FinCrime Risk Manual

ICA Specialist Certificate
in Financial Crime Risk

in Global Banking and
Markets
Course Manual
G247/11871
Principal Author
Jonathan Ledwidge
Series Editors
David Robson
First Edition January 2018
Second Edition May 2018
Third Edition September 2019
Published by:
International Compliance Association
Wrens Court
52–54 Victoria Road
Sutton Coldfield
Birmingham
ENGLAND
B72 1SX
www.int-comp.org
All rights are reserved. No part of this publication may
be reproduced, stored in a retrieval system, mechanical,
photocopying, recording or otherwise, without the prior
permission of International Compliance Association. While
all reasonable care has been taken in the preparation of
this manual, neither International Compliance Association
nor any of the authors accept responsibility for any errors it
may contain or for any loss sustained by any person placing
reliance upon its contents.
© 2019 International Compliance Association
G247/11871
Contents
Unit 1: Overview of Financial Crime Risk 5
Unit 2: Customer Risk Typologies 52
Unit 3: Financial Market Product and Service Risk Typologies 112
Unit 4: Customer Due Diligence and The Customer Lifecycle 142
Conclusion168
References171
3
Unit 1
Overview of Financial Crime
Risk
Unit 1: Overview of Financial Crime Risk
Learning objectives
The purpose of this unit is to:
z examine the elements of financial crime from the wholesale banking and
markets perspective
z identify the implications of financial crime on banks and financial
institutions.
1. Market abuse, fraud and manipulation

1.1 Overview and risk impacts
The International Monetary Fund (IMF) defines financial abuse as ‘encompassing not only
illegal activities that may harm financial systems, but also other activities that exploit the
tax and regulatory frameworks with undesirable results’.1 Financial abuse thus includes:
z sale of fictitious financial instruments or insurance policies

z embezzlement of non-financial institutions
z stock manipulation
z tax avoidance
z connected party lending
z circumvention of exchange restrictions.
The UK’s Financial Conduct Authority (FCA) defines certain types of behaviour, such as
insider dealing and market manipulation, as amounting to market abuse. It further states
that firms must have safeguards in place to identify and reduce the risk of market abuse
and other financial crime.
Alternatively, the US Securities and Exchange Commission (SEC) sees market abuse/
manipulation as intentional conduct designed to deceive investors by controlling or
artificially affecting the market for a security. It includes the manipulation of orders, pricing,
misinformation and collusion.
Manipulation can involve several techniques designed to affect the supply of, or demand
for, a stock. They include: spreading false or misleading information about a company;
improperly limiting the number of publicly-available shares; or rigging quotes, prices
or trades to create a false or deceptive picture of the demand for a security. Those who
engage in manipulation are subject to various civil and criminal sanctions.
1. International Monetary Fund, Financial System Abuse, Financial Crime and Money Laundering – Background Paper,
21 February 2001: https://www.imf.org/external/np/ml/2001/eng/021201.pdf – accessed September 2019
5
Market abuse can carry both criminal and civil penalties, resulting in imprisonment and
fines. Some common types of securities fraud include manipulating stock prices, lying on
SEC filings and accounting fraud.
Further, financial institutions can be both perpetrators and victims of market abuse. The
latter might arise where an employee(s) within an institution commits such an act(s),
because the institution failed to implement the appropriate controls.
As we shall see later, market abuse can also negatively impact not only the bank’s
customers but also other market participants and even the society at large.
1.2 Market abuse – the UK and US legal and regulatory framework
Key elements of these significant international influences include:
EU Market Abuse Regulations (MAR)
Applies to financial instruments whether traded on a regulated market or not. Offences

include:
z insider information
z insider dealing and unlawful disclosure
z market soundings
z market manipulation
z manipulation of benchmarks e.g. LIBOR.
EU Market in Financial Instruments Directive (MiFID)
Focuses on ensuring that the products and services offered to customers are
commensurate with their needs as well as their understanding of the products. MIFID II
further aims to increase market transparency for institutions and their customers, in both
exchange-traded and over-the-counter (OTC) markets.
US regulations
These are mainly enforced by the SEC in the form of the following.
z Securities Act of 1933. Prohibits deceit, misrepresentations, and other fraud in the
sale of securities.
z Securities Exchange Act of 1934. Prohibits certain types of market conduct/abuse
including insider trading.
z Sarbanes–Oxley Act of 2002. Designed to enhance corporate disclosure and limit
corporate fraud.
It is also worth mentioning that you should familiarise yourself with more local
jurisdictional requirements as they apply to your own role or firm.
6
1.3 Market abuse – customer and product vulnerabilities
Any product that is quoted and/or tradeable in the financial markets may be subject to
some sort of market abuse and/or manipulation. Such manipulation if performed by an
employee within an institution can have the following negative impacts:
z corporate civil and criminal penalties

z individual civil and criminal penalties
z reputational damage
z loss of customers
z significant remediation costs (in addressing the risk control failures; operational, IT,
human resources).
It should be further noted that where an institution fails to exercise suitable controls, it
negatively impacts not only the bank’s customers but also other market participants.
Let’s take a look at one high-profile example.
Case study: Bernie Madoff
Bernie Madoff was a former chairman of Nasdaq and the chairman and
founder of the firm Bernard L. Madoff Investment Securities LLC. The firm
operated as an investment manager. Senior management, as well as the
senior legal and compliance functions within the firm, were all occupied by
members of the Madoff family.
Madoff had attracted clients by offering consistently good returns which

beat market expectations, even in times of a market downturn. However, as
his fund failed to perform to the anticipated levels, it was unable to provide
customers with the promised returns. This prompted Madoff to use funds
from new investors, to make up the shortfalls in the promised returns to
the older investors.
Madoff was operating a Ponzi scheme.
Ponzi schemes are only sustainable to the extent that new investors can
be brought into the fund. As such, if there is a severe market downturn,
customers are more likely to withdraw their funds, resulting in an inability
to maintain investor returns. When the downturn turns into a market rout,
then the Ponzi scheme goes into freefall, eroding and even wiping out both
investment returns and capital.
The financial crisis of 2008 triggered massive withdrawals from the Madoff
funds, resulting in its collapse. Madoff was arrested and charged with 11
federal crimes: securities fraud, investment adviser fraud, mail fraud, wire
fraud, three counts of money laundering, false statements, perjury, making
false filings with the SEC, and theft from an employee benefit plan.
At the time (the firm’s activities were brought to a halt in late 2008) the firm
had some $65 billion under management for some 4,800 clients. However,
given the extent of Madoff’s fraudulent behaviour, the reliability of those
numbers is in question.
7
There were many warning signs of the impending debacle, but they were
all ignored – partly because Madoff was such a well-established member
of both society and of the financial community. As a consequence of their
failure to recognise those warning signs, several banks who were customers
of and/or supported Madoff’s business activities, found themselves as
either victims or facilitators of Madoff’s schemes, due to the inadequacies in
their customer due diligence (CDD).
The fallout from the Madoff failure spread far and wide. Financial
institutions and investment funds lost billions, along with many charities.
JPMorgan, who kept some of the Madoff accounts, was fined $1.7 billion for
compliance inadequacies. The bank failed to file Suspicious Activity Reports
(SARs) after numerous red flags in respect of Madoff’s activities were raised
internally.
Clients of Bank Santander, who lost money due to the bank’s investments in
Madoff funds, sued the bank for their losses. Bank Medici, based in Austria,
was wound up by the authorities and lost its banking licence. The bank was
dependent on Madoff investments for a large portion of its income.
A study done by researchers at Cornell University revealed that investors

moved some $363 billion from investment funds as a direct result of the
Madoff collapse. Madoff was eventually given a 150-year prison sentence.
1.4 Bernie Madoff: managing the risks
The question that inevitably arises is what could an institution have done to identify,
mitigate or otherwise avoid the fallout from the Madoff collapse? Listed below are some of
the possible failings/techniques. Much of the material is based on experiences at JPMorgan,
bankers to Madoff, who appeared unable to either recognise or manage the risks of
dealing with the fraudster.
Appropriate organisational/risk culture and governance
The best organisations develop a culture and governance framework that ensures
accountability. In such organisations, risks are readily identified and suitably mitigated
or avoided. This is critical not just to financial crime risk management but to all risk
management.
The fact that many issues/red flags (see below) were not followed up and/or remained
unresolved demonstrates the absence of the necessary qualities in respect of both culture
and governance. This is perhaps the single most important factor in ensuring that financial
institutions avert issues of misconduct and/or market abuse.
Negative news searches
There were numerous reports which suggested that there was something wrong with the
Madoff funds, but they were routinely ignored by both investors and financial institutions.
Had these reports been followed-up and the necessary level of professional scepticism
invoked, it is quite likely that Madoff would have been stopped much earlier.
8
Customer due diligence failure
A former chief credit officer at JPMorgan is said to have looked at Madoff’s files, and then
wrote a memo which stated: ‘perhaps best this never sees the light of day’.2 It was clear
from this that the bank had either not received the appropriate responses to its CDD/KYC
inquiries or was very uncomfortable with what he had seen.
Ignoring red flags
‘Red flags’ are indicators that something unusual may be occurring. When identified, they
merit further investigation. JPMorgan failed to take note and act on the following anomalies
presented by the Madoff group.
z Cheque kiting. Madoff consistently used uncleared funds in the execution of his
business.
z Information shared by another bank. In the 1990s, Bankers’ Trust closed its
accounts with Madoff and raised a SAR with the authorities. It also shared its
concerns with JPMorgan, but the latter proceeded to welcome the new customer
and open the accounts anyway.
z Internal reporting. JPMorgan’s London trading desks tried in vain to replicate the
performance of some of the Madoff funds. When they failed, they concluded that
there was something seriously amiss. They raised a SAR and advised the New York
head office – the latter ignored the warnings.
z Auditors. The firm tasked with auditing the multi-billion Madoff funds was basically
a two-man operation. Clearly there were insufficient resources for adequately
performing such a task.
Adequate SAR framework
Inadequate culture and governance no doubt impacted JPMorgan’s ability to properly

recognise and report suspicious activity. It is also quite possible that if all relevant SAR
reporting was performed, the institution would have been better able to connect the dots,
thus improving their ability to assess the overall risks and with it the likelihood of a more
adequate determination of the risks.
1.5 Fraud
In 2018, PwC published a survey entitled ‘Pulling fraud out of the shadows – Global
Economic Crime and Fraud Survey 2018’.3 It was reported in this survey that 49% of
global organisations had been a victim of fraud, up from 36% in 2016. In addition, 95%
of businesses advised that they’d suffered a monetary loss due to fraud. This survey also
noted that the biggest fraud risk to companies comes from within:
Our survey revealed a significant increase in the share of economic crime committed by internal
actors (from 46% in 2016 to 52% in 2018) and a dramatic increase in the proportion of those
crimes attributed to senior management (from 16% in 2016 to 24% in 2018). Indeed, internal
2. Laurence Kotlikoff, ‘A Look At JPMorgan Chase's 20 Years of Watching Madoff Commit Crimes’, Forbes, 26
September 2014: https://www.forbes.com/sites/kotlikoff/2014/09/26/jpmorgan-chases-20-years-of-watching-madoff-
commit-crimes-read-chapter-2-at-jpmadoff-com/#1238c06e3b89 – accessed January 2018
3. PwC, Pulling fraud out of the shadows – Global Economic Crime and Fraud Survey 2018: https://www.pwc.com/gx/en/
forensics/global-economic-crime-and-fraud-survey-2018.pdf – accessed September 2019
9
actors were a third more likely than external actors to be the perpetrators of the most disruptive
frauds.
Let’s take a look at another example.
Case study: The Enron Accounting Scandal4
Enron was a Houston-based commodity, energy and service company. It

was voted ‘America’s Most Innovative Company’ by Fortune for six years,
from 1996 to 2001. However, the company’s financial position was misstated
as it hid loss-making assets off-balance sheet in special purpose vehicles
(SPVs). The company eventually had to restate several years of earnings and
filed for bankruptcy in 2001. By then, investors had lost $74 billion and its
employees further billions in pension benefits.
Several Enron executives were convicted of conspiracy, insider trading, bank

fraud, wire fraud and securities fraud. Their accounants, Arthur Andersen,
were disgraced and collapsed after a criminal trial where they were
charged with obstruction of justice – even though they won the case on a
subsequent appeal. The Sarbanes–Oxley Act was passed in the US Congress,
and corporate governance reforms were put in place in many countries, all
as a direct result of the Enron Scandal.
Many banks, Citigroup and JPMorgan included, were also held liable for
the collapse of Enron and had to pay millions of dollars fines – primarily
because certain cashflow transactions these banks executed with Enron
were deemed to have facilitated the misstatement of income and the hiding
of losses.
Implications for banks and financial institutions
Understanding the customer and the customer business and how it creates value is
vitally important in managing exposure to fraud risk. Furthermore, banks and financial
institutions must be particularly careful not to execute transactions that will assist or
facilitate fraud.
Managing, mitigating and avoiding risk exposures
This primarily involves ensuring that a customer’s corporate governance framework

properly reflects best practice in terms of the board, audit committees, the role of internal
auditors and rotation of external auditors. Crucially, assessments should also be made of
any possible conflicts of interest amongst board members or senior management.
1.6 Implications for banks and institutions in the financial markets
The problems of Citi and JPMorgan cited above, highlight the importance of understanding
the nature of the customer’s business, the purpose of complex transactions, their impact
on the financial statements as well as on the interests of it stakeholders.
4. Troy Segal, ‘Enron Scandal: The Fall of a Wall Street Darling’, Investopedia, 29 May 2019: http://www.investopedia.
com/updates/enron-scandal-summary/#ixzz4dPKJiFdg – accessed March 2018
10
Banks and financial institutions must provide full and fair disclosure to their customers in
respect of investments, transactions and any representations they make – whether these
are in respect of the bank’s own offerings or in respect of third-party offerings such as fund
managers. This implies that the CDD must be properly performed on such offerings. For
example, many subprime mortgage originations were made by unlicensed brokers and
lacked any form of adequate documentation. These included the infamous ninja loans: no
money, no job. Yet, these were bought by major banks, securitised and marketed as AAA
rated securities, once they had been financially engineered.
The implosion of this securitised debt proved that the securitisation was in effect a fallacy.
As Hal Gregersen, a co-author of The Innovator’s DNA states:
It’s easy for me to step back and say this. I don’t have the answer. But I look back to the financial
crisis in 2009 and wonder how many of the CEOs and executives of the major banks in the world
ever took the time to get out of their offices to walk down to their home loan making office and
just watch the process of how these loans were being made?
I bet if they had they would have sniffed something ugly really fast. And they would have done
something.
This provides us with a broader perspective as to when and why financial institutions need
to perform CDD – it is not just about the direct customers of a bank or institution but also
the indirect or customers’ customers. The above extract also highlights the importance of
the customer visit in making the appropriate assessment.
The origination of funds from any source should be the subject of due diligence. Being
unaware of how financial assets are sourced may lead to inadvertent financial crime
exposure.
The areas of market misconduct such as inadequate or false disclosure and market rigging
are often dealt with as part of regulatory compliance responsibilities.
SEC enforcement actions addressing misconduct
Enforcement by the SEC reflects much of the implications noted above. As such, they fall
into the following main categories:
z concealed from investors risks, terms, and improper pricing in Collaterlized Debt
Obligations (CDOs) and other complex structured products
z made misleading disclosures to investors about mortgage-related risks and
exposure
z concealed the extent of risky mortgage-related and other investments in mutual
funds and other financial products
z other forms of market abuse.
2. Money laundering
Making illegally obtained money look legal is perhaps the simplest definition of money
laundering. But in reality the scope is much broader.
11
The International Compliance Association (ICA) identifies money laundering as the

process by which criminals disguise the original ownership and control of the proceeds
of criminal conduct by making such proceeds appear to have derived from a legitimate
source.
The Financial Action Task Force (FATF) is an intergovernmental body established in 1989
by the ministers of its member jurisdictions. The objectives of FATF are to set standards
and promote effective implementation of legal, regulatory and operational measures for
combating money laundering, terrorist financing and other related threats to the integrity
of the international financial system. FATF defines money laundering as ‘the processing of
criminal proceeds to disguise their illegal origin’.5
The 1988 Vienna Convention (referenced below in ‘Major UN conventions’) defines money
laundering as:
The conversion or transfer of property, knowing that such property is derived from any [drug
trafficking] offense or offenses or from an act of participation in such offense or offenses,
for the purpose of concealing or disguising the illicit origin of the property or of assisting any
person who is involved in the commission of such an offense or offenses to evade the legal
consequences of his actions.
The concealment or disguise of the true nature, source, location, disposition, movement, rights
with respect to, or ownership of property, knowing that such property is derived from an offense
or offenses or from an act of participation in such an offense or offenses.
The acquisition, possession or use of property, knowing at the time of receipt that such property
was derived from an offense or offenses …or from an act of participation in such offense or
offenses.
The critical factors to note here are as follows.
z Money laundering is not just about the movement of physical money (‘cash’) – the
definition includes anything of value.
z Consequently, money or cash does not have to be moved for money to be
laundered.
z That any form of participation in a money laundering scheme risks exposure to
being charged with a money laundering offence.
What do we mean by money laundering risks?
Investment bankers have always been sceptical on the impact of money laundering on
their business. As such, they usually raise the following questions or issues.
1. What does this have to do with our business?

2. We only deal with large corporates and institutions so there is no risk of money
laundering, our transactions are never in cash.
3. Large corporates are usually well regulated.
We will answer these questions as the chapter progresses.
5. FATF, ‘What is Money Laundering’: http://www.fatf-gafi.org/faq/moneylaundering/ – accessed May 2018
12
2.2 Money laundering – the legal and regulatory framework
The legal and regulatory frameworks are specifically designed to deter, detect and act
against financial crime and its predicate offences, and in doing so provide banks and
financial institutions with a description of the methods and techniques they must apply in
order to implement that deterrence.
The framework can be broken down into three basic elements as indicated in the figure
below – the international framework provides the foundation for national laws and
regulations, which are often best implemented by way of standards established by the
Wolfsberg Group of global banks.
International Framework National Framework Industry Group

UN Conventions International National Laws National z Wolfsberg
Bodies Regulators Group focus on
z Narcotics z FATF z POCA UK developing best
Trafficking z Basel z BSA, US z FCA practices
z Human Committee z US Patriot Act z OCC
Trafficking on Banking z EU Directives z Fed
z Transnational Supervision z EU
Organised z Egmont
Crime Group
z Arms
Trafficking
Major UN conventions (money laundering)
1. The United Nations Convention Against Illicit Traffic in Narcotic Drugs And
Psychotropic Substances (Vienna 1988)6
2. The United Nations Convention Against Transnational Organised Crime7 (Palermo
2000) – includes protocols against trafficking in humans and firearms.
The Financial Action Task Force (FATF)
The FATF Recommendations8 provide the guidelines for the international framework for
deterring and detecting money laundering, financing of terrorism and the proliferation
of weapons of mass destruction (WMDs). The Recommendations include who should
perform CDD, when they should perform it, under what circumstances enhanced due
diligence (EDD) must be performed and the basis for the reporting of suspicious activities.
The Recommendations also emphasise the importance of ownership transparency and
maintaining the integrity of the payment ecosystem.
6. UNODC, United Nations Convention Against Illicit Traffic In Narcotic Drugs And Psychotropic Substances 1988:
https://www.unodc.org/pdf/convention_1988_en.pdf – accessed May 2018
7. UNODC, United Nations Convention Against Transnational Organized Crime And The Protocols Thereto, 2004:
https://www.unodc.org/documents/middleeastandnorthafrica/organised-crime/UNITED_NATIONS_CONVENTION_
AGAINST_TRANSNATIONAL_ORGANIZED_CRIME_AND_THE_PROTOCOLS_THERETO.pdf – accessed May 2018
8. FATF, ‘The FATF Recommendations’: http://www.fatf-gafi.org/publications/fatfrecommendations/documents/fatf-
recommendations.html – accessed September 2019
13
The Egmont Group
The exchange of information, intelligence and best practice is crucial to staying ahead
of illicit actors, even as they evolve new threats. This is precisely why the Egmont Group,
an intergovernmental body consisting of over 150 financial intelligence units (FIUs)
was formed. The group provides a forum for the secure exchange of expertise and
financial intelligence to combat money laundering and terrorist financing and promotes
international cooperation in addressing these matters.
US regulations
The Bank Secrecy Act (BSA) is the primary money laundering legislation in the US and
establishes thresholds for reporting suspicious activity. It has since been strengthened by
the provisions of the Patriot Act.
The Patriot Act was passed as a direct result of the tragic events of 11 September 2001 and
the need to deter and detect terrorist financing – it implicitly recognises the connection
between money laundering and terrorist financing. The Act requires US institutions to
improve CDD/KYC, enhance their vetting of foreign correspondent and private banking
relationships, and prohibits dealing with shell banks.
It also effectively establishes US extraterritorial control over the use of the dollar. Section
311 of the Patriot Act allows the Financial Crimes Enforcement Network (FinCEN) to
designate institutions or jurisdictions as being of ‘Primary Money Laundering Concern’ –
effectively cutting them off from the US banking system.
The Basel Committee for Banking Supervision (BCBS)
The Bank for International Settlements (BIS) and its BCBS provides risk guidelines for
bankers. Under the Basel framework, banks must set aside capital for market, credit and
operational risk, and in doing so they must set up appropriate risk frameworks for each.
The BCBS/BIS suggests that financial crime/compliance risks should be managed within the
operational risk framework.9 The BCBS also emphasise the importance of the ‘three lines of
defence’ (3LOD) model in managing financial crime risks.
European Union (EU) Directives
An EU Directive is a legal act which requires member states to comply. In this regard, the
EU has issued a series of directives on money laundering. The Fourth Money Laundering
Directive or 4MLD10 was adopted by the European Council on 5 June 2015. It takes account
of the 2012 revisions to the FATF Recommendations and extends provisions of the earlier
EU Directives. Following terrorist attacks across Europe in 2016, the European Commission
issued an update to the Fourth Directive, commonly referred to as the Fifth Money
Laundering Directive (5MLD). This Directive contains changes to prevent the financial
system from being used for funding terrorist activities.11
9. Basel Committee on Banking Supervision, ‘Compliance and the compliance function in banks’, 29 April 2005:
https://www.bis.org/publ/bcbs113.htm – accessed September 2019
10. Deloitte, The Fourth EU Money Laundering Directive, 2015: https://www2.deloitte.com/content/dam/Deloitte/ie/
Documents/FinancialServices/investmentmanagement/ie_2015_The_Fourth_EU_Anti_Money_Laundering_Directive_
Deloitte_Ireland.pdf – accessed March 2018
11. European Commission, ‘Commission strengthens transparency rules to tackle terrorism financing, tax
avoidance and money laundering’, 5 July 2016: https://europa.eu/rapid/press-release_IP-16-2380_en.htm – accessed
September 2019
14
In November 2018, the EU Parliament adopted the Sixth EU Money Laundering Directive
(6MLD) that, amongst other measures, seeks to harmonise the approach to the offence of
money laundering across all 28 member states.12 The UK has the option of opting-out of
the rules dependent on the status of Brexit. Member states have until December 2020 to
transpose the provisions into national law.
The directive identifies a minimum of 22 criminal offences to be treated as predicate for the
purposes of money laundering. The provisions go further, extending the scope of money
laundering offences to include aiding, abetting and attempting (to launder).
A further element of the directive extends criminal liability for money laundering to legal
persons (for instance companies) as well as individuals in certain positions (for instance
decision-makers or those with authority) who commit offences for the benefit of their
organisation, including where the offence was facilitated by the lack of supervision or
control of the individual.
UK Regulations
The Proceeds of Crime Act 2002 (POCA) is the principal money laundering regulation in
the UK which establishes the legal basis for confiscating the proceeds of crime. It also
enshrines the principle of cooperation with other countries in respect of financial crime.
The Serious Crimes Act (2015) further reinforces the ability to recover criminal assets under
POCA.
The Money Laundering Regulations 2017 incorporate the requirements of the EU Directives.
2.3 Predicate offences
What are predicate offences?
The Palermo Convention of 2003 describes a ‘predicate offence’ an offence whose proceeds
may become the subject of any of the money laundering offences established under the
convention. It further recommends that the states should include all serious crimes in the
definition of predicate offences and any crime carrying a sentence greater than four years.
Predicate offences should include offences committed in another state if they would have
been deemed an offence if they were committed domestically.
However, while some states do operate on an all-crimes or all serious crimes basis, many
others operate on a reduced scope, while some restrict their serious crimes to drug
trafficking and a few other major crimes. The FATF list of recommended predicate offences
include up to 21 different crimes. In money laundering terms, the ones most relevant to
this course are:
z market abuse and manipulation

z fraud
z transnational organised crime, including human trafficking and drug trafficking
z terrorist financing
z tax evasion
z bribery and corruption.
12. ComplyAdvantage, ‘Key Insights into 6AMLD’: https://complyadvantage.com/blog/6amld-sixth-anti-money-

laundering-directive/ – accessed September 2019
15
Fraud, market abuse and manipulation have been mentioned in the previous chapter. The
proceeds of fraud often require laundering. Human trafficking and drug trafficking are
treated later in this chapter. The remainder will be considered in each of the subsequent
chapters.
2.4 Drug trafficking
International Narcotics Control Strategy Report
A good indicator of the extent of trafficking within a country and its links to money
laundering is the International Narcotics Control Strategy Report (INCSR), published
annually by the US Department of State. The report is normally in two volumes:
z Volume I, Drug and Chemical Control,13 describes country risk exposures, including
those countries that are designated as ‘major money laundering countries’, defined
by statute as one ‘whose financial institutions engage in currency transactions
involving significant amounts of proceeds from international narcotics trafficking’.
z The INSCR Volume II14 describes the steps such countries should take to address
money laundering risks. An extract from the introduction reads as follows:
The 2019 edition of the Congressionally-mandated International Narcotics Control

Strategy Report, Volume II: Money Laundering focuses on the exposure to this threat
[money laundering] – in the specific context of narcotics-related money laundering – of
jurisdictions around the world. As with past reports, it provides a review of the AML legal
and institutional infrastructure of each jurisdiction and highlights the most significant
steps each has taken to improve its AML regime.
In corporate and financial market terms, these might include:
z the use of drug funds as a source of capital and source of funding in ‘legitimate’
enterprises
z the reputational risks arising from directors, senior managers or controllers of
corporate customers being involved in the drugs trade
z doing business with governments or government officials/politically exposed person
(PEPs) who are involved in the trafficking of drugs e.g. Venezuela, where the Vice
President has been placed on the list of Specially Designated Nationals (SDNs) by the
US government, for facilitating the trafficking of drugs into the US
z overall jurisdictional risks including the adequacy of the regulatory environment
z the risk of dealing with customers such as MSBs who have exposure in such
jurisdictions e.g. Wachovia’s correspondent banking exposure to Mexican Casa
de Cambios (CDCs) who accepted money from Mexican drug cartels – this we will
further examine in the specialist section on money services business (MSBs).
13. US Department of State, International Narcotics Control Strategy Report, Volume I, Drug and Chemical Control,
March 2019: https://www.state.gov/wp-content/uploads/2019/04/INCSR-Vol-INCSR-Vol.-I-1.pdf – accessed September
2019
14. US Department of State, International Narcotics Control Strategy Report Volume II, Money Laundering and Financial
Crimes, March 2019: https://www.state.gov/wp-content/uploads/2019/03/INCSR-Vol-INCSR-Vol.-2-pdf.pdf – accessed
September 2019
16
This is primarily based on screening, evaluating or vetting:
z jurisdictional risks in respect of drug trafficking

z owners, directors, senior managers or controllers of corporate customers for
possible financial crime connections, irrespective of their jurisdiction but particularly
in-risk jurisdictions
z the adequacy of the regulatory environment for banks, financial institutions and
MSBs
z direct or indirect customers i.e. via correspondent relationships.
2.5 Human trafficking
The US Department of the Treasury’s FinCEN defines and distinguishes human smuggling
from human trafficking as follows:15
z Human Smuggling – Acts or attempts to bring unauthorized aliens to or into the United
States, transport them within the U.S., harbour unlawful aliens, encourage entry of illegal
aliens, or conspire to commit these violations, knowingly or in reckless disregard of illegal
status.
z Human Trafficking – The act of recruiting, harbouring, transporting, providing or
obtaining a person for forced labour or commercial sex acts through the use of force,
fraud or coercion.
International Labour Organization (ILO) statistics show that forced labour is a $150 billion
a year business – a significant portion of that is based in the developed rather than the
developing world.
15. FinCEN, Guidance on Recognizing Activity that May be Associated with Human Smuggling and Human Trafficking –
Financial Red Flags, 11 September 2014: https://www.fincen.gov/resources/advisories/fincen-advisory-fin-2014-a008
– accessed March 2018
17
Forced labour generates annual profits of US$ 150 billion
60.0 Annual profits of forced labour per region

51.8
50.0 46.9
(US$ billion)
40.0
30.0
20.0 18.0
13.1 12.0
10.0 8.5
0.0
Asia-Pacific Developed Central and Africa Latin America Middle East
Economies and South-Eastern and the
EU Europe and CIS Caribbean
Source: The International Labour Organization (ILO)
© 2019 International Compliance Association. All rights
18
Industries most vulnerable to human trafficking are agriculture, construction,

manufacturing, garments and entertainment – such labour is often paid in cash. Banks
and financial institutions risk facilitating the integration of laundered money from human
trafficking into the financial system. There are also the reputational risks arising from
dealing with customers who have not adequately managed their risks with regards to
human trafficking.
This involves assessments of customers’ internal control and governance frameworks

for managing the risks of trafficked and migrant persons, domestic and international,
as well as the inherent risks of the jurisdictions in which the customer operates. A useful
assessment of the latter is in the US State Department’s Trafficking in Persons Report.16
2.6 Money laundering – customer and product vulnerabilities
The aim of the money launderer is to integrate illicit gains into the regular economy in
order to gain an air of legitimacy. The traditional methods of placement, layering and
integration are more pertinent to retail banking. However, there are an increasing number
of ways in which corporate banking and financial market activities create exposure to
money laundering, which arise because of fraud, bribery and corruption and tax evasion.
The issue then becomes which customer groups or products and services are either
most likely to or most readily facilitate money laundering. These will be covered under
our specialist sections on financial market customer risk typologies and financial market
products and services risk typologies.
The customer groups covered include telecoms, hedge funds, sovereign wealth funds,
MSBs, Charities, Telecoms and Extractive Industries e.g. oil & gas. Products covered include
derivatives, foreign exchange, syndicated loans, securities, private placements and trade
finance.
There are however a couple of methods which have assumed such prominence that they
threaten the financial and payment ecosystem. They are transaction laundering and trade
based money laundering (TBML). We will deal with these in more detail in relevant sections
on customer and product risks. It is useful however to illustrate just how pervasive these
methods are.
Transaction Laundering: Money Laundering 2.0
The EverCompliant17 blog describes transaction laundering as the digital evolution of

money laundering, and states:
Electronic Money Laundering, known as Transaction Laundering, is the digital evolution of money
laundering and has become one of the biggest challenges facing the Anti-Money Laundering
16. US Department of State, Trafficking in Persons Report, June 2019: https://rs.usembassy.gov/state-department-

relases-trafficking-in-persons-report-2019/ – accessed September 2019
17. EverCompliant, ‘Transaction Laundering is the New, Advanced form of Money Laundering’, 23 May 2018:
https://evercompliant.com/transaction-laundering-money-laundering/ – accessed September 2019
19
(AML) regime today. Transaction Laundering occurs when an undisclosed business uses an
approved merchant’s payment credentials to process payments for another undisclosed store
selling unknown products and services…
Transaction Launderers essentially tap into the payment ecosystem by using a storefront
merchant account to process transactions originating elsewhere. This way, the fraudulent
merchants can funnel unauthorized transactions through legitimate payment networks while
avoiding detection, not only by regulators but even by the payment processors themselves…
Due to its ability to conceal the true origin of the transaction, transaction laundering is
often used to process payments resulting from criminal activities.
The article then links transaction laundering to organised crime, drug trafficking, a
corporate entity and a payment provider – a series of linkages which should concern any
bank or financial institution.
In the case of Mexican drug cartels, transaction laundering often occurs when a US-based cash-
intensive business makes a high value purchase of goods from a Mexican merchant. However,
no actual goods are actually changing hands here – the sole purpose of the transaction is to
transfer funds cross-border and launder the drug money.
EverCompliant have estimated that transaction laundering in online sales tops $200 billion
a year in the US alone”.18
Trade based money laundering (TBML)
This methodology requires collusion and is fundamentally centred round the cross
jurisdictional transfer of value. TBML can include the mispricing of goods, over-invoicing,
under-invoicing and false description of goods. Global Financial Integrity19 estimate trade-
related illicit financial flows for developing economies as being between $1.1 trillion and
$1.9 trillion.
18. Ron Teicher, ‘Online Payments – the Blind Spot in the AML Regime’, Finextra, 17 July 2017, https://www.finextra.
com/blogposting/14298/online-payments-the-blind-spot-in-the-aml-regime – accessed December 2019
19. Global Financial Integrity, Illicit Financial Flows to and from 148 Developing Countries: 2006-2015, January 2019:
https://www.gfintegrity.org/wp-content/uploads/2019/01/GFI-2019-IFF-Update-Report-1.29.18.pdf – accessed
September 2019
20
21
3. Terrorist financing
Let’s first look at a couple of useful definitions.
z Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) – Terrorist

financing provides funds for terrorist activity. It may involve funds raised from legitimate
sources, such as personal donations and profits from businesses and charitable
organizations, as well as from criminal sources.
z IMF – Terrorist financing involves the solicitation, collection or provision of funds with
the intention that they may be used to support terrorist acts or organizations. Funds may
stem from both legal and illicit sources.
However defined, terrorism has a devastating impact on both human life and economic
activity.
See graphs overleaf.
22
Haram. The rest were mostly attributed to affiliates of al Qa’ida.
in both Cameroon and Niger. Boko Haram is an extremely
deadly group, killing on average 11 people per attack. Outside of the ten countries with the highest number of deaths
from terrorism, there were 4,277 deaths. The deaths in these
Unit 1: Overview of Financial Crime Risk countries represented 14.6 per cent of the total in 2015. This
FIGURE 1.3 DEATHS FROM TERRORISM, 2000-2015
2015 saw the first reduction in terrorism since 2010, although it was still the second worst year
recorded for terrorism.
35,000
30,000
ISIL declares caliphate
DEATHS FROM TERRORISM
Iraq
25,000
20,000 Nigeria
US invades Iraq US troop surge
September 11th
15,000
Syrian civil war Afghanistan
US invades
begins
Afghanistan
10,000
5,000
Rest of the world
0
2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
Source: START GTD, IEP calculations
23 GLOBAL TERRORISM INDEX 2016 | Results

started in 2012 and is still continuing, with the economic impact
economic impact of violence reached $13.6 trillion in 2015 (PPP)
of terrorism peaking at US$105.6 billion in 2014. The increase in
or 13.3 per cent of global GDP.
the last four years was mainly driven by increases in terrorism in
Iraq, Syria and Afghanistan.
FIGURE 4.1 ECONOMIC IMPACT OF TERRORISM, US$ BILLIONS, 2000-2015
Based on IEP’s methodology, the global economic costs of terrorism peaked in 2014
and remained high in 2015.
120
CONSTANT 2015 US$, BILLIONS
100
80
September 11
60 attacks
106
90
40 62
73
49
20 37
30 31 29 30
24
13 18 17
8 10 8
0
2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
Source: START GTD, IEP
24 GLOBAL TERRORISM INDEX 2016 | Economic Impact of Terrorism

Financial institutions must ensure that their governance framework and internal controls
are such that they do not facilitate the transfer of funds to individuals, groups or entities,
that have been designated as terrorist organisations – and that they immediately freeze the
assets of those so designated.
This chapter will highlight the customer types, products and services which represent the
greatest risk and what banks and other financial institutions should do to mitigate those
risks.
3.2 Terrorist financing – The legal and regulatory framework
UN International Convention for the Suppression of Financing of Terrorism20
Outlaws the commission, directly and indirectly, of terrorist acts and the financing of such
acts, including hijacking and seizure of aircraft, attacks against airports, attacks against
ships, terrorist bombings, taking hostages and attacks against the protection of nuclear
material.
UN Security Council Resolution 137321
This Resolution was adopted unanimously on 28 September 2001. It calls on all states
to criminalise terrorism, prevent and suppress the financing of terrorist acts, and freeze
without delay the assets and funds of those who plan and/or commit terrorist acts.
FATF
The FATF Recommendations reinforces 1373 and states that countries must sanction
terrorist financing even in an absence of a link to specific acts. It also stresses the
importance of enforcing those sanctions.
US laws
The Patriot Act was passed in October 2001 in response to the events of 11 September
2001, it recognises the links between money laundering and terrorist financing.
The US Suppression of the Financing of Terrorism Convention Implementation Act 2002

implements the UN International Convention for the Suppression of the Financing of
Terrorism and makes it a criminal offence to collect or provide funds to support terrorist
activities (or to conceal such fundraising efforts), regardless of whether the offence was
committed in the US or the accused was a US citizen.
UK laws
There have been a series of different legislations starting with the Terrorism Act of 2000
which incorporate UN Security Council and EU legislation. These include Acts passed in
2001 (again in response to 9/11), 2004, 2005, 2008, 2009, 2013 and 2015. In addition are
two Terrorism Orders (2006, 2009).
20. United Nations, International Convention for the Suppression of the Financing of Terrorism, 1999: https://treaties.
un.org/doc/db/Terrorism/english-18-11.pdf – accessed September 2019
21. United Nations, Security Council Unanimously Adopts Wide-ranging Anti-Terrorism Resolution; Calls for Suppressing
Financing, Improving International Cooperation, 28 September 2001: https://www.un.org/press/en/2001/sc7158.doc.
htm – accessed April 2018
25
EU Directive on Combatting Terrorism
The Directive criminalises travelling for terrorist purposes, the organisation and facilitation
of such travels, training for terrorist purposes and providing and collecting funds. It further
references both the FATF guidelines on combatting the financing of terrorism and UN
Resolution 2178 – which specifically deals with the presence of foreign fighters in Iraq and
Syria.
The EU Money Laundering Directives are also designed to combat the financing of
terrorism.
3.3 Terrorist financing – Customer and product vulnerabilities
There are a number of areas which are understood to pose a heightened risk in respect of
the potential for the financing of terrorist activity.
z Charities and non-profits
The FATF guidelines explicitly state that:
Countries should apply focused and proportionate measures, in line with the risk-based
approach, to such non-profit organisations to protect them from terrorist financing
abuse, including:
1. By terrorist organisations posing as legitimate entities

2. By exploiting legitimate entities as conduits for terrorist financing, including for
the purpose of escaping asset-freezing measures; and
3. By concealing or obscuring the clandestine diversion of funds intended for
legitimate purposes to terrorist organisations.
z Money service businesses (MSBs)
MSBs are a significant source of indirect exposure to terrorist financing given the
large volumes of cash they transact. Banks and financial institutions should only do
business with those MSBs that are properly regulated. MSBs in high-risk jurisdictions
which are not suitably regulated are high risk for terrorist financing.
z State sponsors of terrorism
The US Department of State designates certain countries as State Sponsors of

