining
139
evidence for use in legal proceedings of various for the fees of expert witnesses, translation, tran-
types. All appropriate international agreements, scription and travel expenses.
such as the Hague Convention, that provide chan-
nels of information-sharing should be reviewed MLATs may only be used by government agen-
by asset recovery teams in the private and public cies and are designed for their benefit. However,
sectors at the start of a case. under some circumstances, as explained below
in this chapter, representatives of private sec-
In addition, as discussed in more detail in other tor victims of financial crime may persuade the
chapters of this Manual, in accordance with lawyers or agents of a government agency that
Egmont Group recommendations some 132 have received information under an MLAT from
nations have established Financial Intelligence another country to share the information.
Units (FIUs). These agencies collect a wide variety
of financial information and reporting forms from Government asset recovery teams have no obsta-
financial institutions, businesses and individuals cles to the use of MLATs if they have been signed
in their countries and disseminate it to their law and ratified by their countries. Many industrial-
enforcement agencies and prosecutors. They also ized countries have entered into dozens of MLATs.
sign bilateral and multinational agreements that The US, for example, has entered into more than
authorize and facilitate the mutual exchange of 60 of them, as of early 2013. A full listing of all
intelligence and information. the bilateral and multilateral agreements that a
nation has ratified may usually be found in the
MUTUAL LEGAL ASSISTANCE TREATIES website of a jurisdiction‘s state department or
Mutual Legal Assistance Treaties (MLATs) pro- foreign ministry. In the US, the website of the US
vide for the broad exchange of information, State Department provides this listing in a publi-
assistance and other cooperation between two cation called Treaties in Force.
nations. In an international asset recovery case,
they can be a valuable tool for gathering perti- An example of how an MLAT describes the assis-
nent information and evidence. The execution tance the signatory nations agree to extend
and operation of MLATs is often cumbersome to the other nation is found in Article 16 of the
and time-consuming. MLAT between the US and the United Kingdom,
which follows:
Most MLATs require the requested country to “The parties shall assist each other in pro-
assist the requesting nation to take actions that ceedings involving the identification, tracing,
include these measures: freezing, seizure or forfeiture of the proceeds
and instrumentalities of crime and in rela-
• Taking testimony or statements of persons tion to proceedings involving the imposition of
• Providing documents, records and evidence fines related to a criminal prosecution.“
• Service of documents
Most MLATs include restrictions on the use of the
• Locating or identifying persons information they provide.
• Executing requests for search and seizure
• Identifying, seizing and tracing A government agency that files an MLAT request
proceeds of crime may seek permission to share information with a
court-appointed receiver or other formal repre-
The “requested“ party in an MLAT request usu- sentative of financial crime victims. If the infor-
ally pays all costs related to its execution, except mation is sought for restitution to victims, the
government officials should so specify in the
140
request. It is advisable that private sector rep- The requested party in an MLAT can be instructed
resentatives of financial crime victims establish to keep confidential the request that has been
appropriate, cordial professional relationships made, the contents of a request, the outcome of
with these government officials. the request‘s execution and other information
concerning the request.
Parties that are considering the filing of an MLAT
request should consider all possible uses of the
information you may provide. The language of BANKRUPTCY AND INSOLVENCY AS
the request should cover all the intended uses ASSET RECOVERY TOOLS
of the information and, generally speaking, it is The asset tracing and recovery fields have several
advisable to request approval for broad usage of off-the-beaten-path legal weapons, such as bank-
the information. ruptcy and insolvency. They can serve very well
in locating, safeguarding and recovering assets.
MLATs can be helpful in piecing together money Persons appointed by courts as trustees, receiv-
trails in financial crime cases, including those ers, administrators, monitors or liquidators of
involving corruption. They can lead to the dis- entities that have served to spawn or execute a
covery of bank accounts, property ownership or financial crime are given great powers of investi-
evidence of the ownership of business entities. gation and recovery of assets. Especially in finan-
cial crime cases, in which the business or corpo-
Often, nations provide mutual assistance under rate entities that financial criminals use collapse
other types of international agreements that can upon the discovery of the financial crime, the
impact asset recovery case. These agreements tools discussed here are important parts of the
include Organization for Economic Co- opera- asset recovery arsenal.
tion and Development (OECD) Anti-Bribery Con-
vention, the Inter-American Convention Against A trustee, receiver or liquidator steps into the
Corruption, the Council of Europe Criminal Law shoes of the directors of the business entity and
Convention on Corruption, the Council of Europe is entitled by law to all information about the
Civil Law Convention on Corruption, and the entity to which its directors were entitled. Simi-
United Nations Convention against Corruption. larly, a trustee in bankruptcy steps into the shoes
of the bankrupt entity and is entitled by law to
An MLAT request for assistance is normally made all the information to which the bankrupt entity’s
in writing and usually includes the following: directors were entitled.
1. The name of the agency conducting
the investigation, prosecution or Judicial orders appointing receivers, liquidators
other proceeding or “officeholders,“ as they are called in the United
2. The facts about the subject of Kingdom, typically require the subjects of asset
the investigation, prosecution or recovery efforts, their agents and all persons
other proceeding in concert with them who receive notice of the
order, to hand over all assets that belong to the
3. The nature and stage of the matter subject entity or receivership. These cover secu-
and the text of the relevant laws of the rities, money and property of any kind, including
requesting party all money at financial institutions for the bene-
4. A description of the assistance requested fit of the targets of the investigation. The laws of
5. A description of the purpose of the many nations allow a receiver to take control of
requested assistance assets located in other jurisdictions.
141
All nations and jurisdictions have an interest in Forfeiture is defined as the permanent depriva-
regulating improper conduct in their territory. If tion of property by order of a court or other com-
assets are not repatriated by a person who has petent authority. It is a term used interchange-
been ordered to do so, a receiver will likely seek ably with recovery and confiscation.
recognition abroad of the order appointing him or
her, and try to convince a foreign bank to honor Forfeiture is handled through judicial or admin-
the request to transfer the funds. These efforts istrative procedures that govern the transfer of
may require proof of the underlying financial ownership of specified funds or other assets to
crime and of the receiver‘s plan to distribute a government agency. Many countries, including
assets to the financial crime victims. the US, have asset forfeiture laws that authorize
proceedings against assets that are the proceeds
As mentioned above, The Hague Convention of criminal activity or that served as the instru-
allows parties to request, through a bankruptcy mentalities of crime.
or other court, the assistance of another nation
in obtaining evidence and testimony. Asset forfeiture or recovery laws vary depending
on the jurisdiction. An asset recovery team mem-
ber should study the laws on forfeiture and asset
TRACING, FORFEITURE AND recovery in the jurisdiction where she or he is
SUBSTITUTION OF ASSETS handling the case. Persons or entities that had an
Courts may assist financial crime victims in sev- interest in the assets at the time of forfeiture lose
eral ways in tracing and recovering assets. Under all rights to the seized or frozen funds or other
common law, tracing is restricted to assets that assets upon a judicial or administrative ruling of
originally belonged to the claimant, and to the forfeiture. Many nations, including the US, allow
profits from the asset or its substitute. both criminal and civil forfeiture.
In the US, Article 9 of the Uniform Commercial CRIMINAL FORFEITURE

Code provides the doctrines that are applied in A criminal forfeiture accompanies a criminal con-
asset tracing by a creditor. These rules guide viction in countries that recognize both types of
practitioners when the proceeds are commingled. forfeiture. It is an action against the defendant or
person. If a defendant is acquitted of the crime,
the government’s criminal forfeiture case against
him fails. In a criminal forfeiture, the burden of
proof is the same as in a criminal prosecution,
“proof beyond a reasonable doubt.“
Criminal proceeds may be the subject of a

criminal forfeiture action if they are related to
or derived from criminal activity. There is no
requirement that the proceeds must have been
obtained directly from an illegal act. For exam-
ple, if a financial criminal derives money from his
crime and then uses it to buy a car, then sells the
car and uses the money for a down payment on a
house, the portion of the house purchased with
illicit funds may be considered criminal proceeds.
142
CIVIL FORFEITURE been dissipated or cannot be found. Civil asset

Civil or ‘in rem’ forfeiture, meaning a case against recovery or forfeiture cases do not permit this.
the property, is a legal action against the property Therefore, criminal forfeiture is more powerful
based on a finding that it represents the proceeds as a law enforcement tool.
or instrumentality of unlawful activity. It is not an
action against the asset’s owner but against the
property (“rem“ means thing), and is unrelated OTHER EVIDENCE-
to a criminal action against the wrongdoer. The GATHERING TOOLS
standard of proof is lower in a civil action, mean- Court orders facilitating investigation are a prin-
ing that the government lawyer must prove by a cipal mechanism for obtaining information in
“preponderance of the evidence“ that the prop- asset recovery cases. Private sector entities are
erty was used in the commission of, or to facili- often unwilling or legally unable to disclose infor-
tate, a crime, or was obtained illegally. mation about their finances or customers without
a court order that releases them from client con-
This is particularly useful in cases where a finan- fidentiality restrictions.
cial criminal has not been apprehended or is
still unknown, but illegally obtained assets have The following are examples of court orders that
been identified. By initiating an in rem proceed- may be issued in many nations and serve as
ing against the property, either the criminal must potent evidence-gathering tools for government
default on the proceeding and automatically lose investigators:
if they do not show up to claim ownership, or
Production orders. Require individuals to pro-
show up and risk apprehension.
duce documents and are frequently served on
banks and other intermediaries to obtain finan-
SUBSTITUTE ASSETS cial records.
The incentives a defendant has in transferring
assets to another jurisdiction, placing them Search warrants. Available to government inves-
beyond the reach of a court, or taking other tigators and are executed on the premises owned
actions to render his property unavailable are by targets and defendants. They may also be
understandably great. As a result, the impact of used on other premises where documents and
asset recovery actions is lost unless the private or information are located. Investigators also often
public sector asset recovery team can recover or request warrants allowing the seizure and exam-
forfeit non-tainted, substitute assets of the target ination of documents that cannot reasonably be
or the defendant and his accomplices. reviewed on the premises being searched. Private
sector asset recovery teams may obtain similar
Many jurisdictions provide for the recovery or weapons under the equitable powers of courts, as
forfeiture of substitute assets. These laws per- explained above in this chapter.
mit recovery of untainted assets that have an
equivalent value to the assets that cannot be Customer information orders. Enable an inves-
recovered because they have been spent, hidden tigator to discover at which institution an indi-
or dissipated. vidual holds accounts. The orders may require a
bank to search for accounts held in the names of
The action is against the person, called an in aliases or in different spellings.
personam action. The court in a criminal asset
recovery or forfeiture case may order the person Account monitoring orders. Require financial
or defendant to pay a money judgment or forfeit institutions to inform government investigators
substitute assets, if the recoverable property has regularly about transactions in an account and to
143
enforced may enter appropriate orders giv-

ing effect to these remedies granted by the
foreign court.
LIABILITY OF THIRD PARTIES

One of the hallmarks of asset recovery actions
and principles and financial crime cases, in gen-
eral, is that the financial crime perpetrator is not
the sole source of recovery. Financial criminals
are adept not only at taking money from others,
but they also are skilled at making the money
vanish in hiding spots and behind fronts that are
difficult to identify, penetrate and uncover. So, if
a financial criminal and the stolen assets vanish,
furnish information that did not exist when the the victims are left with the challenge of identify-
order was granted. ing third parties that may be liable for their losses
under various theories of liability.
Disclosure orders and subpoenas or summons.
Enable an investigator to require an individual to Recovering from third parties has several major
attend an interview, answer questions and pro- advantages. They are usually stationary and
duce documents. immobile, have substantial assets and are averse
to bad publicity. They will resist paying, however.
Evolving legal theories of liability and a changed
ENFORCEMENT OF JUDGMENTS legal atmosphere have made many wealthy third
Most countries have laws modeled on the Uni- parties worthy of pursuit in nearly all financial
form Foreign Money Judgments Recognition Act crime cases, big and small. But, battles against
that “recognizes” and enforces proper judgments third parties can be very expensive.
rendered in other countries. Simply, when this
occurs, a court enters a judgment that is sub- PRELIMINARY QUESTIONS ON THIRD-
stantially the same as the one entered in the PARTY LIABILITY
other country. Similarly, judgments entered in
Before launching a legal effort against a third
a domestic court receive the same treatment
party, one must determine the assets the finan-
and enforcement based on international notions
cial criminal has. Second, once affiliated parties,
of “comity.”
enablers, aiders and abettors and facilitators with
assets have been identified, they should be pur-
If a foreign judgment orders a monetary recov-
sued if the facts and the laws so justify. To make
ery and the debtor has assets in the country or in
this determination, two preliminary questions
another jurisdiction that recognizes the foreign
should be posed:
judgment, the person pursuing asset recovery
may take advantage of enforcement and collec-
Does the financial criminal have a license or a
tion tools, as if the judgment had been entered in
parent company?
a domestic court.
If a person has been victimized by a financial
If another form of relief was obtained under the
criminal who is a licensed entity or a subsidiary
foreign judgment, such as an injunction, the
of a public company, the chances of recovery
domestic court where the foreign judgment is
dramatically increase. When a financial crime is
144
committed by someone acting on behalf of such of the illicit funds and increase the risk the money
an entity, the biggest hurdle to recovery gener- or the recipients may disappear.
ally consists of proving liability instead of search-
ing for assets. Understand cash withdrawals. Often, frequent
large cash withdrawals or unexplained transfers
Does the financial criminal have assets or money? from an account are noticed. Look for explana-
Because successful financial crime and fraud tions, which may include the purchase of cashier’s
schemes involve getting, transferring and spend- checks, withdrawals of cash to purchase money
ing large sums of money, records to reconstruct orders or wire transfers at other institutions,
the flow of funds will generally be available. Even cash withdrawn for deposit into other accounts
in the absence of reliable records, it is hard to at other institutions, or cash payments to pub-
execute a large financial crime without creating lic officials.
an audit trail. These records will provide trails to
third parties, firms and institutions that may be If the money was used for wire transfers, the
liable for damages for participating in the financial records of the money transmitter or funds
crime or enabling or fostering it knowledgeably. transfer institution will document this. If other
financial accounts are suspected, subpoenas or
To lay the groundwork for the pursuit of third par- requests for production to the institutions where
ties, various possible steps should be considered: the accounts are maintained should be issued.
Withdrawals by the financial criminal should be
Source and use analysis. All bank records the cross-checked against travel records, includ-
financial criminal and his accomplices used, bank ing credit card statements, to establish travel to
statements, both sides of all checks, deposit items secrecy havens or to other locations soon after
and wire transfers should be obtained. After this cash withdrawals.
data is placed in a spreadsheet or account rec-
reation software, the money that came into the Find related entities. Determine the other enti-
accounts, where it came from, how much was ties the financial criminal and his accomplices
spent, and where it went may be determined. have created. The asset recovery team should
check corporate and other public records to
When pursuing third parties, a keen eye should determine other business entities that list him, his
be trained on fee payments to professionals, family members, affiliated companies or accom-
including “investment advisors.” After it is input, plices as officers, directors or registered agents.
the data should be sorted by source and payee,
a process often called “Source and Use Analy- Check public records. Many assets generate pub-
sis.” This can show how much money the finan- lic records when they are purchased or trans-
cial criminal’s entity had at any point, how funds ferred, whether they are homes, cars, boats, jew-
were used as they came in, and how much went els, airplanes, negotiable instruments or other
to various recipients. assets. As more government agencies put these
records on their websites, these searches become
Identify the payees. When the recipients of the easier to conduct. Searches should be expanded
funds from the financial criminal are known, the to look for ownership by family members, close
purpose of each payment should be determined. associates, suspected accomplices and affiliated
The records of the financial criminal may answer entities of the target.
this or interviews of employees may do so. Oth-
erwise, subpoenas or requests for production of Intelligence sources. Many financial criminals
records should be sent to the recipients to obtain realize that their schemes ultimately will fail. At
explanations. However, this may tip off recipients
145
that point, they become more creative in hiding vent, may be voidable. For Ponzi frauds and other
assets, utilizing more cash transactions, transfer- financial crime schemes, the test of insolvency is
ring property to others, opening accounts at dif- met by the entity’s financial obligations to exist-
ferent financial institutions or purchasing goods ing investors. Good faith transactions, where
in the names of others. These actions are diffi- fairly equivalent value was given, are excepted.
cult to detect. The best sources for finding these This protects outside service providers or ven-
transfers are people who had contact with the dors who acted in good faith, and still permits
financial criminal and his accomplices. receivers to recoup improper payments.
Some sources, like former spouses, unhappy Overpaid investors. Investors in long-running
employees or angry investors, can provide Ponzi and similar financial crime schemes some-
assistance. Other sources must be persuaded to times receive more in distributions than they
cooperate, which can come through compulsion, contributed as capital. Distributions to investors
such as subpoenas, court orders or protecting beyond the amount of their principal investment
self-interest, including the fear of being charged must be returned under the laws of most coun-
with crimes or sued for money, and incentives, tries, including the US. If the investor or victim
such as immunity from prosecution that must be did not act in good faith because he or she knew
expended by government authorities. of the fraud or withdrew funds because of sus-
picions that something was not right, good faith
Affiliated entities. The affiliates and entities was missing and a receiver or other fiduciary
of the financial criminal should be analyzed to can demand a return of all the distributions
determine if their conduct gave rise to liability, or he received.
if their actions as agents of the financial criminal
created grounds to pursue their assets. With these considerations taken into account, an
asset recovery team may focus on specific third
Gratuitous donees. Payments by financial crim- parties whose deep pockets may secure the res-
inals that benefit others are also recoverable titution of the financial crime victims.
under the laws of many countries, including the
US. While payments by an entity of the financial GATEKEEPERS AND INTERMEDIARIES
criminal for normal business expenses are not When a financial crime has come to an end, one
voidable if the payments represented fair value may ask, “Where were the gatekeepers?” This
for the services provided, payments to satisfy refers to attorneys, accountants, brokers, audi-
the debts of others, including the financial crim- tors, investment advisors, consultants, corporate
inal’s personal debts, are voidable. Examples are directors and others. They often play a crucial
the payment of bank loans owed by employees role in facilitating or promoting a financial crime
or affiliates of the financial criminal and the pay- and have a duty to prevent the crime in transac-
ment of the indebtedness for assets purchased tions where they are involved. Under recent laws
by others. Charitable contributions and political in some countries, gatekeepers and intermediar-
contributions made by the financial criminal or ies must now actively attempt to avoid facilitating
the promoter of the financial crimes scheme are a financial crime, including fraud. If they fail to
also recoverable. meet this obligation, they may be liable for some
or all of the losses incurred by the victims.
Fraudulent conveyances. Under the laws appli-
cable to fraudulent conveyances, payments made A primary consideration in any claim against a
by a financial criminal or his entity, when the third party is whether that person or institution
payments would have made the company insol- owed a duty of care to the defrauded party or
146
financial crime victim. Some courts will consider actions during the commission of the financial
whether they had a duty of care to persons about crime, the intermediaries may be liable to the
whom they were not aware when their profes- victims. Often, these firms must conduct due dili-
sional responsibilities began. gence and implement “know your customer” pro-
cedures, just as banks do, on their customers and
counterparts.
THIRD PARTIES THAT MAY BE
HELD LIABLE TO FINANCIAL Even if the firms were fooled by the financial
CRIME VICTIMS criminal, they may be liable if they failed to con-
duct sufficient due diligence or if their operational
If gatekeepers and intermediaries act as cheer-
procedures were lax, or if they can be viewed
leaders and enablers and facilitate a financial
as having aided and abetted the fraud or other
crime, they may rightly be considered aiders and
financial crime. For example, if a broker-dealer
abettors or co-conspirators in the financial crime.
executed transactions based on forged signa-
The following gatekeepers and intermediaries
tures, the firm may be liable if the broker-dealer
may be liable if the financial criminal’s identified
should have known that was improper.
and located assets are not sufficient to satisfy the
losses of the victims.
Company directors. As part of the due dili-
gence procedures, an asset recovery team should
Banks. In most nations, banks must conduct due
attempt to determine if there is liability on the
diligence examinations on their account hold-
part of the officers and directors of an entity that
ers, including “know your customer” proce-
did business with the financial criminal. Director
dures required by anti-money laundering laws.
and officer liability insurance may be a source of
These are records an asset recovery team should
recovery for victims of financial crime. A failure by
obtain. Usually, Suspicious Activity Reports (SAR/
the directors to obey their duty to creditors and
STR) may not be disclosed by a financial institu-
investors may give rise to claims against them by a
tion under the laws of many countries, including
receiver or other fiduciary. Directors may also be
the US. An asset recovery team should under-
liable for wrongful or fraudulent trading or when
stand the banking regulations in the jurisdiction
preferential payments were made to creditors.
where the recovery operation is taking place in
order to determine the reporting and record-
Employees. Employees who held responsible posi-
keeping responsibilities of financial institutions
tions may be held liable for failing to detect or halt
and businesses used by the target of the oper-
financial crimes, including fraud, of which they
ation. Obtaining this information can help sig-
had knowledge or should have had knowledge.
nificantly in financial crime and asset recovery
investigations.
Attorneys. To the extent attorneys helped pre-
pare solicitation or other documents that con-
Financial institution records, including gov-
tained false information, which induced invest-
ernment-required forms they file, can provide
ment by innocent third parties, they may be liable
a wealth of information in asset recovery cases,
if they failed to conduct sufficient due diligence.
although the ability to access them is tightly reg-
Attorneys may also be forced to return money
ulated in many jurisdictions.
they received for representing the financial crim-
inal if the money was paid by a legal entity that
Broker-dealers, investment advisers, futures
had been controlled by the financial criminal and
commission merchants. If a financial crimi-
is now in bankruptcy. Retainers paid from stolen
nal hired registered financial intermediaries to
funds may also be recovered.
advise him, or he used them to execute trans-
147
Auditors and certified public accountants. A case by an audit report. The misstatement could be
for recovery against an auditor may arise where a the result of fraud by company management or
duty of care has been proved and the duty was from error. Determining if a duty of care is owed
breached and led to a loss to a person to whom by an auditor to a third party normally depends
the auditor owed the duty. An example is where on the circumstances, including the relationship
a lender suffers a loss by relying on a compa- between the auditor and third party and how an
ny’s financial statements indicating it was finan- audit report was produced and communicated to
cially sound and the statements are supported the third party.
Q 7-1. In a Venezuela court case for fraud against individuals and companies around the
world, documents have been obtained that would be helpful in a related proceeding in the
US in Miami. Venezuela and the US are parties to the Hague Evidence Convention on the
Taking of Evidence Abroad in Civil or Commercial Matters. No special laws exist in either
jurisdiction for the evidence sought.
To ensure these documents are properly received in evidence in the US, which two are
acceptable methods of requesting such evidence?
A. Letters rogatory through the authority designed by Venezuela or other authority

allowed by such law
B. Transmission of the discovery request to the target of discovery
C. Transmission through a private party, such as an attorney in Venezuela, if private
law so provides
D. Issuance of subpoena duces tecum and scheduling of place and time for the party to
make itself available for examination
148
CHAPTER 8
FINANCIAL
CRIME
INVESTIGATIONS
INTRODUCTION
Whether it is uncovering evidence of bribes paid to public offi-

cials or uncovering the true source of laundered funds hidden
behind layers of nominees and front companies, successful
detection and prevention of financial crime is often the result
of long and rigorous investigation. Just as all financial crimi-
nals share certain strategies to perpetrate their misdeeds and
conceal the illicit proceeds, the specialists charged with uncov-
ering their wrongdoing also share common investigative tools
and techniques.
149
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
This chapter describes some of the key methods Civil law courts are generally not bound by prec-
to investigate financial crimes and gather evi- edent and are restricted to what is contained in
dence in compliance, enforcement and regulatory the law. Judges within the civil law system are
cases. In some respects, except for a few notable usually specially trained judicial officers with a
differences such as grand juries, the procedures limited ability to interpret the law.
and tools available to financial crime specialists
in the private and public sector are similar. Con- Civil law is primarily contrasted with common
sequently, the investigative techniques presented law, which is a legal system that developed his-
here are designed to be applicable to a wide range torically in Anglo Saxon societies, especially in
of financial crime matters. England and its colonies. Common law countries
are most notably represented by the United King-
It is important to note that the legal and inves- dom—members of what was historically called the
tigative techniques in financial crime are often British Commonwealth, such as Canada, Australia,
closely related. In many cases, a financial crime New Zealand, India, Pakistan, the English-speak-
specialist will be conducting an investigation ing Caribbean islands—and the US.
as part of a legal action or in cooperation with
a legal professional. In criminal and civil cases, The US inherited and adopted this legal system
the financial crime specialist must take care to from England. Historically, civil law and com-
conduct investigations in a way that ensures their mon law differed in that common law developed
findings can be used as evidence in a legal pro- from customary practices and court decisions
ceeding. As such, understanding some of the key that established legal principles that were fol-
legal principles underpinning civil and common lowed over time by other courts and became the
law systems, as well as criminal and civil cases, is “common law” or precedent. The precedents are
a necessary starting point for a financial crime applied by courts unless legislation prohibits or
investigation, as is discussed below. modifies a common law precedent.
Over time, many jurisdictions have incorporated

CIVIL LAW AND characteristics of both systems so that mere
COMMON LAW SYSTEMS codification and adherence to written laws is no
Civil law is a legal system rooted in Roman law. longer the defining characteristic of a civil law
It is the most prevalent and oldest surviving system. Mixed systems that combine aspects
legal system in the world. Its primary feature is of both common and civil law systems may be
that laws are written into a collection, codified found in jurisdictions such as Scotland, Louisi-
and, for the most part, not determined by judges, ana, Namibia, the Philippines, Quebec, Sri Lanka,
unlike most common law systems. Mauritius, South Africa and Zimbabwe.
In a civil law country, legislation is deemed the The most notable continuing difference between
primary source of law; it determines the rights, civil law and common law is in the approach
remedies and actions available in a civil law juris- to codes and statutes, as well as in the reme-
diction. Unless there is specific legislation allow- dies and procedures available to resolve claims
ing for a particular procedure, that procedure and disputes.
is generally not available in that jurisdiction. In
civil law systems, courts and judges tend to be KEY DIFFERENCES IN CIVIL LAW AND
inquisitorial, often asking the questions that in a COMMON LAW SYSTEMS
common law system would be the province of the In civil law countries, legislation is seen as the
prosecution/plaintiff or defense counsel. primary source of law; therefore, courts base
150
their judgments on the provisions of codes and

statutes from which cases are resolved. Courts
under the civil law system have to reason on the
basis of general rules and principles in the provi-
sions of the code, sometimes drawing analogies
from other code provisions to fill in gaps in the
law or achieve coherence.
By contrast, in the common law system, case

law is the major source of guidance, providing
rules of conduct, liability, interpretation of stat-
utes, documents, actions and contracts. Courts
in common law countries are frequently asked
to apply to the facts of the case legal principles
that are derived from precedents. Common law individuals and/or organizations, in which com-
courts often fashion legal remedies that are not pensation or monetary damages may be awarded
specified in a statute. to the victim.
Legal proceedings under the two systems also This difference can be illustrated by the following
vary. Civil law courts are generally inquisito- example. A bank officer embezzles money from
rial, with the judge acting as fact-finder in the accounts under his control or supervision.
case. Civil law judges may ask the parties ques-
tions designed to see how the facts of the case Under criminal law:
square up against the requirements of the code. • The officer could be charged and prosecuted
Common law proceedings are adversarial, with a for theft as a crime defined by the legislation
prosecutor and defense attorney or plaintiff and of the jurisdiction in which the incident
defendant squaring off against each other. happens. Under most legal systems, the
accused would not be required to testify
For a financial crime specialist, recognizing the and would be entitled to a presumption
type of system that may be available or applicable of innocence. The burden of proving guilt
in a given case is important. This can help in eval- would fall upon the prosecution, which must
uating which jurisdiction may be more appropri- usually meet a standard of guilt beyond
ate to initiate or pursue claims or litigation, as “reasonable doubt.”
well as in determining the cost and effort of pur-
suing a claim, and the likelihood of success. • In most common law and some civil law
systems, the accused is entitled to a jury
to try facts and determine guilt, although
CRIMINAL LAW AND CIVIL LAW he may waive that right and be tried by
the judge only.
Criminal law is the body of law involving the state
against individuals (including corporations, legal • Upon conviction, the accused (defendant)
entities, and other organizations), in which the may be subject to imprisonment, fines and
state relies on statutory powers. suspension of certain privileges, such as
special licensing or the ability to be hired by
Civil law, in this context and not to be confused a bank in the future. In some cases, the court
with the civil law system described earlier, is may order the defendant to pay restitution
the area of law that deals with disputes between or other compensation to the financial
151
institution or the account holders as victims. pensated based on a percentage of the judgment
The court may also, where allowed, order the obtained. In a civil case, the plaintiffs do not have
forfeiture of assets identified as proceeds of the resources available to public prosecutors,
the criminal activity. and the cost of investigation and other technical
aspects of the case are either paid by the plaintiffs
In a civil case: or recovered through the proceeds of judgment.
• Aggrieved victims (as plaintiffs) would sue or

bring a legal action against the bank officer PRIVATE VS. PUBLIC
(as defendant) for restitution. INVESTIGATIONS
• In this type of proceeding, the victims need The techniques used to gather evidence vary
only establish his case by a “preponderance with the type of investigation — public or private
of evidence1” to win. — and the jurisdiction. Generally, a public investi-
• A jury trial may be available in common law gation is conducted by a grand jury, law enforce-
jurisdictions; however, in some jurisdictions, ment agency or a government regulatory body.
a unanimous verdict is not always required. Accordingly, it deploys all the powers and author-
If the plaintiff prevails, the court can order ity granted by the government for such actions.
the defendant to pay restitution and other
compensatory damages. A private investigation may be conducted by a
variety of private sector financial crime special-
If you have the choice, consider the following fac- ists who can be investigators, forensic accoun-
tors in determining whether to proceed crimi- tants or lawyers, all of whom may be
nally or civilly in a case:
Criminal prosecutions are driven by the pros- supported by investigative analysts, whom the
ecutor. Although the victims may have a say in government usually calls intelligence analysts.
the proceedings, such as providing testimony Although the government usually confers no
and offering statements in support of sentencing, investigative powers on these private sector indi-
the prosecutor has ultimate control over strat- viduals, they are armed with powerful weapons
egy and tactics in the case. The costs of criminal under the equitable powers of courts, and the
prosecutions are borne by the government, and bankruptcy and insolvency and other laws. In
the prosecutor has a wide range of resources to some instances, a private individual or firm may
use in gathering evidence in support of the case. be hired by a government agency to assist in an
In some civil law jurisdictions, a private party can investigation or file suit on its behalf.
join in a criminal proceeding; this is not the prac-
tice under common law systems. Different types of financial crime investigations
can be pursued depending on the jurisdiction and
In civil proceedings, victims have much more the facts of the case. It is important to understand
input in the conduct and course of the case. these actions to know what types of investigative
Plaintiffs select and retain the attorney to repre- approaches should be used in each situation.
sent them. However, the costs are the responsi-
bility of the plaintiffs, except in some situations
where legal counsel has undertaken the case on a
contingent fee basis. This means counsel is com-
1 Though it cannot be reduced to a formula, preponderance of evidence is generally understood to mean the level of evidence
needed to make it appear more likely than not that what a claimant seeks to prove is true.
152
INVESTIGATIVE TECHNIQUES the investigation. For example, if a source

There are countless investigative techniques that and application of funds analysis is being
can be used in financial crime cases. Often, it is prepared, then the beginning and ending
only the ingenuity of the financial crime profes- balances will be identified as part of this
sional, including the investigator, forensic accoun- computation.
tant, compliance officer, lawyer and investigative Compulsory power to obtain testimony. As
analyst, which limits the investigative approach with the power to obtain records that is shared
that may be applied in a challenging case. by public and private sector investigative teams,
they can also -- in most jurisdictions -- take the
The following lists some but not all the investi- testimony of witnesses. In certain cases, gov-
gative techniques and tools that may be used by ernment investigators and lawyers may compel
private and public financial crime investigators, testimony of witnesses even if they do not wish
along with the benefits and restrictions appli- to cooperate.
cable to each.
This testimony may explain records and transac-
Compulsory power to obtain documents. This tions, clarify relationships, identify leads, estab-
powerful tool, which is available to both private lish organizational structures, etc. Records and
and public sector investigative teams through documents do not speak for themselves and are
subpoenas, requests for production and the like, often created to mislead. Interviewing skills are
compels production of records through an agency critical, and should be honed by all members of
summons, a grand jury subpoena or a statute a public and private sector investigative team
providing these powers. It allows the investiga- in order to enhance their ability to elicit crucial
tor to follow money flows through bank accounts, facts and uncover relevant leads.
brokerage companies, asset purchases, nominee
owners, shell companies and private individu- Telephone wire interception. Public sector law
als. The discovery of one document may trigger enforcement agents and some regulators may
a domino effect in which one piece of evidence obtain court authorization, based on probable
flows directly to another lead and evidence. cause to intercept telephone conversations under
tightly restricted conditions. These recorded
The analysis of bank accounts, for instance, is a conversations can provide “smoking gun” evi-
three-step process that can lead to many other dence in some cases.
investigative angles:
1. List, group and analyze all inflows (deposits) Search warrants. Court orders are required for
of money. Follow the domino chain search warrants. There are no limits to the evi-
backwards to determine the source of dence that can be obtained by a well-drafted and
each deposit and continue tracing until the properly executed search warrant (the evidence
ultimate source of funds is identified. seized must fall within the four corners of the
warrant). The seizure may be financial informa-
2. List, group and analyze all outflows (checks tion, videotapes, transaction records, contraband
or debits) of money from the account. Follow or many other things.
the chain of the outflows until their ultimate
destination is determined. This may be the Computer seizures and evidence recovery.
purchase of multiple assets after the money This may be obtained through a search warrant
has passed through many accounts. and requires special computer forensic skills to
3. Identify the balances in the account at ensure the recovery and admissibility of the evi-
key moments, depending on the needs of dence. The investigator should always be mindful
153
of the chain of custody requirements in seizing and, finally, to a law enforcement authority in the
and safekeeping an item for presentation as evi- receiving country, to undertake the requested
dence in court. specified assistance. The assistance may include
obtaining bank records, interviewing witnesses,
Electronic surveillance. Any surveillance using executing search warrants or any other speci-
electronic equipment that invades the expected fied investigative or evidence gathering proce-
privacy of an individual usually requires a court dure. Generally, a formal mutual legal assistance
order. This could involve eavesdropping equip- request is based on a bilateral or multilateral
ment, long-range video devices, wireless inter- global or regional treaty, or a letter rogatory.
cepts, etc. In most jurisdictions and circum-
stances, a private sector investigator would not be Undercover operations. In public sector inves-
permitted to conduct these surveillances and uti- tigations, an undercover operation typically
lizing them could constitute a criminal violation. requires authorization and official approval
before it can be started. The undercover opera-
Bi-national and International Mutual Legal tion may continue for the period of time that is
Assistance Treaties (MLAT) and less formal authorized. Undercover operations conducted by
mutual assistance. Mutual legal assistance is the the private sector must be mindful of the risk of
process of requesting or providing evidence and violating privacy laws.
information from one country to another for use
in a criminal investigation. The request can be Physical surveillance. Both public and private
formal or informal. A formal request may origi- investigators can engage in surveillance with
nate in an investigative agency in the requesting restrictions and advantages for each. This can
country but must follow the procedures that the include examples such as tailing an investigative
requesting country specifies. Usually an inter- subject or his associates, or staking out a loca-
national request for assistance is transmitted tion to track the movements of a target. Sur-
through the country’s designated “National Cen- veillance can help locate assets (bank accounts,
tral Authority,” which is the name of a nation’s real property, brokerage accounts, boats, cars,
office that coordinates international law enforce- etc.) and criminal associates, and identify pat-
ment assistance with and through Interpol. In the terns of activity and establish probable cause for
US, the National Central Authority is located in search warrants.
the US Department of Justice. The National Cen-
tral Authority, or Bureau as it is called in the US, Another investigative tool is garbage pickups.
also often serves as the intermediary between a Properly conducted, garbage pickups can provide
nation’s law enforcement agencies and Interpol in considerable evidence and lead to hidden assets,
Lyon, France. fronts and associates. Law enforcement agen-
cies must ensure that information obtained from
Requests for assistance may also be required to both surveillance and garbage pickups is legally
be transmitted through diplomatic channels to admissible and that the process of obtaining the
the central authority of the “receiving country”
MLATs are a key tool for law

enforcement in cross-border
investigations
154
information was proper in the jurisdiction where police actions, or national Financial Intelligence
the garbage pickup occurred. Units (FIUs) of the Egmont Group.
Private sector investigators should also be on For example, the US FIU is the Financial Crimes
firm ground concerning the legal requirements of Enforcement Network (FinCEN) Canada’s is Fin-
these types of investigative techniques to avoid trac. FIUs generally collect, collate and analyze
trespassing or other violations. substantial amounts of financial information,
much of which is derived from reporting forms
Informants. Government agency investigations that the financial and business communities of
have strict guidelines for the use of informants, a nation are required to submit, including suspi-
while the private sector has few or no restrictions. cious activity reports.
Informants usually request anonymity, which
may make their information inadmissible but still Information obtained from these sources may
a source of excellent leads and intelligence. Man- serve as evidence or extremely valuable intelli-
datory disclosure to the defense in some jurisdic- gence and leads. In most cases, the information
tions may complicate the use of informants and obtained by FIUs, particularly suspicious activ-
create evidentiary and security problems. Similar ity reports, is not available to the private sector
problems rarely exist for the private sector. The directly from the FIU, but may often be subpoe-
risks and benefits of using information derived naed or obtained by other legal process from
from informants must be carefully weighed by the opposing party that filed a form. The private
both sectors. sector also does not have access to the records
and assistance provided by Interpol, whose head-
Recording conversations with one party con- quarters is in Lyon, France.
senting. Public sector investigators can obtain
authorization, often required from a court, before Civil society information. Numerous private
recording conversations where one side consents. sector organizations that serve as watchdogs,
This is a significant tool in obtaining evidence such as Transparency International, Open Soci-
and is similar to a telephone intercept except that ety Justice Initiative, Sherpa and Global Integrity,
the level of probable cause required to be shown employ investigators, forensic accountants and
is generally less stringent. In some, but not all, attorneys to gather evidence and intelligence
states in the US, a private sector asset recovery against corrupt leaders and politicians. Occa-
team member may record a conversation, either sionally, they use this information in lawsuits to
on the phone or in non-electronic circumstances, recover assets for the victims of corrupt regimes.
when one party to the conversation consents. Other times, the information is used for publica-
Some jurisdictions allow this activity by non-gov- tions and offered to law enforcement and private
ernment entities, while others, such as Florida, sector investigators to help bring corrupt offi-
make it a criminal violation. Careful research cials to justice. This intelligence can be extremely
of the law in the jurisdiction where operating is valuable to private and public investigators. The
essential in these situations. private sector and law enforcement can use the
information as intelligence and leads to assets.
Informal international assistance. There are Creating working relationships with these groups
many routes of productive informal, non-treaty, is often very productive.
international assistance that are available to pri-
vate and public asset recovery team members.
Examples of informal MLA requests include the
use of Interpol, embassy contacts, police-to-
155
A financial crime investigator will benefit from

knowledge in search engine optimization and
effective searching. The exact same keyword
search in multiple search engines will gener-
ate different results and rankings. Each search
engine uses metadata differently and will often
rank content differently when delivering the
results of an online search. As an investigation
continues, one should develop a list of search
engine keywords for investigations. The list could
include multiple aliases of a subject and names of
shell corporations.
OPEN-SOURCE INTELLIGENCE The search engine industry has shifted from pro-
viding purely text content results to include other
Open-source intelligence (OSINT) is informa- results in searches, such as videos and photos.
tion that is publicly available and accessible; yet These results are known as Blended or Univer-
OSINT, although publicly available, is not neces- sal Search Results and they are useful to finan-
sarily free or easily discoverable. OSINT gathering cial crime investigators, as following a result on
will play a powerful role in most investigations. It a seemingly irrelevant photo may link one to a
contributes to the foundation and justification for more useful content page. Effective searching
more intrusive evidence and information collec- investigation should include visually scanning and
tion methods. checking images and video. Also, when checking
a page source, one should scan for comments that
OSINT does not require a court order to obtain. are related to a video or image.
The collection techniques used for OSINT are
not intrusive. SOCIAL MEDIA, BLOGS AND
MICROBLOGGING
There are several types of OSINT sources:
Social media sources can be extremely helpful in
• Online Searching and Web Content a financial crime investigation. A photo, a com-
• Social Media, Blogs and Microblogging ment or a tweet may be enough to establish a
timeline or location of someone that may be of
• Media Outlets and News Sources interest. Social media is also an excellent source
• Geospatial Open-Source of investigative information from people who may
• Public Records be observing and documenting fraudulent activ-
ity for distinct motives or a sense of duty.
• Professional Conferences and Live Events
• Observation and Reporting Social media includes sites such as Facebook,
LinkedIn and LiveJournal. Online profiles have
ONLINE SEARCHING AND WEB CONTENT varying levels of security, but even a search that
A growing and easily accessible source of OSINT generates a main social media page can show
is Internet searching through search engines. some contacts for further searching; people are
These are among the best known and frequently not always selective about “friending” or “con-
used online tools worldwide, and include sites necting.” Dating sites (eHarmony, POF, etc.)
such as Google, Bing and Yahoo. often have online discussion boards that are
156
open and searchable with or without an online logging and social media platforms can be useful
dating account. sources of real-time information about a subject.
In more than one case, photos and other infor-
“Microblogging” platforms are sites where users mation posted to social media sites have helped
share and contribute short messages or photo to track and locate suspected financial criminals.
and video content, such as Twitter, Tumblr, Face-
book, Instagram and Pinterest. Microblogging MEDIA OUTLETS AND NEWS SOURCES
can be a powerful and extremely fast way to The media are powerful sources of open-source
move a message. Content is typically generated information. A financial crime specialist will want
and buried quickly, and microblogging platforms to research beyond the media releases that are
have tools to comment (or “like”), and share and freely available from search engine results. Media
spread it. Depending on the audience, messages includes newspapers, journals and other publica-
can be transmitted in extreme short-hand or tions, and radio and television broadcasts. Some
particular style than is difficult to parse if you of the major online newspapers require online
are not the intended audience. Since users often subscriptions to access their material, which
update them once or many times a day, microb- may require a fee but will be more effective than
PRACTICAL EXAMPLE: FINDING MARY

Commercial record databases have evolved to • Names of relatives
where almost all public information is availa- • A possible date of birth
ble online. Hundreds of websites now provide
access to this information, some at no cost and • Street level photos from all angles of the
others for a nominal fee. To test the ease of front of her house
acquiring this information, a person with aver- • Photos of her with her grandchild
age search engine capabilities was asked to • A corporation of which Mary was an officer
locate a person and find as much information
as possible in 30 minutes. The person was pro- • The corporation’s annual filing reports
vided with a name, an approximate age, and
three possible cities of residence. We will call This was the tip of the iceberg. If the researcher
the person Mary. had invested $9.95, the discovered information
would have quadrupled.
Within the allotted time, the following infor-
mation was found on the Internet at no charge: The advent of social media, such as Facebook,
LinkedIn, MySpace and others, has put invalu-
• Mary’s current and previous able personal information at every financial
two addresses crime specialist’s fingertips. Today, people
• The current value of her house post almost everything online, including infor-
mation about friends, travel, assets or even
• A map of the house including aerial views their bank. Postings on Facebook, Twitter and
• The names of her neighbors other social media exchanges range from daily
• Her telephone number activities to personal pictures, making them
crucial resources for investigations.
157
months. Real estate ownership in the US is reg-

istered at the county seat where the property is
located, and each county would need to be vis-
ited and the property records manually searched
through mountains of handwritten logs. Today
this same search, for the entire US, can be con-
ducted in minutes from the desktop computer
of an investigative analyst, investigator, forensic
accountant or other financial crime specialist.
Here is a sampling of the information that can be

easily found through a simple Internet search:
searching a stack of newspapers. Online publica- • Locations of people

tions also often allow user comments, which can • Telephone numbers
lead to further resources.
» Reverse phone number lookups
Radio and television broadcasts may end up, • Marriage records
legally or not, posted to other social networking • Divorce records
sites. Most of the main US broadcasting compa-
nies maintain some of their content online for • Birth records
search or upon request. Access to the full con- • Death records
tent may require a subscription or fee and a good • Corporation records
Internet connection for streaming large files.
» Officers, directors and registered agents
GEOSPATIAL OPEN-SOURCE » Address and type of business
Geospatial information is the equivalent of a vir- » Annual reports
tual globe, such as GoogleMaps or Google Earth. • Fictitious name (“doing business as” or “DBA”)
These tools display advanced information and company records for sole proprietorships
update their content frequently. and partnerships
While the data will not be real-time, users may • Criminal history records
also create custom maps to update places of • Court records
interest and obtain other information. This can • Names and salaries of government and
aid in tracking a subject’s activities by potentially corporate employees
revealing details of his or her current location
and helping an investigator review locations and • Business and other government-required
confirm addresses. Tools such as Google Maps licenses (liquor, building permits, etc.)
allow an investigator to get a good view of a loca- • Public records by state
tion, which can be very useful. • Real estate records
• Adoption records
CONDUCTING AN INTERNET AND • Universal Commercial Code (UCC) filings
PUBLIC RECORD DATA SEARCH
A simple example, from a commercial database
Not long ago, checking the real property owner-
and a social media posting, can demonstrate the
ship of an investigative subject might have taken
158
power of these investigative inquires in financial in an expensive coastal area. The husband is a
crime investigations. public official earning a mid-range salary and is
suspected of taking bribes or kickbacks. A for-
Example 1: An informant says the subject of an mer friend of the wife disclosed the Facebook
investigation was divorced two years ago, but posting. A commercial database search reveals
the location is unknown. A commercial database no property owned by the public official in the
search reveals the county and state of the divorce. coastal town.
A further inquiry discloses that there was a prop-
erty settlement agreement. A copy of this agree- A subsequent Facebook posting by the wife states
ment, obtained online for a fee, reveals two bank that she is looking forward to a trip to their new
accounts and a Mercedes-Benz vehicle, traced to vacation home this weekend. A surveillance of the
a dealership. Contact with the Mercedes-Benz wife and husband Friday evening leads investi-
dealership reveals a financial statement that dis- gators to the property. County records indicate
closes additional bank accounts and property. A the vacation home is in the name of a shell cor-
simple Internet search uncovered more than $1 poration. Numerous investigative leads will follow
million in assets. from here, including the tracing of money used to
purchase the property.
It should be noted that bank accounts are usually
found by tracing financial transactions and fol- Meaningful OSINT collection requires creativ-
lowing each lead. There is no Internet or govern- ity, time and monitoring of trends in online tools.
ment database of bank accounts. A financial crime specialist also needs a deep
understanding of the industry or individual they
Example 2: The wife of the subject of a financial are researching to conduct productive searches.
crime investigation has just posted on Facebook
that she is very happy with the new penthouse
vacation home that her husband has purchased INTERVIEWING TECHNIQUES
Few skills are as important to the success of a
financial crime investigation as the command of
interviewing techniques. Understanding the dif-
ferent types of these techniques and their pros
and cons is essential to the success of the inter-
view, especially in financial crime cases.
INTERVIEW VS. INTERROGATION

