CFCS Study Manual 6th Edition

6th Edition
CFCS CERTIFICATION
EXAMINATION STUDY MANUAL
Preparing For The Certified Financial Crime Specialist Examination
CFCS CERTIFICATION EXAMINATION STUDY MANUAL
Association of Certified Financial Crime Specialists
Rivergate Plaza, 444 Brickell Avenue, Suite P60 Miami, FL 33131 USA
Tel: 786-530-8231 Email: customerservice@acfcs.org
© Copyright 2019. All rights reserved. Association of Certified Financial Crime

Specialists. Miami USA Reproduction or transmission of any part of this Manual
without the express written authorization of the Association of Certified
Financial Crime Specialists is strictly prohibited and is a violation of United
States and other laws.
Notice: The Certified Financial Crime Specialist Examination Preparation

Manual is designed to help candidates prepare for the certification examination.
No warranty or representation is made that candidates will pass the CFCS
examination by using or studying this Manual. It is designed to provide accurate
and authoritative information concerning financial crime and related subjects. In
publishing this Manual, neither ACFCS, the editors nor contributors is engaged
in rendering legal or other professional service. The services of a competent
professional should be sought if such assistance is required.
@2019 Association of Certified Financial Crime Specialists

CFCS CERTIFICATION EXAMINATION

STUDY MANUAL
Executive Editor
Brian Svoboda Kindle
Contributing Editors
Kenneth Barden, Esq.
Brian Golden, HSBC
Donald Semesky, Financial Operations Consultants
Karen Van Ness, Compliance Risk Solutions

SPECIAL ACKNOWLEDGMENT AND APPRECIATION

The CFCS Examination Preparation Study Manual was written and edited with the outstanding contributions of
experts and specialists. ACFCS extends special thanks and acknowledgment to these financial crime profes-
sionals who shared their expertise and assistance.
Beth Berenbaum  John Lash, Esq.

AML Consultant BDO
Samantha Dillhoff Moyara Rueshen
Fraud Specialist Monterey Institute of International Studies
Matteson Ellis, Esq. Sarah Satten
Miller and Chevalier Wells Fargo & Company
JR Helmig Margaret S. Silvers
Leveraged Outcomes Wells Fargo & Company
Bud Heng Sandra Stibbards
US OCDETF Pacific Region Camelot Investigations
Ron King Swathi Perpati
Retired Ernst & Young
Rebecca LaPorte Mohammad Zraiqat
AIG Advisor Group Pelican
RECOGNITION OF THE FINANCIAL CRIME SPECIALISTS WHO ASSISTED IN

CONSTRUCTING THE CFCS CERTIFICATION
ACFCS extends special thanks and acknowledgment to these financial crime professionals who shared their
expertise in the creation of the CFCS Certification Examination.
Heather Adams Joram Borenstein Lynn Correia

Accenture NICE Actimize Kroll Advisory Group
Albert Allison Daniel P. Boylan Annette Dance

Office of the City Auditor Bank of America Wells Fargo and Company
Scott Andersen  Lorice E. Brown Nyron Davidson

KRyS Global Financial Services Commission Ameritrade
Carlota Arias Alice Campbell Delina Dhamo

Lozano Consultores Research and National Bank of Egypt
Litigation Services
Kenneth Barden, Esq. Samantha Dillhoff
Jeff Chapman Fraud Specialist
Dan Barta IBM i2
SAS Sonia Desai
Martin Chung Charles Schwab
Beth Berenbaum ICDD Pte Ltd
AML Consultant

Juan Ducali Rebecca LaPorte Patricia Potts

United Nations Federal FINRA Sightspan
Credit Union
John Lash, Esq. Saskia Rietbroek
Annette Escobar, Esq. BDO AML Services
International, LLC
Astigarraga Davis  Tom Lasich
International Centre for Guillermo Rodriguez
Stanley I. Foodman Asset Recovery Bangkok Bank NY Branch
Foodman & Associates, P.A.
Allen G. Love  Louis Sapirman
Brian Golden TD Bank Dun and Bradstreet
HSBC
Alberto Lozano, Esq. Nicole Saqui, Esq.
Amanda Gore Lozano Consultores Conrad & Scherer, LLP
Botswana Directorate
on Corruption and Michael M. Martens Sara L. Satten
Economic Crime Wells Fargo & Company Wells Fargo
JR Helmig  Isabel Medrano  Lisa Schor Babin

Leveraged Outcomes WestStar Bank    Dun and Bradstreet
 Elizabeth Henry Michael McDonald, Esq. Donald C. Semesky

Western Union Michael McDonald & Associates Financial
Operations Consultants
Katya Hirose Tina Miller, Esq.
FTI Consulting Farrell & Reisinger Stephen J. Shine, Esq.
Prudential Financial
Steven Johnston, Esq. Deborah Morrisey
Economic Crime Unit of DHS - ICE – HIS Margaret S. Silvers
Alberta Justice Wells Fargo
Pamela C. Ogle
Marie Kerr Wells Fargo & Company Jeffrey Sklar
Shamrock Consulting Group SHC Consulting Group, LLC
Natasha Pankova Taft
 Ron King Bank Hapoalim James Slear
Retired Thompson Coburn
Holly R. Park
Ben Knieff Wells Fargo Steve Smith
NICE Actimize SRS Consulting, Inc.
Paul E. Pelletier, Esq.
 Nikki Kowalski, Esq. Mintz, Levin, Cohn, Delena Spann
JPMorgan Chase Ferris, Glovsky United States Secret Service
Ken Krys Ron Penninger