Terrorism. The countries on the list at the time of writing are Syria, Sudan, Iran and
North Korea. There are penalties and sanctions for dealing with such countries –
these relate to transactions involving arms, dual use goods and providing financial
support. Banks and financial institutions should put in place adequate controls to
ensure they avoid incurring any such risk exposures.
z Non-financial/corporate, customer exposures
It is important to recognise that customer risk exposure to terrorism extends

beyond financial support. Terrorist financing includes both financial and non-
financial forms of support.
26
Let’s look at an example.
Case study: Toyota, ISIS’s supplier of choice
Toyota has found itself in the unenviable position of trying to explain how
and why they have become ISIS’s vehicle supplier of choice, prompting
inquiries from US Treasury officials. This is not to suggest in any way that
Toyota has been culpable in providing its vehicles to a terrorist organisation.
However, it does demonstrate that customer risks can arise from any
manner of sources, as the following picture amply illustrates: a long line of
Toyota vehicles all owned by ISIS.
Banks and financial institutions should ensure they do not support/facilitate

either directly or indirectly, the financing of customer transactions which
could result in support for terrorist activities. When performing CDD/know
your customer (KYC), they must thoroughly evaluate the exposure of their
operations, as well as that of their customers, to terrorist activities. These
could include the jurisdictions in which they operate as well as the products
and services provided. Some banks minimise customer exposures to certain
jurisdictions, and in certain instances will exit the jurisdiction completely.
3.4 Implications for banks and financial institutions
Terrorist financing is closely linked to money laundering and the high-risk indicators
are very similar. Financial institutions must ensure that they develop an appropriate
terrorist financing internal control and risk framework, to deter and detect the source and
destination of terrorist funds. Further, the framework must ensure that there are adequate
and effective procedures for:
1. Filing SARs as soon as there is a reasonable suspicion of terrorist financing

2. Identifying and immediately freezes terrorist funds once there is a reasonable
suspicion
27
3. Properly examining customer exposure to terrorist financing and mitigating,

reducing or avoiding the risks in accordance with regulatory guidelines and the
institution’s risk appetite
4. Properly screening shareholders, authorised signatories, directors and controllers
for terrorist connections.
4. Tax evasion
A single definition of tax evasion is somewhat elusive. That said, a useful definition from
Investopedia is as follows:
Tax evasion is an illegal practice where a person, organization or corporation intentionally

avoids paying his true tax liability. Those caught evading taxes are generally subject to criminal
charges and substantial penalties…Tax evasion applies to both the illegal non-payment as well as
the illegal underpayment of taxes.22
It has further been defined by Nasdaq as something:
Illegal by reducing tax burden by underreporting income, overstating deductions, or using illegal
tax shelters.23
In most jurisdictions tax evasion is illegal and considered a criminal offence. It also
considered a predicate offence for money laundering. The basic rationale behind this is
that those who profit from illegal or sanctioned activities such as human trafficking, drug
trafficking and arms trafficking, will do their utmost to hide their income – given that they
would not want to explain how they arrived at that income. It is why the key questions in
CDD/KYC are ‘what is the source of your wealth and what is the source of our funds?’.
The World Bank explains that the fight against tax evasion is ‘to protect the financial sector
from abuse and reputational risk that undermine its core functions’. It further explains:
Financial market integrity matters for development. Countries’ financial systems must be
transparent, inclusive, and function with integrity to ensure economic development and promote
good governance.
Transnational organized criminal activity, corruption, the illegal trade in natural resources and
the laundering of the proceeds of crime generate illicit flows that undermine good governance,
financial sector stability, and economic development.
Often, tax evasion is deemed to arise from illicit earnings. However, as the Nasdaq
definition of tax evasion indicates, tax evasion can also arise from licit earnings. A very
good example of this was an attempt by a group of film producers, accountants, financial
advisers and investment bankers to evade taxes by claiming rebates on their tax liabilities,
based on their investments and associated ‘losses’, in the British film industry.
22. Julia Kagan, ‘Tax Evasion’, Investopedia, 7 August 2019: http://www.investopedia.com/terms/t/taxevasion.asp –

accessed November 2019
23. Nasdaq, ‘Tax Evasion’: http://www.nasdaq.com/investing/glossary/t/tax-evasion – accessed February 2018
28
However, the claims for the rebates were based on and supported by false documentation
and the group were tried, convicted and jailed for a total of 36 years. A section of the press
release24 from Her Majesty’s Revenue Customs (HMRC) read as follows:
HMRC identified a series of suspicious tax rebate claims, which investigators discovered had
originated from two fraudulent tax avoidance schemes that had been set up and managed by
Monaco-based accountant Terence Potter, 56. The claims were supported by false documents
produced by Potter.
Jennie Granger, Director General, Enforcement and Compliance, HMRC, said:
“This was an audacious attempt to defraud HMRC and was motivated by the pure greed of
dishonest and wealthy individuals. The majority of those involved in this fraud had no interest in
the film industry, or regard for the impact of their criminality on honest taxpayers.
4.2 Tax evasion, tax avoidance and reputational risk
Tax evasion is in most jurisdictions a criminal offence. Tax avoidance on the other hand is
an attempt to use legal means to reduce tax payable on income that has been properly
declared. It is obvious that tax evasion also carries with it reputational risks, however in the
post financial crisis era, tax avoidance can and will also precipitate reputational risk issues.
Headlines from the BBC such as, Google, Amazon, Starbucks: The rise of ‘tax shaming’, and
from the Financial Times, Threat to Apple’s brand image more serious than bottom line hit:
General discontent over globalisation could worsen backlash, provide ample evidence of the
reputational risk arising from tax avoidance.
The above trend is further strengthened by how public officials consider tax evasion/
avoidance. Often, they and the general public make no distinction between the two, in
terms of their impact on government’s revenues and their ability to fund and deliver public
services.
According to a Eurobarometer survey25 performed for the European Parliament, an

illustration of which is presented in the following figure, tax fraud is one of the single most
important issues that EU citizens want their governments to focus on. The reputational risk
surrounding tax evasion as well as tax avoidance is therefore quite high.
See diagram overleaf.
24. My News Desk, ‘Film tax scheme fraudsters jailed for more than 36 years’, 1 July 2016: http://www.mynewsdesk.
com/uk/hm-revenue-customs-hmrc/pressreleases/film-tax-scheme-fraudsters-jailed-for-more-than-36-years-1463691 –
accessed March 2018
25. European Parliament, Fight against tax fraud, June 2019: http://www.europarl.europa.eu/RegData/etudes/
BRIE/2019/633153/EPRS_BRI(2019)633153_EN.pdf – accessed September 2019
29
As a reaction to public opinion, governments are increasingly taking the view that aggressive tax avoidance is tantamount to tax evasion and both the
individual/entity involved as well as their tax advisors, should be held liable.
30
4.3 The global trend towards tax transparency
The post-2008 financial crisis has seen increased calls for tax transparency and currently
there are major initiatives underway to curtail tax avoidance and evasion. Let’s take a look
at a few of the most influential internationally.
FATCA
US nationals are currently taxed on their global income. The Foreign Account Tax
Compliance Act or FATCA is a federal law that requires foreign financial institutions (FFIs)
to file reports on US nationals for which they hold accounts – so that the appropriate taxes
can be levied. Failure to comply may lead to 30% withholding taxes on US sourced income
or fines for those who assist US citizens in evading the law.
Common Reporting Standard (CRS)
The CRS or the Standard for Automatic Exchange of Financial Account Information (AEOI)
is the international equivalent of FATCA. It is an intergovernmental agreement, involving
some 96 countries, to share information on the income and financial assets held abroad
by their residents. The aim is to achieve tax transparency and reduce the incidence of tax
evasion.
EU tax blacklist
The EU has created a tax blacklist. The stated aim is to force the countries listed to adopt
international standards on tax transparency. The countries included on the list are:
z American Samoa
z Belize
z Dominica
z Fiji
z Guam
z Marshall Islands
z Oman
z Samoa
z Trinidad and Tobago
z United Arab Emirates
z US Virgin Islands, and
z Vanuatu.
The EU list is contributing to on-going efforts to prevent tax avoidance and promote good
governance principles such as tax transparency, fair taxation or international standards
against tax base erosion and profit shifting. The work on the EU list of non-cooperative
jurisdictions is a dynamic process. The Council will continue to regularly review and update
the list in 2019, whilst it has requested a more stable process as from 2020 (two updates
per year).26
See diagrams overleaf.
26. European Council, ‘Taxation: Aruba, Barbados and Bermuda removed from the EU list of non-cooperative
jurisdictions’, 17 May 2019: https://www.consilium.europa.eu/en/press/press-releases/2019/05/17/taxation-aruba-
barbados-and-bermuda-removed-from-the-eu-list-of-non-cooperative-jurisdictions/ – accessed September 2019
31
Tax loss – $ billions Size of shadow economy – pct of GDP
US 337.3 US 8.6%
Brazil 280.1 Brazil 39.0%
Italy 238.7 Italy 27.0%
Russia 221.0 Russia 43.8%
Germany 215.0 Germany 16.0%
France 171.3 France 15.0%
Japan 171.1 Japan 11.0%
China 134.4 China 12.7%
UK 109.2 UK 12.5%
Spain 107.4 Spain 22.5%
0 100 200 300 0 10 20 30 40
Source: Richard Murphy, Tax Justice Network

© 2019 International Compliance Association. All rights reserved.
32
4.4 Tax evasion – customer and product vulnerabilities
The risks of tax evasion and aggressive avoidance which might impact reputational risk
arise from a variety of sources.
z Customers with a complex ownership and operating structure, especially where that
structure involves multiple jurisdictions, including those deemed as high risk for tax
evasion.
z Transactions executed solely for tax purposes – where there does not appear to be
any other commercial motive.
z Highly complex transactions, possibly including the use of derivative products, which
readily facilitate changes in the structure off assets, liabilities or in what jurisdiction
taxable income arises.
z Transactions involving several intermediaries.
z Transactions involving ‘gatekeepers’ – lawyers, accountants and trust and service
company providers.
z The use of questionable accounting policies which are not in in accordance with
generally accepted standards, and which might result in under-reporting of income
or overstatement of losses.
z In respect of the above, unaudited or qualified financial statements.
z Difficulty in determining the source of wealth/capital and source of funds of newly
established customers and their owners and controllers.
z In respect of the above, the source of wealth/funds for hedge funds and sovereign
wealth funds, especially where they are based in high-risk jurisdictions.
z Any transaction involving high-risk tax jurisdictions e.g. those on the EU blacklist or
those which have not listed tax evasion as a tax crime or as a predicate offence for
money laundering.
z Transactions in jurisdictions which are high on the Tax and Justice Network’s Secrecy
Index.
z Industries deemed high risk for tax e.g. MSBs, construction because of their
propensity for large amounts of cash or because they have been designated as such
by the tax authorities.
z Industries which are to a large extent dependent on tax incentives or write-offs for
success e.g. real estate. Further risks arise where real estate purchased via offshore
vehicles are used as collateral for loans.
z Any tax issues and stories arising from negative news searches on corporate
customers, as well as their owners and controllers.
4.5 Tax avoidance in the financial markets: dividend arbitrage/stripping
Dividend arbitrage is a strategy that has been employed within the financial markets to
avoid taxes. In November 2018, Citibank agreed to pay $38.7 million to settle charges of
improper handling of “pre-released” American Depositary Receipts (ADRs).
The SEC found that Citibank improperly provided ADRs to brokers in thousands of pre-
release transactions when neither the broker or its customers had the foreign shares
needed to support those new ADRs. Such practices resulted in inflating the total number of
a foreign issuer’s tradeable securities, which resulted in abusive practices like inappropriate
short selling and dividend arbitrage that should not have been occurring.27
27. Securities and Exchange Commission, Citibank to Pay More Than $38 Million for Improper Handling of ADRs,
7 November 2018: https://www.sec.gov/news/press-release/2018-255 – accessed September 2019
33
So, how does dividend arbitrage or stripping work? The Financial Times Lexicon describes it
as follows:
Dividend stripping happens when someone sells shares just before a dividend payment and buys
them again after the payment in order to avoid paying tax on the dividend.
One of the symptoms of this practice is an unusually large number of transactions by banks
and brokers on behalf of their customers, just prior to companies paying their dividends.
The cost to European governments of these schemes, in which many major financial
institutions participated, has been estimated to be up to $1 billion a year.
Equity swaps, total return swaps and alternative investment vehicles (AIVs) have also been
used for dividend arbitrage and hedge funds are known to favour these products. The aim
in all such schemes is to disguise the true ownership of the dividend paying stock at the
time that the dividend is to be paid.
Failure to deter and detect tax evasion and aggressive tax avoidance that could result
in significant fines and/or reputational risk damage. To counter this, banks and financial
institutions should focus on the following:
Customer beneficial ownership
Banks and institutions operating in the financial markets have a dual responsibility – that
is to know the organisations they are dealing with as well as the individuals behind those
organisations – the beneficial owners, authorised signatories, directors, senior managers
and controllers.
The latter plays a very important aspect of the CDD/KYC process and determining individual
source of wealth/source of funds and the institution’s source of capital/source of funds – if
they are indeed linked.
Asking the right questions in respect of both individuals and the organisation is thus an integral
part of the process. Given that those who engaged in tax evasion may have performed illicit
acts, reinforces the need for screening in the form of Preventive Criminal Record (PCR) checks.
Customer transactions
Once issues of ownership, source of wealth and source of funds and other elements of KYC
have been satisfactorily determined and a customer onboarded, the next step is ongoing
due diligence in respect of customer transactions. The issues then arise as follows:
1. Is there a discernible commercial motive behind the transaction or has it been

executed solely for tax purposes?
2. Have more complex transactions or transaction types been evaluated from a tax
perspective?
3. Are there any high-risk indicators for tax evasion in respect of either jurisdiction or
customer type e.g. offshore?
4. Is there possible tax avoidance?
5. What is the bank’s/financial institution’s risk appetite in respect of the latter?
34
Customer financial statements
Given that tax evasion can arise from legitimate income, banks and financial institutions
should ensure that customer financial statements are prepared in accordance with
generally accepted accounting standards in order to ensure that revenues, assets and
liabilities are fairly stated. Implicitly this also calls for an assessment of the firm producing
such statements. Unsurprisingly, the firm that produced the Madoff accounts was deemed
totally inadequate for this task.
Tax remains a very complicated topic and individuals should always refer to specialists
where appropriate.
5. Bribery and corruption

Essentials of Corporate Fraud28 states that the most common bribery and corruption
schemes include:
z Bribery – giving or receiving something of value to influence a transaction

z Illegal gratuity – giving or receiving something of value after a transaction is
completed, in acknowledgment of some influence over the transaction
z Extortion – demanding a sum of money (or goods) with a threat of harm (physical or
business) if demands are not met
z Conflict of interest – employee has an economic or personal interest in a
transaction
z Kickback – a vendor give part of an overbilling to a person who helped facilitate or
allow the transaction.
z Corporate espionage – theft of trade secrets, theft of intellectual property, or
copyright piracy.
An Organisation for Economic Co-operation and Development (OECD) paper entitled ‘The
rationale for fighting corruption’29 cites the following:
Corruption increases the cost of doing business – it adds to transaction costs, risking
prosecution and reputational damage. It also increases uncertainty in business outcomes
while distorting markets.
Corruption leads to waste or the inefficient use of public resources – it causes fraudulent
allocation of funds to PEPs and their associates, as projects go to those entities that pay
the highest bribes, rather than the ones best able to deliver. The study cites several sources
which indicate the negative correlation between corruption and the quality of government
investments, services and regulations.
1. Child mortality rates in countries with high levels of corruption are about one third higher
than in countries with low corruption, infant mortality rates are almost twice as high and
student dropout rates are five times as high (Gupta et al. 2011).
28. Tracy L. Coenen, Essentials of Corporate Fraud, Wiley, 2008, ISBN-13: 978-0470194126
29. OECD, The rationale for fighting corruption, CleanGovBiz, 2014: https://www.csrhellas.net/wp-content/uploads/
media/Anti-corruption_ISO.pdf – accessed March 2018
35
2. The African Union (2002) estimates that 25% of the GDP of African states, amounting to
US$148 billion, is lost to corruption every year.
3. The US health care programmes Medicare and Medicaid estimate that 5% to 10% of their
annual budget is wasted as a result of corruption.
A further two surveys provide a grim insight into the impact of corruption on business.
1. In a survey of more than 350 businesses worldwide, 35% of companies had been
deterred from an otherwise attractive investment because of the host country’s
reputation for corruption.30
2. Corruption is estimated to increase the cost of achieving the UN Millennium
Development Goal on water and sanitation by $48 billion.31
Financial institutions are impacted in many ways, from unknowingly facilitating the
laundering of the proceeds of crime to the reputational damage arising from structuring or
financing transactions that involve bribery and corruption.
5.2 Bribery and corruption – the legal and regulatory framework
The United Nations Convention against Corruption32
This is the only legally binding international agreement against bribery and corruption.
It was signed in 2003 and at time of writing it has 186 parties and 140 signatories. The
convention cites the very grave concerns within the international community of the
‘problems and threats posed by corruption’ as well as the ‘the links between corruption
and other forms of crime, including organised crime and economic crime, including money
laundering’.
Every party to the convention is required to put in place appropriate measures to prevent,
criminalise and enforce the laws against bribery. It further requires states to cooperate with
other states and exchange information on matters of bribery and corruption, as and when
required.
UK Bribery Act 201033
The scope of the act is considerable, applying to any organisation that carries on business
or part of its business in the UK. It introduced new criminal offences in respect of:
z bribing another person, or being bribed

z bribing a foreign public official
z commercial organisations failing to prevent bribes being paid on their behalf
z senior officials of bodies corporate or partnerships who consent or ‘connive’ in the
offences.
30. Control Risks, Facing up to corruption 2007: A practical business guide: http://www.giaccentre.org/documents/
CONTROLRISKS.CORRUPTIONGUIDE.pdf – accessed March 2018
31. Transparency International, ‘The Anti-Corruption Catalyst: Realising the MDGS by 2015’ 14 September 2010:
https://www.transparency.org/whatwedo/publication/the_anti_corruption_catalyst_realising_the_mdgs_by_2015 –
accessed March 2018
32. UNODC, United Nations Convention Against Corruption, 2004: https://www.unodc.org/documents/brussels/UN_
Convention_Against_Corruption.pdf – accessed May 2018
33. Legislation.gov, ‘Bribery Act 2010’: https://www.legislation.gov.uk/ukpga/2010/23/contents – accessed January 2018
36
The act does not allow facilitation payments, even if they are part of the regular custom or
practice. The amounts are also irrelevant. It covers both active and passive bribery (giving
as well as receiving a bribe).
An organisation will automatically be guilty of an act performed by an employee or

associate, unless it can demonstrate a proper internal control, governance and risk
management framework. The areas of policy covered should include associated persons,
hiring, gifts and entertainment, charitable giving, contributions and donations.
The UK Criminal Finances Act 2017 – unexplained wealth orders
This Act was designed to close a loophole which meant that authorities were unable to
seize the property of overseas criminals unless the individuals were first convicted in their
country. Therefore, it specifically introduces the concept of ‘unexplained wealth orders’.
Under said orders, the Serious Fraud Office (SFO), HMRC, will all be able to apply to the
courts for an order which forces the owner of an asset to explain the source of the funds/
wealth used to purchase it.
The law applies to assets worth more than £50,000 and targets criminals, public officials
and PEPs. It is also aimed at the UK property market where many properties are believed
to have been acquired with the proceeds of corruption. To quote the Transparency
International report on this:
In March 2017 Transparency International research identified London properties worth a total of
£4.2 billion that were bought by individuals with suspicious wealth.
The Foreign Corrupt Practices Act (FCPA) 1977
The FCPA prohibits corrupt payments to foreign officials for the purposes of procuring
or maintaining business. The act covers any entity that has business in the US or which
is quoted on a US stock exchange. Failure to take FCPA compliance seriously exposes an
organisation to substantial risk.
The FCPA has two constituent parts: record keeping and internal controls, and anti-bribery.
A successful prosecution by the government is dependent on proving that an entity either
offered or gave something of value to a foreign official. The FCPA only deals with active
corporate bribery and allows facilitation payments, if they are normally permitted under the
laws of the country and the amounts paid were reasonable for the products and services
provided.
Having an effective compliance programme is a critical factor in avoiding FCPA charges. The
figure overleaf provides an overview of the elements of that framework.
37
Due Diligence Policy Risk Review

Retention and oversight of Clearly written policies Adequate assessment of Annual review of risks,
agents and business partners bribery and corruption risk policies and procedures
Testing Contractual Arrangements Responsibility

Effective compliance Senior executive
monitoring and testing Standards, Governing Certain Expenses, Payments responsibility over Bribery
and Corruption
Reporting Discipline Training Review

Voluntary internal reporting Proper disciplinary Effective compliance training Adequate financial and
procedures programme and certifications accounting procedures
The framework must include standards and policies that apply to all officers, directors, employees and third-party business associates, and cover the
following: gifts and entertainment expenses, customer travel, political contributions, charitable donations, facilitation and solicitations.
EU bribery and corruption conventions
z The Criminal Law Convention on Corruption – aims to coordinate the criminalisation of corrupt practices, and improve cooperation for the
prosecution of offences.
z The Civil Law Convention on Corruption – defines common international rules of civil law and corruption. Parties are required to compensate
persons who have suffered damage as a result of corruption.
z EU Convention Against Corruption Involving Officials – fights corruption involving EU or member states’ officials. Member states must ensure
that passive or active corruption by officials is a criminal offence.
38
Chinese anti-corruption laws
Chinese anti-corruption provisions are largely contained in the Anti-Unfair Competition

Law of the PRC and the Criminal Law of the PRC. The laws prohibit commercial bribery,
which is punishable by economic and administrative sanctions. Serious offences may be
subject to criminal investigation and in some instances, they may be punishable by death.
The laws do however allow for small payments.
5.3 Bribery and corruption risk typologies
The following are elements that should be considered when adopting high-risk indicators
for bribery and corruption.
High-risk countries
The following are indicators of countries that are high risk for bribery and corruption:
1. INCSR – Countries of primary concern

2. High Score on the Fund for Peace Fragile States Index
3. Offshore Centres with a lack of transparency
4. FATF High-Risk and Non-Cooperative Jurisdictions
5. Low Rating on Transparency International’s Corruption Perceptions Index
The latter is the perhaps the single most important and widely used indicator of corruption.
PEPs and public contracts
The risk of corruption rises exponentially where there are public corporations, public
contracts or public procurement, in a high-risk jurisdiction e.g. low CPI score, and there is
involvement by PEPs. Such involvement includes senior management, control, ownership or
board membership of any of the above.
PEP’s represent a higher risk for bribery and/or corruption as they are individuals whose
prominent position in public life may make them vulnerable to corrupt practices.
Government and state – sponsored enterprises
Given what we have explored so far it is important we summarise the obvious – and that is
that all the corruption risk indicators are particularly well facilitated wherever government
and state-sponsored enterprises are engaged.
High-risk industries
According to the OECD, given the involvement of governments/PEPs and the large scale of
the projects, a very high proportion of foreign bribery cases occurred in the following four
sectors.
1. Mining/Extractive (19%)
2. Construction (15%)
3. Transportation and Storage (15%)
4. Information and Communication (10%)
39
Complex ownership structures and transactions involving PEPs
To hide the involvement of PEPs, rather than simply siphoning off payments, bribes may
be passed on by establishing complex ownership structure within which the identity of
the ultiamte beneficial owner (UBO) is hidden and/or the interest of the PEP is not readily
discernible. In other instances, the structure of a transaction might involve numerous
intermediaries, making it difficult to ascertain the ultimate beneficiary of any funds.
There are specific ownership percentage determination requirements which are outlined in
the later CDD segment of this course – but you should be aware of the general standards
and also any that apply specifically in your jurisdiction or firm. Who ultimately owns or
controls an entity is a significant risk consideration in terms of understanding with whom
the business relationship lies and a recurring theme in this environment.
Specific payment and transaction types
The following types of payment or transactions are considered most at risk of abuse for bribery
and corruption. These include lobbying, gifts, political contributions and charitable donations.
Lobbying
Lobbying is any form of representation made to a government, government agency or

representative and can be direct or through intermediaries, local, state or federal. Each
of the above categories may readily facilitate the diversion of funds for political favours,
bribes and other corrupt activities. Donations to charities are particularly high-risk as they
are very susceptible to the misallocation of funds.
Hiring and internships
Hiring and internships can either be a source of, or readily facilitate, bribery and corruption.
This can occur when an organisation employs or provides a valuable internship to the
relative or connected person of an individual who they might want to influence. That
individual could be a government official responsible for awarding public contracts or a
member of the senior management team of a corporation responsible for purchasing –
decision makers that in both cases could be made in favour of the organisation.
Case study: JPMorgan’s sons and daughters

programme
JPMorgan called it the ‘sons and daughters programme’. The authorities

described it as ‘corruption, plain and simple’. Over a period of several years,
JPMorgan was said to have hired over 100 interns and full-time employees,
at the request of their family members, officials of the Chinese Communist
Party and government. In return, the bank was said to have received more
than $100 million in business.
JPMorgan was fined $264 million for violating the FCPA as they had
‘corruptly influenced government officials’.
40
Hiring and internships are potentially high-risk activities, particularly in relation to PEPs,
PEP associates and high-risk jurisdictions.
Banks and financial institutions must have appropriate policies for hiring and internships.
These should be subjected to further EDD where there are PEPs are involved, and even
more so in high-risk jurisdictions (China’s 2018 ranking on Transparency International’s CPI
is 87/180 – the country at number one is perceived as the lowest risk).
Intermediaries, gatekeepers and corporate vehicles
The OECD states in a 2014 report that intermediaries were involved in 3 out of 4 foreign
bribery cases. They include agents, associated persons, lawyers, accountants and trust
and service company providers. By taking advantage of offshore jurisdictions, elaborate
structures and multiple layers, intermediaries layer transactions and make it difficult
to determine the interested parties and beneficial owners – effectively facilitating the
laundering of their illicit gains.
The implications of the impact of bribery and corruption on banks and financial institutions
are both direct and indirect. The former arises from the actions of banks and financial
institutions themselves, the latter arises from the action of their customers.
Direct exposure
From the institution’s own perspective, establishing an appropriate governance and internal
control framework over the following items, in all jurisdictions in which it operates, is clearly
very important:
1. associated person exposure – including the hiring, screening and service, contracts,
as well as the nature of the services to be provided
2. the use of intermediaries
3. hiring and internships
4. any form of gifts or donations, both political and charitable, which also means
having significant controls over dealings with charitable organisations
5. contracts or dealings with gatekeepers such as accountants, lawyers and trust and
service company providers
6. involvement of governments and PEPs.
Indirect customer exposure
Banks and financial institutions must ensure that they establish the ownership,
management and governance capabilities of the organisations they do business with, and
as such their ability to deter and detect financial crime.
This should include the identification of hidden owners and beneficiaries both in the overall
entity structure as well as within the structure of the specific transactions in which they are
involved.
41
Published in October 2016, ISO 37001, which has been adopted by companies such as
Microsoft, provides corporates with a framework for establishing the appropriate risk
management, governance and internal controls for managing bribery and corruption risks.
Transparency International recommends that the following should be in place in order to
meet the requirements of ISO 37001.
1. Implement an anti-bribery policy and programme.

2. Communicate the policy and programme to all relevant personnel and business
associates (joint venture partners, sub-contractors, suppliers, consultants etc.).
3. Appoint a compliance manager (full time or part time) to oversee the programme.
4. Provide appropriate anti-bribery training to personnel.
5. Assess bribery risks, including undertaking appropriate due diligence.
6. Take reasonable steps to ensure that controlled organisations and business
associates have implemented appropriate anti-bribery controls.
7. Verify as far as reasonable that personnel will comply with the anti-bribery policy.
8. Control gifts, hospitality, donations and similar benefits to ensure that they do not
have a corrupt purpose.
9. Implement appropriate financial, procurement, contractual and other commercial
controls so as to help prevent the risk of bribery.
10. Implement reporting (whistle-blowing) procedures.
11. Investigate and deal appropriately with any actual or suspected bribery.
12. Monitor and review the effectiveness of the programme, and make improvements
where necessary.
ISO 37001 has an Annex which contains guidance to help an organisation implement the
anti-bribery programme.
Reputational risk
As banks who got caught up in the FIFA scandal found out, executing or facilitating
the execution of transactions related to a bribery and corruption scheme can bring an
unwanted level of scrutiny and public derision. The proper management of reputational
risk requires effective due diligence, both internally and externally, covering:
1. the activities of the institution

2. the activities of customers
3. any transaction which exhibits the relevant high-risk indicators.
There must also be wider considerations, not only addressing prevention of reputational
risk but how to respond should an incident arise.
6. Sanctions
The US Council on Foreign Relations provides the following definition of sanctions.

Governments and multinational bodies impose economic sanctions to try to alter the strategic
decisions of state and non-state actors that threaten their interests or violate international
norms of behaviour.
42
Economic sanctions are defined as the withdrawal of customary trade and financial relations
for foreign and security policy purposes. They may be comprehensive, prohibiting commercial
activity with regard to an entire country, like the longstanding U.S. embargo of Cuba, or
they may be targeted, blocking transactions of and with particular businesses, groups, or
individuals.34
Sanctions can be applied to individuals, groups, companies, goods, services, financial

services, countries, regions, ports, economic sectors, ships, planes and activities. The latter
includes terrorism, terrorist financing, gross human rights violations, nuclear proliferation,
transnational organised crime and human trafficking.
Sanctions usually take the form of financial or asset freezes, embargoes on goods and
services or restrictions on travel. Jurisdictional sanction regimes can be categorised as in
the table below.
Sanction Description Examples

Comprehensive Apply to a whole country or z Cuba
region. Significant restrictions on z North Korea
financial and economic activity, z Iran
except for specific products and z Crimea
services – including humanitarian, z Syria
medical and food supplies
List-Based These are sanctions imposed on z Serbia
individuals within a country but z Bosnia-Herzegovina
not the country itself z Egypt
z Lebanon
Regime-Based These are sanctions imposed z Russia
on a regime, including but not z Zimbabwe
limited to the head of state, and z Belarus
in addition those who directly
support or are connected with
the regime
Banks and financial institutions must, in the course of their business activities, ensure
that they do not in any way facilitate the violation or breach of sanctions by either directly
conducting business with sanctioned parties or facilitating customers’ transactions with
such parties.
6.2 Sanctions – The legal and regulatory framework
The UN Security Council (UNSC) is the highest legal authority in the world, because of
the veto power of the five permanent members (P5) – UK, US Russia, France and China.
UNSC sanctions are mandatory and are imposed in accordance with its charter in pursuit
of international peace and security. The table overleaf illustrates a few examples of UNSC
sanctions.
34. Council on Foreign Relations, ‘What Are Economic Sanctions?’, 12 August 2019: https://www.cfr.org/backgrounder/
what-are-economic-sanctions – accessed March 2018
43
UNSC Resolution Target Sanctions

1267 (1999) Al-Qaeda, Taliban Designated terrorists, travel ban, asset
freeze, arms embargo
1373 (2001) Calls on all states to Criminalisation of financing of terrorism
cooperate to counter and associated money laundering,
terrorism freezing and confiscation of terrorist
assets, prevention measures by
financial institutions, DNFBPs
1907 (2009) Eritrean regime Aiding Al-Shabaab – travel bans, asset
freezes, arms embargo
1929 (2010) Iran nuclear, ballistic Asset freezes, travel bans, banking,
missile programmes economic, shipping and inspection of
suspicious cargo, technology, technical
assistance
2253 (2015) Al-Qaeda, ISIS Designated terrorists, travel ban, asset
freeze, arms embargo
2321 (2016) North Korea nuclear Country under ‘economic quarantine’,
weapons cap on exports
The US is unique in that its sanctions have extraterritorial application – they apply
wherever in the world US persons or US dollars are involved. They can be imposed either
by the Congress or the Executive, by an act of the President. The Office of Foreign Assets
Control (OFAC) administers sanctions on behalf of the US government.
Major US Sanctions Violations Cases 2009-2016
Bank Name Headquarters Year Fine

BNP Paribas France 2014 $8.9 Billion
Crédit Agricole France 2015 $787 Million
Standard Chartered UK 2012 $667 Million
ING Netherlands 2012 $619 Million
Credit Suisse Switzerland 2009 $536 Million
ABN AMRO Netherlands/UK 2010 $500 Million
HSBC UK 2012 $375 Million*
Lloyds UK 2009 $350 Million
Commerzbank Germany 2015 $342 Million*
Bank Of Tokyo-Mitsubishi Japan 2014 $315 Million
Barclays UK 2010 $298 Million
Deutsche Bank Germany 2015 $258 Million
Bank Of Tokyo-Mitsubishi Japan 2013 $250 Million
Clearstream Luxembourg 2014 $152 Million
Royal Bank of Scotland UK 2013 $100 Million
44
Note: Major settlement threshold >/$100 million. Fines may include penalties for anti
money laundering (AML) laws violations.
* Fines are part of larger settlements involving related financial crimes.
Sources: US Department of Justice, Department of Treasury, NY Department of Financial Services,

Financial Times, Wall Street Journal, Royal Bank of Scotland – Credits Jonathan Masters. Julia Ro
All nations – as well as supranational entities such as the EU and African Union – can
impose sanctions and when these entities impose sanctions it is said to be for their own
foreign policy and national security objectives.
z The European Union (EU) can and does impose very powerful sanctions which can
apply to anyone doing business in that jurisdiction, as well as on their overseas
activities if they are headquartered in the EU.
z The African Union (AU) imposes sanctions on individuals and governments in
African countries e.g. Burundi, where there were deemed to be gross human rights
violations and an unconstitutional takeover/retention of power.
z The Arab League imposed sanctions on Israel and these have been in place for
several years.
z UK sanctions are managed by the Office of Financial Sanctions Implementation
(OFSI) established within the UK Treasury and its aim is to ensure that financial
sanctions are properly understood, implemented and enforced. The Financial
Sanctions: Guidance35 describes the new sanctions framework. The UK incorporates
both EU and UNSC sanctions as well as its own sanctions under the Terrorist Asset-
Freezing Act 2010, The Counter Terrorism Act 2008 and the Anti-Terrorism, Crime and
Security Act 2001.
z Overlapping sanctions regimes occurs where jurisdictions are placed under
sanctions from several different countries/entities all at the same time. The diagram
below illustrates this.
35. OFSI, Financial Sanctions: Guidance, March 2018: https://assets.publishing.service.gov.uk/government/uploads/

system/uploads/attachment_data/file/685308/financial_sanctions_guidance_march_2018_final.pdf – accessed April
2018
45
Diagram: Global Sanctions Regimes
UN Sanctions
Al-Qaeda
CAR1
DRC2
Guinea-Bissau
Iran
Iraq
Lebanon
US Sanctions Libya EU Sanctions
Counternarcotics Mali China
Cuba North Korea Egypt
Cyber Somalia/Eritrea Haiti
Magnitsky (Russia) South Sudan Maldives
Nicaragua Taliban Moldova
Nonproliferation Yemen Tunisia
Rough Diamond Trade United States
Transnational Criminal
Organizations Belarus
Burundi
Former Yugoslavia
Myanmar
Russia/Ukraine
Syria
Venezuela
Zimbabwe
1. Central African Republic

2. Democratic Republic of Congo
Sources: Council of the Eurpoean Union; US Treasury Department
46
In practical terms, banks and financial institutions must ensure that they abide by UNSC
sanctions, US sanctions if they use the dollar, EU sanctions if they do business in the EU, as
well as the sanctions imposed by any of the countries or jurisdictions in which they operate.
Sanctions evasion and violations
Sanctions as a concept, are not financial crime. However, a financial crime is committed
when sanctions are evaded or violated. The question therefore is what exactly constitutes
such evasion or violation? The following are included.
1. Direct evasion or violation.