To appreciate the art of interviewing and, in
particular, financial interviewing, it is import-
ant to know the difference between interview-
ing and interrogating. The main difference is in
the objective.
FIGURE 1 – A Sign Outside the Panama City
Headquarters of Mossack Fonseca, the Law Firm
Whose Records Were Leaked in the “Panama Papers.” In an interrogation, the investigator has a sin-
One of the Largest Data Leaks of All Time, the Panama gle objective: To learn if the suspect commit-
Papers are Publicly Available Online, and Have Led Law ted the crime or is responsible for another thing
Enforcement Agencies Around the World to Launch the investigator is seeking to prove or disprove.
Corruption and Tax Evasion Investigations. If not, who did it? The investigator is looking for
confessions and admissions, asking simple and
159
direct questions and expecting simple and direct be authenticated and the chain of custody
answers. The questioning is accusatory in nature. established. Any lead documents need to
be followed up, and certified copies must
In an interview, particularly a financial interview, be obtained. It is important to understand
the investigator attempts to develop a rapport the motivation of third-party witnesses,
with the witness and looks for detailed answers. and one must ensure that facts are not
Financial interviewing involves systematically selectively provided.
questioning individuals with knowledge of the • Interview of parties who are represented
events, the people involved and the physical and and not represented by lawyers. In planning
intangible evidence: to interview witnesses, cooperating
individuals and subjects, it is important to
• Subject interview (custodial or non- understand and respect the attorney-client
custodial). Custodial interviews by a relationship. Represented parties should
government investigator often require the not be contacted directly, but only through
obligation to provide warnings about the their attorneys, depending on the laws
right to counsel. It is critical to document of the jurisdiction. Failure to identify and
the recitation of required warnings in the acknowledge legal representation can prove
country where the interview was conducted devastating to one’s investigation and the
and to remain aware of perceptions admissibility of evidence.
regarding implied custody. The subject must
also understand his ability to walk away, if
any. In conducting a non-custodial interview, AFFIDAVITS
it is important to consider and prepare for An affidavit is a written statement of the witness’
the likelihood of obtaining incriminating testimony, made under oath by the witness. It is
statements. Consider protections, an effective tool for locking down testimony of
perceptions of custody and other factors in potentially hostile or unreliable witnesses.
charting your course of action.
• Interview of cooperating witness. Keep in mind the following:
Cooperating persons can provide intimate
• The affidavit must be voluntary.
details about the actions, comments, records
and assets of a subject. It is important to • Attester must give oath before a person
maintain transparency in negotiations having authority to administer the oath.
with a cooperating witness to prevent the • The affidavit is usually prepared by the
perception of a quid pro quo arrangement – interviewer, but may be prepared by the
i.e., “tell me what I want to hear and I’ll give witness, providing it addresses all of the
you what you want or need.” Informants are necessary issues.
apt to manipulate facts and circumstances
• It may be constructed contemporaneously
to fit a current need. All statements
at the time of the interview or prepared later
by cooperating individuals must be
from the interview notes.
corroborated.
• The person signing the affidavit must
• Interview of non-cooperating witness.
sign each page and initial any changes or
Other third-party witnesses can provide
corrections.
information, leads and documents. Properly
document all witness contacts and • The affidavit must be signed by the person
statements. Any documents received must taking the oath and (preferably) a witness.
160
RECORDED TESTIMONY according to the rules of evidence and is admis-

Recorded testimony may be obtained through sible in court. The rules of evidence governing
depositions or question-and-answer (Q&A) ses- admissibility vary from country to country.
sions. A deposition is testimony taken by coun-
sel before trial in which the “deponent” answers Intelligence takes several forms and comes from
questions under oath. The deposition is often a variety of sources:
undertaken under court order (subpoena) and • Human intelligence, such as undercover
recorded by a stenographer or mechanical operatives, confidential informants and
recording device, or both. A lawyer, or sometimes eyewitnesses
an investigator, poses questions to the depo-
nent or witness. • Open-source intelligence, such as the
Internet, radio and television broadcasts, and
Remember that the following: publications
• Signals intelligence, which includes
• Obtaining recorded testimony usually electronic eavesdropping
requires the consent of the witness. Consent
must be obtained before the recording device Evidence must be relevant and bear some rela-
is turned on and should be obtained again as tionship to the matter being litigated. It must be
part of the recorded proceedings. material and directly or circumstantially prove
• Although this is an effective technique or disprove some part of the matter being liti-
for locking down testimony of hostile or gated. It must be competent and meet legal rules
uncooperative witnesses, copies of the of admissibility.
original recording are discoverable in many
jurisdictions. The interviewer’s demeanor, Examples of evidence include the following:
recorded comments and method of eliciting
information are also recorded and subject to • Commercial records obtained by a subpoena
attack by the opposing side in the case. and introduced by the records custodian
of a company
• The taping should not be shut off once the
session begins. Any interruptions to the • The statements of a defendant, knowing
recording should be explained before the his right to counsel, made freely to a law
recorder is stopped (why) and after it is enforcement agent
resumed (what was discussed). • Facts observed by law enforcement during a
• In most jurisdictions, the non-consensual legal surveillance, except hearsay
recording of a party to a live or telephone • Official government records legally
conversation is illegal without a court order. submitted by the agency
• Testimony of a witness at trial (Note: An
affidavit or other written witness statement
INTELLIGENCE VS. EVIDENCE taken during the investigation is generally
The key difference between intelligence and not admissible by itself at trial)
evidence is admissibility in court. Intelligence
is information that is not generally admissible Examples of intelligence and inadmissi-
because it does not prove a relevant fact. Gen- ble evidence:
erally, its source or the manner in which it was
Example 1: An investigator obtains a non-consen-
collected may not be revealed. Evidence is infor-
sual recorded telephone conversation of a target
mation that meets the standards of reliability
discussing his foreign bank accounts. The inter-
161
cept was conducted without a court order. The diction. Some jurisdictions require that counsel
information is both relevant and material to the for both sides be present during the questioning.
matter now being tried; however, because of the Others require the testimony to be taken before a
way it was obtained, it is not admissible. In most judge. One should learn what the rules are before
circumstances, any legally obtained information undertaking evidence- gathering.
received as a direct result of the illegal intercept
often would not be admissible in court proceed- Special investigative techniques. In government
ings either, under the so-called exclusionary rule2. cases, it is very important to know how evidence
will be obtained in the requested country if “spe-
Example 2: A news article reports that the alleged cial investigative techniques” will be involved. The
ringleader of a fraud scheme has a shell corpo- jurisdiction that is gathering the evidence may
ration in Panama. This is good intelligence, but have a lower standard of probable cause to obtain
is not considered admissible as evidence unless authorization for the use of invasive procedures,
introduced by someone who has direct knowl- such as wiretaps, search warrants and electronic
edge of the account. surveillance. This may cause the evidence to be
ruled inadmissible when it is introduced in court
in the jurisdiction of the requesting country.
FINANCIAL CRIME INVESTIGATIONS
ACROSS INTERNATIONAL BORDERS Dual criminality. In a government financial
Instances of large-scale corruption, money laun- crime case, where the assistance of a foreign
dering, fraud and asset recovery often require nation is requested, it is important to know if the
assistance from other nations and jurisdictions, requested nation requires that the offense being
which may have different laws on collection of investigated qualify as an offense in both juris-
evidence, taking of testimony, investigative pro- dictions before assistance will be rendered.
cedures and the level of cooperation afforded to
other countries. For example, most countries criminalize income
tax evasion, but Switzerland does not. If a mutual
When seeking foreign assistance in a government legal assistance request is sent to Switzerland for
or public-sector case, or when a private sector evidence to be gathered in support of a criminal
financial crime team seeks to obtain records in income tax investigation, it will be denied.
another country, it is important to understand
the procedures that must be followed to obtain One should keep the following considerations in
the required evidence. The following issues may mind when considering sending a request to a
affect the admissibility of the evidence that is foreign nation for assistance:
obtained in that fashion. • What does one need to ensure that the
information gathered in the foreign country
Testimony of witnesses. If the goal is to use tes- will be admissible as evidence when it is
timony as evidence and the witness will not be transmitted?
available to attend the proceedings in the home
country, it is important to ensure that correct • What are the legal and statutory
procedures are followed during the interview of requirements of the foreign country? For
the witness to preserve the evidence for later use example, if one is attempting civil asset
in trial. It is necessary to understand the proce- forfeiture (non-conviction based) and wants
dures that the court will require to admit the tes- assets frozen in a foreign jurisdiction, does
timony of a witness questioned in a foreign juris-
2 This is often referred to as “fruit from the poison tree.”
162
that country have laws that allow non- the Federal Bureau of Investigation, whose rep-
conviction-based seizures and forfeitures? resentatives in foreign embassies are called Legal
• Is one legally compelled to inform the Attachés or “Legats.”
subject of the investigation of the assistance
being requested in the foreign country? For
example, obtaining testimony of witnesses
TAX AND SECRECY HAVENS
that the opposing side may not be able to Although we covered these extensively in the Tax
interview may result in the statements being Evasion and Enforcement Chapter, we will briefly
deemed inadmissible. mention them here. Because of their obvious ben-
efits, tax and secrecy haven countries are favored
• Will the subject of the investigation be
locations of tax evaders, fraudsters and other
notified of the requested assistance by
financial criminals to hide unreported income
the foreign authorities? Some countries
and criminally derived proceeds.
require the holder of a bank account to be
notified prior to the disclosure of records to
Secrecy havens are nations, or jurisdictions
the government.
within nations, that typically have the following
• What level of probable cause is required to characteristics:
authorize certain enforcement actions or
investigative techniques, such as searches • Few or no taxes
and seizures? • Lack of effective exchange of tax information
with foreign tax authorities
The best way to answer these questions is to con-
• Lack of transparency in the operation of
tact the proper authorities in the foreign country
legislative, legal or administrative provisions
prior to sending a formal request for assistance.
Another source of helpful information may be the • No requirement for a substantive
appropriate legal or other attachés in the embas- local presence
sies of one’s country. Requestors should always • Self-promotion as an offshore financial center
follow their agency’s internal rules and proce-
dures in making contact with foreign authorities. In recent years, many regions or countries that
Often, a phone call to the appropriate person in historically had reputations as secrecy havens,
the foreign jurisdiction, or to one’s embassies such as the Cayman Islands and Switzerland, have
overseas, will provide answers to these questions, taken steps to reform their financial systems and
save time and ensure that the evidence is admis- introduce greater transparency. But new havens
sible at trial. have opened their doors, and some in unexpected
locations, like the US states of Delaware and
One should always keep in mind the resources Nevada. It is often very difficult to obtain useful
of one’s embassies throughout the world and the information on beneficial owners, accounts, legal
embassies of foreign nations in your country’s entities or companies in these secrecy havens.
capital city. The US, for example, has embassies
or missions in more than 150 countries, and, in This difficulty may arise because the jurisdiction
Washington, DC, more than 150 countries have restricts what information can be provided in
embassies or missions in Washington, DC. All investigations, or because accurate information
these embassies have officers or attachés that are on account or business ownership is not collected
capable of answering pertinent questions. In all in the first place. Delaware, for example, does not
US embassies, for example, there are represen- require any information on the true owners of a
tatives of federal investigative agencies, such as corporation to be provided at time of incorpora-
163
US SECRECY HAVENS
In recent years, national governments of many ficial owners at the time of company formation.
nations, as well as international bodies such as Likewise, no information on the true owners of
the FATF, have highlighted the need for cor- companies is available from Delaware’s corpo-
porate transparency to help combat money rate registry. Delaware corporations that do not
laundering and tax evasion. Although the US actually do business in the state of Delaware
has participated in these calls for transpar- do not need to file annual income tax reports
ency, critics have justifiably highlighted the or company financial statements, allowing the
fact that the country plays host to its own company’s financial records to remain private.
secrecy havens, in the form of states with very The state also allows for company formation
lax incorporation laws. agents to conduct incorporation, and for the
company to be held in the name of nominee
Four US states in particular, Delaware, Nevada, directors and shareholders.
Oregon and Wyoming, have emerged as popu-
lar locations to form shell companies because Despite the increasing attention and public
of the almost complete anonymity in the com- outcry over the role of US states like Delaware
pany formation process. Delaware is most as secrecy havens, to date these states have
notable because it offers very low taxes and resisted calls for increased transparency and
minimal requirements for maintaining a com- stricter customer identification procedures. It
pany after it is formed. should be noted that the vast majority of com-
panies incorporated in Delaware and the other
Most importantly, Delaware, along with several states highlighted are entirely legitimate.
other states, collects no information on bene-
tion, leading investigators to dead ends when they • Open-source intelligence

pursue a source to a shell corporation formed in • Financial documents
that state. More information on secrecy havens
is provided in the Tax Evasion and Enforcement • Other related documents
chapter of this Manual. • Employee interviews
• Whistleblowers or anonymous tips
INFORMATION SOURCES FOR A • Physical property and assets search
FINANCIAL CRIME INVESTIGATION • Information on company structure, directors
Once a financial crime investigation begins, a and ownership
financial crime specialist should start with the
least intrusive methods possible and conduct lim- COOPERATING DEFENDANTS
ited initial interviews and discussions with people Cooperating persons are usually prompted by
least close to the suspected financial crime. This similar motivations as informants. They may
will strengthen the information in hand before be seeking to avoid prosecution, or seeking a
talking to the person or persons directly impli- lenient sentence after conviction. They are look-
cated in the financial crime. Information sources ing to “cut a deal” or gain favor in exchange for
that are available include the following: information or testimony. They can provide valu-
able information on financial transactions and
164
movements of targets and their accomplices. EMPLOYEE INTERVIEWS

They may also identify co-conspirators and law- When planning employee interviews, one should
yers, accountants and other “gatekeepers” who start with the employees furthest removed from
assisted in purchasing, moving and hiding funds the potential financial crime but who are still able
and other assets. They can also identify the ori- to provide helpful background information or
gin and true ownership of assets derived from potential leads.
financial crime. They may also be able to inter-
pret books and records. A private company may have its own regulations
concerning employee cooperation in an internal
FINANCIAL DOCUMENTS investigation, but it may not conflict with national
Financial documents are not limited to finan- or local law. Private company regulations may
cial statements but can include other financial include termination for not cooperating during a
records, such as receipts, checks and checkbook financial crime investigation.
ledger and bank records. Financial documents
provided or made available by an entity normally EMPLOYER-PROVIDED MATERIALS
require no court order. Many financial documents, If the cooperating entity in an investigation is an
such as an employee’s personal bank statements, employer, it can usually provide employee e-mails,
require a court order if the employee is not willing phone logs and computer usage without employee
to provide them voluntarily. A selection of some of permission and knowledge. The e-mail server log
the most important and common financial docu- can be useful to show outgoing attachments from
ments will be covered in detail later in the next an employee’s e-mail and their file sizes.
chapter, Interpreting Financial Documents.
The materials that may be disclosed in investi-
RELATED DOCUMENTS gations may depend on the laws and regulations
Important information about the culture of a of the jurisdiction where the investigation takes
business entity, including the financial condition place, as well as the terms of the employment
and direction or pressure from management, may contract. Investigators should consult legal coun-
be learned from documents that are not neces- sel if there is a question whether it is legal and
sarily of a financial nature. A financial crime spe- advisable to obtain and use employee records
cialist should ask to see an ethics statement for without consent.
the company, as well as human resources policies
and employee contracts. If these documents do
not exist, ask why. LEGAL CONSIDERATIONS
A financial crime specialist should know the legal
Another useful document might be the internal process and laws of his or her jurisdiction before
bulletin that gives a sense of the management and during the investigation. Even if the investi-
tone and style. If the company is publicly traded gation is not part of a legal action, it must be doc-
and has to file with the appropriate regulator, one umented properly. Documentation should be pre-
should review not only the financial documents served due to the possibility of a legal proceeding.
that were filed, but also the auditor’s report and
other written statements and footnotes associ- An initial investigation may develop into a crim-
ated with the financial filings and annual reports. inal investigation if it is discovered that criminal
activity has taken place or is in progress. Law
165
enforcement involvement may make it easier to Law enforcement agents, usually through a pros-
obtain some evidence, such as personal finan- ecutor, can request search warrants from a judge,
cial documents, for review. These legal requests who may issue them with specific rules for seiz-
typically go through the court. Evidence seized ing and searching the evidence. A search warrant
pursuant to a court order must be obtained specifies the time, place and items that can be
within the scope of the court order if it is to be searched. Failure to follow the terms of the search
used at trial. warrant may render the evidence useless in trial.
Exhaustive open-source intelligence (OSINT) For a judge to approve a search warrant request,
work and client cooperation can lay the founda- he or she must be shown probable cause that a
tion of an investigation if criminal activity has suspect has participated in the criminal activity
not yet been determined. Overt, open and non- or committed a crime.
intrusive evidence gathering will help determine
if an investigation needs to be escalated to a legal SUBPOENA
action. This will also strengthen the case made The subpoena is the legal tool most commonly
to a judge in requesting a court order for more used to obtain information. It is a legally enforce-
intrusive investigation. able command for a specified person or entity to
produce records or things at a specified place at
COURT ORDERS a specified time, either with or without accompa-
If a financial crime specialist has been retained nying testimony. A subpoena may be issued by a
by an employer to conduct an investigation, he or clerk of court in connection with a legal proceed-
she will probably have substantial access to files ing; an attorney in connection with many national
and physical property, including the employee’s and state court proceedings; and, in some cases,
computer, electronic data and phone records. by law enforcement officials and administrative
agencies in connection with their investigations
A private sector financial crime specialist may and proceedings.
also be engaged after a law enforcement agency
has begun an investigation. Evidence may have During a criminal investigation in many coun-
already been seized and removed from the ini- tries, a grand jury reviews the evidence and
tial placement location before the private sector decides if the case will go to trial. Further evi-
financial crime specialist ever comes on the scene. dence may be requested on behalf of the court
through subpoenas.
Regardless of the sequence of events, if an inves-
tigator needs a court order to preserve, obtain, There is considerable variation in the subpoena
search and protect information, he or she will process from country to country and even within
likely need the support of the court and law states and jurisdictions of certain countries. Gen-
enforcement agents to get it. Legal counsel should erally, a subpoena is a blank document issued by
be consulted once criminal activity in the matter the court clerk to be filled out by an attorney and
has been established. then served by law enforcement agents.
SEARCH WARRANT Individuals or entities that fail to comply with a

As an investigation grows, a financial crime spe- subpoena may be held in contempt of court, which
cialist may need access to property and doc- may include monetary penalties or jail depend-
uments to which a person has a reasonable ing on the jurisdiction. Individuals or entities are
expectation of privacy and is not willing to grant subject to the terms of the subpoena unless they
permission to access them. can prove that they do not have to comply with it.
166
The subpoena process is not necessarily as fast as Some electronic data, by nature, is overwritten
that of the search warrant. A search warrant for quickly while some persists until a decision is
public sector agencies may be preferable if infor- made to overwrite it. It is important to under-
mation must be seized immediately. stand what evidence can be overwritten, and
take the appropriate steps to preserve it until a
PRESERVATION ORDERS (LITIGATION cyber-investigation is conducted.
HOLD, HOLD ORDERS)
Once important electronic material has been
A financial crime specialist conducting an inves-
located, it may be wise to seek a “protective”
tigation may find he or she needs to protect elec-
order to prevent a party from accessing, destroy-
tronic data from being deleted, altered or oth-
ing, overwriting or modifying it. “Litigation holds”
erwise “spoliated.” Due to the ephemeral nature
may also be imposed internally by companies that
of electronic data, which can be easily erased or
reasonably anticipate litigation or by an attorney
overwritten intentionally or accidentally, cap-
working for an adversary. They are mechanisms
turing and preserving such evidence can pose a
to preserve data while the legal issue is addressed
real challenge.
and resolved.
167
CHAPTER 9
INTERPRETING
FINANCIAL
DOCUMENTS
A financial crime specialist needs to interpret and handle finan-

cial documents as if they will be used in a legal case. During the
investigation, it may be hard to know what will be relevant, so
you must treat all documents as relevant evidence. This includes
maintaining the proper chain of custody and documentation.
A financial crime specialist should have working knowledge of

the industry related to the financial records he or she is exam-
ining, or consult an expert that does. Knowing the industry will
make persons more effective in recognizing the red flags in
the documents.
168
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
FINANCIAL CRIME VERSUS ERROR ness partners, vendors and financial institutions
One primary factor that distinguishes fraud about loans by representing an inaccurate finan-
from error is whether the underlying action that cial picture.
results in the misstatement of the financial state-
ments is intentional or unintentional.
Consider the overall accounting environment

when reviewing financial statements for red
flags of financial crime. A financial crime spe- INTERNATIONAL FINANCIAL
cialist should review for the proper applica- REPORTING STANDARDS (IFRS)
tion of accounting principles and for changes in The International Financial Reporting
accounting estimates or accounting principles. Standards (IFRS) are a uniform, inter-
Although they will not be reviewed in detail here, national language for accounting and
the financial crime specialist should have at least recording business transactions. They
an introductory knowledge of “generally accepted are designed to allow company accounts
accounting principles,” or GAAP, in the jurisdic- to be understood and compared across
tion in which the entity under review operates. international boundaries. The IFRS have
There is no current internationally used system been developed in response to increas-
of accounting principles, although many nations ing globalization and international trade,
have adopted the International Financial Report- and they are particularly significant for
ing Standards. companies with a multinational presence.
While their adoption has been gradual in
When looking for red flags, the culture of the many jurisdictions, they are progressively
entity under review is an important guide and replacing the many different national
possible source of information. Observation of accounting standards, such as “gener-
the tone of the company and the division of duties ally accepted accounting principles,” or
provide important background information as GAAP, in the US. The rules are to be fol-
financial documents are collected and analyzed. lowed by accountants to maintain books
of accounts which are comparable, under-
Financial reporting fraud may include standable, reliable and relevant to review-
the following: ers internally or externally.
• Manipulation
IFRS began in the European Union as a
• Misrepresentation way to create an EU-wide accounting
• Misapplication standard. However, the value of harmoni-
zation quickly made the concept attrac-
Financial reporting fraud can also be a result of tive around the world. They are some-
“earnings management,” as opposed to a larger times still called by the original name of
criminal conspiracy. Regardless of the reasoning International Accounting Standards (IAS).
behind the financial reporting fraud, there can be The development and implementation of
significant implications to investors that rely on the IFRS is led by the international orga-
this information, as well as the employees, and nization the Board of the International
the overall financial health of the entity. Fraud- Accounting Standards Committee (IASC).
ulent financial reporting can also mislead busi-
169
UNDERSTANDING AND USING their origins, forms and destinations, as well as

FINANCIAL STATEMENTS the related source documents.
From a business and investment standpoint,
financial statements offer a view of a company’s TYPES OF FINANCIAL STATEMENTS
performance and financial health for a particular
period of time. For the financial crime investiga- The ability to understand bank and other finan-
tor, financial statements should be viewed as a cial records is a critical skill in financial crime
source of leads to do the following: and asset recovery work. Banks and other finan-
cial institutions keep various types of records,
• Specific financial transactions that could file various forms with government agencies, and
form the basis of violations of criminal undertake various services for customers. These
and civil law practices generate information and records that
• Civil and criminal recovery or may prove invaluable to financial crime mat-
forfeiture of assets ters. Similarly, forensic accountants and finan-
cial crime investigators use and analyze financial
• Civil torts committed against a specific records to identify witnesses, leads, evidence and
party or parties assets. They also use financial records as evidence.
In short, the financial crime investigator’s job is

to discover the story behind the numbers. INCOME STATEMENT OR STATEMENT
OF EARNINGS (PROFIT AND LOSS)
The type of financial crime or wrongdoing must
be taken into account when analyzing financial An organization’s profit and loss (P&L) statement3
statements. If the alleged criminal act is the laun- is a calculation and display of its financial per-
dering of criminal proceeds through a company, formance for a specified time period, usually a
the financial crime investigator will be look- specific year. It is important to note that a P&L
ing for an infusion of money into the company’s statement always represents a period of time (as
bank accounts through new sources, or spikes in opposed to a balance sheet, which represents a
the following: single moment in time).
• Revenues Revenue sources and amounts are listed, often in

• Loans from officers or third parties general terms. Depending on the type of business,
the “Cost of Goods Sold” (COGS) will be deducted
• Inclusions of assets with no corresponding to arrive at gross profit. Expenses, again probably
outflow of funds in general terms, will be deducted to arrive at net
profit from business operations. In its most basic
Properly kept books and records should provide sense, a P&L statement is just a statement of rev-
the financial crime specialist with an audit trail enue minus expenses to determine profit.
to the persons responsible for the entries in the
books and records. They will also lead to the As a financial crime investigator, a quick analy-
persons responsible for the classification of the sis of the profit and loss statement can serve as
entries and those responsible for the activity. The a pointer system to get you started in where to
financial crime specialist must follow the funds begin the analysis of the organization’s books and
through the books and records and document records. It is often instructive to compare “P&Ls”
3 It is generally known as an income statement in the US, or profit and loss account in the UK. It can also be referred to as
a profit and loss statement (P&L), revenue statement, statement of financial performance, earnings statement, operating
statement, or statement of operations. We will refer to it as a P&L Statement in this manual.
170
over several periods to look for unusual fluctua- • The top section will show revenue and cost
tions. Following are some questions that financial of sales4, and the result of the revenue minus
crime investigators should ask: the cost of sales which is the ‘Gross Profit.’
• The next section will show all expenses
• Are there any sources of income that appear and derive a sum of expenses. It will then
out of the ordinary, or inordinately high, for subtract the expenses from the gross profit
the company or the industry? to determine the ‘Income from Operations.’
• Is the Cost of Goods Sold within industry • And finally, at the bottom, usually after
standards? Are there items in Cost of Goods a section for other income and/or non-
• Sold that don’t seem to be connected to the operating expenses (such as taxes), will
production process? In the US, due to some be the ‘Net Profit (or Loss).’ This is simply
Tax Court decisions, questionable payments derived from the Income from Operations
are placed in Cost of Goods Sold rather than and adding any other income and subtracting
deducted below as operating expenses. and non- operating expenses.
• Is the gross profit too high a percentage for Formatting and line items will be different in
industry standards? every P&L you see, but, in the end, it is simply a
• Are business expenses delineated, and, if so, statement of revenue minus expenses to deter-
are there indications of where fraudulent mine net profit or loss for the year.
expenses may be concealed?
• Are there unusual fluctuations in any In the example, you should notice that a great
of the revenue or expense categories deal of the information on the statement is
between periods? derived from other data on the sheet. To clar-
ify what data is derived from other entries; rows
Profit and loss statements can be limited by items that are used in calculations are labeled with a
omitted (examples are values such as brand rec- letter label. For example, Total Sales Revenue is
ognition that have no established guidelines for labeled with a [J]. For derived results, the formula
measuring); by accounting methods used to pro- to determine that row’s value is included in the
duce the numbers (companies in the same indus- row. For example, ‘Gross Profit’ is the result of [J]
try may use different depreciation methods); and minus [K], and we will now refer to gross profit as
by measurements that involve judgment (such as [L]. In other words, gross profit is the total sales
life of an asset, or estimates of future bad debt revenue minus the total cost of sales.
write-offs). You should always be aware of indus-
try norms when analyzing statements. To further clarify the statement, you should
notice that all ‘cells’ that are calculated from other
In the following example of a P&L, you can see the data and not manually entered are shaded grey.
primary elements of a typical statement. Every Any changes to entered data in the non- shaded
company will have a slight variation of this as far cells should automatically change the results in
as specific line items—sometimes far more gran- the shaded cells.
ular, and sometimes less—but all will have three
basic sections: In our example, there are additional columns for
‘Current Period as a % of Sales’ and ‘% Change
from Prior Period.’ You will not always see these
on a P&L, but we include them here to demon-
4 This is also known as the Cost of Goods Sold, or COGS.
171
Profit and Loss Statement

Universal Widget
For the Year ending 2012 Stated in 000s
Gross margin [L/J] 35.0%

Return on sales [T/J] 10.8%
Cur- % Change
rent Period as from Prior
Prior Period Current Period % of Sales Period
Sales Revenue
Software Sales 100 130 32.5% 30.0%
Hardware Sales 220 270 67.5% 22.7%
Total Sales Revenue [J] 320 400 100.0% 25.0%
Cost of Sales
Software Sales 80 120 30.0% 50.0%
Hardware Sales 130 140 35.0% 7.7%
Total Cost of Sales [K] 210 260 65.0% 23.8%
Gross Profit [L=J-K] 110 140 35.0% 27.3%
Operating Expenses
Sales and Marketing
Advertising 18 22 5.5% 22.2%
Marketing 2 3 0.8% 50.0%
Total Sales and Marketing Expenses [M] 20 25 6.3% 25.0%
General and Administrative
Wages and salaries 22 23 5.8% 4.5%
Supplies 2 4 1.0% 100.0%
Rent 12 12 3.0% 0.0%
Utilities 4 6 1.5% 50.0%
Depreciation 9 9 2.3% 0.0%
Insurance 1 2 0.5% 100.0%
Total General and Administrative Expenses [O] 50 56 14.0% 12.0%
Total Operating Expenses [P=M+N+O] 70 81 20.3% 15.7%
Income from Operations [Q=L-P] 40 59 14.8% 47.5%

Other Income [R] 5 0 0.0%
Taxes
Income taxes 10 12 3.0% 20.0%
Payroll taxes 3 4 1.0% 33.3%
Total Taxes [S] 13 16 4.0% 23.1%
Net Profit [T=Q+R-S] 32 43 10.8% 34.4%
172
strate some of the conclusions you can draw from and easily explained reason for this, but it shows
the data in our example. you the kind of item that might warrant more
investigation.
The first column of those two columns is sim-
ply the entry in that row for the current period Charitable organizations do not produce a P&L
divided by the total sales revenue for the current statement. Charities, by definition, are not
period, which in our example is $400,0005. We for profit, and thus will have not profit or loss.
can clearly see in this column that software sales However, they often do have reporting require-
were 32.5% of total revenue in 2012. ments, either to a regulator, donors or a board
of directors.
The final column simply shows the percentage
change in that row from the prior period to the Instead, they produce a similar statement that
current period. This should highlight any signif- reflects funding sources compared against pro-
icant year over year changes. For example, the gram expenses, administrative costs, and other
cost of supplies increased 100 percent in 2012, or operating commitments. This statement is com-
doubled year over year. Granted, the numbers are monly referred to as the statement of activities.
small in this example (only increasing from $2,000
to $4,000), but should highlight the kind of year Although not depicted in our example, most P&L
over year changes that should catch your eye. statements from companies of any significant
size include a Notes section at the end. As with
What can you determine from this statement? any financial statement, the Notes section is
Usually, any issues will require making an anal- common place to hide irregularities.
ysis of the results to determine what might be
suspicious depending on what you are investigat- Some questionable entries in the Notes section
ing. On this statement, a financial crime specialist might include the following:
may want to look into why the cost of sales for
software increased by 50 percent from one year • Write-downs of inventories
to the next, but the revenue from software sales • Litigation settlements
only increased 30 percent. There may be a simple • Discontinued operations
• Disposal of assets such as property, plants
and equipment
• Disposals of investments
• Restructurings activities of an entity
• Other reversals of provisions
Once again, this manual will not make you an

accounting expert, but you should be familiar
with P&L statements and the red flags that might
require further investigation.
5 Note that the actual entry in that row is 400, but at the top of the statement you should notice that all numbers are ‘stated in
000s.’ That simply means the statement is in thousands, and you should add three zeros to the end of all numbers on the state-
ment to get the actual number. This is a common practice to reduce the clutter on a P&L statement.
173
BALANCE SHEET (STATEMENT OF • Transfers of assets to Special Purpose

FINANCIAL POSITION) Entities (SPEs: off-balance sheet entities)
As we mentioned in the P&L section, an entity’s • Personal assets of corporate officers carried
balance sheet shows information on assets and on the books of the organization
liabilities for a single point in time. It is, in essence, • Apparent manipulation of the
a net worth statement for a company. organization’s stock price to meet market
analysts’ forecasts
The balance sheet should reflect the balancing
equation: Assets = Liabilities + Owner’s Equity. The example balance sheet shows the three main
Alternatively, you can look at it as the difference sections clearly: assets, liabilities and owner’s
between assets and liabilities equals owner’s equity (sometimes referred to as shareholder’s
equity, or Assets - Liabilities = Owner’s Equity. equity). Although a balance sheet represents a
Please note that owner’s equity is not always a moment in time, there may be multiple moments
positive number; a company that is in trouble may in time depicted on a balance sheet to show the
have more liabilities than assets. change over time. This is typical with a year-end
statement. In our example, the balance sheet
Assets are usually listed in order of liquidity with shows the company status on three specific days:
the most liquid assets being listed first starting December 31 of 2012, 2011 and 2010. This allows
with current assets. Similarly, liabilities are listed us to compare the same moment in the year
from short term to long term. Owner’s equity between several years.
follows the liability and loosely is listed in order
of liquidity. The assets section begins with current assets.
These are defined as assets that will mature in
The financial crimes investigator can also use less than a year or can be liquidated in less than
a company’s balance sheet to locate potential a year. Healthy companies typically have a strong
leads to various financial criminal transactions. current asset position that can cover all of their
Like the profit and loss statement, fluctuations short-term liabilities, often with a surplus.
between periods will often be a key to uncovering
these hidden transactions. Some of the things to The current assets in our example:
look for include the following:
• Cash and Cash Equivalents – Basically the
• An influx of cash or other liquid assets from company’s cash position
non-revenue sources
• Short Term Investments – Investments that
• Accounts receivable on the books that don’t will mature in less than a year or that are
correspond to sales and revenues intended to be liquidated within a year. If
• Inventory valuations that don’t correspond to a company has a strong cash position, it
import or export valuations (a sign of trade- will likely also have significant short-term
based money laundering) investments which will yield a higher return
than cash or cash equivalents but are still
• A significant amount of “goodwill” (see next
reasonably liquid.
page) from acquisitions
• Net Receivables – Outstanding payments
• Appearance of asset valuations that don’t
expected from customers less the amount
correspond to outlays of cash and/or
expected to be uncollectable
loans payable
• Inventory – The value of inventory currently
• Suspicious loans and other transactions
in stock but not sold yet
with principals
174
• Other Current Assets – This is, basically, a • Other Assets. Once again, a catchall category
catchall section for any assets that have value for assets not covered elsewhere.
and can be readily liquidated but are not
covered elsewhere in this section. It is not As with the asset section, the liability section
uncommon for this to fluctuate over time, begins with current liabilities, or liabilities that
but massive changes should be looked into. will come due in less than a year.
Below the current assets are the fixed assets The current liabilities in our example include
of the company. These assets are considered the following:
less liquid:
• Accounts Payable. These are the bills owed by
• Long Term Investments. These are the company, typically to suppliers.
investments that the company intends to • Short/Current Long-term Debt. Short-term
hold for more than a year and might never debt is debt that will come due in less than
mature. Stock positions in other companies a year, and current long-term debt is the
and bonds might fall in this category. payment due on long-term debt with a year.
• Property, Plant and Equipment (PP&E). • Other Current Liabilities. As in the asset
This represents relatively illiquid assets section, these are liabilities that are not large
a company might hold and, without enough to qualify as line items. It is a catchall
reinvestment over time, will decrease due to for small, miscellaneous liabilities.
depreciation. It may be a very large item for
some types of companies or a very small line As a general rule, in a healthy company, the cur-
item for others6. rent liabilities should not be greater than the cur-
• Goodwill. This is a line item typically found rent assets. Below the current liabilities are the
when a company acquires another company. long-term liabilities the company carries. These
In order to balance the books, this is added are liabilities that will not mature in the next year.
as an asset to reflect any premium paid
over the book value of the company7. It is As with the asset section, the liability section
intended to reflect the intangible assets that begins with current liabilities, or liabilities that
are considered part of the purchase, such will come due in less than a year.
a brand value or reputation of the acquired
company. Although there was likely a clear The long-term liabilities in our example
reason the company paid over book value are as follows:
for an acquisition, goodwill is generally not a
good thing to have on the books. • Long Term Debt. This can represent
financing on PP&E, bond issues, or any other
• Intangible Assets. Assets that are not long-term leasing or financing relationship.
physical in nature, such as patents and other
intellectual property. Intangible assets are • Negative Goodwill. Negative goodwill is
typically very hard to value and could be actually considered a good thing to have on
inflated on some balance sheets. a balance sheet. This reflects an acquisition
where less than the book value was paid, or
basically the company paid less than the
6 For example, a shipping company would likely have a very high PP&E since most of its assets would be in the fleet of ships it
owns. A consulting company would likely have a small number in this line item.
7 The book value of a company is basically the value of its assets minus its liabilities.
175
acquisition was worth. This typically happens Although usually issued regularly like the income
in distressed sales or a sale in which the statement, the statement of cash flows shows
assets of the company being acquired are actual cash items only, while the income state-
very illiquid. ment (P&L) shows non-cash items such as depre-
• Other Liabilities. This is another catchall ciation. These are typically produced quarterly by
category that covers liabilities that are not most companies depending on the requirements
covered in another line item. of the jurisdiction’s regulator.
Balance sheets in particular, are very indus- A statement of cash flows is a critical piece of
try-specific. While all will have the general line information to review to truly determine the
items found here, there will be industry variances. health of the company and to note any irreg-
ularities. There are many ways to manipulate
There are many ways a balance sheet can be an income statement to appear very liquid or
manipulated. One example is the early recogni- profitable, yet the company’s cash position is
tion of assets. Assets with long-term contingen- extremely poor.
cies, or that cannot be billed in the near future,
can be recognized early. These assets could be An example would be if a company wins a large
placed in the “accounts receivable” account in contract with a very big customer. On the income
order to push up revenue for a given period. statement, it would be recognized as revenue, but
they might not get paid for the contract for quite
This is inaccurate because the sale of a long- some time. A more accurate look into a company’s
term asset beyond a year would be inappropri- liquidity should include a review of their State-
ately classified if put in the accounts receivable ment of Cash Flows.
account. Consequently, unusually large accounts
receivable on a balance sheet for a given period
should rouse the interest of a financial crime
OTHER TYPES OF
investigator. FINANCIAL RECORDS
In addition to the usual statements that most
This is only one example. There are many oth- companies are required to prepare, there are
ers, such as moving assets from PP&E to current myriad other documents retained that might lead
assets if they are intended to be sold within a to solving or discovering a financial crime.
year even though the sale may never happen or
the valuation may be inflated and not reflective of TRANSACTION RECORDS
the likely sale price. You need to review balance Transaction records kept by financial institutions
sheets with a critical eye to discern discrepancies. can produce invaluable information. Transac-
tion records, such as those that follow, are just
the beginning of what one can find in a commer-
STATEMENT OF CASH FLOWS
cial bank or credit union, otherwise known as a
The statement of cash flows presents the use depository institution:
of cash and cash generated in a defined period
of time (fiscal year ending, quarter ending, etc.). • Deposit tickets
It will be broken into three categories: opera- • Deposited items (checks and other monetary
tion activities, investing activities and financ- instruments)
ing activities.
• Checks drawn
• Debit memos
176
Balance Sheet
Universal Widget
Year End Statement 2012 Stated in 000s
Increase in Stockholders Equity 2012 29.2%

Increase in Stockholders Equity 2011 -2.6%
December 31st, 2012 December 31st, 2011 December 31st, 2010
Assets
Current Assets
Cash and Cash Equivalents 2,000 1,900 2,200
Short Term Investments 575 325 290
Net Receivables 1,625 1,435 1,512
Inventory 420 410 415
Other Current Assets 56 20 75
Total Current Assets 4,676 4,090 4,492
Long Term Investments 500 610 500
Property, Plant, and Equipment 2,400 2,200 2,100
Goodwill 190 180 110
Intangible Assets 75 75 75
Other Assets 203 190 135
Total Assets 8,044 7,345 7,412
Liabilities
Current Liabilities
Accounts Payable 1,250 1,190 1,210
Short/Current Long-term Debt - 275 -
Other Current Liabilities 980 1,190 1,290
Total Current Liabilities 2,230 2,655 2,500
Long Term Debt 875 790 770
Negative Goodwill - - -
Other Liabilities 450 425 575
Total Liabilities 3,555 3,870 3,845
Owners Equity 5 0 0.0%
Preferred Stock 200 200 200
Common Stock 3,230 3,200 3,010
Retained Earnings 1,059 75 357
Total Stockholder Equity 4,489 3,475 3,567
177
• Credit memos • A summary of wire transfers into or out

• Outgoing wire transfer orders of the account
• Incoming wire transfers • Increases and decreases in account balances
• Money orders Along with the account records, an investigator

• Cashier’s checks sold should obtain all the account documents related
• Foreign currency sold to the account opening and customer onboard-
ing, including the following:
• Signature cards
• Monthly statements • Account application
• Cancelled checks written on the account • Copy of signature card
• Standing orders • Copy of customer IDs used to open account
• Draft checks • Letter of referral or introduction

• The bank’s due diligence records prepared for
Key transaction records that should be tracked the customer
are records of wire transfers. Wire transfers
move funds from one bank to another within or RECEIPTS AND RELATED EXPENSE
between countries. A wire transfer is initiated by a DOCUMENTATION
bank customer or other person, called the sender, Receipts can be helpful for verifying a journal
instructing the bank to send funds by wire to an entry, a reimbursed expense, or a department’s
account or person at another bank. The ultimate expenses. One red flag to be aware of with
recipient is called the beneficiary. Sometimes, a receipts is if copies are allowed or accepted. Cop-
wire transfer goes through or is processed by an ies can be applied to more than one account or
intermediary bank. conceal alterations to the original.
Many countries require financial institutions Another red flag in receipts and expenses inves-
to keep records of transactions above certain tigations is the absence of a division of duties in
amounts. In the US, financial institutions, includ- review of expenses, or possibly the absence of a
ing broker-dealers, must keep records of the par- review system. A proper review system should
ties involved in wire or funds transfers in amounts
include verifying the expense, checking that it
of more than $3,000. These records may be sub- was approved before the expense occurred, and
poenaed in criminal and civil litigation. Money collection of original documentation to support
transmitters, which often deal in smaller amounts, the expense.
must also keep records of their transfers.
JOURNAL ENTRIES
Once the records are obtained or gathered,
the investigator should prepare summaries of Journal entries can be completely falsified, espe-
the information in all the financial documents cially in a fraud, to inappropriately recognize
received from a financial institution, including assets or create fictitious assets. They may also
the following: be a good source of information on inappropri-
ate revenues or expenses. Look for ambiguous
• A summary of deposits and withdrawals entries for “services” or “consulting” that either
• A summary of checks written on the account the entity does not provide or need. There may
178
income from a loan, actually belong in cash but

was reported as revenue?
THE WORLD CUSTOMS VENDOR/CUSTOMER LIST

ORGANIZATION (WCO) If the entity is paying vendors or customers,
The World Customs Organization (WCO) is investigators need complete access to that list.
an intergovernmental organization head- Look for legitimacy when researching the vendor
quartered in Brussels, Belgium. The WCO list. Illegitimate vendors, which in some situations
is noted for its work in areas covering the may be shell companies, can be compared against
development of international conventions, the employee list to see if there is an address or
instruments and tools on topics such as name in common. This may necessitate a detailed
commodity classification, valuation, rules search, as the shell company could be registered
of origin, collection of customs revenue, in a family member name of the employee.
supply chain security, international trade
facilitation, customs enforcement activ- Look for vendor charges that are steadily rising or
ities, combating counterfeiting in sup- inappropriate to the industry. There may be col-
port of Intellectual Property Rights (IPR), lusion between the vendor and an employee with
integrity promotion and delivering sus- the authority to pay or approve the shipment.
tainable capacity building to assist with
customs reforms and modernization. The In many cases, businesses and organizations
WCO maintains the international Harmo- will maintain a “preferred vendor list.” These
nized System (HS) goods nomenclature are vendors that have already had due diligence
and administers the technical aspects conducted on them by the business and are con-
of the World Trade Organization (WTO) sidered approved as suppliers or service provid-
Agreements on Customs Valuation and ers. This preferred vendor list can also be a help-
Rules of Origin. ful source in financial crime investigations. The
financial crime professional should compare the
preferred vendor list against vendors that have
been used recently to determine if an employee
also be a trend toward one vendor, employee
or company insider is using vendors that do not
or department.
appear on the preferred list. Vendors that appear
to have been added to the preferred list without
Another red flag with journal entries are descrip-
proper due diligence or authorization can also
tions that include specifics on extensive payment
be a potential indicator of suspicious or fraudu-
contingencies, which possibly indicates “chan-
lent activity.
nel stuffing.” This is the process of pushing more
products through a given distribution than the
channel can possibly sell. It is designed to inflate INVENTORY
sales figures. Obtaining inventory records is crucial in cases
involving loss or theft of physical inventory. When
Items in journal entries on a more detailed trans- reviewing inventory records, financial crime pro-
action can be subject to error, intentional or not. fessionals should look for dates of physical counts
This can be a source of information to verify as well as a policy for physical counts, such as
where incorrectly entered transactions should be boxes that are opened and visually inspected.
located. For example, did the transaction, such as
179
One should check the policy for disposal of obso- invoices are also critical evidence in customs
lete or spoiled inventory. Look for patterns of duties, tax evasion and alternative remittance
either writing off inventory for year-end “earn- systems investigations.
ings management” or suspicious writing off that
is actually theft of the inventory by an employee. Following are some of the red flags for the finan-
cial crime specialist in analyzing commercial
COMMERCIAL INVOICES invoice data:
A commercial invoice may be just a simple bill pre- • Discrepancies in the description of goods
sented in a commercial transaction. More often, it shipped between the commercial invoice and
refers to a document used in international trade. other documentation
It typically will contain the information neces-
sary for presentation of shipping declarations • Large price differences between the declared
to a customs authority of a particular country. value of the goods and the WCO standard
Although there is no standard format for a com- values for similar goods
mercial invoice, the World Customs Organization • Atypical financing for the goods
(WCO) sets standards for the information needed • Illogical shipping routes and stops for the
on the form in an effort to create transparency goods on their way to their final destination
of information between countries. Some of the
information contained in a commercial invoice • Inconsistent size of the declared amount and/
includes the following: or size of the declared trade goods with the
shipping container or the weight
• The parties involved in the • Counterfeit, false documentation
shipping transaction
• False sets of books
• The goods being transported
• The country of manufacture, and codes Some of the money laundering methodologies
for those goods associated with commercial invoices and trade-
based money laundering includes under and over
A commercial invoice must also include a state- invoicing; misrepresentation of quantity, quality,
ment certifying that the invoice is true, and a product, or cost; recycling products; and non-ex-
signature. Due to the amount of information typ- istent or false products.
ically required by customs authorities, the com-
mercial invoice can provide valuable information Investigative strategies for commercial invoice
to the financial crime specialist. Caution should manipulation include the following:
always be taken to notice not just the informa-
tion that is on the form, but also what information • Bank account analysis for unusual deposit
appears to be missing. activity associated with the payment
for trade goods
Although estimates vary widely, the consensus • Analysis of Financial Intelligence Unit (FIU)
is that international trade is one of the biggest reporting of large currency transactions and
vehicles used by transnational criminal and ter- suspicious activity
rorist organizations for financing and laundering • Analysis of shippers’ import and export
the proceeds of their illicit activities. Therefore, declarations against inventory amount and
when investigating these types of criminal activ- valuation data
ity, the commercial invoice is a vital piece of evi-
dence needed for analyzing the financial activi-
ties of subjects of the investigation. Commercial
180
• Spot inspection of import or export trade market price, rather than their historical
goods for quality and quantity comparisons costs. Although an entirely legitimate
to the commercial invoice practice if done correctly, it can also be used
to commit fraud, particularly in situations
Sources of information available to the finan- where it is difficult to determine an accurate
cial crime specialist in investigations involving market price for assets.
commercial invoicing include freight forwarders, • Inappropriate inventory write-off. This is the
insurance companies, transport companies, cus- moving, spoiling or destroying of inventory
toms services and shipping companies. to change year-end reporting or to hide
employee theft.
RECONCILIATIONS ON
INTERCOMPANY ACCOUNTS CANCELLED CHECKS
Intercompany transactions can be material, Cancelled checks have always provided one of
such as a transfer of inventory or allocation of the most fruitful caches of leads for the financial
R&D costs between units. However, if the com- crime investigator because one document may
pany does not correctly reconcile these transac- provide the complete picture of a financial trans-
tions with a policy to investigate discrepancies, action, including date to amount, the recipient of
it could result in an overall company material the funds, the payer of the funds, the method and
misstatement. location of negotiation, and the final disposition of
the funds. This has changed to some extent in the
This may be in error or intentional, but will start US with the advent of laws allowing digital copies
with an investigation on how transfers of inven- of checks, which eliminates the need to retain the
tory are initiated, received and reconciled. physical copy. Other countries now have similar
laws in place, so the financial crime investiga-
There are many ways to overstate income or assets: tor should be well-versed in his or her country’s
• Bill and hold transactions. These overstate rules regarding cancelled check retention.
revenue when a company invoices the
customer and records the sale as recognized Copies of cancelled checks are still maintained
even though the asset remains in the seller’s by banks in accordance with regulatory require-
physical possession until a later date. A sign ments of the countries in which they are located.
of fraud would be the seller counting both Paper copies of cancelled checks may not be
the “inventory not yet shipped” as “inventory available to customers of the banks and, thus, not
on hand,” as well as recognizing the revenue available for subpoena or search warrant. How-
from the sale. ever, the electronic age has brought new formats
and record retention, which when understood
• Late recognition of returns. This could be may provide better and quicker access to the
another form of “earnings management” or financial information associated with the tradi-
a sign of theft and fraud. If returns are not tional cancelled check. Since all of the data is now
recognized at all (for example the inventory captured electronically, it can be searched and
count does not change to the return), this retrieved with greater accuracy and quickness.
could be a fraud at point of sale/point of
return. This can be incredibly hard to detect, The following outline identifies some lines of
especially if there is collusion. inquiry the financial crime specialist should fol-
• Mark-to-market accounting. This is an low when dealing with cancelled checks:
accounting practice that refers to recording A. Business or personal check
assets or liabilities based on their current
181
• May identify an unknown bank account assets, including real estate and personal prop-
» Who owns or opened the account? erty, securities accounts, insurance policies, cars,
boats and many other things. Sources of income,
» What is the source of funds going into including salary, interest, dividends, rents, pur-
the account? chase and sale of assets, may also be identified.
» What other account activity is connected The tax return lists banks and broker- dealers
to the subject or identified associates or that paid dividends or interest. Comparing tax
co-conspirators? return items from one year to the next, such as
• May identify a nominee, front or shell property taxes and interest expense, can tell a lot
company, or associate the subject is using to about assets, incomes and sources of funding.
conceal illicit proceeds
OBTAINING TAX RETURNS
• May identify a business or individual who is
conspiratorially linked to the subject The value of tax returns is offset somewhat by
the difficulty in obtaining them. In the majority of
B. Cashier’s or bank check jurisdictions, tax information is guarded by strict
secrecy laws. In a private sector financial crime
• On what bank is the cashier’s check drawn? case, a tax return can be very hard to obtain
• Was it drawn against an account? unless the target furnishes it.
» If not, how was it paid for? In the public sector, one must follow the proce-
» What was the form of payment? dures of the appropriate tax authority. Individual
• Who purchased the cashier’s check? and business tax returns should be obtained, if
possible. They may reveal a trove of otherwise
• Was a large currency or suspicious activity unavailable information. Sometimes, tax returns
report filed by the bank in connection with aid in unearthing hidden assets or income, such
the purchase of the cashier’s check, if such a as hidden business ventures acquired with finan-
report was required? cial crime proceeds. Review interest or dividends
from hidden investments or capital gains on the
C. Money orders and travelers checks sale of hidden assets or income from the criminal
• Where were they purchased? activity that may be listed as “consulting fees or
commissions.”
• By whom were they purchased?
• What was the form of payment? You should not ignore the tax lawyer, accountant
or preparer who may be inclined to cooperate
It is a good practice when dealing with bank because of their potential liability under the tax
checks and monetary instruments not drawn on laws. Usually, they will not cooperate unless their
an account to request the consecutively num- client authorizes them to do so or unless they
bered bank checks and monetary instruments appear under compulsory legal process, such as
immediately preceding and following the identi- a grant of immunity.
fied monetary instrument, in case the subject or
co-conspirator purchased more than one. Other ways to obtain tax returns include
the following:
ANALYSIS OF TAX RETURNS • Subpoena the tax preparer or certified public