KRyS Global IBM i2

TABLE OF CONTENTS
CHAPTER 1 ACFCS AND THE CHALLENGE OF FINANCIAL CRIME.............................................................................11
The Association of Certified Financial Crime Specialists.....................................................................................................................11
ACFCS Certification Examination................................................................................................................................................................12
Construction of the CFCS Certification Exam........................................................................................................................................13
Job and Career Benefits from CFCS Certification................................................................................................................................ 14
Conclusion.......................................................................................................................................................................................................... 14
CHAPTER 2 FINANCIAL CRIME OVERVIEW, COMMONALITIES AND CONVERGENCE......................................15
Financial Crime Overview...............................................................................................................................................................................15
Defining Financial Crime and its Permutations......................................................................................................................................16
Technology Changes Complexion of Financial Crime...........................................................................................................................16
Globalization of Financial Crime.................................................................................................................................................................. 17
Commonalities of All Financial Crimes...................................................................................................................................................... 17
Capitalizing on the ‘Commonalities’ and Exploring ‘Convergence’................................................................................................ 21
Conclusion......................................................................................................................................................................................................... 22
CHAPTER 3 MONEY LAUNDERING........................................................................................................................................ 23
Overview............................................................................................................................................................................................................. 23
The Financial
Action Task Force ........................................................................................................................................................................................... 24
Money Laundering Methods........................................................................................................................................................................ 25
The Three Stages of Money Laundering..................................................................................................................................................26
The Russian Laundromat...............................................................................................................................................................................27
Money Laundering Indicators..................................................................................................................................................................... 29
Financial Institution Money Laundering Methods and Vehicles......................................................................................................32
The Egmont Group of Financial Intelligence Units.............................................................................................................................. 33
Non-Financial Institution Money Laundering Vehicles.......................................................................................................................36
The Odebrecht Corruption Scandal........................................................................................................................................................... 37
The Role of Lawyers, Accountants, Auditors, Notaries and Other Gatekeepers...................................................................... 38
Regulatory Frameworks for Gatekeepers.............................................................................................................................................. 38
Real Property and Money Laundering......................................................................................................................................................39
Structures That Hide Beneficial Ownership.......................................................................................................................................... 43
The US Money Laundering Law................................................................................................................................................................... 47
Terrorist Financing.......................................................................................................................................................................................... 48
Conclusion......................................................................................................................................................................................................... 56
Chapter 3 Practice Questions......................................................................................................................................................................57
CHAPTER 4 UNDERSTANDING AND PREVENTING FRAUD..........................................................................................59
Overview............................................................................................................................................................................................................. 59
Understanding and Recognizing Types of Fraud................................................................................................................................. 60
Fraud in loans and mortgages.................................................................................................................................................................... 64
Insurance and health care fraud.................................................................................................................................................................70
Credit and debit card fraud............................................................................................................................................................................71
Fraud in government benefits......................................................................................................................................................................72
Internal Fraud....................................................................................................................................................................................................72
Identity Theft and Fraud................................................................................................................................................................................ 74
Detecting and Preventing Fraud.................................................................................................................................................................79

Basel Committee on Banking Supervision...............................................................................................................................................81

Benford’s Law................................................................................................................................................................................................... 84
The importance of an enterprise approach to fraud and financial crime.................................................................................... 85
Chapter 4 Practice Questions..................................................................................................................................................................... 86
CHAPTER 5 GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT................................................... 87
Overview.............................................................................................................................................................................................................. 87
The World Movement to Combat Corruption......................................................................................................................................... 88
Non-Governmental Organizations and Anti-Corruption Advocacy.............................................................................................. 89
Mechanisms That Facilitate Corruption...................................................................................................................................................92
Stolen Asset Recovery Initiative (StAR)...................................................................................................................................................92
The United States Foreign Corrupt Practices Act............................................................................................................................... 94
PDVSA Bribery Scandal................................................................................................................................................................................ 95
Case Study: US v. Chiquita Brands International, 2007.................................................................................................................. 100
Top 10 Largest FCPA Penalties...................................................................................................................................................................101
The UK Bribery Act.......................................................................................................................................................................................106
Bribery and Extortion...................................................................................................................................................................................109
Chapter 5 Practice Questions...................................................................................................................................................................... 111
CHAPTER 6 TAX EVASION AND ENFORCEMENT.............................................................................................................. 112
Overview.............................................................................................................................................................................................................112
Tax Evasion is an Element in Virtually all Financial Crimes..............................................................................................................113
Tax Evasion vs. Tax Avoidance....................................................................................................................................................................114
International Scope of Tax Evasion...........................................................................................................................................................115
Falsifying Deductions to Under-report Income.................................................................................................................................... 117
Smuggling and Evasion of Customs Duty............................................................................................................................................... 117
Evasion of Value Added Tax (Vat) and Sales Taxes............................................................................................................................. 117
Tax Fraud Through Offshore Entities.......................................................................................................................................................119
Special Purpose Vehicles/Entities...........................................................................................................................................................120
Repatriating Undisclosed Assets...............................................................................................................................................................121
Demonstrating Tax Fraud in Legal Cases..............................................................................................................................................122
Employment Tax Fraud.................................................................................................................................................................................122
Red Flags of Tax Fraud.................................................................................................................................................................................123
Investigative Techniques to Detect and Prove Tax Fraud................................................................................................................123
The United States Foreign Account Tax Compliance Act 2010 (FATCA)....................................................................................124
The OECD’s Common Reporting Standard – An Evolution in Global Tax Compliance...........................................................128
Chapter 6 Practice Questions....................................................................................................................................................................130
CHAPTER 7 ASSET RECOVERY................................................................................................................................................. 131
Overview.............................................................................................................................................................................................................131
Participants in An Asset Recovery Team..............................................................................................................................................132
Importance of Sound Planning..................................................................................................................................................................133
Making the Case for Asset Recovery......................................................................................................................................................133
Repatriation of Assets..................................................................................................................................................................................138
Information Sharing and Mutual Legal Assistance Treaties (MLATs)..........................................................................................139
The Hague Convention.................................................................................................................................................................................139
Bankruptcy and Insolvency as Asset Recovery Tools........................................................................................................................141
Tracing, Forfeiture and Substitution of Assets....................................................................................................................................142