2. Any attempted evasion or violation.
3. Any form of assistance, facilitation or advice in the process of evasion.
4. Any form of support, direct or indirect, monetary or non-monetary in the process of
violation.
5. Any structuring of transactions to evade sanctions.
6. Any attempt to conceal or falsify information or identity in order to evade sanctions.
7. Any concealment or false labelling of goods and services to evade sanctions.
8. Any attempt to circumvent trade embargoes for jurisdictions under sanctions.
6.3 Sanctions – Customer and product vulnerabilities
Banks and financial institutions must make every endeavour to fully understand the
sanctions risk exposure of their customers and the products and services they provide. This
allows effective management of those risks.
Customer sanctions risk exposure
z Direct exposure is where a bank or financial institution either operates in or deals

directly with sanctioned entities or parties.
z Indirect exposure is where a bank has a customer that does business with an entity
under sanctions. This occurs primarily because the rules for financial institutions
and the rules for corporates tend to be different – corporates can do business in
countries where banks are highly restricted e.g. Iran.
Banks and financial institutions should ensure they do not directly facilitate their customers’
business with sanctioned entities. Most avoid this by establishing internal thresholds in
respect of the percentage of a customer’s business with a sanctioned jurisdiction, beyond
which they will exit the relationship due to the perceived higher risks of facilitating or
providing direct support in respect of transactions with that sanctioned jurisdiction.
Case study: HSBC Sri Lanka
HSBC Sri Lanka did business with the local tea companies. These companies
sold tea to Iran, perfectly legitimate transactions which did not violate any
sanctions regimes. However, the revenues generated, as a percentage of
their total revenues, was beyond the risk threshold established by the bank.
The bank subsequently exited relationships with the tea companies in order
to maintain the internal risk appetite requirements.
47
Customer product/industry risk exposure
There are several industries, products and services that are regularly included in sanctions
regimes. Foremost amongst these are weapons, weapons technology, nuclear technology,
telecommunications technology, oil and dual-use goods – those that have both civilian and
military/nuclear applications. These are always high risk for sanctions exposures.
The primary method of ensuring that banks and financial institutions ensure that their
customers are neither providing nor financing, the provision of goods and services in
violation of sanctions is to truly know the business of their customers – including their
customers, suppliers, operational base and their geographic disposition.
In some instances, a bank might determine to exit a certain customer relationship or

jurisdiction(s) if they believe the risk posed to their business is too high. This phenomenon,
known as de-risking, has been a feature of the financial services landscape in recent times.
Case study: Global banks Russian de-risking
The following is an extract from the article Russia’s Banking Crisis,

International Banker, May 18, 2015. It provides a vivid example of Russian
de-risking by banks.
Global banks have been exiting Russian territories – seeking to cut their
exposures to the volatile, high-risk region in addition to meeting the rules of the
sanctions, which prohibit certain areas of trade and business between Europe –
and US – based businesses with Russia. UK-based Barclays has exited Russia and
closed all areas of retail-banking operations in the nation...
In addition to Barclays, global banking giants such as HSBC of the UK and

Santander of Spain have left Russia and divested their retail-banking setups in
the country.36
Interestingly, the sanctions on Russia are not comprehensive, at least not

yet. However, banks are deciding that the possibility of gaining Russian
exposure is just not within their risk appetite.
Operating jurisdiction(s)
In the previous section, we looked at how de-risking banks were exiting jurisdictions which
did not match their sanctions risk appetite. This is but one example of how jurisdiction and
geography impact sanctions risk exposure.
More generally, where a financial institution is located and where its customers are based
might be entirely different – a prime example being banks in Cyprus that have a very strong
Russian customer base. Cyprus was recently ranked as the third largest investor in Russia,
the consequence of what was suggested to be large volumes of ‘illegitimate’ Russian money
being channelled back to that country as legitimate investments.
36. Alexander Jones, ‘Russia's Banking Crisis’, International Banker, 18 May 2015: https://internationalbanker.com/
banking/russias-banking-crisis/ – accessed March 2018
48
As such, banks and financial institutions must assess:
1. the risk of the jurisdictions within which they operate

2. the risk of the jurisdictions within which their customers are located
3. the risk of the jurisdictions within which their customers’ customers, and suppliers,
are located
4. in each case, the risks arising from countries adjacent to sanctioned countries.
The latter point is particularly important as it does not always feature in risk assessments,
yet can often have implications, as this examples illustrates.
Case study: The Turkey/Iranian gold trades
Iran and Turkey traded Iranian natural gas in return for Turkish gold. The
gold was then taken in suitcases to Dubai and exchanged for US dollars,
which were then smuggled to Iran. The ease with which the trades were
facilitated is readily apparent, once we look at the map of the region.
The importance of CDD
Perhaps the single most important lesson we can take away from this section on sanctions
is that exposure arises from many different sources. This makes it imperative that banks
and other financial institutions understand everything about their customers – every single
detail is important, when assessing sanctions risk exposure.
49
The CDD/KYC process is the single most important factor in deterring and detecting
possible sanctions violations and it must include a determination of:
1. the UBO
2. the nature of the customer’s products and services
3. the relevant industry risk exposures
4. who the customer does business with, customers, suppliers, associates, agents and
partners
5. the geographic location of customers, suppliers, associates, agents and partners.
Product and service sanctions risks
Banks and financial institutions must assess the susceptibility of the products and services
they provide, to sanctions risks. This will of course vary in accordance with the nature of
the product. The basic rule of thumb is that any business which is multi-jurisdictional and
involves cross-border transactions and payments, is higher risk for sanctions. The following
are therefore considered high risk for sanctions EDD.
z Foreign Exchange – often difficult to determine transaction purpose, quick

offshoring of funds
z Trade Finance – industry/products, destination/jurisdictions, customers, suppliers,
banks and vessels
z Offshore Vehicles and Complex Ownership Structures – difficult to discern
beneficial ownership
z Liquidity and Cash Management – large movement of cash, including cross-border/
offshore
z Correspondent Banking – all the above, exacerbated by the fact that customers are
at least one step removed
z Syndicated Credits – sanctions risk exposures of the customer and syndicate
members
Sanctions screening
Banks and financial institutions must ensure that they perform screening of all customers,
transactions and payments to ensure they do not execute transactions with sanctioned
entities and individuals. This requires adequate and effective screening systems as well as
procedures and controls for stopping said activities and freezing the accounts and assets of
the sanctioned entities or individuals.
Staff training
Sanctions regimes are both complex and dynamic. Ongoing training of staff to ensure they
understand their role in mitigating risk in this dynamic environment is important for the
effective management of risk exposures.
50
Unit 2
Customer Risk Typologies
Unit 2: Customer Risk Typologies
Learning objectives
z compare some of the main customer types and the financial crime risks
inherent in those businesses
z distinguish the risk control implications of the main customer types on
banks and financial institutions.
1. Designated non-financial businesses and professions

(DNFBPs)
1.1 Generic risk exposure and typologies
As defined by the Financial Action Task Force (FATF) these include:
1. casinos
2. jewellery houses
3. trust and service company providers
4. accountants
5. lawyers
6. real estate agents.
The first two are considered high-risk because of the high levels of cash and the
convertibility and the transportability of precious stones. The rest have been observed
to have acted as either gatekeepers or facilitators of financial crime by establishing legal
vehicles, procuring shelf companies or by otherwise providing assistance in disguising
beneficial ownership and the source of wealth/capital.
Traditionally, when banks onboarded these entities, the modus operandi was that they only
saw the entity as their customer. Therefore, any transactions executed by the customers’
customers were the responsibility of the firm and not the bank. This has irrevocably
changed.
In the first instance, the FATF Recommendations now require these entities to perform
the same customer due diligence (CDD)/know your customer (KYC) procedures as banks
and financial institutions – due to their higher level of financial crime risk. The real estate
market in the City of London is a prime example of this.
In the second instance, change has come about because banks and financial institutions
now recognise that in order to effectively deter and detect financial crime, they must
understand the business of their customers, and in particular their customers’ customers
52
– who they are, where they are based, the products and services they provide and the
financial crime risk they represent.
If banks are to perform an appropriate level of CDD/KYC when onboarding these entities,
they must understand the nature of the risks which they incur. In the following sections, we
will consider the specific risk profile of several of the above.
1.2 Real estate, beneficial ownership, money laundering
The Home Affairs Select Committee of the British Parliament has acknowledged that the
London property market has been a safe haven for money laundering, with up to a £100
billion laundered, facilitated by a combination of real estate agents, lawyers, accountants
and trust and service company providers who establish the requisite offshore vehicles.
The EU’s Fourth Money Laundering Directive (4MLD) introduced a register for beneficial
owners, which means the use of anonymous overseas vehicles to purchase property in
the EU should be a thing of the past, provided banks and financial institutions perform the
appropriate level of due diligence. The Fifth Money Laundering Directive (5MLD) builds on
this, with measures such as the requirement for the registers to be made public. Member
states have until January 2020 to transpose the 5MLD into law.
In the US, the risk is still somewhat higher. The December 2016, FATF Mutual Evaluation
Report (MER) for the US states the following:
However, the regulatory framework has some significant gaps, including minimal coverage of
certain institutions and businesses (investment advisers – IAs – lawyers, accountants, real estate
agents, trust and company service providers (other than trust companies). Minimal measures are
imposed on DNFBPs, other than casinos and dealers in precious metals and stones.37
It should therefore be no surprise that the following exchange took place in a Senate
Judiciary hearing between Democrat US Senator Amy Klobuchar and ex-FBI Director, James
Comey, following his firing by President Donald Trump. The context of the exchange is the
continued use of the real estate market by organised criminals to launder money – Trump’s
business activities being the political subplot:
Klobuchar: “The Treasury Department has noted a significant rise in the use of shell companies
in real estate transactions because foreign buyers use them as a way to hide their identities
and find a safe haven for their money in the United States. In fact, nearly half of all homes in
the U.S. worth at least $5 million are purchased using shell companies. Do you support efforts
by the Treasury Department to use its existing authority to require more transparency in these
transactions?”
Comey: “Yes and yes”.
There is no question that in other jurisdictions, outside of the EU and the US, the risks also
remain high. South Korea is but one jurisdiction where the source of wealth relating to real
estate vehicles are not required to be disclosed.
37. FATF, United States Mutual Evaluation Report, December 2016: http://www.fatf-gafi.org/media/fatf/documents/
reports/mer4/MER-United-States-2016.pdf – accessed February 2018
53
The above risks are not only significant when dealing with commercial real estate, but are
also inherent in the securitisation of real estate debt. Where origination is as at risk, so too
is securitisation.
1.3 Casinos
Most bankers would have heard of the fraud in which $81 million was stolen from the
central bank of Bangladesh by cyberhackers who issued bogus instructions via SWIFT – a
system which at one time was thought to be virtually impregnable.
But how was the money laundered?
According to a report by the Philippine Senate Committee, after the money had been sent
to bank accounts established using fake names, the money was laundered through casinos
in that country.
What made matters worse was that once the Bangladeshi authorities had apparently
recognised what had happened, they contacted the Filipino authorities, but the latter failed
to act promptly. The players at the casino kept gambling and the accounts remained open
for several weeks after notification by Bangladesh.
Eventually, the accounts were frozen but by then millions had been laundered.
Like so many other issues relating to financial crime, and DNFBPs, jurisdictional risks play a
key role.
In Hong Kong, a favoured method of laundering money was to take a boat across to
Macau and head for the casinos. There is now a direct relationship established between
the crackdown on corruption by Chinese President Xi Jinping and the takings in the
Macau casinos. An article in the UK’s The Guardian newspaper entitled, ‘How China’s Macau
crackdown threatens big US casino moguls’, summarises the relationship as follows:
The Chinese government is cracking down on the corrupt officials and money-laundering
through Macau, and the stream of income from high rollers is rapidly drying up.
Such was Macau’s reliance on high-rolling, rather than retail (casual) gamblers, that even at
Chinese New Year, a key date in the gambling calendar, Macau’s overall gaming revenues were
down almost 50% on the year before.38
In the EU and the US, the game is different. Under the 4MLD, casinos must report winnings
and bets over €2,000, while FATF recommends a threshold of $/€3,000. The US also has
strict rules on gambling, a by-product of the industry’s early associations with the mafia
and organised crime.
For casinos, as with real estate, jurisdiction does matter.
38. The Guardian, How China’s Macau crackdown threatens big US casino moguls, 23 April 2015: https://www.
theguardian.com/world/2015/apr/23/how-chinas-macau-crackdown-threatens-big-us-casino-moguls-sheldon-adelson
– accessed April 2018
54
1.4 Jewellery and precious gems
Jurisdiction also plays a significant risk in the trading of precious metals – be it the source
of the minerals e.g. conflict, as in the recent case of the Central African Republic, or in
respect of gross human rights violations, as in the case of the military regime in Myanmar.
The Kimberly process for certifying that diamonds have not originated in a conflict zone is a
significant international control over the mining and sale of diamonds.
The second obvious issue is the ready convertibility of such items into cash. While FATF
recommends cash reporting thresholds of $/€15,000, in some cases, like the souks in the
Gulf region, the controls are somewhat more relaxed.
1.5 Risk control implications for banks and financial institutions
The issues around DNFBPs as described above are important to those operating in the
financial markets who transact with such entities and are therefore indirectly exposed to
the risks of their operations. When dealing with such organisations, banks and financial
institutions must assess whether they are operating within the guidelines established by
FATF.
If DNFPBs are not following the FATF guidelines, then banks and financial institutions will
be at an increased risk from facilitating money laundering, sanctions violations and other
financial crimes.
That said, the days of finding out whether such an entity has a money laundering policy as
the primary basis for onboarding have long since passed (or certainly should have). Banks
and financial institutions must be prepared to determine the adequacy of the internal
controls and governance framework of these entities. Adequate assessments of the risks
involved will include a consideration of the following:
1. the firm’s partners/ownership structure

2. the adequacy of the firm’s management, governance framework and training of staff
for deterring and detecting financial crime
3. the nature of the products and services offered
4. the specific CDD/KYC policies pursued in respect of customers
5. the types of customers e.g. politically exposed persons (PEPs)
6. the jurisdiction of the customer base e.g. Russians in Cyprus
7. a specific CDD/KYC focus on beneficial ownership, including the use of legal vehicles
8. any use of nominees, intermediaries and gatekeepers
9. the documentation of customer CDD/KYC
10. the availability of such documentation on request.
The final point is particularly important. As part of their assessment of the adequacy and
effectiveness of the customer’s CDD/KYC procedures, it is recommended that banks and
financial institutions conduct sample tests to make sure that the requested documentation
is available on demand. A major UK law firm had problems being onboarded by a bank,
precisely because the former could not demonstrate it had the appropriate CDD documents
in place for its customers.
55
However, the larger issue in relation to DNFBPs is the nature of the jurisdiction.
Consequently, here are some of the issues that must be considered, and where EDD should
be applied when dealing with the jurisdiction of DNFBPs.
1. High risk and/or offshore

2. Legal framework and strength of the judiciary
3. The specific risk indicators e.g. Country of Primary Money Laundering Concern, low
score on the Transparency International Corruption Perceptions Index (PCI) or on
the FATF list of countries with strategic deficiencies
4. The nature of the predicate offences e.g. drug trafficking
5. The number in which the organisation operates
6. The ease with which corporate vehicles can be created and dissolved
7. The regulation of DNFBPs
8. The regulation of banks and financial institutions
In identifying many of the above issues, FATF’s Guidance for Real Estate Agents39 reiterates
the importance of applying a risk-based approach and is therefore a useful source of
additional information. FATF’s report on Professional Money Laundering40 also provides
some very useful insights into the money laundering threats associated with professional
money launderers (PMLs), for example lawyers, accountants or real estate agents.
2. Asset/fund managers, hedge funds, sovereign wealth

funds
The exposure to financial crime risks presented by the customers’ customers, the
jurisdictions in which they operate, and the customer’s ownership, internal control and
governance framework are all important factors to consider in this category. There are
however some important differences between fund managers, hedge funds and sovereign
wealth funds (SWFs) and we will deal with each of these in turn.
2.2 Hedge funds
The basic structure of a hedge fund is as illustrated below. The most significant risks arise
from the:
1. relatively limited regulation of the industry

2. investments domiciled offshore
3. investors’ source of wealth and source of funds
4. lack of transparency in portfolio composition and valuations
5. services provided by brokers
39. FATF, RBA Guidance for Real Estate Agents, 17 June 2008: http://www.fatf-gafi.org/media/fatf/documents/reports/
RBA%20Guidance%20for%20Real%20Estate%20Agents.pdf – accessed May 2018
40. FATF, Professional Money Laundering, July 2018: http://www.fatf-gafi.org/media/fatf/documents/Professional-Money-
Laundering.pdf – accessed September 2019
56
Diagram: Typical US Hedge Fund Structure
Auditors and
Administrators
Portfolio Manager
Investors
Investors Prime Broker

Hedge Fund
Investors Executing Broker
Investors
Legal Advisors,
Registrar and
Transfer Agent
Source: “Hedge Funds and Other Private Funds: Regulation and Compliance”, Thomson West, 2010
Jurisdiction and industry regulation
This is highly dependent on the jurisdiction(s) within which the fund operates. Even in the
major financial centres, hedge funds have traditionally been relatively lightly regulated
when compared to banks and other financial institutions.
Investments domiciled offshore
Funds are primarily domiciled in offshore centres – facilitating the needs of both non-
domestic and exempt taxpayers. Delaware, Cayman Islands, Luxembourg and the British
Virgin Islands (BVI) are often the primary destinations of such funds. However, this can
commensurately increase the regulatory and jurisdictional risks and thus financial crime
risks. Offshore funds are also more prevalent to the abuse of nominee directorships.
Investor source of wealth and source of funds
With comparatively light regulation in places, some offshore jurisdictions and a significant
influx of private wealth, the industry has grown well beyond its institutional investor base.
This consequently exacerbates issues around investor source of wealth, source of funds
and tax evasion.
Within this context, the quality of auditors and fund administrators is of paramount
importance and in particular, the quality of the financial crime internal control and
governance framework they develop, sustain and support. At this point we should be
reminded that a significant contributor to the perpetuation of the Bernie Madoff Ponzi
scheme was the absence of credible control functions.
57
Lack of transparency in portfolio composition and valuations
This is a factor well highlighted in this extract from an article in Bloomberg.
Hedge funds lack transparency and offer a “questionable” balance of risk and reward, according
to the head of ABN Amro Group NV’s 26.2 billion-euro ($27 billion) pension pot, which hasn’t
invested in the industry for at least 12 years.
“There are monitoring issues with this asset class,” chief executive officer Geraldine Leegwater
said in an interview. “I don’t think they’ll end up on our shortlist in the very near future”.41
Many bankers complain that when dealing with hedge funds they are unable to discern the
components of the underlying portfolio. This raises issues in terms of the identity of the
underlying investors and portfolio valuations. A lack of transparency means risk is more
difficult to discern.
Services provided by banks and brokers
Brokerage services to hedge funds are usually provided by banks and/or broker-dealers.
They include the clearing and settlement of securities transactions, financing and cash
management, safe custody of assets, the execution of trades in securities, foreign exchange
and derivatives.
Consequently, the financial crime risks are also largely dependent on the financial crime
risks of the servicing institutions – the usual suspects of ownership, management,
governance, jurisdiction, regulation, etc.
Hedge funds – risk control implications for banks and financial institutions
For banks and other financial institutions, the major issue in respect of hedge funds is
their lack of transparency and how this impacts their exposure to financial crime risks. How
should they go about addressing this?
The first step is understanding the structure of the fund(s) in order to determine roles
and responsibilities. A guide to the next steps can be found in The Alternative Investment
Standards from the Standards Board for Alternative Investments42 which covers Disclosure,
Valuation, Risk Management, Fund Governance and Shareholder Conduct. The relevant
excerpts in relation to financial crime compliance are reproduced below.
41. Joe Mayes, ‘Hedge-Fund Secrecy Spurned by ABN Amro's $27 Billion Pension Pot’, Bloomberg, 5 January 2017:
https://www.bloomberg.com/news/articles/2017-01-05/hedge-fund-secrecy-spurned-by-abn-amro-s-27-billion-pension-
pot – accessed March 2018
42. The Standards Board for Alternative Investments, The Alternative Investment Standards, 7 September 2017:
https://www.sbai.org/wp-content/uploads/2016/04/SBAI-Standards-2017.pdf – accessed September 2019
58
Operational risk – fraud and financial crime prevention Standards and Guidance [17c]
17c.1 A fund manager should be confident that it understands the applicable laws and
regulations in the markets in which it deals and has effective systems and controls in
place to enable it to identify, assess, monitor and manage the risk that the fund manager
might be used to further financial crimes. This may apply to areas such as:
z anti-money laundering procedures (although typically the fund’s administrator

will be responsible for compliance); and
z procedures to prevent market abuse offences (see also Standard [23] (Prevention
of market abuse)).
17c.2 A fund manager should appoint a compliance officer who is independent of the portfolio
management function to oversee all issues relating to regulatory compliance and market
and professional conduct... A fund manager should provide to the fund governing body a
report on regulatory compliance prepared by the compliance officer on a regular basis.
17c.3 Where client money is held by the manager, the fund manager should put in place strict
internal controls to prevent misappropriation of such money (e.g. co-signing policies).
Fund governance Standards and Guidance [21]
21.7 Regular reports on compliance with laws and regulations (in particular those relating to
anti-money laundering) applicable to activities which are performed by the administrator
on behalf of the fund should be obtained by the fund governing body from the fund’s
administrator.
The EU has introduced the Alternative Investment Fund Managers Directive (AIFMD) to
improve the rule governing hedge funds.
However, ascertaining the adequacy of the framework, including CDD/KYC policy, processes
and procedures, is not enough. Verification is required. It is therefore recommended that
banks and financial institutions ask for samples of the CDD/KYC documentation – if these
are not available on request it suggests that the framework is inadequate.
A further issue banks and financial institutions should look at is how many Suspicious Activity
Reports (SARs) a hedge fund raises – a possible indicator of the financial crime risk culture and
governance. Regulators have noted that hedge funds generally account for relatively few SARs.
2.3 Asset/fund managers
Generic risk exposure and typologies
Fund managers, asset managers, investment funds, money market funds, et al, come in
all shapes and forms. One is UCITS, Undertakings for Collective Investment in Transferable
Securities, which is standard in the EU and which is being to a certain extent copied
elsewhere. An overview of a basic UCITS structure is as indicated in the figure overleaf.
59
Investment Company
Management
Custodian
Company
Investment Administrator/
Distributor
Manager TA
Investment Local Global

Adviser Distributor Custodian
Source: Mondaq
Apart from the fact that UCITS are well regulated and the funds can be marketed
throughout the EU, the importance of the structure is that the role of investment manager
and custodian are separate – improving confidence in its operation. The broader issue is
that when looking at fund managers, an assessment of financial crime risks must begin
with the ownership structure, management and governance and how well it is regulated.
The next step is the assessment of the different roles in the structure, including that of
intermediaries and associated parties that act on behalf of the fund. When taken together,
all the following should be considered.
1. Ownership, Management and Governance

2. Jurisdiction and Regulation
3. Marketing, Sales and Distribution
4. Client/Investor Risk
5. Investment Management
2.4 Ownership, management and governance
An assessment must be made as to what extent the ownership, management and

governance represent industry best practise. Is there a policy framework for financial
crime compliance covering such issues as sanctions, bribery and corruption and money
laundering?
2.5 Jurisdictions and regulation
Inadequacy of regulation in certain jurisdictions is not the only issue. In some jurisdictions,
the level of corruption has resulted in bribes and facilitation payments in order to secure an
operating licence.
60
2.6 Marketing, sales and distribution
Some funds are traded on electronic exchanges and depending on the jurisdiction, this can
be a suitably well-regulated activity. However, there are also risks of bribery and corruption
arising from inappropriate payments to win investment mandates. These can either be
made by the fund itself or by intermediaries and agents acting on behalf of the fund.
The most recent example of this actually occurred with a hedge fund (proving all
investments funds are susceptible to the same risks). Och-Ziff, the US based hedge fund,
paid $413 million to the SEC for violations of the Foreign Corrupt Practices Act (FCPA).
The fund spent millions of dollars bribing African officials and PEPs in order to secure
investment in their funds. This included $3 million in bribes to secure a $300 million
investment from the Libyan Investment Authority or LIA.
Alternatively, rather than bribes being paid to win client business, there is also the
possibility of bribes being paid to intermediaries, advisors or consultants to make
favourable recommendations on behalf of the funds. An example is that of the Californian
firm, Total Wealth Management, which was charged by the US Securities and Exchange
Commission (SEC) with fraud and a breach of fiduciary management. The firm was found
guilty of receiving kickbacks for steering clients into selected funds.
2.7 Client/investor risks
The risks arising from clients and investors from a money laundering perspective are many.
They include:
1. the adequacy and consistency in application of the firm’s CDD/KYC procedures

2. the level of retail vs institutional investment – the former is by definition always
higher risk, yet either can be compounded by complex ownership structures
3. the number of intermediaries and sub – intermediaries involved in marketing, sales
and distribution
4. the presence of PEPs
5. the nature of the funds; open-ended funds with no time limits on withdrawals are
generally more risky than closed funds with fixed terms for withdrawal
6. acquisition of funds that do not have similar standards of financial crime risk
management
7. reliance on third parties which may not have the appropriate systems for identifying
financial crime risks or properly screen for potential sanctions violations.
As you can see however, there are core themes emerging here which should be a key focus
when effective financial crime risk management is implemented.
2.8 Investment management
The major risks arising include:
1. unauthorised trading
2. fraud and manipulation of fund valuations
3. ponzi schemes.
61
In respect of the latter, one of the most cited issues is the extent of the marketing and
marketing expenses incurred by a fund. The rationale being, where aggressive marketing
takes priority, it may be a red flag – as it may be an indication that there is an urgent need
to meet returns to existing investors.
The issues here are in many ways similar for all funds:
z Who are the owners, managers and trustees?
If the funds are listed or traded on a recognised exchange, the extent of the
regulatory disclosure requirements will provide a reasonable level of assurance.
Questions will still arise as to the degree of independence of the designated
managers and/or trustees.
z What is their experience and reputation?
In this regard, negative news searches/adverse media checks are an important

aspect of due diligence. Is there anything to indicate that there might be concerns?
z In what jurisdictions are the funds domiciled?
The extent to which funds are regulated in each jurisdiction will be one factor;
another will be the home jurisdiction of the fund and to what extent it establishes
oversight or guidelines over the funds international operations. For example, in the
UK, many asset/fund managers are signatories to the Financial Reporting Council’s
Stewardship Code. The Council’s website states: ‘Signatories provide a good quality
and transparent description of their approach to stewardship and explanations of an
alternative approach where necessary’.
US funds (mutual and exchange-traded) are regulated by the SEC, while in the UK,
they are regulated by the Financial Conduct Authority (FCA), which significantly
enhances their transparency.
z What is the nature, structure and type of the fund?
It is imperative to understand how the fund works, including the relationships between
managers, advisors, consultants, intermediaries and their role in the marketing, sale
and distribution of the funds to investors. This informs us who is exposed to financial
crime risks, who should be responsible for performing customer due diligence and
when, and who is specifically responsible for managing financial crime risk.
z What is the financial crime internal control and governance framework?
This begins with ascertaining whether or not the institution has firm-wide standards
in terms of policies and procedures and that these cover fraud, market abuse and
manipulation, sanctions, bribery and corruption and money laundering. A further
question is whether or not there is a ‘three lines of defence model’ (3LOD) in place
– and that determines who owns the risks, who are the risk stewards and the
independence of the audit function.
62
Finally, fund regulators normally prohibit transactions between affiliates in order to

avoid conflicts of interest.
z What is the funds approach to the use of nominee directors?
Where funds, including hedge funds, are domiciled in offshore jurisdictions, they
have been known to engage in the extensive use of nominee directors. In one
example, known as the Sark Lark, a single director on the island of Sark held some
3,400 directorships while many of his fellow islanders held several hundred such
directorships. Cases such as this undermine governance and the deterrence of
financial crime – nominee directors cannot possibly perform proper fiduciary duties.
z Can the fund provide, on demand, CDD/KYC documentation for onboarded

customers?
As ever, this is the ultimate test of the suitability of procedures.
3. Sovereign wealth funds (SWFs)

SWFs are not regulated like other funds. They are sovereign entities and the issues around
them are political, geopolitical and economic. Yet, there are still many questions as to how
they should be dealt with and managed from a financial crime perspective.
A declaration by the Organisation of Economic Co-operation and Development (OECD)

states that SWFs are not to be treated less favourably than other investors, that they should
be transparent and that member nations should ease restrictions on the movement of
capital, thus facilitating the operation of SWFs.
The biggest issue for anyone dealing with SWFs is who actually owns and/or controls the
money? Is it the state, the ruler, the emir/king or the royal family? In the case of 1MDB, the
Malaysian SWF, the money appeared to belong to the prime minister.
Case study: 1 Malaysia Development Berhad

(1MDB)
What do Leonardo di Caprio, Goldman Sachs, President Trump’s chief

economic advisor and the Malaysian Prime Minister have in common? The
answer is the SWF 1MDB. Here is the story so far.
1MDB is a $6 billion Malaysian SWF founded and formerly headed by the

then Malaysian prime minister, Najib Razak. The objective of the fund was
to raise money in the Middle East and channel those funds into Malaysia’s
development. The issue was handled by Goldman Sachs.
However, billions of dollars, the US Department of Justice’s estimate is some

$3.5 billion, have been reported to have been siphoned off for personal use
– including by the Razak. Other individuals bought jewellery, art and even
financed the movie The Wolf of Wall Street, starring Leonardo di Caprio.
63
The Wall Street Journal reported that transactions executed by the fund were
tracked and approved by high ranking officials at Goldman Sachs, including
the firm’s former president, Gary Cohn who was President Trump’s chief
economic advisor.
Another now former Goldman banker who was lead on the transaction,
Tim Leissner, along with Goldman Sachs themselves, have been charged
for their role in this scandal. The allegations are that significant sums
of money passed through Leissner’s personal accounts and that he has
connections to several Malaysian PEPs. No longer prime minster, Razak has
also been charged with money laundering and, at time of writing, was still
on trial facing these charges.
Investigations for fraud and money laundering are continuing in the

US, Singapore, Luxembourg, the Seychelles and the UAE. In Singapore,
a number of banks have had their licences withdrawn, while the UAE
have imposed travel bans and frozen the accounts of former Abu
Dhabi Investment Authority (ADIA) employees, who allegedly had close
connections to 1MDB and funnelled funds to accounts in the BVI.
How to manage and mitigate the risks of financial institutions which do not conform to
the regulatory guidelines but who are, without question, significant players in the global
markets is a challenging question, particularly where they may prove to be lucrative
relationships. It ultimately comes down to risk appetite and commensurate financial crime
risk controls.
One of the first red flags raised by 1MDB was the very lucrative fees earned by Goldman
Sachs. Many banks have mechanisms to question the basis on which such fees are earned
and often have automatic internal escalation clauses. This often usually entails having
senior management or reputational risk committees approve a transaction if earnings
exceed either a certain percentage of a deal’s notional value or a predetermined threshold
amount.
The other red flag in this deal is the assumption of the chairmanship by the head of
state. Then again, the Abu Dhabi and Dubai investment authorities are both headed
by senior members of each state’s ruling family. As such, while the existence of senior
political leaders at the head of a SWF might perhaps constitute a red flag, there is nothing
particularly unusual about it.
Following the initial bond issue, there were other red flags which should have placed
banks and financial institutions on notice. They included missed payments, a delay in the
production of the accounts and the replacement of Deloitte as auditors.
Dealing with SWFs is certainly a risk but if a bank or financial institution determines that it
is within its risk appetite, then it should look at the recommendations of the International
Monetary Fund (IMF) and the International Working Group of Sovereign Wealth Funds
Santiago Principles. We will look at both of these guidelines in the next section.
64
4. SWFs – Risk control implications for banks and

financial institutions
4.1 IMF SWF Guidelines43
The IMF guidelines are as much guidelines as they are observations. They call for a ‘robust
legal structure’ that will promote sound institutional governance, which hopefully will lay
the foundation for attaining appropriate economic, financial and political objectives, while
promoting effective governance, accountability and transparency.
The IMF recommendations make it very clear that irrespective of the governance
framework, the operational management of SWFs should be independent of political
influence. It describes the manager model and the investment company model as the two
primary operating formats.
The IMF describes the manager model as, ‘the legal owner of the pool of assets constituting
the SWF (usually the ministry of finance) gives an investment mandate to an asset
manager’. While the investment company model is described as, ‘the government as owner
sets up an investment company that in turn owns the assets of the fund’. Both models are
pictured overleaf:
43. Abdullah Al – Hassan, Michael Papaioannou, Martin Skancke, and Cheng Chih Sung, Sovereign Wealth Funds:
Aspects of Governance Structures and Investment Management, International Monetary Fund, 11 November
2013: https://www.imf.org/en/Publications/WP/Issues/2016/12/31/Sovereign-Wealth-Funds-Aspects-of-Governance-
Structures-and-Investment-Management-41046 – accessed September 2019
65
Manager Model Investment Company Model
Owner Of Owner Of
Gives mandate to
Investment
Assets
Company Owns
Managers
Manager(s) Assets
Source: Authors
The IMF report further illustrates what an SWF Governance Structure should look like and in addition, stresses the importance of the involvement of
stakeholders i.e. the parliament, general public, non-government organisations, etc. in the management of SWFs to © further their legitimacy.
2019 International Compliance Association. All rights reserved.
66
Governing bodies Supervisory bodies

External bodies
Parliament
Auditor General
MoF
External audit
Executive board
Internal audit
Internal bodies
CEO
Compliance unit
Managers
Source: Authors
© 2019 International Compliance Association. All rights reserved.
67
Finally, the IMF recommends a risk management framework that is accountable,

transparent, and professional – with suitably delegated mandates.
4.2 International Working Group of Sovereign Wealth Funds: The

Santiago Principles44
The aim of the Santiago Principles is to establish what are described as Generally Accepted
Principles and Practices (GAPP) covering three key areas. These are the:
i. legal framework, objectives, and coordination with macroeconomic policies

ii. institutional framework and governance structure; and
iii. investment and risk management framework.
Within that context, the Principles identify the 24 GAPPs listed below:
1. a sound legal framework

2. a well-defined mission
3. domestic activities coordinated with fiscal and monetary authorities
4. clearly defined rules for drawdowns
5. transparency to the owner
6. clear division of roles
7. governing bodies appointed in a predetermined manner
8. governing bodies that act in the best interest of the SWF
9. independence
10. formal definition of accountability
11. annual reporting
12. independent auditors
13. ethics and professionalism
14. rules-based outsourcing
15. ability to abide by rules of foreign countries
16. operationally independence from the owner
17. public transparency
18. clear investment policies
19. commercially orientation
20. restrictions against using privileged information
21. shareholder rights policies
22. effective risk management
23. proper reporting of performance
24. and regularly reviews its own compliance with the Santiago Principles.
The Principles are designed to promote good governance, accountability, transparency

and prudent investment practices whilst encouraging a more open dialogue and deeper
understanding of SWF activities. These therefore provide a sound base of reference for any
activity in the SWF environment.
44. IWGSWF, Sovereign Wealth Funds: Generally Accepted Principles and Practices – “Santiago Principles”, October 2008:
http://www.ifswf.org/sites/default/files/santiagoprinciples_0_0.pdf – accessed March 2018
68
5. Correspondent banking/banks
What do we mean by correspondent banking? The definition is not an easy one and
this topic could arguably have been included in the section on customers or the section
on products and services. The former was chosen as we are looking at managing the
risks inherent in a particular type of customer relationship. However, the products most
associated with correspondent banking such as payments and cash management and trade
finance, will be dealt with separately in the product section.
The question remains, what do we mean by correspondent banking? Different countries

and different regulators have different definitions. As such, it is perhaps best we start in
neutral territory, with the Wolfsberg Group, a collection of global banks that cooperate to
develop best practices in fighting financial crime. Their definition reads as follows:
Correspondent Banking is the provision of a current or other liability account, and related
services, to another financial institution, including affiliates, used for the execution of third party
payments and trade finance, as well as its own cash clearing, liquidity management and short-
term borrowing or investment needs in a particular currency.
A Correspondent Bank is effectively acting as its Correspondent’s agent or conduit, executing

and/or processing payments or other transactions for the Correspondent’s customers. These
customers may be individuals, legal entities or even other financial institutions.
A correspondent relationship is characterised by its on-going, repetitive nature and does not
generally exist in the context of one-off transactions. These Principles extend to all Correspondent
Banking relationships which an institution establishes or maintains for another Correspondent
Banking Client, including those where the Correspondent Banking Client is an affiliate, subsidiary
or branch of that institution.45
That’s as simple as it probably gets, and yet, the definition does not end there – it goes on
to describe correspondent banking relationships as not being limited to banks but that it
may also include other non-bank financial institutions (NBFIs). So, for example, while UK
regulators focus on bank-only relationships, US regulators look at relationships financial
institutions in general.
Whatever the definition, the principal risk arises from the fact that the underlying
customers are one step removed from the scrutiny of the bank providing the service.
Therefore, all things being equal, the primary correspondent risk is that of respondent
bank’s ability to manage its customers’ risk exposure.
Yet, all things are not equal and there are several other risks that must be considered. To
understand them it is best that we look at the specific legal and regulatory guidelines in
respect of correspondent banking – which testifies to the very unique and important role
played by this industry sector, its product and its services.
45. The Wolfsberg Group, Wolfsberg Anti-Money Laundering Principles for Correspondent Banking, 2014: https://www.
wolfsberg-principles.com/sites/default/files/wb/pdfs/wolfsberg-standards/8.%20Wolfsberg-Correspondent-Banking-
Principles-2014.pdf – accessed April 2018
69
5.2 Correspondent banking legal and regulatory guidelines
Such is the importance of correspondent banking to the international financial system,

that it is has defined legal and regulatory guidelines. The primary reason for this is the
importance of the transparency of payments and the integrity of the financial system: to
deter the abuse of the banking system for money laundering, the financing of terrorism
and sanctions evasion. The relevant legal and regulatory guidelines are:
FATF Recommendations – state that banks and financial institutions must not have
anonymous accounts. It requires that all banks perform CDD for customers. It further
requires banks and financial institutions to perform enhanced due diligence (EDD) for
correspondent banking, money services business (MSBs) and wire transfers/payments. It
further requires that payments must include all details of the payer, ultimate beneficiary
and purpose. In addition, there are jurisdictions which FATF considers high risk and
non-cooperative, currently North Korea and Iran – indicating their unsuitability for
correspondent relationships.
Wolfsberg Group – reinforces the principles established by FATF and further states that
SWIFT payments must be made using MT103 and MT202 COV with mandatory fields, to
ensure all payment details are included and to deter wire stripping.
Wolfsberg further requires banks and financial institutions to perform appropriate due
diligence for managing correspondent banking risks. This should cover or entail:
1. a formal correspondent banking governance body or unit

2. jurisdiction risks, including the level of regulatory oversight
3. the respondent’s ownership, management and regulatory history
4. the risks of branches and affiliates of both correspondent and respondent banks
5. the quality of financial crime controls
6. the specific exclusion of shell banks
7. the specific exclusion of anonymous and pay-through accounts (PTAs)
8. customer trigger events
9. the involvement of PEPs
10. the presence of nested relationships
11. the presence of high risk customers such as casinos and non-bank financial
institutions (NBFIs)
12. the application of EDD wherever there are red flags or high-risk indicators.
US Patriot Act – specifically requires US banks and financial institutions to properly vet their
Correspondent and Private Banking relationships. Further, it allows the Financial Crimes
Enforcement Network (FinCEN) to designate an entity, country e.g. Myanmar, or institution
e.g. FBME Bank as being of ‘Primary Money Laundering Concern’, if that body has reason
to believe that the entity is facilitating money laundering. FBME Bank was to effectively
collapse after it was so designated.
US Department of State – Designates countries as ‘State Sponsor of Terrorism’ – effectively

precluding their access to US dollars. Countries currently designated as such are Iran, Syria,
Sudan and North Korea.
Sanctions – Correspondent banking activity must always pay due regards to sanctions
regimes which are relevant to the jurisdiction in which the bank or financial institution
70
operates. More specifically, due attention must also be paid to banks that have been place
under sanctions.
The above provide a strong basis for the management and mitigation of correspondent
banking risks. However, it is important that we further highlight some of the specific risk
elements.
Within the context of what we have covered so far there are specific risk control issues that
require due attention and focus. Many of these relate to the customers of the respondent
bank, which are an indirect exposure of the correspondent. The extent that exposure is
directly related to the internal controls of the respondent – and makes the evaluation of
respondent controls extremely important.
Anonymous and/or PTAs – It is usually considered best practice to confirm that

respondents do not maintain anonymous accounts, or that they don’t allow, as in the case
of PTAs, their customers to effectively transact anonymously, by using the accounts of the
respondent. Let’s look at an example.
Case study: Bank of New York and Russian Money

(BoNYGate)46
During the late 1990s, a Bank of New York (BNY) vice president, her
husband and others colluded and contrived to funnel some $7.5 billion
of Russian money into accounts at the bank – which were then redirected
elsewhere, including back to Russia. The illicit transfers were the proceeds
of transnational crime, tax evasion, as well as legitimate IMF funds aid
diverted from Russian government coffers.
The transfers were disguised in several ways – including sham loans,

phoney business transactions between shell companies or in one instance,
a totally contrived sale of shares. Then, with the use of banks controlled by
the illicit actors, advantage was taken of BNY’s correspondent accounts, and
their cash management services, to both receive and divert the funds as
required. The high-risk indicators relevant to the case include:
1. the involvement of leading Russian politicians or PEPs

2. the failure or wilful blindness on the part of BNY management
despite warnings
3. the launderers used PTAs to disguise their identity – transactions
that appeared to originate from BNY actually originated from
individuals and entities using their accounts
4. Benex worldwide, the general trading company at the heart of the
scheme was headquartered in a semi-detached house in suburban
Essex in England – no customer visits had been performed.
46. Swlearning, ‘Chapter 2: BoNYGate’, 2005: http://www.swlearning.com/pdfs/chapter/1587991594_2.PDF – accessed

March 2018
71
In the aftermath of the scandal, the issues which it brought up were

considered so serious that a US Senate investigation was launched into
the role of US correspondent banking in international money laundering.
Banks were forced to place much greater emphasis on their correspondent
relationships and to make sure that their product and service offerings were
transparent. This has made the provision of PTAs virtually untenable.
The issue here was one of transparency, in relation to.
1. The customers and entities engaged

2. The ultimate benefical owner (UBO) – in this case, some were PEPs while others
belonged to criminal gangs
3. The purpose of the accounts, why was there a need for PTAs?
4. Ongoing monitoring of transactions
5. Inadequate internal controls and governance.
More generally, firms should be must be cognisant of the following in respect of

correspondent banking relationships:
z Downstream or nested relationships
This refers to the correspondent banking services provided by a respondent bank.