accountant, keeping in mind that they risk
Tax returns can yield important information
about a multitude of a subject’s activities and
182
liability to their client if they release the tax When dealing with electronic information, han-
return without permission or compulsion dling for integrity and documenting a chain of
• Subpoena the taxpayer or target custody are equally important. Just as original
documents need to be protected, controls need
• Asking business partners for copies of the to be established to prevent the overwriting of
corporate or partnership tax return, if they electronic information. Investigators should be
also signed the return careful not to unintentionally alter metadata that
• Subpoena the mortgage company, bank could be useful, such as the name of the user who
or closing agent, or mortgage broker, who last edited a file, for example, or the date a file
may have copies of the tax return provided was last accessed.
by the subject
• Subpoena municipal and state tax authorities To maximize the likelihood that electronic
for copies of tax returns filed by the subjects records can be entered into evidence, investi-
in their jurisdiction gators will generally need a clear and thorough
understanding of how the data were obtained
and who was involved in gathering, storing and
PROTECTING THE EVIDENCE transmitting it. For some investigations, includ-
ing those involving multiple countries or jurisdic-
At the beginning of an investigation, one does
tions, this can be challenging.
not have a clear picture of which financial doc-
uments will be relevant and which will not. Thus,
Professionals should determine if they need
all financial documents should be handled as if
parties with technical skills to ensure data are
they will be material evidence in a future legal
captured correctly at the outset and preserved
proceeding or action. A proper chain of custody
throughout the process of investigation. If the
must be followed.
source, origin and chain of custody of data are
not clear, the ability to enter that data into evi-
Chain of custody procedures include a docu-
dence may be compromised.
mented chronology of the handling of the doc-
ument or physical evidence. Important chain of
For example, let’s say an investigator involved in
custody documentation may include the following:
an anti-corruption probe has requested payment
• Where the item was initially located records from an affiliate of a multinational cor-
poration. The affiliate is in another country. The
• Who collected it
investigator receives the records on a hard drive,
• Where it was filed but there is no accompanying documentation
• Documentation of each person explaining how the data was originally obtained,
who handled it which employees were involved in handling it,
and the process they followed. This lack of clarity
Whenever possible, original documents should will greatly reduce the chances that the payment
be obtained, or it should be noted why the orig- records could be used in a legal case.
inals were unavailable. This makes it extremely
important to protect and control the document.
Detailed and accurate chain of custody records
will help if evidence is ever altered or damaged –
either accidentally or intentionally.
183
CHAPTER 10
MONEY
AND
COMMODITIES
FLOW
OVERVIEW
Financial crime usually has several goals. It seeks to earn or

preserve money or other assets obtained through illegal means,
including corruption, tax evasion, money laundering, fraud,
sanctions violations, and those that have emerged from, or were
facilitated by, new electronic tools, such as identity theft and
various types of cybercrimes.
184
CHAPTER 10 • MONEY AND COMMODITIES FLOW
In the execution, cover-up, laundering and ulti- parts of the world like the Middle East and Africa,
mate use and enjoyment of financial crime pro- which moves billions of dollars in paperless form
ceeds, the money or commodity that is involved often without leaving trails.
typically must be transferred through multiple
accounts, vehicles and entities. This “flow” of
money or commodities linked to financial crime FREQUENTLY USED VEHICLES
is executed and directed by the financial criminal TO MOVE MONEY
and his collaborators and co- conspirators. The We first examine the tools that financial criminals
collaborators and co-conspirators could include use most often. Some methods to move money
a banker or corporate official, who knowingly and other assets include the following:
or unknowingly is an accomplice in the criminal
operation. The word “commodities,” as used here, • Checks
refers to value or goods obtained through ille- • Wire transfers
gal activity.
• Electronic transfers
Without the successful movement or flow of the • Correspondent banking
criminal proceeds and their ultimate use, the • Private banking
financial criminal cannot succeed. His goal is to
take from, or deprive, someone or something, • Informal systems for the movement of assets
such as an institution or government agency, of • International trade, including trade finance
money or other assets. The vital step in the pro- • Currency
cess is to move the proceeds of his crime for his
own purpose and enjoyment. • Securities and financial products and
instruments, such as futures, bonds,
This chapter will discuss some of the major meth- derivatives and insurance policies.
ods that are employed in the movement of money
and other financial assets. This will include red Two of the old but popular informal methods to
flags that financial crime specialists should look move funds include Hawala and the so-called
for in their work of examining money flows. Black Market Peso Exchange, which are covered
later in this chapter.
The number of money movement mechanisms
is limited only by the creativity and ingenuity of Among the emerging technologies that serve to
the financial criminal. Wire and electronic funds move money and create new challenges for finan-
transfer facilities, currency, international trade, cial crime specialists are the following:
Hawala, and mobile money and other vehicles • Virtual currencies and online
spawned by new technologies are just a few of money exchanges
the avenues available to move money and value
at various phases of the financial crime process. • Pre-paid cards
• Mobile payments
As new routes are opened by technology, the
old ones do not go away. They remain, leav- USE OF MULES AND OTHER THIRD PARTIES
ing financial crime specialists with a constantly Money mules are persons who move criminal
growing list of routes through which money can proceeds for the purpose of disguising the iden-
move. Thus, the new technological vehicles stand tity of the beneficiary or source. Sometimes they
alongside ancient ones, such as Hawala, a centu- are willing participants who know they are mov-
ries-old method of money movement popular in ing criminal proceeds, and other times they are
185
unwitting participants who have been recruited • Note any large checks or transfers that do
through the Internet or e-mail scams. The typical not fit the normal pattern of the general use
scheme involves placing a large deposit into the of the account.
account of the “mule,” who then moves the money • Canceled checks often have notes and
to another account or person, retaining a fee for numbers written on the back by bank
his service. employees, indicating such things as the
purchase of a cashier’s check or use of the
funds for a wire transfer. The financial crime
CHECKS AND BANK STATEMENTS specialist should make notes of all these
Virtually everyone is familiar with a check, the markings, including the names of the bank
paper document that orders the payment of employees, and start an inventory of all
money from the account of the writer, known as accounts to which transfers are made, the
the drawer, at a bank or other financial institution names of any reference to individuals and
to the account of the receiver. The use of paper other information.
checks and other documents as the primary
means of making payments in the financial sys-
tem has fallen significantly in recent years. Also,
most financial institutions no longer have an obli- CORRESPONDENT
gation to return canceled checks, thus reducing, BANK ACCOUNTS
or making more difficult, the amount of informa-
tion that can be gathered unless the information A basic domestic bank typically only offers
is subpoenaed in an electronic format. In addition local services to customers, including depos-
to examining the paper or electronic version of its and loans. If those customers travel out-
a check, the examination of a bank statement, side of the bank’s operating region, accept
which may or may not include digital copies of international deposits or engage in other
checks, can be very useful in mapping the flow of activities outside the bank’s coverage area,
money or other assets. the bank either needs to open a new branch
or make arrangements with a correspondent
When a financial crime specialist has the oppor- bank. Opening new branches may not always
tunity to review checks and bank statements, it is be feasible or desirable, so a correspondent
wise to be guided by these procedures: bank account provides a convenient solution.
• Make note of payees on a check, especially A correspondent bank is a financial institu-

corporations, trusts, foreign entities and tion that acts as an agent for another bank,
other organizations. providing services and products in an area
• Compare the payees to the endorsers or the the other bank does not operate in, so its
ultimate deposit accounts to determine their customers can access things like wire trans-
consistency, among other things. fers and international deposits. This allows
banks of all sizes to do business in other
• Pay attention to checks drawn to cash, which regions and countries without having to
will often provide information about the open new branches, keeping these services
recipient and his or her related organizations. at an affordable price for customers. Banks of
• In reviewing a bank statement, make note of all sizes can act as correspondent banks, and
the volume of checks and the pattern of use numerous international financial institutions
of the account. have a correspondent banking branch to pro-
vide services to smaller banks with less reach.
186
WIRE TRANSFERS In the international interbank context, a cover

Wire transfers have long been identified as a tool payment is an agreement to cover the funds
at all steps in the financial crime process: To move related to an underlying monetary movement. In
money from the victim to the financial criminal; other words, there are two payments. One is a
from the financial criminal through the various payment order, which instructs the bank for the
layers that he may use to hide, disguise and move beneficiary of the payment to pay the receiver
the proceeds; and to the ultimate application the a specified sum. The second message is the
financial criminal makes of the proceeds. bank-to-bank instruction that tells the interme-
diary bank to cover the payment of the benefi-
Wire transfers are an all-purpose vehicle to move ciary’s bank.
money and assets in most financial crime sce-
narios. They can be used in the placement, lay- Financial institutions can mitigate the risk asso-
ering or integration stages of money laundering ciated with cover payments by managing cor-
of the financial crime proceeds. All three clas- respondent banking relationships carefully. The
sic money laundering stages should be kept in Wolfsberg Group’s best practices, which are dis-
mind when the financial crime specialist is eval- cussed below, and the SWIFT standards for send-
uating or assessing the money flow aspects of a ing wires, which recommend appropriate trans-
financial crime. action screening and monitoring, are two sound
starting points for a correspondent and wire
Financial institutions, which serve as the conduit compliance program.
by which wire transfers are executed, must have
well-considered policies and processes that man-
age these risks of the susceptibility of wire and
other funds transfers for serving illegal purposes. INTERMEDIARY BANKS
These policies and procedures should encompass An Intermediary Bank is any bank through
more than regulatory recordkeeping minimums, which a payment must go to reach the
including monitoring whether wire transfers vio- beneficiary bank. Intermediary Banks help
late sanctions laws or further financial criminal process a transfer of funds and perform
activity in all stages in the process. The policies any necessary currency exchange.
and processes should cover foreign correspon-
dent bank accounts and transactions in which the An Intermediary Bank is a bank that has
affiliates and agencies of foreign banks and other your beneficiary bank’s account. This is
financial institutions serve as intermediaries for usually the case if the beneficiary’s bank
their headquarters office. doesn’t have an office in a particular loca-
tion. For example, if you were execut-
Correspondent banking is covered in other sec- ing a payment order via SWIFT 200 and
tions of this manual and is an important element you wanted to pay a vendor in the Baha-
in the overall financial crime picture. For the pur- mas, the payment order would leave your
poses of this chapter, it is worth mentioning that bank and go to the beneficiary’s bank, but
the due diligence procedures applied to corre- before the money is credited to the ben-
spondent accounts should take into account the eficiary, it passes through the beneficia-
correspondent institution’s practices concerning ry’s bank’s account at the Intermediary
monitoring and processing of wire transfers. Bank. Basically, it’s the bank of the bene-
ficiary’s bank.
187
The Basel Committee on Banking Supervision Outgoing funds transfers requested by a

issued a May 2009 paper on cross-border cover non-customer or account holder. If the policies
payments called the BIS Cover Payments Paper. of a bank or other financial institution permit the
It encouraged financial institutions that conduct purchase of a wire transfer by a non-customer,
international payments transactions to adhere to especially one for a significant amount, the insti-
the message standards developed by the Wolfs- tution should be extremely careful about the
berg Group in 2007, and others. identities of the parties and the destination of the
money, especially to an offshore location.
RED FLAGS OF WIRE TRANSFERS
Laws and regulations have been enacted in Wire transfers that do not make sense or appear
many countries attempting to make it difficult to have no legitimate business reason. A cus-
to exploit wire transfers to move criminal money. tomer who engages in frequent wire transfer
The following types of funds transfer activities activity that is not justified by his or her normal
should be scrutinized closely because they can circumstances should receive extreme scrutiny
serve to move illicit funds. This is not meant to by the financial institution, and, in appropriate
be an exhaustive list, and their mere existence circumstances, become the subject of a suspi-
in a scenario does not equate to criminal activ- cious activity report.
ity. However, mapping the flows and objectively
determining a valid reason for these transactions A customer with low account balances who
is a very important step in financial crime inves- sends or receives frequent wire transfers. This
tigation, prevention or detection. type of activity should prompt suspicions among
the employees of the affected financial institu-
Because of their thoroughness and completeness, tion because it is not logical for a customer with
this listing borrows from some of the elements low account balances to be serving as a conduit
contained in the guidance published by the United for incoming and outgoing funds transfers.
States Federal Financial Institutions Examination
Council (US FFIEC), an umbrella organization that A quick succession of incoming and outgoing
serves as a forum for the collaboration of various wire transfers in similar or exact monetary
US financial institutions and regulatory agencies. amounts. Often, this pattern of wire transfers of
like amounts in and out of an account or related
Funds transfers to tax and secrecy havens. There accounts close in time should raise deep suspi-
are more than 60 such havens around the world. cions. A customer may also receive several small
What jurisdictions can be considered secrecy incoming wires, and then send a large transfer to
havens is a much-debated issue. Some commonly another city or country.
cited examples include Switzerland, Lichtenstein,
Panama, the Cayman Islands, the Cook Islands, Customers with cash-intensive businesses that
the US states of Delaware and Nevada, and others. send large funds transfers. This situation could
reflect several illegal financial activities, includ-
Funds transfers that are subject to instructions ing tax evasion, laundering of the proceeds of
to “pay upon proper identification.” The “PUPI other crimes, and the payment or transmittal of
instructions” are made to the receiving bank. funds destined for corrupt payments. In general,
Financial crime investigators should be alert to businesses that are cash-intensive should receive
the amount that is transferred for signs that it scrutiny, and when they involve frequent wire
may be just under the amount that triggers a cur- transfers, special scrutiny is recommended.
rency transaction report to the authorities in the
receiver’s country.
188
pays for outgoing international wire transfers

with several official bank checks, travelers checks
or personal checks drawn on financial institu-
tions in one’s country and made payable to the
same or related individual or business in amounts
below a governmental reporting threshold, is, or
borders on, suspicious activity.
MOVEMENT OF MONEY IN TRADE AND

COMMODITIES TRANSACTIONS
Financial criminals are nimble and adapt their
activities and procedures to skirt statutory and
regulatory requirements. As laws and regulations
change to thwart the ability of financial criminals
A customer who uses cash or bearer instru- to move or use their criminal proceeds, financial
ments to purchase funds transfers. The use of criminals adopt new methods to make safe use of
cash, in general, is cause for concern, but when it their money and escape detection. One method
is used to purchase wire or other funds transfers, that first came to widespread attention in the
it borders on outright suspicious, especially if it is late 1980s used international trade through the
a frequent occurrence. manipulation of prices of imports and exports.
Unusual funds transfer transactions by corre- This method, which is now known by the popu-
spondent banks or other financial institutions. lar name Trade-Based Money Laundering (TBML),
Transactions with one’s own institution by for- was recognized by the Financial Action Task force
eign correspondent banks always deserve scru- in 2006 as one of the three principal avenues for
tiny because of the history that correspondent moving money to disguise or integrate criminal
accounts have of being involved in a multitude proceeds into the legitimate economy or to move
of financial crimes and money laundering. Suspi- money needed to finance other crimes, including
cious activity by these institutions may include a terrorism. The FATF defines TBML as ‘the process
volume of wire transfers that is inordinately large of disguising the proceeds of crime and moving
in relation to the size of the bank, the large vol- value through the use of trade transactions in an
ume of funds transfer activities that are inconsis- attempt to legitimize their illicit origin.’ In 2008,
tent with the size and policies of the institution, the definition was revised in the FATF Best Prac-
and a high volume of funds transfers of similar tices Paper to expand the definition:
amounts on one or consecutive days.
“…the process of disguising the proceeds of
Out-of-country funds transfers that are incon- crime and moving value through the use of
sistent with the customer’s profile or business. A trade transactions in an attempt to legitimize
domestic customer who engages in international their illicit origins or finance their activities.”
funds transfers in amounts or frequency that are (Emphasis added).
inconsistent with the nature of the customer’s
legitimate business may indicate involvement in a TBML may be accomplished by using combina-
financial crime, including money laundering. tions of over-valued or under-valued imports and
exports to achieve a transfer of money from one
Payment for international funds transfers with country to another.
several monetary instruments. A customer who
189
A simple example would be: • To move money from one country to another,
Assume Person A wishes to move money from the parties may overstate the price of
Country X to Person B in Country Y. Person B imported goods or understate the price of
buys 10,000 widgets in Country Y and exports exported goods.
them to Person A in Country X with an invoice
for $100 per widget, although he only paid $10 These international trade operations require the
per widget. Person A or B goes to a bank to two parties working in league with each other. By
obtain trade financing to finance the exporta- doing so, they can achieve their goals in moving
tion or importation of 10,000 widgets at $100 different amounts of money at any time. To facil-
apiece. The financing is achieved, and Person A itate the commission of crimes, such as terror-
pays Person B the $1 million that is invoiced. By ism, trade-based money laundering may be used
this transaction, he is able to move an excess to send money to terrorists in the jurisdiction
of $900,000 disguised in an international where they are operating.
trade procedure.
More than 35 million containers of goods arrive in
By using international trade and the manipula- or leave the US every year, and major industrial-
tion of the prices that pertain to the products ized nations, as well as rapidly developing nations
being shipped, persons may move money in either such as China and Brazil, have even higher totals.
direction disguised as the cost of the products The sheer magnitude of this commerce makes it
being imported or exported. This works both very difficult to detect the movement of money
ways, as follows: linked to financial crime in wider international
trade. It is like finding a lone needle in a hay-
• To move money into one country from stack of needles.
another, the parties may understate the price
of imported goods or overstate the price of Sophisticated data mining may serve to detect
exported goods. and identify some international trade trans-
actions that are linked to financial crime and
money laundering.
According to the US Department of Homeland

Security, which started the first Trade Transpar-
ency Unit (TTU) with the goal of identifying cus-
toms fraud, tax evasion, smuggling, trade-based
money laundering and terrorist financing, the fol-
lowing indicators are red flags of the movement
of illicit funds in international trade transactions:
• Payments to vendors in cash by unrelated

third parties
• Payments to vendors by wire transfers from
unrelated third parties
• Payments to vendors by checks, bank drafts
An Image of the Port of Shanghai. One of the World’s or postal money orders from unrelated
Largest, it Handled Approximately 32 Million Shipping third parties
Containers in 2012, Demonstrating the Sheer Volume
of Global Trade
190
• False reporting, such as commodity • Fewer customer identification

misclassification, over-valuation or rules are imposed
under-valuation • Because of the high volume of customers,
• Carousel transactions, meaning repeated reduced possibilities of verification of
importation and exportation of the same customer identification
high-value commodity • Customer relationships are less formal and
• Trading in commodities that do not match customers rotate often
the business
• Unusual shipping routes or INFORMAL VALUE TRANSFER SYSTEMS
transshipment points AND THE MOVEMENT OF MONEY
• Packaging that is inconsistent with the An informal value transfer system (IVTS) is a sys-
commodity or shipping method tem for transferring value through the exchange
of goods or currency from one person in one
• Double-invoicing country to another person in another coun-
try. IVTS businesses are not banks in the tradi-
tional sense. They maintain their own financial
NON-BANK FOREIGN EXCHANGE
accounts but do not utilize the banking system to
COMPANIES AND MONEY transfer money or other value for their customers.
TRANSMITTERS
Currency exchange providers and money trans-
mitters, which are often referred to as money
INFORMAL VALUE TRANSFER
services businesses or MSBs, may be used in sev-
eral ways in the perpetration of financial crimes SYSTEM LEGALITY
and the laundering of criminal proceeds. In that As a type of Money Services Business
respect, they are no different than commercial (MSB) and specifically, as a type of money
banks which may also be used in multiple ways in transmitter, IVTS may legally operate in
the commission of financial crimes. the United States, so long as they abide
by applicable state and federal laws. This
MSBs are used by millions of people for legitimate includes registering with FinCEN and
reasons, including the transmittal of small sums to complying with anti-money laundering
family members of the sender in other countries. and counter-terrorist financing provisions
of the Bank Secrecy Act (BSA) applicable
VULNERABILITY OF MSBS TO MOVING to all money transmitters and to certain
MONEY LINKED TO FINANCIAL CRIME other MSBs. A more sophisticated form of
IVTS operating in the United States often
As stated above, MSBs are no different than banks
interacts with other financial institu-
in their vulnerability to, and use by, financial
tions in storing currency, clearing checks,
criminals. The following are the principal reasons
remitting and receiving funds, and obtain-
for this vulnerability of MSBs:
ing other routine financial services, rather
• Simplicity and certainty of the transactions than acting independently of the formal
financial system.
• Global reach of the network of MSBs
• Cash nature of the initial steps of the Source: FinCEN Advisory, September 1,
transactions 2010 FIN-2010-A011
191
IVTS businesses pre-date traditional banks. Ini- is a system by which illicit proceeds are laundered
tially, they offered barter systems to resolve through a combination of exchange of currencies
accounts and to foster trade. But the systems and international trade in goods.
have survived and today are used to send money
worldwide. Common types of IVTS include Hawala A BMPE, despite the name, does not have to
networks and the Black Market Peso Exchange. involve pesos, although the scheme originated in
Colombia and is still prevalent there. Traditionally,
BLACK MARKET PESO EXCHANGE laundering through BMPE begins with the pro-
The Black Market Peso Exchange (BMPE) method ceeds of narcotics sold in the US. These funds are
is an elaborate means of moving money and laun- in US dollars. Narcotics traffickers then contract
dering criminal proceeds. In broad terms, BMPE with money exchangers, referred to as “cambis-
tas” or peso brokers, to purchase the dollars at
An Illustration of a Colombian Black Market Peso Exchange Ring, Broken Up in 2005 by US Law Enforcement as
Part of an Initiative Called Operation Mallorca. Source: US Drug Enforcement Administration
192
a reduced rate. The cambista holds accounts in A basic example of a Hawala transaction would be
financial institutions in both the US and Colombia. a customer from country X seeking to send money
or satisfy an obligation to another from country Y.
The cambista then swaps the US dollars for pesos A hawaladar from country X would then receive
with import/export businesses in Colombia and funds from country X and provide the customer
other Latin American countries. These businesses from country X with an authentication code. A
need US dollars to purchase and import goods corresponding hawaladar from country Y would
from the US, which range from tobacco products be instructed to deliver funds in the currency of
to home appliances. Many businesses involved in country Y to a specified beneficiary, who needs to
the BMPE are completely legitimate, while others disclose the authentication code to receive funds.
illegally smuggle goods from the US to avoid cus-
toms duties. In either case, businesses typically Another example of how Hawala works is found
receive US dollars at a significantly lower rate in a report titled, The Hawala Alternative Remit-
than the official exchange rate. tance System and Its Role in Money Laundering,
by the Financial Crimes Enforcement Network,
Cambistas then pay off narcotics rings in Colom- FinCEN, a bureau of the US Department of the
bia with the pesos they receive from these busi- Treasury and Interpol.
nesses, completing the BMPE cycle. As cambistas
receive substantial commissions and fees from Note the trust that is inherent in the example that
the exchanges, and businesses receive a favorable follows. Tariq gave his money to Yasmeen and
exchange rate, the BMPE can be quite profitable received no receipt. He trusts that the Rs 180,000
for all parties involved. That is one of the reasons will reach his brother, Waleed. Yasmeen keeps
the scheme has been so successful in past years. track of how much money she owes Ghulam and
Greater awareness of BMPE has led many US Ghulam, of course, will keep track of what Yas-
financial institutions to restrict or cut off busi- meen owes him. The relationship between Yas-
ness with suspect Colombian and other South meen and Ghulam could be one of several types:
American peso brokers, lessening the impact of 1. They could be business partners or
BMPE in recent years. Nevertheless, the financial individuals who do business together on a
crime specialist should remain aware of it, espe- regular basis. It could be in addition to other
cially if they are pursuing a case or assignment in business they engage in, such as CD or video
a jurisdiction where use of BMPE is common. import or a tour agency
HAWALA 2. Ghulam could owe Yasmeen a debt, and this

is a way to repay the debt,
Hawala is a type of IVTS that began in India but
is now used around the world, particularly in Asia 3. Yasmeen may have a surplus of rupees, and
and the Middle East. It has been referred to as an this is a way to liquidate the surplus.
underground banking system. This is not entirely
correct because many hawaladars, as they are In the above example, neither number 2 or 3
called, conduct business in the open, legitimately, require Ghulam to recover any money. But in the
with advertising and competition. first example, further interaction is needed to
balance the books.
Hawala is based on trust and there is little paper
trail, such as checks or other instruments. Hawala The lack of formal structure in Hawala leads to a
relies on strong personal and family connections less bureaucratic approach than formal financial
and other affiliations. institutions and, to those who use it, is thought
to be more reliable and convenient. As there is no
193
AN EXAMPLE OF A HAWALA TRANSACTION

Tariq is a Pakistani living in New York and driv- This arrangement will allow Tariq to send
ing a taxi. He entered the US on a tourist visa, Waleed Rs166,250, instead of 154,225. As we
which has long since expired. From his job as will see, the delivery associated with a Hawala
a taxi driver, he has savings of $5,000 that he transaction is faster and more reliable than
wants to send to his brother, Waleed, who lives in bank transactions. He is about to make
in Karachi. Even though Tariq is familiar with arrangements to do business with Iqbal when
the Hawala system, his first stop is a major he sees the following ad:
bank, where he learns several things: MUSIC BAZAAR AND TRAVEL SERVICES
• The bank would prefer that he open an Latest Bollywood Hits Video Conversations
account before doing business with them. Cheap Tickets to India and Pakistan
Great Rupee deals (service to India and Paki-
• The bank will sell him Pakistani rupees stan) Call Yasmeen at 718-555-1111
(Rs) at the official rate of 31 to the dollar.
• The bank will charge $25 to issue Tariq calls the number and speaks with Yas-
a bank draft. meen. She offers him the following deal:
This will allow Tariq to send Waleed Rs154,225. • A fee of 1 rupee for each dollar transferred
Delivery would be extra—an overnight courier • 37 rupees for a dollar
service because surface mail is not always reli- • Delivery is included
able, especially if it contains something valu-
able, and can cost as much as $40 to Pakistan— Under these terms, Tariq can send Waleed
and take up to a week to arrive. Tariq believes Rs180,000. He decides to do business
he can get a better deal through Hawala, and with Yasmeen.
talks to Iqbal, a fellow taxi driver who is also a
part-time hawaladar. The Hawala transaction proceeds as follows:
Iqbal offers Tariq the following terms: • Tariq gives the $5,000 to Yasmeen.
• A 5% “commission” for handling • Yasmeen contacts Ghulam in Karachi and

the transaction gives him the details.
• 35 instead of 31 rupees for a dollar • Ghulam arranges to have Rs180,000

delivered to Waleed.
• Delivery is included
194
paper trail or actual transfer of funds between USING SECURITIES, FUTURES AND
institutions, cultural factors such as kinship and DERIVATIVES TO MOVE MONEY
ethnicity play a vital role in the facilitation of the Trade in securities represents a multi-trillion dol-
transactions. lar sector of the global economy, with millions of
stocks, bonds, derivatives, futures, credit swaps
REASONS FOR USING HAWALA and other financial instruments being sold and
Hawala may seem like a lot of trouble in today’s purchased on dozens of exchanges worldwide.
world, when money can be moved rapidly through The actors involved in securities trading include
the traditional banking system or through elec- most of the world’s largest banks, major interna-
tronic means. However, Hawala offers many tional investment firms and government entities
advantages, according to these points gleaned such as sovereign wealth funds. They also include
from the above-mentioned study by FinCEN an array of smaller brokerage firms, sole propri-
and Interpol: etorship broker-dealers and individual traders.
Together with banking, the securities industry
• Cost effectiveness is one of the key ways that persons worldwide
• Efficiency access the global financial system.
• Reliability
Monitoring securities trading presents a distinct
• Lack of bureaucracy challenge, as it can not only be used to launder
• No paper trail
• Allows evasion of taxes
COMMON INDICATORS OF
COMMODITIES TRADING SUSPICIOUS ACTIVITY
TO MOVE MONEY Some of the most common indicators
of suspicious activity in the securities
One emerging method of moving funds is com-
industry are:
modities purchases and trades. In these situa-
tions, a financial criminal will purchase a type of • Changing share ownership when
commodity and export it to a “beneficiary.” Pur- making a transfer across borders
chase orders, invoices and other records lend an
• Liquidating what would usually be
air of legitimacy to the transaction.
a long-term investment within a
short period
Once the commodity is received in the destina-
tion country, it is sold locally, which accomplishes • Using a brokerage account similar to a
the task of exchanging one currency for another. depository account
Sometimes, a third country is utilized to further • Opening multiple accounts or
obscure the transaction. nominee accounts
• Engaging in transactions involving
nominees or third parties
Source: FATF Report October 2009, Money

Laundering and Terrorist Financing in the
Securities Sector
195
and move the proceeds of criminal activity, but A similar type of security is a “bill of exchange” in
also be manipulated to earn illicit proceeds. As a jurisdiction where it is redeemable upon pre-
insider trading and other forms of securities sentation. Similar to the bearer bond, a bill of
fraud are addressed in the Understanding and exchange may be viewed as having a high level of
Preventing Fraud chapter, this chapter focuses on risk of being used in a financial crime scenario or
using securities as a mechanism for transferring to launder criminal proceeds.
dirty money. The financial crime specialist should
note that securities fraud and laundering through SECURITIES TRADING AS LAYERING
securities are often closely interconnected. Purchasing most securities on exchanges or mar-
kets almost always requires an account of some
The laws governing securities trading vary con- kind held with a securities broker, which is typ-
siderably from jurisdiction to jurisdiction, as do ically funded by another account at a financial
the regulatory and enforcement frameworks institution. As a result, securities trading is not
around securities markets. Many of the larger often the first stage in laundering dirty money.
global exchanges, such as the London or New York However, because securities trades can be exe-
Stock Exchanges, are closely watched by a num- cuted in high values and large volumes, they do
ber of market regulators and oversight bodies. represent a potential avenue for layering illicit
Other exchanges receive considerably less scru- proceeds, by quickly creating a chain of transac-
tiny. In a 2010 typology report, the FATF found tions to obscure the source of the funds.
that, generally, suspicious activity reporting by
the securities industry worldwide remained low, One example of this is wash trading of stocks, or
potentially due to a lack of awareness of AML and simultaneously buying and selling shares of stock
terrorist financing issues in the securities field. in the same company through two different bro-
kers. Although this is usually done as a form of
The term “securities” refers to different types market manipulation in order to make it appear
of financial instruments issued by companies as if there is a high level of trading activity around
and government entities. A complete explana- a certain stock, it can also be done simply to pile
tion of the instruments that qualify as securities up transactions and layer funds.
is beyond the scope of this manual, especially as
types of securities continuously grow and evolve. Another sign that securities trading may be lay-
Further reading is advised for the financial crime ering is if a broker is directed to make many rapid
specialist involved in cases involving securities. purchases of a security with no discernible pat-
tern, purpose or underlying market rationale,
BEARER SECURITIES and then sell these securities after holding them
Although most securities are not now maintained only briefly.
in paper form, “bearer” securities, including
bearer bonds, still exist in certain jurisdictions. DERIVATIVES
These instruments are owned by the person who Derivatives come in three forms: futures, options
“bears,” or possesses them. Once a bearer instru- and swaps. Using derivatives to move money
ment has been issued, the holder can transfer it derived from financial crime requires at least a
to another recipient without the need to record cursory understanding of how derivatives work.
the transaction. Bearer securities can be depos-
ited into a brokerage account and then be used Derivatives are essentially a bet on which direc-
to make other trades or to withdraw or wire the tion the price will move for some underlying
entire funds. value, which can be a commodity, a share of stock,
a financial asset, foreign exchange or an index
196
WASH TRADING
Futures: A financial contract obligating The most common technique used in deriva-
the buyer to purchase an asset (or the tives trading to obscure illicit funds is known as
seller to sell an asset), such as a physical wash trading. The financial criminal establishes
commodity or a financial instrument, at two accounts. One account, the “dirty money”
a predetermined future date and price. account, is held by a seemingly unrelated party.
The second account is held by the party that
Options: Financial derivative that repre- should “receive” the payment, such as a politi-
sents a contract sold by one party (option cian who may be receiving a bribe. This scheme,
writer) to another party (option holder). of course, requires the assistance of a com-
The contract offers the buyer the right, plicit broker.
but not the obligation, to buy (call) or sell
(put) a security or other financial asset at The financial criminal and the broker agree to set
an agreed-upon price (the strike price) up two positions that offset each other. When the
during a certain period of time or on a positions come due, the loss is assigned to the
specific date (exercise date). dirty money account and the gain to the clean
money account. The difference in the two is the
Swaps: Traditionally, the exchange cost of laundering the money.
of one security for another to change
the maturity (bonds), quality of issues OTHER DERIVATIVE TRADING RISKS
(stocks or bonds) or because invest- Derivatives can be used in a multitude of other
ment objectives have changed. Recently, combinations to create the illusion of legitimacy
swaps have grown to include currency while, at the same time, moving money across
swaps and interest rate swaps. borders to further a financial crime, launder
criminal proceeds or finance terrorism. Taking
offsetting positions that result in double com-
of these. The party betting that the price will go missions for the complicit broker, options trad-
down is said to be “short” on the contract. The ing with offshore companies, client- originated
party betting that the price of the underlying insider trading, swaps in the commodities mar-
value will go up is said to be “long” on the contract. ket and auto-trading are some of the schemes or
If the price of the underlying value moves, there factors that have been noted in recent years as
will be a winner and a loser in connection with vehicles for moving money.
the contract. If the price goes up, the long side
wins. If the price goes down, the short side wins. The real complexity of a derivative lies in the
underlying contract, which is also often complex.
The key to money laundering with derivatives is The FATF has said in a report: “The way in which
to manipulate the two sides of the contract in derivatives are traded and the number of opera-
such a way that the losing side is associated with tors in the market ensure that there is the poten-
the dirty money, and to ensure that both sides tial to obscuring the connection between each
are participants in the money laundering scheme. new participant and the original trade.”
Thus, the winning side gets clean money from suc-
cessful contracts, a legitimate source of income.
197
ONLINE SECURITIES TRADING ACCOUNTS OVER-THE-COUNTER MARKETS

A relatively recent development is the rise of While most securities are traded on open
Internet-based securities trading accounts. exchanges where any registered securities broker
These are typically offered by financial institu- can buy or sell them, some securities are traded
tions and investment firms, and allow individual on over-the-counter, or OTC, markets. “OTC
investors to access their portfolio of securities. securities” generally refers to all securities traded
In some jurisdictions, they allow individual cus- outside of the traditional exchanges, which usu-
tomers to transfer securities to another customer ally have greater regulation, more participants
account, the account of a family member or a and stricter requirements for the securities they
company account they control. Such easily acces- will allow to be listed. In some cases, OTC mar-
sible means to transfer securities can be used in kets are regulated and organized, and OTC trad-
tax fraud schemes, as a tax evader can shift their ers must become market members.
control of the securities to another person or
multiple persons and, therefore, avoid certain tax In other cases, OTC markets receive significantly
liabilities on the dividends of their investments. less oversight and can simply involve groups
of securities brokers trading securities among
Such a transfer scheme could also be used for themselves, on terms they negotiate and not at
money laundering. A financial criminal could market rates.
conceivably have an associate or family member
open an online securities account and invest in In these instances, it is possible for OTC trades to
a portfolio of securities. The financial criminal be manipulated to pay more for a security than
would then pay them the cash value of their secu- would be paid at a reasonable market rate, and
rities portfolio with illicit proceeds, allowing the thus covertly transfer money to another party in
criminal to instantly gain access to “clean” funds. the process. One example is through the trade
in OTC options, a form of security that allows
The growth of online securities trading accounts a seller to drastically inflate the price they are
has also made it easier for financial criminals to offering for the option, or charge substantial pre-
access securities markets generally. High vol- miums to a buyer on their sale of options. In either
umes of transactions through online trading ser- case, funds could be transferred from the buyer
vices and a lack of direct contact with customers to the seller if the buyer purchased options at the
can make it difficult for the financial institutions inflated price, or agreed to the high premium. As
that host such accounts to know their custom- OTC options trades can occur between parties in
ers and detect suspicious transactions. Like any different jurisdictions, this is one potential ave-
online account, online securities accounts are nue to move funds internationally.
also vulnerable to identity thieves and account
takeover schemes.
PREPAID CARDS AND THEIR
Identity thieves can open online accounts in FINANCIAL CRIME RISKS
order to move illicit proceeds or engage in secu- Also called “stored value cards,” these are an
rities frauds such as insider trading. Hackers can increasingly popular way of carrying, transmitting
take control of an online securities account as and moving value. Hundreds of billions of dollars
part of securities manipulation schemes, using move worldwide through prepaid cards each year.
the account to buy up a certain stock in order to
pump up its price, for example. There are several types of prepaid cards. Some are
called “closed loop,” meaning they are issued by a
particular business and may only be redeemed for
198
Prepaid card fraud is often tied to credit card

fraud in which a lost, stolen or counterfeit credit
card is used to buy or load prepaid cards, which
are sold at a discount from the value they contain.
Prepaid cards are also frequently used in iden-
tity theft or account takeover schemes, in which
a hacker will obtain control of a victim’s online
bank account and use the funds to purchase pre-
paid cards, which are then retrieved by mules or
smuggled out of the country.
Because prepaid cards are easily transported

across national boundaries, they serve as a con-
venient and portable money laundering vehi-
goods and services at that business. Closed loop cle. A criminal seeking to launder money can
cards usually may not be reloaded after their ini- load the card in one country, transport the card
tial value is consumed. to another country and withdraw cash through
ATM machines. It is a simple, secure and anon-
“Open loop cards” have no specific business, ser- ymous way to move and launder money. Finan-
vice or product they must be used for, and can cial institutions, retail establishments and other
typically be utilized at any business that accepts businesses may combat money laundering and
credit or debit cards. They often may be used for other financial crime through prepaid cards with
ATM transactions and are normally reloadable. In systems that monitor their sale and usage. The
most cases, open loop cards are issued through a system should issue alerts on card use, and limit
bank and use the networks of major credit card or block the use of prepaid cards that exceed the
companies, such as American Express, Master- established standards for normal use.
Card and Visa. They are usually restricted for
use with merchants that accept the respective Understand how and why a card will be used.
credit cards. While prepaid card issuers may not always collect
information or conduct due diligence to the same
Like any other mechanism to store and transfer extent as a bank or credit card issuer, they should
value, prepaid cards are susceptible to exploita- still have some recognition of the card’s intended
tion by financial criminals. Several attributes of use in order to determine what customer trans-
prepaid cards make them an attractive avenue for actions are normal and which may be suspicious.
fraudsters and money launderers. They can be a It is important to note that transaction behavior
highly portable means to carry a large amount may be different from typical debit card or credit
of funds, and are usually difficult to distinguish card use. One example is prepaid payroll cards,
from a standard bank-issued credit or debit in which all the stored value on the card may be
card. In some jurisdictions, they can be obtained deposited or withdrawn at once.
with fewer customer due diligence procedures
than would be conducted when opening a bank Monitor load activity and set parameters how
account or applying for a credit card. Some juris- cards can be loaded and for number of reloads in
dictions have few regulations on prepaid cards, a given timeframe. This is one of the most essen-
allowing prepaid providers to issue cards paid tial steps to prevent prepaid cards from being
for in cash, with little information collected from used in money laundering schemes. Restrict-
the purchaser. ing the total amount that can be loaded onto a
199
card, and restricting or not allowing the card to EMERGING PAYMENT METHODS AND THEIR
be reloaded, limits the ability to store and move FINANCIAL CRIME RISKS
large amounts of value. Again, these thresholds In Kenya, a trader in precious metals buys and
and load monitoring systems should be tailored sells gold using funds stored on his cell phone.
to the intended use of the card and the type of In Germany, a customer buys electronic goods
customer. If reloads are allowed, prepaid issu- over the internet with Bitcoins. In the US, a user
ers typically should limit the amount that can be of Second Life uploads funds into an in-game
loaded onto the card in a given timeframe. account in order to purchase virtual items.
Be able to identify the source and location of All of these scenarios are examples of emerging
loads and reloads. Prepaid providers should technologies to move and transmit funds called
monitor the geographic location and flag or “new payment methods” by the Financial Action
potentially block cards loaded or reloaded from Task Force. Online communication tools, social
unexpected and high-risk jurisdictions. They and gaming networks, and mobile devices such as
should also have mechanisms in place to know smart phones and tablets, are opening up more
the source of reloads, whether that is cash, credit avenues for storing and transferring value than
card, wire transfer or money order. ever before. Many of these payment methods
are either so new as to be entirely unregulated,
Monitor the number and type of cards issued to or intentionally designed in such a way that they
any given customer. A customer holding dozens can be used anonymously. As such, the attraction
or hundreds of prepaid cards without any compel- for financial criminals is obvious, especially as the
ling business reason would obviously raise major web-based nature of many of these tools makes it
red flags. Issuers should track the cards it issues possible to move funds internationally with only
to customers and place limits as appropriate. a computer and a little creativity.
Conduct due diligence to understand all parties It is difficult to judge the financial crime risks of
involved in the issuance of cards in a prepaid pro- these new payment methods, as most have only
gram. Prepaid cards are typically issued by banks, been in existence a handful of years. Despite the
many of which are smaller regional institutions. attention they have received from some compli-
These banks often outsource the actual opera- ance professionals and law enforcement agencies,
tions and maintenance of their card programs to there are very few well-documented cases of the
third parties, including the compliance function. proceeds of financial crime moving through ven-
Whether the financial crime specialist is advising ues like mobile payments and virtual currencies.
a prepaid issuer or investigating a case involving With that said, it is still important for the finan-
prepaid cards, they should understand who ulti- cial crime specialist to understand these meth-
mately controls cardholder information, and who ods and recognize their potential vulnerabilities.
is responsible for supervising compliance. As they continue to grow in use and amount of
value being transferred, it is almost inevitable
Prepaid card issuers must also be alert to the that they will be exploited by financial criminals
responsibility of suspicious activity reporting in some capacity.
requirements. Some jurisdictions require suspi-
cious activity reports to be filed with the perti- MOBILE PAYMENTS
nent authorities on prepaid activity, similar to the
requirements on other financial transactions. It is estimated that in 2012, roughly 1.5 billion
people had direct access to a financial institution,
yet there were more than five billion cell phones.
With phones and other mobile technology prolif-
200
erating, the potential to transfer, send or receive One risk of such a system is “digital value smurf-
funds through mobile devices, or “mobile paying,” which simply means using multiple money
ments,” represents a rapidly growing new finan- mules or “smurfs” to make small cash depos-
cial service. its of financial crime proceeds into their mobile
accounts. Once the money is in the mobile pay-
Currently, mobile payment systems are most ment system, the smurfs can then transfer the
common in developing countries like the Philip- virtual value into an account controlled by a laun-
pines, Ghana and especially Kenya, where access derer or other financial criminal.
to banks or other traditional financial services is
often limited. Depending on the size and sophis- Such a scheme has none of the typical difficulties
tication of the system, mobile payments can associated with bulk cash smuggling. Because
be used to deposit and withdraw funds from many mobile payment networks are relatively
accounts, transfer funds between phones, and unregulated, it could also evade currency and
buy goods and services. Some employers will transaction reporting requirements placed on
even pay their employees directly to their phones. more traditional financial institutions.
Mobile payments have also become a popular
means for emigrants to remit payments back to In addition, mobile payment systems may make it
their home countries. easier for launderers and other financial criminals
to erase their tracks, as they usually leave behind
Perhaps the best example of a mobile payment fewer records than more established financial
system in action is Kenya’s M-PESA. Launched in transactions. Law enforcement would be left with
2007, M-PESA relies on a network of more than little physical evidence that a financial crime took
100,000 small businesses, who register as agents place, and if the mobile payments are transferred
with the mobile payment system. An M-PESA user across borders, they may lack jurisdiction to pur-
can then bring cash to these agents, who will sue the financial criminal.
then exchange it for virtual value credited to a
user’s M-PESA account. Users can then exchange VALUE TRANSFER THROUGH
this value with other M-PESA users, buy items VIRTUAL WORLDS
at some stores and restaurants, or withdraw the As online role-playing games became increas-
value as cash at another agent. As of late 2012, ingly popular worldwide, some began incorporat-
more than $1 billion was transferred through ing the ability to convert real-world currency into
M-PESA each month. virtual value that could be used to purchase items
in the game. As these games continued to develop,
some of the larger and more sophisticated ones
spawned virtual economies where items, services
and even virtual real estate could be bought and
sold. Critically, some even developed means to
convert virtual value back into real-world funds
or other assets.
These virtual worlds present yet another new