Other Evidence-Gathering Tools..............................................................................................................................................................143

Enforcement of Judgments........................................................................................................................................................................144
Third Parties That May be Held Liable to Financial Crime Victims............................................................................................... 147
Chapter 7 Practice Questions....................................................................................................................................................................148
CHAPTER 8 FINANCIAL CRIME INVESTIGATIONS.......................................................................................................... 149
Introduction......................................................................................................................................................................................................149
Civil Law and Common Law Systems......................................................................................................................................................150
Criminal Law and Civil Law..........................................................................................................................................................................151
Private vs. Public Investigations...............................................................................................................................................................152
Investigative Techniques.............................................................................................................................................................................153
Open-Source Intelligence............................................................................................................................................................................156
Practical Example: Finding Mary.............................................................................................................................................................. 157
Conducting an Internet and Public Record Data Search.................................................................................................................158
Interviewing Techniques..............................................................................................................................................................................159
Affidavits...........................................................................................................................................................................................................160
Recorded Testimony...................................................................................................................................................................................... 161
Intelligence vs. Evidence............................................................................................................................................................................... 161
Financial Crime Investigations Across International Borders........................................................................................................162
Tax and Secrecy Havens...............................................................................................................................................................................163
US Secrecy Havens........................................................................................................................................................................................164
Information Sources for a Financial Crime Investigation................................................................................................................164
Legal Considerations....................................................................................................................................................................................165
CHAPTER 9 INTERPRETING FINANCIAL DOCUMENTS................................................................................................168
Financial Crime versus Error......................................................................................................................................................................169
International Financial Reporting Standards (IFRS)..........................................................................................................................169
Understanding and Using Financial Statements................................................................................................................................. 170
Types of Financial Statements................................................................................................................................................................. 170
Income Statement or Statement of Earnings (Profit and Loss).................................................................................................... 170
Balance Sheet (Statement of Financial Position)............................................................................................................................... 174
Statement of Cash Flows............................................................................................................................................................................. 176
Other Types of Financial Records............................................................................................................................................................. 176
The World Customs Organization (WCO)............................................................................................................................................... 179
Analysis of Tax Returns................................................................................................................................................................................182
Protecting the Evidence..............................................................................................................................................................................183
CHAPTER 10 MONEY AND COMMODITIES FLOW.........................................................................................................184
Overview............................................................................................................................................................................................................184
Frequently Used Vehicles to Move Money.............................................................................................................................................185
Checks and Bank Statements....................................................................................................................................................................186
Correspondent Bank Accounts.................................................................................................................................................................186
Wire Transfers................................................................................................................................................................................................. 187
Intermediary Banks....................................................................................................................................................................................... 187
Non-Bank Foreign Exchange Companies and Money Transmitters..............................................................................................191
Informal Value Transfer System Legality...............................................................................................................................................191
An Example of a Hawala Transaction......................................................................................................................................................194
Commodities Trading to Move Money.....................................................................................................................................................195

Common Indicators of Suspicious Activity...........................................................................................................................................195