In some instances, this may go more than one level down. The greater the number
of levels and the further away the customers, the greater the inability to assess their
risks. There is also the likelihood that at the lower levels, smaller banks have less of
an ability to properly evaluate such risks.
This presents correspondent banks with a major dilemma. The greater the exiting
and de-risking of correspondent relationships, the higher the levels of indirect
exposure with a commensurate lowering of the ability to assess these risks. There is
a tough trade-off decision to be made.
z MSBs, casinos, online gaming
A cash-based business is high-risk. Correspondents must determine to what extent

their respondents are exposed to such business and how they go about mitigating
the risks. The example of Wachovia and Mexican Casa de Cambios in the following
section will perfectly illustrate the issues.
z Shell banks
Correspondents should confirm that there are no such relationships – which by

definition have no real commercial purpose other than the facilitation of anonymous
cross – border transfers.
z Products and services
Certain products and services are more high risk than others. Cross-border
transactions are always high risk. Trade finance incurs risks on two fronts: trade
72
based money laundering and sanctions evasion. Cash management services to

casinos and MSBs are always high risk in respect of money laundering.
z Anonymous accounts
If the respondent provides anonymous accounts or PTAs this could result in the
correspondent unknowingly facilitating financial crime.
z Jurisdictions
Although some aspects of jurisdictional risk have already been considered – Primary
Money Laundering Concern, FATF high risk and non-cooperative, offshore and
sanctions – we should ensure that all descriptors are included in our evaluation.
Others that should be considered include Transparency International’s Corruption
Perceptions Index and the Fund for Peace’s Fragile States Index.
z Regulatory history
What is the regulatory history of the respondent institution? What does it say about
its ability to manage financial crime risks? How does this impact the provision of
correspondent services?
z Staff training
The management of financial crime requires properly trained staff who are aware of
and alert to financial crime risks. A respondent’s bank staff training programme is an
important part of its ability to deter and detect financial crime.
z Corporate standards
It is important that both the correspondent and the respondent bank have policies
and procedures that are consistently applied throughout their entire organisations.
z Suspicious activity reporting
What is the status of the respondent with respect to SARs. How many have there
been? Is this consistent with a respondent of its nature and size?
z Negative news
Are there any issues that might affect our risk assessment e.g. reports of money
laundering?
z SWIFT messages
Respondents must use MT103 and MT202 Cov messages in accordance with
Wolfsberg standards, to ensure all details are included on funds transfers.
73
Case study: UBS Financial Services47
In December 2018, UBS Financial Services Inc. (UBSFS) were charged with
money laundering and ordered to pay a penalty of $14.5 million.
FinCEN advised that as a full-service broker-dealer, between 2004 and 2017,

UBSFS failed to establish and then put into effect a robust and adequate
anti money laundering program, as well as violating the requirement of
the USA PATRIOT Act to conduct ongoing due diligence on correspondent
accounts for foreign financial institutions. As a result of this, some foreign
financial institution correspondent accounts were not reviewed to ensure
that the customer information was reliable, current, and appropriately rated
for risk.
They also failed to provide adequate resources to the AML Compliance

Officer. This led to inadequate reviews of potential suspicious activity due to
inadequate staffing levels, as well as a backlog of alerts and subsequently a
decrease in UBSFS’s ability to file a SAR in a timely manner.
If you would like to learn more about financial crime risks in correspondent banking,
ICA offer another qualification addressing this specifically: https://www.int-comp.com/
qualifications/cert-correspondent-banking/
6. Money service businesses (MSBs)

MSBs include Exchange Houses, Bureau de Changes, Casa de Cambios and Third Party
Payment Processors (TPPPs) such as PayPal and WorldPay. They have one thing in common
– that is they deal in large volumes of cash or cash transfers. Which of course makes them
high risk for financial crime.
This is why FATF states that banks must conduct EDD when dealing with such entities. In
many jurisdictions, such as the US, they are treated as correspondent banking entities.
To understand the role of MSBs, we need to understand how they came to such
prominence.
Remittances are a significant element in the growth of developing countries and as such,
providers of these services, are increasingly in high demand. There was a time when most
remittances were executed by banks. As money laundering controls within banks increased,
coupled with the higher fees charged by banks, more people and especially the unbanked,
came to see MSBs as the better alternative.
47. FinCEN, ‘FinCEN Assesses $14.5 Million Penalty against UBS Financial Services for Anti-Money Laundering
Failures’, 17 December 2018: https://www.int-comp.org/programme/?title=ICA-Specialist-Certificate-in-Money-
Laundering-Risk-in-Correspondent-Banking – accessed September 2019
74
The UK National Risk Assessment (NRA), October 2015, identifies the threats and
vulnerabilities posed by MSBs as follows.
1. The transfer of criminal funds overseas

2. The use of currency exchange services to convert criminal cash into high
denomination foreign notes
3. The control of MSBs by organised crime groups
4. The use of complicit employees within MSBs by criminal groups
5. Third party payments
6. The transfer of cash into other payment methods such as digital currency and
electronic money
7. Levels of compliance with the regulations and POCA.
Specific typologies include:
z Complicit employees – MoneyGram, the second largest MSB in the US, entered
into a deferred prosecution agreement (DPA) with the US Department of Justice
due to serious problems in its AML programme. It was reported that some of the
institution’s agents ‘knowingly assisted’ schemes that defrauded US consumers to
the tune of $100 million.
z Complicit employees, overseas transfers – The US Department of the Treasury’s
Office of Foreign Assets Control (OFAC) designated the PacNet Group (‘PacNet’) as
a ‘significant transnational criminal organization’ …As part of today’s action, OFAC is
also designating a global network of 12 individuals and 24 entities across 18 countries.
PacNet, an international payments processor and money services business, has a lengthy
history of money laundering by knowingly processing payments on behalf of a wide
range of mail fraud schemes that target victims in the United States and throughout the
world. (Source: US Treasury)
The latter is also an example of transaction laundering.
6.2 Transaction laundering
What precisely is transaction laundering?
It is one of the biggest issues right now for TPPPs.
Transaction laundering takes place when payments for illegal/illicit activities, such as
drugs trafficking, are processed by registered merchants, acting on their own accord or on
someone else’s behalf. There are several ways in which this might be accomplished. They
are described by www.pcicomplianceguide.org as follows.
1. Front company. A pizza business passes the due diligence underwriting tests. However,
rather than just making pizza, the company also (or instead) launders drug money or
sells illegal products disguised as the pizza Merchant Category Code (MCC).
2. Pass-through company. A company with a legitimate processing account takes on a

“silent partner” in one of several ways. The legitimate company:
a. Allows (or is forced to allow) an illegitimate entity to use its account.

b. Embeds a payment link on an illegitimate company’s web page.
75
c. Enters the illegitimate company’s sales into its system manually, making TL more
difficult to detect.
d. An example is the recent indictment of former NBA All-Star Chris Gatling for credit
card fraud, in which he “persuaded” a fitness studio owner to charge credit card
numbers for him in return for a 10% share of the amounts charged.
3. Funnel account. A legitimate business accepts credit card charges from companies
that do not have merchant processing accounts, entering the charges as legitimate
transactions in the card payment processing system.
As noted earlier, transaction laundering is a $200 billion activity in the US alone. In addition,
because of its very nature, transaction laundering has also been used to finance terrorism –
including the Charlie Hebdo attack in Paris, which was financed by the online sale of fake
Nikes.
There should be ongoing evaluations of TPPPs to determine: how they perform their
merchant due diligence, whether or not they adopt a risk-based approach and how they
monitor unusual activity and report SARs.
There should also be ongoing review and assessment of the regulatory history of
MSBs/TPPPs and negative news searches. It is further suggested that there should be
checks on the nature of the customer base and number of financial institutions an MSB
has relationships with, as this might indicate if there are any elevated risks of money
laundering.
Case study: Wachovia and Mexican CDCs (Casa

de Cambios)
his case study highlights the risks of MSBs and what banks and other
financial institutions need to focus on in terms of managing the risks.
Wachovia Bank, based in Charlotte North Carolina, provided correspondent

banking services to Mexican CDCs. The CDCs are money service businesses
(MSBs) that allow people to exchange currency and transfer funds.
Due to the extent of drug trafficking in that country, Mexican CDCs were
always considered high risk for money laundering and both the Drug
Enforcement Agency (DEA) and bank regulators issued warnings to that
extent – citing the possible exploitation of MSBs by drug cartels.
Wachovia ignored these warnings and continued to provide correspondent

services to the CDCs – while they in turn accepted deposits from the drug
traffickers. Some of the monies were also used to purchase an aircraft on
behalf of the traffickers.
76
The investigation by the regulatory authorities, as laid out in the Statement

of Facts to the DPA,48 determined ‘seven significant failures in Wachovia’s
AML and Compliance programmes’:
1. Lack of policies, procedures or monitoring controls governing the

repatriation of nearly $14 billion in bulk cask for CDCs
2. Failure to conduct monitoring of over $40 billion in monetary
instruments flowing through international foreign correspondent
accounts
3. Failure to conduct adequate levels of due diligence of high-risk CDC
customers
4. Failure to adequately monitor CDCs and other high-risk foreign
correspondent banking accounts to fulfil suspicious activity reporting
obligations
5. Failure to implement monitoring controls or limits for sequentially
numbered traveller’s cheques for high-risk CDC customers in
contravention of Wachovia’s policy
6. Failure to detect and report suspicious activity in a timely manner on
the $373 billion in wire transfers that were processed by Wachovia
for the CDC, and
7. Failure to implement effective BSA/AML audit coverage.
We need look no further than the Wachovia statement of facts to realise why applying
ongoing due diligence to customer transactions is such a critical aspect of customer due
diligence. Banks and financial institutions must ensure that they establish adequate and
effective policies and procedures to detect customer transactions which are either not
consistent with customer norms, or are suspicious, based on either their volumes or even
the advice of the regulatory authorities.
In respect of the latter, one of the most important aspects of any internal control and
governance framework is maintaining good professional relationships with regulators,
while ensuring that their recommendations and risks assessments are being properly
addressed. This was perhaps Wachovia’s biggest failure.
What also stands out in this case was the failure of Wachovia to take account of the risk of
the jurisdiction and the customer groups/types to which these institutions were exposed –
something we have already discussed on a number of occasions in this text.
7. Exchanges and broker-dealers

Exchanges play a critical role in the financial markets. In facilitating the listing and trading
of securities in liquid and transparent markets, exchanges enable companies to efficiently
raise capital and investors with a multitude of choices.
48. US Department of Justice, [Wachovia Deferred Prosecution Agreement], Exhibit A, Factual Statement: https://www.
justice.gov/archive/usao/fls/PressReleases/Attachments/100317-02.Statement.pdf – accessed April 2018
77
Such markets can be exposed to any number of financial crime risks including money
laundering, market abuse and insider trading. To guard against such eventualities,
regulators and the exchanges themselves, will make rules in respect of the following:
z Members – The broker-dealers who are the intermediaries who execute trades
between the exchange and its corporate and institutional customers.
z Listed corporates/organisations – The requirements that must be met for those
companies and organisations who want their securities to be listed and traded on
the exchange.
z Depositories – The entities that settle transactions and act as custodians of both
cash and securities.
As such, the extent to which there is adequate regulation of these market participants and
how they conduct their activities, is vital to the integrity of the exchange.
There are also other factors outside of an exchange, that have an important role to play in
its proper functioning. They include registrars, who record who owns the shares and trust
and service company providers.
Stock exchanges will define which entities are their authorised registrars and as such, the
regulation of the registrar is significantly dependent on the regulation of the exchange.
Trust and service company providers represent and provide a different level of risks. Their
services include providing or acting as company formation agents, registered offices,
business addresses, nominee directors, nominee shareholders and company secretary.
Given the activities of trust and service company providers, the risks of facilitating financial
crime by way of nominees, shelf companies, complex structures and offshore incorporation
in multiple jurisdictions, are significant – hence their classification as DNFBPs under the
FATF Recommendations.
The absolute risk of trust and service company providers will be dependent on the extent
to which these entities are regulated in each jurisdiction. In offshore jurisdictions which
are lightly regulated, the risks are very high. Yet even in the US, the regulation of trust and
service company providers is not always as strong as it should be – as noted in the US’s
December 2016 FATF Mutual Evaluation Report.
In general, the effective regulation of exchanges is significantly dependent on the

regulation of the associated members and participants, both direct and indirect.
7.2 Regulatory guidelines
The following paragraphs indicate some of the major regulatory guidelines imposed by
major stock exchanges such as the London Stock Exchange (LSE) and the New York Stock
Exchange (NYSE).
The LSE has definitive rules in respect of
z Membership – qualifications, roles, responsibilities and conduct

z Trading – order execution and reporting, off-market transactions, customer due
diligence
78
z Market making rules – registration and conduct

z Settlement, clearing and benefit rules
z Compliance – includes disciplinary procedures and when they are to be invoked
The NYSE has the following corporate governance rules for organisations seeking a listing.
z Basis of regulation – Specific corporate governance code under which a company

operates and whether or not they have complied with that code’s best practice
provisions
z Director independence – Half the board (excluding the chairman) must be
independent, meaning they have no conflicts of interest with the organisation
z Chairman and chief executive – US code does not require independence (UK code
does)
z Non-executive director meetings – NYSE rules require they meet regularly without
management
z Board committees – Audit, Remuneration and Nomination Committees should be
all non-execs
z Code of ethics – Must be adopted for directors, officers and employees
z Compliance certification – Chief executives to certify their awareness of any
corporate governance violations
Companies listed on the major stock exchanges are usually required to disclose details of:
1. incorporation
2. audited financial statements
3. business activities
4. directors
5. working capital
6. controlling shareholders
7. share listing.
Further, in order to ensure market transparency, the major stock exchanges will make rules
in respect of the execution and/or communication by companies of:
1. mergers and acquisitions

2. material changes in business/operations
3. earnings
4. significant management changes
5. share buybacks
6. dividends
7. rights, warrants, options, convertibles
8. any other corporate actions.
For a company undertaking an IPO, the following diagram taking from ‘A guide to listing
on the London Stock Exchange’ sets out the extent of the formal disclosures and actions
required.
79
Diagram: Advisers’ roles and responsibilities
Sponsor
 Overall co-ordination and project
management of IPO process Bookrunner
 Co-ordination of due dilligence and  Prepare company for roadshow
prospectus  Facilitate research
 Ensure compliance with applicable rules  Build the book pre-float
 Develop investment case, valuation and  Marketing and distribution
offer structure  Pricing and allocation
 Manage communication with LSE and
UKLA.
 Act as adviser to the company’s board
 Ongoing support/advice after floatation
Lawyers
Other advisers  Legal due dilligence
 Registrars  Draft and verification of
 Financial printers prospectus
 Corporate restructuring
The Company  Corporate restructuring
 Remuneration consultants  Provide legal opinions
Financial PR Reporting accountant

 Develop communication strategy  Review financials – assess
to support pre-IPO process company’s readiness for IPO
 Enhance market perceptions to  Tax structuring
develop liquidity and support  Financial due dilligence – long
share price form, short form and working
 Pre- and post-IPO press releases capital reports
80
7.3 Traded products
Stock Exchanges will specify what products they allow to be traded. For example, the LSE
allows:
1. bonds, including retail bonds

2. common stock
3. covered warrants
4. exchange-traded funds
5. exchange-traded products
6. global depositary receipts (GDRs)
7. structured products.
Stock exchanges will be supervised by their local regulators e.g. SEC, FCA and in Europe,
there is the Market Abuse Regulation (MAR) which introduces criminal sanctions for insider/
dealing and market manipulation.
7.4 Risk typologies
Securities fraud can incur in any number of ways. They include infiltration of broker-dealers
and various forms of market manipulation.
In well-regulated markets, broker-dealers and other members are not allowed to deal in
physical cash. This severely limits the use of exchanges to place illicit funds. However, that
does not stop exchanges from being used to layer and integrate transactions.
Brokerage accounts can be used to facilitate the layering stage of money laundering,
after which the funds are spirited away to offshore locations, with the usual assistance of
lawyers, accountants and trust and service company providers, acting in their traditional
roles of gatekeepers.
In these instances, the money laundering schemes are usually designed to take advantage
of smaller or less-well managed brokerages – those that do not have the resources or skills
necessary to implement a strong AML compliance programme. They can use a variety of
methods:
z Failure of broker-dealers customer due diligence procedures
Illicit actors, especially when they use trust and service company providers, can
operate behind nominees or use complex ownership structures to introduce the
proceeds of the crime via the broker -dealer and thus into a properly regulated
exchange. In addition, brokers may not make appropriate enquiries in respect of
their customers’ source of wealth/capital and source of funds.
z Poorly-regulated jurisdictions
While a well-regulated jurisdiction is not immune from financial crime via exchanges
and broker-dealers, a poorly regulated market in which the regulations and/or the
monitoring of the relevant institutions are too lax, may be highly susceptible to
criminal manipulation.
81
z Direct access to market/exchange by illicit organisations
In such circumstances, a criminal organisation is established. The company trades

in legitimate products and services as well as on an exchange and by so doing
layers and integrates it’s the proceeds of its illicit activities. The extent of the
financial disclosure and audit requirements in the major markets would exclude this
possibility. However, other less regulated markets could be at risk.
z Indirect access by non-exchange based broker-dealers
This will occur where other broker-dealers or institutions who are not members
of the exchange, introduce business to a broker-dealer with direct access to an
exchange. The management of such risks in such instances is dependent on the
customer due diligence, conducted by latter entity on the former.
z Money laundering via pump and dump schemes
Schemes such as these begin with the purchase of a large number of illiquid
and dormant shares. The price of the shares is then pumped up either by way
of fraudulent misrepresentation, with other illicit actors buying in concert, or by
broker-dealers making false recommendations. In these schemes, the illicit actor
wins twice. In the first instance money is laundered and in the second, the criminal
makes additional profits from pumping up the price of the stocks.
z Microcaps (aka ‘penny stocks’)
or for that matter any issue of unregistered shares or shares not listed on a properly
regulated exchange, tend to be quite susceptible to such schemes. However,
securities on authorised or publicly traded exchanges are not immune.
The following extract and case study illustrate both the above scenarios.
7.5 Securities fraud using microcaps
The following extract from a paper on Microcaps by Holly Peck49 are examples of red flags
or high-risk indicators for fraud and money laundering that broker-dealers and securities
firms should be monitoring and reporting (the references to physical certificates can be
ignored as the principles remain relevant for electronic transfers).
1. There is a sudden spike in investor demand for, coupled with a rising price in, a thinly
traded or low-priced security
2. The company was a shell company when it issued the shares
3. A customer with limited or no other assets under management at the firm receives an
electronic transfer or journal transactions of large amounts of low – priced, unlisted
securities
4. The issuer has been through several recent name changes, business combinations
or recapitalizations, or the company’s officers are also officers of numerous similar
companies
5. The issuer’s SEC filings are not current, are incomplete, or non-existent
49. Holly Peck, Between a Rock and a Regulator: Building an Effective AML Program in the Microcap Sphere
82
The scale of the problem is not inconsiderable. In describing its activities during 2018, the
SEC stated that:
The Commission brought a diverse mix of 821 enforcement actions, of which:
z 490 were “stand alone” actions brought in federal court or as administrative proceedings;
z 210 were “follow-on” proceedings seeking bars based on the outcome of Commission
actions or actions by criminal authorities or other regulators; and
z 121 were proceedings to deregister public companies – typically microcap issuers – that
were delinquent in their Commission flings.50
It was also noted that of the 490 stand alone cases, 13% were related to broker-dealer
misconduct. Let’s look at an example.
Case study: Credit Suisse Securities (USA) LLC
In September 2018, Credit Suisse Securities (USA) LLC (Credit Suisse) agreed
to pay $10 million to the SEC and the New York Attorney General to settle
charges in relation to material misrepresentations and omissions made in
connection with its former Retail Execution Services (RES) business’ handling
of certain customer orders.
It was alleged that Credit Suisse treated orders for which execution quality
was not required to be publicly reported less favorably than orders subject
to such reporting.
It was also alleged that they promised ordinary customers access to broad
liquidity in dark pools, including its own, but processed only a “minimal”
number of “held orders,” which must be executed immediately at market
prices, in that manner.
The SEC stated in a press release that:
Market makers that handle retail orders must be transparent with their
customers about how orders will be executed and how the market maker
will profit from their customers’ trades... The settlement holds Credit Suisse
accountable for failing to accurately disclose important information about the
nature and quality of its execution of trades for retail investors.51
7.6 Exchanges and broker-dealers – Risk control implications for

banks and financial institutions
The implications can be considered in two parts – the first is for broker-dealers. Broker-
dealers should ensure they:
1. avoid accepting physical cash when settling transactions
50. Securities and Exchange Commission, Annual Report Division of Enforcement, 2018: https://www.sec.gov/files/
enforcement-annual-report-2018.pdf – accessed September 2019
51. Securities and Exchange Commission, ‘Credit Suisse Agrees to Pay $10 Million to Settle Charges Related to
Handling of Retail Customer Orders’, 28 September 2018: https://www.sec.gov/news/press-release/2018-224 –
accessed September 2019
83
2. establish an appropriately suitable CDD process which includes performance of the

following checks:
a. source of wealth/capital, source of funds

b. ultimate beneficial owners and controllers
c. EDD for high-risk customers and jurisdictions
d. ensure transacting institutions avoid the use of anonymous and omnibus
accounts, which decrease transparency.
3. ongoing monitoring of customer accounts as an integral part of the CDD process
4. ascertain and determine the appropriateness of the use of intermediaries,

gatekeepers, lawyers and trust and service company providers by their customers,
as well as any payments to third parties
5. submit SARs once there is a reasonable suspicion of financial crime.
In December 2018, the US Financial Industry Regulatory Authority (FINRA) published their
findings52 following their examinations of broker-dealer firms or members. This report is a
summary of observations from this examination program, and may be used by firms as a
resource to help them strengthen their compliance programs and supervisory controls.
For banks and other financial institutions dealings with brokers-dealers, in addition to the
above, their primary concerns should include:
1. their owners and controllers

2. their financial crime governance and internal control framework
3. the jurisdiction(s) in which they operate
4. the degree or laxity of regulation in that jurisdiction
5. their regulatory history
6. their customer base – both type and geography
7. the nature of the securities they trade – whether or not they are listed on properly
regulated exchanges.
The practice in most banks and financial institutions, after conducting the appropriate due
diligence, is to approve a list of:
1. authorised issuers
2. authorised products (specific to exchanges)
3. authorised broker-dealers
4. authorised exchanges
5. authorised jurisdictions
6. authorised depositories.
52. FINRA, ‘2018 Report on FINRA Examination Findings’, 7 December 2018: https://www.finra.org/rules-guidance/
guidance/reports/2018-report-exam-findings – accessed September 2019
84
8. Charities and non-profits

FATF defines a non-profit organisation as follows:
A legal person or arrangement or organisation that primarily engages in raising or disbursing

funds for purposes such as charitable, religious, cultural, educational, social or fraternal
purposes, or for the carrying out of other types of “good works”.53
When performing due diligence on a customer, in most instances issues in respect of

business activities, revenues and cashflows can be reasonably determined by referring to
factors such as; the nature and type of business, the industry and previous year’s results.
In the case of charities, it is not easy to make the same or similar comparisons. Therefore,
prediction of a charity’s revenues and cashflows are not always a practical endeavour and
the source of funds can be both legitimate and illegitimate.
Charities have other characteristics which make them vulnerable, including:
1. the cash intensive nature of charitable operations

2. public trust
3. emotional attachments of people to stated causes
4. a reliance on voluntary support, making it less likely that problems are identified
5. a high dependence on a small number of key individuals.
6. an inadequate financial control, internal control and governance framework
Given the above characteristics, charities lend themselves to the misallocation of funds to
purposes beyond what was intended by those making donations. In addition, while normal
commercial endeavours require some level of commercial knowledge, acumen or skill,
charities can be set up or run by anybody who presents themselves as being in support of a
‘good cause’.
For all of the above reasons, charities are vulnerable to the misallocation of funds and
resources. This might include fraud, sanctions evasion, bribery and corruption and terrorist
financing. This might and can happen in several ways, including where criminals, terrorist
financiers and other illicit actors:
1. form or create charities and present themselves as being dedicated to good causes
but then divert the funds to nefarious activities;
2. execute an outright takeover or establish effective control over well-established
charities;
3. achieve the fraudulent diversion of funds by way of their operatives and associates
working within established charities;
4. use existing charity fundraising channels to collect and divert legitimate funds.
Finally, many charities now operate either globally or in multiple jurisdictions. By definition,
many of these jurisdictions are high risk – e.g. a charity providing humanitarian and
medical relief in Syria. When coupled with potential inadequacies in financial control,
internal control and governance, this provides transnational criminal groups and
53. FATF, ‘Glossary of the FATF Recommendations’: http://www.fatf-gafi.org/glossary/fatfrecommendations/n-r/ –

accessed April 2018
85
international terrorist organisations with the perfect cover for diverting and transferring
funds.
Let’s now take a closer look at a few risk typologies.
8.2 Bribery and corruption
This includes the diversion of charitable donations to elected officials and PEPs. One
example is the bribe paid by VimpelCom Limited of the Netherlands, to secure a telecoms
contract in Uzbekistan. In charging VimpelCom $397.6 million for FCPA violations, the SEC
noted that $114 million was funnelled to an entity that was affiliated to an Uzbek official,
with another $500,000 disguised as donations to a charitable institution also affiliated with
the official.
The head of the SEC’s Enforcement Division noted: ‘These old-fashioned bribes, hidden
through sham contracts and charitable contributions, left the company’s books and records
riddled with inaccuracies’.
8.3 Money laundering
Charities have been abused by drug traffickers, arms traffickers, extortionists and all
kinds of illicit actors, as charity fundraising lends itself to the comingling of legitimate and
illegitimate funds, and the later misallocation of those funds. One of the principal controls
over charities being used for money laundering is the refusal of anonymous cash donations
above a certain limit.
8.4 Terrorist financing
Any misallocation or diversion of funds can be directed towards financing of terrorism.

However, such diversion is not necessarily limited to cash. The following story illustrates
such dangers.
The bank, the Pakistani NGO and the helicopters
A major global bank sold helicopters to an non-governmental organisation (NGO), a relief

agency, in Pakistan. To do so, the bankers had to pass the most stringent internal and
external approval process. As the sales progressed, the bank eventually discovered that
the NGO was selling the helicopters on to a group of people, who were putting guns at the
sides of them and turning them into helicopter gunships.
The lessons here are that irrespective of the levels of CDD/KYC, certain jurisdictions are very
high risk for terrorism – and therefore the risk of terrorist financing. Pakistan is one such
jurisdiction with groups such as the Taliban, Al-Qaeda and ISIS being foremost amongst the
many such groups.
Pakistan is also very high risk for drug trafficking, supplying a large proportion of the
world’s supply of opium – the type of earnings which can be readily channelled into
financing terrorist arms and weapons – something the Taliban have been quite adept at in
recent years. Further, the country has a low score on the CPI, suggesting that it is perceived
as unlikely that charities are robustly regulated.
86
8.5 Tax evasion
In most jurisdictions, charities enjoy a tax-free status. Therefore, there is always the risk of
this status being abused. The US Internal Revenue Service (IRS) is particularly exposed to
this due to the use of legal vehicles known as Political Action Committees (PACs) to fund
political activities.
8.6 Charities – Risk control implications for banks and financial

institutions
Jurisdiction/regulation
Regulation is the single most important issue when assessing the financial crime risk of
charities. Without proper regulation, it is highly unlikely that all the other issues in respect
of charities, financial control, governance etc. will be properly addressed. The following
diagram provides an overview of the extensive regulatory framework employed by the
UK Charity Commission. It describes this framework as a ‘strategy for dealing with fraud,
financial crime and financial abuse of the charity sector’. Note the inclusion of bodies such
as the police, Serious Fraud Office (SFO), Her Majesty’s Revenue and Customs (HMRC), the
National Crime Agency (NCA) and auditors.
National Fraud
Intelligence
Bureau
Single point for Police
Charity fraud intelligence Fraud
Commission investigations
Investigates actions carried out by
of trustees individual police
forces
Auditors,
independent Action Fraud
examiners, whistle- National Fraud
Charity Reporting Centre.
blowers, the public trustees,
Report fraud Single point for
employees and reporting fraud
volunteers
Fraud policies and
procedures
National
Serious Fraud Crime Agency
Office tackles serious and
Investigates and organised crime/
prosecutes serious/ fights fraud and
complex fraud cyber crime
HMRC Charity Fraud

Responsible for Prevention
Gift Aid payments Working Group
and investigates tax led by the NFA
relief abuse and Charity
Commission
87
Naturally, the higher the jurisdictional risk, the greater the level of regulation required.
Unfortunately, this relationship often works in reverse – the higher the jurisdictional risk,
the lower the level of regulation. This presents a dilemma for anyone doing business with
charities, including banks and financial institutions, because as previously noted, it these
higher risk jurisdictions that are most in need of charitable intervention.
As such, it makes it imperative that the following additional risks are suitably identified and
controlled. Again, you will see key themes re-emerging.
8.7 Registration
Banks and financial institutions must determine where a charitable entity has been
established and which regulator is responsible for its oversight – this includes ensuring the
charity is duly registered in accordance with the specific requirements of the regulator.
8.8 Charitable purpose
Steps should be taken to determine whether the purpose of the charity as defined is
consistent with the regulatory requirements e.g. education. Many jurisdictions have specific
guidelines as to what constitutes a charitable purpose, with significant implications for
issues such as its taxable status.
8.9 Ownership structure
Assessments should be made of the structure of the organisation in respect of the nature
of the legal vehicles being used e.g. a trust, what if any associated entities are included, the
nature of the relationships between such entities and ultimate trustees and controllers.
A review of the legal form of the charity and relevant documentation e.g. trust deed, must
be performed to properly establish which individuals exercise control and the relationship
between them.
8.10 Trustees, management, controllers, associated persons
In conducting their due diligence, banks and financial institutions must not only determine
that there is an appropriate governing body in place but in addition, determine the
identities of the individuals and their associated parties. As such, the standard onboarding
checks in respect of PEPs, criminal records, sanctions and negative news searches must be
performed.
In addition, said individuals should be screened for possible association with persons
to ensure they have no connections with criminal, sanctioned or terrorist individuals
and organisations. More generally, an assessment should be made as to whether or not
the trustees and management are reputable persons, who possess the knowledge and
capabilities necessary to manage and oversee the charitable entity they are required to
manage.
8.11 Know your employee
It should also be ascertained whether or not the charitable entity being onboarded, use the
above procedures when onboarding their own employees. As noted earlier, the diversion of
88
charitable funds does not necessarily have to arise from illicit actors establishing effective
control over a charity. This can just as easily be effected by lower level employees who have
connections to illicit actors.
8.12 Regulatory history
Determine the regulatory history of the organisation and establish if the entity has ever
been involved in significant legal and regulatory issues.
8.13 Financial control, internal control and governance
The financial controls, internal controls and governance framework of a charitable

organisation must be adequate and sufficient, given the size, nature and scope of
the business, the number of jurisdictions in which it operates and the nature of its
distributions.
In making such an assessment, there will be a need to look at not only the documented
policies and procedures but also ascertain whether it has an appropriate assurance model
e.g. 3LOD, as well as who provides independent audit and accountancy services to the
organisation.
Internal policies must also be geared towards transparency of books and records such
that the transfer and use of resources can be readily ascertained. This should extend to
transparency of payment process and effective control over the distribution of funds.
Finally, there must be properly audited financial statements at the end of each financial
year.
8.14 Ongoing due diligence
In our earlier example, the bank was able to determine that helicopters it had sold
were being transformed for terrorist use. The bank was able to uncover this because
it maintained constant and ongoing due diligence of their customer relationship. It is
important to remember that due diligence is a dynamic process – not something which is
done then forgotten.
8.15 Risk rating charities and EDD
Finally, the current environment is such that banks and financial institutions automatically
rate charities and non-profits as high risk. This means they automatically require EDD, the
need for which is further strengthened by their complexity and the number of jurisdictions
in which they operate.
Just as important is the need to determine the number of charities an institution does
business with. As simple as this may sound, on many occasions, because of the wide range
of different activities charities conduct and the different forms they undertake, it is not
always easy to determine whether an entity has charitable status or not.
89
8.16 Reputational risk management
For all the risks presented by charities, there are significant reputational risk issues arising
from exiting charities. The exiting institution may well have good reason, such as the
internal controls being inadequate. However, the work of the charity may very well be
genuine, with thousands of people dependent on its successful operations. There are many
cases of charity accounts being closed and the aggrieved party’s sad story appearing as a
major news item the following day – negatively impacting the reputation of the institution
that closed the account.
Having an appropriate reputational risk management framework is essential for dealing

with high-risk customers such as charities.
9. Oil and gas, extractive industries

9.1 Generic risk exposures and typologies
We will focus on the oil and gas sector in this section but in generic terms the issues also
relate to other extractive industries. We will refer to these other industries or entity types as
and when appropriate.
The main risk exposures will be to bribery and corruption, sanctions and in some instances
tax evasion.
Oil and gas/petroleum have a significant exposure to bribery and corruption. The perfect
storm occurs where there are high value contracts, in high-risk jurisdictions which require
government or PEP approval. The existence of much of the world’s oil and gas reserves
in high-risk countries, and the sheer size, in dollar value, of the investments and markets
involved, all combine to make the industry very high risk.
To better understand the elements of bribery and corruption to which the industry is
exposed, we should start by understanding the industry value chain, as indicated in the
diagram below.
Diagram: Petrol Value Chain
The picture overleaf gives an overview of the supply chain of the oil and gas industry.
Industry is organised into three broad categories based on the activities performed therein.
They are mainly:
a. upstream (finding and producing hydrocarbons)

b. downstream (refining hydrocarbons and producing saleable petroleum byproducts)
c. retail (selling the byproducts to all the users who need them).
Midstream is not a very popular term used to describe the transport part.
It is the complexity of the value chain and the number of players involved, even under
ordinary circumstances, that further increase the scope for bribery and corruption in the
industry.
90
Upstream Midstream Downstream Retail
Source: http://www.adventuresinenergy.com
91
The industry value chain consists of upstream (exploration), midstream (production),

downstream (refining) and retail of the refined products. Each of these steps provides an
opportunity for bribery and corruption. Oil leases granted in the in the initial exploration
stage, with a very large element of construction in both the upstream and midstream
stages.
A document entitled Twelve Red Flags54 by the Natural Resource Governance Institute,
provides great insights into what can go wrong and why. The twelve are reproduced below,
along with some recent instances of their occurrence (either individually or collectively) –
which demonstrate these red flags are far from simply conceptual.
1. The government allows a seemingly unqualified company to compete for, or win

an award
Petroleos de Venezuela SA (PDVSA) the Venezuelan state-owned oil company, issued

a $4.5 billion contract for digging wells in the Orinoco Belt, said to be the world’s
largest crude reserves.
The company that won the tender, ahead of some of the world’s largest oil services
firms, Halliburton, Schlumberger and Weatherford, was Trenaco. This company,
headquartered in Switzerland but run out of neighbouring Colombia, was a virtually
unknown. It clearly neither had the skill or expertise to do the job. Yet, Trenaco
started hiring people for the project 6 months before the tender was granted – after
it had a meeting with PDVSA executives.
Unfortunately for Trenaco and PDVSA, the foreign firms that would have had to
partner with Trenaco saw the bright red flags flying and refused to participate –
they did not want to have to answer to their domestic regulators or the SEC (for the
FCPA) for their participation in such a scheme.
Trenaco was later liquidated.
2. A company or individual with a history of controversy or criminal behaviour

competes for, or wins, an award
3. A competing or winning company has a shareholder or other business

relationship with a PEP or a company in which a PEP has an interest
4. A competing or winning company shows signs of having a PEP as a hidden

beneficial owner
Sonangol, the Angolan state-owned oil company awarded exploration licences to

a US company. A condition of the contracts was that they had to include two local
companies with no prior experience in the industry, in on the bid. It turned out that
several Angolan PEPs had interests in said local companies.
54. Alexandra Gillies, Aaron Sayne and Andrew Watkins, Twelve Red Flags: Corruption Risks in the Award of Extractive
Sector Licenses and Contracts, April 2017: https://resourcegovernance.org/sites/default/files/documents/corruption-
risks-in-the-award-of-extractive-sector-licenses-and-contracts.pdf – accessed February 2018
92
5. An official intervenes in the award process, resulting in benefit to a particular

company
6. A company provides payments, gifts or favours to a PEP with influence over the
selection process
7. An official with influence over the selection process has a conflict of interest
One of the biggest scandals to come out of Brazil is known as Operation Carwash,
a multi-billion bribery scheme. One former President has been convicted in court,
another impeached and still another, the current President is under investigation.
The scandal arose from the Brazilian state oil company Petrobras, granting
constructing contracts at highly inflated prices – they could do so because several
senior managers at Petrobras were political appointees who turned a blind eye the
corruption – and of course they were duly rewarded.
One of the company’s involved in the corruption was Odebrecht, which we will meet
in the next chapter on construction.
8. Competition is deliberately constrained in the award process
9. A company uses a third-party intermediary to gain an advantage in the award
The Unaoil55 bribery scandal is said to be the largest in the world. It includes several
oil majors and some of the largest oil services companies on every continent. It also
involves just about every major oil producing country in the world. What was it about?
Unaoil is a firm of Monaco based middleman. It effectively facilitated its western

clients gaining contracts with oil producing countries by way of bribes. One report,
Unaoil – Unfolding The World’s Biggest Oil Bribery Scandal by Value Walk,56 describes
the scandal in suitably bleak terms:
After spending months investigating and combing through vast troves of emails and
internal documents, The Huffington Post and Fairfax Media published a bombshell report
on the bribery empire setup by Unaoil, a company based in Monaco. The report alleges
that “Unaoil and its subcontractors bribed foreign officials to help major multinational
corporations win contracts” in a variety of countries including Iraq, Kazakhstan, Iran,
Libya, Syria, Tunisia, and many more countries in Africa, the Middle East, and the former
Soviet Union.
“The leaked files expose as corrupt two Iraqi oil ministers, a fixer linked to Syrian dictator
Bashar al-Assad, senior officials from Libya’s Gaddafi regime, Iranian oil figures, powerful
officials in the United Arab Emirates and a Kuwaiti operator known as “the big cheese”.
The leaked files reveal that some people in these firms believed they were hiring a
genuine lobbyist, and others who knew or suspected they were funding bribery simply
turned a blind eye”.
55. The Age, ‘The Bribe Factory, The Key Players: Companies Who Worked With Unaoil’: http://www.theage.com.au/
interactive/2016/the-bribe-factory/players/players.html – accessed March 2018
56. Value Walk, ‘Unaoil – Unfolding The World’s Biggest Oil Bribery Scandal’, 4 April 2016: https://www.valuewalk.
com/2016/04/biggest-oil-bribery-scandal-unaoil/ – accessed April 2018
93
The Serious Fraud Office (SFO) in the UK is currently conducting a criminal

investigation into this scandal and has charged four individuals with conspiracy to
make corrupt payments. In July 2019, Unaoil’s former Iraq partner pled guilty to
conspiracy to give corrupt payments. The trial date for these individuals is scheduled
to begin in January 2020.57
10. A payment made by the winning company is diverted away from the appropriate
government account
11. The agreed terms of the award deviate significantly from industry or market
norms
12. The winning company or its owners sell out for a large profit without having
done substantial work
9.3 Sanctions
For one reason or another, commodities, the primary product of extractive industries are
often placed under sanctions. During the 1970s, Arab states placed an embargo on oil to
the west, because of the latter’s support for Israel in the 1973 war.
More recently, Iranian, Syrian and Sudanese oil exports have been sanctioned by the west,
and the western sanctions on Russia include prohibitions against providing either financial
or technical support to the energy sector.
Oil is not the only commodity regularly subjected to sanctions, so too are minerals
extracted from conflict/war zones, which are then used to finance ongoing conflicts. Some
of the most important ones are diamonds, gold and coltan or tantalum.
Due to their unique properties, diamonds are subject to the Kimberly process of
certification, to ensure that they are not coming from conflict areas. Gold is not as unique.
Therefore, the strategy is usually to sanction any area or region. So, for example, there
have been restrictions on the trade in gold and diamonds from the Central African Republic
(CAR).
Coltan, used in mobile phones and laptops is still being mined in the Democratic Republic
of Congo, even during and throughout that unfortunate country’s numerous conflicts.
A very interesting example of how commodity sanctions are applied is provided by

Myanmar. The sanctions placed on the military junta, for their human rights violations,
included a ban on the sale of the precious gems, rubies and jadeite. Those sanctions were
lifted once Aung San Suu Kyi came to power, thereby reducing the power of the military.
The issue of sanctions as they relate to oil and gas and the extractive industries in general,
play a very key role in trade finance, which includes the movement of commodities across
trade routes and international boundaries. Trade Finance will be dealt with in a later section
under products.
57. Serious Fraud Office, ‘Former Unaoil executive pleads guilty to conspiracy to give corrupt payments’, 19 July
2019: https://www.sfo.gov.uk/2019/07/19/former-unaoil-executive-pleads-guilty-to-conspiracy-to-give-corrupt-
payments/ – accessed September 2019
94
9.4 Tax evasion/avoidance – Base erosion and profit shifting (BEPS)
BEPS is the shifting of profits by multinational companies to lower taxed jurisdictions and
away from jurisdictions where the revenues were earned, by way of a combination of
intermediaries, transfer pricing, offshore vehicles and the utilisation of low tax jurisdictions.
The oil industry is particularly susceptible to this practice, which is deemed to be

particularly unfair to oil producing countries in particular, in that it erodes the revenues
they need to develop their economies.
Of course, the practice does not only hurt developing economies. The EU has fined Apple
€13 billion for its tax avoidance strategies, executed with the connivance of the Irish
government. The EU determined Apple’s strategies have eroded the tax revenues of the EU
states in which Apple sells its goods.
The current Action Plan from the OECD report on BEPS states:
1. New international standards must be designed to ensure the coherence of corporate

income taxation at the international level
2. A realignment of taxation and relevant substance is needed to restore the intended effects
and benefits of international standards, which may not have kept pace with changing
business models and technological developments
3. The actions implemented to counter BEPS cannot succeed without further transparency,
nor without certainty and predictability for business.58
On 7 June 2017, over 70 ministers and senior representatives from around the world,
signed on to the Multilateral Convention to Implement Tax Treaty Related Measures to Prevent
Base Erosion and Profit Shifting. As of August 2019, there are 89 countries that have
signed on to this Convention, with another six expressing their intent to sign. The Trump
Administration has not signed the treaty, while most of the major European nations have.
A primary aim of the treaty is the transparency of reported results. It effectively calls on
companies to report detailed tax and financial information on a country by country basis
with increased levels of disclosure. There is also a requirement that such results should be
made available to the public and not just to tax authorities.
There is another aspect to this need for disclosure and transparency. Country by country
comparisons enables better identification of anomalies in terms of both costs and returns.
It is believed that will assist in the fight against corruption.
The Trump Administration’s decision to remove the requirement for oil companies to
provide country by country comparisons in their reported results is considered a major
setback in the quest for industry transparency.
The single most important aspect of managing the financial crime risk exposures of
organisations in extractive industries goes beyond simply knowing your customer – it is
58. OECD, ‘BEPS Actions’: http://www.oecd.org/tax/beps/beps-actions.htm – accessed May 2018
95
about truly understanding the industry structure within which the customer operates.
Banks and financial institutions should therefore be asking the following questions:
1. What are the specific commodities/products involved?