avenue that could be utilized by money laun-
derers. Moving value to and from a virtual world
would allow funds to easily cross national bor-
ders, and could be an effective means to place
and layer illicit proceeds. Smurfs could create
201
accounts in virtual worlds and exchange real- Less than two years later, Nakamoto ceased pub-
world money for virtual value, then transfer that lic communications and effectively disappeared.
value to an organized crime group by purchasing Whether he is a real person, a pseudonym used
items in the game world. Additionally, some vir- by someone else, or a group of individuals is still
tual worlds require little information from users not clear. But in the years since, the Bitcoin sys-
to open accounts, allowing financial criminals tem has grown dramatically, launching a new era
to enter these online communities and conduct of digital currencies.
transactions with relative anonymity.
Digital currencies existed prior to Bitcoin, some
One of the oldest and most robust virtual worlds dating back to the 1990s, and the name can refer
for the exchange of real and virtual value is Sec- to a wide variety of electronic money and value
ond Life. An online community of roughly one transfer systems. Some of the earliest digital cur-
million users worldwide, it allows users to cre- rencies were systems that allowed users to open
ate characters, design virtual items and cre- and fund accounts tied to the price of gold or
ate in-game buildings and structures. All these other precious metals, and conduct transactions
items and this real estate can be bought and with other users. More recently, “decentralized”
sold, using an in-game currency called “Linden digital currencies based on mathematical sys-
Dollars,” named after the company that created tems, like Bitcoin, have risen to prominence.
Second Life. Linden Dollars can be purchased
with real-world currency, and traded back into Since their beginning, digital currencies have
real-world currency through the company’s cur- attracted vocal supporters who claim they are
rency exchange. In 2012, roughly $119 million was the future of money and payments, and equally
traded on Linden’s currency exchange. Virtual vocal critics who argue they mostly exist for illicit
worlds have almost no oversight from any regu- transactions. To date, both sides seem partially
latory body. As a 2012 report on currency trading right. Some digital currencies are innovative and
in virtual worlds from the European Central Bank have potentially far-reaching applications. But
stated: “Every criminal act which takes place like any system that can be used to store and
in the real world might also be reproduced and transfer value, they are also vulnerable to use by
adapted to Second Life and probably also to other money launderers, cybercriminals and terror-
virtual communities. But the likelihood is even ist financiers.
stronger as a result of the lack of proper regula-
tion and oversight and owing to the high degree The FATF uses the terms “virtual currency” and
of anonymity that exists in these online worlds.” “digital currency” interchangeably. It defines
these currencies as “a digital representation of
value that can be digitally traded and functions
DIGITAL CURRENCIES as a medium of exchange, a unit of account, and/
In October 2008, someone going by the name or a store of value.
of Satoshi Nakamoto published a paper, which
detailed the development of a peer-to-peer elec- The FATF notes that digital currencies are not
tronic cash system, to a mailing list for program- issued or backed by any country or jurisdiction
mers and cryptography researchers. – they hold value only due to their acceptance by
a user community. Digital currencies are sepa-
A few months later, Nakamoto released the source rate and distinct from “fiat” currencies, the real-
code for the project outlined in the paper, and world money issued by national governments.
became the first person to hold currency gener- Some digital currencies, in fact, were originally
ated by this new system: Bitcoin. intended by their creators as replacements for
202
fiat currencies. In broad terms, digital currencies By their nature, centralized systems are more eas-
can be divided into two types of systems. ily subjected to regulatory oversight or enforce-
ment. One person or entity administers them, in
CENTRALIZED CURRENCIES some cases running the platform off of a hand-
Centralized currencies exist on their own propri- ful of servers. If the person behind the system is
etary platform and are operated by a single com- arrested, or the servers seized, a centralized cur-
pany or person, usually referred to as the adminis- rency can essentially disappear overnight.
trator. While users hold accounts and can initiate
transactions, the administrator sets the rules of Closed-loop currencies are less at risk for money
the system and acts as an intermediary to pro- laundering than open-loop or convertible ones,
cess transactions and maintain a payment ledger. and their use in financial crime schemes is gen-
erally limited to smaller transactions by low-
Most centralized currencies are “closed-loop” or er-level criminals.
non-convertible, meaning they can only be used
for transactions on a specific platform. Some are However, savvy financial criminals have fig-
“open-loop” or convertible, meaning they can be ured out ways to exploit even seemingly obscure
exchanged for fiat currencies. Common exam- value transfer systems for their own benefit, and
ples of closed-loop systems are the currencies closed-loop digital currencies are no exception.
used to buy and sell items in online games and Secondary markets or unauthorized exchanges
virtual worlds. have developed around some non-convertible
currencies, allowing users to convert virtual
Users can transfer real-world money onto funds back into fiat currency.
accounts in these closed-loop systems and con-
duct transactions between users of the system, DECENTRALIZED CURRENCIES
but typically cannot spend or convert the cur- Decentralized currencies do not have an admin-
rency outside of the platform. istrator, and there is no single entity that controls
them. Instead, they operate on a peer-to-peer
model. The platform that maintains and admin-
isters the currency is distributed between the
users, and its rules and operations are estab-
lished by its programming.
Most decentralized currencies are also “cryp-

tocurrencies.” This means that their operations
are based on principles originally developed in
the cryptography field. Cryptocurrencies rely
on cryptographic keys to transfer value between
users, and validate the transaction. The sys-
tem’s programming maintains a ledger of trans-
actions. This ledger is supported and secured
by mathematical operations conducted by the
users themselves.
A Photograph of a Smartphone with A Bitcoin Wallet. A
This description of cryptocurrencies is simpli-
Wide Variety of Cryptocurrencies in Any Quantity Can
fied, as a full technical explanation of crypto-
Be Held in Mobile Wallet Applications.
currency operations is beyond the scope of this
203
manual. However, while they may sound com- Mining helps process transactions in Bitcoin,
plex, most cryptocurrencies are fairly simple to and maintains the currency’s open payment led-
obtain and use. ger, or “blockchain.” It is also how new Bitcoins
are released into circulation. Through its pro-
Bitcoin has become the de facto standard for gramming, Bitcoin has a cap on the total number
cryptocurrencies, although there are many oth- of Bitcoins that will be brought into circulation,
ers inspired by Bitcoin that have tried to present at 21 million.
themselves as modified or improved versions. As
of early 2018, some of the more popular crypto- Resolving the mathematical puzzles required for
currencies after Bitcoin were Ethereum, Litecoin, mining takes substantial computational power.
Zcash, Dash, Ripple and Monero. To incentivize mining, the system rewards min-
ers with a small transaction fee. When a new Bit-
The most common way that users obtain Bit- coin is periodically released into circulation, the
coins, or other cryptocurrencies, is through an miner who unlocks that Bitcoin also receives it as
exchange. These exchanges operate similarly to a reward. Mining has become significantly more
securities trading accounts, with the prices of difficult over time, due to the programming con-
currencies constantly changing. Exchanges gen- straints of Bitcoin. Some other cryptocurrencies
erally will require a users’ real name and contact also rely on mining as part of their operations,
information, and conduct customer due diligence while others use different models.
before opening an account.
Because setting up accounts on digital currency
Customers can then purchase digital curren- platforms is often a quick and easy process that
cies through bank accounts or credit or debit can be done online, these systems lend them-
cards. Some exchanges also provide wallets or selves to “micro-laundering.” A launderer may
electronic storage for a user’s Bitcoins. Users open multiple different accounts under his con-
can also create their own wallet online. A wallet trol on a currency platform, and use them to
comes with a unique address that allows users to send many different small-value payments to
receive Bitcoins. other recipients.
Once they have obtained and stored Bitcoins, This technique takes advantage of the ability to
users can transfer payments using the recipient’s conduct rapid or instantaneous payments using
public address, purchase items from retailers who digital currencies. W the amounts transmitted in
accept Bitcoin, buy gift cards, or even exchange each payment may be very small, a criminal can
Bitcoins for other digital currencies. There were move large sums quickly by conducting hundreds
nearly 100,000 retailers that accepted Bitcoin as or even thousands of low-level transactions.
of mid-2017.
CRYPTOCURRENCY AND MONEY
There are several other ways to obtain Bitcoins LAUNDERING RISKS
and other digital currencies besides purchasing Why would a money launderer, fraudster or other
them from an exchange, including through “min- financial criminal decide to use a cryptocurrency?
ing.” In simple terms, mining involves using com- After all, there are established money laundering
puting power to solve complex mathematical for- channels that are proven to be effective, and pay-
mulas, and is an integral part of how Bitcoin and ment systems like money remitters have transac-
some other cryptocurrencies operate. tion fees that are comparable or lower than many
cryptocurrency exchanges.
204
Furthermore, cryptocurrencies are a tradable Unlike cash, digital currency users do not need
asset. Speculation on cryptocurrency markets to physically move large volumes of currency
can lead to large fluctuations in their price, and or be in the same area to conduct transactions.
their value tends to be less stable than many real- This ability to conduct cross-border transactions,
world currencies and investments like real estate. without the use of financial institutions and the
Although their acceptance by retailers and even regulatory oversight that comes with them, is
some financial institutions is growing, the abil- another reason why financial criminals might
ity to convert cryptocurrencies into cash, or use exploit cryptocurrencies.
them to buy goods and services, is still more lim-
ited than real-world currencies. It is worth noting that there is a major caveat in
Bitcoin’s perceived anonymity. All transactions in
However, there are key features of cryptocurren- Bitcoin are stored on its public ledger, or block-
cies that may make them attractive to the crim- chain. If someone – for example, a law enforce-
inal element: ment agent – knows the addresses of the sender
or recipient, they can theoretically trace the
ANONYMITY transaction through the blockchain.
Much of the concern from law enforcement and
regulators has focused on the potential for largely In 2015, agents with the FBI and IRS Criminal
anonymous transactions using cryptocurrencies. Investigations Division were able to trace nearly
4,000 Bitcoin transactions to Silk Road, a noto-
Many exchanges will conduct customer due dil- rious online drug bazaar. This tracing was pos-
igence, monitoring and reporting on the funds sible after agents seized a laptop containing
coming into customer accounts. Once funds the personal addresses of Ross Ulbricht, Silk
move from real-world currencies into crypto- Road’s owner and operator, and analyzed these
currencies, however, they become much more addresses against the blockchain.
difficult to trace back to a real person. Once a
customer has transferred Bitcoins purchased on For this reason, Bitcoin is often referred to as
an exchange into his wallet, the transaction trail pseudo-anonymous. Even if a transaction is
is obscured from the eyes of law enforcement traced, it can be challenging to tie an address
and regulators. back to its true owner, and requires extensive
investigation.
At this point, cryptocurrency transactions act
similarly to transactions in cash. Users can trans- SPEED AND IRREVOCABILITY
fer currency to other users, buy goods or services An individual who orders a wire transfer for pay-
or store currency in an online or offline wallet ment to a recipient overseas may have to wait
with little to no reporting or audit trail. several days for the transaction to clear. During
that time, the bank will conduct due diligence
Although exchanges require a user to provide his checks on the customer and recipient, and the
real identity, wallets typically do not – many can transaction could be cancelled or reversed if it is
be opened using only an email address and alias found to be fraudulent or in violation of sanctions.
or fake name. Wallets can be held on a user’s own
device, such as a computer, phone or even USB Cryptocurrency transactions have no such lim-
drive. Addresses tied to these wallets, and used itations. Once initiated, the currency leaves one
to transact in Bitcoin and other cryptocurrencies, user’s wallet, is processed through the ledger,
can be hard to link back to an individual or entity. and enters the recipient’s wallet in a matter of
minutes or less. Transactions are usually irrevo-
205
cable. Like a cash payment, there is no built-in From the perspective of a criminal conducting an
mechanism to reverse a cryptocurrency payment online fraud scheme, this makes cryptocurren-
unless the recipient simply agrees to return it. cies an appealing option. Online Ponzi and pyra-
mid schemes will often ask for payment in Bitcoin
Many exchanges and service providers will or other cryptocurrencies, ensuring the fraudster
respond to user complaints, and may shut down receives his funds quickly and defrauded custom-
accounts suspected of illicit activity. But the ers have little ability to recover them. The same is
decentralized nature of cryptocurrencies means true for cybercriminals offering hacking skills or
there is no single administrator to police transac- malware, or sellers of narcotics or illegal goods,
tions or field appeals from users. who want to ensure they will be paid without
A Notice Posted on the Dark Markets Alphabay and Hansa After Both Were Seized by Dutch
Police in 2017. In Recent Years, Law Enforcement has Become More Adept at Dark Web and
Cryptocurrency-related Investigations.
206
having to reveal any personally identifying infor- law enforcement have found infrequent though
mation to buyers. growing use by organized crime rings, and lim-
ited cases involving terrorist financing.
INCONSISTENT REGULATION AND
ENFORCEMENT OF DIGITAL CURRENCIES In July 2017, a report by the European Commis-
sion noted that use by organized crime was “quite
In the early days of digital currencies, lawmak-
rare” at that time, and suggested that digital
ers and regulators in many jurisdictions seemed
currencies presented a higher bar for entry and
baffled by what to make of this strange new
were less convenient than other money laun-
phenomenon. Cryptocurrencies seemed espe-
dering methods.
cially confusing.
Digital currencies are widely used in markets for
Some countries ignored them, some outlawed
illegal goods and services online, however. Digital
their use entirely, and still others debated whether
currencies have become the preferred payment
they were even a financial asset that should be
method for illicit online transactions, especially
subject to regulation. That debate continues, but
on the dark web. The “dark web” describes an
some nations have adopted a framework for reg-
Internet network that exists outside of the “sur-
ulating parts of the digital currency world. The
face web,” or the online world that most people
most common approach has been to focus on
typically interact with through their browser.
regulation of digital currency administrators
The dark web can only be accessed through spe-
and exchanges.
cialized software and is not discoverable through
search engines or web indexing tools.
In the US, Canada and European Union, for exam-
ple, administrators and exchanges are considered
The largest and perhaps most well-known dark
to a form of money services business, and sub-
web is accessible through The Onion Router (Tor),
ject to the same AML regulation as other MSBs.
an online anonymity tool. Tor is free software that
This includes customer due diligence, transac-
anyone can download. It was initially developed
tion monitoring, reporting and record-keeping
to help persons in repressive countries access the
requirements. Globally, the regulatory framework
Internet and avoid government censorship.
for digital currencies remains inconsistent and
varied. Some countries still do not regulate dig-
It directs an individual’s online activity through
ital currency exchanges; others have regulations
a network of more than 7,000 relays, disguising a
on the books but do not seem to enforce them.
user’s true location and making it difficult to con-
Whether and how individuals have to report their
duct online surveillance on a user. Web sites can
digital currencies for tax purposes is also unre-
be configured so that they are accessible only to
solved in many countries.
computers running Tor software. This has cre-
ated a hidden online environment shielded from
CRIMINAL USE OF DIGITAL CURRENCIES
the public view of the surface web.
AND THE DARK WEB
If digital currencies are vulnerable to use by Much of its dark web is innocuous. There are per-
financial criminals, there is an obvious question: sonal websites, blogs and even social media sites
What are criminals using them to do? similar to Facebook, but, inevitably, criminals
have also been drawn to the dark web. There are
Much concern about digital currencies has forums where credit card fraudsters trade tips
focused on their potential for money laundering and share skills, and others where cybercriminals
by transnational organized crime groups and ter- discuss new malware and attack techniques and
rorist financiers. As of mid-2017, researchers and
207
offer suggestions on easy targets. Criminal actors digital currencies back into real-world funds to
have also set up dark web marketplaces, where bankroll ongoing operations or enjoy their ill-got-
a vast array of illegal goods and services can be ten gains. This creates an interface with financial
purchased using cryptocurrencies. institutions and raises compliance concerns for
AML professionals.
Many well-trafficked illicit bazaars in the Tor dark
web, such as Silk Road, Silk Road 2.0 and Alpha- Banks and other financial institutions should con-
Bay, have been closed by law enforcement or shut sider monitoring their customer accounts for sig-
down by their own creators. Yet each time, oth- nificantly large or frequent funds transfers to and
ers open up to take their place. from digital currency exchanges. These transac-
tion patterns could indicate potential illicit activ-
These marketplaces act as a middleman, provid- ity involving digital currency.
ing the online platform to connect sellers and
buyers. Many will mimic the functionality and At the same time, institutions should recog-
even the appearance of legitimate surface-web nize that there is nothing inherently suspicious
retail sites, such as eBay or Amazon. Markets about purchasing or transacting in digital cur-
may specialize in one type of good or service, but rencies. Most customers are likely to be moving
larger ones will usually have a variety of offerings. funds to a digital currency exchange for a legiti-
mate purpose.
Cryptocurrencies have enabled these dark
markets to thrive. The ability to conduct rapid Specific digital currencies rise and fall in promi-
cross-border payments that do not require trust nence, and some have disappeared completely.
between buyer and seller makes cryptocurren-
cies ideal for illicit online transactions. Most mar- However, the concepts underlying digital cur-
ketplaces only use Bitcoin or other cryptocurrencies, especially the decentralized public led-
rency as their payment mechanism. ger or blockchain, are here to stay. As innovation
continues and mainstream use increases, block-
DIGITAL CURRENCY COMPLIANCE chain applications are poised to expand into the
CONSIDERATIONS new fields, and digital currencies seem likely
to become a widely accepted part of the global
Along with overtly criminal marketplaces, there
financial system.
are thousands of legitimate merchants who
accept digital currencies, on both the dark web
and surface web. They range from global cor-
HUMAN TRAFFICKING AND
porations such as Microsoft and Dell and online
retailers such as Overstock to travel sites such FINANCIAL FLOWS
as Expedia, along with many smaller sites and A lucrative and rapidly growing criminal activity,
stores. Some bars and restaurants have adopted human trafficking is by most estimates second
Bitcoin payments. Even some political parties only to drug trafficking in its global scale and
and non-profits have begun taking donations via profitability.
cryptocurrency.
On the positive side, awareness of the issue
As digital currencies become more mainstream has greatly increased in recent years, as have
and more merchants start accepting them, crim- resources to train financial crime professionals
inals who transact in cryptocurrencies have to spot illicit financial flows tied to human traf-
more outlets to use their illicit proceeds. Even so, ficking. Some countries have also seen positive
criminal actors may still want, or need, to convert results combatting human trafficking with ini-
208
tiatives to increase cooperation and informa- being deposited in a bank account, or by

tion-sharing between law enforcement and the other methods.
financial sector, such as Project Protect in Canada.
As such, there’s no “one-size-fits-all” approach
Despite these advances, the statistics behind to detecting and preventing human trafficking
human trafficking remain staggering. In 2017, the within the context of a financial crime compliance
International Labor Organization estimated that program, nor one comprehensive list of red flags.
forced labor generated more than $150 billion per
year from nearly 25 million people in involun- For this reason, it’s important for financial insti-
tary servitude. Of those people, the largest por- tutions and other organizations to consider their
tion – 16 million - were in forced labor in private exposure to human trafficking as part of risk
sector work like agriculture, construction and assessment, and to drill down on the specific
domestic service. An additional 4.8 million were types of trafficking they may be dealing with.
in forced sexual exploitation, while the remaining Should an institution on focus personal accounts
4.1 million were in forced labor from government that may be held by victims of sex trafficking, or
authorities. business accounts being utilized by companies
abusing forced labor? For non-financial compa-
A 2016 report by the United Nations Office on nies, are there human trafficking risks within the
Drugs and Crime, Global Trafficking in Persons, supply chain?
found that 71% of victims were female, though the
proportion of male victims had grown rapidly in A thorough assessment can help respond to these
recent years. The report also found that 28% of questions. Some factors to consider can include:
victims were children.
• Geographic region – Is the institution
A growing body of research and intelligence on providing services in a jurisdiction with high
human trafficking has led to a more nuanced prevalence of trafficked individuals, or in a
understanding of its financial footprint, which human trafficking corridor? Reports from
can vary widely based on the type of trafficking the UN Office on Drugs and Crime, FATF, the
and exploitation that is taking place. Human traf- US State Department and others can help
ficking schemes are diverse, and how they regis- identify higher-risk regions.
ter as incoming and outgoing financial flows can • Customer type – Business types at higher
be very different depending on the details of the risk for use in sexual exploitation have
scheme, including factors like: historically included massage parlors, online
and print classified ad providers, bars and
• The recruitment and transportation nightclubs, and hotels/hospitality industry
mechanisms used for trafficked individuals, providers, among others.
ranging from forcible abduction to false
promises of employment, immigration or Business types at risk for forced labor
even marriage. commonly include agriculture, low-skills
manufacturing, construction services,
• Whether the perpetrators are operating transportation service providers, and labor
domestically or internationally brokers or recruiters, especially those
• How the perpetrators benefit from trafficking focused on seasonal or transient work.
and exploitation – For example, whether • Products and services – Like any financial
funds are taken from victims of forced labor criminal, human traffickers are versatile
in cash, or whether wages are stolen after opportunists, and will rely on nearly any
financial service that is accessible and
209
convenient. Historically, schemes have panied by a third party. This third party may pur-
operated with prepaid cards, cash and port to be a translator, and often possesses the
money orders to take funds from victims client’s identification.
and finance operations, though the use of
personal bank accounts is also common. While such may never show up in an alert, a well-
More recently, law enforcement agencies in trained staff member could quickly raise the issue
some countries have an increase in the use of to compliance staff for further investigation.
digital currencies and email money transfers,
such as those offered by Paypal, in sexual Other transactional activity that could be red
exploitation cases. In one case in Canada, flags of human trafficking includes:
victims of sexual exploitation were being paid • Customers that cash payroll checks, then
in bitcoin and email money transfers, which remit all or the majority of funds back to an
once received were immediately sent to employer account
another account.
• Accounts that appear to operate as funnel
RED FLAGS OF HUMAN TRAFFICKING accounts, which receive cash deposits from
states, cities or regions outside of where the
As research and reporting on human trafficking accountholder resides
have advanced, so too have the resources from
regulators and international organizations that • Low cost, high-volume transactions related
are available to support compliance programs to transportation and logistics
and investigations. The links highlighted below • Common telephone numbers or emails
are just a few examples: between multiple (seemingly unrelated)
customer’s accounts
• FATF Report – Financial Flows from Human
Trafficking (2018) – Includes statistics and • A customer with no clear full-time
descriptions, case studies, and red flags employment, despite significant
account turnover
• FinCEN Advisory - Guidance on Recognizing
Activity that May be Associated with • Accounts with frequent transactions to
Human Smuggling and Human Trafficking classified advertising sites/services
(2014) – Includes a compendium of red flags • Accounts that are tied to customers at the
organized by type of financial institution same address receive funds that are then
• United Nations Office on Drugs and Crime immediately withdrawn in cash
– Human Trafficking Knowledge Portal - • Accounts for individuals that have deposits
Archive of known cases of human trafficking, coming in, but no living expenses – E.g.
updated on an ongoing basis no transactional activity related to food
purchases, rent, credit card payments, etc.
It’s worth noting that front line staff can be very
important watchdogs for detecting suspicious
activity tied to human trafficking. For example,
one key red flag is a customer who establishes an
account or conducts transactions while accom-
210
Q 10-1. An investigation of an export-import corporation in Florida that exports large

household appliances to Colombia discloses the following:
1. 1. The corporation’s sources of funds for the purchase of the items is large check
deposits from a small number of other Florida export companies.
2. 2. Each of the business accounts of these other export companies is funded by small
checks from numerous personal accounts that are domiciled in banks in New York
or South Florida. Each deposit is for less than $3,000 and for an amount in even $100
dollar increments.
What is this money laundering scheme known as?
A. Transfer Pricing Scheme
B. Black Market Peso Exchange (BMPE)
C. Bulk Cash Smuggling
D. Carousel Fraud
Q 10-2. A young woman, who is a national of Country A, works as a caregiver for a fam-
ily in the US. She sends much of her earnings to support her family back in Country A by
giving the amount in cash to a local grocer, whose family is also in Country A. Once the
grocer receives the cash, he calls his partner who runs a market in one of the larger cities
in Country A. From there, the young woman’s family can pick up the money sent.
What is the name commonly used to describe this form of remittance transaction?
A. Cash transfer
B. Hawala
C. Referral Banking
D. Black Market Peso Exchange (BMPE)
211
CHAPTER 11
COMPLIANCE
PROGRAMS
AND
CONTROLS
OVERVIEW
In simple terms, compliance programs of financial institutions

and other corporations are aimed at assuring that the organi-
zation complies with the statutory, regulatory and other gov-
ernmental requirements that apply in a particular field. In the
financial crime arena, because of a strong public policy against
permitting financial institutions and other corporations from
being used and abused for the commission or facilitation of
crime, a great deal of laws and regulations over the past 45
years have created a patchwork of requirements.
212
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
These compliance programs have compelled vari- an overall unit that may be called “The Financial
ous business organizations to create new depart- Crimes Risk Management Program,” or some-
ments to ensure obedience with the legal require- thing similar.
ments. Over time, these compliance departments
have grown dramatically in terms of the number How does one create such a program and the
of people involved, the diverse occupational fields accompanying structure?
that these people represent, and their cost to the
organization. In fact, regulatory agencies not only A compliance structure for a financial crimes risk
review the operations of the business organiza- management program involves multiple coordi-
tion to ensure that it is not conducting or facili- nated functions. As with any compliance program,
tating the particular financial crime activity that its success requires development, implementa-
is the agency’s jurisdiction, but they also exam- tion and ongoing operation, effective corporate
ine the compliance department to enure that it is oversight and the interaction of executive leader-
sufficient to guard the organization against the ship, key group and line of business leaders, com-
pertinent financial crime problem. pliance, product managers, the legal department,
an auditing process and other employees across
CONVERGENCE OF FINANCIAL the organization.
CRIME FUNCTIONS
One essential element, if the organization is large
As compliance programs have grown, so have
enough, is a governance function. This element of
their structures and focus. One of the significant
the overall financial crime compliance program
developments in compliance program manage-
should set policies and have an effective and effi-
ment and organization in recent years is the con-
cient method of implementing them across the
cept of “convergence.” Just as the term “financial
entire organization, including ways to handle
crime” connotes an embrace of distinct compo-
requests for exceptions and exemptions.
nents of that term, including corruption, money
laundering, fraud, sanctions and related crimes,
convergence signifies the enveloping of distinct
ORGANIZATIONAL OVERVIEW OF
financial crime-control functions to improve
effectiveness, efficiency and economy in compli- FINANCIAL CRIME CONTROLS
ance by business organizations, including finan- A company’s size, structure, complexity and risks
cial institutions. are the basis of internal controls designed to limit
Many large, medium and small financial institu-

tions and other corporations have embraced the
concept of convergence. They have concluded
that many of the functions of distinct financial
crime controls and the personnel who work in
various units would achieve more in the overall
picture as a combined unit than separately.
Later in this chapter, the traditional compliance

program in the AML and other financial crime
fields is explained. For now, because it is the new
wave in financial crime compliance programs,
it is instructive to explore and explain the con-
vergence of distinct financial crime units into
213
and control risks and achieve compliance with • Monitoring customer activity, and applying
the appropriate laws. Internal controls are typ- predictive analytics for customer-centric,
ically divided into “preventive” and “detective,” cross-channel fraud detection
although they are not strictly linear. In what- • Monitoring the activity of both employees
ever names the controls are labeled, a program and third parties when they act on behalf
should be designed to promote a strong compli- of the company
ance culture that provides oversight and permits
members of the group to challenge persons in the • Screening, blocking and rejecting
business units and the examiners, as appropriate. transactions and customers appropriately
• Reporting these matters (and other
Preventive controls include the follow- regulatory reporting requirements,
ing and others: including CTRs)
• Maintaining corporate financial crimes • Exiting customer relationships

policy program • Compliance testing
• Maintaining a customer identification
and due diligence program that identifies Prevention and detection depend on
and prevents inappropriate people and the following:
entities from becoming customers or a • Employees who design, build and implement
representative in a foreign country, and has the policies and controls
a process to exit risky relationships after
being discovered • Processes and procedures that implement
and integrate those controls in the line of
• Providing appropriate training businesses and operational groups
• Performing appropriate risk assessments and • Technology that leverages these employees
gap analysis and processes
• Providing line of business reporting, issue • Training to ensure employees understand the
remediation and root cause analysis risks and controls
• Preparing useful senior management and
board reporting POLICY PROGRAM
• Maintaining functions that promote liaison Effectively implemented and sustainable policies
with the audit unit and coordination of are one of the cornerstones of a strong risk man-
examinations agement program. One way of accomplishing this
is to require central policies that lines of business
Detective controls include the following duties implement by developing procedures to meet
and attributes: them. This allows roles and responsibilities to
be clear. An effective policy program should also
• Identifying suspicious activity through include the following:
unusual activity referrals by employees
or automated transaction monitoring, • New policy consideration
customer surveillance, or other customer or • Policy revisions
transactional monitoring tools and processes
• Policy implementation
• Investigating the identified unusual activities
• Policy exception & exemptions processes
• Policy gap analysis review
214
TRAINING CUSTOMER RISK-RATING

Training is an essential element of any compli- Risk assessments are a way of looking at the
ance program, to the point that it is one of the inherent and residual risk of a line of business.
“five pillars” of anti-money laundering compliance However, it is also important to evaluate individ-
under the US regulatory regime. Regulations ual customers by performing customer risk rat-
often specify that covered financial institutions ings. The purpose of a customer risk rating sys-
and other companies must ensure that their per- tem is to identify those customers who pose a
sonnel are trained in the laws and rules relevant higher risk to the company, and who may require
to their positions. enhanced due diligence or whose relationships
should be ended.
A program should require that all employees
complete role-specific training tailored to their Risk ratings are best managed by a data ana-
jobs and responsibilities. In addition, organiza- lytics group that can modify the program as
tions should consider supplying employees with needed. For instance, additional risk models may
appropriate training on wider financial crime be needed to account for product risk, such as
issues likely to affect multiple departments busi- when a customer adds a higher risk product that
ness lines such as fraud, global anti-corruption, changes the customer’s risk profile. Corporate
cybercrime and tax evasion, among others. policy should require that all lines of business
use an enterprise-wide methodology to risk-rate
Training should be given on at least an annual their customers to ensure that customer risk is
basis, though many organizations use a quarterly evaluated consistently across the enterprise. A
training model. Newly hired employees should be suggested model is based on a scale of 1 (lowest
required to complete training within 60 days of risk) through 5 (highest risk) or whatever scale of
being hired. merit the organization selects.
PRODUCT RISK
RISK ASSESSMENTS Having a product or service risk policy for new
Risk assessments should be based on the govern- and modified offerings allows an organization to
mental requirements and designed so that they have a more comprehensive view of its overall
are conducted at a business unit level that then financial crime risks.
can be aggregated for other units, including at
the corporate level.
SANCTIONS COMPLIANCE
For financial crimes, a risk assessment should fol- The laws of certain countries impose sanctions,
low a documented process. It is useful to apply the or authorize regulations imposing sanctions,
following categories to a risk assessment process: against specific foreign governments, organi-
• Types of distribution channels used by the zations and persons. Sanctions generally pro-
business unit hibit transactions with countries, individuals
and organizations and require that transactions
• Complexity of the business unit’s involving them be blocked. The laws that autho-
business model rize sanctions also usually impose penalties on
• Degree of change in the business individuals, financial institutions, or other busi-
• Amount and type of growth in the business nesses and organizations that conduct transac-
tions or engage in commerce with the sanctioned
nations, individuals and organizations.
215
In essence, sanctions are a nation’s objections to

the policies or conduct of a nation, organization
or individual. They include travel restrictions;
restrictions or prohibitions of trade, financial
transactions or other commerce with the subject
nation; and other measures. They also authorize
the seizure or freezing of property owned or con-
trolled by the sanctioned nation, organization or
OFFICE OF FOREIGN ASSETS

CONTROL (OFAC)
The Office of Foreign Assets Control FIGURE 1 – Russian President Vladmir Putin Pictured
(OFAC) is an agency of the United States with Oleg Deripaska (at Right) at a Summit in 2006.
Department of the Treasury. It is over- Once Russia’s Richest Man, Derispaska Was Placed
seen by the Under Secretary of the Trea- on OFAC’s List of SDNs in 2018 for Ties to Organized
Crime and Illicit Activities.
sury for Terrorism and Financial Intelli-
gence. OFAC’s purpose is to administer
and enforce economic and trade sanctions person if it is situated in the country imposing
against targeted nations, organizations, the sanctions.
and individuals. US sanctions are imposed
based on US foreign policy and national In addition to national sanctions, the United
security goals. Nations, through the UN Security Council, may
ask member countries to apply sanctions against
To enforce economic sanctions, OFAC certain countries. Some nations, such as Canada,
acts to prevent “prohibited transactions.” impose their own sanctions and enact domes-
These are described by OFAC as ‘trade tic laws in response to UN Security Council
or financial transactions and other deal- resolutions.
ings in which US persons may not engage
unless authorized by OFAC or expressly The websites of the foreign ministries or other
exempted by statute.’ OFAC can grant appropriate agencies of most nations contain
exemptions to prohibitions on such trans- information on their sanctions policies and
actions, either by issuing a general license sanctions lists.
for certain categories of transactions, or
by specific licenses on a case-by-case In the US, which has the world’s most active and
basis. OFAC essentially relies on financial broad sanctions regime, the Office of Foreign
institutions and businesses to enforce Assets Control (OFAC) of the US Department of
its “prohibited transactions, by requiring the Treasury administers and enforces sanctions
them to block assets and prevent transac- against nations, drug traffickers, terrorists and
tions to and from sanctioned individuals, persons and organizations linked to the prolifera-
organizations and nations. See the OFAC tion of mass destruction weapons.
page for more information: www.ustreas.
gov/offices/enforcement/ofac OFAC sanctions usually prohibit trade, cause the
“blocking” of assets, and prevent financial trans-
216
actions with sanctioned countries, organizations Sanctions program laws and regulations in var-
and individuals. OFAC also imposes sanctions on ious countries include a number of obligations
“specially designated nationals,” known as SDNs, and expectations. Principal among these are the
whose property must be blocked. OFAC’s website, blocking of funds and rejecting of transactions
at www.ustreas.gov/offices/enforcement/ofac, involving sanctioned entities or regimes. Sanc-
provides information on US sanctions policy and tions lists, such as those of OFAC, consist of SDNs
sanctioned nations, persons and organizations. and countries, as well as economic sanctions
against specific countries or regimes as part of
Sanctions regulations are complex and varied. specific laws.
Penalties for violation apply to institutions, busi-
nesses and individuals. In the US, the maximum OFAC SANCTIONS
prison term upon a criminal conviction is 20 years. The US has one of the most complex and actively
Civil monetary penalties may also be imposed for enforced network of sanctions laws in the world.
each prohibited transaction. As previously mentioned, US sanctions are
administered and enforced by the Office of For-
The sanctions program of a financial institution eign Assets Control, or OFAC.
or other business must not only employ and con-
tinually train employees on sanctions policies, The US has comprehensive sanctions in place
enforcement and compliance, but it should also against a number of countries, which as of May
ensure its procedures provide current infor- 2017 included Cuba, Myanmar, Iran, North Korea,
mation on sanctions developments worldwide, Sudan and Syria. These prohibit most forms of
including new and modified sanctions. Close trade and financial transactions to these coun-
monitoring of transactions to ensure they do not tries. There are also targeted sanctions in place
involve a sanctioned nation, individual or organi- against over 5,000 individuals, businesses, non-
zation and prompt blocking of those that do, cou- profits and entities, including terrorist organiza-
pled with effective internal reporting and train- tions, drug traffickers and organized crime fig-
ing, are essential elements of a good sanctions ures located anywhere in the world.
compliance program.
Entities that are owned by these specially des-
ignated nationals, or in which SDNs have a more
SANCTIONS than 50 percent stake, must be treated as SDNs.
COMPLIANCE PROGRAMS All US citizens, corporations and legal entities
Sanctions programs of various nations, such as must comply with US sanctions. In addition, any
those managed by the US Treasury Department’s person or entity physically located in the US must
Office of Foreign Assets Control (OFAC) or the comply with US sanctions, including branches of
UK Treasury, are designed to block or prevent non-US financial institutions located in the US.
the transfer or use of funds through the global
financial system by certain designated entities The procedures that institutions use to enforce
or countries. Usually, sanctions compliance is an US sanctions on financial transactions will vary
important component in the organization’s over- somewhat depending on the terms of the specific
all AML program. Sanctions carry heavy civil and law imposing that sanction. In general, however,
criminal penalties, ranging from large fines to institutions will follow these steps:
criminal prosecutions, as well as significant rep-
utational damage. • The originator and recipient of a transaction
are screened against lists of sanctioned
countries and SDNs.
217
• Transactions that match an entry on the required to freeze the entire account and report
sanctions list must be “blocked,” or prevented, its actions to OFAC.
from being processed. The funds must
be placed in a separate, interest-bearing Even non-US institutions with very limited US
account at the institution. operations, or only one branch in the US to con-
• Based on OFAC recommendations, duct dollar-clearing transactions, must still com-
institutions should conduct a thorough ply with US sanctions. Failure to comply with
review against a variety of information OFAC sanctions can incur very high monetary
sources and databases, or contact OFAC and criminal penalties, including up to 20 years
directly, before blocking a transaction. in prison for individuals.
Institutions should only block transactions
if there is an exact match with an entity This fact has been vividly demonstrated by
or individual on a sanctions list. Partial enforcement actions recent years, including in a
or inconclusive matches are not sufficient major sanctions case against British bank Stan-
grounds to block a transaction. dard Chartered that ended in nearly $800 mil-
lion paid to US state and national enforcement
• The institution must submit a blocking agencies. Standard Chartered was based almost
reporting with OFAC within 10 days of entirely outside the US, but had one office in New
blocking the transaction. York that it used only for clearing transactions in
• The institution cannot notify the person, US dollars. The fact that it routed transactions
company or organization that the transaction that violated US sanctions through this office was
has been blocked. sufficient to trigger liability.
Depending on their specific provisions, OFAC EU SANCTIONS

sanctions may sometimes require a US institu- The European Union also issues a wide range of
tion to freeze assets. This may occur, for exam- sanctions on countries, individuals and entities.
ple, when an institution screens existing account While EU sanctions are intended to be policy
holders against a sanctions list and discovers one guiding member states, it is still left up to individ-
of its account holders is a match with an entity on ual EU countries to implement these measures. In
an SDN list. In that case, the institution may be some cases, the level of enforcement of EU sanc-
tions varies between member nations.
Like OFAC sanctions, EU sanctions include a wide

array of restrictive measures. Some examples
include the following:
• Trade restrictions, such as arms and

technology embargoes to certain countries
• Bans or limitations on providing services or
technical assistance
• Restrictions or bans on EU financial
institutions providing loans, trade finance
or other financial assistance to sanctioned
countries or entities
218
• Requirements to freeze funds of sanctioned » The freezing, rejecting and reporting of

individuals or entities appropriate transactions
» Adequate controls to identify and terminate
Generally, EU sanctions tend to be more targeted correspondent and other relationships with
against certain persons and entities, and are typ- banks, vendors, partners and other entities
ically not blanket measures on a country-wide whose owners have links to, or present
level. OFAC sanctions, on the other hand, tend to a high risk of involvement with, terrorist
be more comprehensive, banning all business or financing or corruption
financial transactions with sanctioned individu-
als and entities. • Becoming knowledgeable about the
different sanctions lists and executive
EU sanctions apply to any persons or entities orders the institution or organization is
either physically located or incorporated in the subject to. Lists typically used globally by
EU. They also apply to any business conducted several of countries, include OFAC SDN lists
“whole or in part” within the EU by any person or of the US, Canadian sanctions lists (OSFI),
entity, regardless of their nationality. Like OFAC the UK Her Majesty’s Treasury list, and the
sanctions, they also apply to foreign subsidiaries UN global sanctions lists. In addition, each
of EU-based companies or entities. list has its own nuances and some laws and
executive orders of different nations apply to
In regard to financial accounts, some EU sanc- every individual and organization associated
tions will require financial institutions to freeze with certain countries.
the accounts or assets they hold for a customer if • Establishing a sanctions risk assessment to
the institution discovers that customer is a match determine which areas of the organization
with a person or entity on the EU sanctions list. are more vulnerable. Risk mitigation controls
can help reduce exposure to sanctions
ESSENTIAL ELEMENTS OF A SANCTIONS violations and better focus the overall
COMPLIANCE PROGRAM sanctions compliance program, resulting in
proper attention, coverage and allocation
In recent years, sanctions around the world have
of resources.
been one of the most active areas in compliance.
Many new names have been added to sanctions • Leveraging the combination of technology
lists, including individuals and firms linked to ter- and procedures to help prevent or detect
rorist organizations, drug dealers and cartels, and manipulation of payments information,
specific sanctioned countries. Sanctions com- such as wire-stripping, where key details are
pliance programs, coupled with active enforce- removed from a wire or message to avoid
ment by pertinent government agencies, are an sanctions requirements and accommodate
effective tool in reducing the money that reaches payments to or from sanctioned parties.
these types of individuals and organizations. • Development and delivery of training
programs to all pertinent employees and
A sound sanctions compliance program should key operational areas. This includes the
include the following components, according to wire transfer departments in a financial
widely accepted best practices: institution, to ensure that the employees
understand sanctions compliance
• Development and implementation of
requirements. This can help them determine
policies, procedures and processes to
if a transaction is permitted by law, and to
ensure full compliance with all sanctions
identify potential red flags and know the
prohibitions, including:
219
mechanism for reporting suspicious or of nuclear weapons among hostile states, it is an

unusual activity. important component of sanctions compliance.
• Implementation of a regular program
of testing and annual updates of the
risk assessment.
IDENTIFYING AND REPORTING
UNUSUAL OR SUSPICIOUS ACTIVITY
DUAL-USE GOODS AND
SANCTIONS COMPLIANCE INTERNAL DETECTION METHODS
There are many items imported and exported A suspicious activity reporting (SAR) policy in an
on a daily basis that have both civil and mili- organization should require all employees to sub-
tary applications. These range from raw mate- mit an “unusual activity referral” when they iden-
rials such as metals and chemicals and machine tify unusual activity potentially related to corrup-
parts, software and aviation equipment to and tion, fraud, money laundering, terrorist financing
industrial and scientific tools. A centrifuge is one or other illegal activities. It is important that
possible example. It could be used for legitimate employees refer activity they have been trained
research, but a rogue state may also seek to use it to recognize as merely unusual, rather than
as part of a program to develop nuclear weapons. outright suspicious. The financial crime investi-
gations or compliance group in an organization
These items are referred to as “dual-use goods,” investigates and makes the final determination
and are sometimes subject to export limitations about whether the unusual activity is suspicious
or prohibition under sanctions regimes. The US, and if a report must be filed to the appropriate
European Union and other countries have regu- governmental authority.
lations in place restricting trade in certain dual-
use goods, for example, those involved in the pro- EXTERNAL DETECTION METHODS
duction of weapons of mass destruction. These In addition to reviewing internal customer and
nations typically publish lists of restricted goods transactional systems for potential suspicious
and guidance related to their trade. activity, the investigations group of an organi-
zation or institution should be responsible for
Businesses who produce, sell or trade in dual- reviewing external sources. These can include
use goods need to be aware of the restrictions regulatory and law enforcement notices or
placed on them, including consulting the lists of requests, media reviews and other public sources.
restricted goods and guidelines, and applying for Many organizations will conduct monitoring of
licenses to trade in these goods from the appro- so-called “negative news” on certain customers,
priate authorities if necessary. especially those customers considered high- risk.
This can include setting up automatic news alerts
Financial institutions involved in trade finance on an online service, such as Google Alerts, or
should also consider their policies and proce- manually searching for a customer or entity in
dures around reviewing letters of credit and other proprietary or public-access databases.
transactions for the presence of dual-use goods.
One step could involve screening trade docu- Many jurisdictions also have formal or informa-
ments and the parties in transactions against tion arrangements under which financial institu-
export control lists issued by the US, EU and oth- tions and companies can share information with
ers. Identifying dual-use goods is no easy task, each other. One example is the information-shar-
but with concern growing on the proliferation ing sources that are applicable in the US under
Sections 314(a) and (b) of the USA Patriot Act.
220
ANALYTICAL DETECTION ponent of an organization’s overall compliance

The financial crime data analytics group should regime. A solid AML compliance program helps to
provide analytical detection tools and processes, protect the firm against being used for corrup-
based on the customers, accounts, products, ser- tion, fraud, money laundering, terrorist financing,
vices and transactions being conducted on behalf sanctions violations and other illegal purposes.
of customers. The purpose is to identify unusual It also helps to ensure that the organization is in
activity and customers and third parties who may full compliance with relevant laws, regulations
present a money laundering, corruption, due dili- and international norms.
gence or fraud risk.
In many countries, financial institutions, non-
bank financial services providers and other busi-
THE EVOLVING ness organizations must establish effective AML
COMPLIANCE LANDSCAPE programs. Financial institutions must develop,
administer and maintain an effective program
Compliance expectations for financial institu- for compliance with the money laundering laws
tions and other corporations have changed dra- and regulations in the countries where it oper-
matically in recent years, as statutory and regula- ates. Worldwide, a consensus has emerged
tory expectations have evolved around the world. that there are the following “Four Pillars” of a
There are four essential parts of an effective sound program:
compliance management system:
1. A comprehensive written program
• A firm-wide approach to compliance risk encompassing an effective AML internal
management and oversight control structure. This includes the
• Independence of compliance staff institution’s policies, procedures and
processes designed to mitigate and control
• Compliance monitoring and testing risks associated with money laundering and
• Assumption of oversight of the compliance achieve compliance with relevant laws and
and risk management function by senior regulations.
management and the board of directors 2. Independent testing conducted by the
internal audit department, outside auditors
It is important to note that a compliance testing or other qualified independent parties. The
team must be created to conduct compliance testing should occur annually and should be
reviews that ensure adherence with all major commensurate with the AML risk profile of
legal and internal compliance requirements in the organization.
the home jurisdiction. A strong compliance pro-
gram should operate across the entire enterprise 3. Designation of an AML compliance officer.
to identify, measure and mitigate compliance risk. The organization’s board of directors
Compliance has evolved from an administrative must designate an experienced, qualified
or operational cost center, typically managed individual to serve as the AML compliance
through the institution’s legal or audit depart- officer to coordinate the program and
ment, to a true risk management discipline in monitor day-to-day compliance.
many countries. 4. An ongoing employee training program. The
organization must ensure that appropriate
THE AML COMPLIANCE PROGRAM personnel, including senior management and
Because money laundering is a vital component the board, are trained regularly in applicable
of all financial crime, the anti-money launder- aspects of regulatory requirements as well as
ing (AML) compliance program is a critical com- internal policies, procedures and processes.
221
GLOBAL EXPECTATIONS FOR AML OVERVIEW OF THE RISK-

COMPLIANCE PROGRAMS BASED APPROACH
Several globally recognized organizations have, The FATF and numerous member countries, as
over the years, established expectations and well as the Basel Committee and Wolfsberg Group,
norms related to AML compliance which have recommend risk-based controls. No financial
become accepted standards or best practices institution or other business organization can
in many countries. These recommended proce- reasonably be expected to detect all money laun-
dures and standards also apply in large measure dering or other financial crime and illicit activities.
to compliance programs beyond AML, such as However, the universal consensus is that without
global anticorruption and fraud. the ability to detect and control all such criminal
activity a risk-based approach is recommended.
The Financial Action Task Force (FATF), the Basel It relies on levels of due diligence and identifi-
Committee, the Wolfsberg Group and the Euro- able risk metrics and provides the most effective
pean Union Directive against Money Launder- levels of compliance and ability to detect, report
ing provide important and thorough recom- and prevent corruption, money laundering, fraud,
mendations. These recommendations provide sanctions violations and terrorist financing.
governance standards, which promote effective
implementation of legal, regulatory and opera- The key elements of a risk assessment program
tional measures for combating money laundering include the following:
and other financial crime threats to the integ-
rity of the organization and the international • Methodology to quantify the level of the risk
financial system. and the adequacy of the controls
• An assessment of the risk associated with
Every financial institution, non-bank financial each line of business
services entity or other business provider faces • An enterprise-wide assessment to identify
great AML compliance challenges. These chal- systemic risk that is not apparent in a line
lenges include increased costs and protection of of business or unit-focused risk assessment,
the organization from abuse, including protect- such as in the case of financial institutions
ing the integrity of the financial system and the and the risk associated with foreign
economies of the countries in which they operate. correspondent banking, remote deposit
capture, private banking, mobile banking
They must achieve compliance while operating and other high-risk products, services
in a competitive environment and trying to meet and customers
their targets for revenue, operating margins and
return on assets. Thus, organizations are pushed Risk scoring models generally use a weighted
to “do more with less” to endeavor to keep com- numerical ranking of risk and look primarily at
pliance costs as low as possible, while ensuring the “triad” of customer, product/service and
that compliance needs are met. Unfortunately, geography. Risk models should also take into
in some organizations, the commercial business account the line of business because certain lines,
side of the staff often prevails over the compli- such as private banking or correspondent ban-
ance side and engages in business or transactions king and financial institutions, for example, are
that are either non-compliant or illegal. This can considered more vulnerable to financial crime,
result in significant adverse consequences, pub- including money laundering.
licity, fines, forfeiture and prosecutions.
222
HIGH-RISK CUSTOMERS notaries and even real estate brokers and

Although any type of account is potentially vul- intermediaries.
nerable to fraud, corruption, money launder-
ing or other illegal activity by the nature of their HIGH-RISK PRODUCTS AND SERVICES
business, occupation or anticipated transaction Certain products and services offered by finan-
activity, certain customers and entities may pose cial institutions, non-bank financial services and
specific risks. In assessing customer risk, finan- other business organizations may pose a higher
cial institutions should consider other variables, risk of financial crime, including money laun-
such as services sought and geographic locations. dering or terrorist financing, depending on the
The following are types of customers that present nature of the product or service offered. Such
greater potential AML risk: products and services may facilitate a higher
degree of anonymity or involve the handling of
• Foreign financial institutions, including banks
high volumes of currency or currency equiva-
and foreign money services providers, such
lents. These products and services include but
as Casas de Cambio, currency exchanges and
are certainly not limited to the following:
money transmitters to name a few examples
Electronic funds payment services, including
• Nonbank financial institutions, such as
electronic cash, prepaid and payroll cards, domes-
money services businesses, casinos, brokers
tic and international funds transfers, “payable
and dealers in securities, and dealers in
upon proper identification” (PUPID) transactions,
precious metals, stones or jewels
third-party payment processors, money remit-
• Senior foreign political figures, their tances, automated clearing house (ACH) transac-
immediate family members and close tions and automated teller machines (ATM):
associates, who are collectively known as
politically exposed persons (PEP) • Electronic banking
• Nonresident aliens (NRA) and accounts of • Private banking (domestic and international)
foreign individuals • Trust and asset management services
• Foreign corporations and domestic business • Monetary instruments
entities, particularly offshore corporations,
• Foreign correspondent accounts, such as
such as domestic shell companies,
bulk shipments of currency, pouch activity
Private Investment Companies (PICs) and
and payable through accounts (PTA)
international business corporations (IBCs),
located in higher-risk geographic locations • Trade finance
• Deposit brokers, particularly those based in • Services provided to third party payment
other countries processors or senders
• Cash-intensive businesses, such as • Foreign exchange
convenience stores, restaurants, retail stores, • Special use or concentration accounts
liquor stores, cigarette distributors, privately
• Lending activities, particularly loans secured
owned ATMs, vending machine operators and
by cash collateral and marketable securities
parking garages
• Non-deposit account services, such as non-
• Foreign and domestic nongovernmental
deposit investment products and insurance
organizations and charities
• Professional service providers and so-called
gatekeepers, such as attorneys, accountants,
223
HIGH-RISK JURISDICTIONS AND available on the websites of the appropriate