Prepaid Cards and Their Financial Crime Risks...................................................................................................................................198
Digital Currencies..........................................................................................................................................................................................202
Human Trafficking and Financial Flows.................................................................................................................................................208
Chapter 10 Practice Questions...................................................................................................................................................................211
CHAPTER 11 COMPLIANCE PROGRAMS AND CONTROLS...........................................................................................212
Overview............................................................................................................................................................................................................212
Organizational Overview of Financial Crime Controls......................................................................................................................213
Risk Assessments..........................................................................................................................................................................................215
Sanctions Compliance..................................................................................................................................................................................215
Office of Foreign Assets Control (OFAC)...............................................................................................................................................216
Sanctions Compliance Programs.............................................................................................................................................................. 217
Identifying and Reporting Unusual or Suspicious Activity.............................................................................................................220
The Evolving Compliance Landscape......................................................................................................................................................221
Global Expectations for AML Compliance Programs.......................................................................................................................222
Overview of the Risk-Based Approach..................................................................................................................................................222
Employee Onboarding and Monitoring.................................................................................................................................................. 227
Investigating and Identifying Beneficial Owners...............................................................................................................................230
Detecting and Reporting Suspicious Activity......................................................................................................................................231
Overview of AML Compliance Monitoring Systems..........................................................................................................................233
Ongoing Testing and Due Diligence of Monitoring and Reporting Processes.........................................................................235
Chapter 11 Practice Questions..................................................................................................................................................................236
CHAPTER 12 CYBERSECURITY...............................................................................................................................................238
Overview..........................................................................................................................................................................................................238
Recognizing and Detecting Cyber Financial Crime.......................................................................................................................... 240
Social Engineering...................................................................................................................................................................................... 240
Account Takeover......................................................................................................................................................................................... 244
Account Takeover Red Flags..................................................................................................................................................................... 247
Planning A Cybersecurity Program....................................................................................................................................................... 250
Other Network Security Standards and Industry Best Practices............................................................................................... 254
Responding to a Cyber Incident.............................................................................................................................................................. 257
Essentials of a Data Privacy Program....................................................................................................................................................259
International Data Privacy Laws and Regulations.............................................................................................................................260
Chapter 12 Practice Questions.................................................................................................................................................................263
CHAPTER 13 ETHICAL RESPONSIBILITIES AND BEST PRACTICES..........................................................................264
Overview...........................................................................................................................................................................................................264
Codes of Conduct..........................................................................................................................................................................................266
What Are Ethics?..........................................................................................................................................................................................266
Understanding the Respective Roles in Your Organization........................................................................................................... 267
Conflicts of Interest......................................................................................................................................................................................268
Privacy Considerations................................................................................................................................................................................ 271
Chapter 13 Practice Questions................................................................................................................................................................. 275

CHAPTER 14 INTERNATIONAL AGREEMENTS AND STANDARDS......................................................................... 276

Overview........................................................................................................................................................................................................... 276
United Nations................................................................................................................................................................................................ 277
Financial Action Task Force....................................................................................................................................................................... 278
Organization for Economic Cooperation and Development (OECD)...........................................................................................280
Basel Committee and its Guidance..........................................................................................................................................................281
European Union Directives on Money Laundering............................................................................................................................282
Wolfsberg Group............................................................................................................................................................................................283
Conclusion.......................................................................................................................................................................................................284
APPENDIX A REFERENCES AND RESOURCES................................................................................................................285
APPENDIX B ANSWERS TO PRACTICE QUESTIONS...................................................................................................293

CHAPTER 1
ACFCS AND THE
CHALLENGE
OF FINANCIAL
CRIME
THE ASSOCIATION OF CERTIFIED FINANCIAL

CRIME SPECIALISTS
The Association of Certified Financial Crime Specialists (ACFCS)

was created to respond to the growing need for documented, ver-
ifiable and certifiable knowledge and skill in the financial crime
field and to meet the career development needs of the diverse and
growing number of specialists in the private and public sectors
who work in this field.
11
CHAPTER 1 • ACFCS AND THE CHALLENGE OF FINANCIAL CRIME
To build the certification examination, ACFCS took

various steps over several months. Initially, a group
of diverse, expert professionals gathered over sev-
eral days to identify hundreds of job tasks that are
performed by financial crime specialists in distinct
occupations.
Once they identified the job tasks, their work was

distilled and framed into hundreds of questions that
went into a worldwide survey, asking specialists of
many occupations and in many world regions to
evaluate the job tasks for importance, gravity, fre-
quency and other factors. The ACFCS worldwide
survey was also designed to determine the skills,
competencies and job tasks that should be consid-
The principal mission of ACFCS is to certify the skill, ered essential to test a candidate for the Certified
knowledge and expertise of financial crime spe- Financial Crime Specialist certification.
cialists across the full spectrum of financial crime.
It provides learning and continuing education ben- Nearly 400 specialists throughout the world
efits that help financial crime specialists advance responded to the survey and provided the data that
and elevate their careers. ACFCS is also committed is the foundation of the certification exam. The sur-
to providing its members and the larger global audi- vey was designed by volunteer expert profession-
ence with a community of live and virtual network- als and ACFCS under the guidance of psychometric
ing opportunities that allow them to connect with experts from a distinguished psychometric test-
other professionals worldwide. ing firm. The survey identified that financial crime
professionals need knowledge and skills in the top-
To achieve these goals, ACFCS counts on a profes- ics listed below, which are also the topics tested
sional staff that has decades of experience in man- on the exam:
aging highly regarded professional associations.
• Financial Crime Elements and Overview
ACFCS is guided by a distinguished Advisory Board
that is composed of top international experts in • Money Laundering
diverse fields. They guide the association and pro- • Corruption Enforcement and Investigation
vide direction and assistance in the development of • Money and Commodities Flows
its programs and services.
• Tax Evasion and Enforcement
• Fraud Detection and Prevention
ACFCS CERTIFICATION EXAMINATION
• Investigations
The CFCS certification examination is a universal
• Cybersecurity and Privacy
exam. It does not rely on the knowledge of laws or
regulation of any one country or region for the basis • Sanctions Compliance
of the examination. It is also unitary, meaning that it • Ethics
is not designed for any specific number of occupa-
• Compliance Programs and Controls
tions or professions. Instead, it is built to accommo-
date the job tasks and requirements of all occupa- • International Standards
tions in the financial crime field. • Asset Recovery
12
This Certification Examination Preparation Manual