2. How is the industry structured?
3. What aspects or areas of the industry are most susceptible to bribery and
corruption?
4. Who are the players; governments, business/joint venture partners, intermediaries
and other industry actors?
5. Does the company’s partners or contracted counterparties have the requisite
experience, skills, expertise and resources for the ventures/transactions being
entered into?
6. Are there any PEP relationships, interests or possible conflicts of interests?
7. In what jurisdictions do they operate?
8. In what jurisdictions are they regulated?
9. Are there any conflicts/conflict zones involved?
10. Are there any sanctions regimes relating to the product?
11. What, if any, are the bribery & corruption and sanctions risks of the operating
jurisdiction(s)?
12. Has the organisation adopted the ISO 37001 anti-bribery management framework?
13. Has the company adopted the transparency guidelines in respect of BEPS?
14. Has there been any negative news about the company, industry or commodity e.g.
bribery scandals such as Unaoil?
Finally, even if all the above questions were answered satisfactorily, there are two other
questions that must be asked:
1. Are there any environmental issues arising from the company’s operations or
ventures/transactions its involved in?
2. Are there any other reputational risk issues to consider?
10. Construction
10.1 Generic risk exposures and typologies
Construction, especially where there are large scale infrastructure projects, in high-risk
jurisdictions, which have to be approved by government/PEPs – will always be high risk for
financial crime.
There are several stages in a construction project where banks and financial institutions
can knowingly or unknowingly finance and/or facilitate transactions which could result in
financial crime. They include the granting of building permits, the tendering of contracts/
bids, the ongoing execution of the project, and the sale of completed units.
An article in the China Daily59 on corruption in the construction industry in China described
it as follows:
In most cases, bribes make up 5 to 10 percent of the total cost of a project…
59. China Daily, ‘Corruption still rife in construction industry’, 19 October 2011: http://www.chinadaily.com.cn/
cndy/2011-10/19/content_13929295.htm – accessed May 2018
96
The bribery occurs in many stages of a project, including land-use approval, project
management, public bidding, the purchase of construction materials and equipment as well as
project…
The Construction Sector Transparency Initiative or CoST, is an independent initiative

supported by the World Bank and Transparency International. There are 13 countries that
currently support the initiative.
The aim of CoST is to reduce the ‘overcharging, excessive delays, low standards and theft’
which costs the global construction industry an estimated $2.3 trillion – a truly staggering
number.
In this segment, we will explore the various construction risk typologies and the red flags
or high-risk indicators, banks and financial institutions should aware of.
10.2 Building licences and permits
Corruption in the construction industry begins with gaining permits and/or licences to build
from government agencies. There is much evidence of bribery and corruption in respect of
granting building permits. It has played a significant role in the corruption in China, where
government officials have been bribed to give building permits.
There is the example of a hotel in Spain which is said to have violated planning permission
by being built too close to the coast. Algarrobico Hotel, built on a beach within a nature
reserve in Almeria, was involved in of court cases for 10 years before the Andalusian
Supreme Court finally ruled that the building could be completed.
The risks of engaging in transactions where the appropriate permits have not been
obtained can be quite high, especially if the property in question is confiscated by the
authorities. They include, the facilitation of bribery and corruption arising from financing
such a project, credit losses due to regulatory action and the reputational risks related to
both.
10.3 Contract tender/bids
This is one area which is highly susceptible to manipulation. The larger the project, the
more the number of PEPs involved, the higher country risk – the more likely it is that
there will be a diversion of funds. One of the most infamous case of recent times is that of
Odebrecht, the Brazilian company, the details of which are outlined below.
Case study: Odebrecht’s massive bribery ring
Odebrecht is based in Brazil and is Latin America’s largest construction

firm – and one which has engaged in a massive bribery ring. The scope
of its bribery activities extended throughout Latin America and beyond.
It engulfed Brazil, Argentina, Chile, Colombia, Ecuador, Mexico, Peru, the
Dominican Republic, Venezuela, Panama and Portugal.
In describing the extent of Odebrecht’s corruption, one Bloomberg

Businessweek headline exclaimed; No One Has Ever Made a Corruption
Machine Like This One – There’s graft, and then there’s Odebrecht graft.
97
The following is an extract from the US Department of Justice press release

on the Odebrecht case.
According to its admissions, Odebrecht engaged in a massive and unparalleled

bribery and bid-rigging scheme for more than a decade, beginning as early as
2001. During that time, Odebrecht paid approximately $788 million in bribes to
government officials, their representatives and political parties in a number of
countries in order to win business in those countries. The criminal conduct was
directed by the highest levels of the company, with the bribes paid through a
complex network of shell companies, off-book transactions and offshore bank
accounts.
As part of the scheme, Odebrecht and its co-conspirators created and funded
an elaborate, secret financial structure within the company that operated
to account for and disburse bribe payments to foreign government officials
and political parties. By 2006, the development and operation of this secret
financial structure had evolved such that Odebrecht established the “Division
of Structured Operations,” which effectively functioned as a stand-alone bribe
department within Odebrecht and its related entities. Until approximately
2009, the head of the Division of Structured Operations reported to the highest
levels within Odebrecht, including to obtain authorization to approve bribe
payments.60
Odebrecht was initially fined $3.5 billion but made a settlement of $2.5 billion.
In addition, several former Latin American ministers and heads of state have
been either jailed, impeached, placed under investigation or removed from
office because of the fallout from the scandal. Included in this rogues’ gallery
are leading members of the Brazilian political class, referred to in the earlier
section on oil and gas.
10.4 Ongoing project risks
Human trafficking and migrant labour
There will be bribery and corruption risks beyond the initial permit/licences and contract
tender phases. These will include the delivery of sub-standard materials and illegal
modifications. There have been several instances where buildings have collapsed because
of such illicit activity – India being a prime example of a country where this occasionally
happens. However, labour exploitation is the worst of all.
According to the International Labour Organization (ILO), of the $150 billion profit
generated annually by forced economic exploitation of labour around the world, $34 billion
(23%) is made in the construction, manufacturing, mining and utilities industries. A 2015 EU
research report stated that construction was number two on the list of economic sectors in
the EU most prone to labour exploitation.
60. US Department of Justice, ‘Odebrecht and Braskem Plead Guilty and Agree to Pay at Least $3.5 Billion in Global
Penalties to Resolve Largest Foreign Bribery Case in History’, 21 December 2016: https://www.justice.gov/opa/pr/
odebrecht-and-braskem-plead-guilty-and-agree-pay-least-35-billion-global-penalties-resolve – accessed February
2018
98
The Labour inspector, France, states:
The construction sector is the most predisposed [to exploitation] because it has subcontracting. When you have a contractor that assigns a subcontractor, who
will also appoint a subcontractor, who will try to earn as much money as possible. And actually, at the end of the chain, there are workers in a difficult situation.
Given that the ILO states that construction is 7% of the entire global workforce, the scope and the impact of the issues are huge.
Labour Risk
Contractor Subcontractor
Direct recruitment of labour Subcontractors, each with their own... ...workers via direct recruitment or labour providers
Migrant labour risk occurs in every stage from main contractors to subcontractors.61
Human smuggling has its own money laundering implications in respect of predicate offences. However, we need to be aware of the direct money
laundering risks of construction companies.
61. Lexis Nexis, Hidden In Plain Sight: Modern Slavery In The Construction Industry: https://bis.lexisnexis.co.uk/pdf/whitepapers/Modern_Slavery_in_Construction_Full.pdf – accessed April 2018
99
Whether smuggled or not, casual labour is mostly paid in cash. Many of these labourers will
be in the developing world or from the developing world, working for example in the Gulf,
where they do not have access to regular bank accounts. For example, 85–94% of Qatar’s
workforce are migrant workers. The 1.7 million workers come from mainly from developing
countries including India, Nepal and Bangladesh.62
There will also be subcontractors who want to be paid in cash.
Any large building project is potentially a haven for money launderers. The larger the
project, the greater the potential for money laundering.
10.6 Sales
Where construction companies engage in sales, be it commercial real estate or residential

units, there is always a great opportunity for money laundering. We have covered this
area under the previous chapter on DNFBPs, when we looked at real estate and beneficial
ownership.
Once again, we have a recurring theme, meaning, it is not possible to understand the
financial crime risks of a company, unless you understand the industry in which it operates.
It is a philosophically important issue. There are many who believe that understanding an
organisation’s business and understanding the financial crime risk are mutually exclusive.
It is obvious from what we have covered so far that this is genuinely not the case – the two
are one and the same thing.
Banks and financial institutions with customers in the construction industry, in addition to
understanding the structure of the industry and its various players, must also consider for
the jurisdiction(s) involved:
1. the risks of migrant labour

2. the building/construction regulations
3. the level of corruption e.g. low score on the CPI Index
4. the use of cash, especially where casual and/or migrant labour is involved
5. the involvement of governments and/or PEPs.
Additional considerations include the adequacy of the internal control, governance

framework and specific policies and procedures for:
1. obtaining licences and permits

2. submitting contract bids
3. selecting and vetting subcontractors, partners, intermediaries, agents etc.
4. managing PEP involvement in public projects
5. the use of offshore vehicles
6. payment to contractors and subcontractors
7. payments to third parties
8. transparency of financial reporting.
62. Lexis Nexis, Hidden In Plain Sight: Modern Slavery In The Construction Industry
100
11. Telecoms
The telecoms industry is unique in that, in some jurisdictions at least, it is either a

monopoly or part of a local oligopoly. Whatever the circumstances, it is almost always
highly profitable with massive revenue streams. Securing a telecom licence is therefore a
very rewarding endeavour.
It should therefore be no surprise that some attempt to achieve this endeavour at all costs.
The fact that licences are granted by the government/regulatory authorities, makes the
sector ripe for corruption.
In addition, telecoms are a highly strategic asset for any country, as it involves high
technology which can have civilian, security and military applications. This has very
important implications for the targeting and imposition of sanctions.
The development and modernisation of telecoms infrastructure is a massive undertaking,

requiring high levels of construction and is therefore very capital intensive. It should
therefore be no surprise that there are risks consistent with what we looked at under
construction.
We will thus examine the financial crime risks exposures in respect of bribery and
corruption, money laundering and sanctions.
Licensing and permits
The desire for telecoms licenses issued by governments and government agencies, has led
to a number of unsavoury episodes of corruption in the licensing process. This has taken
many forms, with the extent of the corruption being dependent on the level of overall
corruption in the jurisdiction.
In some countries, telecoms remain in government ownership and control – in these

instances the corruption is mostly limited to the procurement of infrastructure and
equipment (see below).
The next step down is the sale or disposition of telecom assets by the government. This too
is regularly fraught with corrupt practices. In some jurisdictions, major domestic operators
have a licence to print money, so their sale is granted to a PEP or PEP associate e.g. in Syria
the largest mobile network provider, Syriatel, is owned and operated by Rami Makhlouf, a
cousin of Assad and a regime insider.
Some disposition or assignment of telecom assets take place after the appropriate bribes
have been paid to the right person or persons. The Dutch telecom provider VimpelCom
funnelled massive bribes to the daughter of the President of Uzbekistan, in order to secure
access to that country’s markets. The bribes were paid to offshore shell companies and
charities in which the daughter had an interest.
101
Still, there are instances where governments will organise what appear to be open and
competitive tenders for telecom and wireless spectrum licences. However, such tenders
might still not be as open and transparent as they appear. The below case study illustrates
this well.
Case study: Indian telecoms scandal
The Indian government conducted public tenders for the country’s 2G

wireless programme. The result was bribery, corruption, abuse of power
and the siphoning of public wealth into the pockets of the few and well-
connected. The allegations are that in selling the country’s wireless assets,
the Indian government of the day left as much as $40 billion on (or even
under) the table.
The scandal engulfed government ministers including the ministers of

telecoms and highways – the latter is said to have skimmed 15% off the top
of any government contract in which he was involved.
The government had chosen NM Rothschild and Sons to design a special

e-auction mechanism for the deal, but ministers and other officials
frustrated the process and the proceeds of the auction fell far short of
expectations.
A special court investigation overturned the licences while identifying

the sordid involvement of politicians, bureaucrats, corporates, corporate
executives and even journalists in the scheme. The magnitude of the
scandal was such that in 2011, Time magazine ranked it second on their
all-time ‘Top 10 Abuses of Power’63 – second only to Watergate.
11.3 Operations, procurement, construction
The size of telecom assets and the size of the infrastructure required, will lead to some of
the same problems as those identified in the construction industry. The potentially very
high value of procurement contracts provides ample scope and incentives for corruption.
Let’s look at another case study.
Case study: Hewlett Packard’s Russian bribery
This case involved almost all the typical elements of a bribery scandal –
associated parties, intermediaries, PEPs, government contracts, offshore
locations, corporate vehicles and money laundering.
The story began when the Russian government announced a project to

automate the computer and telecoms infrastructure of the GPO – the Office
of the Prosecutor General of the Russian Federation. The project was worth
$100 million and HP deduced that this was a ‘golden key’ to unlock a further
$100–150 million in additional business with Russian government agencies.
63. Time, ‘Top 10 Abuses of Power’: http://content.time.com/time/specials/packages/completelist/0,29569,2071839,00.

html – accessed May 2018
102
Consequently, HP created slush funds, to bribe officials on the initial project

as follows:
1. HP would initially sell computer equipment to a Russian partner

2. HP would buy-back the same products through an intermediary, with
millions in additional mark-ups
3. The products would then be sold to the GPO at the marked-up price
4. The illicit mark-ups were used to fund the payment of bribes
5. The bribes were paid through an intermediary and offshore shell
companies
6. HP maintained separate books to keep track of the payments made
to the various officials
Registration and management of the offshore vehicles were handled by

gatekeepers. HP pleaded guilty to felony violations of the FCPA for bribing
Russian officials to gain government contracts and paid $78 million in
criminal fines and penalties.
In another example, Ethio Telecom, of Ethiopia, signed deals worth

$800 million each with Chinese telecom equipment suppliers Huawei and
ZTE. It turned out that Huawei had started importing the equipment 9
months before the contract was awarded. People asked; why, how come?
Former executives of telecoms equipment maker Ericsson, state that the

company paid tens of millions of dollars in bribes between 1998 and 2001.
The monies were first sent to Zurich, from where they were distributed to
various recipients. Some of the largest bribes were paid to PEPs in Poland
and Malaysia.
11.4 Anti-competitive behaviour
The following story appeared in a report on corruption in the European telecoms industry.
It describes just how the industry’s lucrative rewards can drive anti-competitive behaviours,
by way of fraud and bribery and corruption. The story involves Magyar Telekom, a
subsidiary of Deutsche Telekom.
In December 2011, the U.S. Securities and Exchange Commission charged Magyar Telekom
and three of its former top executives with bribing government and political party officials in
Macedonia and Montenegro to win business and shut out competition in the telecommunications
industry. Magyar Telekom’s parent company Deutsche Telekom AG was also charged with
violations of the Foreign Corrupt Practices Act. The two companies paid $95 million altogether to
settle FCPA offenses.64
11.5 Sanctions
Telecommunications equipment are part of the vital national security and economic
infrastructure in any country. As such, some of that technology will automatically require
64. Transparency International, Investigating Corruption in the Media and Telecoms Industries European Corruption
Observatory Workshop Minutes, 18 March 2016: https://transparency.eu/wp-content/uploads/2017/02/Investigating-
Corruption-in-the-Media-and-Telecoms-Report.pdf – accessed May 2018
103
licences for export and import. It is also not surprising that there are specific US sanctions
prohibiting the sale of telecoms equipment to various countries.
Presidential Executive Order 13606 prohibits telecom equipment sales to Iran and Syria
because:
The commission of serious human rights abuses against the people of Iran and Syria by their
governments, facilitated by computer and network disruption, monitoring, and tracking by those
governments, and abetted by entities in Iran and Syria that are complicit in their governments’
malign use of technology for those purposes, threaten the national security and foreign policy of
the United States.
The Governments of Iran and Syria are endeavouring to rapidly upgrade their technological
ability to conduct such activities. Cognizant of the vital importance of providing technology that
enables the Iranian and Syrian people to freely communicate with each other and the outside
world, as well as the preservation, to the extent possible, of global telecommunications supply
chains for essential products and services to enable the free flow of information, the measures
in this order are designed primarily to address the need to prevent entities located in whole or in
part in Iran and Syria from facilitating or committing serious human rights abuses.65
President Obama also made ‘Significant Malicious Cyber-Enabled Activities’, in other words
cybercrime, a sanctioned activity. It is quite likely that anyone providing material support or
equipment to someone who commits such an activity might also be subject to sanctions.
What are the consequences of evading these sanctions?
In March of 2017, the Chinese telecom equipment maker ZTE Corp, pleaded guilty and
agreed to pay fines totalling $1.2 billion for sanctions violations. ZTE was said to have
evaded US sanctions prohibiting the sale of telecom equipment to Iran and North Korea, by
buying US components, incorporating them into their own systems and then selling those
systems to the sanctioned countries.
Had ZTE not admitted its guilt and paid the fine, it would have been banned from doing
business in or with the US and its assets would have been frozen.
Many telecom companies either have or are able to facilitate mobile and internet payment
systems. While the direct transactional impact is on the retail side, there is also of course
the overall relationship impact of onboarding a telecom customer that may (inadvertently
or otherwise) be facilitating financial crime.
Banks and financial institutions must therefore be concerned with the basic controls – such
as linking mobile customers to bank accounts, performing CDD, monitoring transactions,
SARs and having restrictions on usage in terms of amounts and geography.
The proceeds of bribery and corruption always need to be laundered. The methods used
have been referred to before, but they include offshore vehicles, complex ownership
structures and intermediaries. This is what makes the next section so important.
65. US Department of the Treasury, Presidential Documents Executive Order 13606, 24 April 2012: https://www.treasury.
gov/resource-center/sanctions/Programs/Documents/13606.pdf – accessed April 2018
104
It is quite evident that the telecoms industry is highly susceptible to financial crime and
we could discuss it in terms of the ongoing theme of jurisdictional risks of bribery and
corruption, money laundering and sanctions. However, for the specific industry-related
answers we seek, it would be best to look at a Transparency International’s latest survey of
the telecoms industry, which was completed for the year 2015.66
The 35 companies selected for the survey were based on a Forbes 2014 list of publicly listed
companies. The survey focused on three key issues considered to be vital to the deterrence
of financial crime and corruption. They are anti-corruption policies, organisational
transparency and country-by-country results.
The following is a summary of the key points in each area.
z Anti-corruption policies
There was a requirement for additional:
1. policies demonstrating clear compliance with corruption laws

2. senior management involvement
3. employee training programmes
4. policies in respect of political donations
5. code of ethics of employees, staff, suppliers and other associated persons
6. prohibition of facilitation payments.
z Transparency
The report states:
1. Due to their global presence, most telecoms companies have large numbers
of subsidiaries or non-fully consolidated holdings. Most companies therefore
tend to limit their disclosure to material or principal holdings, falling short of
the benchmark criterion used for this report, which expects reporting on all
subsidiaries, regardless of materiality.
2. Only four companies disclose full lists of their consolidated subsidiaries.
3. Some 77 per cent of the companies do not disclose where their subsidiaries
operate and only partially disclose where they are incorporated. Subsidiaries
operating in smaller markets are not considered to be material or “primary” and
therefore no information is provided on them.
z Country-by-country reporting
Here the survey notes:
1. While most companies in the sample are present in a large number of countries, they
fail to present financial data for each country of operation. Where they do report on
financials, the disclosure is limited to discrete data on a few selected jurisdictions.
66. Transparency International, Transparency in Corporate Reporting: Assessing the World’s Largest Telecommunications
Companies 2015 Report: https://transparency.eu/wp-content/uploads/2016/10/2015_TRAC_Telecoms_EN-final.pdf –
accessed May 2018
105
2. Revenues are the most often disclosed data point; profit before tax, capital
expenditure and community contributions are the least frequently disclosed.
The report also has some interesting geographic highlights.
z Geographic highlights
1. European companies perform the best in all dimensions, with scores of 85 per
cent, 42 per cent and 31 per cent, respectively.
2. Companies from Asia are the poorest performers in reporting on anti-corruption
programmes and in country-by-country reporting, with scores of 37 per cent and
9 per cent, respectively. Chinese and Japanese companies generally provide little
financial data relating to the foreign countries in which they operate.
3. Companies from the Americas received the lowest score, an average of 19 per
cent, in regard to organisational transparency. This may be explained by the fact
that of the 9 companies from the Americas, five are from the United States, where
companies are not required to report on their non-material holdings.67
z In summary
The report calls on telecom companies to:
1. develop and monitor anti-corruption programmes on a continuous basis

2. involve top management and the board to ensure that anti-corruption
measures are more than rhetoric
3. prohibit facilitation payments
4. publicly disclose all political donations
5. publicly disclose exhaustive lists of subsidiaries, affiliates, joint
6. ventures and other entities
7. publish financial accounts for each country of operation.
While the survey focuses on telecoms, it also highlights important lessons for all
corporates, as well as the banks and financial institutions that deal with them. That lesson
is; the deterrence of financial crime begins and ends with good corporate governance,
which focuses on the specific risk factors. This assumes even greater importance when
telecom operations are based in multiple high-risk jurisdictions.
12. Health and pharmaceuticals

The annual size of the global healthcare economy is now estimated to be approximately
$10 trillion. It is an industry or product that every single person interacts with, at some time
or the other and countless times over during the course of their life. The pharmaceutical
industry alone is worth $934.8 billion.
Therefore, it is not surprising that the sector is a target for financial crime. The only
questions are how and in what way. Transparency International estimates that in some
countries up to two-thirds of hospital medicines are lost to fraud.
67. Transparency International, Transparency in Corporate Reporting: Assessing the World’s Largest Telecommunications
Companies 2015 Report
106
As with other industries, to understand how and why financial crime takes place, we must
look at the industry structure. As such, the following diagram is taken from the latest
Transparency International report on the sector.68
Diagram: The six activities of the pharmaceutical value chain selected for analysis
Research and
Manufacturing Registration Selection
Development
Service
Distribution Procurement Marketing
delivery
Source: Adapted from Cohen, J.C., Mrazek, M., and Hawkins, L., ‘Corruptions and
Pharmaceuticals: strengthening good governance to improve access’, in Edgardo Campos J., and
Pradhan, S. (editions), The Many Faces of Corruption: Tackling Vulnerabilities at the Sector
Level. World Bank (2007), p.35.
We will examine the risk vulnerabilities; bribery and corruption and sanctions, in the various
stages and support them with examples, before we determine what banks and financial
institutions must do to counter these risks.
Research and development
Before any drug can be prescribed and made available to the general public, it requires a
lot of research and development. How that drug progresses will be highly dependent on
the relevant R&D reports. The outcome is often dependent on who funded the reports.
For example, in research funded by the US pharmaceutical industry, antidepressants were

found to have favourable outcomes in 94% of the times. When the US Food and Drug
Agency (FDA) performed the study, the percentage of favourable results was 51%. This of
course calls into question the nature of the funding and the risks of perverse incentives in
reporting the results of clinical trials.
Then there is the practice of ghost-writing, where a highly favourable article is written for a
drug, followed by the publication of the article under an esteemed or reputable name.
The following extract from an article from the corporate watchdog Drug Watch, tells the tale.
For example, the New England Journal of Medicine – one of the most prestigious medical journals
in the world – published 73 studies of new drugs. Of those studies, a pharmaceutical company
funded 60, 50 had drug company employees among the authors and 37 lead researchers had
accepted money from a drug company, according to a review conducted by the Washington Post.
68. Transparency International, ‘Corruption in the Pharmaceutical Sector: Diagnosing the challenges’, June 2016:
http://www.transparency.org.uk/publications/corruption-in-the-pharmaceutical-sector/ – accessed May 2018
107
This means drug companies greatly influence the majority of medical information provided to
the public.69
12.3 Manufacturing and registration
The World Health Organisation (WHO) estimates that about 25 per cent of medicines
consumed in low- and middle-income countries are falsified or substandard. Governments
and regulatory agencies are primarily responsible for the licencing and registration of the
entities that will produce drugs for distribution. The presence of illicit actors and corrupt
officials make this a hazard for the public but a lucrative venture for the perpetrators.
12.4 Marketing
Pharmaceutical companies spend more on marketing than research and development.

The US alone spends almost $50 billion in marketing drugs each year and there have been
many scandals. Johnson & Johnson bribed doctors in Greece, Poland and Romania to take
its medicines.
In a landmark Chinese case, Glaxo Smith Kline (GSK) was fined $490 million in court, after
being found guilty of bribing Chinese doctors and hospitals to take their drugs. In addition,
the then head of GSK in China was given a suspended three-year sentence and deported.
Other executives were also given suspended sentences.
12.5 Procurement
Given the costs of research and development and marketing, it is no surprise that
procurement of pharmaceuticals is often riddled with bribery and corruption.
A particularly harrowing example of this is the story of two former UN consultants rigging
contracts to supply critical, lifesaving medicines to the Democratic Republic of Congo. The
drugs were to tackle HIV and malaria in a conflict and poverty-stricken country.
The consultants, who had been hired by the UNDP, leaked inside details to the Danish
pharmaceutical company Missionpharma, which ensured the latter won the contract. They
received $1 million for their corrupt act, and the money was to be laundered through
London with the help of a lawyer, a bogus account and an offshore transfer.
The stated aim of the conspirators was to get rich, and a quote from one of their emails
stated how they expected to achieve this:
Clearly supplying small amounts of grossly overpriced drugs to dying and starving Africans is a
good start.
Instead, they ended up with ruined professional reputations and jail terms of 1 year and
15 months.
69. Drug Watch, ‘Big Pharma's Role in Clinical Trials’: https://www.drugwatch.com/featured/clinical-trials-and-hidden-

data/ – accessed January 2018
108
12.6 Distribution
A second article from Drug Watch, entitled Drug and Device Companies Gave Billions to
Doctors in 2016 states:
Pharmaceutical and medical device companies gave $8.18 billion to doctors and teaching
hospitals in the U.S. in 2016… The payments are for things like travel, research, gifts, speaking
fees, meals, and ownership or investment interest.70
Here is another very interesting approach.
Case study: Schering-Plough
Schering-Plough Corporation (now part of Merck & Co) is a US-based

pharmaceutical company. One of the company’s subsidiaries, based in
Poland, made charitable donations of up $76,000 to the Chudow Castle
Foundation.
The head of the foundation just so happened to be the Director of the

Silesian Health Fund. The Fund was a Polish government institution that
provided money for the purchase of pharmaceuticals – an action which
influenced the purchasing of said pharmaceuticals by other entities within
the Polish healthcare industry.
The Securities and Exchange Commission held that Schering-Plough had

made the charitable donations in attempt to influence the purchase of its
pharmaceuticals in the Polish market. The company was fined $500,000
under the FCPA.
12.7 Sanctions and terrorist financing
Generally, medical and humanitarian supplies are exempt from sanctions. However,
that does not mean that pharmaceuticals and biotechnology industries do not have any
sanctions issues. There are many chemicals which are used in the pharmaceutical industry
and laboratory research that also have applications in the production of chemical weapons.
For example, according to The Times of Israel,71 Germany exported 100 metric tons of
dual-use chemicals to Syria between 2002 and 2006. The chemicals exported were
hydrogen fluoride and ammonium hydrogen fluoride, which do have a genuine civilian
purpose but they are also precursors for the chemical weapon, sarin gas.
As such, the exports could have been in violation of the Chemical Weapons Convention.
The German government responded by saying that there is no evidence that the chemicals
exported were used for anything other than their original purpose.
70. Elaine Silvestrini, ‘Drug and Device Companies Gave Billions to Doctors in 2016’, Drug Watch, 17 May 2019:
https://www.drugwatch.com/news/2017/07/03/big-pharma-influence-doctors-2016/ – accessed April 2018
71. Times of Israel, ‘Germany supplied 'dual-use' chemicals to Syria’, 19 September 2013: https://www.timesofisrael.
com/germany-supplied-dual-use-chemicals-to-syria/ – accessed March 2018
109
In addition to the above, there is the issue that legitimate pharmaceutical and
biotechnology research, can be misappropriated for terrorist use. One report summarised
the issue as follows:
Biotechnology represents a ‘dual use’ dilemma in which the same technologies can be used
legitimately for human betterment and misused for bioterrorism.72
The above could include research into vaccines and antivirals against infectious diseases,
which could be diverted for bioweapons and bioterrorism.
A failure to manage any of the above scenarios could result in a sanctions violation. It
should also be remembered that terrorist financing applies to any form of assistance,
not just funds. As such, knowingly or unknowingly allowing dual-use chemicals and
biotechnology to get into the hands of designated terrorist organisation e.g. members of
Hezbollah, would be in violation of such sanctions. Of course, any outright sales to such a
group would also constitute a sanctions violation.
For banks and financial institutions, the message on health care and pharmaceuticals is
essentially the same as for other industries – that is to understand the structure of the
industry and the specific areas that are susceptible to financial crime.
For the individual company/customer, it is about their governance framework, transparency

and country by country reporting.
The industry, perhaps more than any other, requires a high degree of ethics and integrity
in its approach to research and development, manufacturing, marketing, procurement
and distribution. The governance framework must fully support and monitor that on an
ongoing basis.
In addition, there are major sanctions issues that directly relate to the industry. Every
company operating within it must ensure that their governance framework, policies and
procedures properly identify and manage these risks.
72. The National Committees, Biotechnology Research in an Age of Terrorism: Confronting the Dual Use Dilemma:
https://www.nap.edu/resource/biotechnology_research/0309089778.pdf – accessed April 2018
110
Unit 3
Financial Market Product
and Service Risk Typologies
Unit 3: Financial Market Product and
Service Risk Typologies
Learning objectives
z review some of the major financial market products and their susceptibility
to financial crime
z describe the risk control implications of the major financial market products
on banks and financial institutions
z demonstrate how the financial crime risks specific to financial market
products are best mitigated and managed.
1. Derivatives
1.1 Product overview
Derivatives are either exchange-traded or over-the-counter (OTC). The former includes

exchange-traded futures and options and their financial crime risks are primarily
dependent on the risks of the exchange. OTC derivatives are traded in open markets and
their risks are somewhat more elevated. This overview will focus on OTC derivatives.
In their most basic form, derivatives are so named because their value is ‘derived’ from
the value of another asset. Interest rate derivatives are valued based on cash loans and
deposits (in the short term anyway). Equity derivatives are based on equity prices, and
commodity derivatives are based on the price of the respective commodity e.g. oil.
The diagram below illustrates one of the simplest forms of a derivative, the interest
rate swap. In the diagram Customer B is ‘swapping’ their floating interest rates (LIBOR,
the London interbank offered rate) for a fixed rate. It could be because B has a 30-year
mortgage on which he/she is currently paying LIBOR, but would prefer to pay a fixed rate.
Alternatively, Customer A has invested in a 30-year bond and would prefer to swap his/her
floating rate of interest for a fixed rate.
Simple Interest Rate Swap Example
Fixed Fixed
Customer A Bank Customer B
LIBOR LIBOR
112
Unit 3: Financial Market Product and Service Risk Typologies
If the interest rate fixings were every 6 months, the bank would calculate the difference
between the fixed and floating rates for each customer on the relevant date and pay/
receive the difference between the two rates. As the contract is for 30 years, the value of
the swaps at any point in time will be the cumulative value of the differences in those 60
cashflows over 30 years. Those cashflows are known as the cashflow ladder and their value
will change with every change in the floating rate, LIBOR.
As such, the value of a swap will be primarily dependent on the change in the floating rate
– LIBOR, or EURIBOR the European equivalent, or Prime the US equivalent or any other
floating rate index in a domestic interbank market.
The diagram above used to hold true in the days when banks had ‘matched swap books’ –
meaning they literally would search the market for a matching swap in order to hedge their
risk. Nowadays, the major banks hold massive portfolios and they are constantly executing
transactions. As such, rather than having to offset individual transactions, they manage
entire portfolios.
The notional value of OTC interest rate swaps outstanding is approximately $6 trillion. That
is why the LIBOR scandal, falsifying the LIBOR, rate was such a big issue.
What can be done for interest rates can be done for currencies in the form of cross-currency
swaps, equities in the form of equity swaps, and commodities in the form of commodity
swaps. In each case, the indices used in the valuation will be those that are relevant to
the product e.g. currency interest rates, equity indices and commodity indices – oil swaps
would be priced of benchmarks Brent crude and West Texas Intermediate (WTI).
Swaps are linear instruments, meaning their values change in direct proportion to the
change in the indices to which they are referenced. Not so for the other major category of
derivatives known as options.
Options do exactly what they say on the tin: for a price, known as the premium, they
give the holder the right to either exercise their ‘option’ or walk away if the value does
not suit them. Options can be written to give the holder the right to buy or sell whatever
instrument or asset the option is written on. As such there are options on interest rates, on
currencies, on swaps, on stocks, etc.
It should be no surprise that options do not have a linear payoff. Their payoffs are
dependent on market rates/indices/prices, time and a factor known as volatility – an
indication of variability in price. Options are priced/valued using one of two model
approaches.
1. Black Scholes
2. Binomial
The more complex the option, the more complex the inputs; the more complex the
valuation, the greater the opportunity for manipulation. This has significantly important
consequences for both market risk management and financial crime risk management.
113
Depending on how derivatives are structured, they can be used to alter cashflows and thus
change the timing of the value of reported profits, assets and liabilities. Where derivative
contracts are settled can also impact or alter the jurisdiction in which cashflows arise, once
again impacting reported profits, assets and liabilities.
The risk is that in some situations, such manipulation of cashflows which result in financial
misstatements, can result in fraud, tax evasion and a general reduction in transparency,
which in turn can have other financial crime implications. This has consequences for all
stakeholders including investors, bankers and the revenue authorities.
The question is, how do we determine that such a manipulation is taking place and how do
we detect it?
From another perspective, derivative markets are for the most part highly liquid. They
therefore, because of the sheer volume of transactions involved, can readily facilitate the
execution of transactions which probably might not be picked up or recognised as being
illicit.
We will look at both exchange-traded and OTC derivatives, including some highly publicised
examples of where things went wrong.
Generic derivative typologies
There are several different derivative strategies that can be used for fraudulently
generating gains. The following are but a few examples of this.
Wash trading
In the futures markets, the frequent trading of transactions in highly liquid markets makes
it difficult to spot unusual transactions. Even more so when where a broker uses omnibus
accounts to hide the customer audit trail, it provides great flexibility in the execution of
what are known as ‘wash trades’.
With wash trades, a complicit broker will hold two offsetting transactions for a customer,
the profitable trade will be assigned to one account and the loss trade to another, with no
apparent linkages between the two. The profitable account would be in the name of the
customer or party receiving the bribe.
Structured gains
Where transactions are structured to create a gain, for example using options, structured
derivatives or any form of speculative trading, using off-market prices. Additionally, the
settlement of the transaction and the realisation of the gains could be done in an offshore
location.
Such transactions are more likely to take place with OTC rather than exchange traded
contracts where there is much greater flexibility to manipulate the execution rate.
114
Insider trading using – Structured/synthetic derivatives
This is where a portfolio is structured to replicate a particular stock in order to

anonymously take advantage of inside information – not always readily identifiable.
1.3 Case studies in derivative manipulation
Case study: Greek debt, Goldman Sachs and the

Euro
One famous example of the manipulation of cashflows and the restatement

of assets and liabilities is the series of cross-currency transactions executed
by Goldman Sachs on behalf of Greece, when that nation was trying to
qualify for entry into the euro.
Cross currency swaps on their own are perfectly legitimate transactions.