GEOGRAPHIC AREAS organization.
Identifying geographic locations that may pose • The risk model may take into account
a higher risk is essential to the compliance pro- whether a country is a member of FATF
gram of an organization, especially to control or of a FATF-style regional body, and has
corruption, money laundering and sanctions vio- implemented practices commensurate with
lations. Financial institutions should understand international standards promulgated by the
and evaluate the specific risks associated with FATF and other international organizations.
doing business in, opening accounts for custom- • The risk model should also take into account
ers from, or facilitating transactions involving regional risk inside a particular country,
certain geographic locations. such as the cross-border areas between
nations, or designated areas of high intensity
Certain countries, jurisdictions and regions pose financial crime or drug trafficking, such as
a greater threat of money laundering, terror- the US High Intensity Financial Crime Areas
ist financing, bribery and corruption, and fraud. (HIFCA) or High Intensity Drug Trafficking
The organization should establish a documented Areas (HIDTA).
geography risk rating methodology that lever-
ages internal and external information sources,
EVOLVING RISK ASSESSMENT
including these:
EXPECTATIONS
• Sanctions and terrorist financing lists The overall AML and sanctions risk assessment
published by governments and international can serve as an effective tool and solid basis
organizations can be helpful in assessing for overall financial crime compliance program
financial crime and money laundering risks. design. However, some challenges or potential
These include lists published by the US risks do not fit neatly into a product, customer
Office of Foreign Assets Control (OFAC), the or geography category but should be considered
UK Financial Services Authority, the United in the design of controls and evaluation across
Nations Security Council Committee, the multiple risk areas. There should be a clear link
US Financial Crimes Enforcement Network between the organization’s risk assessment and
(FinCEN) and the European Union. program design.
• The overall reputation of a country should
be factored into the risk model. For example, These days, regulatory examiners place more
certain countries or jurisdictions have high emphasis on assessing the adequacy of a financial
levels of corruption or unstable governments. institution’s efforts to ensure ongoing effective-
Some are known as bank secrecy and ness and integrity of their compliance programs.
money laundering havens or suffer from For example, in the US, the Office of the Comp-
high levels of drug production and shipping troller of the Currency (OCC), the key regulator
and cartel activities. Information sources of national banks and thrifts, has been prompting
to help identify reputational risk include institutions to include their AML compliance pro-
Transparency International’s “Corruption grams and controls into their overall risk model
Perceptions Index” and the US State validation. Part of this validation includes assess-
Department’s annual International Narcotics ing the systems, processes and procedures used
Control Strategy Report (INCSR), which rates within business lines, as well as for compliance.
countries based on their money laundering
controls and corruption. Most of these are Financial institutions, corporations and orga-
nizations must look to their service technology
224
and identify the account or service technologies Implementing continuous system risk assessment
that are right for their business model and how and model risk validation programs helps ensure
financial crime, money laundering or terrorist the financial institution or organization is proac-
financing risks might vary by this technology. tively addressing areas of internal, statutory or
They must define and identify vulnerabilities and regulatory focus. This helps them stay in com-
develop a clear roadmap on how those vulnera- pliance, facilitates the examination process, con-
bilities are assessed and addressed. This should tributes to operational efficiencies and ensures
be a cross-institutional effort undertaken with the reputational integrity of the organization.
support across business lines throughout the
organization. CUSTOMER ONBOARDING
AND MONITORING
When attempting to address vulnerabilities, the Customer onboarding is the process of opening
organization should focus on the following: a new account or accounts, providing certain
• Vulnerability assessments that identify products and services, and beginning to build a
weaknesses in systems or controls and relationship with the customer. In the context of
the features of unique financial products AML compliance, customer onboarding involves
or services which may make them open to due diligence on new customers. Monitoring of
abuse or exploitation for money laundering or the customer means regular reassessment of the
terrorist financing. Vulnerability assessments risk or potential risk, presented by the customer
primarily focus on weaknesses that could based on the customer’s activities at the institu-
allow for financial crime, including money tion or organization. Establishing and following
laundering or terrorist financing. proper onboarding and monitoring policies and
procedures are key parts of developing the cus-
• Potential threat recognition identifies tomer relationship, and help protect the institu-
potential threats presented by the nature of tion against financial crime, including corruption,
the organization’s business, customers, and money laundering, terrorist financing and fraud.
the geographies in which it operates. The
combination of an external threat coupled
KEY ELEMENTS OF A “KNOW YOUR
with internal vulnerability often results in
CUSTOMER” PROGRAM
occurrences of financial crime, including
corruption, fraud, money laundering or A sound Know Your Customer and Customer Due
terrorist financing. Diligence (KYC/CDD) program includes robust
customer identification and account-opening
As the organization conducts its assessment, it customer initiation procedures that allow the
should determine whether the assessment mea- institution or organization to determine the true
sures are retrospective or prospective in nature. identity of each customer and assess the risk or
Retrospective analysis will provide learning and potential risk presented by the customer. The
insights by drawing on data from past events in major components of KYC include account open-
order to fine-tune any present vulnerability. Con- ing, the customer identification program (CIP)
ducting prospective analysis is equally important. and ongoing monitoring. KYC can also include
A prospective analysis is a process of attempting “Enhanced Due Diligence” (EDD) for customers
to look into the future with the benefit of histor- that pose a higher risk based on attributes deter-
ical data to help better identify emerging vulner- mined at the opening of the account or the cus-
abilities or threats. tomer activities after the account is opened.
225
Common account opening procedures and best must be collected at the time the customer seeks
practices include: to open an account and must be verified within a
reasonable time after the account is established.
• Gathering and verifying customer
identification materials through paper In addition, financial institutions must verify the
documents and/or electronic identity identity of customers prior to undertaking large
verification currency transactions, purchasing certain finan-
• Clarifying and stating the services that are cial instruments or ordering wire transfers. This
available to the customer includes vetting the customers against relevant
• Having all forms available and understanding sanctions or other watch lists.
them sufficiently well to explain them
professionally to the customer Under current rules and regulations in many
countries, CIP regulations do not require a finan-
• Verifying and authenticating the cial institution or other organization to authen-
customer’s identity ticate the identity of the beneficial owners of
• Screening the customer against sanctions proposed accounts in all cases. However, an orga-
lists, watch lists and politically exposed nization is obliged to look through a non- indi-
persons (PEP) lists vidual customer particularly business organiza-
• Documenting the normal and expected tions to attempt to identify the individuals with
activity of each customer, including authority or control over the account. This is cru-
occupation and business operations cial when the institution or other organization
cannot verify the customer’s true identity after
• Documenting the customer’s relationship using standard verification methods.
with the institution or organization, including
all lines of business within the organization Typically, the institution does not have to com-
and its subsidiaries that the customer plete unanimous verification of all identifying
will utilize information. But it must achieve a level of con-
fidence through a plurality of defined metrics or
CUSTOMER IDENTIFICATION indicators, assumed to be sufficient, to establish
PROGRAM (CIP) and verify the customer’s information.
Regulated entities in the banking and securi-
ties industries in many countries are required to CUSTOMER MONITORING
implement a “customer identification program,” Financial institutions are often required by regu-
or CIP, as it is called in the US. A CIP must include lation to apply ongoing monitoring to certain cor-
risk-based procedures for the verification of the respondent and private banking accounts, as well
identity of each customer to the extent reasonable as to the accounts of customers who pose higher
and practical. Essential identification information risk or potentially higher risk. This is determined
The chart below provides a simple example of a risk rating summary and levels of due diligence required:
Risk score 41 - 50 31 – 40 21 – 30 11 – 20 1 – 10
Risk level Highest High Intermediate Low Intermediate Lowest
Due diligence applied Enhanced Standard Simplified
due diligence due diligence due diligence
Approval required from: Senior manage- Senior AML officer AML officer AML staff member Rela-
ment of institution tionship manager
226
by information collected at the time of onboard- Customers at higher risk tiers will require further
ing, specific customer activity, and other material measures, or enhanced due diligence, to manage
factors that may have changed since onboarding. their financial crime risk. Some common EDD
techniques include:
The institution should collect customer due dil-
igence information in a database or system that • Additional investigation into a customer’s
is accessible to relationship managers and com- source of funds or wealth. Institutions could
pliance personnel. Designated personnel should request additional records and information
periodically update these customer records to from customers, such as financial documents
reflect changes in behavior, activity profile, or for a company or copies of tax returns for
other factors that impact the AML and other individuals, or conduct their own research
financial crime risk posed by the customer. This • Identifying and verifying beneficial owners
new information should be factored into a re-as- down to a lower ownership threshold
sessment of customer risk along with supporting • Additional verification of customer-supplied
factors, such as transactional activity, geographic information, using multiple sources
exposure and suspicious activity history.
• Thresholds on the size or frequency of
ENHANCED DUE DILIGENCE (EDD) FOR transactions a customer can conduct
HIGH-RISK SERVICES, CUSTOMERS, AND • Approval by progressively higher levels
JURISDICTIONS of management based on the risk of
the customer
Customer due diligence requirements have
increased in recent years in keeping with evolv-
In some cases, institutions may determine that
ing regulatory expectations for a more effective
a customer poses an undue risk, and decline the
and ongoing monitoring of existing customers.
relationship or transaction. Institutions should
Customer and third party due diligence is the
have policies in place for when and how to man-
cornerstone of a strong compliance program and
age the termination of a customer relationship,
requires that institutions and other organizations
including what records to keep and when to file
conduct and record specialized or enhanced due
suspicious transaction reports.
diligence (EDD) for high-risk customers.
Management should establish periodic reviews of
The information gathered in CIP, customer ques-
higher risk customers to determine if their activ-
tionnaires, and results of screening will provide
ity is reasonable, that customer due diligence and
the raw material for risk assessment and rating.
enhanced due diligence procedures are com-
pleted, and the customer risk rating is accurate
The risk score will guide the level of additional
and up-to-date.
due diligence required, if any. For customers at
the lowest risk of involvement in financial crime,
institutions may choose to conduct simplified due EMPLOYEE ONBOARDING
diligence, or the minimum level required under
the jurisdiction’s AML regulations. Institutions AND MONITORING
may allow relationship managers or lower levels Similar to customer onboarding and monitor-
of staff to approve customers subject to simpli- ing, employee onboarding and monitoring plays
fied due diligence. Publicly traded companies and a critical role in financial crime prevention at all
pension funds are common examples of low-risk business organizations, including financial insti-
customer types. tutions. An insider can pose the same money
laundering threat as a customer. Establishing and
227
A Graphic Displaying the Cyclical Process of Customer Risk Assessment, Onboarding, Monitoring and Audit in a
Financial Crime Compliance Program.
following proper employee onboarding policies tation should include rules, regulations, respon-
and procedures help protect the organization sibilities and the organization’s code of ethics.
against potential employee involvement or collu- Senior management must set the tone or culture
sion in all financial crime and protects the integ- at and from the top, consistently and regularly
rity and sanctity of internal processes and infor- communicate the organization’s ethical policies
mation from filtration to outside elements. and code of conduct as well as emphasize the
important role each employee plays in ensuring
KEY ELEMENTS OF “KNOW YOUR that these policies are adhered to and honored.
EMPLOYEE” PROGRAMS
Best practices that have evolved for effective
A Know Your Employee (KYE) program allows
employee onboarding include the following:
the organization to understand an employee’s
background, associations, conflicts of interest • Onboarding and assessment, which begins
and susceptibility to corruption, money launder- during the interview process. The vetting
ing, tax evasion or fraudulent activities. When an should include background screening,
employee is hired, part of the orientation process especially for criminal history. It is important
should include a proper introduction to the com- to conduct a complete review of the
pany culture and the expectations the employee
is supposed to meet in that culture. This orien-
228
employee before hiring, including checking software, so-called exception reports, log
references and relevant background checks. files, and the like.
• Gathering and verifying employee • Regular reviews and updates on the
identification materials through paper company’s ethics policies and ethical
documents and electronic identity compliance culture
verification • Regular communication that enforces
• Screening the employee against sanctions the organization’s policies, including full
lists, watch lists and politically exposed disclosure if financial crime has occurred
persons (PEP) lists and the actions that were taken
• Providing new employees with a copy of • Ongoing employee training in recognizing
the organization’s written ethics policy and red flags for corruption, tax evasion, money
code of conduct laundering, fraud and other financial crime,
• Providing appropriate training for the as well as clear guidelines on how to follow
position the employee is hired for, including up and report on financial crime suspicions
written regulations and web-based or
classroom training on financial crime When an employee is supported by an ethical
addressing corruption, money laundering, company culture, he or she is constantly reminded
fraud and sanctions with scenarios that are to perform the required customer due diligence
appropriate to the business and the clientele and to pay attention to how customers and third
with which the employee will be working parties establish relationships with employees.
One example is where a customer is grooming an
• The institution of a “hotline” that employees employee for a future financial crime or money
may use to anonymously report financial laundering transaction, or collusion in a related
crime tips covering a range of financial scheme where the employee does not merely rub-
crimes on which they should be trained ber- stamp questionable transactions, and does
not accept corrupt or improper compensation.
Proper employee onboarding improves pro-
ductivity and contribution by ensuring that the RED FLAGS OF EMPLOYEE PARTICIPATION
employee fully understands his or her job respon- IN FINANCIAL CRIME
sibilities and has access to necessary tools.
Employee perpetration of or collusion in financial
EMPLOYEE MONITORING crime, including corruption, tax evasion money
laundering, sanctions violations and fraud can
Best practices for effective employee monitoring occur in financial and non-financial organiza-
can include the following: tions. Employees in financial institutions or other
• Regularly scheduled background screening financial services providers may have access to
especially of criminal history to identify customer and account data and the ability to
employees who should be removed move funds in and out of accounts. Employees in
other organizations may have access to account
• Ongoing monitoring of employee actions and information through statements or online access
activities as they pertain to their facilitation and financial instruments, such as checks or
of account or transactional activity for electronic access to payment mechanisms. This
customers. This can be achieved through access highlights the vulnerability to insider
a combination of automated monitoring financial crime, including fraud, and the impor-
tance of ongoing monitoring of employee activ-
229
ity and lifestyle factors when they are available the names of family members and associates,
to help detect and prevent financial crime by the show unusual levels of activity, such as
“enemy within.” internal transfers into the accounts followed
by wires or other transactions out of
Although not an exhaustive list, the following the accounts
are red flags or indicators of potential employee • Employee never takes a vacation, or takes
involvement in financial crime of a wide variety: much less than the minimum vacation period
• Employee approves or is involved in an that is mandated by the organization
inordinate number of exceptions to policies, • Employee resists an internal transfer to
procedures, account limits and other rules of another unit or element of the organization
the organization • Employee enjoys a lavish lifestyle, including
• Employee frequently overrides or high-end cars, real estate and lavish trips, for
circumvents internal controls, approval example, which cannot be supported by his
authority or established policies, including or her normal compensation
accessing accounts and records for which
the employee has no legitimate business
purpose to access INVESTIGATING AND IDENTIFYING
• Employee misrepresents the identity, BENEFICIAL OWNERS
background, associations or financial As previously mentioned in the Money Laun-
resources of a customer at the time dering chapter, the term “beneficial ownership,”
of onboarding, updating customer when used to refer to beneficial ownership of a
documentation or due diligence financial account, is conventionally understood
• Employee is involved in completing or to refer to the person who maintains ultimate
expediting financial or business transactions control over funds in an account through owner-
where the identity of the counter party or ship or other means. “Control” in this sense is dis-
ultimate beneficiary is not identified tinguished from mere signature authority or legal
Employee accounts or other accounts linked title. The specific definition of a beneficial owner
to the employee, such as those opened in of a legal entity includes an individual who owns
or controls, directly or indirectly, greater than a
certain percentage of the legal entity.
Beneficial ownership recognizes that a person in

whose name an account is opened with a finan-
cial services provider or other organization is
not necessarily the person who ultimately con-
trols these funds. This distinction is important
because the focus of financial crime and AML
efforts should be on the person who has this ulti-
mate level of control. Placing the emphasis on this
person is typically a necessary step in determin-
ing the source of wealth. The beneficial owner
concept plays an important but understated role
in the global crackdown on corruption, fraud,
money laundering and tax evasion.
230
Determining beneficial ownership has become There are no firm rules on what constitutes sus-
increasingly important from a regulatory stand- picious activity. However, there are known typol-
point internationally and in many nations. The ogies of transactions and other activities that
Financial Action Task Force now emphasizes it serve as common indicators of financial crime,
in its recommendations and interpretive notes. including money laundering. In addition, activity
Beneficial ownership involves establishing mech- that is not consistent with a customer’s known
anisms to record basic information about the style of living, source of income or wealth, type
organization or individual to enable financial of business, or type of accounts or services used
institutions, the pertinent authorities and others should be scrutinized.
to determine the true ownership. This is needed
to conduct appropriate due diligence on the Because most organizations must monitor and
real customer. attempt to flag thousands and maybe millions of
transactions each day, they should employ a risk-
Many countries and the FATF have progres- based approach determined by elements such as
sively raised expectations regarding beneficial their business profile, location, types of prod-
ownership rules. For example, the US Finan- ucts and services offered, third-party relation-
cial Crimes Enforcement Network, which is that ships and geography. When suspicious or unusual
nation’s Financial Intelligence Unit, has officially activity is detected, organizations must investi-
announced that it may require the institutions it gate to determine if there is a reasonable expla-
regulates to determine the names of individuals nation for the activity, or if there is a likelihood of
who directly or indirectly own more than 25 per- financial crime in the broad sense.
cent of a legal entity that has a relationship with
the financial institution. If financial crime, including money laundering, is
suspected, or if the activity cannot be reason-
Beneficial ownership has also been a central ably explained, the organization is likely obliged
focus of the FATF’s mutual evaluation process as to report the activity through a suspicious activ-
to the adequacy of controls that exist in various ity report or suspicious transaction report. This
nations. This focus is part of a larger strategy to depends on the requirements of the country in
improve the availability of beneficial ownership which it operates. Each country’s laws and reg-
information for legal entities that open accounts ulations dictate the length of time the organi-
or conduct transactions through financial insti- zation has to report the suspicious activity, the
tutions and to facilitate the implementation of frequency of additional reporting if the activity
global standards for obtaining beneficial own- continues, and the length of time it must main-
ership information by financial institutions and tain these records.
other business organizations.
It should be noted that suspicious activity report-
ing often takes place in two contexts: reporting
DETECTING AND REPORTING within an organization or institution, or reporting
SUSPICIOUS ACTIVITY to external government agencies and regulators.
Financial institutions in most countries, includ-
ing non-bank financial services providers, are In the case of reporting to government agencies,
required to monitor customer and entity behavior many jurisdictions have specific reporting forms
to detect transactions or activity which could be they must complete and file with a regulatory or
indicative of money laundering or other financial enforcement agency. In Canada, for example, the
crime activity. This includes corruption, tax eva- forms for financial institutions are called “Suspi-
sion, fraud and terrorist financing. cious Transaction Reports (STRs)” and are filed
231
with FINTRAC, that nation’s governmental finan- Along with training, other general best practices
cial intelligence unit, or FIU. In the US, the forms for a reporting program include:
are called “Suspicious Activity Reports (SARs)”
and are filed with the Financial Crimes Enforce- • Processes to identify suspicious activity
ment Network. In most jurisdictions, reports are through multiple channels, including
filed with the governmental FIU, which then has alerts produced by transaction monitoring
the responsibility of analyzing and disseminating systems, referrals or notifications from
them to law enforcement. employees, and requests or queries from law
enforcement and regulators.
Most jurisdictions have clearly prescribed pro- • Investigation and review processes for each
cedures for filing suspicious transaction reports, suspicious activity identified.
along with standard forms or electronic filing • Decision-making procedures for when to
systems that institutions use. These forms typi- file a report, when to escalate the decision
cally contain several sections: and when to decline, supported by thorough
• Contact information for the filing institution documentation.
• Information on the institution where • Periodic briefings to senior management

suspicious activity occurred that can include metrics on suspicious
activity reporting, amounts involved, notable
• Information on the subject(s) involved trends and any issues requiring immediate
in the suspicious activity, including attention. In some jurisdictions, this periodic
personal information, account and reporting is a regulatory requirement.
transactional details
• Ongoing review, quality assurance
• Fields to select the type(s) of suspicious and oversight of STR/SAR filing
activity being reported program – Ongoing oversight can include
• A narrative portion, in which the filer can several elements:
describe the activity and provide further » Periodic evaluations of actual reports filed
supporting details for quality and completeness
Training on effective suspicious transaction » Reviews of the decision-making process and

reporting is a critically important part of an insti- accompanying documentation
tution’s overall compliance training program. » Procedures for oversight of the employees
STRs/SARs are the main mechanism the financial responsible for filing reports
sector uses to provide intelligence on potential
financial crime to law enforcement. Additionally, many institutions and organizations
will have some system of internal reporting of
In some cases, high-quality reports provided by suspicious activity. One example could be slightly
a well-trained compliance staffer can literally uncharacteristic or irregular transactions in a
make or break an investigation. A form’s narrative business account that, while they do not rise
section can be particularly useful in this regard, to the level of a governmental suspicious activ-
allowing an institution to provide insights on the ity report, may still warrant monitoring and fol-
transactions and supporting intelligence that low-up. An institution employee may file a report
otherwise would not be available in the standard with their internal FIU to flag the account for
form fields. further review.
232
The information provided in suspicious activity financial crime and money laundering
reports to governmental FIUs is a key resource typologies or red flags
for law enforcement investigations in many juris- • Statistical profiling scenarios that identify
dictions. Information from suspicious activity unusual activity by modeling typical or
reports can help enforcement agencies find infor- expected activity profiles for a specific
mation on individual accounts or persons they customer or type of customer and
are investigating, or alert them to new potential identifying outliers
criminal activity in progress.
Some software leverages both approaches to help
Suspicious activity reporting can also be used by ensure the best possible detection capabilities. In
institutions or law enforcement to get a high-level addition, most transaction monitoring systems
view of financial crime in a given area or jurisdic- also provide alert and investigations management
tion. Governmental FIUs can analyze all reports systems to facilitate and document the analysis
involving mortgage fraud, for example, and place and investigation of alerts and cases.
that information on a map to gain a better under-
standing of where such fraud is happening most Cases are reviewed by financial crime analysts,
frequently. Internal FIUs can conduct similar ana- including those devoted to AML, who investigate
lytics. This ability to capture large-scale financial the activity along with supporting data and infor-
crime trends can help institutions and govern- mation. The analyst then determines whether to
ments allocate resources more effectively. clear the case or escalate it for further review and
action, including suspicious activity reporting in
the appropriate jurisdiction.
OVERVIEW OF AML COMPLIANCE
MONITORING SYSTEMS Like any other element of the compliance pro-
Because of evolving regulatory expectations, as gram, transaction monitoring solutions require
well as the volume of customers, transactions ongoing quality assurance and review to func-
and data involved in monitoring and surveillance, tion effectively. This includes refining monitoring
many organizations leverage specialized technol- rules, statistical models, and the data feeding into
ogy to help meet their detection and reporting monitoring systems to address two types of prob-
requirements. The major types of information lematic issues: False positives and false negatives.
technology systems or solutions used in financial
crime in general, particularly AML and sanctions • False positives are transactions or
compliance, include the following: patterns that are not actually suspicious,
but incorrectly flagged as suspicious by
Transaction monitoring systems. An automated monitoring system
system, either a proprietary application or ven-
dor-provided solution, for ongoing scanning of • False negatives are transactions or patterns
transaction, customer and entity data. The solu- that are actually suspicious or indicative
tion filters, compiles and summarizes transaction of financial crime that are NOT flagged by
data and flags or alerts on instances of poten- transaction monitoring system
tially suspicious behavior. Detection is typically
accomplished through implementation of AML False positives tend to receive the most attention
scenarios that fall into two broad categories: from compliance staff, for understandable rea-
sons. A false positive is visible and apparent to
analysts, and dealing with large numbers of them
• Rules-based scenarios that identify specific can waste considerable time and resources. False
patterns of behavior related to known
233
It should be noted that false negatives can crop up

in any system used to monitor accounts, includ-
ing sanctions screening tools, negative news
sweeps, and others.
Sanctions and watch list filtering software. An

automated system, either proprietary or pro-
vided by a vendor, for filtering of customers and
entities that are present in sanctions lists or other
types of internal or external risk-based watch
lists. Scanning of accounts against sanctions
and watch lists is performed at the time of new
account opening and during periodic customer
database scans. Transaction reviews (often called
transaction filtering) against sanctions lists are
negatives are far less obvious, since by defini- performed as transactions and are initiated or
tion they trigger no alerts and are typically not received using either a batch or real-time pro-
detected until well after the fact, through peri- cess. Transactions involving sanctioned entities
odic audits, reviews triggered by suspicious activ- are blocked.
ity in an account, or even regulatory enforce-
ment actions. Know your customer and customer due diligence
modules. Increasingly, transaction monitoring
There are several issues that can lead to false solutions provide modules that support ongoing
negatives. In some instances, they are a result of monitoring and due diligence of customers and
sheer user error – Staff are not trained properly, accounts. These systems typically leverage cus-
or are not using the transaction monitoring sys- tomer data obtained at account opening as well
tem in the way it was designed. In other cases, as alerts or exceptions detected through ongo-
the system is not operating effectively – Rules ing monitoring. They also facilitate the recording
and scenarios are incomplete based on an insti- and updating of customer information and risk
tution’s financial crime risk, or not being prop- assessments.
erly applied.
Internal reports. Internally generated reports
In still other cases, false negatives result from or systems, such as large transaction reports,
data issues. Information is not flowing into the third-party activity, incident reports, leads data-
transaction monitoring system properly due to base and others, which flag activities and provide
technical issues, or an institution is not utiliz- important ancillary information that is used to
ing the full range of data it has at its disposal for analyze or investigate alerts or cases.
monitoring purposes.
Third-party data. Reports, online research
The goal of auditing a monitoring system should portals, and public record or proprietary data
be to reduce both, but any indication that mon- sources and analytics that are provided by third
itoring is leading to false negatives should gen- party data vendors and repositories. This infor-
erally be given priority. The existence of false mation is used at account opening for upfront
negatives can mean that a monitoring system is “know your customer and customer informa-
entirely missing activity that may be indicative of tion program” purposes, as well as to support
financial crime.
234
alerts analysis and investigation of suspicious or increased scrutiny of automated systems sup-
unusual activity. porting financial crime, AML and sanctions com-
pliance programs. Their recommendations often
Automation can play a key role in financial crime focus on validation of monitoring systems to
control programs and should be part of an organi- assess the integrity of data inputs, the accuracy
zation’s strategic planning process in information of algorithms, the appropriateness of thresholds
technology. Ongoing maintenance and evolution and scenarios, and the structure of case manage-
of these systems may be factored into the finan- ment, investigation and reporting.
cial crime compliance program as a component.
Financial institutions must put in place a program
This should include periodic validation of the sys- to consistently and regularly assess their compli-
tem through internal audit, regulatory examina- ance systems’ performance and apply corrective
tion, or third party independent evaluation opti- action to address deficiencies. Two key areas of
mizing the system through scenario and threshold evaluation should be included:
tuning, and improvements to data quality and
availability. It should also include changes made • Effectiveness: the system’s ability to properly
to enable prompt response in evolving regulatory identify and report suspicious activity and
requirements or new financial crime typologies, help ensure compliance with regulations, as
including those for money laundering and terror- well as reputational and legal integrity
ist financing. • Efficiency: the system’s ability to reduce
the number of false positive alerts or
exceptions while minimizing the risk
ONGOING TESTING AND DUE of “missing something.” Efficiency helps
DILIGENCE OF MONITORING AND reduce costs without increasing the risk of
REPORTING PROCESSES non-compliance.
In virtually every country, examiners conduct
Implementing a continuous system and perfor-
periodic examinations of AML and financial
mance assessment program facilitates the exam-
crime compliance programs. When reviewing
ination process, proactively addresses areas of
compliance monitoring and reporting systems,
regulatory focus, and contributes to operational
they usually focus on the adequacy of the system
efficiencies. A well-structured and rigorous com-
and evaluate the reasonableness of the scenarios
pliance program of periodic assessment coupled
and parameters applied, as well as changes to the
with independent testing can provide compli-
systems and policies.
ance officers, senior management and the board
of directors with the information needed to keep
Recently, they have begun to place more empha-
financial crime compliance program effective
sis on assessing the adequacy of the efforts of
and responsive.
financial institutions and other organizations to
ensure ongoing effectiveness and integrity. In
many countries, regulators have been signaling
235
Q 11-1. As the compliance officer in a national financial institution, you have recently
received an alert from your regulator warning of suspected bulk cash smuggling into your
jurisdiction.
Which recent activity might be indicative of bulk cash smuggling?
A. An increase in domestic wire transfers between another bank within your jurisdiction
and your financial institution
B. A significant number of cash withdrawals, all under $10,000, from your
financial institution
C. Large amounts of small denomination currency being sent from a Foreign Financial
Institution (FFI) to an account at your bank
D. A dramatic increase in domestic ACH transactions at your bank
Q 11-2. A US bank receives a letter of credit from an issuing bank in connection with
the purchase of wheat from a bank customer. The buyer/applicant is located in Belarus, a
country in which certain senior government officials are on the US Specially Designated
National (SDN) List. The country is not, however, subject to comprehensive US sanctions.
The buyer is determined to be a joint venture in which a Belarus SDN has a 50 percent
interest through two separate companies wholly owned by the SDN. Each has a 25 percent
interest in the joint venture. No funds have yet been received by the bank. Which state-
ment is true about this situation?
A. The letter of credit can be processed and the funds paid because the customer is not
on the SDN List, and the SDN does not have a majority or controlling interest.
B. The letter of credit can be processed and the funds paid because the US Office of
Foreign Assets Control (OFAC) has issued general licenses exempting food from
US sanctions.
C. The letter of credit must be blocked by the US bank and reported to OFAC even
though no funds have yet been received.
D. The letter of credit cannot be accepted or acted on so it must be returned to the
advising bank with notice that any funds received will be blocked.
236
Q 11-3. A small regional bank has recently started using a new transaction monitoring tool
that utilizes several custom scenarios to identify specific activity which was defined by the
Financial Crimes Compliance team. There are five scenarios that are live in production.
The Analytics team within Financial Crimes Compliance has performed some research on
the scenarios and is ready to make recommendation to management regarding possible
changes to the scenarios.
Which scenario(s) should the Analytics team recommend making changes to first?
A. Scenario A that has generated 100 alerts in the past three months and 50 percent of
those have been deemed suspicious and a suspicious transaction report was filed.
B. Scenario B that has generated 180 alerts with a 95 percent false positive rate.
C. Scenario C that has generated no alerts and there appears to be a problem with the
mapping of data.
D. Scenarios D and E that were put into production in the last 30 days to address a
matter requiring attention from a regulator.
237
CHAPTER 12
CYBERSECURITY
OVERVIEW
The international financial system, like many other segments

of the private and public sectors, has been transformed by the
technological developments of recent decades. Tools such as
online banking, electronic funds transfers and virtual curren-
cies have moved a huge portion of the world’s economic activity
and financial transactions into the digital realm.
238
CHAPTER 12 • CYBERSECURITY
Financial criminals have followed closely behind, financial crimes in and of themselves, designed
quickly adopting and exploiting online and elec- to directly steal assets from financial accounts.
tronic tools to their own illicit ends. Fraudsters Other cybercrimes, such as online identity theft
use social networks to make connections and and data breaches, are often one element in a
lend legitimacy to their false investments or non- wider financial crime scheme. Personal data
existent business enterprises. Organized crime stolen online, for example, may later be used to
rings use elaborate schemes to implant mal- create a false identity to apply for government
ware on the computers of businesses worldwide, benefits as part of a fraud scheme. Systems and
obtain passwords and login information, and networks can also be tampered with to dis-
drain millions from business accounts. Hackers, guise illicit transactions or destroy evidence of a
acting alone or in teams, breach the data systems financial crime.
of major corporations and government agen-
cies to steal and resell customer data, from bank Globally, incidents of cyber financial crime have
account access codes to credit card and tax iden- exploded in recent years. A report by cyber secu-
tification numbers. rity firm Symantec estimated that in 2011 more
than 232 million customer records were sto-
It is no exaggeration to say that financial crime len from private corporations across the globe.
has moved into a new digital era, and protecting Worldwide, 40 percent of all cyberattacks tar-
networks and data is essential to detecting and geted financial institutions, according to the 2012
preventing a wide range of financial crimes. Con- Data Breach Investigations Report by Verizon.
sequently, a working knowledge of cybersecurity
is rapidly becoming a necessity for all financial The type of entities orchestrating cybercrimes
crime professionals. has also changed considerably over the past
decade. Increasingly sophisticated organized
For the purposes of this Manual, the term cybercrime, terrorist and activist groups have moved
security is used in a broad sense. It encompasses into the cybercrime field, either for profit or to
methods to recognize, prevent and detect cyber- further a political or ideological agenda. State-
crimes, as well as the understanding of the recom- sponsored group and military organizations also
mended controls to prevent unauthorized access have a growing online presence, engaging in
from external actors. Recognizing that employ- covert cyber warfare operations that strike not
ees and other internal sources are a significant only government agencies but unwitting targets
financial crime risk as well, the concept of cyber- in the private sector.
security also includes policies and procedures to
safeguard against unauthorized internal access. Financial institutions of all types and sizes are
particularly at risk. Their online banking and
Additionally, data management and data privacy transaction services and wealth of potentially
also form another key component of cybersecu- valuable customer data make them rich pickings
rity, and this chapter will provide guidance on for traditional cybercriminals seeking money and
standards for retaining and destroying sensitive assets. At the same time, their strategic impor-
data, sharing data with law enforcement and tance makes institutions attractive targets to
transmitting data across international borders. state-sponsored groups looking to disrupt a
country’s economy, or “hacktivists” trying to
Cybercrimes, or criminal activities conducted send a message.
using online and electronic tools, can intersect
with financial crimes in a variety of ways. Some, All these factors make cybersecurity a criti-
like account takeovers previously mentioned, are cal front in the battle against financial crime.
239
that data directly or use that data to illicitly gain

control over funds, accounts or assets.
The sheer variety of cyber financial crimes would

make it impractical to assemble a comprehensive
list here, and constantly-changing tactics and
technologies would be likely to make such a list
obsolete soon after it was published. This sec-
tion examines some of the common techniques
employed in cyber financial crime, but it should
be noted that these techniques are very often
used in combination with one another. A phishing
attack by e-mail may steal one element of con-
It is important to note that cybersecurity is a fidential data needed to access a bank account,
fast-evolving field, with rapidly developing tech- while keystroke- logging malware may gather
nologies. The material presented here collects another, with the end result being a successful
and synthesizes best practices from a variety of account takeover scheme.
public and private sector sources. As always, the
financial crime specialist should seek to apply it Whether investigating cyber financial crimes or
to the specific circumstances of their organiza- building controls to prevent them, the financial
tion and profession. crime specialist should look out for the ways that
one cybercrime can feed into and amplify another,
and likewise understand how one data breach can
RECOGNIZING AND DETECTING
leave an entire account or network vulnerable.
CYBER FINANCIAL CRIME
Cyber financial crimes may have emerged more
recently than their real-world counterparts, but SOCIAL ENGINEERING
they are rapidly becoming just as diverse and Broadly defined, social engineering is the act of
pervasive. With only a computer and Internet deceiving or manipulating a target into turning
connection required for many crimes, the barrier over confidential information or personal data.
to entry is quite low, and cybercrime schemes are This differs from using technical hacking tech-
often limited only by the criminal’s imagination niques, such as computer programs that crack
and ingenuity. passwords or break encryption. In recent years,
cyber financial crime schemes have become
It is important to recognize that cyber crim- increasingly reliant on social engineering, and
inals may have a wide range of motives. Not all the majority of data thefts from corporations and
cybercrimes are driven by the pursuit of finan- financial institutions currently involve some ele-
cial gain, and not all can be considered finan- ment of social engineering.
cial crimes. A state-sponsored cyber-espionage
unit may breach a defense contractor’s network Although the term “social engineering” was
in order to steal military technology, for exam- coined in the 90s, the strategies it relies on are
ple, or a hacker may vandalize a website purely much older, and are essentially the same as what
for their own amusement and bragging rights. con men and fraudsters have been using for hun-
Cyber financial crimes have a profit motive, and dreds of years. Assisted by technology, social
primarily revolve around efforts to obtain or steal engineering schemes exploit human tendencies
data, with the ultimate goal being to either sell to trust appearances and take communications at
240
face value, particularly those from authoritative Traditionally, phishing has been a technique
persons or sources. intended to facilitate identity theft schemes tar-
geting customers of financial institutions. Over
Social engineering schemes can and often do the past several years, phishers have expanded
occur through multiple channels. Some social their targets, attacking government agencies
engineering schemes may use phone calls imper- such as the US Internal Revenue Service, and
sonating a bank employee, auditor or law enforce- social networking websites in an attempt to steal
ment agent to deceive a target into turning over personal identifying information also used in the
confidential information. Others may use social commission of various identity theft and account
networks to contact targets, build credibility by take over schemes.
conducting background research on targets, or
create fake profiles to impersonate a target’s real There are several variations to phishing attempts:
friends or business associates. Email Phishing. The most common form of phish-
ing is via email. Phishers ‘spam,’ or send the same
Criminals leveraging social engineering schemes phishing email to millions of individual e-mail
have even appeared in-person at financial insti- addresses, requesting the recipient to divulge
tutions and other companies posing as “security personal information under false pretenses. They
consultants” or law enforcement agents, in order typically send the victims to a fake website that
to steal data from internal networks or install looks almost identical to the actual site the vic-
malware on company computers. However, by tims thought they were going to. These pieces of
far the most common type of social engineering information are then used by phishers for vari-
is phishing through electronic communications, ous illegal activities, but, most commonly, to
which is explained in more detail below. facilitate an identity theft scheme. Most phishing
email messages have an urgent subject line which
Consequently, there is no one-size-fits-all strat- requests the user to enter their credentials to
egy for guarding against social engineering at update account information, change passwords
organizations, whether banks, businesses or gov- or verify account details.
ernment agencies. One low-tech, but effective,
solution is employee training. These types of attack have a relatively low suc-
cess rate now that people are more skilled at
PHISHING recognizing these types of email. But even a tiny
Phishing refers to the act of sending an email or success rate on the millions of phishing emails
other electronic message falsely claiming to be a sent per day means that many still fall victim to
legitimate communication in order to manipulate this type of attack.
the recipient into providing confidential informa-
tion. Typically, a phishing message will direct the Man-in-the-Middle Attack. Man-in-the-Middle
recipient to a sham website with the same look Attacks are one of the more sophisticated phish-
and feel as the legitimate website of a business, ing techniques in which the phisher is virtually
government agency or other organization, and located in between the legitimate website and
instruct the unsuspecting user to divulge sensi- the user terminal. The phisher intercepts details
tive information such as passwords, credit card during a transaction between the legitimate web-
numbers and bank account information. The site and the user. As the users enter their personal
website, however, is not genuine and solely cre- information, it is then captured by the phishers
ated in an attempt to steal the user’s information. without the user’s knowledge.
241
Man-in-the-Middle attacks require far more SMS Phishing. Similar to IM Phishing, SMS
sophistication that standard phishing attacks, but Phishing (also known as Smishing), is sending
are far more successful. Since victims are going SMS messages to people’s phones with links to
to the real website of the organization in the link site that will capture their information.
provided, and the safeguards users might have
installed to recognize phishing sites, like antivi- Voice Phishing. Also known as Vishing, this is a
rus or browser controls, will not detect this. very straight forward type of social engineering
in which a scammer simply calls an organization
Instant Messaging Phishing. Similar to email and pretends to be someone in authority to con-
phishing, instant message phishing is the method vince the person they called to reveal passwords
by which the user receives a message via an and other confidential information. Skilled con
instant messaging software program with a link men can be surprisingly successful at eliciting
directing them to a phishing website which has information from a victim over a phone.
the same look and feel as the legitimate website.
The user is then prompted to enter their personal Spear-Phishing. A more refined phishing tech-
information. nique, spear-phishing involves sending targeted
A Graphic Displaying the Process Organized Cybercrime Rings will Sometimes Use in Business Email Compromise
Attacks. Source: U.S. Federal Bureau of Investigations.
242
messages with information or content tailored executive. The message will request immediate
to a specific recipient, thereby increasing the payment to a vendor or other party, indicating it’s
likelihood they will believe it is a genuine mes- a very urgent matter – the payment must be com-
sage. What distinguishes spear-phishing from pleted before the close of business.
traditional phishing schemes that typically rely
on template messages sent out to large numbers Of course, no such vendor exists. The message
of recipients, is the inclusion of some personal includes payment instructions to an account
information about the recipient. controlled by the cyberfraudster, typically in
another country. Once transferred, the funds
Spear-phishing messages can be quite sophisti- will be laundered through further accounts and
cated, and may include the subject’s name and effectively disappear.
personal identifying information. They may also
mimic messages from a recipient’s friends, rela- Attackers will either spoof the sender’s email
tions or business associates. Spear-phishers must address or create a new address that looks nearly
have some level of information on their recipi- identical. In other cases, attackers obtain a tar-
ent in order to make their message seem plausi- get’s email account credentials and take control
ble, and as a result, spear-phishing is often used of it to send messages.
in combination with data breaches or theft. For
example, a phisher may gather some personal In a variation, messages are sent directly to a
details on a subject by stealing them from a com- financial institution, purportedly from a busi-
pany database, and then use that information to ness executive controlling the account, direct-
follow up with a directed phishing message to ing that funds be transferred to another party
obtain login credentials for a bank account. immediately.
Victims are far more likely to be susceptible to Another tactic is for cybercriminals to imperson-
a spear phishing attempt that a simple tem- ate a supplier or vendor, and contact a company
plate-based phishing attempt. Many people by with updated account information for monthly
second nature recognize the standard phishing payments. In one case in 2016, a Lithuanian man
attempts that fill our email boxes and delete them was able to steal $100 million from tech giants
by reflex. The inclusion of some individuality to Google and Facebook in a matter of months using
the attempt makes it appear far more authentic this technique.
and is much more likely to be successful.
Attackers will either spoof the sender’s email
BUSINESS EMAIL COMPROMISE address, or create a new address that looks nearly
Business email compromise (BEC) is a variant identical. In other cases, attackers obtain a tar-
of social engineering that has been lucrative get’s email account credentials, and take control
for cybercriminals. In simple terms, a fraudster of it to send messages. Overall, the FBI estimated
impersonates someone else via email to deceive that BEC was responsible for $3.1 billion in losses
a target into making a wire transfer, processing in 2016 alone.
a payment or otherwise taking actions that will
transmit funds to the attackers. PROTECTING AGAINST BEC ATTACKS
Fortunately, there are some relatively low-
In one common example, cybercriminals send tech policies and procedures that you can use
a message to a company employee in accounts to protect against BEC and other social engi-
payable or the finance department that appears neering attacks.
to be sent from the company CEO, CFO or other
243
One is requiring more than one employee in a Other prevention steps include the following:
company to authorize a wire transfer, vendor
account update or transmittal of sensitive data. • Verify the hyperlinks within electronic
Depending on the size and sensitivity, you may communication. This can usually be done by
require multiple individuals to sign off. hovering a mouse cursor over links to view
the true URL, although this is not a sure-fire
Another is verifying with the person who sup- solution, as links can be masked.
posedly sent the email. This confirmation should • Remain cautious about opening electronic
always be done through an outside channel, such communication attachments and
as known phone numbers or company web sites or downloading files from electronic
- not by replying to the email, text or voice mes- communication. If the message is suspect or
sage, or calling any numbers provided in the not from a known source, at a minimum, files
message, as these are likely to be controlled by should be scanned by antivirus program.
the fraudster. • Never send personal or financial information
via electronic communication, and only
Ongoing training and awareness on the part of all provide personal or financial information
employees is perhaps the best defense. Like other through an organization’s website once it has
forms of fraud, social engineering often preys on been reviewed to ensure its legitimacy
the shared human desire to be helpful, and the
tendency to take things at face value.
ACCOUNT TAKEOVER
Every individual should maintain a level of pro-
Account takeover is one of the more common
fessional skepticism when dealing with email,
forms of identity theft, occurring when a fraud-
text and phone communications, especially those
ster obtains unauthorized access to an individual
that are out of the ordinary. Simple steps like
or organization’s financial accounts. The nature
reviewing an email header, checking hyperlinks
of the takeover and the level of sophistication can
in a text a message before clicking, or scanning
vary. In the simplest form, an attacker could use
email attachments before opening can head off
malware, phishing or other techniques to obtain
a social engineering attack before it starts. A
a person’s online banking credentials, then access
company’s networks are only as secure as their
the account and initiate transfers.
weakest point.
More elaborate attacks might gain account cre-
PREVENTION & DETECTION OF SOCIAL
dentials and some personally identifying infor-
ENGINEERING ATTACKS mation (such as the victim’s tax identification
The most effective method in the detection of number or answers to online security questions)
potential cyber fraud is to stay educated and and use this to change the official mailing address
up-to-date on phishing techniques and identity or online banking credentials with that individu-
theft schemes, as well as become familiar with al’s financial institution. Once accomplished, the
the channels that legitimate organizations use to fraudster can perform unauthorized transactions
communicate with their customers. Legitimate using the victims account without the victim’s
companies and government agencies will almost knowledge ( cash withdrawals, check orders, wire
never request personal identifying information transfers, online banking transactions, etc.).
via electronic communication. Any electronic
communication requesting such information Account take over (ATO) schemes are often the
should be treated as highly suspicious. end result of a combination of many identity theft
tactics used to obtain personal information. ATO
244
schemes can impact nearly any financial product cash or assets in a physical location. Do
or account type across all customer segments not use unprotected Internet connections.
within a financial institution, including individ- Sensitive data should be encrypted, and virus
ual customers, small-business customers, private protections should be updated regularly.
banking customers and large commercial and • Using complex passwords that are changed
corporate customers. Small businesses and non- regularly. This can make it more difficult for
profit organizations are an especially common financial criminals behind ATOs to capture
target of ATO attacks, as they typically hold more a password, or guess it if they have already
funds in their accounts than individuals, but tend gathered other personal data.
to have less robust cybersecurity programs than
larger organizations. • Multifactor or strong authentication. These
are systems that require multiple pieces of
Although it is difficult to produce hard numbers evidence to verify a user before they are
on losses, some security analysts estimate that allowed access to an account. Traditionally, a
$2 to $3 billion per year is stolen solely from US multifactor system requires 2 of 3 “factors” to
accounts in account takeover attacks. In a 2011 allow access, which are:
survey of more than 500 US small businesses » Something a user knows (password or
conducted by a cybersecurity firm, 56 percent personal information)
of the respondents said they had been targets » Something the user has (typically a
of fraud involving electronic payments in the card or token)
past year. About 75 percent of those said they
were the subject of an attempted or successful » Something the user is (fingerprints, voice ID
account takeover. or other biometric identification)
• Multi-channel authentication. Although a
As previously mentioned, account takeovers are robust system for verifying users, multifactor
often the end result of identity theft schemes. authentication is not always practical
Social engineering and phishing are common online. In its place, some organizations use
methods to obtain the data needed to take con- multichannel authentication to verify a user
trol of a financial account, as are malware such or confirm a transaction, especially if it is
as trojans and keystroke loggers, which will be suspicious or above a certain threshold.
discussed later in this chapter. In addition, illicit One simple example of multichannel
actions in the real world, such as mail theft or the authentication would be an institution that
theft of personal items or documents, dumpster asks users to log in to their account with a
diving and even “shoulder surfing” (surreptitiously standard password and username, and then
watching a person as they log in to accounts) can has an employee call or text the user to
be used to support ATOs. confirm before executing the transaction.
• Understanding responsibilities and
The adaptability, breadth and combination of liabilities. Many account agreements with
such schemes make them increasingly difficult to a bank or financial institution detail what
detect and prevent, as it is often very difficult to reasonable security measures are required
determine the root causes and how an account to protect accounts. In some cases, these
take over scam was perpetrated. Other methods may direct an accountholder to implement
to prevent ATO schemes, as well as mitigate the measures. It is critical that users understand
damage should they occur, include the following: and implement the security safeguards in
• Protecting the cyber environment. A cyber the agreement. If they do not, they could be
environment should be guarded just as would liable for losses resulting from a takeover.
245
CASE STUDY - EPSILON DATA BREACH