is designed to provide you with instruction that will
prepare you for the examination. By studying this
manual, however, you should not assume you will
earn a passing grade on the exam. Other knowledge
and experience in diverse financial crime fields in the
private/public sectors will enhance your prepared-
ness. This manual also includes practice questions
similar to those in the actual exam and an extensive
“I was
listing of references you may wish to review for fur-
ther preparation.
impressed by
CONSTRUCTION OF THE CFCS
the breadth of
CERTIFICATION EXAM
The CFCS certification examination is constructed
the exam. It is
according to the same nationally recognized psycho-
metric standards as other distinguished professional not US-centric
or based just
certifications. To meet the most exacting standards,
top financial crime, psychometric and certification
experts have devoted more than one thousand hours,
and hundreds of respondents shared their answers
and comments in the extensive worldwide survey on money
laundering.”
that ACFCS conducted.
This process was overseen by a professional staff with

substantial experience in creating and administering
professional certifications. ACFCS adheres to the
principles of psychometric competency assessment Juan Ducali, CFCS,
to ensure that its certification exam is a fair, unam-
biguous legally defensible test of knowledge and skill. CAMS, Senior
In collaboration with ACFCS, a psychometric firm
assures security at hundreds of testing locations
Compliance Officer,
worldwide, including more than 400 in the United
States and Canada. Candidates for the CFCS certifi- United Nations Federal
cation who meet the application requirements may
take the proctored exam at any of these locations by Credit Union
appointment. Also, ACFCS offers online proctored
exams for those who are not close to a testing center.
ACFCS is independent of all government agencies,

vendors, attorneys and consultants.
13
JOB AND CAREER BENEFITS FROM CONCLUSION

CFCS CERTIFICATION The effort against financial crime in the private and
By earning the CFCS certification, a person will vali- public sectors faces growing challenges. The skills
date his or her skills and earn an objective, verifiable and knowledge that professionals like you must
credential of competence. The CFCS certification acquire, refine and display to meet these challenges
will enable financial crime specialists to advance have great value. We challenge you to become a
their careers and give them compelling evidence of CFCS and stand on the cutting edge of financial
an advanced level of professional skill. It will assure crime competence.
employers that the work of discharging or manag-
ing organizational responsibilities, advocating for With thoughtful attention to the material in this
their interests and strategically promoting their Manual, you will go far toward success in the CFCS
cause is in the hands of someone who meets inde- certification exam. Your work as a Certified Finan-
pendent, rigorous standards of knowledge and skill cial Crime Specialist can offer enormous benefits
in the financial crime field. to your employer and organization, your clients and
your career. From the entire ACFCS team, we wish
The CFCS certification provides a unique, market- you the best.
able asset in a competitive workforce. It demon-
strates talent and skill. Those who earn it can expect
to be compensated accordingly. Increasingly, orga-
nizations in the private and public sectors around
the world are certifying their personnel as a visible
sign of commitment to competence and skill. The
CFCS certification is a timely embodiment of the
“knowledge economy” or “knowledge era” in which
we now live.
With thoughtful attention to the

material in this Manual, you will
go far toward success in the CFCS
certification exam.
14
CHAPTER 2 FINANCIAL CRIME OVERVIEW
FINANCIAL The world is awash in financial crime. No person or organization,
CRIME OVERVIEW, public or private, secular or religious, profit or nonprofit is immune.