They simply swap assets and liabilities in one currency for another and in
most instances, they would be done at a market rate – properly reflecting
the commercial nature and purpose of the transaction.
However, in Greece’s case, the purpose of the transaction was not

commercial in the normal sense of the word. The aim was to both reduce
the country’s level of foreign currency, i.e. non-euro debt as well as reduce
the total outstanding debt, for Greece to qualify for entry into the euro.
As such, the transaction not only swapped/exchanged yen and dollars,
currencies in which Greece had borrowed money, for euros, it did so at an
artificial exchange rates.
These artificial exchange rates reduced Greece’s stated liabilities and

outgoing cashflows in the short term and significantly inflated them in the
longer term, effectively shifting the country’s debt to a later date. If this was
a company, stakeholders would have been very concerned.
So, what if it was? Here is a corporate example of manipulation by way of

derivatives.
Case study: Deutsche Bank and Bank Monte dei

Paschi de Siena
The headline in the Handelsblatt Global read: Deutsche Bank, an International

Criminal Organization? It was in reference to the accusations levelled by
Italian prosecutors. In this case, the customer was another bank, Monte de
Paschi, the world’s oldest bank. Monti dei Paschi had lost $462 million on
an investment with significant negative impacts on capital and profitability.
Such a loss would not have gone down very well with the bank’s
shareholders.
It was late 2008 when the credit crisis was taking hold. The senior executive of
Monte Paschi believed that if the news of the loss became public knowledge,
115
it may have resulted in a sharp reduction in the share price, a run on the
bank and the need for a bailout by the Italian government.
Their response was to approach Deutsche Bank, who had structured the
original trade that generated the loss. What transpired was a structured
derivatives transaction which generated sufficient profits in the current
period to cover the losses, while shifting those losses to later periods. In
some ways, it was like the Greek trade. So how did Deutsche manufacture/
structure the trade?
As in the Greek/Goldman example, they manipulated the indices, in this case equity not
currency exchange rates, used to value the transactions. As many as six current and former
managers of Deutsche Bank are currently on trial in Milan for fraudulently misstating the
financial statements and misleading shareholders/the markets.
In both cases, there are some issues that readily stand out and which should always be
taken into consideration when looking at derivative transactions.
1. Transaction purpose
2. Transaction rate
3. Financial statement impact
Case study: Glencore cross currency swaps
Glencore, the Australian mining company, executed a number of cross-

currency interest rate swaps – a derivative transaction that changes loans
from one currency into another. There are perfectly logical reasons for
executing such transactions. They include reducing the cost of borrowing
and ensuring that assets are financed in the currency in which they are
held.
In Glencore’s case however, AUS$25 billion of such transactions were

executed between its Australian and Bermudan units. The Australian Tax
Office (ATO) viewed these transactions as non-standard, non-commercial
and inappropriate. The Guardian reported:
In March last year, the ATO issued an alert about the practice. “Under these
arrangements, companies use their related party financing arrangements
to create an alleged need to swap currencies and periodical payments for
questionable commercial reasons,” it said. “We are concerned that these
arrangements achieve contrived thin capitalisation, withholding tax and transfer
pricing outcomes”.
It also threatened to sink the currency swap deals in a submission to a Senate

inquiry this year into corporate tax avoidance. It said it was “scrutinising a
number of these deals” that “do not reflect commercially rational behaviour”
and, it suspected, had been entered into to avoid tax.73
73. Ben Doherty, ‘Glencore's Australian arm moved billions through Bermuda’, The Guardian, 5 November 2017:
https://www.theguardian.com/news/2017/nov/05/glencore-australian-arm-moved-billions-through-bermuda –
116
There are some very clear rules that should be followed when looking at derivative
transactions.
z Transaction purpose
This is perhaps the single most important factor. All auditors, risk managers as
well compliance staff should ask: what is the purpose of the transaction? What is the
commercial motive? So often with derivatives the concern is with the valuation and
not why the transaction was done in the first place.
Under the EU’s MiFID (Market in Financial Instruments Directive) rules, structured
transactions must be suitably presented and explained in terms of its cashflows/
payoffs as well as impacts in value due to market changes – up or down. MiFID or
not, transaction payoff diagrams are de riguer for structured derivative transactions.
This should be the starting place for any review, the primary question being ‘does it
make commercial sense?’
z Transactions at non-market rates
The execution of transactions at market rates should be the norm. Where off-market
rates are used, there should be proper documentation and approvals as to why a
departure from the norm was necessary
z Cashflow analysis
OTC derivatives have future cashflows that can go out many years. Inflation swaps
for example can be executed with a maturity of 50 years. Examine the cashflow
ladder in order to determine if there are any issues or anomalies that warrant
further follow-up.
z Changes in nature and type of transactions
Wherever there are significant changes in the nature and type or the volume of
derivative transactions executed by a customer, this should be reviewed to ascertain
the reasons behind such a change.
z Standard settlement instructions (SSIs)
Where a customer’s SSIs are changed to an offshore location, there must be

documentation as to the commercial reason as to why this must be so, including the
possible impact on the customer’s financial affairs.
z Omnibus accounts
For those trading on exchanges, we noted earlier that not accepting cash or
cash instruments was a good way to prevent money laundering – neither should
brokerage accounts be used as bank accounts. There should also be highly
restricted use of omnibus accounts as these can limit customer transparency.
117
z Monitoring of customer accounts
Customer accounts should be monitored on an ongoing basis to determine if there

is any significant pattern of gains and losses.
5. Foreign exchange
Foreign Exchange or FX is simply the exchange of one currency for another. Market
participants will agree an ‘exchange rate’ based on market prices, on trade date. On
‘settlement’ date the funds will be transferred or ‘settled’ in the relevant currency accounts
that each party to the deal has nominated. In the absence of any other transactions, each
party will ‘long’ the currency bought and ‘short’ the currency sold.
The vast majority of trades are settled ‘spot’, that is, within two days. Trades are also settled
‘forward’ which by definition means beyond spot, and that can be anything from a week to
1 or 2 years. FX transactions settling out to five years, known as medium term FX (MTFX),
are less common.
Forward FX trades are priced based on the differential in interest rates between the
transacting currencies.
Forward trades can either be ‘outrights’ i.e. a single foreign exchange deal, or ‘swaps’,
where two equal and opposite deals are executed simultaneously. The latter is usually
focused on taking advantage of the interest rate differentials between two currencies.
The vast majority of FX trades are executed as one currency against the dollar e.g. USDJPY
for dollar against yen. Even when executing ‘cross-currency’ trades e.g. GBPJPY, sterling
against yen, the market practice dictates that this will be done as simultaneous USDJPY and
GBPUSD trades – to take advantage of the greater liquidity of the dollar as compared to all
other currencies.
The FX market is one of the most liquid markets in the world. It has been described as
the market which most closely approximates the very definition of a free market – a large
number of willing buyers and sellers with full price transparency.
Yet still, there have been instances of market abuse including front running of customer
orders and rigging of market rates. Many trading rooms now disallow the use of mobile
phones and Internet chat rooms on the trading floor to deter collusion amongst traders.
Trader records are also being monitored now more than ever.
Another potential financial crime weakness of the foreign exchange markets is the ease
with which it transfers money from one currency to another, and one jurisdiction to
another, in very short order. Further, the purpose of an FX transaction is not always easily
or readily discernible, especially where the customer is a non-bank financial institution
(NBFI).
118
What is readily discernible however is the volume or flow of customer transactions. This
should be properly monitored to determine if it is consistent with the customer’s business.
In addition, wherever customers require settlement in offshore jurisdictions, the reasons
for this should be ascertained and documented.
This is one of the main reasons why Wachovia got into serious trouble (covered in the
section on money services business – MSBs) with the US authorities. It failed to monitor the
volume of transactions coming through from its Mexican CDCs and as a result it facilitated
the laundering of millions of dollars for the drug cartels.
There is one very good example of the use of FX in sanctions violation – one of the biggest
sanctions cases ever. It is that of BNP Paribas and we will spend some time examining it.
Case study: BNP Paribas (BNPP)
It was the first time in history that a financial institution had been convicted
of a criminal offense for violating US sanctions. We begin with an extract
from the US Department of Justice statement on the case:
“BNP Paribas flouted U.S. sanctions laws to an unprecedented extreme,

concealed its tracks, and then chose not to fully cooperate with U.S. law
enforcement, leading to a criminal guilty plea and nearly $9 billion penalty” said
Assistant Attorney General Caldwell…
“BNPP, the world’s fourth largest bank, has now been sentenced to pay a record
penalty of almost $9 billion for sanctions violations that unlawfully opened the
U.S. financial markets to Sudan, Iran, and Cuba,” said U.S. Attorney Bharara.
“BNPP provided access to billions of dollars to these sanctioned countries, and
did so deliberately and secretly, in ways designed to evade detection by the U.S.
authorities. The sentence imposed today is appropriate for BNPP’s years-long
and wide-ranging criminal conduct”.74
BNPP pleaded guilty and admitted criminal liability in the processing of

billions of dollars for sanctioned Cuban, Iranian and Sudanese entities. The
bank was fined $8.9 billion and banned from using dollars in New York for
all of 2015. The fine was more than 10 times larger than any previous fine.
Why was this case? The following is a list of the issues arising from the
BNPP case, as laid out in the settlement agreement with the US Treasury.75
1. The bank engaged in a systematic practice, which saw it processing

thousands of transactions through US financial institutions, on
behalf of entities that were subject to US sanctions
2. The practice involved multiple branches and business lines, including

FX and trade finance
74. US Department of Justice, ‘BNP Paribas Sentenced for Conspiring to Violate the International Emergency
Economic Powers Act and the Trading with the Enemy Act’, 1 May 2015: https://www.justice.gov/opa/pr/bnp-
paribas-sentenced-conspiring-violate-international-emergency-economic-powers-act-and – accessed March 2018
75. US Department of the Treasury, Settlement Agreement: https://www.treasury.gov/resource-center/sanctions/CivPen/
Documents/20140630_bnp_settlement.pdf – accessed March 2018
119
3. The practise, generally described as wire or payment stripping,

included:
a. omitting references to sanctioned parties often leaving data

fields blank
b. omitting references to sanctioned parties and replacing their
names with BNPP or an internal code
c. structuring payments in a manner that did not identify
the involvement of sanctioned parties in payments sent to
financial institutions.
4. Several BNPP units/entities developed specific procedures to

circumvent US sanctions against Sudan, Iran, Cuba and Burma/
Myanmar
5. The bank maintained correspondent accounts for Sudanese banks

on the Office of Foreign Asset Control (OFAC) list
6. As part of its deception, BNPP developed a structured two-stage

process, book transfers followed by payment instructions in BNPP’s
name, to conceal transactions with Sudanese entities which had
been placed on the OFAC list
7. Many of these transactions were EURUSD FX transactions where

the book transfer and the payments were executed for the same
amounts, on the same dates and for the same exchange rates
8. BNPP opened and account for a customer with an address in Dubai

but which:
a. was part of a network of eight companies – four of which

were incorporated in Iran
b. the companies constituted an energy group, owned and
controlled by an Iranian citizen
c. the Iranian citizen was ordinarily resident in Iran
d. the company was involved in the buying and selling of
petroleum products to and from Iran
e. when an OFAC query on the Iranian customer was raised by
one of its correspondent banks, BNPP failed to provide the
correct information, instead implying that the customer had
nothing to do with Iran.
The above summarises all the things that a financial institution should not
do in respect of sanctions. The fact that what BNPP did was a deliberate act
of management compounded the problem. However, the most egregious
aspect of the case is the fact that BNPP engaged in a deliberate cover-up
and structuring of transactions, including FX, and then refused to cooperate
with the US authorities.
In this regard, BNPP were badly advised, as under the US system of justice,
the cover-up is considered worse than the crime. If anyone is in any doubt
120
of this then they should look at the woeful tale of Richard Nixon, who
was made to resign the presidency not because he was involved in the
Watergate break-in of the Democratic headquarters, but because he tried to
cover it up.
The moral of this story therefore is that whatever the failure or failing in
respect of sanctions, such as a breach or violation, there must be full and
open disclosure.
From an FX perspective, the indication is that several ‘wash trades’ were

executed. FX lends itself to numerous offsetting transactions because of the
fungibility of the product and the liquidity of the markets. There is another
very important aspect to this. Internally generated journal entries were
used to transfer balances across accounts, then the funds were moved
using FX transactions.
The deposit of funds and the use of FX transactions to immediately move it

offshore is a typical of traditional money laundering. One of the illicit actors
in the Petrobras affair, a former director of the company, is alleged to have
moved $400 million offshore using FX transactions. What is unusual in this
case is the use of internal account transfers to disguise the source of funds
and evade sanctions.
Banks and financial institutions must monitor the level and extent of customer FX flows,
and how and why the transactions are being used. This is not merely an issue of individual
transactions – although a single transaction in terms of size and complexity could be
viewed as unusual, and should be reviewed.
As such, the use of FX transactions must first be assessed in respect of a customer’s

business, as well as, how it impacts and relates to other transactions, including other FX
transactions. Due attention must also to be paid to any use of internal transfers/journal
entries offsetting FX transactions.
As with derivatives, there must be procedures in place to identify any transaction done at
off-market rates to determine their purpose. Where customers are settling transactions
offshore, a determination should be made as to why and whether it is consistent with the
customer’s business.
6. Loans and syndicated loans

Loans are the simplest form of financial transactions. In respect of syndicated loans, it is
important to understand the various parties involved in the transaction and their roles.
z Borrower
The company, institution or legal entity borrowing the funds.
121
z Lead manager(s)/arranger(s)
This is the bank or financial institution, or group of banks and financial institutions,
mandated by the borrower to provide the requisite credit facilities. It is the
arrangers who provide advice to the lender on the terms of the facility and the
decision to go with a syndicated credit.
The arrangers also underwrite the facility for a suitably negotiated fee and will
usually take a portion of the credit.
z Lenders
The other lenders other than the lead managers and arrangers who take a part of
the credit.
z Agent
The institution or entity responsible for administration of the facility including

monitoring of borrower compliance with terms, formal notifications of events,
principal and interest payments.
z Guarantor
In some instances, there is a loan guarantor.
From a customer due diligence (CDD) perspective, the fact that it is a syndicated loan
in no way diminishes the responsibility of every lender in the syndicate to perform the
appropriate due diligence on the borrower. Due diligence should also be performed on the
arrangers, the agent and the guarantor(s) where appropriate. Such due diligence should
cover the basics of ensuring that the parties are suitable for entering a relationship.
There are other issues which lenders must consider. They include possible bribery and
corruption risks and future changes in sanctions regimes. As we have seen in earlier
sections, bribery and corruption risks manifest themselves in many ways and are a clear
and present danger to banks and financial institutions in so many aspects of their customer
and business relationships – under the UK Bribery Act an institution can be charged with
facilitating bribery.
CDD also impacts the assessment of a customer’s sanctions risk exposure. Yet, this is never
static as sanctions regimes are constantly changing.
However, the issue with loans is that they tend to be long term, while due diligence may
too often assess a snapshot of a customer’s financial crime (and credit) risk as at a specific
date. Banks tend to review customers automatically every 1, 3 or 5 years, depending on
whether they rate their customers’ risk as high, medium or low respectively. This may
assist in ensuring that there is ongoing evaluation of the relevant risk exposures over long
periods of time.
122
They also will review customer relationships should there be a ‘trigger event’. If that trigger
event is negative from a reputational perspective, including for reasons of financial crime,
then lending institutions have to be in a position to reduce or mitigate their exposures.
6.3 Loans and syndicated loans – Risk control implications for banks
and financial institutions
Bribery and corruption
To safeguard against bribery and corruption risks exposures, the Loan Market Association
(LMA) recommends that there should be anti-corruption provisions in loan arrangements.
The following wording should be included in loan agreements.
No Obligor shall (and the Parent shall ensure that no other member of the Group will) directly or
indirectly use the proceeds of the Facilities for any purpose which would breach the Bribery Act
2010, the United States Foreign Corrupt Practices Act of 1977 or other similar legislation in other
jurisdictions.76
The British Bankers’ Association (BBA) further recommends as follows:
[to] the extent possible written contracts should be entered into with relevant associated persons
and where appropriate should contain provisions in respect of adherence to relevant anti-bribery
laws, regulations and, in some cases, the organisation’s policies and procedures. The contracts
should warrant that the associated person has not and will not breach relevant anti-corruption
laws. Additional contractual provisions to consider include… additional anti-corruption
representations and warranties as deemed appropriate.77
Sanctions
The following case study/story is highly instructive.
Case study: Lending and Syndicated Loans in the

Russian Market
Exclusive: Russia sanctions disrupt Italian bank’s 5 billion euro loan deal
LONDON/MILAN (Reuters) – Italian bank Intesa Sanpaolo has encountered

problems syndicating a loan to Glencore and Qatar’s wealth fund to finance
their purchase of a stake in the Kremlin – controlled oil major Rosneft because of
new U.S. sanctions against Russia.
Four banking sources told Reuters that Western banks including from the United
States and France have so far put on hold their participation in the syndication
of the 5.2 billion euro ($6.13 billion) loan that Intesa provided last year.
76. Slaughter and May, Anti-corruption provisions in loan documentation: https://www.slaughterandmay.com/

media/2536213/anti-corruption-provisions-in-loan-documentation.pdf – accessed March 2018
77. British Bankers’ Association, ‘Anti-Bribery and Corruption Guidance 2014’, 6 May 2014: https://www.bba.org.uk/
policy/financial-crime/anti-bribery-and-corruption/anti-bribery-and-corruption-guidance/ – accessed April 2018
123
Intesa (ISP.MI) invited about 15 banks to join the loan when it opened the
syndication in May. A loan of this size would normally take between four and six
weeks to syndicate, though deals involving emerging markets can sometimes
take a few weeks longer.78
The Italian bank in this case was left holding much of the credit and could
not reduce its sanctions risk exposure.
In a paper on Banking And Project Finance, Sanctions,79 which it calls ‘An

Expanding Minefield’, the IFLR set out four scenarios which banks should
consider when lending in the Russian market. They are as follows:
Scenario 1 – A loan facility with a Russian borrower is signed but

undrawn. The US or EU then sanctions the Russian borrower, who
submits a drawdown request the following day.
In such a case, the loan agreement should have a basic clause stating
that the commitment to lending is automatically cancelled if to make such
a loan would be illegal or subject to sanctions. A previously committed
lender would be able to leave the loan/syndicate without the approval or
agreement of the other lenders.
Scenario 2 – A loan facility with a Russian borrower is signed and fully

drawn. The Russian borrower then becomes sanctioned by the US or EU.
In this scenario, there would have to be adequate loan clauses that allow a
lender to exit the credit. The issue still remains as to how the lender would
be able to recoup the funds from a borrower under sanctions – given that
any payment by that borrower would have to be blocked. It is suggested
that the lender would have to seek a special licence.
Scenario 3 – Facilitation risk: the Russian borrower is not sanctioned, but

it is dealing with entities who are sanctioned.
To safeguard against this, loans should have covenants that render any
credit null and void or more precisely refundable, if the funds are used with
or diverted to sanctioned entities that are sanctioned.
Scenario 4 – Reputational concern: the Russian borrower is not

sanctioned, but one of its officers or directors is sanctioned.
The above concern is both sensitive and high risk – the director for example
could be a member of Putin’s inner circle – heightening the reputational
risk impacts. To mitigate against such an event, the remedies in Scenario 3
would appear to be most appropriate.
78. Sandrine Bradley, Stephen Jewkes, Dmitry Zhdannikov, ‘Russia Sanctions disrupt Italian bank's 5 billion euro
loan deal’, 25 August 2017: https://www.reuters.com/article/us-intesa-loan-sanctions-idUSKCN1B5172 – accessed
February 2018
79. Dokumen, Banking And Project Finance – Sanctions, ‘An expanding minefield’, July/August 2014: www.linklaters.
com/pdfs/mkt/moscow/IFLR-Expanding-Minefield.pdf – accessed February 2018
124
While not relating to loans, there is the recent instance of gas turbines sold
by the German multinational Siemens to a Russian company which would
give everyone dealing in sanctioned markets cause for concern. Apparently,
Siemens had expressly forbidden the onward sale or transfer of its turbines
to sanctioned entities but the Russian customer did it anyway – transferring
the turbines to the Crimea – a region under comprehensive sanctions by the
US, the EU and the UK.
In response to this move, the EU has added the name of the customer and
some of its directors to its existing sanctions list. However, the damage has
been done.
Finally, a thematic review by the UK’s Financial Conduct Authority (FCA)

reinforced the principle that irrespective of the other parties or agents
involved in a transaction, all entities must perform their own sanctions
screening.
7. Securities
A corporate entity looking to raise finance can use a bank loan, a corporate bond or
equities (stocks). A bank loan generally sits on the books of the bank and unless it is
syndicated, meaning shared with other banks, the entire loan will be on the books for the
entire term – that could be for 2, 5 or even 10 years. Traditional loans are therefore static,
not tradeable, and thus tie up capital (unless they are securitised, which we will discuss
later), limiting a bank’s capability to issue further loans.
Alternatively, bonds and equities are ‘issued’ in fungible, meaning individually identical
units, on an open exchange, making them readily tradeable. What this means is that rather
than providing a loan, a bank can act as an ‘underwriter’ to a corporate issuing bonds or
equities on an exchange, directly inviting those who want to invest in the company’s bonds
and/or equities to do so. The issue is also usually syndicated, meaning the bank shares the
underwriting risks of the issue with other banks.
Exchanges provide a free market for securities and brings together corporates looking to
raise capital, with institutions e.g. fund/asset managers and insurance companies, looking
to invest. The first issue of stocks is called an initial public offering (IPA). Subsequent
trading is known as the secondary market.
Regular bank loans and mortgages can be ‘securitised’, converting them into fungible units
and then issuing them as bonds. The last financial crisis was triggered by the securitisation
of subprime (meaning less than top quality) mortgages.
The financial crime risks in respect of securities are thus primarily dependent on the rules
of the exchange, meaning:
1. who, meaning which entities, are authorised to issue their securities on the
exchange?
2. what products are authorised to be traded?
125
3. who can act as intermediaries in the trading of products in terms of banks and
broker-dealers?
4. what is the reputation of the exchange?
5. where and in what jurisdiction is the exchange and how well is it regulated?
6. who is authorised to settle transactions and provide custody services to the
exchange?
We finalised our chapter on exchanges and broker-dealers by stating that banks and
financial institutions should manage their financial crime risks exposure by using the
following.
1. Authorised Issuers
2. Authorised Products (Specific to Exchanges)
3. Authorised Broker-Dealers
4. Authorised Exchanges
5. Authorised Jurisdictions
6. Authorised Depositories
This basic principle is that products (bonds, stocks, exchange traded funds) that are bought
and sold on a properly regulated exchange have the lowest level of financial crime risk. Of
course, market abuse and insider trading are always a risk but as we covered them earlier,
we will move onto other forms of risks.
The following is a summary of various securities financial crime risk typologies.
Higher risk, unauthorised exchanges
Financial crime risks will by definition increase where a security is listed on an exchange
which is not of the appropriate regulatory standard and the risks within the jurisdiction
itself are higher. There are other issues which increase the exposure of a security to
financial crime risk and we will look at them in turn.
Bearer securities
These are securities which are not registered so ownership is anonymous. They are
therefore high risk for financial crime. Some companies still issue bearer shares – and
banks will deal with them if the ownership is disclosed and the transfer of the shares is
permanently immobilised.
The risk therefore arises from doing business with bearer share capable entities i.e.
those than can issue bearer or anonymous shares as any time. Most banks and financial
institutions prohibit dealings with bearer share capable entities.
Omnibus accounts
This is where securities are traded in an account held by a broker which has several sub –
accounts, thereby decreasing transparency and increasing the likelihood of illicit actors.
126
Mispricing of junk, high yield or illiquid bonds
Any asset for which price discovery is difficult or problematic is susceptible to being used
for financial crime. It does not matter if it is vintage cars, artwork, vintage jewellery or
illiquid and high-yield bonds. The principle is the same – the ‘price’ is whatever a willing
buyer is prepared to offer or a seller prepared to sell for.
High-yield debt prices can therefore move quite irregularly and by relatively large amounts.
It is one of the reasons why many banks and financial institutions will automatically review
any profits generated if they are above either a certain percentage of the notional amount
of the deal or an absolute dollar value.
A number of hedge funds have been placed under investigation for boosting the prices of
illiquid securities, with the help of friendly brokers, in order to improve their fees, which are
performance dependent.
Private placement
The private placement market is simply an OTC, unregulated market for raising credit. As
such, there is every possible kind of risk. The following story is an important one for the
industry.
Case study: ICBC Standard Bank
ICBC Standard Bank wanted to break into the Tanzanian private placement
market and paid its local affiliate $6 million, which was to be used to bribe
Tanzanian government officials in order to secure the bank a mandate for a
private placement of some $600 million.
The bribe was disclosed by the bank’s solicitors and the UK authorities
acted. The bank was charged with failure to prevent bribery, paid $33
million in fines and entered into a Deferred Prosecution Agreement with the
Serious Fraud Office.
Securitisation
Hal Gregersen, a co-author of The Innovator’s DNA, made the following observation when he
looked at how loans were originated for securitisation.
It’s easy for me to step back and say this. I don’t have the answer. But I look back to the financial
crisis in 2008 and wonder how many of the CEOs and executives of the major banks in the world
ever took the time to get out of their offices to walk down to their home loan making office and
just watch the process of how these loans were being made?
I bet if they had they would have sniffed something ugly really fast. And they would have done
something.
The observation effectively summarises the risks of securitisation – that the original
mortgage loans were created in a manner that was inconsistent with good financial crime,
credit or any other risk management. Some of the loans were known as ‘ninja’, meaning the
applicants had no money and no jobs.
127
This stemmed from the fact that the mortgage originations were done by unlicensed
brokers on behalf of smaller banks, who then sold the loans onto the major banks. They
could have easily been criminal gangs – acting as both originators and customers – a
mortgage, especially one where the income is ‘self-certified’ or is otherwise undetermined,
is a very effective way of laundering funds.
The above principles are also true for the securitisation of commercial real estate
mortgages, where purchases are made via offshore vehicles and the beneficial owners of
the assets have not been determined.
The principles we established when we looked at exchanges and broker-dealers, and

that we said holds true for securities on suitably regulated exchanges, still hold true for
all securities risk typologies. Banks and financial institutions operating in the securities
markets must ensure they have the following.
1. Authorised Issuers
2. Authorised Products (Specific to Exchanges)
3. Authorised Broker-Dealers
4. Authorised Exchanges
5. Authorised Jurisdictions
6. Authorised Depositories
In addition, there must be adequate controls to ensure that assets which were originated
by a third party or agent, have been subject to appropriate levels of due diligence.
8. Trade finance
The Joint Money Laundering Steering Group (JMLSG) describes trade finance as follows.
‘Trade Finance’ is used to describe various operations, including the financing – usually but not
exclusively by financial institutions – undertaken to facilitate trade or commerce, which generally
involves the movement of goods and services between two points – it can therefore be domestic
or international. The trade finance element may only be part of the overall financial component
and may have multiple variations, e.g., a domestic trade finance transaction could support an
international movement of goods, or on occasion only services may be involved.
Such operations comprise a mix of money transmission instruments, default undertakings and
provision of finance.
In the context of this guidance, the term ‘Trade Finance’ is used to refer to the financial
component of an international trade transaction, i.e., managing the payment for goods and/or
related services being imported or exported. Trade finance activities may include issuing letters
of credit, standby letters of credit, bills for collection or guarantees.80
80. JMLSG, JMLSG Guidance: Part II Sector 15: Trade finance: http://www.jmlsg.org.uk/ – accessed September 2019
128
The World Trade Organisation (WTO) estimates that some 80 to 90% of world trade relies
on trade finance (trade credit and insurance/guarantees), mostly of a short-term nature.81 It
further estimates that world merchandise exports have increased in value by 11% in 2017,
reaching $17.73 trillion. At the same time, world exports of commercial services increased
by about 8 per cent in 2017, reaching a total of $5.28 trillion.82
The principal risks in respect of trade finance are money laundering, terrorist financing and
sanctions.
‘If an item can be priced, it can be mispriced…’
The Financial Action Task Force (FATF) defines trade based money laundering (TBML) as,
‘the process of disguising the proceeds of crime and moving value through the use of trade
transactions, in an attempt to legitimise their illicit origins’.
The generic typologies for TBML are over and under invoicing, over and under shipment,
false description of goods and multiple invoicing. It is far more widespread and pervasive
than is recognised. Global Financial Integrity (GFI), in an article entitled ‘African Countries
Lose Billions through Misinvoiced Trade’,83 notes the following.
Fraudulent Trade Transactions Channelled at Least US$60.8 Billion Illegally in or out of 5 African
Countries from 2002–2011. Tax Loss from Trade Misinvoicing Potentially at 12.7% of Uganda’s
Total Government Revenue, followed by Ghana (11.0%), Mozambique (10.4%), Kenya (8.3%), and
Tanzania (7.4%).
GFI provides us a simple example as follows:
Basic Trade Misinvoicing Diagram
Mauritius $500,000 diverted Importer Offshore

Entity Pa Account
on Re ys
m illi -in
vo
$1
.5
$1 on ice mi
ys m illi s$ llio
Pa $1 1.5 n
ices mi
llio
In vo n
Ships 50 cars worth $1 million directly to India

US Exporter Indian Importer
Global Financial Integrity|www.gfintegrity.org
81. World Trade Organization, ‘Trade Finance’: https://www.wto.org/english/thewto_e/coher_e/tr_finance_e.htm –

accessed April 2018
82. World Trade Organization, World Trade Statistical Review 2018: https://www.wto.org/english/res_e/statis_e/
wts2018_e/wts2018_e.pdf – accessed September 2019
83. Clark Gascoigne, ‘African Countries Lose Billions through Misinvoiced Trade’, Global Financial Integrity, 11 May
2014: https://www.gfintegrity.org/press-release/african-countries-lose-billions-through-misinvoiced-trade/ – accessed
September 2019
129
Note the use of offshore entities and accounts which are an ever-increasing feature of
TBML. In its latest report on illicit financial flows (IFF), the vast majority of which is done via
TBML, GFI notes that:
Over the period between 2006 and 2015, IFFs accounted for over 20 percent of developing
country trade, on average, with a nearly even split between outflows and inflows.
Those growth rates translate to an estimated figure for total IFFs of $1.13 trillion in 2015;
outflows are estimated to have been $598 billion while inflows were approximately $530 billion
(in 2015).84
A report by PwC in 2015 states: ‘TBML is no longer an area that can be ignored. Criminals,
terrorists, proliferators and now regulators have identified this as the soft underbelly of
money laundering’.
TBML is on the rise because of stricter financial regulations, greater controls over the
introduction of cash into the financial system and the globalisation of trade.
Such has been the prevalence of TBML in some areas that the Financial Crimes
Enforcement Network (FinCEN) has issued what are known as Geographic Targeting Orders
(GTOs) to businesses which it suspects of being involved in TBML. One such order was
issued in April 2015 to 700 Miami businesses. In 2014, FinCEN notably issued a GTO to
businesses in Los Angeles that had the words ‘import’ or ‘export’ in their name.
Examples of TBML pricing anomalies are listed below.
True Examples of Abnormal U.S. Trade Prices
High U.S. Import Prices Low U.S. Export Prices

z Plastic buckets from Czech, $972/unit z Live cattle to Mexico, $20.65/unit
z Briefs and panties from Hungary, $739/ z Radial truck tires to UK, $11.74/unit
doz z Toilet bowls to Hong Kong, $1.75/unit
z Cotton dishtowels from Pakistan, $153/ z Bulldozers to Colombia, $1,741/unit
unit z Color video monitors to Pakistan,
z Ceramic tiles from Italy, $4,480/sq $21.90/unit
meter z Missile launchers to Israel, $52.03/unit
z Metal tweezers from Japan, $4,896/unit z Prefabricated buildings to Trinidad,
z Razors from the UK, $113/unit $1.20/unit
z Camshafts from Saudi Arabia, $15,200/
unit
z Iron bolts from France, $3,067/kg
z Toilet tissue from China, $4,121/kg
Source: Presentation by John A. Cassara
84. Global Financial Integrity, Illicit Financial Flows to and from 148 Developing Countries: 2006-2015, January 2019:
https://www.gfintegrity.org/wp-content/uploads/2019/01/GFI-2019-IFF-Update-Report-1.29.18.pdf – accessed
September 2019
130
John A. Cassara, a retired US intelligence office, in a paper that looked at TBML and
terrorism, noted the following.
Dr. John Zdanowicz, an academic and early pioneer in the field of TBML, examined 2013
U.S. trade data obtained from the U.S. Census Bureau. By examining under-valued exports
($124,116,420,714) and over-valued imports ($94,796,135,280) Dr. Zdanowicz found that
$218,912,555,994 was moved out of the United States in the form of value transfer! That
figure represents 5.69% of U.S. trade. Examining over-valued exports ($68,332,594,940) and
undervalued imports ($272,753,571,621), Dr. Zdanowicz calculates that $341,086,166,561 was
moved into the United States! That figure represents 8.87% of U.S. trade in 2013.85
8.4 Mitigating TBML risk exposures
US Immigration and Customs Enforcement has suggested banks and financial institutions
look for the following ‘red flags’.
1. Payments to a vendor by unrelated third parties;

2. False reporting (such as misclassification of commodities, or under- or over-valuation);
3. Repeated importation and exportation of the same high-value goods
4. Commodities being traded that do not match the business or businesses involved;
5. Unusual shipping or transhipment routes;
6. Packaging which is inconsistent with the commodity or shipping method (e.g.
goods that require specialised transportation, such as refrigeration, lacking such
requirements); and
7. Double-invoicing
Further red flags have included:
1. no Web presence of a party or parties

2. commodities whose values can be manipulated (e.g. used cars), or difficult to
confirm (precious gems, art)
3. payments received from third party jurisdictions
4. export of completed goods without adequate evidence of raw materials, imports,
production or assembly of them
5. sudden increase in turnover of a new trader
6. unwarranted advanced payments
7. exports documents not properly authenticated but accepted by party/parties or bank
8. payments received through multiple accounts (funnel accounts, smurfing).
Where possible transactions in ‘Free Zones’ e.g. Jebel Ali should be avoided altogether,
given the lack of transparency and controls.
Perhaps the most alarming facilitator of TBML are Latvian banks, who according to the
Organised Crime and Corruption Reporting Project (OCCRP), have advised customers
on how to make fake invoices look realistic by providing practical advice on things such as
avoiding round numbers and ensuring that there are appropriate delivery arrangements
for large items.
It is perhaps no surprise that a number of major banks have exited that country.
85. Homeland Security Digital Library, ‘Trading With the Enemy: Trade-Based Money Laundering is the Growth
Industry in Terror Finance’, 3 February 2016: https://www.hsdl.org/?abstract&did=806585 – accessed September 2019
131
8.5 Terrorist financing risks in trade finance
Where money launderers go terrorist financiers are sure to follow, as opportunities emerge.
The following examples are taken from FATF’s Emerging Terrorist Financing Risks report,86
October 2015.
Case study: Trade based financing of terrorism
Following the designation of company A as an unauthorised association in

Israel, the company was not able to import goods through Israeli ports. Despite
these restrictions, company B, a local company that imports and markets basic
food products, cooperated with company A to circumvent these limitations.
Company B first imported goods into Israel and then an accomplice, company C,
released the goods from the port and stored them. Later, company B transferred
the goods to company A in a high-risk territory for TF. As part of the settling of
accounts, company A transferred funds from its accounts to company B. The
value of the goods and transfers was estimated at several million in Israeli new
shekel (NIS).
Source: Israel
Case study: Terrorist funds sent through a front
telecommunication enterprise
In a few months, the bank account of a company A, a telecommunications

enterprise, collected more than EUR 600 000 in cash. This company received
large amounts of transfers, with no economic purpose, from different legitimate
French companies from various economic sectors, but whose managers were
originally from the same foreign country X. Some of them were suspected to
have links with a terrorist organisation. EUR 500 000 was sent by the company A
to a parent company B in the country X.
Source: France
8.6 Trade finance and sanctions evasion
International trade/trade finance can also provide an opportunity for those hoping to evade
sanctions restrictions. Methods used include:
z False flags
When shipping missile components and military equipment, North Korea uses ships
which sail under false flags – or more specifically the flags of countries that can
be bribed and whose shipping regulations are generally deemed inadequate. For
example, a North Korean ship was seized in Egypt carrying tens of thousands of
North Korean-made explosives while sailing under a Cambodian flag.
86. FATF, Emerging Terrorist Financing Risks, October 2015: http://www.fatf-gafi.org/media/fatf/documents/reports/

Emerging-Terrorist-Financing-Risks.pdf – accessed April 2018
132
Under United Nation Securities Council (UNSC) sanctions, North Korea is banned
from flying false flags and member states are obliged to de-register North Korean
vessels if they discover that is the case.
z Front companies
Countries like North Korea and Iran use front companies and agents to evade
sanctions regimes. The Mossack Fonseca files showed numerous individuals from
sanctioned countries used front companies to evade sanctions.
z Wire stripping
This is the deliberate alteration or omission of details on a funds transfer – this could
include the name and address of the beneficiary company. North Korea sometimes
used false addresses and fake names, taking advantage of its shared language with
South Korea. This was usually to trade or otherwise disguise the source, destination
or the nature of goods and services in violation of sanctions.
Case study: Standard Chartered Bank

In April 2019, Standard Chartered agreed to pay American authorities,
including the US Department of Justice, $947 million over allegations that it
violated sanctions against a string of countries including Burma, Zimbabwe,
Cuba, Sudan, Syria, and Iran.
The US treasury department stated that the bank processed transactions

worth $438 million between 2009 and 2014. All of these transactions
involved persons or countries subject to comprehensive sanctions programs
administered by OFAC, and the majority of them involved Iran-linked accounts
from its Dubai branch routing payments through, or to, its New York office or
other US-based banks.
In 2012, Standard Chartered entered into a deferred prosecution agreement

(DPA) with the US Department of Justice and the New York county district
attorney’s office over Iranian sanctions breaches beyond 2007. This DPA was
set to expire only a few days after this current enforcement action, but has
now been extended until April 2021.
Over the next two years Standard Chartered will effectively be on probation,
giving US agencies the right to criminally prosecute the bank if it breaks the
law.
The BNP Paribas sanctions violations described in the earlier section on

foreign exchange, also had trade at its heart – the purchase of oil by the
French company Total from Sudan.
Mitigating trade finance sanctions risk exposures
To mitigate sanctions risk exposures, the following parties/entities to a trade financing

transaction should be screened against sanctions lists.
1. Importer
133
2. Exporter
3. Agents and Intermediaries
4. Correspondent banks
5. Goods
6. Ports-interim and destination
7. Vessel (ship or plane)
8. Flag/Country of Registration
9. Shipping company
10. Warehousing company
In addition, some banks monitor the movement of ships online via their transponders, in
order to ensure that they are not stopping at ports which would be in violation of sanctions.
As with controls for TBML, where possible transactions in ‘Free Zones’ e.g. Jebel Ali should
be avoided altogether, given the lack of transparency and controls.
The most significant issue with sanctions under trade finance is the possible violation of the
nuclear non-proliferation treaty. It is for this reason that UN member states are required/
obliged to inspect cargo on ships destined to or coming from North Korea – where they
have a suspicion that such vessels might be operating in violation of sanctions.
In addition to the steps necessary to deter TBML and sanctions evasion mentioned in the
relevant sections above, deterring and detecting trade-based financial crime depends on
the adequacy and effectiveness of an institution’s customer due diligence (CDD). This must
encompass each customers’:
z Business ownership – If a sanctioned individual or entity exercises effective control

over an organisation, then that organisation is also effectively sanctioned. There is
also the need to ensure that there are no fake or front companies.
z Business operations – The nature and purpose of the business and the physical
location of said operations.
z Products and services – Are any of the customers’ products and services subject to
sanctions.
z Customers – Who are they? Where are they? How do they utilise the products
and services provided? The onward sale of helicopters by the non-governmental
organisation (NGO) in the chapter on Charities is a great example of that.
z Suppliers – Their location and the nature of the products they provide.
z Partners – Who are their partners and what is their role?
z Intermediaries/agents – Are there any intermediaries involved in the customers’
business? What is their purpose or role? How are they vetted? Is their usage
transparent? Are there any break clauses on contracts with intermediaries in the
event of any change in their sanctions risk exposure?
z Offshore jurisdictions – Are there any offshore locations involved in the business?
What is the nature and purpose of the use of such jurisdictions? What controls does
the business employ in the management of such use?
If you would like to learn more about TBML and financial crime, this additional ICA
qualification may be for you: https://www.int-comp.org/programme/?title=ICA-Specialist-
Certificate-in-Trade-Based-Money-Laundering
134
9. Liquidity and cash management

Liquidity and Cash Management, Payment and Cash Management or Transaction Banking
are a set of services which consist of some if not all the following.
1. Payments to suppliers
2. Cross border payments
3. Trade finance collection and receivables
4. Liquidity cash management including cash pooling
5. Cash collection
6. Clearing and settlement services (foreign exchange, securities)
Consequently, there are three major risks which present themselves. They are the
settlement systems, the inherent risks of the institution’s products and services which
are being amalgamated e.g. foreign exchange and trade finance, and the inherent risk of
customers’ operations, including their customers, intermediaries and third-parties.
9.3 Settlement systems
Given the very nature of its operations, banks offering liquidity and cash management
services must understand the nature of the national settlement systems in which they
intend to participate. The main systems are:
Real time gross settlement systems (RTGS) consist of the participating institutions
continuously settling large payments in real time. National central banks stand at the
centre of the operation, providing necessary liquidity and reducing settlement and credit
risk.
Participating institutions will have accounts at the central bank and payments from one
to another are simply debited and credited in their accounts at the central bank. Most
countries operate RTGS, including the UK, US and those in the EU.
This is the preferred approach for bank risk managers and is at its best when the central
bank is at the centre of the system.
Bilateral or Multilateral Net Settlement Systems are where participating institutions settle
their net balances either bilaterally or multilaterally as the system requires – at the end
of each day. Typically, in these systems, the central bank is not a participant. As such, the
credit risks are higher and the failure of one bank can have repercussions for the entire
system. From a financial crime risk perspective, the major risk here is the nature of the
participating institutions.
9.4 Inherent product and service risks
Banks and financial institutions are usually very good at determining the risks of a new
product. In most institutions, there is a new product approval process. The question is what
actually constitutes a new product? The answer is more expansive than most would realise.
135
The concept of a new product encompasses:
z new product to new customers

z new product to old customers
z new product to new markets
z new product to old markets
z new product to new channel
z new product to old channel
z old product to new customers
z old product to different customers
z old product to new markets
z old product to different market
z old product to new channel
z old product to different channel.
Plus: any material changes to existing products under each of the relevant scenarios.
In each of the above cases, the risk profile of the product or service will change. This is the
challenge of liquidity and cash management: to analyse and understand the emergence of
different and varying risk exposures and managing them accordingly, rather than assuming
the product and market risks are already understood based on their existing base offerings.
9.5 Customers, intermediaries and third parties
The risks are somewhat reminiscent of those we encountered in correspondent banking. There
is a need to understand the customer as well as the risks posed by the customer’s customer
– money laundering, sanctions, terrorist financing, etc. What compounds the problem further
is the presence of intermediaries and third-parties such as Third Party Payment Processors
(TPPPs) used by the customer in its commercial activities e.g. Internet sales.
PacNet, is a prime example of a TPPP going rogue. Let us examine what happened.
136
Case study: PacNet transaction laundering
PacNet Services offered local-currency payment solutions to Internet and

direct response marketers all around the world. Those services included
credit card processing, check processing and hosted e-commerce payment.
We touched on this firm previously in the MSB segment of this course.
The following are extracts from a US Treasury Department page on PacNet.
Treasury Sanctions Individuals and Entities as Members of the PacNet Group:

Action Targets Significant Transnational Criminal Organization Laundering
Millions in Illicit Funds Worldwide, 9/22/2016
Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control
(OFAC) designated the PacNet Group (“PacNet”) as a significant transnational
criminal organization (TCO) pursuant to Executive Order (E.O.) 13581, “Blocking
Property of Transnational Criminal Organizations.”
As part of today’s action, OFAC is also designating a global network of 12

individuals and 24 entities across 18 countries…
With operations in Canada, Ireland, and the United Kingdom, and subsidiaries
or affiliates in 15 other countries, PacNet is the third-party payment processor of
choice for perpetrators of a wide range of mail fraud schemes. U.S. consumers
receive tens of thousands of fraudulent lottery and other mail fraud solicitations
nearly every day that contain misrepresentations designed to victimize the
elderly or otherwise vulnerable individuals. PacNet has a nearly 20-year history
of knowingly processing payments relating to these fraudulent solicitation
schemes, which result in the loss of millions of dollars to U.S. consumers...
PacNet’s processing operations help to obscure the nature and prevent the
detection of such fraudulent schemes…
This process aims to minimize the chance that financial institutions will
detect the scammers and determine their activity to be suspicious...
In an unprecedented move, the U.S. Treasury Department has deemed PacNet a

“significant transnational criminal organization” landing it on the same short list
as some of the world’s most notorious mobsters, drug cartels and murderers.
Its acquisition by the Australian telecommunications company Telstra was

announced at the end of 2014, and completed in April 2015. The company
was headquartered in Hong Kong and Singapore, and had offices in Australia,
China, India, Indonesia, Japan, South Korea, Malaysia, Netherlands, Philippines,
Taiwan, Thailand and United States.87
PacNet had relationships with banks all over the world and any bank or
financial institution that used PacNet risked being exposed to its failings.
87. US Department of the Treasury, ‘Treasury Sanctions Individuals and Entities as Members of the Pacnet Group’,
22 September 2016: https://www.treasury.gov/press-center/press-releases/Pages/jl5055.aspx – accessed April 2018
137
Settlement systems
When determining the countries in which they want to operate, liquidity and cash
management providers should first check the settlement system in place and the risks
represented by such systems. RTGS where central banks play the central role are generally
less risk than end-of-day bilateral and multilateral settlement systems without central bank
involvement.
There have been instances where liquidity and cash management providers have had to
rethink their customer offering because they were not happy with the institutions that
participated in the settlement process.
Inherent product and service risks
The risk profiles of existing products are invariably altered when bundled together in the
form of different liquidity management products and services. The risk of the separate
parts is not equal to the risk of the whole. Firms must have a defined process in place for
adequately defining ‘new products’ and ensuring that for every new product or combination
of existing products, the financial crime risks are properly evaluated before introduction.
Customers, intermediaries and third parties
Liquidity and cash management providers use intermediaries such as TPPPs, brokers and
custodians in the provision of their services – or otherwise interact with those of their
customers. The financial crime risk implications of each of these parties must be assessed
and understood in terms of the risks they pose to the institution. This should include
assessment of the financial crime controls employed by these parties.
10. Mergers and acquisitions

We may start with the very obvious, which is to ensure that the appropriate levels of due
diligence are performed in respect of virtually all the issues we have covered so far, as they
relate to money laundering, sanctions and bribery and corruption. The latter tends to be
the most pervasive of all the risks related to large corporates.
The performance of a financial crime review has increasingly become a very important
aspect of merger activities – significant bribery and corruption cases could destroy the
value of any deal.
What is not necessarily reviewed is where there are conflicts of interests in respect of the
owners, bankers, advisors and other parties involved in the deal. Royal Bank of Canada
(RBC) found itself in one such situation where it simultaneously advised the seller while
trying to get financing fees from the buyer. RBC found itself in court and ended up paying
$76 million for its failure to get fair value for the shareholder of the target company.
There have also been instances of Chinese entities involved in takeovers of overseas
companies while being embroiled in corruption problems at home.
138
In a merger, financial crime risks can emanate from any source.
One bank, in the course of its due diligence, enquired of the owners of a target company,
how much they had paid to secure their current ownership. For some reason that
information was not forthcoming. The bank continued to conduct all other aspects of its
due diligence, and when all other work had been done and the deal was on the verge of
being finalised, the question was once again raised. The owners of the target company
finally relented and disclosed they had acquired the company for just $1.
The bank decided to terminate the transaction and advised the acquiring company
accordingly.
Mergers and acquisitions should be subject to robust financial crime reviews in addition
to the standard due diligence checks given the commercial and reputational; value of such
activity.
11. Commodities
Commodities are raw materials or primary products. They include: soft commodities, such
as sugar, coffee and corn; metals, such as copper, silver and gold, and; energy, such as
crude oil and natural gas.
Commodities are a hugely significant part of world trade and therefore many of the
risk typologies relating to trade finance are also relevant to commodities. Commodities
such as metals and energy reflect the risks of the extractive industries, while agricultural
commodities reflect the migrant labour/human trafficking issues associated with the
industry.
It should be noted that commodities such as oil and gas, as well as aluminium under
certain conditions, are frequently subject to sanctions.
The best approach is therefore to know your commodity (KYC)!
For a long time, many banks had a huge presence in the physical commodities markets.
Such was the case that many of the big US banks were known as ‘Wall Street Refiners’.
However, a combination of regulatory action and high capital requirements has resulted
in banks mostly exiting the physical markets and focusing on the financial markets –
commodity financing and commodity price risk management.
The biggest risks are therefore fraud and sanctions violations relating to financing of sales.
One of the biggest forms of fraud is lending against commodity receipts. The receipts
are supposed to be evidence of physical goods in a warehouse, yet they are the target
of commodity fraudsters. Bank lending against commodities held in a warehouse is a
139
$4 trillion market. Producers and traders finance their business by pledging their
commodity inventories for cash – but those inventory receipts are target of fraudsters.
Extract
The following was reported in Mining Weekly.
French lender Natixis SA and Melbourne-based Australia & New Zealand Banking
Group Ltd. are facing loan losses after discovering fake documents used to
verify nickel stored in Asian warehouses owned by Access World, a subsidiary of
Glencore Plc. The deals involved $305 million for ANZ and $32 million to Natixis,
according to court filings this year…
In 2014, Standard Chartered Plc, Citigroup Inc. and Standard Bank Group Ltd.
revealed almost $648 million of fraud involving copper, aluminium and alumina
stored in the Chinese port of Qingdao that had been used to raise finance
multiple times.88
Apart from the requirement for ensuring that appropriate due diligence is performed, it
is believed that the best way to avoid fraud in commodity transactions, trade finance and
inventory, is the use of digital ledgers/distributed databases using Bitcoin technology.
Sanctions risk exposure should be managed as under trade finance and extractive
industries.
88. Mining Weekly, ‘Paper trail on metal loans ended in fakes as banks lose millions’, 4 July 2017: https://www.
miningweekly.com/article/paper-trail-on-metal-loans-ended-in-fakes-as-banks-lose-millions-2017-07-04/rep_id:3650 –
140
Unit 4
Customer Due Diligence and
The Customer Lifecycle
Unit 4: Customer Due Diligence and The
Customer Lifecycle
Learning objectives
z illustrate the customer due diligence process and its role in the financial
crime risk management lifecycle
z compare each of the constituent elements in the customer due diligence
process.
1. Customer due diligence (CDD)

1.1 What is CDD?
We have already referenced the importance of robust CDD on multiple occasions in the
programme. In this segment we will take a closer look at CDD as a topic.
The Financial Action Task Force (FATF) Recommendations89 specifically prescribe when we
should perform CDD and what must be included in the process. They state:
Countries should ensure that financial institution secrecy laws do not inhibit implementation of
the FATF Recommendations.
Financial institutions should be prohibited from keeping anonymous accounts or accounts in

obviously fictitious names. Financial institutions should be required to undertake customer due
diligence (CDD) measures when:
1. Establishing business relations

2. Carrying out occasional transactions:
i. above the applicable designated threshold ($/€15,000) or

ii. that are wire transfers in the circumstances covered by the Interpretive Note
to Recommendation 16;
iii. there is a suspicion of money laundering or terrorist financing, or
iv. the financial institution has doubts about the veracity or adequacy of
previously obtained customer identification data.
We often use the terms CDD and know your customer (KYC) interchangeably, but the
guidelines move beyond that to establish the constituents of CDD – which as we have
previously noted is the overall control and a dynamic process.
89. FATF, International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation – The
FATF Recommendations, Updated June 2019: http://www.fatf-gafi.org/media/fatf/documents/recommendations/pdfs/
FATF%20Recommendations%202012.pdf – accessed November 2019
142
Unit 4: Customer Due Diligence and The Customer Lifecycle
ID&V – identification and verification of the customer to establish who the organisation is
intending to do business with.
KYC – or, knowing your customer, effectively means knowing the beneficial owner or
owners of a business, determining its internal controls and governance framework and
understanding the nature and purpose of the business.
The recommendations further stress that EDD or enhanced due diligence must be
performed where the following are involved.
1. Politically exposed persons (PEPs)

2. Correspondent banking
3. Money and value transfer services (MVTs), also known as MSBs
4. New payment technologies
5. Wire transfers or payments
ODD – performing ongoing due diligence to ensure that a customer’s transactions are
consistent with the bank or financial institution’s understanding of its business.
The final element of CDD is the Risk Approval and Management process – decisions on
when certain customer behaviours should be escalated and the decision-making process
which is a consequence of that escalation – to retain, restrict or exit a customer or groups
of customers.
In June 2019, the FCA published a thematic review90 which aimed to enhance their view of
the money-laundering risks and vulnerabilities in the capital markets and, where possible,
to develop case studies to help inform the industry. This report highlighted how important
that effective customer risk assessment and customer due diligence are in reducing
opportunities for money laundering in the capital markets due to the nature of the
transactions. The report also contains an outline of seven typologies of money laundering
in the capital markets sector, describing the flows of transactions that characterise each.
These typologies may help inform risk assessments, transaction monitoring and training.
1.2 Who must perform CDD?
The requirement to perform CDD is not limited to banks and financial institutions. There
are specific legal and regulatory guidelines which provide for a further expansion of the
scope.
DNFBPs
The FATF recommendation in respect of the requirement to perform CDD is not limited
to banks and financial institutions. They also stipulate that the CDD requirements for
banks and financial institutions must extend to designated non-financial businesses and
professions (DNFBPs). As such, when dealing or transacting with DNFBPs, an institution
90. FCA, Understanding the money laundering risks in the capital markets, June 2019: https://www.fca.org.uk/
publications/thematic-reviews/tr19-4-understanding-money-laundering-risks-capital-markets – accessed November
2019
143
must perform checks to ensure that its CDD processes and procedures are consistent with
the FATF guidelines. These should entail evaluations of
1. The adequacy and effectiveness of the internal control and governance framework
2. The customer document retention process
3. Regulatory history and oversight
EU Directives
The Fourth EU Money Laundering Directive (4MLD) established specific minimum

requirements for performing CDD; €10,000 and above for cash transactions and €15,000 for
any form of non-cash transaction.
US FinCEN Guidelines
The recently updated Financial Crimes Enforcement Network (FinCEN) rules now fully reflect
the FATF requirements, particularly as they apply to what are described as ‘covered financial
institutions’ – described by the SEC as follows:
For purposes of section 5318(j), a ‘‘covered financial institution’’ is: (1) Any insured bank (as
defined in section 3(h) of the Federal Deposit Insurance Act (12 U.S.C. 1813(h))); (2) a commercial
bank or trust company; (3) a private banker; (4) an agency or branch of a foreign bank in the
United States; (4) a credit union; (5) a thrift institution; or (6) a broker or dealer registered with
the Securities and Exchange Commission under the Securities Exchange Act of 1934 (15 U.S.C.
78a et seq.).91 Prior to the July 2016 rules (which were applicable from May 2018), such
institutions did not have to explicitly determine beneficial ownership.
1.3 Subsidiaries, affiliates and high-risk countries
Where an institution has operations in multiple jurisdictions, it must institute firm-wide

policies and procedures to ensure that there is consistency in the implementation of
CDD, including in its operations based in higher risk jurisdictions. In respect of the latter,
appropriate mitigating controls, relevant to the higher levels of risk, must be put in place.
The 4MLD further reinforces this by requiring banks and financial institutions
headquartered in the EU to apply financial crime controls and procedures in their overseas
units and subsidiaries, to ensure they are consistent with that of their EU operations.
The Fifth EU Money Laundering Directive (5MLD) builds on this rule by requiring companies
dealing with customers from high-risk third countries to perform EDD measures –
specifically focused on addressing the risk posed by deficiencies in those countries’ anti
money laundering (AML) protections.
In practice, many firms implement global policies which adhere to the highest applicable
standard, but are also cognisant of local variations where these have particular nuances.
Beneficial ownership percentage levels are an example of this.
91. Securities and Exchange Commission, Interim Guidance Concerning Compliance by Covered U.S. Financial
Institutions With New Statutory Anti-Money Laundering Requirements Regarding Correspondent Accounts Established
or Maintained for Foreign Banking Institutions, 27 November 2001: https://www.sec.gov/about/offices/ocie/
aml2007/66fr59342-51.pdf – accessed May 2018
144
1.4 The CDD process
The following diagram provides an overview of the CDD process, including when each of
the different elements are executed and by whom, in each case indicating their relative
performance in that execution.
The diagram effectively encapsulates the customer lifecycle from onboarding to the risk
management and approval stage, where decisions will be taken in respect of retention,
restriction and exit-decisions which are fed back into the determination of a bank or
financial institution’s risk appetite and the continuous execution of the entire process.
145
Identification and Knowing Your Enhanced Due Ongoing Due

Risk Management
Verification Customer Diligence Diligence
1. Onboarding 1. Onboarding 1. Onboarding 1. Transaction 1. Onboarding

When? 2. Renewals 2. Transaction 2. Ongoing 2. Renewals
3. Triggers 3. Triggers
1. Risk Managers 1. Risk Managers 1. Risk Managers 1. Sales 1. Management

2. Operations 2. Financial Crime 2. Sales 2. Trading/Product 2. Financial Crime
Who?
3. Financial Crime Compliance 3. Trading/Product 3. Operations Compliance

Compliance 3. Sales 4. Operations 4. Risk Managers
4. Sales 4. Trading/Product 5. Financial Crime 5. Financial Crime
5. Trading/Product 5. Operations Compliance Compliance
We will look at each of the elements in turn but not before placing CDD in its ordinary context. CDD is about:
z who are we dealing with?

z what is the purpose of their business?
z where are their customers, suppliers and business operations?
z how do they operate and/or execute their activities?
z why do they need our products and services?
z when do they transact?
146
2. Identification and Verification (ID&V)

2.1 Who must be covered?
For banks and financial institutions, the most important aspect of ID&V is that it must
be performed for both the corporate customer name, as well as for beneficial owners,
controllers, directors and other persons who exercise effective control over a company.
2.2 What do we mean by beneficial owners and controllers?
z General
The natural person(s), not the legal person(s) who exercises control over an entity.
z Investopedia
A beneficial owner is a person who enjoys the benefits of ownership even though title
to some form of property is in another name. It also means any individual or group
of individuals who, either directly or indirectly, has the power to vote or influence the
transaction decisions regarding a specific security, such as shares in a company.92
z 4MLD
Beneficial ownership is defined under as any person who owns 25% or more of an
entity.
z FinCEN Final Rule
Individuals meeting either of two prongs:
a. Ownership prong: Beneficial owners identified under this prong are defined
as ‘each individual, if any, who, directly or indirectly, through any contract,
arrangement, understanding, relationship or otherwise, owns 25% or more
of the equity interests of a legal entity customer.’ ...not their nominees or
strawmen.
b. Control prong: Beneficial owners identified under this prong are defined
as ‘[a] single individual with significant responsibility to control, manage,
or direct a legal entity customer,’ including: An executive officer or senior
manager (e.g. a Chief Executive Officer, Chief Financial Officer, Chief
Operating Officer, Managing Member, General Partner, President, Vice
President, or Treasurer); or any other individual who regularly performs
similar functions.
z Rest of the world
From India to Russia to China, the rest of Asia and many other parts of the world,
the relevant number for determining beneficial ownership is 10%.
92. James Chen, ‘Beneficial Owner’, Investopedia, 7 February 2019: https://www.investopedia.com/terms/b/

beneficialowner.asp – accessed November 2019
147
However, when it comes to ownership, nothing is that straightforward as the examples

below will illustrate.
Case study: Eve
The rap star Eve had a 100% ownership of a corporate entity. The natural
assumption would be that we had found our beneficial owner and as
such there was no need to look any further. However, it turned out that
her partner at the time was the sole authorised signatory on the account
– meaning he was in ultimate control of the company and thus also a
beneficial owner. Her partner at the time was Teodori Nguema Obiang – a
name which some of you might recognise from recent developments in
money laundering and corruption investigations.
Case study: Brazilian institutional fraud
A Brazilian company was duly established, and Mr A was an authorised

signatory. In effect, this meant that there would be no large transactions
or payments made by that company – unless Mr A was part of the approval
process.
Within a short period of time, a large payment was made by the firm –
and this happened without the involvement of Mr A. How was such a feat
achieved?
Shortly after the company had made all appropriate arrangements

with its main bank, the perpetrators of the crime went back to the bank
and resubmitted what they described as ‘minor amendments’ to the
memorandum and articles – including the list of authorised signatories,
thus facilitating the corrupt transfer.
This is why it has always been recommended that board resolutions be

submitted in support of any changes in the list of authorised signatories.
The second, more generic lesson, is that all documents, such as a
memorandum, articles or trust deeds, which describe the relationship
between owners and controllers, must be viewed and evaluated to properly
determine the true nature of the relationship between them.
2.3 Validation of beneficial owners and controllers
We have already established in the section on sanctions how important it is to have

in-depth, complete, accurate and validated data to reduce the incidents of false positives
and facilitate the efficient and effective processing of customer transactions. Given the
dual responsibility to validate both individual and corporate names the following fields are
recommended:
148
Individual Corporate
z Name z Business Name
z Date of Birth z Business Group
z Place of Birth z Registration Number
z Citizenship z Business Address
z Residence z Registered Address
z Tax ID z Tax Number
z Correspondence Address
z Country of Incorporation
The above must all be validated against original and ideally government-issued documents
including passports, residence visas, driver’s licences, birth certificates, company
registration record or certificate of incorporation, tax identification or registration number.
In accordance with the Foreign Account Tax Compliance Act (FATCA) and the Common
Reporting Standard (CRS), an individual’s tax status would also be determined as part of ID&V.
2.4 Screening
Corporate and individual must be screened. This will generally include the determination of:
z PEPs – are any of the beneficial owners and controllers PEPs? This does not itself
disqualify an individual from the onboarding process, but it does automatically
trigger EDD.
z Sanctions – in absolute terms, banks and financial institutions cannot do business
with entities that have been placed under sanctions. In addition, if a sanctioned
individual effectively owns and controls an organisation, that organisation is also
sanctioned. However, a bank or financial institution might still want to consider
the reputational risk issues even when a sanctioned individual does not have a
controlling interest, but still has significant involvement in a prospective customer.
z Criminals and criminal gangs – institutions must ensure they have no dealings
with criminals. The investment bank Drexel Burnham Lambert was subject to
RICO (Racketeer Influenced and Corrupt Organisations) charges because of the
involvement senior executive Michael Milken in the Junk Bond scandal of the 1980s.
Milken himself was charged under RICO with over 90 counts of racketeering and
fraud, fined $600 million, sentenced to 10 years in prison and permanently barred
from the industry.
2.5 Negative news
Negative news (also known as adverse media) screening is designed to unearth any
news on a customer being onboarded that might negatively impact the reputation of the
bank or financial institution. The simple and rational explanation for the importance of
such screening is that real-world events may provide more information on a prospective
customer than the most stringently applied and well-documented ID&V.
3. Know your customer (KYC)

KYC is about understanding the full extent of the customer’s business and the nature of the
financial crime risks which they pose.
149
3.1 Ownership
This is where ID&V and KYC interact; knowing the customer’s beneficial owners, and
understanding the way in which control is exercised, is key to determining who must be
subjected to ID&V. There are myriads of different ownership structures, many of them
designed to disguise ultimate beneficial owners (UBOs). They include the following.
z Bearer shares – the ownership of these is not registered and is thus anonymous.
Only immobilised bearer shares with declared parties no longer capable of issuing
bearer shares should be onboarded.
z Complex structures – this includes many layers or multiple jurisdictions which
makes it difficult to obtain or make sense of ownership information
z Offshore jurisdictions – further increases the secrecy potential and the ability to
disguise ownership.
z Shell corporations – goes together very well with offshore jurisdictions.
z Trusts – trusts are regulated in some jurisdictions but less so in some than others.
Then there is the issue of who retains control of the assets? Is it the settlor or
beneficiary? This is jurisdiction dependent and often not easy to discern.
z Embedded – where the ownership of a stake in a venture which is embedded in the
structure is used for diverting funds.
z Circular and aggregate ownership – this is a particularly useful way of disguising
true ownership.
Here are a few examples of the above.
Embedded structures
Case study: The Angolan state oil company,

Sonangol
Sonangol, the Angolan state oil company awarded the US company, Cobalt
International Energy, two very valuable oil exploration licences. A condition
of these licences was the inclusion of two local companies. Neither of these
companies had a track record in the oil industry but they were both now
well-positioned to make exceptional profits.
It later turned out that three government officials were involved and
had ownership interests in the licenses of the Angolan companies. They
were: the head of Sonangol at the time of the transaction and later the
Angolan Vice President; a general who was the head of the military bureau;
and another general who was an associate of President dos Santos. The
shareholdings were held via anonymous companies.
Goldman Sachs had an interest in Cobalt and suffered reputational damage

as a result.
150
Circular and aggregate ownership
Here is an example which demonstrates how a combination of different entities can be

used to hide beneficial ownership. Here, we are led to believe that Mr. A only controls 7% of
B. On closer inspection, we might have to change our views.
A 25.6%
7%
At first sight A owns just 7% of B.
However B owns 95 × 90 × 85% = 73% of itself

B 73%
95% 85%
So A’s Share of B is 7÷(100 – 73) = 25.6%
C D
90%
When looking at entities it is important to determine what, if any, associated companies

might be involved.
3.2 Offshore locations and trusts
This is the story of how the Iranian government hid its beneficial ownership of a New York
skyscraper for decades, without the US government knowing that the former not only
owned the building but was collecting millions of dollars in rent each year.
Case study: Hiding in Plain Sight
The story starts with the Pahlavi Foundation, a charitable trust established
by the former Shah of Iran that built and owned 650 Fifth Avenue, prime
real estate in the middle of Manhattan. Once the Shah, who later died, was
overthrown, control of the Foundation was to pass onto those who were
connected to or influenced by the new Iranian regime.
The rest of the story is as described below in the article from the Kleptocracy
Initiative.
Representatives from Bank Melli – an Iranian bank “controlled by Iran’s

government,” per Bloomberg, that had helped finance the construction of 650
Fifth Avenue – formed Assa Co. Ltd., an entity domiciled in Jersey. Assa Co. Ltd.
then turned to New York to form a shell company called Assa Corporation.93
Elsewhere, the Pahlavi Foundation, following the Shah’s overthrow,

transitioned into the Alavi Foundation, and formed a partnership with Bank
93. Kleptocracy Initiative, Hiding In Plain Sight: http://kleptocracyinitiative.org/2017/07/hiding-in-plain-sight/ – accessed

February 2018
151
Melli in 1989 ‘to avoid paying taxes on rental income’ from 650 Fifth Avenue,
according to the US Department of Justice. Alavi then proceeded to transfer
some 35% of its partnership with Bank Melli to Assa, which was followed
some time later by another 5% transfer to the shell company. All told, Alavi
ended with a 60% stake in the Manhattan skyscraper – with the Tehran-
controlled Bank Melli, via its New York-based shell company, retaining some
40% ownership. (As Alavi’s director wrote in 1991, ‘We were also able to
successfully carry out cultural and Islamic activities in the country of the
Great Satan’).
When US authorities finally find out that the Iranian government was
collecting millions in rental income from a building in Manhattan, they sold
the building and distributed the proceeds to ‘victims of Iranian terrorism’.
3.3 Management and governance
It is imperative that banks and financial institutions identify beneficial owners and
controllers and the role they play in the governance of the customer. It is also important
to examine how that governance and the internal control framework that supports it are
implemented throughout the customer’s business.
As noted previously, there was a time when it was sufficient to merely ascertain whether
or not a customer had an AML or financial crime compliance policy. That is no longer
sufficient. While ongoing due diligence of customer transactions is important, ultimately
it is also very important to determine if the customer’s management and governance
framework are such that they are reasonably capable of deterring and detecting financial
crime.
The emergence of standards such as ISO 37001 for bribery and corruption reinforces the
need for corporates to focus on their financial crime internal control and governance. It
also provides a perspective on what bankers should be looking for when they are seeking
to assess said internal control and governance framework.
The following are some of the issues that need to be considered.
1. Is there a proper governance policy framework?

2. Is this clearly supported from within the top echelons of the organisation?
3. Is it adequate and sufficient for the nature and scope of the customer’s business?
4. Does the customer’s internal control and governance framework take account of
high-risk products, services, activities or jurisdictions?
5. Is there a ‘three lines of defence’ (3LOD) assurance model in operation?
6. Is there clearly defined ownership and management of the risks?
7. Is there a duly constituted compliance unit that operates independently of the
business?
8. Are the internal control and governance standards consistent with recognised
industry standards?
9. Are there procedures properly for identifying and assessing risk exposures?
10. Are there procedures for properly identifying, managing and reporting breaches and
violations of policy?
11. Is the financial crime risk integrated into the overall risk management framework of
the customer?
152
By obtaining a clear understanding of these, a more accurate picture of the associated risks
will emerge.
3.4 Regulatory history and environment
Having established the nature of the customer’s internal control and governance
framework, the next step is to establish to what extent it is actually working to deter
and detect financial crime – from a regulatory perspective. This involves looking at
the regulatory history but must also take into account the adequacy of the regulatory
environment of the jurisdiction or jurisdictions within which the entity operates.
The following case study provides a very real – if disturbing – example of what happens
when complexity of organisational structure, complexity of ownership structure
and complexity of operations across multiple jurisdictions, all combine to inhibit the
establishment of appropriate regulatory oversight.
Case study: Bank of Credit & Commerce

International (BCCI)
BCCI, (which has since been referred to as ‘Bank of Crooks and Criminals
International’, the moniker which itself tells a story), arose from the bank’s
penchant for catering to customers who were involved in arms trafficking
and money laundering. Its customers included since overthrown dictators
Saddam Hussein and Manuel Noriega, the Medellin cartel and even the CIA.
BCCI was founded in Pakistan and had head offices in Karachi and London,
with a registered office in Luxembourg. Within 10 years it had some 400
branches in 78 countries – many of which were in traditional offshore
locations. The later perception was that the bank was deliberately set up
to avoid regulatory review or to muddy its organisational and ownership
structure in such a way that would make regulation either impossible or
virtually ineffective.
The bank was eventually indicted in the US for money laundering, bribery
and fraud. It was fined $200 million which in those days, the early 1990s,
was a record fine for a bank. Part of that fine related to the bank’s
deployment of nominees to exercise secretive control of three US banks. The
New York Times further described the extent of the bank’s nefarious activities
as follows:
Using codenames like “Sandstorm” for B.C.C.I. and “Fork” for its Cayman
Islands affiliate, called the International Credit and Investment Company, Price
Waterhouse sketched out in 45 pages what it termed “one of the most complex
deceptions in banking history.” It included phony loans, unrecorded deposits,
secret files and illicit share-buying schemes – all funnelled through a global
network of shell companies, friendly banks and wealthy Arab front men to cover
up the scam.94
94. Steve Lohr, ‘World-Class Fraud: How B.C.C.I. Pulled It Off – A special report.; At the End of a Twisted Trail, Piggy
Bank for a Favoured Few’, The New York Times, 12 August 1991: http://www.nytimes.com/1991/08/12/business/
world-class-fraud-bcci-pulled-it-off-special-report-end-twisted-trail-piggy-bank.html?pagewanted=all – accessed
March 2018
153
The bank was eventually closed by coordinated regulatory action across

many jurisdictions.
3.5 Source of wealth/capital and source of funds
The source of wealth/capital and source of funds are two of the most important questions
asked in the CDD process. For large institutions which are traded on some form of
established or recognised exchange, this is unlikely to be an issue.
However, for newly established organisations, how the shareholders and controllers
sourced their wealth and fund their business is important. Extracts from an EU report
on the transfer of illegitimate gains to legitimate businesses, Final Report of Project OCP
Organised Crime Portfolio95 are reproduced below. It is no coincidence that we covered some
of these sectors in the section on customer groups:
Where are organised crime proceeds invested in the legitimate economy?
Illicit proceeds are widely laundered in the European legal economy. Evidence of organised crime
investments is found in almost all EU MS (member states)…
Sectors with the high involvement of the public administration or public resources/subsidies (e.g.
real estate, construction, renewable energy), so as to benefit from infiltration and corruption in
the political and administrative system (Calderoni & Caneppele, 2009; Riccardi, 2014a)…
Sectors functional to illicit activities, for example as fronts to conceal illicit trafficking (e.g.
transportation and wholesale trade), or criminal activities (e.g. labour exploitation), useful
for transferring illicit funds (e.g. money transfer businesses), or in which frauds can be easily
committed (e.g. tax excise frauds in petrol and gas supply)…
Sectors characterised by a weak or developing regulation: e.g. construction and public

procurement (Vander Beken, 2005; Savona, 2010; Caneppele, 2014), VLT and slot machine or
renewable energy (Caneppele, Riccardi, & Standridge, 2013).
Case study: Equity Capital Markets (ECM)

Transaction
The ECM team of a major bank put together an initial public offering
(IPO) for a corporate customer. The deal was part of a wider restructuring
process with the existing shareholders required to provide a capital
injection of $20 million.
The bank’s deal team observed that 50 transactions totalling $20 million
were deposited to the requisite accounts from 25 different companies.
However, $8 million of that sum appeared to be from parties/entities which
were not existing shareholders.
95. Organised Crime Portfolio, From Illegal Markets to Legitimate Businesses: The Portfolio of Organised Crime in
Europe: https://www.int-comp.org/media/1997/ocp-full-report.pdf – accessed May 2018
154
The CDD process required the deal team to determine the source of funds
and they discovered that the $8 million was from a ‘Mr. Fixit’ who was
initially thought to be an associate of a major shareholder. However, further
inquiries revealed that the major shareholder did not know Mr. Fixit and
that the $8 million was an undocumented loan which would be paid back to
the latter offshore.
The arranging bank pulled out of the deal and notified the regulator, the
exchange and the other banks involved in the deal. On receiving the news,
the other banks also withdrew.
3.6 Negative news screening
This is an attempt to determine, from external sources, if there are any issues that would
impact the bank or institution’s assessment of financial crime risk or impact its reputation.
Searches might include the following.
1. Scandals
2. Court cases
3. Bad publicity
4. Irregularities in government contracts
5. Regulatory failures
6. Fines and/or forfeitures
7. Involvement with sanctioned entities
8. Involvement with PEPs
9. Any of the above in respect of the customer’s senior executives
10. Product or service fails
11. Qualification of the accounts/financial statements
Once again, it is worth reiterating that information gathered in such a manner could be
more valuable than the most stringent or exhaustive of CDD/KYC checks.
3.7 Nature and type of business
To properly evaluate the above risks, questions that need to be asked include:
1. Could the customer’s products and services be made subject to sanctions

e.g. weapons?
2. Is the industry readily susceptible or prone to money laundering e.g. MSBs?
3. Is the industry readily susceptible or prone to bribery and corruption e.g. oil and
gas?
4. What are the specific risks relating to the jurisdiction in which the customer
operates?
5. How well is the industry regulated in financial crime terms e.g. DNFBs?
155
One form of evaluation could include industry risk indicators. The Foreign Corrupt Practices
Act (FCPA) Tracker96 ranks industries by the number of companies that have disclosed open
FCPA-related investigations. The recent top 10 is:
1. Oil and Gas Services – 22

2. Healthcare – 8
3. Telecommunications – 8
4. Pharmaceutical – 6
5. Oil and Gas – 6
6. Banking – 5
7. Technology – 4
8. Healthcare Services – 3
9. Power Generation – 3
10. Conglomerate – 3
3.8 The customer visit
The critical question is whether a customer’s physical presence and the nature of its
operations adequately reflect the nature and scope of its activities. Earlier in this manual,
we looked at the massive fraud committed by Bernie Madoff. One of the crucial factors
in the failure to unearth the scandal was the fact that the fund management operations,
which we all now know was a Ponzi scheme, did not have the requisite operational
infrastructure to support the business that Madoff was purporting to execute.
The customer visit is a very important step in assessing the validity of any information
provided by the customer.
Case study: The multimillion-dollar fund manager

with no offices
A relationship manager boarded a flight from New York to Chicago, to meet

with a prospective customer. The customer claimed to be the head of a fund
that had hundreds of millions of dollars under management.
On arriving in Chicago, the relationship manager realised the prospective

customer had no offices of their own, and that the meeting would be taking
place in a meeting room along a corridor within a suite of offices. The
relationship manager quickly determined that the operational infrastructure
was not commensurate with the prospective customer’s stated level of
business and decided to take the matter no further.
3.9 Suppliers, contractors and intermediaries
Many of the same issues that apply to customers also apply here – an understanding of the
structure of the industry in terms of the involvement of middlemen and intermediaries, as
well as in some industries, the jurisdiction(s) in or from which they operate.
96. The FCPA Blog, ‘2017 was most active year for new FCPA-related investigations’, 28 February 2018:
http://www.fcpablog.com/blog/2018/2/28/2017-was-most-active-year-for-new-fcpa-related-investigation.html –
accessed February 2018
156
Case study: Petrobras
Petrobras is the Brazilian state-owned petroleum company. The structure

of the oil industry is such that oil companies are highly dependent on the
role of a network of construction and service companies to successfully
implement and integrate the value chain we looked at in an earlier unit.
The sheer size and complexity of such an industry results in a dizzying array
of agents, service companies and intermediaries. This is further complicated
by the fact that many of the world’s major oil producing nations are
amongst the world’s most corrupt – making oil as much a blessing as it is a
curse.
It was this combination of factors – size, complexity, intermediaries and a

good dose of government corruption – that facilitated a multibillion dollar
corruption and allied money laundering scheme, which worked as follows.
1. Brazil construction and service companies colluded to rig their bids

with Petrobras
2. The collusion was well known by senior executives within Petrobras
3. The senior executives were appointees of Brazilian political parties
4. These senior executives condoned the bid-rigging activities and in
turn were rewarded for their indulgence
5. A percentage of each contract was passed to these political parties
for their facilitation of the corruption
The current tale of the tape reads as follows: almost $2 billion in corrupt
transfers; several banks, brokerages and MSBs investigated for laundering
corrupt payments and almost 200 politicians and company executives
either in jail or under investigation. In addition, an ex-President has been
convicted in a court of law, one President has been impeached, with
another, the current President, threatened with impeachment. At the time
of writing, additional information is still emerging with cases ongoing.
We met the other half of the scandal earlier with Odebrecht, the
construction company which was charged for violations of the FCPA and
ultimately paid billions of dollars in fines.
3.10 Geography or jurisdiction
This involves the location of the customer’s operations, their customers, their suppliers,
their ownership structure and virtually anything to do with the business. Again, issues here
include offshore locations, those locations at high risk for bribery and corruption and those
locations under sanctions.
All the above must be considered in the proper evaluation of the risk.
3.11 Financial statement analysis
Analysis of the financial statements is a basic step in the KYC process. Bankers are
traditionally adept at this from a credit risk perspective. From a financial crime perspective,
157
the focus should be on inconsistencies and interpreting what those may mean. Here’s an
example.
Case study: The pub chain that was too

successful to be true
A major bank had a chain of pubs as one of its customers. The chain was
highly successful and as far as the bank was concerned all was well with the
customer. The customer’s success was credited with its great happy hour
incentives which they claimed greatly enhanced sales and profitability.
After a while, the authorities discovered that the pub chain had been
engaged in a significant money laundering scheme.
What had the bank missed?
A more critical analysis of the financial statements, including comparisons

with the pub chain’s peer group, would have revealed that the results were
too good to be true.
3.12 The Big Question: Does it all make sense?
In the final analysis, even if it appears that all considerations have been satisfied, we must
retain the ability to stand back and ask perhaps one of the most fundamental questions in
financial crime – does it all make sense?
This can sometimes simply be intuitive. Is it plausible, reasonable?. Does it ‘feel’ right?
All other things being equal, if the organisation structure or transaction cannot be
explained in simple terms, meaning there is no clear and relevant commercial motive,
then it is quite possible that ulterior motives are at play. This holds true regardless of any
professed or stated complexities.
In other instances, peer group analysis of the financial statements might provide useful
insights.
4. Enhanced due diligence (EDD)

4.1 What do we mean by EDD?
We apply ‘standard’ due diligence in situations where there are standard levels of risk.
EDD simply means going above and beyond the standard level of due diligence, primarily
because we have identified higher levels of risk or red flags, which require commensurately
higher levels of due diligence.
Alternatively, simplified due diligence, may be applied in those situations where the risks
are perceived to be low.
158
4.2 The risk-based approach to EDD
EDD is consistent with the risk-based approach. The risk-based approach basically states
that banks and financial institutions (as well as countries) must take steps to identify the
risks which impact their business and apply the appropriate methods and techniques to
mitigate such risks, in a manner which is commensurate with the perceived risks.
The risk-based approach, as illustrated in the graphic below, is the professionally

recommended approach to managing higher levels of risk and is fully supported by the
following groups, amongst others:
1. The Wolfsberg Group

2. FATF
3. The English Law Society
4. The Basel Committee on Banking Supervision (BCBS)
The risk-based approach to EDD in practice
Completing the Applying EDD to

customer/transaction higher risk indicators
ID & V and KYC
and documenting it
Gather High Risk Escalation and

EDD
Information Indicators Approval
Identify the Escalate to get

high risk higher level
indicators approvals
The importance of the final step in the above graphic cannot be overestimated. The risk-
based approach is considered professional best practice and is also enshrined in external
frameworks. Escalation and higher – level approvals are consistent with such practice and
assists in protecting both the individual performing the work and the organisation. Why is
this?
As with an accountant, lawyer or any other profession, there are no guarantees in respect
of an opinion being ‘correct’. Lawyers provide a ‘legal opinion’, accountants provide a ‘true
and fair’ view of the financial statements. In either case, regulators can only hold them
accountable if it can be demonstrated that they were:
1. Wilfully blind
2. Professionally negligent
3. An active accomplice
The latter refers to an act or omission which deliberately assisted in a misrepresentation

or falsification of the facts. The importance of this is that there is no actual requirement
159
for due diligence to be correct – there is however a requirement for it to be professional.