On March 30, 2011, network security at Epsilon, What is significant about the Epsilon breach is
the world’s largest distributor of permission- that attackers did not directly seek credit card
based email, was breached and millions of per- numbers or other sensitive financial data. The
sonal email addresses were exposed. At the attack was intended to steal individual e-mail
time, Epsilon was sending 40 billion marketing addresses, names and other personal identi-
emails per year for 2,500 corporate custom- fying information of individuals, most likely
ers, including Best Buy, Capital One, JPMorgan to support other cybercrime schemes like
Chase, Citi, Home Shopping Network and oth- spear-phishing attacks.
ers. The company was believed to store more
than 250 million e-mail addresses. The attack began with basic phishing attacks
against Epsilon employees. This basic phish-
The company had been warned by ReturnPath, ing attack sent a few employees to a fake
a cyber-security firm, in 2010 to prepare for website that installed malware on their com-
an increase in phishing and hacking attempts puters. This malware allowed remote hack-
against email distributors. Epsilon heeded ers to log into their machine via the internet
the warning and installed additional protec- and access the data Epsilon had through their
tion that was designed to monitor traffic and own internal computers. As mentioned earlier,
to alert administrators of unusual activity or this will likely result in spear-phishing attacks
download patterns. Even so, these counter- against the final targets, the accounts at Epsi-
measures were not sufficient to detect and lon. Spear phishing attacks are usually geared
prevent the data breach, in which unknown toward account takeovers for the ultimate
attackers gained access to servers containing financial goal.
tens of millions of names and e-mail addresses.
This is an example of how multiple types of
Epsilon notified its corporate customers attacks can be cascaded to achieve account
almost immediately of the security breach, and takeovers. Cyber criminals will continue to get
these companies began to contact the individ- more creative to accomplish their goals. The
uals whose email addresses had been com- eventual account takeovers that might result
promised. Epsilon also notified enforcement from this attack will have required six or seven
and participated in an extensive investigation steps. The cost of this attack on Epsilon’s rep-
with the Secret Service to determine how the utation, and ultimately its bottom line, will
breach happened and how to secure against be staggering.
further attacks.
It is very important to note that all steps to pre- rity or authentication processes. User activity
vent account takeovers, as well as cybercrimes in and transactions must be assessed to determine
general, should be proportionate to the risks of what is normal, and actions that deviate from that
the user and transaction. baseline should receive greater scrutiny. Trans-
actions above a certain threshold, in unusual
Consequently, not every user, every log in by a amounts or at odd dates or times, or an account
user, or every online transaction a user attempts being accessed from an unknown IP address or
to conduct should be subject to the same secu- location, should all be subject to stronger authen-
246
tication and monitoring than routine transac- • A small funds transfer to a previously
tions or logins that fit the user’s typical patterns. unknown recipient, followed by one or more
larger transfers to the recipient in a short
In some cases, an institution implementing what period of time
it believes to be a rigorous approach can actually • A series of funds transfers to a recipient
be harmful if it is not tailored to specific risks and located in another country or jurisdiction
situations. In one notable recent example, a small that are uncharacteristic for the customer
bank was sued by a corporation whose business
account was taken over by an Eastern European • Disabling or changing transaction alerts
hacking gang. The judge ultimately ruled in favor and/or notifications in a customer’s online
of the corporation due to the bank’s insuffi- banking accounts
cient data security policies and protections. One • Logins to a customer’s account from different
shortcoming cited was the bank’s requiring users or unusual IP addresses
to answer security questions before conducting
any transaction above $1, which gave hackers USE OF MALWARE
many opportunities to intercept the needed data Malware is a class of malicious or intrusive com-
for the account takeover. puter code (or software application) that includes
viruses, trojan horses and computer worms used
Although the bank considered this to be a robust by attackers to obtain personal/non-public user
security measure, it really only served to give information. They can also be used to gain access
cybercriminals more chances to obtain infor- to or control over private computer systems and
mation that would help them access the account. databases, or interrupt a computer’s functional-
Like compliance in other financial crime fields, ity and availability to its users. Malware’s objec-
data security programs and controls should be tive is typically to remain undetected, either
risk-based, not one-size-fits-all. by actively hiding within a computer system or
by simply not making its presence on a system
known to the user.
ACCOUNT TAKEOVER RED FLAGS
Red flags of account takeover can be similar to • Computer Virus- a computer program
those for other forms of fraud, which is to say, that can replicate itself and extend from
activity that does not have a clear rationale or one computer to another through actions
match the expected behavior of the customer. undertaken by the user intervention to
Red flags can also include actions taken in an proliferate.
online banking account that could potentially • Trojan horse or Trojan- a non-self-
conceal the attacker’s intrusion from detection. replicating type of malware which appears
Some examples include the following: to perform a desirable function of a
legitimate software application but instead
• Logins to customer accounts and/or funds facilitates unauthorized access to the user’s
transfers at unusual times of day or outside computer system.
of a customer’s normal hours • Computer Worm - a standalone malware
• New accounts or payees linked to an online computer program that replicates for the
account, followed by one or multiple funds purposes of spreading to other computers
transfers initiated to these new accounts automatically.
shortly afterwards
One common type of malware used in financial
crime schemes, which can be deployed as a Tro-
247
jan or worm, is a keystroke logger. This piece of legitimate ones, or transferred over file-shar-
software runs surreptitiously on the background ing services.
of a user’s computer, capturing everything typed
on a computer’s keyboard and periodically trans- Enterprising cybercriminals have even found
mitting that information to another computer or ways to program malware onto the “firmware” of
external network. Eventually, those keystrokes devices like wireless routers and USBs. Firmware
are parsed and analyzed by a financial criminal is the permanent software that comes embedded
to find passwords, logins and other sensitive per- into a device’s memory.
sonal information. There are a number of varia-
tions on keystroke loggers, such as malware, that Advanced cybercriminals will write their own
secretly takes screenshots of a user’s computer. malware programs, but more common is pur-
chasing or modifying an existing one. Thousands
Any channel used to connect computers and of malware applications are available for sale or
transmit data can be exploited to spread malware. even free download on web forums and dark web
Compromised websites or “attack sites” and mal- marketplaces.
ware bundled into email attachments are com-
mon vectors. Malware can also be packaged into RANSOMWARE
other applications downloaded online, including Ransomware is one strain of malware that has
proven popular among cybercriminals – and
A Screenshot of a Computer Infected with the Petya Ransomware, a Variant that Appeared in 2016 and Spread
Quickly in the Ukraine and Europe.
248
highly disruptive for their victims. Ransomware location that is not connected to the internal net-
prevents a user from accessing their computer or work or Internet.
locks files until a ransom is paid, typically through
cryptocurrencies. Some versions are a form of MALWARE PREVENTION & DETECTION
“scareware,” which attempt to frighten a victim The vast majority of Internet users globally have
into paying by threatening to permanently lock knowingly or unknowingly been impacted by or
or delete files, even though the program doesn’t otherwise been exposed to malware. Similar to
have that ability. phishing, malware presents significant risks to
nearly any computer user as a result of the mali-
More advanced ransomware will actually encrypt cious code’s ability to infect users either in an
files. Cybercriminals will then only provide the undetectable environment or embedded within
key to unlock them upon receipt of payment – if legitimate software applications. Below are some
they provide it at all. industry best practices around avoiding mal-
ware attacks.
Ransomware is available in a “malware as a ser-
vice” model, which accounted in part for its rapid • Use reputable antivirus software program
rise in popularity in the mid 2010s. On the dark on computers, and keep the computer’s
web, a cybercriminal can purchase a package operating system and anti-virus
that includes a ransomware program and every- software up to date.
thing needed to get it up and running, spamming • Remain cautious about opening electronic
services to distribute it, cryptocurrency wal- communication attachments and or
lets to receive payment, and even ongoing tech- downloading files online, especially if the site
nical support. or source is unknown or unverified.
It’s not just individuals that have been targeted • Browse the Internet responsibly by only
by ransomware. Entire companies and govern- visiting reputable web sites.
ment agencies have had operations disrupted • Do not click on pop-up advertisements,
and networks shut down. Ransomware has had especially advertisements pertaining to anti-
serious impacts on critical infrastructure, such virus or anti-spyware software.
as healthcare providers, energy companies and
transportation services. In 2016, a global ran- Outside of programs designed explicitly to dis-
somware attack dubbed WannaCry led several rupt or destroy computer networks, malware is
hospitals in the UK’s National Health Service to rarely used in isolation and is usually a means
redirect patients and cancel surgeries after their of facilitating another crime. Although the steps
networks were hit with encryption. Overall, the to prevent it are relatively straightforward, they
WannaCry program struck an estimated 200,000 should be used in conjunction with other security
computers across 150 countries. controls and protocols. The following section of
this chapter will detail some industry best prac-
One of the best safeguards against ransomware tices and standards for network security and the
is robust data backups. Organizations should detection and prevention of unauthorized access.
ensure that they are backing up data, especially
sensitive or essential data, on a regular basis and OTHER TYPES OF ATTACK
in more than one location. To maximize the secu- Network vulnerabilities are simply weaknesses in
rity of sensitive data, backups should take place a system that can be exploited by a cyber- threat.
in three locations – internally, on a location off Several system vulnerabilities are explained below
their internal network, and on a third external
249
in detail. Reducing a system’s vulnerabilities will devices for data analysis or modification or to
reduce the number and impact of such threats. steal the password file from the server and gain
access to user accounts
IPL (Initial Program Load) vulnerabilities. The
start of a network or system, called the initial Representative Examples – Unauthorized
program load (IPL), presents very specific sys- Network Access
tem vulnerabilities. During the IPL, the operator
brings up an organization’s system and can per- • The FBI arrested a computer programmer
form operations to compromise the security. An in New York and charged him with stealing
operator could load unauthorized programs or proprietary software code from the Federal
data, reset passwords, rename various resources, Reserve Bank of New York (FRBNY). This
reset the system’s time and date and bypass the software, which handles all kinds of US
security checks. government financial transactions, cost more
than $9 million to develop.
Traffic analysis. An intruder analyzes data char- • A 31-year-old Russian national living in
acteristics (message length, message frequency New York, was charged with hacking into
and so forth) and the patterns of transmissions accounts at Fidelity, Scottrade, E*Trade and
(rather than any knowledge of the actual infor- Schwab in a complex scheme that involved
mation transmitted) to infer information that making unauthorized trades that profited the
might be useful to an intruder. gang he recruited to open bank accounts to
receive the illegal proceeds. The brokerage
Data scavenging attacks. This is the technique of firms said they lost $1 million because
piecing together information from found bits of of his fraud.
data on a network, and using that data to expose • Yahoo accidentally leaked the private key
weaknesses or launch a cyberattack. that was used to digitally sign its new Axis
extension for Google Chrome. Axis is a new
Network address hijacking. It may be possi- search and browsing tool from Yahoo. A
ble for an intruder to reroute data traffic from a security blogger discovered the package
server or network device to a personal machine, including the private crypto key, noting it
either by device address modification or by net- offered a malicious attacker the ability “to
work address “hijacking.” This diversion enables create a forged extension that Chrome will
the intruder to capture traffic to and from the authenticate as being from Yahoo.” Yahoo
was forced to release a new version of its
Axis extension for Google Chrome.
PLANNING A
CYBERSECURITY PROGRAM
Considering the amount of sensitive data within
their custody, such as personal identifying infor-
mation, financial records and other forms of non-
public information, cybersecurity is a critical
element for most companies and organizations.
Organizations should constantly be taking pro-
active measures to protect themselves against
internal misuse or theft of data, external theft
250
of data and the threat of malware intrusions on The following are introductory steps an organi-
their networks. zation should consider when first deciding on its
cybersecurity approach:
Proper cybersecurity policies and procedures
allow organizations to effectively manage the pro- • Assess what networks and data are being
tection of their physical and financial resources, protected, which may include data from
reputation, legal position, employees, and other clients, such as personally identifying
tangible and intangible assets. information of customers, an organization’s
own internal data, and the networks required
Some of the same core principles from the finan- to run the organization’s operations.
cial crime compliance arena also apply to cyber- • Assess risks and cyber threats facing the
security. One of these is assessing risks and organization, and compare this against an
building controls and protections accordingly. A assessment of systems and information
cyber security plan starts with a risk assessment. requiring protect to determine the areas of
highest priority.
PRACTICAL EXAMPLE—CYBER BANKING FRAUD

In many cases, large corporations and major the malicious software installed itself on the
financial institutions are less vulnerable to victimized computer, secretly capturing pass-
cyber attacks than smaller organizations, as words, account numbers, and other data used
they often devote considerable resources to to log into online banking accounts.
online and data security. As a result, cyber-
criminals frequently target the accounts of The hackers used this information to take
medium-sized companies, towns, non-profits over the victims’ bank accounts and make
and even churches. In one notable example unauthorized transfers of thousands of dol-
from 2010, members of an account takeover lars at a time, often routing the funds to other
ring managed to steal $70 million from small accounts controlled by a network of “money
and mid-size US organizations. mules,” many recruited from overseas. They
created bank accounts using fake documents
“This was a major theft ring,” said Gordon Snow, and phony names, where money from hacked
assistant director of the FBI’s Cyber Division accounts was transmitted. Once the money
in a statement after members of the ring were was in a mule’s account, they could either
arrested. “Global criminal activity on this scale wire it back to their bosses in Eastern Europe
is a threat to our financial infrastructure, and or turn it into cash and smuggle it out of the
it can only be effectively countered through country. The mules received a commission
the kind of international cooperation we have for their work, and some were unwitting par-
seen in this case.” ticipants in the scheme, believing they were
helping a real business to conduct legitimate
Using a Trojan horse virus known as Zeus, financial transactions. In all, the global theft
hackers in Eastern Europe infected computers ring attempted to steal some $220 million and
around the world. The virus was carried in an was actively involved in using Zeus to infect
e-mail, and when targeted individuals at busi- more computers.
nesses and municipalities opened the e-mail,
251
• Establish a methodology to assess the sion of the Internet, big data and mobile access,
adequacy of existing cybersecurity controls there is a greater demand placed on companies
against the perceived level of risk. to safeguard their intranet and extranets.
• Create cybersecurity policies, including
measures to assess whether policies are The Internet is defined as a global network that
being followed, and plans for periodic links computers worldwide and uses data trans-
reassessment. A good security plan should fer protocols, such as FTP and HTTP, to trans-
be flexible to technology and staff changes, fer information and data across locations. An
scalable, informative and user friendly, intranet is a private or closed network that uses
considering security is a daily issue. internet technology. For example, a company’s
intranet site can only be used by its employees
• Consider the human aspects of cybersecurity. and approved contractors to access specific non-
A 2014 study of cyber incidents by IBM found public company information such as corporate
that 90 percent had a human component policies, announcements, corporate financial
to them, meaning that the actions of an information, employee forums, internal job post-
employee helped further the cyber attack ings and event calendars.
rather than a purely technical failure. An
organization’s internal security practices An extranet is a computer network that facili-
and training are as important as its controls tates controlled access from the outside, for spe-
around network access from the outside. cific business or informative purposes. Access is
• Recognize that cybersecurity also has a restricted to particular outside users and specific
physical component. Attackers will use any information within the network. Information can
weak point to launch an attack, including be shared from various areas of the business, and
physical vulnerabilities. In past cases, can be used to communicate sales and customer
cyberfraudsters have posed as consultants services, product development and marketing
for a financial institution, using forged and personnel recruitment, among other things.
security badges to enter the server room
and steal data directly off the institution’s For example, a company may choose to share
network. In another instance, criminals product information with its business partners,
simply stole the entire server racks. or it may use electronic document interchange
• Consider the potential repercussions for (EDI) to allow customers to place orders, deliver
cybersecurity incidents. Thinking through goods and process payments electronically.
the possible fallout that can result from a
data breach, malware disruption or other To detect and prevent unauthorized access to or
attack can help an organization decide how use of an organization’s computers and networks,
robust its data security program should be. it is necessary to develop an effective frontline
For example, a software company may lose of security mechanisms, as well as data breach
millions if their application source code is detection systems to discover intrusions and
discovered and made available to public. thefts if they do occur.
STRUCTURE AND SAFEGUARDS Cybersecurity does not take place solely in the
virtual world. Network, system and physical secu-
IN A NETWORK
rity as well as controls for dealing with people are
In the simplest terms, a network can be described required. The intangible aspects of data security
as a collection of computers and other hardware also need to be considered, such as the effects
that are used to store information and carry out
the functions of an organization. With the expan-
252
of tight security controls on business operations Bring Your Own Device Policies. Organizations
and company morale. that allow employees to bring their own devices,
such as phones, tablets or personal computers,
THE BASICS OF CYBERSECURITY into the workplace or otherwise connect them to
Best practices for securing an organization’s sys- the organization’s network should have security
tems and data can be grouped into two broad policies and controls in place to manage this risk.
categories: those focused on organizational poli- Devices infected with malware can compromise a
cies and controls, and those focused on the train- company’s network, and cybercriminals may use
ing and procedures of individual employees. We’ll employee devices as an attack channel.
look at the latter first.
Accessing WiFi and Storage Devices. Employees
Training and Awareness. Human-centric best should exercise caution when accessing wireless
practices start with training and awareness on networks and avoid connecting to any unsecured
the part of all employees. Training should focus networks. Cybercriminals can use these to target
on helping employees to modify their behavior to others on the network, or may set up their own
reduce cyber risk. Employees should be aware of network to lure unaware victims. Likewise, indi-
the cyber threats they face, and understand how viduals should not connect to unknown devices
their day-to-day actions on the job – opening – a USB stick found in a company’s break room, for
email attachments, for example – can increase or example – as these could be vectors for malware.
decrease their vulnerability for attack.
ORGANIZATIONAL POLICIES
To the extent possible, organizations should AND CONTROLS
extend their training and awareness of cyber Manage log of changes to the existing data net-
threats to their customers. For example, if an work. Any changes to the network, including ele-
institution is seeing a rise in incidences of busi- ments such as software updates, authorized users
ness email compromise attacks affecting its cus- and access controls, should always be tracked
tomer accounts, it could send out a customer and accurately recorded in a network log. This log
alert warning them of the fraud trend and teach- should be accessible to all IT staff and adminis-
ing them what to look for. trators with permissions to make changes to the
network. System logs must be retained for 30 to
Cyber Hygiene. All staff should exercise good 90 days and then destroyed unless further reten-
cyber hygiene, or routine practices to safe- tion is necessary due to legal, regulatory or con-
guard their own devices and online activity. This tractual requirements.
includes setting strong passwords and changing
them frequently, not reusing the same password Prevent keeping data for any more time than is
or passwords across multiple platforms, and run- necessary. Data retention and deletion policies
ning regular scans for malware. are an essential element of data security. All orga-
nizations should assess what data is being stored,
Safe Browsing Practices. Individuals should prac- for what reasons, and on what time scale. In many
tice safe search and browsing when maneuvering cases, it may be that an organization is preserv-
online, such as checking hyperlinks before visiting more data, or preserving it for longer time
ing sites, avoiding suspicious or untrustworthy periods, than is necessary which is more expen-
sites, and downloading and installing software sive to the companies. This leaves the organiza-
only from trusted sources. Browser extensions tion and its customers more vulnerable to data
that rate a site’s reputation or highlight sites with theft and breaches. Data that is non-essential for
security issues can assist with this.
253
business, regulatory or legal reasons should usu- Systems must be configured to automatically
ally be deleted. update any software. Operating system software,
server applications (webserver, mail server, data-
Actively monitor fraudulent human behavior. base server, etc.), client software (web brows-
Unusual communication, requests outside of nor- ers, mail clients, office suites, etc.), and malware
mal workflow and instructions to provide infor- protection software (antivirus, anti-spyware,
mation or take actions contrary to policies should etc.) should all be updated automatically to pro-
be viewed as suspect. Outbound traffic should tect against constantly-shifting threats. A plan
also be monitored to identify suspicious traffic. to manually apply new updates within a docu-
mented time period is an acceptable alternative.
Restrict administrative connections to spe-
cific internal sources, and do not allow exter- Partitioning. This means that systems and net-
nal administrative access. Administrative access works should share hardware and resources only
typically allows a user full control to install or with other systems that have similar security
delete programs, extract data or make changes to requirements. Systems which share similar secu-
the code in a computer or network. It can be very rity requirements should have user communities
dangerous if a financial criminal gains admin- of similar size and character, similar firewall pro-
istrative access to a system, and, as such, orga- files, and similar technical requirements.
nizations should maintain restrictions on what
employees and functions are granted adminis-
trative access. In most circumstances, external OTHER NETWORK SECURITY
administrative access should not be allowed. STANDARDS AND INDUSTRY
BEST PRACTICES
Implement a firewall and access control list.
This is a basic but vital step for protecting an In most circumstances, a financial crime profes-
organization’s servers that can be accessed sional will not be required to have a specialized
externally -- firewalls are software or hardware knowledge of network security. However, some
devices (or a combination of both) that monitor fluency in the more technical aspects of cyber-
and limit access to traffic flowing into and out security can be useful in compliance, investiga-
of the network based on predetermined proto- tions and enforcement matters. Below are some
cols. An access control list (ACL) specifies what slightly more advanced techniques and tools for
systems or users have permission to access a safeguarding networks:
server or system. • Avoid using point-of-sale systems to
connect to the web directly, and ensure your
Change default credentials of internet facing point-of-sale system is compliant with the
devices. The default or out-of-the-box passwords requirements designed by the Payment Card
or login information should always be changed Industry Data Security Standard (PCI DSS) to
for any device with an external connection. A ensure that all companies that process, store
surprising number of companies will connect or transmit credit card information maintain
devices that can be accessed externally without a secure environment.
changing vendor-supplied usernames and pass-
words. Financial criminals will take advantage of • Use encryption and decryption methods to
this fact to easily exploit holes in the data secu- convert information into a version that is
rity system. Almost all password cracking tools meaningful only when the intended recipient
start with the list of default passwords from every uses a key or code when transferring files.
manufacturer. Strong encryption methodologies, such
as Advanced Encryption Standard (AES),
254
which uses the same key to encrypt and your company’s confidentiality and security
decrypt data, can be used for particularly standards for handling customer information
sensitive information such as credit card at the time of hiring. If this has not previously
numbers, bank account information and been done, all current employees should also
payment details. be required to sign such an agreement.
• Adopt inspection firewalls on network • Limiting access to customer information to
connections, which are the most common employees who have a business reason to see
firewalls in use today. These firewalls it. For example, give employees who respond
track the state of a network connection to customer inquiries access to customer
to determine if a packet of data being files, but only to the extent they need it to do
transmitted to or from the network should their jobs, and do not grant the same access
be filtered. Proxy firewalls allow deeper privileges to employees in the organization’s
packet inspection for more granular control research and development department, who
and authentication. have no reason to view customer files.
• Require password changes upon suspicion • Controlling access to sensitive information
of theft or data breach for all users. In some by requiring employees to use “strong”
cases, this may include notifying customers passwords that must be changed on a regular
and requiring them to change passwords as basis. (Tough-to-crack passwords require
well. For very secure data or transactions, the use of at least six characters, upper- and
organizations could also consider using one- lower-case letters, and a combination of
time or limited-use passwords. letters, numbers, and symbols).
• Consider blocking large address blocks/ • Using password-activated screen savers
regions if they have no legitimate business to lock employee computers after a period
purpose, also known as IP blacklisting. of inactivity.
Similarly, an organization could use a web • Developing policies for the use and
content filter to check every URL request protection of mobile devices, including
originating from its network against a laptops, PDAs and cell phones. For example,
blacklist of undesirable websites. implement a policy of encrypting any user
data that is kept or transferred on to a mobile
PROTECTING AGAINST UNAUTHORIZED device, and provide training to employees
INTERNAL ACCESS using such devices on properly storing and
A significant percentage of data breaches and using them in secure locations.
thefts involve the participation of insiders, and • Providing training to employees on the steps
organizations should not underestimate the they should take to maintain the security,
threat of unauthorized internal access. Depend- confidentiality and integrity of customer
ing on the nature of their business operations, information.
firms should consider implementing the follow-
ing practices: MONITORING AND TESTING FOR
• Thoroughly checking references or CYBERSECURITY
conducting background checks before hiring Cybersecurity testing and network intrusion
employees who will have access to customer monitoring is an ongoing and evolving effort to
information. ensure protection against new and dynamic
• Requiring new employees to sign an threats to networks. A critical aspect of any secu-
agreement committing them to following
255
rity program is proactive testing and monitoring • Flagging and monitoring failed login
procedures that remains flexible and dynamic. attempts (especially those indicating
widespread sequential guessing)
Vulnerability assessments and penetration test- • Locking out accounts after a specified
ing should occur when a cybersecurity program number of tries
is first put into place, as well as periodically on an
ongoing basis. In simple terms, penetration test- • Requiring help desk calls for account lockouts
ing involves conducting an authorized attack on a • Enforcing password policies (length,
network or system, in order to assess the strength complexity, clipping levels)
of security measures and identify weak points. • Password throttling (increasing lag in a
computer or system after successive failed
An intrusion detection system (IDS) is a device logins, to prevent malware from running
or software application that monitors network or multiple rapid password guesses)
system activities for malicious activities or policy
violations and produces reports to a management • Password cracking tests
station. Some systems may attempt to stop an
intrusion attempt but this is neither required nor When creating and implementing cybersecurity
expected of a monitoring system. programs, understanding legal and regulatory
duties is essential. Many jurisdictions have laws
Intrusion detection and prevention systems or regulations that lay out the requirements for
(IDPS) are primarily focused on identifying pos- cybersecurity programs, including when and how
sible incidents, logging information about them, to report cyber incidents.
and reporting attempts. In addition, organizations
use IDPSs for other purposes, such as identify- One example is the Directive on Network and
ing problems with security policies, documenting Information Security, which establishes cyber-
existing threats and deterring individuals from security standards for organizations in European
violating security policies. IDPSs have become a Union member states. In the US, the state of New
necessary addition to the security infrastructure York implemented Rule 500 in 2017, which lays out
of nearly every organization. detailed cybersecurity program requirements for
financial institutions.
IDPSs typically record information related to
observed events, notify security administrators of DATA RETENTION AND DELETION
important observed events, and produce reports. Many jurisdictions also have requirements for
Many IDPSs can also respond to a detected threat retaining various types of records. The US and its
by attempting to prevent it from succeeding. They states are one example. In the state of Texas for
use several response techniques, which involve example, disability and sick benefit records must
the IDPsS stopping the attack itself, changing the be retained for six years and claims of employee
security environment (e.g. reconfiguring a fire- inventions must be retained for 25 years. Accord-
wall), or changing the attack’s content. ing to US federal law, financial account records
must be retained a minimum of five years after an
OTHER MONITORING AND TESTING account is closed.
INDUSTRY BEST PRACTICES
Depending on the nature of your business, there
• Routine log monitoring may be multiple agencies that have their own
specific requirements. Even if an organization
does not have explicit regulatory mandates,
256
data retention and deletion policies and proce-

dures are still an important part of a cybersecu- “It is only a matter of time
rity program.
before your organization
Data retention policy is generally written by legal
counsel with the help of security personnel, and
gets hit with some type of
it should include the following: cyber incident.”
• Purpose of the policy
• Who is affected by this policy the best of your ability. Don’t forget to exercise
caution during litigation, and try to plan ahead for
• The type of data and electronic systems
how you would respond.
covered by this policy
• Define key terms especially legal and It can be tempting for some organizations to
technical terminology retain as much data as they possibly can, either
• Describe the requirements in detail from the out of an abundance of caution, or because
legal, business and personal perspective storage is inexpensive and widely accessible.
However, this “save everything” approach often
• Outline the procedures for ensuring data is
does not align with cybersecurity best practices.
properly retained
Storing more information can lead to increased
• Outline the procedures for ensuring data is risk that data is stolen, misused or mismanaged.
properly destroyed Instead, organizations should put in place policies
• Clearly document the litigation for removing data when it is no longer required
exception process and how to respond to for a business, legal or regulatory purpose.
discovery requests
Organizations should be cautious about how they
• A list of responsibilities for those involved in
delete information to ensure that it is completely
data retention activities
and fully removed. Simply deleting information
off one computer, or one folder on a server, may
Data retention and disposal takes the cooperation
not be sufficient, as data may be held in multiple
of many departments: Legal, Human Resources,
files, databases, or locations on a network.
IT and Management, to name a few. It is also the
responsibility of all employees to do their best at
complying with the data retention policy. RESPONDING TO A CYBER INCIDENT
When involved in litigation, organizations in Given the current reality of the cyber threat
most jurisdictions will be required to retain all landscape, it is likely a matter of time before
pertinent to the case or anything likely to lead your organization gets hit by some type of cyber
to the discovery of admissible evidence, and incident. An important part of your cybersecurity
provide it to lawyers or court officials upon program is how you react.
request in a timely manner. Otherwise, potential
evidence could be destroyed either intentionally Organizations should create cyber preparedness
or accidentally. plans, and conduct exercises to practice in
advance of a real incident. Assigning leadership
The important thing is to understand what roles, staff responsibilities, and processes for
absolutely must be saved and then make a good decision-making in advance can speed up the
faith effort to follow your defined process to
257
response time and reduce the negative impact of • Identify the sensitivity of the incident and
cyberattacks. level of impact on the subjects and the
organization.
Deciding who takes the lead and how to react can • If data has been stolen, lost or corrupted,
be surprisingly difficult in the midst of a cyber establish whether the systems housing
emergency. In the case of large-scale ransomware the data can be accessed or used without
attack where key systems are locked down, for specialized knowledge or software. In the
example, the organization will be dealing with aftermath of a cyber incident, the affected
a highly disruptive incident that may impact computers and networks are a crime scene.
multiple departments. Communications may be They need to be preserved and accessed
disrupted, employees may not know whom to in a way that doesn’t interfere with efforts
contact, and there may be disagreements over to investigate and remediate. This often
the proper course of action. It could be crippling requires cyber forensic expertise.
if it’s not clear who is in charge.
• Identify whether data can be recovered
Your plan should include consideration of legal or the damage done by the attack can be
reporting requirements and voluntary reporting repaired. In many incidents, the answer will
responsibilities. In many jurisdictions, a be a resounding “no.” In certain situations
cyberattack will require institutions covered by – files locked by ransomware, for example,
AML regulations to file a suspicious transaction or fraudulent transactions initiated due
or activity report with their national financial to business email compromise – it may be
intelligence unit. Beyond this, there may be possible to fully or partially reverse damages.
mandates to report to other government agencies. • Establish a complete list of subjects
affected and their contact details. This can
Companies may also be part of public-private include customers, employees and other
information-sharing groups that encourage stakeholders.
voluntary reporting, to help other businesses stay • Notify members of the crisis management
aware of cyber incidents. team (including, but not limited to,
information security officer, CEO, corporate
When cybersecurity staff are faced with reporting counsel and HR).
a security breach, especially with regard to
notifying an Information Commissioner's Office
(ICO) or similar governing body specific to that
territory, it will be in the best interests of the
company to examine the legal and regulatory
disclosure requirements.
The first step in responding to a cyber incident

is to stop the bleeding. Identify the gaps and
vulnerabilities that led to the attack, and close
them immediately.
Below is the list of other immediate actions a com-

pany should take in response to a cyberattack:
258
• If needed, start drafting communications focuses on preventing unauthorized access to

for both public and private notifications to networks or information, whereas data privacy is
subjects and the appropriate government focused on managing, using and sharing data in
authorities. a way that conforms to privacy regulations and
• Prepare a public relations strategy in the customer expectations. This can include how
event the loss is made public. data are handled internally, shared with affili-
ates or other third parties, or transmitted to law
• Consult legal advisors and determine if enforcement and regulators.
the loss will be investigated internally or
undertaken by external consultants. Internationally, there is a patchwork of laws and
• Establish if policies and procedures have regulations that governs how sensitive personal
been broken and what disciplinary action information should be stored and retained, and
will be taken. when and how it can be shared. Collectively,
• Review the incident against internal policies these principles provide guidance on data pri-
and procedures to identify any weakness in vacy programs.
security and enhance the policies to avoid
future losses. Like all elements of cybersecurity, data privacy
programs must be tailored to the specific types
It can often be tempting for companies to simply of information collected and the services and
sweep a data breach under the rug and look for products a company provides. One first step in
quick fixes, as acknowledging a breach can lead safeguarding data privacy is to develop a written
to loss of customers, negative publicity, and even plan that describes their program to protect cus-
liability in extreme circumstances. Though it may tomer information. The plan must be appropriate
be more painful in the short term, a robust and to the company’s size and complexity, the nature
thorough response to cyber incidents is always and scope of its activities, and the sensitivity of
the best in the long run, as it will help correct the customer information it handles.
deficient policies and ultimately lead to a more
secure cybersecurity program. As part of its plan, each company should do
the following:
• Designate one or more employees to

ESSENTIALS OF A DATA coordinate its privacy program.
PRIVACY PROGRAM
• Identify and assess the risks to customer
STORING AND RETAINING information in each relevant area of the
CUSTOMER INFORMATION company’s operation, and evaluate the
Many companies collect personal information effectiveness of the current safeguards for
from their customers, including names, addresses controlling these risks.
and phone numbers; bank and credit card account • Design and implement a privacy program,
numbers; income and credit histories; and Social and regularly monitor and test it.
Security numbers. As custodians of this sensitive
• Select service providers that can maintain
personal information, organizations must have
appropriate safeguards, make sure your
policies and procedures to protect data privacy
contract requires them to maintain
and use data ethically.
safeguards, and oversee their handling of
customer information.
These are similar to cybersecurity programs,
but have slightly different goals. Cybersecurity
259
• Evaluate and adjust the program in light of • The institution’s record retention policies and
relevant circumstances, including changes other institutional policies
in the firm’s business or operations, or the • State and federal laws that govern the
results of security testing and monitoring. maintenance and disclosure of records and
other information.
Organizations should implement safeguards
appropriate to their own circumstances. A com- The receiver should also consider developing a
pany may decide to designate a single employee working relationship with the offices of the law
to coordinate safeguards or may assign this enforcement agencies that are most likely to make
responsibility to several employees who will work such requests. In some areas, formal structures
together. In addition, companies must consider may already exist to facilitate such relationships.
and address any unique risks raised by their busi- One such example is InfraGard, a US public-pri-
ness operations, such as the risks raised when vate partnership association that promotes infor-
employees access customer data from their mation-sharing and reporting between compa-
homes or other off-site locations, or when cus- nies and the Federal Bureau of Investigation.
tomer data are transmitted electronically outside
the company network. Establishing such relationships in advance of
receiving a request for information should greatly
RESPONDING TO LAW ENFORCEMENT facilitate the response and provide an opportu-
REQUESTS FOR DATA nity to discuss legal and policy issues around law
Financial crime investigations will often be enforcement access to data.
accompanied by compulsory legal requests from
law enforcement, courts or private litigants for
data or information. As an industry best prac- INTERNATIONAL DATA PRIVACY
tice when dealing with such requests, a financial LAWS AND REGULATIONS
institution or firm should designate a specific The notion of a right to privacy is dramatically
person or specific office to receive all requests different across geographies, and certain coun-
for information and to coordinate the responses tries have developed aggressive legislation to
to such requests. protect these cultural values.
With the possible exception of public records In October 1998, the European Union’s Data Pro-
requests, the persons handling requests generally tection Directive went into effect to protect the
should be in-house legal counsel for those insti- privacy of information and prohibit the trans-
tutions that have one, or a senior level manager or fer of personal data to non-European Union
compliance officer for those that do not. countries. Some non-EU countries are thought
to not “adequately” meet EU standards for pri-
The receiving office or person should have a basic vacy protection.
understanding of such requests:
• The nature and kinds of records and The US Department of Commerce, in consulta-
information that are maintained on campus tion with the European Data Privacy Commission,
and that are likely to be requested. has developed a “Safe Harbor” framework to pro-
vide a means for US companies to comply with
• The nature and structure of the institution’s the EU Data Protection Directive via the US-EU
recordkeeping systems, including, but not Safe Harbor program. In addition to applying for
limited, to its IT systems. safe harbor certification, companies have also
found it effective to have internal groups and pol-
260
icies that strictly address data privacy and the The Working Group’s recommendations, which
transmission of electronically stored information are not binding on the privacy authorities of the
across borders. various EU countries, include the following:
Data privacy is a legal decision that must be care- Consent. Individuals may consent to the pro-
fully analyzed before collecting or transferring cessing of their personal information. Obtain-
data belonging to employees. It is advisable to ing consent, however, is no simple matter. To be
seek the advice of local counsel in the specific effective, consent must be given freely—it cannot
country to provide guidance on compliance with be coerced, even mildly, by an employer—vol-
local regulations. untarily, and knowingly. Evidence of consent
must be clear and consent, once given, may be
THE EU GENERAL DATA revoked. Broad advance waivers as a condition
PROTECTION REGULATION of employment are not effective; consent must
be provided affirmatively and with reference to
The EU has a wide-ranging data privacy law that
the specific documents the production of which
has been implemented by individual countries.
has been requested. Where obtaining consent
The EU data privacy law extends to any docu-
is not feasible, the party from whom documents
ment containing information about an EU cit-
are requested must at least disclose to affected
izen, and it governs not just the production of
persons that their personal information will be
this information, but also how, where and under
processed, and possibly disclosed, and offer such
what circumstances the information can be pro-
persons the right to object.
cessed and stored.
Necessary for compliance with a legal obligation.
Under EU data privacy laws, “personal infor-
Processing is permitted where a member state
mation” has a much broader definition than is
has authorized it for the purposes of meeting a
understood in the US. In Europe and elsewhere,
legal obligation to comply with a court order of
personal information is virtually any information
another jurisdiction regarding pre-trial discovery.
about an individual, including name, physical and
email address, family members and similar facts
Necessary for meeting a legitimate interest.
that can be used to identify someone, even if the
Processing and transferring personal information
information is created and maintained in a busi-
data may be authorized to meet the demands of
ness environment. EU data protection laws con-
litigation if accomplished in a measured, propor-
trol the processing and transfer of data contain-
tionate and secure manner. Processing for litiga-
ing any personal information.
tion requires balancing the rights of the individ-
uals whose personal data are processed against
The General Data Protection Directive (GDPR)
the rights and interests of litigating parties.
does not completely prohibit processing and
transferring. The directive has, however, been
interpreted to seek compliance with certain data PROTECTING THE DATA UNDER THE EU
protection requirements. For example, in Febru- DATA PROTECTION REGULATION
ary 2009, a Working Group established under the A party seeking to process personal data for liti-
Directive published “Working Document 1/2009 gation must take numerous steps to protect per-
on Pre-Trial Discovery for Cross Border Civil Liti- sonal information. As much processing as possi-
gation,” which provides guidance in managing the ble should be accomplished within the European
tension between US litigation discovery obliga- Union. The data must be anonymized or at least
tions and the EU’s data protection requirements. pseudonymized, and must be culled of irrelevant
personal information. Truly sensitive information,
261
such as official ID numbers, health and tax infor- lowing negotiations with the European Commis-
mation should be purged from the data. If the data sion. The Department of Commerce provides a
to be transferred contains personal information, process of self-certification based upon adher-
the request to transfer it must be proportionate ence to several principles pertaining to the pro-
to the legitimate needs of the case, and reason- tection of personal data. These include:
able provisions should be made to secure the data
and to prevent its use and transfer beyond the • Mechanisms for effective supervision of data
matter at hand. Personal information must not be management with strong ongoing oversight
indefinitely retained. • Limits on how data can be accessed and used
for purposes of US national security and
Penalties for violating privacy laws can be severe. intelligence
Private parties seeking data that contains per- • The ability to field and respond to individual
sonal information must be very familiar with the complaints brought to a participating
laws of the jurisdiction hosting the data. Even organization within 45 days
data created in the work environment gener-
ally falls within the scope of the Data Protection • Public declaration of commitment to the
Regulation. For example, unlike what typically is Privacy Shield Framework
held to be the case in the US, email created in • Informing individuals of their rights to
the work environment that identifies a natural access their data, and informing individuals
person by name, address or context is considered what regulatory bodies have authority
protected personal information under the direc- over the organization’s compliance with
tive. Reports from committees that identify com- the Framework
mittee members may also be considered personal
information.
THE US-EU PRIVACY SHIELD FRAMEWORK

In the US, private parties may lawfully receive
data protected by the GDPR if the company has
voluntarily joined the Privacy Shield Framework
created by the US Department of Commerce fol-
262
Q 12-1. Your financial institution has been subject to several hacking attempts over the
last few weeks. While none have been successful, you worry that it might be a matter
of time. To keep your network secure, you have decided to update your network secu-
rity policies.
What is an important step to include in your network security policy?
A. Educate your online customers to detect phishing attempts and other fraudulent
email scams.
B. Disable auto deletion of old data, including access logs, and move them to an
archive server.
C. Only permit administrative connections via the Internet through HTTPS or SSH
connections.
D. Require confirmation from network engineering before resetting any lost passwords.
Q 12-2. Your organization has a large online presence, providing all key services online.
You have recently found out that a hacker has gained access to your secure network, steal-
ing millions of customer usernames and passwords. You think the access was gained via
social engineering.
Your company’s success depends on your keeping this data secure, so your organization
wants to put procedures in place to ensure it can prevent any such further attacks. As an
initial step you have terminated Internet access for engineering and IT.
What would be the MOST effective further action for your firm to immediately take to pre-
vent this specific type of attack from happening again?
A. Restrict external access on all routers and servers allowing administrative access only
from workstations in the engineering and IT departments.
B. Staff should not be allowed to download any materials from the Internet or private
disks to the organization’s local drives.
C. Require all customers to change their passwords on a regular basis to access their
accounts and require strong passwords.
D. Upgrade all network firewalls and ensure they are running current software.
263
CHAPTER 13
ETHICAL
RESPONSIBILITIES
AND
BEST
PRACTICES
OVERVIEW
Specialists and professionals who work as AML, anti-corrup-

tion, fraud and anti-sanctions compliance officers, regulators,
enforcement agents, investigators, prosecutors, risk officers
and other professionals in the global financial crime field have
one thing in common. They all face frequent tests of their ethics
264
CHAPTER 13 • ETHICAL RESPONSIBILITIES AND BEST PRACTICES
.These tests may arise from the following repre- occur. Because financial crime invariably involves
sentative examples: illicit proceeds, there are many opportunities for
temptation. Many financial crime specialists in
• A private banking client who applies pressure the public and private sectors have been lured
to not file a required government report on into wrongdoing when they confront the chance
a transaction to earn many times their salaries by conducting a
• A public official who asks that a suspicious single transaction.
transaction be overlooked or obfuscated
• A judge or regulator who insinuates that Financial criminals usually go to great effort and
an unlawful payment to him or her would expense to obtain and conceal the proceeds of
achieve the result you want their crimes. Often, they attempt to manipulate
or corrupt employees of financial institutions
• A customer who asks you to misstate the and their pursuers, including law enforcement
facts about him so that he may be accepted agents, regulators, compliance officers, risk offi-
as a customer by your financial institution cers, lawyers, financial institution executives and
• A superior who asks you to ignore an internal others. Their goal is to frustrate the control and
policy to facilitate an unlawful transaction he compliance systems that have been built to com-
is advocating bat them. It is important that a financial crime
• The temptation to sell or trade on specialist remain on guard against ethical temp-
confidential information that comes to tations and violations. This can mean the differ-
you on the job ence between a successful career and a situation
that results in losing your job and your freedom.
• An employee who approaches you with
possible evidence of a financial crime Financial crime professionals work in many dis-
implicating a senior manager and asks you ciplines. Many of them, such as attorneys and
to suppress it accountants, must adhere to codes of ethics
• A request to ignore an item in a profit and promulgated by their professional associations.
loss statement that might show wrongdoing These professionals must always be sensitive to
these standards and the laws and regulations that
Examples of situations that test the ethical bear- govern their conduct. The work of financial crime
ings of diverse players in the financial crime arena specialists is closely tied to the law, but for them,
worldwide could fill up pages of this Manual. operating in a legal manner is not enough.
If one starts with the conclusion that nothing is Ethics go beyond obeying the law. It entails
worth risking one’s career and the well-being of adherence to a standard of conduct higher than
one’s family, and that it is important to always act the minimum required by law. To become a Cer-
with the highest integrity, ethical lapses will not tified Financial Crime Specialist (CFCS), financial
crime professionals must demonstrate knowl-
edge of the ethical standards that govern them
and a commitment to maintain them. The work
Ethics go beyond of financial crime professionals should meet the

highest legal, ethical and professional standards.
obeying the law… This chapter covers these ethical standards and
addresses ethical issues faced by certain groups
of specialists, such as public and private sector
265
investigators, compliance officers, regulators, tor deciding where to focus an investigation and
attorneys and employees of financial institutions, other similar situations.
corporations and other business entities.
If a fair resolution cannot be found, the financial
crime specialist should not continue favoring one
CODES OF CONDUCT client over another.
Apart from the routine “right or wrong” deci-
sions that financial crime specialists must make
each day, preventing, detecting and combating WHAT ARE ETHICS?
financial crime often offers a dimension of moral The dictionary defines ethics as, “The discipline
ambiguity that is difficult to define. This is where of dealing with what is good and bad; and with a
a strong code of conduct issued by the organi- moral duty and obligation.”
zation where the financial crime specialist works
helps guide the employees. However, a code of Ethics consists of the principles that guide us in
conduct is only as good as the supervision and deciding what is right and wrong. It establishes a
enforcement it receives from the organization sense of duty and obligation -- what we expect of
that issued it. ourselves and of others in any given situation.
No private- or public-sector organization should Ethics describes standard of behavior. It is dif-

operate without a written code of conduct. ferent than obeying the law because the law
Employees of all ranks should receive it and be prescribes what we may do without incurring
required to read and sign it. The signed copy a penalty and what the penalties are if we don’t
should be placed in the employee’s personnel file. follow it. Ethics, on the other hand, provides the
framework for how we make decisions and how
It is also advisable to maintain a mandatory “con- we determine our course of action.
flict of interest” reporting regimen for all employ-
ees. Among other things, the employees should MAKING ETHICAL DECISIONS
be required to report gifts, potentially conflictive Making sound decisions requires awareness of
personal relationships with outsiders, potentially ethical issues and a process for considering the
conflictive jobs held by family members and the ethical aspects of these decisions. The more diffi-
like. Improper requests or communications by cult an ethical choice is, the more important it is
present or prospective customers or outsiders to communicate with others about the dilemmas
should also be reported by the employees. that are before us.
When dealing with conflicts of interests among By seeking the guidance of someone else, we are
several clients, a Certified Financial Crime Spe- better positioned to make sound ethical choices.
cialist should consult the clients to resolve the On the other hand, an old adage on ethics says, “If
issues in a way that is acceptable to all. you have to ask about it, it’s probably wrong.”
A guiding principle in resolving conflicts of inter- Ethical decision-making should include the fol-
est should be the fair and equal treatment of the lowing steps:
clients. In these situations, one client should not
receive preferential treatment over another, such Identify the issues—It is important to mentally
as in deciding which client should have an invest- identify issues that present a real or potential
ment opportunity or a financial crime investiga- ethical dilemma, and to understand how one’s
actions affect others. We must weigh the expec-
266
tations of others about our conduct and how they When instituting conflict of interest rules for an
may affect us. It is difficult to act ethically if we organization, do the following:
don’t recognize issues as they arise.
• Develop a systematic and objective approach
Get the facts—Obtain as much information as for screening new clients or selecting
possible to illuminate the situation and obtain cases to pursue or embarking on any task
specific, objective information. One must take a where objectivity and ethical standards
broad view even when only partial information may be tested.
is available. One must consider how to find other • If possible, select a colleague who is
pertinent information. Consider the motivation not affiliated with the matter to screen
some persons may have in supplying partial or the relevant facts and the persons in a
incorrect information. particular situation.
• Designate a conflict of interest officer for
Consider alternative courses of action—In your organization or unit.
resolving ethical dilemmas, one must take a
broad approach, consider other alternatives and
how others will view our actions. One should UNDERSTANDING THE RESPECTIVE
decide which principles apply to a situation and ROLES IN YOUR ORGANIZATION
prioritize them. One should consider the rights of
other stakeholders, treat people fairly and act in Two of the most important principles that gov-
the best interests of the affected persons. ern the conduct of a financial crime specialist
are to constantly remember the rights, well-be-
Consider professional standards—Many pro- ing and obligations of one’s organization and to
fessional organizations issue written codes of honor these factors. One owes a duty of honesty
the standards of conduct, which provide a good and diligence to one’s organization, along with its
measure and test of possible courses of action. mission and constituency.
Experienced colleagues or supervisors may offer
valuable guidance in resolving ethical dilemmas. The work of every financial crime specialist
They may present other issues, share a new per- can involves potential conflicts of interest that
spective or identify areas that one was not view- threaten these interests. They must be recog-
ing objectively. nized and resolved ethically.
Make a decision—It is advisable to choose the INFORM THE ORGANIZATION AND CLIENTS
best option to resolve a particular situation. Act OF SCOPE AND COST OF PROJECTS
decisively and implement your plan even though Financial crime specialists are sometimes
this is sometimes difficult. engaged by clients or their organizations for a
specified project, such as representing a person
Act and assess—It is a good practice to assess or organization that is under investigation for for-
one’s actions and weigh whether they achieve the eign corrupt practices, fraud, money laundering
desired result. It is never wrong to ask yourself, or violation of the sanctions laws and regulations.
“Am I doing the right thing? Would an indepen- The clients or organization should be informed
dent person think that this action is correct and of the likelihood of certain outcomes so they can
fair? How would I react if this were done to me?” make informed decisions on the scope of the work,
the projected fees and costs, and the risk of rep-
utational harm and other negative consequences.
267
The briefing of an organization’s superiors or organization. This should be clear to everyone in

clients has two requirements. First, they must the organization so they may make appropriate
be thoroughly informed at the outset about the decisions and understand the actions they may
full nature of the project, including the good and take without obtaining approval.
bad aspects.
In financial crime matters, everyone should
Second, they must be informed regularly about understand the objectives of particular projects
the progress and the actual and future costs. This and participate, as appropriate, in deciding on the
applies to employees of government agencies who areas of focus, the budgets and desired outcomes.
have a choice of moving forward on two matters
where resources permit embarking on only one. In appropriate circumstances in the private sec-
tor, it is prudent to use an engagement letter to
The financial crime specialist should offer a proj- describe the nature of the work that the specialist
ect plan and budget to the client or organization is expected to undertake, the limitations imposed
that identifies the significant steps that must be by the client, and a clear description of the pro-
taken and the expected costs of each stage. jected fees and costs.
When preparing this plan and budget, the finan- The financial crime specialist, including clients
cial crime specialist is in a better position to iden- and superiors, should recognize that the objec-
tify the stages and expected costs. Thus, specialist tives of the project may change over time as more
should always be accurate in estimating expected information is gathered. It is advisable to main-
time frames and costs and avoid the temptation tain a continuing dialogue to refine the objectives
to provide unrealistically low estimates in order and other elements of the project and to docu-
to secure authorization, or to continue a matter ment the decisions in writing.
that he or she knows is unpromising.
COMMUNICATING WITH CLIENTS CONFLICTS OF INTEREST