Perpetrators of financial crime come in many forms, often using
COMMONALITIES
the façade of sham or shell legal entities to conduct their crimi-
AND nal activity.
CONVERGENCE
The immense earnings of financial criminals and their global
co-conspirators are impossible to calculate but easily run into
the trillions of dollars annually. Notable examples of the sources
of illicit profits of financial criminals are the public and private
healthcare programs that many nations provide to their citizens.
The United States government, for example, claims its Medicare
program suffers fraud losses of about $70 billion annually, or the
equivalent of $192 million daily. Just as with other financial crimes,
the fallout goes beyond the healthcare programs themselves.
Higher taxes and insurance premiums, along with increased gov-
ernment expenses to monitor and supervise the integrity of the
programs, are some of the consequences.
15
CHAPTER 2 • FINANCIAL CRIME OVERVIEW, COMMONALITIES AND CONVERGENCE
Much of this fraud, and thousands of other similar This Manual covers all of them, focusing mainly on
instances worldwide, is facilitated by corruption crimes that have a cash or economic advantage as
of the participants in the programs or in the pub- their primary objective. However, the Manual does
lic agencies that conduct them. Lax controls and not deal with some profit-motivated crimes, such as
auditing, poor supervision by regulators, inade- drug trafficking, illegal gambling, nuclear traffick-
quate enforcement by investigative agencies and ing, prostitution and similar offenses. While these
inattention to recovering the assets stolen by finan- crimes are also motivated by the desire to make
cial criminals emboldens others and breeds more money, they do not fit into the financial crime cate-
financial crime. gories in this Manual.
Government agencies and private sector victims of For your needs, we will cover those crimes in which
financial crime fare poorly in recovering the funds perpetrators possess or control the criminal pro-
that are taken unlawfully from government programs ceeds. At that point, these criminals become clas-
and from private sector victims. While estimates are sic financial criminals who must engage in some of
inherently difficult, statistics issued by government the common steps that all financial criminals take.
agencies suggest that only 2 to 5 percent of assets Money laundering is present in all financial crimes
that private- and public-sector victims lose to finan- and is a common and essential element that all
cial criminals is ever recovered. Asset recovery is financial crimes share, regardless of how they made
addressed in its own chapter of this Manual. their money.
What is financial crime? A good working definition

DEFINING FINANCIAL CRIME AND ITS may be that it is a non-violent action that results
PERMUTATIONS in the unlawful taking, moving, hiding or disguising
Permutations and perpetrators of financial crime of money or other value by the use of guile, artifice,
constantly evolve. At any given moment, persons in corruption or deception for the benefit of the per-
all parts of the world are conceiving new ways to petrator or of another.
take money or gain economic advantage illegally
from organizational and individual victims. Financial crimes include corruption, money launder-
ing, fraud, tax evasion and sanctions violations. Each
Except for crimes of passion and those committed of these categories has subsets, offshoots or tribu-
to make an ideological statement, such as terror- taries. For example, identity theft and embezzlement
ism, all crimes are committed to make money or are subsets of fraud. Corruption exists in both the
gain an economic advantage. Even crimes of pure public and private sectors. Money laundering may be
passion sometimes have a financial element, such practiced in many ways and may involve persons in
as in the case of a person plotting the murder of a all walks of life and private and public-sector orga-
family member to claim a life insurance policy. nizations. One type of financial crime often overlaps
another, as is discussed below in the section dealing
Most financial crimes have four phases: with the commonalities of financial crime.
1. When the crime is being planned
2. When the crime is committed TECHNOLOGY CHANGES
3. When the proceeds are laundered COMPLEXION OF FINANCIAL CRIME
4. When the victim’s losses are identified and Financial crime is not static. It evolves and adapts
asset recovery is needed. to circumstances and opportunities. Identity theft,
16
for example, is not a new type of crime, but the investigate, report, train and remediate on financial
advance of technology has spurred its growth and institutions, businesses, and other organizations, all
made it a global menace. Similarly, cybercrime did at a significant cost.
not exist before the arrival of digital technology and
the Internet. Even in the face of these mighty defensive and
offensive efforts composed of private- and pub-
Financial crime today is more extensive, complex lic-sector organizations, financial crime continues
and technology-driven than ever before; so are the to grow. Financial criminals are industrious and find
government and private sector efforts against it. weaknesses, loopholes, negligence or corruption to
Investigative and enforcement procedures and reg- facilitate their crimes.
ulatory measures that seek to block or detect finan-
cial crime need to grow at the pace of the evolving
techniques of financial criminals. GLOBALIZATION OF
FINANCIAL CRIME
New laws and regulations, multinational agree- Financial crime flourishes when it crosses national
ments, treaties and conventions, and working borders. By crossing these borders, the financial
groups are all aimed at financial crime. Non-govern- criminal complicates law enforcement efforts by
mental organizations, such as the Financial Action forcing the agencies of one country to obtain the
Task Force (FATF), the Egmont Group, Interpol and cooperation of their counterparts in other countries
others, have been formed in the past fifty years for the purpose of gathering evidence or locating
to help public and private sector organizations to suspects and witnesses. It usually causes the perti-
combat financial crime. nent authorities to seek the assistance of an inter-
national treaty, convention or agreement, or an
Starting in 1990 with the creation of the US Finan- international organization such as Interpol.
cial Crimes Enforcement Network (FinCEN), nations
began creating agencies that have come to be This takes extra time, which favors the financial crim-
known as Financial Intelligence Units (FIUs) that inal. As time passes, the financial criminal is better
facilitate international information sharing and able to find refuge for the financial crime proceeds,
cooperation. The success of these efforts often tamper with the evidence and even seek safe haven.
depends on the political will of nations to accept,
adopt and enforce them. The more than 60 “secrecy havens” around the globe,
ranging from obscure islands, such as Nauru and
The patchwork of national and international require- Tortola, to long-standing havens, such as Lichten-
ments and standards places the duty to monitor, stein and Switzerland, are a convenient and vital
resource for financial criminals to move and hide
their assets. These havens provide financial crimi-
nals a crucial resource that completes the crime.
COMMONALITIES OF ALL
FINANCIAL CRIMES
There are many types of financial crime, such as
money laundering, fraud and corruption, each
with distinct subsets, such as terrorism and threat
17
COUNTRIES LISTED ON VARIOUS TAX HAVEN LISTS