As such, if the onboarded customer later turns out to be involved in financial crime, a
regulator will not purely assess the individual or the institution involved on the outcome,
but whether they applied the professional approach.
The alternative is also true i.e. even if a customer’s behaviour turns out to be exemplary,
the failure to demonstrate the application of a risk-based approach to CDD could result in
the imposition of fines by the regulator. This is precisely what happened to Coutts: bankers
to the Queen.
What are high-risk indicators?
Having an effective model for identifying higher levels of risk is essential to the risk-based
approach. In the diagram which follows, the basic model looks at customer risk from
the fundamental perspectives we have encountered in our journey thus far – country/
jurisdiction, ownership structure, industry and the products and services offered. In each
case, we have indicated what would constitute high-risk indicators.
Basic customer risk model
Industry
Jurisdiction
z Arms, Weapons
z Sanctions
z MSBs
z FATF Designated
z Extractive
z Low CPI Score
z Charities
z Primary Money Laundering Concern
z Casinos
Ownership
Products
z Trusts
z Trade Finance
z SPVs
z Cash Management
z Complex
z Correspondent Banking
z PEPs
z Cross Border Payments
z Nominees
Most firms will use their risk models, similar to the basic customer risk model as defined in
the image, to rate their customers as high, medium or low risk. This is an important step in
the ongoing management of customer risks as it advises others within the institution how
that risk is to be managed on an ongoing basis. That management is usually in the form of
the frequency of the CDD/KYC review – one year for high risk, three years for medium and
five years for low. It also directly implies that customers rated high risk must undergo EDD.
However, relying on the risk rating as the sole basis for conducting EDD would be
inadequate. The risk-based approach by definition, requires the identification and
understanding of individual high-risk indicators and applying EDD directly in accordance
160
with said indicators. In this context, it is vitally important that each institution develops an
approach which is consistent with their operating profile and risk appetite.
The BSA/AML risk assessment
The Bank Secrecy Act (BSA) approach is summarised thus:
Customers that pose higher money laundering or terrorist financing risks present increased
exposure to banks; due diligence policies, procedures, and processes should be enhanced
as a result. Enhanced due diligence (EDD) for higher-risk customers is especially critical in
understanding their anticipated transactions and implementing a suspicious activity monitoring
system that reduces the bank’s reputation, compliance, and transaction risks.
Higher-risk customers and their transactions should be reviewed more closely at account opening
and more frequently throughout the term of their relationship with the bank.
4.3 Risk-based approach – Implications for banks and financial

institutions
The risk-based approach effectively facilitates applying a level of EDD commensurate with
the risks, as well as allowing for a more efficient allocation of time and resources. The
higher the customer risk, the higher the level of due diligence and vice versa.
In October 2018, FATF published guidance on the risk-based approach for the securities
sector which aims to support the application of the risk-based approach for securities
products and services, by providing specific advice, as well as examples for securities
providers and their supervisors. It focuses on details such as the necessity for the money
laundering/terrorist financing risk assessment to reflect the nature, size and complexity
of the business. It also emphasises the importance of senior management in advocating
and encouraging a culture of compliance with anti money laundering and countering the
financing of terrorism measures.97
5. Ongoing due diligence (ODD)

5.1 What is ongoing due diligence?
In financial crime terms, deterrence is ensuring that through an effective onboarding

process, ID & V, KYC and where appropriate EDD, institutions only enter business
relationships or transactions with those entities they know and trust. However, onboarding
a customer is only the beginning of knowing them.
As such, institutions must also perform ODD to ensure that the transactions executed by
a customer are consistent with the profile established at the onboarding stage. Detection
thus involves identifying those customer activities which are suspicious or unusual with
respect to the customer’s established profile and reporting such activity to the relevant
authorities.
97. FATF, Risk-based Approach Guidance for the Securities Sector, October 2018: https://www.fatf-gafi.org/publications/
fatfrecommendations/documents/rba-securities-sector.html – accessed September 2019
161
5.2 ODD responsibilities of relationship managers, salespersons,

operations and compliance
z Relationship managers (RMs) are primarily responsible for onboarding of

customers – with salespersons providing the necessary support where specialist
product knowledge is required. They, along with sales own the risk.
z Salespersons are responsible for reviewing their customer’s accounts and working
with RMs to determine, or better still detect, whether customer transactions are
consistent with their established profile. They are owners of the risk.
z Operations have a responsibility to identify and escalate anything about a customer
transaction which they might deem unusual e.g. transaction size, settlement details
and third-party payments. They effectively own the controls over the risks.
z Compliance staff are responsible for advising and acting as stewards of financial
crime risk.
5.3 Does it make sense?
As with onboarding, the single most important question in the ODD process is; does this
make sense? Is there a demonstrable commercial motive? It’s a question Deutsche Bank
had failed to ask about its Russia trades.
Case study: The Deutsche Bank mirror trades
Deutsche bank’s Russian customers would buy local stocks in roubles.

Later that same day, an equivalent amount of stock would be sold for hard
currency – dollars, euros or sterling in, say, London or New York – upon
which time the bank would internally offset the trades. Hence the term
‘mirror trades’.
In executing these transactions, the bank helped to transfer some $10

billion out of Russia in transactions which regulators deemed to have
involved money laundering, sanctions evasion and evasion of Russian
exchange controls. The bank was fined $425 million by US regulators, and
£163 million by the UK’s Financial Conduct Authority (FCA). An article on
Business Insider noted:
New York Financial Services Superintendent Maria T. Vullo says in a statement

announcing the fine:
“In today’s interconnected financial network, global financial institutions must

be ever vigilant in the war against money laundering and other activities that
can contribute to cybercrime and international terrorism. This Russian mirror-
trading scheme occurred while the bank was on clear notice of serious and
widespread compliance issues dating back a decade. The offsetting trades
here lacked economic purpose and could have been used to facilitate money
laundering or enable other illicit conduct, and today’s action sends a clear
message that DFS will not tolerate such conduct”.98
98. Oscar Williams-Grut, ‘Deutsche Bank is paying $628 million in fines over its $10 billion Russian 'mirror trade'
scandal’, Business Insider, 31 January 2017: http://uk.businessinsider.com/deutsche-bank-russian-mirror-trades-
settles-uk-fca-new-york-regulator-2017-1 – accessed April 2018
162
Deutsche’s primary ODD failure, as noted in the extract above, is that it

failed to notice that these offsetting transactions appeared to have no
commercial motive. It should also be noted that customers executing the
initial purchase of stocks similarly exhibited no commercial motive – their
purchases were made with no regard to the nature of the stock being
bought.
Finally, Deutsche were unable to properly determine the UBO(s), as well

as the connection between UBOs, at the beginning and the end of the
transaction chain. This highlights the importance of robust AML procedures.
5.4 The ODD process
This includes ongoing transaction monitoring, screening for sanctions, negative news
and PEP status, to ensure that any of the above major changes are captured and any
risks arising appropriately mitigated and managed. Quite often these items will result in a
refresh of the KYC. There are two additional forms of events which might trigger action, the
generic and the specific. These are covered below.
Generic triggers
These will include significant changes in the customers’ business (see the following).
1. Mergers and acquisitions

2. Disposals
3. Joint ventures
4. Management and the governance framework
5. Major contracts/tenders
6. Ownership structure, including UBOs, jurisdictions
7. Customers profile and jurisdiction
8. Products and services used in terms of type, volume and flexibility
9. Products and services offered
10. Suppliers, supplier networks and intermediaries
11. Relevant legislation and regulation
12. Changes in shipping, transportation and logistics
Specific triggers
Specific triggers could include:
1. changes in settlement instructions involving shell companies and/or

offshore jurisdictions
2. payments to previously undisclosed intermediaries or third-parties
3. transactions done at a non-market rate
4. mirror transactions
5. transactions which either individually or collectively, appear to have no
commercial motive
6. changes in authorised signatories or in the documentation of the relationship
between owners and controllers e.g. memorandum and articles
7. highly complex derivative transactions where the purpose of the transaction
is unclear
163
8. payments or attempted payments and funds transfers that do not meet

transparency standards
9. feedback from a customer visit
10. noticeable changes in the pricing of existing products and services
11. qualified financial statements
12. financial statements delayed for no valid reason
13. sudden changes in portfolios of illiquid or high yield securities
14. regulatory approach in which the customer is mentioned – financial as well as
industry regulators.
In each instance, there may very well be a case for completely re-evaluating the customer’s
risk exposure. In other instances, one might conclude that there is something suspicious
or unusual – resulting in additional investigation and potentially the raising of a Suspicious
Activity Report.
5.5 Automated transaction monitoring and Suspicious Activity

Reporting (SARs)
These functions are amongst the most important aspects of ODD, particularly because they
are a regulatory imperative. They include reporting on suspicious and unusual activity and
in the best run institutions automated alerts are promptly resolved. Both automated and
manual alerts may lead to the raising of SARs, following an investigation. The relationship
between them is as illustrated below:
Effective transaction and alerts monitoring and SAR investigations framework
Business and Operations FCC Investigations External Reporting
z Automated Transaction z SAR Review and z Regulators

Monitoring Coordination z Law Enforcement
z Employee Generated z Progress Reports
SARs z Further investigations
z Consultation of
Specialists
z Documentation of
Findings
z Quality Control
z Prioritisation
z Approval by MLRO
z MIS
Automated alerts
The Financial Services Authority (FSA, now FCA) Automated Anti-Money Laundering Transaction
Monitoring Systems, July 2007 report states the following:
Depending on the nature and scale of a firm’s business activities, automated AML TM systems
may be an important component of an effective overall AML control environment.
164
TM systems use profiling and/or rules-based monitoring methods. Profiling identifies unusual
patterns of customer activity by applying statistical modelling techniques. These compare current
patterns of activity to historical activity for that customer or peer group. Rules-based monitoring
compares customer activity to fixed pre-set thresholds or patterns to determine if it is unusual.99
The Bank Secrecy Act Money Laundering Manual states that the five key components to an
effective monitoring and reporting system are:
1. Identification or alert of unusual activity (which may include: employee identification,

law enforcement inquiries, other referrals, and transaction and surveillance monitoring
system output).
2. Managing alerts
3. SAR decision making
4. SAR completion and filing
5. Monitoring and SAR filing on continuing activity100
Both emphasise the use of a risk-based approach to the management and reporting of alerts.
Manual alerts
Billions of dollars have been spent on transaction monitoring systems. Yet they are no
match for human intelligence. You are the most important source of suspicious activity
reporting. Banks state that individual salespersons, operations staff, relationship managers
and other employees, are as much as 30 to 40 times better than the automated monitoring
systems in raising SARs, meaning that your reports are far more informative and far more
likely to be sent to the criminal authorities.
What does this mean?
Never hesitate to raise a genuine suspicion, especially given the fact that all you need to
raise an SAR is reasonable grounds or reasonable suspicion. This principle was reinforced by
a very important case in English law: Shah v HSBC. The main elements of the case are as
follows.
z HSBC issued an SAR on a Mr Shah for what it deemed to be unusual/suspicious

activities.
z The authorities advised, through a ‘consent order’ that Mr. Shah’s account must be
placed on hold.
z After a few days, the order was lifted, and Mr. Shah was once again able to use his
accounts
z However, Mr. Shah sued HSBC in the courts claiming the delay had cost him some
$300 million in opportunity profits.
z The bank won the case as the courts held it was entitled to act once it had a
reasonable suspicion, which in this case had been suitably documented.
It is worth reinforcing the latter issue. While the bank had a reasonable suspicion, it
only won the case because it could evidence that reasonable suspicion in a court of law,
meaning that SARs must be fully and properly documented at all times.
99. Financial Services Authority, Automated Anti-Money Laundering Transaction Monitoring, July 2007: https://www.fca.
org.uk/publication/archive/fsa-aml-systems.pdf – accessed September 2019
100. FFIEC, ‘BSA/AML Examination Manual’: https://bsaaml.ffiec.gov/manual – accessed September 2019
165
6. Risk approval and management

The fifth and final element of CDD is the risk approval and management process. This will
include:
z approving customer onboarding

z developing the risk-based framework
z assessing customer risk exposure on an ongoing basis
z determining client/market/product selection
z customer retention, restriction or exit strategies.
Any of the trigger events identified in the section on ODD could in turn trigger a process
of review, assessment and decision-making to determine the future status of a customer.
The risk analysis and decisions taken during this process will ultimately feed into the risk
appetite formulation of the bank or financial institution – what customers, what products
and what jurisdictions.
6.1 Reputational risk management
Decisions taken in terms of onboarding and exiting a customer ultimately impact the
reputational risk of banks and financial institutions, which is why many of them have
established strong mechanisms around managing the reputational risks of such decisions.
166
Conclusion
Conclusion
The amount of financial crime literature devoted to corporate banking and the financial markets is
generally limited and even so, it is too often written from the compliance perspective.
It was important that this manual was written in a manner that reflected not just the traditional
compliance approach but also the way in which you look at your business. Hence the inclusion of
quite significant sections on financial market customer risk typologies and financial market product
and service risk typologies.
There is however an even more pertinent observation to be made. There are many who believe
that managing financial crime risk is something they must do in addition to understanding their
customers’ business. What has been demonstrated in this manual is that the two are one and the
same i.e. understanding industry structure and the purpose for which products and services are
used is also key to understanding financial crime risks – one cannot be properly done without the
other.
Fully understanding your customers’ business and all its associated risks is the best way to provide
them with the most suitable products and services.
Another issue of note is the scope of the financial crime topics we have covered. Often, financial
crime courses and manuals focus almost exclusively on money laundering and sanctions, with
appropriate references to tax evasion and terrorist financing. For the most part, very little
attention was paid to bribery and corruption. In addition, there are many in the financial markets
who do not believe that money laundering really impacts their business and thus courses that
focused almost exclusively on that topic (and sanctions) were not relevant to their needs.
This course demonstrates that this is clearly not the case and that there is also no question that
bribery and corruption is highly relevant to corporate banking and financial markets. This manual
has taken every opportunity to highlight these facts and demonstrate that financial crime rarely
operates in a discrete silo.
Overall, what we have provided in this work is a comprehensive understanding of financial crime
risks as it impacts financial market participants, their customers and their products and services.
Yet, the manual is clearly not exhaustive (no such work can ever be).
As such, in addition to providing the basis for your certification, it is hoped that this manual serves
as the basis for a further awakening of your financial crime awareness. Always remember the
following.
1. The perpetrators of the financial crime risks to which you are exposed are professionals.
2. CDD and knowing your customer’s business are one and the same process.
3. CDD is primarily about asking open questions.
168
Conclusion
4. Always adopt a risk-based approach to conducting CDD. Move beyond the traditional
customer classification of Low, Medium and High, to understanding each element of
customer risk: jurisdiction, industry, ownership structure and products and services.
5. Bribery and corruption is a systemic risk in almost any industry – know your customer’s
industry.
6. Once a weak point is diagnosed or exposed, every product or service can be manipulated
for financial crime reasons – know and understand your products, their markets and how
they are valued.
7. Understand the role you play in deterring and detecting financial crime in your institution.
8. Managing financial crime risk is an ongoing process.
9. In most jurisdictions, every single individual within the regulated sector is required to
report their knowledge or suspicion of financial crime – that makes you responsible and
accountable.
10. There is nothing simple about ownership – get all the facts and all the supporting
documentation before you determine who might be a UBO.
11. Do not hesitate to raise SARs.
169
References
References
z Alexander Jones, ‘Russia’s Banking Crisis’, International Banker, 18 May 2015:

https://internationalbanker.com/banking/russias-banking-crisis/ – accessed March 2018
z Basel Committee on Banking Supervision, ‘Compliance and the compliance function in
banks’, 29 April 2005: https://www.bis.org/publ/bcbs113.htm – accessed September 2019
z Bradley, S, Jewkes, S, Zhdannikov, D, ‘Russia Sanctions disrupt Italian bank’s 5 billion
euro loan deal’, 25 August 2017: https://www.reuters.com/article/us-intesa-loan-sanctions-
idUSKCN1B5172 – accessed February 2018
z British Bankers’ Association, ‘Anti-Bribery and Corruption Guidance 2014’, 6 May 2014:
https://www.bba.org.uk/policy/financial-crime/anti-bribery-and-corruption/anti-bribery-and-
corruption-guidance/ – accessed April 2018
z Chen, J, ‘Beneficial Owner’, Investopedia, 7 February 2019: https://www.investopedia.com/
terms/b/beneficialowner.asp – accessed November 2019
z China Daily, ‘Corruption still rife in construction industry’, 19 October 2011: http://www.china
daily.com.cn/cndy/2011-10/19/content_13929295.htm – accessed May 2018
z Coenen, T, L, Essentials of Corporate Fraud, Wiley, 2008.
z ComplyAdvantage, ‘Key Insights into 6AMLD’: https://complyadvantage.com/blog/6amld-sixth-
anti-money-laundering-directive/ – accessed September 2019
z Control Risks, Facing up to corruption 2007: A practical business guide: http://www.giaccentre.
org/documents/CONTROLRISKS.CORRUPTIONGUIDE.pdf – accessed March 2018
z Council on Foreign Relations, ‘What Are Economic Sanctions?’, 12 August 2019: https://www.
cfr.org/backgrounder/what-are-economic-sanctions – accessed March 2018
z Deloitte, The Fourth EU Money Laundering Directive, 2015: https://www2.deloitte.com/content/
dam/Deloitte/ie/Documents/FinancialServices/investmentmanagement/ie_2015_The_Fourth_EU_
Anti_Money_Laundering_Directive_Deloitte_Ireland.pdf – accessed March 2018
z Doherty, B, ‘Glencore’s Australian arm moved billions through Bermuda’, The Guardian,
5 November 2017: https://www.theguardian.com/news/2017/nov/05/glencore-australian-arm-
moved-billions-through-bermuda – accessed September 2019
z Dokumen, Banking And Project Finance – Sanctions, ‘An expanding minefield’, July/August
2014: www.linklaters.com/pdfs/mkt/moscow/IFLR-Expanding-Minefield.pdf – accessed February
2018
z Drug Watch, ‘Big Pharma’s Role in Clinical Trials’: https://www.drugwatch.com/featured/
clinical-trials-and-hidden-data/ – accessed January 2018
z European Commission, ‘Commission strengthens transparency rules to tackle terrorism
financing, tax avoidance and money laundering’, 5 July 2016: https://europa.eu/rapid/press-
release_IP-16-2380_en.htm – accessed September 2019
z European Council, ‘Taxation: Aruba, Barbados and Bermuda removed from the EU list of
non-cooperative jurisdictions’, 17 May 2019: https://www.consilium.europa.eu/en/press/press-
releases/2019/05/17/taxation-aruba-barbados-and-bermuda-removed-from-the-eu-list-of-non-
cooperative-jurisdictions/ – accessed September 2019
z European Parliament, Fight against tax fraud, June 2019: http://www.europarl.europa.eu/
RegData/etudes/BRIE/2019/633153/EPRS_BRI(2019)633153_EN.pdf – accessed September 2019
z EverCompliant, ‘Transaction Laundering is the New, Advanced form of Money Laundering’,
23 May 2018: https://evercompliant.com/transaction-laundering-money-laundering/ – accessed
September 2019
171
References
z FATF, ‘Glossary of the FATF Recommendations’: http://www.fatf-gafi.org/glossary/

fatfrecommendations/n-r/ – accessed April 2018
z FATF, ‘The FATF Recommendations’: http://www.fatf-gafi.org/publications/fatfrecommendations/
documents/fatf-recommendations.html – accessed September 2019
z FATF, ‘What is Money Laundering’: http://www.fatf-gafi.org/faq/moneylaundering/ – accessed
May 2018
z FATF, Emerging Terrorist Financing Risks, October 2015: http://www.fatf-gafi.org/media/fatf/
documents/reports/Emerging-Terrorist-Financing-Risks.pdf – accessed April 2018
z FATF, International Standards on Combating Money Laundering and the Financing of Terrorism
& Proliferation – The FATF Recommendations, Updated June 2019: http://www.fatf-gafi.org/
media/fatf/documents/recommendations/pdfs/FATF%20Recommendations%202012.pdf –
accessed November 2019
z FATF, Professional Money Laundering, July 2018: http://www.fatf-gafi.org/media/fatf/documents/
Professional-Money-Laundering.pdf – accessed September 2019
z FATF, RBA Guidance for Real Estate Agents, 17 June 2008: http://www.fatf-gafi.org/media/fatf/
documents/reports/RBA%20Guidance%20for%20Real%20Estate%20Agents.pdf – accessed May
2018
z FATF, Risk-based Approach Guidance for the Securities Sector, October 2018: https://www.
fatf-gafi.org/publications/fatfrecommendations/documents/rba-securities-sector.html – accessed
September 2019
z FATF, United States Mutual Evaluation Report, December 2016: http://www.fatf-gafi.org/media/
fatf/documents/reports/mer4/MER-United-States-2016.pdf – accessed February 2018
z FFIEC, ‘BSA/AML Examination Manual’: https://bsaaml.ffiec.gov/manual – accessed September
2019
z Financial Services Authority, Automated Anti-Money Laundering Transaction Monitoring, July
2007: https://www.fca.org.uk/publication/archive/fsa-aml-systems.pdf – accessed September
2019
z FinCEN, ‘FinCEN Assesses $14.5 Million Penalty against UBS Financial Services for
Anti-Money Laundering Failures’, 17 December 2018: https://www.int-comp.org/
programme/?title=ICA-Specialist-Certificate-in-Money-Laundering-Risk-in-Correspondent-Banking
– accessed September 2019
z FinCEN, Guidance on Recognizing Activity that May be Associated with Human Smuggling and
Human Trafficking – Financial Red Flags, 11 September 2014: https://www.fincen.gov/resources/
advisories/fincen-advisory-fin-2014-a008 – accessed March 2018
z FINRA, ‘2018 Report on FINRA Examination Findings’, 7 December 2018: https://www.finra.
org/rules-guidance/guidance/reports/2018-report-exam-findings – accessed September 2019
z Gascoigne, C, ‘African Countries Lose Billions through Misinvoiced Trade’, Global Financial
Integrity, 11 May 2014: https://www.gfintegrity.org/press-release/african-countries-lose-billions-
through-misinvoiced-trade/ – accessed September 2019
z Gillies, A, Sayne, A, and Watkins, A, Twelve Red Flags: Corruption Risks in the Award of
Extractive Sector Licenses and Contracts, April 2017: https://resourcegovernance.org/sites/
default/files/documents/corruption-risks-in-the-award-of-extractive-sector-licenses-and-contracts.
pdf – accessed February 2018
z Global Financial Integrity, Illicit Financial Flows to and from 148 Developing Countries: 2006-
2015, January 2019: https://www.gfintegrity.org/wp-content/uploads/2019/01/GFI-2019-IFF-
Update-Report-1.29.18.pdf – accessed September 2019
z Hassan, A, A, Papaioannou, M, Skancke, M, and Sung, C, C, Sovereign Wealth Funds: Aspects
of Governance Structures and Investment Management, International Monetary Fund,
11 November 2013: https://www.imf.org/en/Publications/WP/Issues/2016/12/31/Sovereign-
Wealth-Funds-Aspects-of-Governance-Structures-and-Investment-Management-41046 – accessed
September 2019
172
References
z Homeland Security Digital Library, ‘Trading With the Enemy: Trade-Based Money
Laundering is the Growth Industry in Terror Finance’, 3 February 2016: https://www.hsdl.
org/?abstract&did=806585 – accessed September 2019
z International Monetary Fund, Financial System Abuse, Financial Crime and Money Laundering
– Background Paper, 21 February 2001: https://www.imf.org/external/np/ml/2001/eng/021201.
pdf – accessed September 2019
z IWGSWF, Sovereign Wealth Funds: Generally Accepted Principles and Practices – “Santiago
Principles”, October 2008: http://www.ifswf.org/sites/default/files/santiagoprinciples_0_0.pdf –
accessed March 2018
z JMLSG, JMLSG Guidance: Part II Sector 15: Trade finance: http://www.jmlsg.org.uk/ – accessed
September 2019
z Kagan, J, ‘Tax Evasion’, Investopedia, 7 August 2019: http://www.investopedia.com/terms/t/
taxevasion.asp – accessed November 2019
z Kotlikoff, L, ‘A Look At JPMorgan Chase’s 20 Years of Watching Madoff Commit
Crimes’, Forbes, 26 September 2014: https://www.forbes.com/sites/kotlikoff/2014/09/26/
jpmorgan-chases-20-years-of-watching-madoff-commit-crimes-read-chapter-2-at-jpmadoff-
com/#1238c06e3b89 – accessed January 2018
z Legislation.gov, ‘Bribery Act 2010’: https://www.legislation.gov.uk/ukpga/2010/23/contents –
accessed January 2018
z Lexis Nexis, Hidden In Plain Sight: Modern Slavery In The Construction Industry: https://bis.
lexisnexis.co.uk/pdf/whitepapers/Modern_Slavery_in_Construction_Full.pdf – accessed April 2018
z Lohr, S, ‘World-Class Fraud: How B.C.C.I. Pulled It Off – A special report.; At the End of a
Twisted Trail, Piggy Bank for a Favoured Few’, The New York Times, 12 August 1991:
http://www.nytimes.com/1991/08/12/business/world-class-fraud-bcci-pulled-it-off-special-report-
end-twisted-trail-piggy-bank.html?pagewanted=all – accessed March 2018
z Mayes, J, ‘Hedge-Fund Secrecy Spurned by ABN Amro’s $27 Billion Pension Pot’, Bloomberg,
5 January 2017: https://www.bloomberg.com/news/articles/2017-01-05/hedge-fund-secrecy-
spurned-by-abn-amro-s-27-billion-pension-pot – accessed March 2018
z Mining Weekly, ‘Paper trail on metal loans ended in fakes as banks lose millions’, 4 July
2017: https://www.miningweekly.com/article/paper-trail-on-metal-loans-ended-in-fakes-as-banks-
lose-millions-2017-07-04/rep_id:3650 – accessed September 2019
z My News Desk, ‘Film tax scheme fraudsters jailed for more than 36 years’, 1 July 2016:
http://www.mynewsdesk.com/uk/hm-revenue-customs-hmrc/pressreleases/film-tax-scheme-
fraudsters-jailed-for-more-than-36-years-1463691 – accessed March 2018
z Nasdaq, ‘Tax Evasion’: http://www.nasdaq.com/investing/glossary/t/tax-evasion – accessed
February 2018
z OECD, ‘BEPS Actions’: http://www.oecd.org/tax/beps/beps-actions.htm – accessed May 2018
z OECD, The rationale for fighting corruption, CleanGovBiz, 2014: https://www.csrhellas.net/
wp-content/uploads/media/Anti-corruption_ISO.pdf – accessed March 2018
z OFSI, Financial Sanctions: Guidance, March 2018: https://assets.publishing.service.gov.uk/
government/uploads/system/uploads/attachment_data/file/685308/financial_sanctions_
guidance_march_2018_final.pdf – accessed April 2018
z Organised Crime Portfolio, From Illegal Markets to Legitimate Businesses: The Portfolio of
Organised Crime in Europe: https://www.int-comp.org/media/1997/ocp-full-report.pdf – accessed
May 2018
z Peck, H, Between a Rock and a Regulator: Building an Effective AML Program in the Microcap
Sphere
z PwC, Pulling fraud out of the shadows – Global Economic Crime and Fraud Survey 2018:
https://www.pwc.com/gx/en/forensics/global-economic-crime-and-fraud-survey-2018.pdf –
173
References
z Ron Teicher, ‘Online Payments – the Blind Spot in the AML Regime’, Finextra, 17 July 2017,
https://www.finextra.com/blogposting/14298/online-payments-the-blind-spot-in-the-aml-regime –
accessed December 2019
z Securities and Exchange Commission, ‘Credit Suisse Agrees to Pay $10 Million to Settle
Charges Related to Handling of Retail Customer Orders’, 28 September 2018:
https://www.sec.gov/news/press-release/2018-224 – accessed September 2019
z Securities and Exchange Commission, Annual Report Division of Enforcement, 2018:
https://www.sec.gov/files/enforcement-annual-report-2018.pdf – accessed September 2019
z Securities and Exchange Commission, Citibank to Pay More Than $38 Million for Improper
Handling of ADRs, 7 November 2018: https://www.sec.gov/news/press-release/2018-255 –
z Securities and Exchange Commission, Interim Guidance Concerning Compliance by Covered
U.S. Financial Institutions With New Statutory Anti-Money Laundering Requirements Regarding
Correspondent Accounts Established or Maintained for Foreign Banking Institutions,
27 November 2001: https://www.sec.gov/about/offices/ocie/aml2007/66fr59342-51.pdf –
accessed May 2018
z Segal, T, ‘Enron Scandal: The Fall of a Wall Street Darling’, Investopedia, 29 May 2019:
http://www.investopedia.com/updates/enron-scandal-summary/#ixzz4dPKJiFdg – accessed
March 2018
z Serious Fraud Office, ‘Former Unaoil executive pleads guilty to conspiracy to give corrupt
payments’, 19 July 2019: https://www.sfo.gov.uk/2019/07/19/former-unaoil-executive-pleads-
guilty-to-conspiracy-to-give-corrupt-payments/ – accessed September 2019
z Silvestrini, E, ‘Drug and Device Companies Gave Billions to Doctors in 2016’, Drug Watch,
17 May 2019: https://www.drugwatch.com/news/2017/07/03/big-pharma-influence-
doctors-2016/ – accessed April 2018
z Slaughter and May, Anti-corruption provisions in loan documentation: https://www.
slaughterandmay.com/media/2536213/anti-corruption-provisions-in-loan-documentation.pdf –
accessed March 2018
z Swlearning, ‘Chapter 2: BoNYGate’, 2005: http://www.swlearning.com/pdfs/chapter/1587991594_2.
PDF – accessed March 2018
z The Age, ‘The Bribe Factory, The Key Players: Companies Who Worked With Unaoil’:
http://www.theage.com.au/interactive/2016/the-bribe-factory/players/players.html – accessed
March 2018
z The FCPA Blog, ‘2017 was most active year for new FCPA-related investigations’, 28 February
2018: http://www.fcpablog.com/blog/2018/2/28/2017-was-most-active-year-for-new-fcpa-related-
investigation.html – accessed February 2018
z The Guardian, How China’s Macau crackdown threatens big US casino moguls, 23 April
2015: https://www.theguardian.com/world/2015/apr/23/how-chinas-macau-crackdown-
threatens-big-us-casino-moguls-sheldon-adelson – accessed April 2018
z The National Committees, Biotechnology Research in an Age of Terrorism: Confronting the
Dual Use Dilemma: https://www.nap.edu/resource/biotechnology_research/0309089778.pdf –
accessed April 2018
z The Standards Board for Alternative Investments, The Alternative Investment Standards,
7 September 2017: https://www.sbai.org/wp-content/uploads/2016/04/SBAI-Standards-2017.pdf
– accessed September 2019
z The Wolfsberg Group, Wolfsberg Anti-Money Laundering Principles for Correspondent
Banking, 2014: https://www.wolfsberg-principles.com/sites/default/files/wb/pdfs/wolfsberg-
standards/8.%20Wolfsberg-Correspondent-Banking-Principles-2014.pdf – accessed April 2018
z Time, ‘Top 10 Abuses of Power’: http://content.time.com/time/specials/packages/
completelist/0,29569,2071839,00.html – accessed May 2018
174
References
z Times of Israel, ‘Germany supplied ‘dual-use’ chemicals to Syria’, 19 September 2013:

https://www.timesofisrael.com/germany-supplied-dual-use-chemicals-to-syria/ – accessed March
2018
z Transparency International, ‘Corruption in the Pharmaceutical Sector: Diagnosing the
challenges’, June 2016: http://www.transparency.org.uk/publications/corruption-in-the-
pharmaceutical-sector/ – accessed May 2018
z Transparency International, Investigating Corruption in the Media and Telecoms Industries
European Corruption Observatory Workshop Minutes, 18 March 2016: https://transparency.eu/
wp-content/uploads/2017/02/Investigating-Corruption-in-the-Media-and-Telecoms-Report.pdf –
accessed May 2018
z Transparency International, ‘The Anti-Corruption Catalyst: Realising the MDGS by 2015’
14 September 2010: https://www.transparency.org/whatwedo/publication/the_anti_corruption_
catalyst_realising_the_mdgs_by_2015 – accessed March 2018
z Transparency International, Transparency in Corporate Reporting: Assessing the World’s
Largest Telecommunications Companies 2015 Report: https://transparency.eu/wp-content/
uploads/2016/10/2015_TRAC_Telecoms_EN-final.pdf – accessed May 2018
z United Nations, International Convention for the Suppression of the Financing of Terrorism,
1999: https://treaties.un.org/doc/db/Terrorism/english-18-11.pdf – accessed September 2019
z United Nations, Security Council Unanimously Adopts Wide-ranging Anti-Terrorism Resolution;
Calls for Suppressing Financing, Improving International Cooperation, 28 September 2001:
https://www.un.org/press/en/2001/sc7158.doc.htm – accessed April 2018
z UNODC, United Nations Convention Against Corruption, 2004: https://www.unodc.org/
documents/brussels/UN_Convention_Against_Corruption.pdf – accessed May 2018
z UNODC, United Nations Convention Against Illicit Traffic In Narcotic Drugs And Psychotropic
Substances 1988: https://www.unodc.org/pdf/convention_1988_en.pdf – accessed May 2018
z UNODC, United Nations Convention Against Transnational Organized Crime And The Protocols
Thereto, 2004: https://www.unodc.org/documents/middleeastandnorthafrica/organised-crime/
UNITED_NATIONS_CONVENTION_AGAINST_TRANSNATIONAL_ORGANIZED_CRIME_AND_THE_
PROTOCOLS_THERETO.pdf – accessed May 2018
z US Department of Justice, [Wachovia Deferred Prosecution Agreement], Exhibit A, Factual
Statement: https://www.justice.gov/archive/usao/fls/PressReleases/Attachments/100317-02.
Statement.pdf – accessed April 2018
z US Department of Justice, ‘BNP Paribas Sentenced for Conspiring to Violate the
International Emergency Economic Powers Act and the Trading with the Enemy Act’,
1 May 2015: https://www.justice.gov/opa/pr/bnp-paribas-sentenced-conspiring-violate-
international-emergency-economic-powers-act-and – accessed March 2018
z US Department of Justice, ‘Odebrecht and Braskem Plead Guilty and Agree to Pay at Least
$3.5 Billion in Global Penalties to Resolve Largest Foreign Bribery Case in History’, 21 December
2016: https://www.justice.gov/opa/pr/odebrecht-and-braskem-plead-guilty-and-agree-pay-least-
35-billion-global-penalties-resolve – accessed February 2018
z US Department of State, International Narcotics Control Strategy Report, Volume I, Drug and
Chemical Control, March 2019: https://www.state.gov/wp-content/uploads/2019/04/INCSR-Vol-
INCSR-Vol.-I-1.pdf – accessed September 2019
z US Department of State, International Narcotics Control Strategy Report Volume II,
Money Laundering and Financial Crimes, March 2019: https://www.state.gov/wp-content/
uploads/2019/03/INCSR-Vol-INCSR-Vol.-2-pdf.pdf – accessed September 2019
z US Department of State, Trafficking in Persons Report, June 2019: https://rs.usembassy.gov/
state-department-relases-trafficking-in-persons-report-2019/ – accessed September 2019
z US Department of the Treasury, ‘Treasury Sanctions Individuals and Entities as Members of
the Pacnet Group’, 22 September 2016: https://www.treasury.gov/press-center/press-releases/
Pages/jl5055.aspx – accessed April 2018
175
References
z US Department of the Treasury, Presidential Documents Executive Order 13606, 24 April 2012:
https://www.treasury.gov/resource-center/sanctions/Programs/Documents/13606.pdf – accessed
April 2018
z US Department of the Treasury, Settlement Agreement: https://www.treasury.gov/resource-
center/sanctions/CivPen/Documents/20140630_bnp_settlement.pdf – accessed March 2018
z Value Walk, ‘Unaoil – Unfolding The World’s Biggest Oil Bribery Scandal’, 4 April 2016:
https://www.valuewalk.com/2016/04/biggest-oil-bribery-scandal-unaoil/ – accessed April 2018
z Williams-Grut, O, ‘Deutsche Bank is paying $628 million in fines over its $10 billion Russian
‘mirror trade’ scandal’, Business Insider, 31 January 2017: http://uk.businessinsider.com/
deutsche-bank-russian-mirror-trades-settles-uk-fca-new-york-regulator-2017-1 – accessed April
2018
z World Trade Organization, ‘Trade Finance’: https://www.wto.org/english/thewto_e/coher_e/
tr_finance_e.htm – accessed April 2018
z World Trade Organization, World Trade Statistical Review 2018: https://www.wto.org/english/
res_e/statis_e/wts2018_e/wts2018_e.pdf – accessed September 2019
176
International Compliance Association – Head Office
Wrens Court, 52–54 Victoria Road, Sutton Coldfield
Birmingham, B72 1SX, United Kingdom
+44 (0) 121 362 7534 | ict@int–comp.com | www.int–comp.org

Offices in: London | Singapore | Dubai | New York
G247/11871

FinCrime Risk Manual

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

FinCrime Risk Manual

Uploaded by

Copyright:

Available Formats

ICA Specialist Certificate

in Financial Crime Risk

Unit 1: Overview of Financial Crime Risk 5

Unit 2: Customer Risk Typologies 52

Unit 3: Financial Market Product and Service Risk Typologies 112

Unit 4: Customer Due Diligence and The Customer Lifecycle 142

The purpose of this unit is to:

1. Market abuse, fraud and manipulation

z sale of fictitious financial instruments or insurance policies

1.2 Market abuse – the UK and US legal and regulatory framework

Key elements of these significant international influences include:

EU Market Abuse Regulations (MAR)

Applies to financial instruments whether traded on a regulated market or not. Offences

EU Market in Financial Instruments Directive (MiFID)

1.3 Market abuse – customer and product vulnerabilities

z corporate civil and criminal penalties

Case study: Bernie Madoff

Madoff had attracted clients by offering consistently good returns which

Madoff was operating a Ponzi scheme.

A study done by researchers at Cornell University revealed that investors

1.4 Bernie Madoff: managing the risks

Appropriate organisational/risk culture and governance

Negative news searches

Customer due diligence failure

Ignoring red flags

Adequate SAR framework

Inadequate culture and governance no doubt impacted JPMorgan’s ability to properly

Let’s take a look at another example.

Case study: The Enron Accounting Scandal4

Enron was a Houston-based commodity, energy and service company. It

Several Enron executives were convicted of conspiracy, insider trading, bank

Implications for banks and financial institutions

Managing, mitigating and avoiding risk exposures

This primarily involves ensuring that a customer’s corporate governance framework

1.6 Implications for banks and institutions in the financial markets

SEC enforcement actions addressing misconduct

The International Compliance Association (ICA) identifies money laundering as the

The critical factors to note here are as follows.

What do we mean by money laundering risks?

1. What does this have to do with our business?

We will answer these questions as the chapter progresses.

5. FATF, ‘What is Money Laundering’: http://www.fatf-gafi.org/faq/moneylaundering/ – accessed May 2018

2.2 Money laundering – the legal and regulatory framework

International Framework National Framework Industry Group

Major UN conventions (money laundering)

The Financial Action Task Force (FATF)

The Egmont Group

The Basel Committee for Banking Supervision (BCBS)

European Union (EU) Directives

2.3 Predicate offences

What are predicate offences?

z market abuse and manipulation

12. ComplyAdvantage, ‘Key Insights into 6AMLD’: https://complyadvantage.com/blog/6amld-sixth-anti-money-

2.4 Drug trafficking

International Narcotics Control Strategy Report

The 2019 edition of the Congressionally-mandated International Narcotics Control

Implications for banks and financial institutions

In corporate and financial market terms, these might include:

Managing, mitigating and avoiding risk exposures

This is primarily based on screening, evaluating or vetting:

z jurisdictional risks in respect of drug trafficking

2.5 Human trafficking

Forced labour generates annual profits of US$ 150 billion

Unit 1: Overview of Financial Crime Risk 5

Unit 2: Customer Risk Typologies 52

Unit 3: Financial Market Product and Service Risk Typologies 112

Unit 4: Customer Due Diligence and The Customer Lifecycle 142