Financial crime specialists should also maintain In the private and public sectors, the work of a
open lines of communication with their superiors, financial crime specialist often raises poten-
clients or constituents to inform them of ongoing tial conflicts of interest. They can be difficult to
developments. The duty to educate them contin- resolve. A specialist must be sensitive to different
ues throughout the course of the matter. Special- situations that can create these conflicts. Policies
ists may find it necessary to communicate beyond should be implemented by the organization to
routine updates, such as in these scenarios: avoid or mitigate conflicts and their effects and
resolve them.
• Before undertaking any action that may
require informed consent by the organization The financial crime specialist must remain alert
or an individual to potential conflicts of interest. One type of con-
• Notifying clients or superiors when a flict that is inherent in the nature of most engage-
requested action is limited or prohibited by ments, including those in the private sector, is
law or regulation the desire to earn fees from the client or others.
Work that generates fees should not be prolonged
UNDERSTANDING THE ROLES OF MEMBERS in order to continue the payment of fees. Clients
OF AN ORGANIZATION should be informed promptly at significant points
where a more economical approach is possible
A financial crime specialist also must understand and not harmful.
the division of roles and responsibilities in an
268
Similar situations exist in the public sector where Financial institution and corporate regulators
a government operation may be prolonged for often have rules or guidelines that govern how
improper motives. Financial crime specialists at the regulated entities should manage and prevent
government agencies must always remember that conflicts of interests. Most countries prohibit
their resources, including their salaries, are paid conduct that arises from conflicts of interest,
by the taxpayers, who are owed the same hon- such as insider trading or self-dealing. Conflicts
est dealings and conduct as are clients of private of interest can easily elevate from an ethical vio-
sector specialists. lation to a financial crime.
Some conflicts of interest are so significant they In other situations, a situation that begins as a
compel a decision to decline to undertake a mat- failure of internal controls and insensitivity to
ter or to withdraw from an existing one. In other ethical obligations can become a financial crime
situations, conflicts may be managed by adopting which brings severe financial consequences to
protective measures, such as obtaining written innocent individuals and organizations, includ-
waivers from one’s superiors or clients, disclosing reputational harm, governmental penalties or
ing potential conflicts to superiors or clients or prosecution and lawsuits by the victims.
blocking access to documents and other things
to prevent people and information from a dif- INFORMATION BARRIERS
ferent case from contaminating or affecting a Information barriers or “firewalls” can provide
current matter. strong protection against conflicts of interest at
private- and public-sector entities. These barri-
UNDERSTANDING & RESOLVING ers are intended to limit the flow of information
CONFLICTS AT DISTINCT PRIVATE AND between internal units and persons. They are
PUBLIC ENTITIES designed to allow employees of an organization
Everyone who works in the financial crime field to advance their legitimate activities without
has the obligation to place the interests of their exposure to information that may produce a con-
organization, customers, constituents and other flict of interest.
stakeholders above their own. Employees of
financial institutions in the broad sense of the Information barriers at private- and public-sec-
term, in particular, must recognize the purposes tor organizations may take various forms based
for which accounts, relationships or trusts they on the size and services the organization pro-
manage and oversee were created, and adminis- vides. They can be physical barriers, such as the
ter them accordingly. physical separation of units of employees in the
blocking of access to certain information by elec-
Institutions and commercial corporations must tronic means.
also ensure that their customers are treated hon-
estly, fairly and equitably, and that their employ- Information barriers should also include policies
ees are not extending undue privileges and ben- and procedures that explain problems that may
efits, intentionally or unintentionally, to some be encountered, how to resolve them and how
customers over others. to apply the organization’s policies. Some com-
mon controls on conflicts of interest at private-
Conflicts of interest may arise in transac- and public-sector organizations may include
tions or dealings involving insider or privileged the following:
information.
269
• Assessing the services, activities, functions Similarly, decisions to not follow certain onboard-
and distinct types of employees to identify ing or monitoring procedures should, of course,
where conflicts of interest may arise not be based on an expectation of financial gain
• Restricting employee access to information offered by the customer, or bonuses or other
through a system of multi-tiered access benefits from the organization for onboarding or
rights or similar limitations monitoring a customer.
• Written conflict of interest policies that Financial crime specialists, including compliance
clearly outline prohibited behavior and and risk management specialists, frequently have
provide guidance, instructions and examples access to a customer’s personal information. A
on avoiding conflicts of interest specialist must securely store and manage cus-
• Training programs that teach awareness of tomer information and access and retain if it is
and sensitivity to conflicts of interest and necessary for onboarding and monitoring and as
their ethical resolution required by law or regulations. The Data Security
• Secure methods to record and preserve and Privacy chapter of this manual cover other
relevant information at the start of an considerations in the handling of customer and
operation or a customer and business other sensitive information.
relationship to identify and manage
conflicts of interest BUILDING CONFLICT OF
INTEREST POLICIES
• Clear policies and instructions that govern
disclosure to the appropriate government When not properly managed, conflicts of inter-
authorities of internal lapses in honest and est can be a source of serious repercussions
proper conduct by the organization and and consequences. To manage conflicts effec-
its employees tively, business and government organizations
must have thoughtful and sound written policies
ETHICAL ISSUES IN ONBOARDING AND and procedures.
MONITORING CUSTOMERS
The key part of a sound process is the ability
Financial crime specialists who work in com- to identify all the parties involved in any case,
pliance and risk management sometimes have an account, business transaction or matter. By
latitude in the onboarding and monitoring of knowing who is involved, potential conflicts are
customers and customer activity. The ethical more readily identified.
considerations for persons who onboard and
monitor customers are similar to those that can At larger organizations, identifying conflicts
be used to resolve conflicts of interest. can be complicated. All relationships and con-
flicts may not be readily apparent. Poor internal
When deciding whether to onboard a customer communications can allow conflicts to go unde-
and monitor customer activity, a financial crime tected. Staff turnover also increases risk levels by
specialist must follow the policies and procedures increasing the loss of institutional knowledge.
of the organization. Compliance officers and
other employees should not subject a customer In conflict management, the staff and their rela-
to enhanced due diligence procedures, for exam- tives and business and personal connections are
ple, because of a personal bias against the cus- an important consideration. A conflict of interest
tomer or a “feeling” without supporting evidence. policy should alert pertinent units of an organi-
zation to possible conflicts in distinct types of
relationships. Developing and implementing a
270
system to capture and retrieve employee and cli- conflict of interest and ethics policies and the
ent information is essential to identify potential organization’s expectations and procedures.
conflicts of interest.
Employee privacy and an organization’s needs PRIVACY CONSIDERATIONS

require a delicate balance. Confidential informa- Investigations in the public and private sectors
tion about an organization’s employees must be often present financial crime specialists with dif-
safeguarded and kept private. The reasons for ficult ethical decisions. For example, one of the
determining that a conflict of interest existed more difficult issues that investigators confront
should not be shared with other staff members, are the privacy rights of investigative subjects,
customers or clients, unless it is compelling or including their inclusion in databases that are
there is an official reason to do so. accessible by many persons, sometimes even out-
side the organization.
Some organizations require a committee to
review confidential information to decide what With the pervasive use of technology, violating
should be placed in a conflict of interest database. the privacy rights of a subject, customer or col-
Having a well-defined protocol for this process league is easy. It may be tempting to surrepti-
is important to ensure uniformity and fairness. tiously access a person’s computer, place cameras
Information concerning employees, their rela- to monitor a subject, enter a subject’s property
tives and private dealings should be deleted or to place tracking devices on their vehicles, or tap
stored separately and securely when an employ- a telephone without court authorization. These
ment relationship ends. are steps that can ruin the careers of a financial
crime specialist.
Other guidance that should be included in an
organization’s conflict of interest policies include It is ethically questionable or even illegal for a
the following: financial crime specialist or others to misrepre-
sent themselves in order to obtain personal or
• The relationships of directors, officers and
financial information about a subject, customer,
other officials with outside organizations
client, opponent in a legal matter, or others. Pos-
• The extension to employees of free or ing as an employer to obtain a credit report, for
discounted services from the organization as example, is a crime in some jurisdictions.
fringe benefits
• The names of all employees who receive Whether an action is an unlawful invasion of pri-
gifts or entertainment benefits from outside vacy or is a legitimate investigative step depends
persons, businesses, customers or vendors on the laws where the action occurs. Financial
crime specialists should know the applicable laws
This data from new engagements or relationships and regulations in jurisdictions where they work
should be added to the conflict system or data- or where they seek information. They should
base as soon as they commence or are identified. remember that what is legal in one jurisdiction
Failure to manage and update these systems in may not be legal in another.
a timely manner may result in loss of business,
harm to reputation and potential legal liability. Bending the rules in a due diligence procedure
performed at a financial institution or other busi-
All employees at all levels should be required to ness may do significant harm, in addition to con-
know and receive proper training on internal stituting an ethical violation. It may also jeopar-
dize a case or other matter and cause reputational
271
harm to the individual and the organization. In

most jurisdictions, records that are illegally
obtained are inadmissible as evidence in court
and may lead to the dismissal or discharge of
legal proceedings against the target, and expose
the organization and individuals to legal liability.
To avoid these consequences, financial crime

specialists should understand the applicable laws
and regulations. The guidance of an attorney to
resolve unclear areas and doubts about the legal-
ity of a contemplated action should be sought.
CONFLICTS IN THE INTERACTION OF A potential conflict also arises when a new case
INVESTIGATIVE TARGETS AND LAW will be affected by confidential information the
ENFORCEMENT AGENTS specialist learned in an unrelated situation. Pos-
It is not uncommon for a financial crime specialist session of this information could result in prej-
to interact with the subjects or targets of a case or udice to the prior client and affect one’s ability
investigation. These persons may make improper to fulfill the full obligations with the new client.
requests, such as to ignore or not disclose certain Similar conflicts may arise for specialists who
information, and may also offer unlawful com- work in government agencies.
pensation to look the other way.
The first step a financial crime specialist should
Any agreement to such a request is a betrayal take when a new matter arrives is to conduct a
of the duty to the organization. Such offers or “conflict of interest check.” This involves com-
requests should be reported immediately to the paring the names of all persons and entities that
appropriate superiors, including internal affairs were associated with a prior matter with those
officers, because they may amount to attempted involved in the new matter. The names of persons
bribery or extortion that should be reported to and entities that are connected to the new client
law enforcement authorities. or matter should also be checked against those
in prior matters. This process requires a current
If there is a duty to notify law enforcement list of all persons, organizations and clients with
authorities, legal counsel should be consulted to whom the financial crime specialist or the orga-
assure obedience with applicable laws and reg- nization had prior dealings.
ulations. Because of the harm that may result to
innocent parties, everything reasonable should The second recommended step is to determine
be done to verify the credibility of the allegations. overlaps in the work done in the past, and the
anticipated work in the new matter. When a name
FORMER AND CURRENT CLIENTS associated with a new matter is the same as one
AND COLLEAGUES in a prior matter, attention should be paid to
determine if a conflict exists. If a financial crime
A financial crime specialist may encounter con-
specialist is asked to take action against a former
flicts from work that he or she has previously
client, this poses a significant conflict of interest
performed, such as when a new matter is opened
and the specialist should decline the matter.
that involves persons with connections to prior
work done by the specialist or the organization.
272
The third step is to establish procedures that CONFLICTS BETWEEN THE CLIENT AND THE
assure that an overlap in names does not preju- FINANCIAL CRIME SPECIALIST
dice past or prospective clients. The greater the Many conflicts may arise between a financial
overlap, the greater the actions a financial crime crime specialist and his or her colleagues or cli-
specialist should take to prevent harm to the ents. Some are inherent in work performed for a
organization, matter or present or past clients. fee. Procedures should exist that ensure that all
work billed to a client is honestly and fairly per-
The following actions may be taken to prevent formed. A financial crime specialist has a respon-
harm when potential conflicts of interest arise: sibility to the organization, colleagues and clients
• Promptly disclosing to past or present to assure that work performed is authorized and
colleagues, clients or organizations the reasonably crafted to accomplish the ultimate
nature of a potential conflict of interest goal set by the organization.
• Asking these persons and organizations to Some conflicts arise from disagreements over
waive conflicts of interest that may exist, if it fees or difficulties of an organization or client to
is appropriate find an operation. An example is when a financial
• Creating a wall or other safeguards to ensure crime asset recovery specialist has agreed to pro-
that persons who were involved with a prior vide services on a contingent basis with the fees
matter will not see or have access to files of to be paid from a client’s winnings. If the client
the new matter and will not participate in it becomes unable to continue funding the case, the
• Declining to accept the prospective specialist faces the prospect of losing an opportu-
matter or case nity to collect a good contingency fee and may be
tempted to propose improper funding of the case.
Sometimes a conflict of interest cannot be These conflicts should be addressed quickly and
avoided in advance because its existence is not discussed in the initial engagement agreement.
known until a later stage. When conflicts are
discovered later, a complete, prompt disclosure Conflicts may arise for non-financial reasons,
to all affected parties must be made. In most such as when a superior or client imposes limita-
cases, skilled financial crime specialists can work tions that the financial crime specialist believes
with the affected persons to reach an accept- are unreasonable. A client may insist that the
able resolution. financial crime specialist focus on a target that
the specialist believes has little value to the case,
If a resolution cannot be found, the specialist for example. Or, when a superior or a client may
should not continue to work in a situation where ask the financial crime specialist to engage in ille-
one client may be favored over another. gal or unethical conduct. These problems must
be confronted directly and discussed with appro-
In government matters, similar conflicts to those priate persons in the organization. The financial
in the private sector may arise. A government crime specialist should document all pertinent
financial crime specialist should never compro- actions discussed and taken.
mise a proper action in order to obtain an advan-
tage in a present matter, unless a well-considered PROTECTING THE INTERESTS OF THE
decision favoring a concession is justified. A plea ORGANIZATION OR CLIENT
bargain, coupled with other inducements that A financial crime specialist should assure that he
government agents may offer to a target or infor- or she is not engaging in conduct that may harm
mants in a financial crime matter, is an example his organization or client. It is a good idea to fol-
of such a compromise. low the medical field’s Hippocratic Oath, “First,
273
do no harm.” Financial crime specialists perform This was illustrated in the mid-2000s when a For-
a valuable service when they advise their orga- tune 500 company hired private investigators to
nizations, colleagues or clients that the actions identify the source of leaks of confidential board
they are suggesting may be unproductive, coun- of director information to the media. The inves-
terproductive, harmful, improper or unethical. tigators used deceptive telephone calls to obtain
Examples include the following: banking and phone records of suspected persons.
When the scheme was discovered, the company
• Pursuing a civil action where the costs and several officers became the subjects of crim-
are expected to exceed the value of the inal investigations. The company paid a large fine
successful outcome or recovery and several officers were fired.
• Engaging in conduct likely to be offensive
to a court and result in sanctions or other By its very nature, financial crime is full of cir-
negative consequences to the client and the cumstances that may harm or destroy the repu-
financial crime specialist tations of persons. Being mindful and respectful
• Undertaking actions that will likely of the ethical obligations that a specialist car-
cause embarrassment or harm to an ries as part of the job is an essential part of all
organization or client financial crime positions and a crucial element
of the Certified Financial Crime Specialist (CFCS)
certification.
274
Q 13-1. Sallie Jones holds a significant administrative position in the Defense Department
of her home country, overseeing various information technology projects. Sallie’s husband,
Joe, was recently hired in sales by a software company, Company A. The CEO of Company
A is a personal friend of Sallie’s, and ultimately hired Joe.
Shortly after Joe was hired, the Defense Department and Company A entered into a con-
tract for the purchase of software. Joe was assigned to the account. Sallie was not involved
in the initial contract negotiations and did not know they were taking place. After the
contract was signed, Sallie was involved in the decisions to use the company on subse-
quent projects.
When did Sallie commit an ethical violation?

A. When the CEO of Company A paid for a dinner with Sallie and her husband during the
hiring process for her husband
B. When she continued to maintain a close friendship with the CEO of a vendor of the
Defense Department
C. When she was part of the subsequent decision process knowing that her spouse had a
financial interest in the matter
D. When she did not disclose her conflict of interest during the initial contract
negotiations
Q 13-2. The CEO of Company X, a publicly traded corporation, caused Company X to

enter into a transaction with Company Y in which the CEO is a shareholder. The CEO failed
to inform the shareholders of Company X of his interest in Company Y. However, the trans-
action will greatly benefit Company X as well as Company Y.
Which statement is true about this situation?
A. The CEO has participated in insider trading.
B. The CEO has committed self-dealing.
C. The CEO has been involved with selling away.
D. The CEO has not committed an ethical violation.
275
CHAPTER 14
INTERNATIONAL
AGREEMENTS
AND
STANDARDS
OVERVIEW
From the local to the global, efforts to detect and prevent finan-
cial crime occur on many levels. As discussed in previous chap-
ters of this Manual, financial crime is a global plague that takes
place across borders and throughout the national and interna-
tional financial systems. That is why financial crime must also
be addressed on the international level.
276
CHAPTER 14 • INTERNATIONAL AGREEMENTS AND STANDARDS
This has long been recognized by governments ecuting and require the political will and com-
and their enforcement and regulatory agencies. mitment to implement them by laws, regulations
Through treaties, interagency arrangements and and enforcement.
international organizations, governments world-
wide have sought for decades to build cooperation This chapter will highlight the noteworthy inter-
concerning standards and procedures for policy, national standards and the organizations behind
regulation and enforcement concerning financial them. In many cases, the standards and agree-
crime. These efforts were spearheaded by North ments are only summarized briefly. When doc-
American and European nations in the past, but, uments or recommendations are referenced by
in recent years, many developing nations have name, the financial crime professional should
played a significant role. consult these sources. Links are provided
throughout the chapter and in the Appendix.
Developing consensus around best practices in
financial crime control has not been limited to
the public sector. Private sector groups, particu- UNITED NATIONS
larly in banking and financial services sectors, are The United Nations is the most visible interna-
increasingly active in setting international guide- tional body with 193 member nations. The nations
lines on compliance, ranging from your customer act similarly to a global legislative body, voting on
procedures to due diligence procedures for cus- a wide variety of policies and resolutions, which
tomers and third parties. are then are supposed to be implemented by
member countries. Many measures enacted by
Most recently, nonprofit organizations and advo- the UN are not legally binding, and are seen as
cacy groups have also established a major pres- mainly symbolic.
ence on the international level. Groups such as
Transparency International, Global Financial The UN can also propose multilateral trea-
Integrity, Human Rights Watch, and others have ties, known as conventions, which bind member
used lobbying and media campaigns to pressure nations to adopt legislative measures or regula-
governments, financial institutions and other tory policies to implement them. While imple-
corporations to act on important financial crime mentation often varies widely among UN member
issues ranging from corruption and tax evasion states, conventions can be powerful tools to drive
to secrecy havens. policy changes internationally.
Taken together, there is a clear trend toward One convention with significant effect in the
greater international cooperation and coordina- financial crime field is the United Nations Con-
tion on financial crime issues in the public and vention Against Corruption, which is discussed in
private sectors. New initiatives such as the US For- the Global Anti-Corruption chapter.
eign Account Tax Compliance Act of 2010 (FATCA)
have accelerated this trend. Therefore, a financial Another important international agreement that
crime specialist should know the principal actors originated with the UN is the United Nations Con-
and standards in the international arena. vention Against Transnational Organized Crime.
This convention was adopted in 2000 and has
There is no scarcity of international standards, been ratified by more than 175 member nations.
conventions and organizations that establish Generally, it commits signatories to adopt laws
standards of proper conduct in dealing with and enforcement mechanisms to combat human
financial crime. The great limitation on their trafficking, migrant smuggling and arms traf-
effectiveness is that these norms are not self-ex- ficking. Some of the measures required by the
277
convention include money laundering and asset institutions and other organizations to combat
forfeiture laws to seize criminal proceeds. Signa- money laundering.
tories to the convention are monitored for com-
pliance with the treaty’s provisions by panels of The FATF’s stated purpose is to develop policies
UN-appointed experts under the direction of the to control and prevent money laundering and
UN Office on Drugs and Crime. terrorist financing. Over the years, the FATF 40
Recommendations have been revised to reflect
The United Nations also issues sanctions against the changing financial crime landscape. Before
countries that are deemed to be violating inter- the most recent amendments in 2012, the FATF 40
national principles. The sanctions impose prohi- Recommendations were revised in 1996, 2001 and
bitions on commerce and financial transactions 2003. After the terrorist attacks of September 11,
with the sanctioned countries. 2001, (9/11) the FATF issued nine special recom-
mendations aimed at the financing of terrorism.
UN sanctions originate with the UN Security
Council and commit UN member states that In early 2012, the FATF took its biggest step away
adopt them to comply with the limitations on from a strict focus on money laundering. It began
trade and transactions. These sanctions are simi- to emphasize the importance of targeting cor-
lar to those imposed by the US Treasury Depart- ruption and tax evasion, which are intertwined
ment’s Office of Foreign Assets Control (OFAC) with money laundering. Thus, the FATF’s recom-
and other nations. They typically include a list of mendations seem to be taking the same route
sanctioned entities, agencies or individuals. In the toward financial crime “convergence” that finan-
case of sanctions limiting financial transactions, cial institutions and government agencies around
they usually require the blocking of transactions the world are pursuing. (See Appendix for the
to or from the sanctioned entity and the placing FATF 40 Recommendations of 2012.)
of the funds in an interest-bearing account. They
do not require countries to detain or arrest per- As of early 2018, The FATF had 37 members, con-
sons or entities that are listed in sanctions lists. sisting of 35 jurisdictions and two regional orga-
nizations (the Gulf Cooperation Council and the
UN sanctions are sometimes used to deter coun- European Commission).
tries from taking aggressive military action
against other countries, or to punish coun- The FATF also has a global network of so-called
tries that do so. FATF-Style Regional Bodies (FSRBs) that follow
their own, albeit compatible, programs and pol-
icies. These bodies promote implementation of
FINANCIAL ACTION TASK FORCE the FATF 40 Recommendations by their members
The Financial Action Task Force, or FATF, was and advise FATF on regional issues and condi-
formed in 1989 by the G-7 nations, which then tions. There are eight regional FSRBs.
were Canada, France, Germany, Italy, Japan,
United Kingdom and the US. Since then, the FATF The FATF is strictly a policy-making body without
has evolved into the principal standard-setter of enforcement authority. To drive implementation
global anti-money laundering controls and poli- of its policies and recommendations, the FATF
cies for nations, financial institutions and other organizes programs of mutual assessments of
private sector organizations. The first formal nations. In an FATF mutual assessment, a nation
action of the FATF in April 1990 was to promul- submits to a review by teams of experts from
gate the “40 Recommendations,” which recom- other countries, who gauge the nation’s prog-
mend conduct by government agencies, financial
278
ress toward full implementation of the 40 Rec- anti-money laundering baseline, financial crime
ommendations. specialists should read the full text of the 40 Rec-
ommendations, available at http://www.fatf-gafi.
This assessment may lead to public exposure org/topics/fatfrecommendations.
of deficiencies in money laundering and finan-
cial crime policies and enforcement. This expo- To show their scope and the topics they cover, a
sure and the potential political embarrassment listing of the recommendations follows:
and public outcry that may follow exerts pres-
sure on nations to comply with the FATF’s Rec- • Anti-money laundering and
ommendations. terrorist financing
1. Assessing risks and applying a risk-
Additionally, since 2000, the FATF has published based approach
a so-called “blacklist” of nations that refuse to 2. National cooperation and coordination
follow the FATF Recommendations or to comply
with its international standards on money laun- • Money Laundering and the confiscation of
dering and financial crime enforcement. The associated proceeds and instrumentalities
blacklist proved to be so effective that all coun- 3. Money laundering offense
tries were removed by 2008, although the FATF 4. Confiscation and provisional measures
still publishes a semi-annual list of “high- risk and
non-cooperative” countries. • Terrorist financing and the financing of
proliferation
40 RECOMMENDATIONS OF THE FINANCIAL 5. SR-II [Special Recommendation on
terrorist financing II] related to the
ACTION TASK FORCE
terrorist financing offense
The 40 Recommendations can be found at the
6. SR-III [Special Recommendation on
FATF website, www.fatf-gafi.org. They are listed
terrorist financing III] addressing targeted
in seven broad categories and focus on pol-
financial sanctions related to terrorism
icy measures for nations and best practices for
and terrorist financing
financial crime controls at financial institutions
and corporations. 7. Proliferation and related targeted
financial sanctions
Although primarily focused on money launder- 8. Non-profit organizations
ing and terrorist financing, the FATF Recommen-
dations have increasingly branched out to cover • Preventive measures
financial crime as a whole. The 2012 version of 9. Secrecy laws of financial institutions
the recommendations, for example, included pro- 10. Customer due diligence standards
visions directing countries to make tax crimes
11. Record keeping requirements
predicate offenses for money laundering cases
and calling for enhanced scrutiny of political- 12. Politically exposed persons (PEP)
ly-exposed persons (PEPs) to combat corruption. 13. Correspondent banking
14. Money or value transfer services
The 40 Recommendations apply directly to
compliance professionals. Many of the Recom- 15. Emerging or new technologies
mendations have been widely implemented as 16. Wire transfers
key elements of compliance programs at finan-
17. Third parties and reliance on their data
cial institutions worldwide. Because of their
and reporting
importance and broad acceptance as a global
279
18. Internal controls, foreign branches and ORGANIZATION FOR

subsidiaries ECONOMIC COOPERATION AND
19. High risk jurisdictions DEVELOPMENT (OECD)
20. Suspicious transaction reporting One of the older and more influential intergov-
21. Confidentiality and non-disclosure ernmental bodies, the Organization for Economic
Cooperation and Development (OECD), has the
22. Designated non-financial businesses and mission to promote policies that improve eco-
professions (DNFBPs) nomic and social conditions worldwide. The
23. Other measures related to DNFBPs OECD was created in September 1961 and pres-
ently has 34 member nations.
• Transparency and beneficial ownership of
legal persons and arrangements The OECD concentrates its efforts in
24. Transparency and beneficial ownership of four main areas:
legal persons
1. The restoration of confidence in markets and
25. Transparency and beneficial ownership of the institutions and companies that make
legal arrangements them function, including improved regulation
• Powers and responsibilities of competent and more effective governance at all levels of
authorities and other institutional measures political and business life
26. Regulation and supervision of financial 2. The restoration of public finance as a basis
institutions for future economic growth
27. Supervisory powers and authority 3. Support for new sources of growth through
28. DNFBP regulation and supervision innovation, environmentally friendly ‘green
growth’ strategies and development of
29. Financial Intelligence Units (FIU) emerging economies
30. Investigative authorities and law 4. To foster innovation and growth, ensuring
enforcement and their responsibilities that people of all ages develop the skills to
31. The powers of investigative authorities and work productively and satisfactorily in the
law enforcement jobs of tomorrow
32. Cash couriers The OECD has three components: Council, Com-
33. Statistic gathering and reporting mittees and Secretariat. The Council is the over-
all decision maker and has at least one represent-
34. Guidance and feedback protocols ative per member country and a representative
35. Sanctions of the European Commission. The permanent
representatives of the Council meet frequently
• International cooperation and decide by consensus. There are approxi-
36. International instruments mately 250 committees, working groups and
37. Mutual legal assistance expert groups that discuss programs and review
38. Freezing and confiscation pursuant to progress on issues. The Secretariat is located in
mutual legal assistance Paris and consists of about 2,500 staff members,
including financial specialists, lawyers, scientists
39. Extradition and other professionals. The Secretariat sup-
40. Other forms of international cooperation ports committees and completes tasks based on
priorities set by the OECD Council. The OECD is
280
funded by members countries based on a formula The Working Groups, as well as other OECD
that takes into account the size of each mem- groups such as the CleanBizGov Initiative, pro-
ber’s economy. mote greater public and private sector transpar-
ency, issue reports and publications that are use-
The OECD may develop standards and models, ful for financial crime specialists. All are available
recommendations or guidelines. OECD publica- on the OECD website at http://www.oecd.org.
tions play an important role in disseminating the
OECD’s programs and positions. Because of the
OECD’s diverse focus, the standards it promotes BASEL COMMITTEE AND
apply in a number of financial crime fields. One ITS GUIDANCE
of the most important is the OECD Anti-Bribery The Basel Committee is an international body
Convention, which contains provisions seek- consisting of senior representatives of central
ing enactment of laws to criminalize bribery of banks and government banking regulatory agen-
foreign public officials in international business cies. Originally intended as a forum to discuss
transactions. It also provides a host of related bank supervision issues when it was established
enforcement measures. The Convention on Com- by the Group of 10 countries in 1974, it has evolved
bating Bribery of Foreign Public Officials in Inter- into a body that sets international standards on
national Business Transactions and Related Doc- banking supervision generally, including stand-
uments is discussed in the Global Anti-Corruption ards on financial crime compliance.
chapter, and a link is included in the appendix.
One of the most important documents of the
The OECD has also been active in building inter- Basel Committee is the Basel III Accords, a com-
national cooperation on tax evasion and tax prehensive set of measures designed to reinforce
avoidance. In addition to helping create formal the regulation, supervision and risk management
tax treaties, the OECD member countries have of the banking sector. Although it is an important
used the organization as a forum for increased document for the financial sector, its recommen-
cooperation for the exchange of tax information dations do not directly touch financial crime and
among countries. In April 2013, the OECD called is not addressed in detail here.
for member states to implement a system of auto-
matic exchange of financial account information CUSTOMER DUE DILIGENCE FOR BANKS
for tax purposes, similar to the model estab-
lished by the US Foreign Account Tax Compli- The Basel Committee publication, Customer Due
ance Act. This later became the Common Report- Diligence for Banks, is another significant guide-
ing Standard. line, particularly for compliance officers. It pro-
vides guidance on the elements and implemen-
To help execute the provisions of its conventions, tation of customer due diligence programs for
the OECD organizes Working Groups, composed banks and explains key elements of a “know your
of experts from member nations. The Working customer” policy, including policies for accept-
Groups collect information from OECD members ing customers, identifying customers, ongoing
on how they are implementing the policies of the monitoring of accounts and transactions and
conventions and issues reports on the progress of risk management. It also discusses the key role
member states, similar to the FATF mutual evalu- of supervisors and managers in the KYC process
ation process. The Working Group on Bribery, for and best practices for implementing KYC across
example, oversees implementation of the OECD national borders.
Anti-Bribery Convention.
281
The Customer Due Diligence standards range In many respects, Directives mirror the FATF Rec-
from the general, such as recommending that due ommendations. EU member states are allowed
diligence is proportionate to the customer risk, to to independently enact more stringent AML and
the much more specific. For example, the stand- financial crime policies than those specified in
ards recommend that a customer’s first payment the Directives. As of early 2018, EU authorities
through an account in the customer’s name with had implemented the 4th AML Directive, which
another institution should be subject to similar aligned the EU’s AML regime with the revised 40
customer due diligence standards. Recommendations of the FATF released in 2012.
In addition to financial institutions, the commit- The EU’s governing bodies also agreed to a pack-
tee says customer due diligence principles should age of amendments and enhancements, known
be developed for non-bank financial institutions as the 5th Directive, that expanded corpo-
and mediators of financial services, such as rate transparency through publicly accessible
accountants and lawyers. national registries.
CONSOLIDATED KNOW YOUR CUSTOMER The Directives apply not only to the financial sec-
(KYC) RISK MANAGEMENT tor but also to lawyers and accountants, casinos,
estate agents, trust and company service provid-
The Committee published the Consolidated
ers and high value dealers. All persons subject to
KYC Risk Management in October 2004, which
the Directive must be supervised for AML con-
includes guidelines for policies and procedures
trols by a competent authority.
governing “know your customer” operations
at banks. In a brief nine pages, it provides a
These are some of the other highlights of
good high-level overview of KYC processes and
the Directives:
best practices.
• Cover terrorist financing as well as
It also covers management and oversight of KYC money laundering.
programs, policies for customer identification
• Contain detailed customer due diligence
and acceptance, and recommendations for trans-
standards. In particular, it states that:
action and account monitoring. In addition, it
addresses how institutions should have a global » CDD is defined as including not just
process for KYC, shared among all branches and customer identification and verification,
businesses lines, as well as information-sharing but also establishment of the purpose and
across the entire business subject to privacy laws. intended nature of the business relationship
and ongoing monitoring
» CDD applies to new and existing customers
EUROPEAN UNION DIRECTIVES ON
» It requires identification of beneficial
MONEY LAUNDERING
owners and verification of the beneficial
European Union Directives on Money Laundering owner’s identity.
are the key AML policy for EU member countries.
» It contains guidelines for simplified
Directives specify the legal and regulatory frame-
due diligence for certain low risk
work that EU nations are required to implement
situations, and requires enhanced due
concerning money laundering controls. Direc-
diligence in situations that present a
tives imposes major compliance requirements on
higher money laundering or terrorist
banks, other financial institutions and gatekeep-
financing risk – including non-face-to-
ers that operate in or do business in EU nations.
face business, ‘politically exposed persons’
282
and international correspondent banking tax advisors or auditors to comply with

relationships. AML regulations
• Recognize and reinforce the concept of
a risk-based approach to anti-money
laundering. Under the 4th Directive, the
WOLFSBERG GROUP
EU Commission and European supervisory The Wolfsberg Group is a private-sector associ-
authorities (ESAs) will conduct assessments ation of eleven global financial institutions. It is a
of financial crime risks and make them standard-setting organization that issues recom-
available to member states. mended policies and procedures for Know Your
Customer, AML and terrorist financing in the
• Implement a system of corporate registries
financial services sector.
to capture the beneficial ownership
information of companies and other entities.
The Group consists of Banco Santander, Bank of
Each EU state is required to create or
Tokyo-Mitsubishi UFJ, Barclays, Citigroup, Credit
enhance a corporate registry that includes
Suisse, Deutsche Bank, Goldman Sachs, HSBC, J.P.
the beneficial owners of companies and
Morgan Chase, Société Générale and UBS. It was
trusts. Beneficial owners of corporations will
formed in 2000.
be publicly available, while owners of trusts
will be available to government authorities,
The Group publishes numerous documents
financial institutions and civil society groups.
called the Wolfsberg Standards that deal with
Apply a licensing-registration system for
various aspects of banking. The Wolfsberg Stan-
‘currency exchange offices’ as well as trust
dards cover a wide array of topics from general
and company formation and other service
subjects, such as AML and terrorist financing,
providers that involve a “fit and proper test”
to more industry-specific guidance on prepaid
for those who direct or beneficially own
cards, trade finance and correspondent bank-
these businesses.
ing. They are a valuable resource for compliance
• As of the 5th Directive, include digital professionals. The Wolfsberg Standards are avail-
currency administrators and exchanges able at http://www.wolfsberg- principles.com/
under institutions that are subject to AML standards.html.
regulations and reporting
• As of the 5th Directive, reduce the thresholds The Wolfsberg Anti-Money Laundering Principles
on anonymous pre-paid card transactions for Private Banking, along with its accompany-
so that they can only be used for small ing documents on intermediaries and beneficial
transactions ownership, are key guidance for financial insti-
tutions. The Principles were released in Octo-
• Require the EU Commission to issue a list of
ber 2000 and revised in May 2002 and May 2012
jurisdictions with AML deficiencies, including
(see Appendix).
jurisdictions with weak frameworks on
beneficial ownership
Principles for Private Banking takes into account
Require financial firms to apply customer
certain recognized risks associated with private
due diligence and record-keeping standards
banking to prevent the use of a bank’s interna-
to overseas branches and majority-owned
tional operations for criminal purposes and to
subsidiaries (unless it is not permitted
protect the organization’s reputation. The Prin-
by local law)
ciples lay out guidance on customer identity and
• Requires art dealers and professionals who verification of beneficial ownership, as well as
provide “similar services” to accountants, how to treat customers that arrive through inter-
283
mediaries. For example, the Principles state that tionnaire forms from financial institutions. The
in certain circumstances banks may rely on the Repository can be a valuable resource for other
intermediary to collect information and docu- institutions conducting due diligence, as well as
ments required for customer due diligence. investigators and regulators attempting to assess
a bank’s governance and AML program.
The Principles cover situations that may warrant
enhanced due diligence, including customers
located in high-risk jurisdictions and PEPs. They CONCLUSION
also provide direction on recommended actions While they may sometimes seem remote from a
to take when unusual or suspicious activities are professional’s day-to-day duties, international
detected, as well as ongoing customer monitor- standards and agreements, as well as the orga-
ing and screening. nizations that develop them, are an essential ele-
ment of the financial crime field. Many standards
In addition to its Statements and Principles, the contain guidance on compliance and enforce-
Wolfsberg Group also created the “International ment best practices that can be applied at finan-
Due Diligence Repository,” a database of due dil- cial institutions and government agencies. Oth-
igence information and documentation on finan- ers raise awareness of key policy or regulatory
cial institutions. weaknesses that are not being addressed in the
public and private sectors.
According to the Wolfsberg Group, the Reposi-
tory includes information on each financial insti- Whatever their source and purpose, these stan-
tution’s license (and the licenses of their sub- dards serve as a reminder of the vast and complex
sidiaries) and copies of corporate governance spectrum of financial crime. Preventing finan-
documents, such as company by-laws, Articles or cial crime is a global battle fought on many levels,
Certificate of Incorporation, and Memorandum, which extends from the smallest transaction at a
Articles or Certificate of Association. local bank to the halls of the United Nations.
Other information that can be obtained from the

Repository includes biographies of board mem-
bers and senior management of a financial insti-
tution, annual reports and standard AML ques-
284
APPENDIX A
REFERENCES AND RESOURCES

CHAPTER 3: MONEY LAUNDERING Laundering the Proceeds of Corruption
http://www.fatf- gafi.org/media/fatf/documents/
AML CFT Measures and Financial Institutions
reports/Laundering%20the%20Proceeds%20of%20
http://www.fatf-gafi.org
Corruption. pdf
FATF provides support to countries and their finan- Created to better understand corruption, its mecha-
cial institutions in designing AML/CFT measures that nisms and vulnerabilities, through an AML/CFT lens.
meet the national goal of financial inclusion, without
compromising the measures that exist for the pur- Money Laundering Risks Arising from Trafficking
pose of combating crime. in Human Beings and Smuggling of Migrants
http://www.fatf- gafi.org/topics/methodsandtrends/
Deterring and Detecting Money Laundering and documents/moneylaunderingrisksarisingfromtraf-
Terrorist Financing fickingofhu manbeingsandsmugglingofmigrants.html
http://www.osfi-bsif.gc.ca Examines the nature of criminals turning to traffick-
OSFI intends this guidance to help reduce the sus- ing in human beings and the smuggling of migrants
ceptibility of financial institutions to being used by to a greater extent, as these crimes are seen as
individuals or organizations to launder funds and highly profitable.
fight terrorist financing, thereby reducing their expo-
sure to damage to their reputation, a key asset in the Money Laundering Awareness Handbook for Tax
financial services industry. Examiners and Tax Auditors
http://www.oecd.org/corruption/crime
FATF Typologies Raises the awareness level of tax examiners and audi-
http://www.fatf-gafi.org tors about money laundering. It provides guidance in
Search the FATF website for specific typologies. identifying money laundering during the conduct of
normal tax audits.
FFIEC Examination Material (2010 or most recent)
http://www.ffiec.gov/bsa_aml_infobase/pages_ Money Laundering Cycle
manual/manual_print.htm http://www.unodc.org/unodc/en/money-launder-
ing/laundrycycle.html
The current examination manual used by US regu-
lators to determine if US institutions are compliant UNODC describes the money laundering cycle.
with AML, CTF and other financial crime com-
pliance laws. Money Laundering Control and Suppression of
Financing of Terrorism
Initiatives by the BCBS, IAIS and IOSCO to Combat http://www.ecosocdoc.be/static/module/bibliogra-
Money Laundering and the Financing of Terrorism phyDocument/document/001/405.pdf
http://www.bis.org/publ/joint11.htm Some thoughts on the impact of customer due dili-
Focuses on recent guidance for addressing the vul- gence measures on financial exclusion.
nerabilities identified in the earlier report and ongo-
ing and future work.
285
APPENDIX A • REFERENCES AND RESOURCES
Money Laundering Using Trust and Company Ser- Fraud Prevention Best Practices
vice Providers http://www.freddiemac.com/singlefamily/pdf/
http://www.fatf-gafi.org fraudprevention_practices.pdf
Evaluates the effectiveness of the practical imple- Detailed explanation of best practices for fraud pre-
mentation of the Financial Action Task Force Forty vention by Freddie Mac, a US federal housing agency.
Recommendations and Nine Special Recommenda-
tions (the FATF 40 + 9 Recommendations) as they Fraudulent Transfer Claims and Defenses In
relate to Trust and Company Service Providers. Ponzi Schemes
http://www.dgdk.com/tasks/sites/dgdk/assets/
Operational Issues Financial Investiga- image/AIRAFraudulentTransferFinal2.pdf
tions Guidance These materials outline issues arising from fraud-
http://www.fatf-gafi.org/media/fatf/documents/ ulent transfer claims brought by trustees against
reports/Operational%20Issues_Financial%20investi- investors and salespeople and the defenses which
gations%20 Guidance.pdf can be asserted to those claims.
Guidance created by FATF. In this revision, emphasis
was given to the operational anti-money launder- Identity Theft Red Flags
ing/countering the financing of terrorism (AML/ http://www.ftc.gov/
CFT) framework. os/2009/06/090611redflagsfaq.pdf
Frequently asked questions about the Identity Theft
Specific Risk Factors in Laundering the Proceeds Red Flags rules.
of Corruption
http://www.fatf- gafi.org/media/fatf/documents/
Audit Standard #5
reports/Specific%20Risk%20Factors%20in%20
http://pcaobus.org/standards/auditing/pages/
the%20Launderin g%20of%20Proceeds%20of%20
auditing_standard_5.aspx#testingcontrol
Corruption.pdf
Lists how an auditor should test for effective controls
Discusses the interrelationship between corrup-
in an institution.
tion and money laundering, discovers the most
common methods used to launder the proceeds
Statements on Auditing Standards #99 Consider-
of corruption, and highlights the vulnerabilities
ation of Fraud in a Financial Statement Audit
leading to an increased risk of corruption-related
http://www.aicpa.org/Research/Standards/Audi-
money laundering.
tAttest/DownloadableDocuments/AU- 00316.pdf
CHAPTER 4: UNDERSTANDING AND Explains the elements of an effective auditing process

and focuses on detection of fraud.
PREVENTING FRAUD
FBI Annual Reports on Mortgage Fraud The President’s Identity Theft Task Force: Combat-
http://www.fbi.gov/about-us/investigate/white_ ing Identity Theft a Strategic Plan, 2007
collar/mortgage-fraud/mortgage_fraud http://www.identitytheft.gov/reports/Stra-
tegicPlan.pdf
Reports that provide statistics on mortgage fraud. Task force report that reveals the three stages in
Identity Theft and discusses how to prevent crimes of
FBI warns of various fraud types fraud by identity theft with each stage.
http://www.fbi.gov/scams-safety/fraud
This website defines several types of fraud of which
private citizens should be aware.
286
CHAPTER 5: GLOBAL ANTI-CORRUPTION Exporting Corruption? Country Enforcement

Arab Convention to Fight Corruption of the OECD Anti-Bribery Convention Progress
http://www.uncaccoalition.org/learn-more/arti- Report 2012
cles-archive/123-a-glance-to-the-arab- conven- http://www.transparency.org/whatwedo/pub/
tion-to-fight-corruption exporting_corruption_country_enforcement_of_
the_oecd_anti_bribery_convention
Online article which summarizes the Arab Con-
The eighth annual progress report on OECD Conven-
vention to Fight Corruption signed by the League
tion enforcement by Transparency International (TI),
of Arab States on 21 Dec 2010 by 21 Arab coun-
the global coalition against corruption.
tries except Somalia.
Money, Politics, Power: Corruptions Risks in Europe
Boosting Integrity, Fighting Corruption
http://www.transparency.org/whatwedo/
http://www.oecd.org/daf/anti-bribery
pub/money_politics_and_power_corruption_
Describes the multiple domains where the OECD is risks_in_europe
engaged in fighting corruption and boosting integrity.
This report brings together the findings of 25
It relates how the CleanGovBiz initiative is drawing
National Integrity System assessments carried out
together for the first time these anti-corruption tools
across Europe.
under a single umbrella.
OECD Fights Corruption Synopsis
Bribe Payers Index 2011
http://www.oecd.org/corruption
http://www.transparency.org/whatwedo/
pub/bpi_2011 OECD is the leading source of anti-corruption
tools and expertise in areas such as international
Examines different types of bribery across sectors
business, taxation, governance, export credits and
including, for the first time, bribery among compa-
development aid.
nies (‘private-to-private’ bribery).
The OECD targets Switzerland about its Financial
Corruption Perceptions Index
Transparency
https://www.transparency.org/research/
http://en.actu-cci.com/finance-banking/11897-
cpi/overview
the-oecd-targets-switzerland-about-its- finan-
The Corruption Perceptions Index ranks countries cial-transparency
according to their perceived levels of public- sec-
Online article on Switzerland about its financial
tor corruption.
transparency.
Convention on Combating Bribery of Foreign Public