Caribbean/West Indies Anguilla, Antigua and Barbuda, Aruba, Bahamas, Barbados,e,e British Virgin
Islands, Cayman Islands, Dominica, Grenada, Monserrat,a Netherlands Antilles,
St Kitts and Nevis, St. Lucia, St. Vincent and Grenadines, Turks and Caicos,
U.S. Virgin Islands a,e
Central America Belize, Costa Rica,b,c Panama
Coast of East Asia Hong Kong,b,e Macau, a,b,e Singaporeb
Europe/Mediterranean Andorra,a Channel Islands (Guernsey and Jersey), e Cyprus, e Gibralter, Isle of
Man, Ireland,a,b,e Liechtenstein, Luxembourg, Malta,ᵉ Monaco, San Marino,ᵃ,
Switzerlanda,b
Indian Ocean Maldives,a,d Mauritius, a,c,e Seychellesᵃ,
Middle East Bahrain, Jordan,a,b Lebanon a,b
North Atlantic Bermuda,e
Pacific, South Pacific Cook Islands, Marshall Islands,a Samoa, Nauru,c Niue,a,c Tonga,a,c,d Vanuatu
West Africa Liberia
A Table Listing Countries that Appear on Multiple Lists of Tax Havens Issued by Countries and NGOs, Including the OECD, US
Government and Others. Source: US Congressional Research Service Report in 2015,
“Tax Havens: International Tax Avoidance and Evasion”
finance, identity theft and commercial bribery. lator of sanctions laws, an identity thief and other
But, they all share several constant commonalities, financial criminals, at some point, must hide or
which make them more alike than not. disguise the criminal proceeds. The domestic or
international movement of “clean” money for the
Recognizing and exploiting the commonalities purpose of committing a financial crime, money
helps private- and public-sector organizations laundering is a necessary function of the financial
build a cohesive, comprehensive and collaborative criminal because it permits him to mask his involve-
approach to financial crime, and maybe get even ment in the financial crime, evade the payment
better results. The issue of convergence is dis- of taxes and move the money to hide it from vic-
cussed in this chapter. tims and government authorities. The broad reach
of most money laundering laws and the predicate
Financial crimes have these commonalities: crimes that activate prosecutions for money laun-
All financial crimes involve money laundering. At dering, as well as the international money launder-
some point in the planning and execution of finan- ing control standards of the Financial Action Task
cial crimes, all of them involve money laundering. A Force (FATF) and other world bodies, lend cred-
business involved in a foreign corrupt payment, a ibility to the fact that all financial crimes involve
public official who receives illicit payments, a vio- money laundering.
18
All financial crimes result in tax evasion. It would

be a unique financial criminal who would go to
great lengths of stealing and disguising his gains
and still declare his criminal proceeds in an income
tax return. Tax evasion is committed by the parties
on both sides of most financial crime transactions,
such as those involving corruption. Where a trans-
action involves official corruption, for example, tax
evasion is usually committed by both parties of the
transaction. The corrupter falsifies his tax return by
mischaracterizing the withdrawal or transmission
of funds or the generation of cash destined for the FATCA Report
corrupt official. The public official who receives the

corrupt payment will either not report the income or insurance companies, commodities traders, money
falsify its source on the tax returns that he may file. transmitters and other entities where the public can
conduct financial transactions.
Tax evasion is not only a financial crime in its own
right, but it is also a byproduct of other crimes. The FATF resources offer a wealth of information on
The FATF announced in February 2012 that it was financial crime, including the wide range of financial
expanding its “40 Recommendations” on money institutions that financial criminals use. The FATF
laundering after 22 years to include recommen- also publishes a wide range of financial crime typol-
dation for measures against tax evasion. This can ogies and commentaries that financial crime spe-
be viewed as an important validation that financial cialists will find helpful. The many types of financial
crime and tax evasion are intertwined. institutions and businesses that are implicated in
financial crime cases attest to the indispensability
Apart from this important step toward a more of financial institutions to financial criminals and
active world effort against tax evasion, the enact- the diversity of them.
ment of far-reaching tax compliance laws with a
multinational reach, like the landmark US Foreign The vulnerability of these businesses to be lever-
Account Tax Compliance Act (FATCA) of 2010, is aged in a financial crime is compounded by the risks
a harbinger of a more active multinational assault that their employees, who may be corrupted or com-
on tax evasion and its arrival as a top international promised, present. All institutions and businesses
priority. These landmark developments, symbolized face this common threat of the “enemy within.”
by FATCA and the OECD’s Common Reporting Stan- These are the employees or insiders that can com-
dard, are among the major financial crime develop- promise operations, steal or leak confidential infor-
ments of the early part of the 21st century. They are mation, corrupt internal processes, rig technologi-
discussed in the chapter on tax evasion. cal settings and programs, weaken organizational
defenses, assist inside or outside financial criminals,
All financial crimes require a financial institution. and inflict harm that their unique position enables
No financial crime of any magnitude can be carried them to carry out.
out without a financial institution. The term “finan-
cial institution” covers more than banks. In the A corrupt or compromised employee can wreak as
broad sense, it also includes private banks, credit much havoc or more in a private- or public-sector
unions, cooperative institutions, securities dealers, organization as any outside financial criminal can.
19
The irony is that despite this ability to inflict so