OECD Working Group on Bribery
Officials in International Business Transactions
http://www.oecd.org/ctp/taxandcrime/oecdwork-
http://www.oecd.org/daf/anti-bribery/oecdanti-
inggrouponbribery-annualreport.htm
briberyconvention.htm
Annual report which monitors the implementation
Contains the official text and commentaries of the
of the OECD Convention on Combating Bribery of
1997 Convention, the 2009 Recommendation of the
Foreign Public Officials in International Business
Council for Further Combating Bribery, the 2009
Transactions.
Recommendation on the Tax Deductibility of Bribes
to Foreign Public Officials.
Politically Exposed Persons
http://www1.worldbank.org/finance/star_site/pub-
European Union Treaty
lications/politically_exposed.html
http://www.consilium.europa.eu/uedocs/cmsUp-
load/treatychap5.pdf Designed to help banks and regulatory authorities
address the risks posed by Politically Exposed Per-
Text of the treaty of the European Union, espe-
sons (PEPs) and prevent corrupt PEPs from using
cially Article 11.
287
domestic and international financial systems to laun- United Nations Convention Against Corruption
der the proceeds of corruption. http://www.unodc.org/unodc/en/treaties/CAC
Introduces a comprehensive set of standards, mea-
The Puppet Masters sures and rules that all countries can apply in order
http://www1.worldbank.org/finance/star_site/pub- to strengthen their defenses against the most preva-
lications/Puppet-Masters.html lent forms of corruption.
Using cases, interviews with investigators, corporate
registries, financial institutions and case studies, the CHAPTER 6: TAX EVASION
book puts forward policy recommendations to guide AND ENFORCEMENT
national legislation and regulations, as well as inter-
national standard setters, on issues of public corrup- FATCA Model 1A
tion and beneficial ownership. http://www.treasury.gov/resource-center/
tax-policy/treaties/Documents/FATCA-Re-
ciprocal-Model-1A-Agreement-Preexist-
Putting Corruption Out of Business
ing-TIEA-or-DTC-11-4-13.pdf
http://www.transparency.org/news/feature/put-
ting_corruption_out_of_business Template of FATCA Model 1A Agreement.
Online results of a survey on the way business people
perceive corruption in their work. FATCA Model 1B
http://www.treasury.gov/resource-center/
tax-policy/treaties/Documents/FATCA-Non-
Recommendation of the Council for Further Com-
reciprocal-Model-1B-Agreement-Preexist-
bating Bribery of Foreign Public Officials in Inter-
ing-TIEA-or-DTC-11-4-13.pdf
national Business Transactions
http://www.oecd.org/daf/anti-bribery/oecdanti- Template of FATCA Model 1B Agreement.
briberyconvention.htm
The Recommendation was adopted by the OECD in FATCA Model 2
order to enhance the ability of the 39 States Parties http://www.treasury.gov/resource-center/tax-pol-
to the Anti-Bribery Convention to prevent, detect icy/treaties/Documents/FATCA-Model-2-Agree-
and investigate allegations of foreign bribery and ment-Preexisting-TIEA-or-DTC-11-4-13.pdf
includes the Good Practice Guidance on Internal Template of FATCA Model 2 Agreement.
Controls, Ethics and Compliance.
FATCA User Guide
Transparency in Corporate Reporting: Assessing https://www.irs.gov/pub/irs-utl/froug.pdf
the World’s Largest Companies A 75-page guide created by the US Internal Revenue
http://www.transparency.org/whatwedo/pub/ Service that covers FATCA’s purpose, regulations,
transparency_in_corporate_reporting_assessing_ and steps needed to comply. The guide is primarily
the_worlds_largest_companies intended for non-US institutions with FATCA compli-
Reading material on corruption and bribery from ance obligations.
Transparency International. This study analyzes the
transparency of corporate reporting on a range of OECD Tax Transparency Report on Progress 2016
anti-corruption measures among the 105 largest pub- https://www.oecd.org/tax/transparency/GF-annu-
licly listed multinational companies. al-report-2016.pdf
This 2016 Report on Progress publication describes
UK Bribery Act the progress made since the OECD’s Global Forum
http://www.legislation.gov.uk/ on Transparency launched its peer review mecha-
ukpga/2010/23/contents nism in 2010.
The original text of the 2010 UK Bribery Act.
288
CHAPTER 7: ASSET RECOVERY FATF Guidance for Financial Institutions for Detect-
Asset Recovery Handbook ing Terrorist Financing
https://star.worldbank.org/star/sites/star/files/ http://www.fatf- gafi.org/media/fatf/documents/
asset_recovery_handbook_0.pdf Guidance%20for%20financial%20institutions%20
in%20detectin g%20terrorist%20financing.pdf
Describes approaches to recovering proceeds of cor-
ruption located in foreign jurisdictions; identifies the Detailed report on how to detect terrorist financing.
difficulties that practitioners are likely to encounter;
suggests strategic and tactical options to address the Tracing Stolen Assets
challenges; and introduces good practices. http://www.baselgovernance.org/fileadmin/docs/
publications/books/asset-tracing_web- version.pdf
Barriers to Asset Recovery A guide published by the Basel Institute on Gover-
https://star.worldbank.org/star/sites/star/files/ nance that explains how to trace stolen assets.
Barriers%20to%20Asset%20Recovery.pdf
Recommends the implementation of new policies and Investigative Dashboard
operational procedures to foster trust and mentor http://www.datatracker.org/category/wwd/
other jurisdictions; legislative reforms to facili- elastic-list
tate freezing and confiscation of stolen assets; and Investigative Dashboard includes several databases
better application of existing anti-money launder- that allow collaboration and data-sharing between
ing measures. investigative reporters across the world.
Stolen Asset Recovery Initiative Non-Conviction SAR Electronic Filing

Based Asset Forfeiture http://treas.yorkcast.com/webcast/viewer/?pe-
http://www1.worldbank.org/finance/star_site/pub- id=a93e7d2b1a07427a93b0cf2e764a57421d
lications/non_conviction.html
FinCEN Webinar explaining the new electronic SAR,
Identifies the key concepts—legal, operational, and mandatory as of April 1, 2013.
practical—that a Non-Conviction Based asset for-
feiture system should encompass to be effective in Terrorist Finance Tracking Program
recovering stolen assets. http://www.treasury.gov/resource-center/ter-
rorist-illicit-finance/Terrorist-Finance- Tracking/
Tracing Stolen Assets Pages/tftp.aspx
http://www.baselgovernance.org/fileadmin/docs/
This website provides a description of the Depart-
publications/books/asset-tracing_web- version.pdf
ment of Treasury’s Terrorist Finance Tracking Pro-
A guide published by the Basel Institute on Gover- gram, along with details about the Program’s actions
nance that explains how to trace stolen assets. and additional resources.
World Bank Stolen Asset Recovery Initiative CHAPTER 9: INTERPRETING

http://star.worldbank.org/star
FINANCIAL DOCUMENTS
Reports about politically exposed persons, asset
Federal Accounting Standards Advisory Board
recovery and corruption.
http://www.fasab.gov/accounting-standards/
authoritative-source-of-gaap
CHAPTER 8: FINANCIAL CRIME
A US government agency that provides guidance on
INVESTIGATIONS accounting standards. Primarily applies to generally
FATF Typologies accepted accounting principles in the US.
http://www.fatf-gafi.org
Search the FATF website for specific typologies. International Financial Reporting Stan-
dards Foundation
http://www.ifrs.org
289
Provides guidance on the International Financial Provides an overview and lists of OFAC sanctions
Reporting Standards, a global system of accounting related to individual terrorists, designated terrorist
and bookkeeping principles that is gradually gaining organizations, and affiliated businesses, nonprofits
wider international acceptance. and legal entities.
CHAPTER 10: MONEY AND Non-Proliferation Sanctions

COMMODITIES FLOWS http://www.state.gov/t/isn/c15231.htm
International Organization of Securi- Provides general information about the three distinct
ties Commissions sanctions programs designed to combat the prolifer-
http://www.iosco.org ation of weapons of mass destruction.
Reports on money laundering, risk assessment, finan-

Transnational Criminal Organizations
cial crime, due diligence or ethical standards.
http://www.treasury.gov/resource-center/sanc-
tions/programs/pages/tco.aspx
Report on Funds of Hedge Funds
http://www.iosco.org/library/pubdocs/pdf/ Overview of the sanctions against Transnational
IOSCOPD276.pdf Criminal Organizations.
Examines the existing regulations of funds of hedge

FFIEC Examination Material (2010 or most recent)
funds in various TC Standing Committee on Invest-
http://www.ffiec.gov/bsa_aml_infobase/pages_
ment Management member jurisdictions, and identi-
manual/manual_print.htm
fies with the help of industry representatives, present
issues of concern to regulators in this area. The examination manual of the US FFIEC, a inter-
agency group of banking and financial regulators.
Virtual Currency Schemes Outlines regulatory expectations on financial crime
http://www.ecb.int/pub/pdf/other/virtualcurrency- compliance programs at US institutions.
schemes201210en.pdf
Financial Crimes Enforcement Network’s Cus-
A 2012 publication by the European Central Bank on
tomer Due Diligence Requirements for Financial
virtual currency schemes.
Institutions
https://www.federalregister.gov/docu-
Virtual Currencies: Key Definitions and Potential ments/2016/05/11/2016-10567/customer-due-dili-
AML/CTF Risks gence-requirements-for-financial-institutions
http://www.fatf-gafi.org/publications/method-
sandtrends/documents/virtual-currency-defini- Published by the US FinCEN, this is a customer due
tions-aml-cft-risk.html diligence (CDD) regulation that codifies, clarifies,
consolidates, and strengthens existing CDD regu-
A 2014 publication by the FATF examining the virtual latory requirements and supervisory expectations.
currency landscape and summarizing their financial It also establishes a categorical requirement for
crime risks. financial institutions to identify beneficial owner-
ship of their accountholders, subject to risk-based
CHAPTER 11: COMPLIANCE PROGRAMS verification.
OFAC Counter Narcotics Trafficking Sanctions
http://www.treasury.gov/resource-center/sanc- Basel III Global Framework
tions/Programs/Pages/narco.aspx http://www.bis.org/bcbs/basel3.htm
Provides an overview and lists of OFAC sanctions Reading material on the Basel III Accords. Presents
related to narcotic traffickers and drug kingpins. the Basel Committee’s reforms to strengthen global
capital and liquidity regulations with the goal of pro-
Counter Terrorism Sanctions moting a more resilient banking sector.
http://www.treasury.gov/resource-center/sanc-
tions/Programs/Pages/terror.aspx
290
High Risk and Non-Cooperative Jurisdictions UK Data Protection Act

http://www.fatf-gafi.org/topics/high-riskand- http://www.legislation.gov.uk/
non-cooperativejurisdictions ukpga/1998/29/contents
Discusses high risk and non-cooperative jurisdictions The Act implements new regulations on the process-
and the way FATF deals with said jurisdictions. ing of information relating to individuals, including
the obtaining, holding, use or disclosure of such
Basel Institute for Governance AML Index information.
http://www.baselgovernance.org/gov/aml/proj-
ect-details/article/the-basel-aml- index/?tx_ The Impact on US Discovery of EU Data Protection
ttnews%5BbackPid%5D=335&cHash=df11b5a634 and Discovery Blocking Statutes
AML Risk Index that assesses countries’ risk levels http://www.hugheshubbard.com/PublicationDocu-
regarding money laundering/terrorist financing. ments/Data%20Protection%20in%20the%20 EU%20
and%20Its%20Impact%20on%20US%20Discovery.pdf
Office of Foreign Assets Control Sanction Programs Document provides an overview of the EU Directive
http://www.treasury.gov/resource-center/sanc- and discovery blocking statutes, explains their criti-
tions/Pages/default.aspx cal value on US discovery, and identifies, by country,
the applicable data privacy statute, blocking statutes
International Center for Political Violence and Ter- and recent case law.
rorism Research Response Series
http://www.pvtr.org/pdf/Financial%20Response/ Executive Order Improving Critical Infrastructure
Terrorist-Financing.pdf Cyber Security
http://www.whitehouse.gov/the-press-of-
Summary of expectations of regulators and enforce-
fice/2013/02/12/executive-order-improving-critical-
ment from banks on counter-terrorist financing and
infrastructure-cybersecurity
a discussion of CFT requirements.
President Barack Obama’s Executive Order on Cyber
Wolfsberg Group Private Banking Principles Security that mandates increased sharing of infor-
http://www.wolfsberg-principles.com/pdf/Wolfs- mation about cyber threats and attacks between
berg-Private-Banking-Prinicples-May-2012.pdf private financial institutions and regulating govern-
ment agencies.
The objectives of these principles are to prevent the
use of the bank’s worldwide operations for criminal
Cybersecurity Strategy of the European Union: An
purposes and to protect the firm’s reputation in a
Open, Safe and Secure Cyberspace
private banking context.
http://eeas.europa.eu/policies/eu-cyber-security/
cybsec_comm_en.pdf
CHAPTER 12:
Text of the European Union’s Cyber Security strategy,
CYBERSECURITY AND PRIVACY
enacted in 2013.
FFIEC Authentication Guidance 2011
http://www.ffiec.gov
CHAPTER 13: ETHICS
Includes the original guidance and supplements.
American Bar Association Code of Professional
Reinforces the 2005 Guidance’s risk management
Responsibility
framework on customer identification and updates
http://www.americanbar.org/groups/professional_
the Agencies’ expectations regarding customer
responsibility/publications/model_rules_of_profes-
authentication, layered security or other controls in
sional_conduct.html
the increasingly hostile online environment.
The code of ethical conduct for the American Bar
Association, a member organization of lawyers and
legal professionals, and one of the largest bar asso-
ciations in the world. Although its provisions apply
291
most directly to lawyers, it also covers conflicts institutions. They cover a wide array of topics, from
of interest. general subjects such as AML and terrorist financing
to more industry specific guidance on prepaid cards,
Model Code of Ethics trade finance and correspondent banking.
http://www.iosco.org/library/pubdocs/pdf/
IOSCOPD217.pdf United Nations Security Council Sanctions
Provides the collective views on ethics of the http://www.un.org/sc/committees/list_
self-regulatory organizations that make up the Secu- compend.shtml
rities Commissions SRO Consultative Committee. Provides more information on the countries and
organizations targeted for sanctions by the United
CHAPTER 14: INTERNATIONAL Nations Security Council. Also provides lists of sanc-
AGREEMENTS AND STANDARDS tioned countries and entities.
United Nations Office on Drugs and Crime 4th European Union Directive on Money Laundering
http://www.unodc.org http://eur-lex.europa.eu/legal-content/EN/TXT/
The Department of the UN that oversees a variety PDF/?uri=OJ:JOL_2015_141_R_0003&from=ES
of financial crime-related initiatives and treaties, The key AML policy for EU member countries, the
including the Convention Against Corruption. Also Directive lays out the legal and regulatory framework
includes relevant links, research and news related to that EU nations are required to implement regarding
the UNDOC projects and initiatives. money laundering controls.
United Nations Convention Against Corruption Basel III Global Framework

http://www.unodc.org/unodc/en/treaties/CAC http://www.bis.org/bcbs/basel3.htm
The full text and related materials on the UN Conven- Reading material on the Basel III Accords. Presents
tion Against Corruption, an international anti-cor- the Basel Committee’s reforms to strengthen global
ruption treaty adopted by more than 140 jurisdictions. capital and liquidity regulations with the goal of pro-
moting a more resilient banking sector.
FATF 40 Recommendations
http://www.fatf-gafi.org/topics/fat- Basel Committee Customer Due Diligence for Banks
frecommendations http://www.bis.org/publ/bcbs85.htm
Lays out best practices and policy recommendations Provides the Basel Committee’s recommendations for
for governments, as well as financial institutions developing and implementing a customer due dili-
and other private-sector entities, on developing and gence program at banks.
implementing anti-money laundering legal structures,
procedures and processes. Recognized as a global
Basel Committee Consolidated KYC
benchmark for AML and CTF practices.
Risk Management
http://www.bis.org/publ/bcbs101.htm
FATF High Risk and Non-Cooperative Jurisdictions
http://www.fatf-gafi.org/topics/high-riskand- Provides the Basel Committee’s recommendations for
non-cooperativejurisdictions KYC procedures and best practices, including assess-
ing the risk of customers.
Discusses high risk and non-cooperative jurisdictions
and the way FATF deals with said jurisdictions.
Basel Institute for Governance AML Index
http://www.baselgovernance.org/gov/aml/proj-
Wolfsberg Standards ect-details/article/the-basel-aml- index/?tx_
http://www.wolfsberg-principles.com/ ttnews%5BbackPid%5D=335&cHash=df11b5a634
standards.html
AML Risk Index that assesses countries’ risk levels
The Wolfsberg Standards are best practices produced regarding money laundering/terrorist financing.
by a private-sector association of major financial
292
APPENDIX B
ANSWERS TO
PRACTICE QUESTIONS
CHAPTER 3 – MONEY LAUNDERING:
Q 3-1. Chuck Smith conducted a Ponzi scheme by luring innocent domestic investors to invest. He claimed
they would get a steady stream of payments over time and would receive a handsome return on their
investments. The transaction worked as follows:
• All investors reside in Smith’s country and wired money to Smith in order to make an investment in reliance on
his representations, which later turned out to be false.
• Smith next moved the funds to an offshore bank account.
• Smith then transferred some of the funds from new investors to previous investors claiming it was money
generated by their investment.
• Smith used the remaining funds to purchase cars and other luxury gifts to create the appearance that he
was successful.
The underlying criminal activity in this case was wire fraud. At which point did money laundering FIRST take place?
− A. When the investor wired money to Smith in reliance on his false representations
− B. When Smith transferred some of the funds from new investors to previous investors claiming it was
money generated by their investment
− C. When Smith used the remaining funds to purchase cars and other luxury gifts to create the appear-
ance that he was successful
" D. When Smith wired funds to the offshore bank account
Answer A is incorrect because the investors’ funds could not be considered proceeds of illegal activity until
they were in the possession of the Ponzi schemer. The transaction was therefore not an act of money laun-
dering, although it could be considered a “specified unlawful activity.”
Answer B is incorrect because the question asks for the first instance money laundering took place. Although
this could be considered money laundering, it is not the first occurrence.
Answer C is incorrect for the same reason as Answer B.
Answer D is correct because this is the first instance where Smith had obtained the proceeds of a criminal
activity and was conducting a transaction with them. It is the most appropriate first instance of money laun-
dering in this scenario.
293
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
Q 3-2. A compliance officer at a major insurance company has recently noticed a pattern of potentially
suspicious transactions from a long-time customer. The customer is employed in a consulting position
that requires her to travel internationally on an unpredictable schedule and she often resides overseas
for extended periods. The customer has several properties insured with the company for large amounts.
In the past three years, she has overpaid her premiums numerous times and then requested a refund be
issued. Concerned that the customer may be laundering funds through the overpayment of premiums, the
officer is investigating the transactions.
Which fact would BEST indicate money laundering may be taking place?
− A. The customer often requests that refunds be made by wire transfer to banks outside of the country.
− B. The customer makes the overpayments at different times of the year and in varying amounts.
− C. The customer has recently taken out a sizeable new insurance policy on a commercial property with
your company.
" D. The customer has requested that refunds on excess premiums be made to an attorney.Q 3-3. A financial insti-
tution holds an account for a charitable organization whose stated mission is to promote literacy in the local com-
munity. The charity derives most of its financial backing from periodic fundraising drives that take in hundreds of
small donations from individual donors.
Answer A is incorrect because it cannot be considered unusual activity due to her customer profile. In the
scenario, we state “The customer is employed in a consulting position that requires her to travel internatio-
nally on an unpredictable schedule and she often resides overseas for extended periods.” As such, requesting
wire transfers to banks outside her country would not be out of the ordinary for this customer.
Answer B is incorrect because the nature of the overpayments actually matches the customer profile. The
fact that she travels on an “unpredictable schedule” supports the fact that the activity is happening at dif-
ferent times of the year. Also, the fact that she “has several properties insured with the company for large
amounts” contributes to the fact that the overpayments are in different amounts.
Answer C is incorrect because it is largely irrelevant to the scenario, and the fact that she already has several
large policies with the company makes it consistent with her profile.
Answer D is correct because it incorporates a classic red flag of money laundering, in that the refunds of the
overpayment of premiums are being sent to a third party.
294
Q 3-3. A financial institution holds an account for a charitable organization whose stated mission is to
promote literacy in the local community. The charity derives most of its financial backing from periodic
fundraising drives that take in hundreds of small donations from individual donors.
Recently, the institution conducted a due diligence investigation and noticed anomalous activity in the cha-
rity’s account.
Which of these is a red flag for potential terrorist financing?
− A. The charity recently purchased a large insurance policy which does not have a surrender clause and cannot be
used as collateral.
− B. The charity has no long-term leasing agreement on a physical property in a nearby town.
" C. The transaction history indicates a pattern of wire transfers to countries with no previous connection to the
charity’s activities.
− D. The transaction history for the charity shows a large number of small cash deposits.
Answer A is incorrect. It would not be uncommon for an insurance policy to lack a surrender clause and
collateral. Those features actually increase the risk that an insurance policy could be used in a financial
crime scheme.
Answer B is incorrect. A lack of long-term lease is not generally indicative of terrorist financing or other
financial crime, is not the best choice of the options given here.
Answer C is correct. Wire transfers to other countries outside of an entity’s operation are an indicator of
potential terrorist financing, especially in the case of non-profits and charities.
Answer D is incorrect. As the scenario states, the charity obtains its funding from drives that take in hun-
dreds of small donations. This would be consistent with the deposit activity indicated here.
295
Q 3-4. You are the chief anti-money laundering officer of a full-service bank, and you are designing a risk-
based customer acceptance program to determine the Terrorist Financing risks specific to not-for-profit
(NFP) organizations.
Which enhanced due diligence activity is most essential for these types of client relationships due to the elevated
risk that NFPs pose?
− A. Monitor the financial activity in relation to the stated purpose and objectives of the entity.
− B. Obtain a copy of the organization’s charter
" C. Establish who controls the organization and its financial activities down to a low threshold
− D. For NFPs, customer acceptance requirements are the same as for any other customer
Answer A is incorrect. Conducting monitoring of transactions based on the expected activity and purpose of
account is a minimum requirement for any customer, and would not be considered enhanced due diligence
in response to higher risk.
Answer B is incorrect. Obtaining a charter or other formation documents would be a typical part of the cus-
tomer onboarding process, and would not generally be considered enhanced due diligence.
Answer C is correct. Capturing ownership of NFPs, and going beyond the typical threshold to gain more
thorough understanding of the control structure and risks posed by an entity, is a key step for enhanced
due diligence
Answer D is incorrect. According to best practices from the FATF and others, NFPs should generally be con-
sidered as elevated above the standard risk, and require additional measures for customer due diligence.
296
CHAPTER 4 – UNDERSTANDING AND PREVENTING FRAUD:

Q 4-1. The CFO of a large public corporation sees that the company’s quarterly numbers are going to
exceed analysts’ expectations. Knowing the stock price will probably make a big jump when this news is
released, he makes several large open stock repurchases, which increases the intrinsic value of the tens of
thousands of shares he already owns.
He then mentions the earnings report to his wife, and she buys 1,000 shares of stock in her personal trading account.
Her broker, who knows that she is married to the CFO of this company, feels that she must know something, so he
recommends it to many of his clients who buy some very large blocks.
The quarterly numbers are released, and the stock makes a big move as expected. Which individual in this scenario
has committed insider trading?
− A. The CFO
" B. The CFO’ wife
− C. The wife’s stockbroker
− D. The stockbroker’s clients
Answer A is incorrect due to the fact that while the CFO clearly had insider information, he did not execute
any trades or participate in any actions that personally benefitted him. The large stock repurchases would
likely indirectly benefit him since they reduce the liquidity in the marketplace and increase the intrinsic
value of the remaining outstanding stock, of which he owns a great deal. Therefore, any subsequent good
news (like beating analyst projections) would have a greater positive impact on the stock price. However,
since this action benefits ALL shareholders it cannot be considered insider trading.
Answer B is correct because the wife had insider knowledge and executed a trade that personally benefitted
her. While she did not hold an insider position, she still had the requisite insider knowledge to commit insi-
der trading. Nowhere in the scenario does it say that the husband had knowledge of this action. If he did, he
might be considered in violation of insider trading rules as well. In real life, the CFO might be hard pressed
to prove he had no knowledge of this trade. In this scenario, choosing between answer A and B is clear due
the fact the CFO’s wife actually executed the trade, and there is no mention of the CFO having knowledge.
Answer C is incorrect due to the fact that the stockbroker did not have any insider knowledge. Since corpo-
rate officers are required to report on their trades, following the actions of known insiders is common in the
marketplace and not illegal.
Answer D is not correct because the clients are even further removed from insider knowledge.
297
CHAPTER 5 – GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT:

Q 5-1. You are a compliance analyst at a multinational financial institution that provides banking and
investment services to large institutional customers. Your institution is currently seeking new business
opportunities providing services to universities, hospitals, and other institutions with potential ties to
political officials and government agencies. Your institution plans to expand into Norway, India, Botswana
and Chile and has asked you to assess the corruption risks of offering its services in each nation.
What is an accurate risk rating for these countries?
− A. Providing investment and banking services in Norway poses the highest risk for corruption due to a history of
bribery by Norwegian state-owned oil companies.
" B. Providing services in India poses the highest risk for corruption due to the prevalence of state-owned entities
and Politically-Exposed Persons (PEPs).
− C. Providing investment and banking services in Botswana poses the highest risk for corruption due to wide-
spread graft in government contracts.
− D. Providing services in Chile poses the highest risk due to connections between the Chilean government and
international organized crime rings.
Answer A is incorrect, as while there have been some FCPA cases involving Norwegian state- owned oil
companies, Norway is still considered to be a highly transparent and compliant jurisdiction by international
organizations. This question relies on some knowledge of commonly-used standards and resources used to
rate corruption and financial crime risks internationally, such as the Transparency International Corruption
Perceptions Index, Basel Committee AML Index, and FATF lists of high-risk and non-cooperative jurisdictions.
Answer B is correct as state-owned entities and public-private partnerships are very prevalent in India, and
the country has a history of corruption among public officials. India is generally considered a higher risk for
corruption than the other nations listed here.
Answer C is incorrect, as while Africa is generally considered to be high-risk for corruption, Botswana is
widely recognized as a clean nation that has taken considerable efforts in recent years to combat corruption
and ensure transparent governance.
Answer D is incorrect and simply intended to distract the test-taker. While organized crime groups oper-
ate in Chile like any other country, there is little to suggest they have close ties to government agencies
within Chile
298
Q 5-2. A pharmaceutical sales representative from Company X visits a hospital in the country of Rachman-
istan in order to discuss the benefit of his company’s latest drug. The hospital’s chief of internal medicine,
Dr. Y, agrees to meet with him to learn more about the drug and suggests meeting over dinner at a local
bistro. The week after the dinner takes place, the sales rep sends Dr. Y a gift basket as a token of gratitude
for taking the time to speak with him. Company X is publicly traded in the United States and the healthcare
industry in Rachmanistan is entirely government-owned.
Which statement is NOT true?
− A. Paying for Dr. Y’s dinner is permissible under the United States’ Foreign Corrupt Practices Act.
" B. Dr. Y is a medical professional and thus exempt from the United States Foreign Corrupt Practices Act.
− C. Dr. Y can be considered a foreign public official under the United States Foreign Corrupt Practices Act because
he is a high-level employee at a government-owned entity.
− D. Sending Dr. Y a gift basket is permissible under the United States Foreign Corrupt Practices Act.
Answer A is incorrect because taking someone to dinner, as long as it is not excessively extravagant, is per-
missible. This is reinforced by the section of the scenario that says that they “had dinner at a local bistro,”
rather than a fancy restaurant.
Answer B is correct because Dr. Y is not exempt due to the fact that he is a medical professional. Medical
professionals can still be considered public officials under the FCPA, and there are no exemptions for product
type or profession.
Answer C is incorrect because he can, in fact, be considered a public official because he is a high-ranking
employee of a state-owned enterprise. The definition of public official is intentionally broad in this law to
prevent state owned business employees from leveraging their position to affect bribes.
Answer D is incorrect because sending a gift basket can be considered a ‘token gift’ under the FCPA. Token
gifts are an intentionally vague definition, but a simple gift basket would qualify. There is no indication that
there were any high value items, such as champagne or caviar, as a component of this gift basket.
299
CHAPTER 6 – TAX EVASION AND ENFORCEMENT:

Q 6-1. Your bank holds a business account for a local tax preparation service.
What would MOST likely trigger further investigation by the compliance department in the bank?
" A. Numerous deposits of tax refund checks in the names of different individuals but with common addresses
− B. Multiple deposits of checks in the same amount written by different tax service customers
− C. Variances in the frequency of transactions depending on the calendar cycle
− D. A request by the customer to have payments made to the Tax Office through a certified check process
Answer A is the correct answer due to the fact that this is a classic red flag for tax fraud. Multiple tax refund
checks for different individuals going to the same address should set off warning alarms in nearly every
jurisdiction.
Answer B is incorrect because this perfectly fits the customer’s profile. The deposit of checks from different
tax service customers is what you would expect as each customer paid their bill for the service. You would
also expect many of them to be in the same amount for a typical tax preparation service since the fee for tax
preparation would be the same for many customers.
Answer C is incorrect because, once again, this fits the customer profile. You would expect variances depend-
ing on the calendar cycle as this is largely a seasonal business based on tax reporting deadlines.
Answer D is incorrect because there is no indication of tax fraud in this response. The customer is making
payments to his jurisdiction’s tax authorities using a certified check, which is simply a check for which a bank
has confirmed sufficient funds exist to cover the amount of the check. This is not a viable means to commit
tax fraud, and would more likely indicate no fraud is taking place.
300
Q 6-2. A regional bank operates within a country that has a Model 1 agreement in place with the United
States to implement the Foreign Account Tax Compliance Act (FATCA). The institution already has a FATCA
compliance program in place, but recently, there have been media reports suggesting US tax evaders are
using the bank’s country as a haven for undisclosed assets.
The bank has some US accountholders, and is reviewing its FATCA compliance program in response to the
news reports.
Which statement is true about this bank?
− A. The bank must register and report US accountholders directly with the US Internal Revenue Service (IRS)
− B. The bank must institute a 30% withholding on the accounts of its US customers
− C. The bank must confirm that U.S. customers filed a Form 8938 with the IRS to disclose their accounts
" D. The bank is required to report certain details about US accountholders to its country’s tax authorities
Answer A is incorrect. As the scenario states, the bank is located in a country with a Model 1 agreement in
place to implement FATCA. Under the terms of a Model 1 agreement, institutions do not have to report infor-
mation directly to the IRS, they report to their country’s own tax authorities instead.
Answer B is incorrect. FATCA does not require institutions to impose the 30% withholding on US accoun-
tholders by default. The withholding is a penalty intended for accounts or institutions who refuse to coop-
erate with FATCA requirements.
Answer C is incorrect. US persons with accounts in other countries are required to file Form 8938 with the
IRS, but this is an obligation of the taxpayer. Financial institutions are not required to ensure that taxpayers
have filed the required form.
Answer D is correct. Under FATCA and a Model 1 agreement, a bank would be required to report information
on US persons to its own tax authorities, who are then responsible for transmitting it to the IRS.
301
CHAPTER 7 – ASSET RECOVERY:

Q 7-1. In a Venezuela court case for fraud against individuals and companies around the world, documents
have been obtained that would be helpful in a related proceeding in Miami in the United States. Venezu-
ela and the US are parties to the Hague Evidence Convention on the Taking of Evidence Abroad in Civil or
Commercial Matters. No special laws exist in either jurisdiction for the evidence sought.
To ensure these documents are properly received in evidence in the US, which two are acceptable methods of
requesting such evidence?
" A. Letters Rogatory through the authority designed by Venezuela or other authority allowed by such law
− B. Transmission of the discovery request to the target of discovery
" C. Transmission through a private party, such as an attorney, in Venezuela, if private law so provides
− D. Issuance of subpoena duces tecum and scheduling of place and time for the party to make itself available
for examination
Answer A is correct because Letters Rogatory are a viable means to request information in a legal matter
across borders in a way that maximizes the likelihood that it can be used as evidence. From the study man-
ual: “A Letter Rogatory is a request from one judge to another judge in another country seeking assistance in
obtaining information, documents or testimony in a particular legal matter.”
Answer B is incorrect because directly asking the target of the discovery request for the documents holds
no legal weight. It is extremely unlikely that this will be successful in an adversarial case, particularly in
a fraud case.
Answer C is correct because this is a viable method of requesting cross border documents under The
Hague Convention.
Answer D is incorrect because a subpoena duces tecum is not an internationally used legal order. Even if it
was, making a party available for examination does nothing to advance the effort of getting the documents
produced, which is the focus in this scenario.
302
CHAPTER 10 – MONEY AND COMMODITIES FLOWS:

Q 10-1. An investigation of an export-import corporation in Florida that exports large household appli-
ances to Colombia discloses the following:
1. The corporation’s sources of funds for the purchase of the items are large check deposits from a small
number of other Florida export companies.
2. Each of the customer business accounts is funded by small checks from numerous personal accounts
that are domiciled in banks in New York or South Florida. Each deposit is for less than $3,000 and for
an amount in even $100 dollar increments. increments.
What is this money laundering scheme known as?
− A. Transfer Pricing Scheme
" B. Black Market Peso Exchange (BMPE)
− C. Bulk Cash Smuggling
− D. Carousel Fraud
Answer A is incorrect because the fact pattern described bears no resemblance to transfer pricing. Trans-
fer pricing schemes are a method of allocating profits between different branches or subsidiaries of a legal
entity in order to reduce the entity’s overall tax burden.
Answer B is correct because the pattern of transactions is indicative of BMPE. There is unusual deposit
activity that is indicative of structuring, followed by lump-sum payments to US appliance exporters. Another
indicator is the parties and locations involved. An exporter in the US sending appliances to Colombia is a
classic example of BMPE.
Answer C is incorrect because there is no cross-border movement of large volumes of cash in described in
this scenario, and no other red flags or suspicious activity that would indicate the exporter is involved in bulk
cash smuggling
Answer D is incorrect in part because carousel fraud is a tax fraud scheme, not a money laundering scheme.
It hinges on abusing the value-added tax (VAT) system, which is common in Europe but not present in the US,
where this investigation is taking place.
303
Q 10-2. A young woman, who is a national of Country A, works as a caregiver for a family in the US. She
sends much of her earnings to support her family back in Country A by giving the amount in cash to a local
grocer, whose family heritage is also in Country A. Once the grocer receives the cash, he calls his partner
who runs a market in one of the larger cities in Country A. From there, the young woman’s family can pick
up the money sent.
What is the name commonly used to describe this form of remittance transaction?
− A. Cash transfer
" B. Hawala
− C. Referral Banking
− D. Black Market Peso Exchange (BMPE)
Answer A is incorrect because Cash Transfer is not a real type of funds transmission. It is the colloquial term
used for Money Transmitter Business (MSBs) services; but there is no actual transfer taking place here.
Answer B is correct as this is a classic Hawala transfer.
Answer C is incorrect as this has nothing to do with referral banking. This response is simply a distraction.
Answer D is incorrect because the fact pattern described here bears little relation to Black Market Peso
Exchange, which typically involves the movement of both currency and goods across borders and the pres-
ence of currency brokers, and is not a trust-based informal value transfer system as described here.
304
CHAPTER 11 – COMPLIANCE PROGRAMS AND CONTROLS:

Q 11-1. As the compliance officer in a national financial institution, you have recently received an alert from
your regulator warning of suspected bulk cash smuggling into your jurisdiction.
Which recent activity might be indicative of bulk cash smuggling?
− A. An increase in domestic wire transfers between another bank within your jurisdiction and your finan-
cial institution
− B. A significant number of cash withdrawals, all under $10,000, from your financial institution
" C. Large amounts of small denomination currency being sent from a Foreign Financial Institution (FFI) to their
account at your bank
− D. A dramatic increase in domestic ACH transactions at your bank
Answer A in incorrect because the alert received was for bulk cash smuggling into your jurisdiction. The fact
that the transfers are all taking place within your jurisdiction eliminates this answer.
Answer B is incorrect as bulk cash smuggling would result in large cash deposits into your institution; not
withdrawals. The amounts being under $10,000 is a red herring because it is close to many jurisdiction’s
reporting threshold.
Answer C is correct as this is a classic red flag of bulk cash smuggling. When physically smuggling large
amounts of cash across a border most criminals would want to reduce the physical bulk of the cash by con-
verting as much as they could into larger denomination bills. This would result in significant amount s of
small denomination currency being sent by foreign banks into your jurisdiction.
Answer D is incorrect as ACH transactions usually have no connection to bulk cash smuggling. Also, these
are domestic transactions, which would indicate they are not connected to any cross-border cash-smug-
gling operation.
305
Q 11-2. A US bank receives a letter of credit from an issuing bank in connection with the purchase of wheat
from a bank customer. The buyer/applicant is located in Belarus, a country in which certain senior govern-
ment officials are on the US Specially Designated National (SDN) List. The country is not, however, subject
to comprehensive US sanctions.
The buyer is determined to be a joint venture in which a Belarus SDN has a 50% interest through two separate
companies wholly owned by the SDN. Each has a 25% interest in the joint venture. No funds have yet been received
by the bank.
− A. The letter of credit can be processed and the funds paid because the customer is not on the SDN List and the
SDN does not have a majority or controlling interest.
− B. The letter of credit can be processed and the funds paid because the US Office of Foreign Assets Control
(OFAC) has issued general licenses exempting food from US sanctions.
" C. The letter of credit must be blocked by the US bank and reported to OFAC even though no funds have yet
been received.
− D. The letter of credit cannot be accepted or acted on so it must be returned to the advising bank with notice that
any funds received will be blocked.
Answer A is incorrect because one of the customers involved in the transaction is in fact an SDN. The buyer
mentioned in the scenario is said to be a joint venture that is 50% owned by two persons on the SDN list.
Under US sanctions regimes, if a person or entity on an SDN list has a 50% or more ownership stake in an
entity or company, that entity or company is subject to the same restrictions as an SDN, including blocking
of transactions.
Answer B is incorrect because US sanctions regimes are country, person or entity-specific. OFAC does not
issue blanket licenses exempting an entire class of good or transaction from sanctions. While under some
sanctions laws food and agricultural goods are exempt from sanctions, in other cases they are not.
Answer C is correct because it accurately describes the steps the bank must take in order to remain com-
pliant with OFAC sanctions laws. The buyer was found to be an SDN, which requires the bank to block the
transaction.
Answer D is incorrect because notifying the parties to a sanctioned transaction that it would be blocked is
explicitly prohibited by US sanctions laws. Funds or financial instruments involved in sanctioned transac-
tions are typically required to be blocked, and are not returned to any of the parties in a transaction.
306
Q 11-3. A small regional bank has recently started using a new transaction monitoring tool that utilizes
several custom scenarios to identify specific activity which was defined by the Financial Crimes Compli-
ance team. There are five scenarios that are live in production. The Analytics team within Financial Crimes
Compliance has performed some research on the scenarios and is ready to make recommendation to man-
agement regarding possible changes to the scenarios.
Which scenario(s) should the Analytics team recommend making changes to first?
− A. Scenario A that has generated 100 alerts in the past three months and 50% of those have been deemed suspi-
cious and a suspicious transaction report was filed.
− B. Scenario B that has generated 180 alerts with a 95% false positive rate.
" C. Scenario C that has generated no alerts and there appears to be a problem with the mapping of data.
− D. Scenarios D and E that were put into production in the last 30 days to address a matter requiring attention
from a regulator.
Answer A in incorrect as this appears to be a well performing scenario. It is generating alerts, and the per-
centage of those that were actually deemed suspicious is reasonable.
Answer B is incorrect because while the false positive rate is far too high, it is at least generating alerts and
some are still deemed suspicious. The false positive rate is clearly an issue that will have to be addressed, but
this scenario would not be the one that would need to be addressed first. There will often be scenarios on
the live exam that require you to pick the best answer. In this case, this is not the best answer.
Answer C is correct as this clearly is a broken scenario since not one alert has been generated. The fact that
there appears to be a problem with the mapping of the data only reinforces the conclusion that this scenario
must be addressed first.
Answer D is incorrect as there is no evidence that the scenarios are not performing as expected.
307
CHAPTER 12 – CYBERSECURITY
Q 12-1. Your financial institution has been subject to several hacking attempts over the last few weeks.
While none have been successful, you worry that it might be a matter of time. To keep your network secure,
you have decided to update your network security policies.
What is an important step to include in your network security policy?
" A. Educate your online customers to detect phishing attempts and other fraudulent email scams.
− B. Disable auto deletion of old data, including access logs, and move them to an archive server.
− C. Only permit administrative connections via the Internet through HTTPS or SSH connections.
− D. Require confirmation from network engineering before resetting any lost passwords.
Answer A is correct as this is a recommended step in all network security policies. While not high tech or
glamorous, educating your staff and your customers to recognize phishing and fraudulent emails is a funda-
mental and highly successful way to prevent fraud.
Answer B is incorrect as this is the opposite of a good data retention policy, and has nothing to do with a
network security policy.
Answer C is incorrect as a good security policy will not allow any administrative connections through the
internet, even via secure connections like HTTPS or SSH. Administrative connections are those that allow
you to log into internal devices and make changes to how they function. This task should only be allowed
from internal connections.
Answer D is incorrect as it is not very scalable and network engineering is the wrong group to manage this
anyway. There are hundreds of password resets that are performed every day by most large financial insti-
tutions. There is no way that the network engineering staff would be able to keep up with the requests. They
would also have no way to determine if the requests should be approved or denied.
308
Q 12-2. Your organization has a large online presence, providing all key services online. You have recently
found out that a hacker has gained access to your secure network, stealing millions of customer user-
names and passwords. You think the access was gained via social engineering.
Your company’s success depends on your keeping this data secure, so your organization wants to put procedures
in place to ensure it can prevent any such further attacks. As an initial step you have terminated internet access for
engineering and IT.
What would be the MOST effective further action for your firm to immediately take to prevent this specific type of
attack from happening again?
" A. Restrict external access on all routers and servers allowing administrative access only from workstations in
the engineering and IT departments.
− B. Staff should not be allowed to download any materials from the internet or private disks to the organization’s
local drives.
− C. Require all customers to change their passwords on a regular basis to access their accounts and require
strong passwords.
− D. Upgrade all network firewalls and ensure they are running current software.
Answer A is correct as this is a viable and recommended security strategy. Not only should administrative
access be restricted to only internal computers (no outside internet connections), it should be restricted to
only those groups that have a viable business purpose for logging into those devices, such as engineering
and IT. If someone manages to acquire information to access the network, via social engineering or other-
wise, there is not much they would be able to do with that information if they had to be sitting at a desk in
your engineering department to actually use it.
Answer B is incorrect. While this is a viable, if extreme, security measure, it does not prevent this specific
type of attack from happening again. Though a common security measure in some very secure government
and private-sector facilities, it does nothing to prevent social engineering attacks. The question specifically
asks for ways to prevent that type of attack.
Answer C is incorrect. While this too is a viable customer security policy, it would not be a component of a
network security policy. It also would do nothing to prevent social engineering attacks.
Answer D is incorrect. Once again, upgrading firewalls and ensuring they are running current software is a
good network security policy, but does not prevent “this specific type of attack from happening again.”
309
CHAPTER 13 – ETHICAL RESPONSIBILITIES AND BEST PRACTICES:

Q 13-1. Sallie Jones holds a significant administrative position in the Defense Department of her home
country, overseeing various information technology projects. Sallie’s husband, Joe, was recently hired in
sales by a software company, Company A. The CEO of Company A, a personal friend of Sallie, and ulti-
mately hired Joe.
Shortly after Joe was hired, the Defense Department and Company A entered into a contract for the purchase of
software. Joe was assigned to the account. Sallie was not involved in the initial contract negotiations and did not
know they were taking place. After the contract was signed, Sallie was involved in the decisions to use the company
on subsequent projects.
When did Sallie commit an ethical violation?
− A. When the CEO of Company A paid for a dinner with Sallie and her husband during the hiring process
for her husband
− B. When she continued to maintain a close friendship with the CEO of a vendor of the Defense Department
" C. When she was part of the subsequent decision process knowing that her spouse had a financial interest
in the matter
− D. When she did not disclose her conflict of interest during the initial contract negotiations
Answer A is incorrect as paying for the dinner in itself is not an ethical violation, and this dinner pre-dates
any other interaction with Company A and the Defense department.
Answer B is incorrect as maintaining a close friendship with someone, regardless of the business relation-
ship, is not an ethical violation. Only if you allow that relationship to influence your decisions does it cross
the line into an ethical issue.
Answer C is correct because there is a clear conflict of interest in this case. Sallie should have recused her-
self from the decision-making process once her family had a financial interest in the selection of the vendor.
Answer D is incorrect because she had no reason to disclose a conflict of interest because she was not part
of the decision-making process to select the vendor.
310
Q 13-2. The CEO of Company X, a publicly traded corporation, caused Company X to enter into a trans-
action with Company Y in which the CEO is a shareholder. The CEO failed to inform the shareholders of
Company X of his interest in Company Y. However, the transaction will greatly benefit Company X as well
as Company Y.
− A. The CEO has participated in insider trading.
" B. The CEO has committed self-dealing.
− C. The CEO has been involved with selling away.
− D. The CEO has not committed an ethical violation.
Answer A is incorrect as insider trading involves using insider knowledge to make open market trades to a
person’s personal benefit.
Answer B is correct. A person with a fiduciary responsibility to others (like other shareholders) entering a
transaction with another company in which he has a financial interest is self-dealing. Even though the trans-
action benefited both companies, the CEO would have been required to disclose the relationship beforehand,
which he did not. There could have been another, more beneficial, transaction that might have been con-
sidered if all of the facts were known. In many jurisdictions, this is not only an ethical violation, but a legal
one as well.
Answer C is incorrect as selling away is when a broker solicits you to purchase securities not held or offered
by the brokerage firm. As a general rule, such activities are a violation of securities regulations, but that did
not occur here.
Answer D is incorrect as there is clearly an ethical violation here. The self-dealing would not have been con-
sidered an ethical violation if he disclosed the relationship first though.
Association of Certified Financial Crime Specialists

Rivergate Plaza, 444 Brickell Avenue, Suite P60, Miami, FL 33131
Phone: 786-530-8231 | Email: customerservice@ACFCS.org
311

CFCS Study Manual PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CFCS Study Manual PDF

Uploaded by

Copyright:

Available Formats

6th Edition

Association of Certified Financial Crime Specialists

Tel: 786-530-8231 | Email: customerservice@acfcs.org

© Copyright 2018. All rights reserved. Association of Certified Financial

Notice: The Certified Financial Crime Specialist Examination Preparation

@2019 Association of Certified Financial Crime Specialists

CFCS CERTIFICATION EXAMINATION

Brian Svoboda Kindle

Kenneth Barden, Esq.

Brian Golden, HSBC

Donald Semesky, Financial Operations Consultants

Karen Van Ness, Compliance Risk Solutions

@2019 Association of Certified Financial Crime Specialists

SPECIAL ACKNOWLEDGMENT AND APPRECIATION

Beth Berenbaum John Lash, Esq.

RECOGNITION OF THE FINANCIAL CRIME SPECIALISTS WHO ASSISTED IN

Heather Adams Joram Borenstein Lynn Correia

Albert Allison Daniel P. Boylan Annette Dance

Scott Andersen Lorice E. Brown Nyron Davidson

@2019 Association of Certified Financial Crime Specialists

Juan Ducali Rebecca LaPorte Ron Penninger

Astigarraga Davis Tom Lasich Saskia Rietbroek

JR Helmig Isabel Medrano Sara L. Satten

Elizabeth Henry Michael McDonald, Esq. Lisa Schor Babin

Marie Kerr Pamela C. Ogle Margaret S. Silvers

Ron King Natasha Pankova Taft Jeffrey Sklar

Ben Knieff Holly R. Park James Slear

Nikki Kowalski, Esq. Paul E. Pelletier, Esq. Steve Smith

@2019 Association of Certified Financial Crime Specialists

@2019 Association of Certified Financial Crime Specialists

Detecting and Preventing Fraud............................................................................................................................. 79

@2019 Association of Certified Financial Crime Specialists

Tracing, Forfeiture and Substitution of Assets .................................................................................................. 142

@2019 Association of Certified Financial Crime Specialists

Commodities Trading to Move Money ................................................................................................................195

@2019 Association of Certified Financial Crime Specialists

CHAPTER 14 INTERNATIONAL AGREEMENTS AND STANDARDS ................................................................... 276

@2019 Association of Certified Financial Crime Specialists

THE ASSOCIATION OF CERTIFIED FINANCIAL

The Association of Certified Financial Crime Specialists (ACFCS)

To build the certification examination, ACFCS

Once they identified the job tasks, their work was

This Certification Examination Preparation Man-

CONSTRUCTION OF THE CFCS

ACFCS is independent of all government agencies,

JOB AND CAREER BENEFITS FROM CONCLUSION

With thoughtful attention to the

The immense earnings of financial criminals and their global

1. When the crime is being planned

COUNTRIES LISTED ON VARIOUS TAX HAVEN LISTS

Coast of East Asia Hong Kong,b,e Macau, a,b,e Singaporeb

Indian Ocean Maldives,a,d Mauritius, a,c,e Seychellesᵃ,

Middle East Bahrain, Jordan,a,b Lebanon a,b

North Atlantic Bermuda,e

West Africa Liberia

All financial crimes result in tax evasion. It

The irony is that despite this ability to inflict so

Financial institutions spend significant time and

Financial criminals appreciate the value of a

All financial crimes interface with government

If a financial crime occurs at or through a busi-

In most countries, data from suspicious activity

1. These are known as Suspicious Transaction Reports (STRs) in many jurisdictions.