much harm, employees or insiders often receive far
less screening and due diligence examination than
customers before they are placed on the job.
Financial institutions spend significant time and

money on due diligence reviews focused on cus-
tomers, but for employees or other insiders, they
spend relatively little in pre-employment screening
and post- employment monitoring. Employees are
often hired with the prior review and approval of
only human resources departments. Investigation
and vigilance of post-employment employee and
insider conduct is usually the responsibility of cor-
porate security departments.
Financial criminals appreciate the value of a com-

plicit insider and are eager to promote the employ-
ment of an accomplice by an organization that
they targeting.
All financial crimes interface with government

agencies. Every financial crime produces or acti-
vates a pre-existing interface for a financial insti-
tution or affected business with a government
agency. For most financial institutions, a regulatory
or supervisory agency that oversees compliance
will normally need to be informed of the occurrence
or the suspicion of a financial crime in a Suspicious
Activity Report1 (SAR) or other communication
with an agency.
If a financial crime occurs at or through a business

that is not required to file suspicious activity reports,
the business will invariably interface with a govern-
ment agency when agents arrive to investigate the
crime or seek records pertaining to the crime.
In most countries, data from suspicious activity

reports and other government reporting forms are
processed through government “financial intel-
ligence units.” More than 120 nations have FIUs,
which band together in a confederation known as the
1. These are known as Suspicious Transaction Reports (STRs) in many jurisdictions.
20
Egmont Group. 2 The Group facilitates the exchange applied, all major financial crimes involve multiple
of data and intelligence among its members, under countries, especially in today’s electronic world.
security protocols, with the goal of improving multi-
national efforts against financial crime. The many bilateral agreements and multinational
treaties, mutual legal assistance treaties, tax infor-
All financial crimes create the need for asset mation exchange agreements, financial informa-
recovery. All financial crime leaves someone poorer tion exchange agreements, intergovernmental
than they were before. The major recent financial agreements, extradition treaties and other interna-
crimes, such as the Bernie Madoff Ponzi scheme, tional cooperative agreements that bear on finan-
the international bank mega-fraud of Allen Stan- cial crime underscore the international nature of
ford, the legal settlements scheme of Scott Roth- these crimes.
stein and others have left behind tens of thousands
of victims with billions of dollars in losses. Some laws have an international focus by defini-
tion or by their very name. The US Foreign Corrupt
Thousands of less-celebrated financial criminals Practices Act (FCPA) is an example. The placement
worldwide leave millions of other victims behind. of law enforcement agents of a country in their
Victims that have the resources to attempt to nation’s embassies overseas and the work of inter-
recover their assets rarely succeed in these efforts. national organizations, such as Interpol and the
Government agencies that seek to recover funds FATF, all highlight the cross-border nature of major
that are stolen from government programs are financial crimes.
no more successful in their efforts, despite the
strong asset recovery, legal and judicial weapons Financial crime often involves public or private sec-
they possess.3 tor corruption. Nothing facilitates financial crime
more than a corrupt or complicit business insider or
Asset recovery is the neglected art of the financial public official. Corruption is the engine that drives
crime continuum. The failure to recover the assets most major international financial crime. Apprecia-
taken by financial criminals is a primary cause of tion of the corrosive effect of corruption has moved
the growth of financial crime. The deterrent effect many organizations to mount a broad, still blossom-
that successful asset recovery could achieve is ing assault on corruption in recent years, as evi-
missing. Financial criminals have the pleasant real- denced in part by the revised 40 Recommendations
ity that they rarely are required to relinquish the of the FATF. Global anti-corruption is covered in its
money they take from their victims — even if they go own chapter of the Manual.
to prison. Asset recovery is discussed extensively in
a later chapter. Public and private-sector corruption has many vari-
ations. Examples include the unlawful payment by
All (major) financial crimes involve more than one a business to the employee of another business to
country. Whether it is the location of the financial obtain trade secrets, or the bribery of a regulator
crime victim, the base of operations of the finan- to turn a blind eye to criminal activity in a financial
cial criminal or his co-conspirators, the home of institution or other type of business.
the financial institutions they use, or the countries
where the criminal proceeds moved through or were
2. To learn more, please click here: www.egmontgroup.org

3. While it is hard to ascertain an exact number for obvious reasons, it is estimated that five percent or less
of assets are recovered from financial crimes.
21
CAPITALIZING ON THE For example, some financial institutions have uni-

‘COMMONALITIES’ AND EXPLORING fied fraud and AML departments that previously
operated separately. This has allowed fraud inves-
‘CONVERGENCE’
tigators to learn and capitalize on monitoring tools
By examining these commonalities, financial crime used by AML analysts and, at the same time, pro-
specialists in the distinct component fields of anti- vided the AML analysts access to the investigative
money laundering (AML), fraud, global anti-cor- expertise of persons in the fraud units.
ruption and others can determine if adoption of
a coordinated, integrated approach, instead of a If the common bonds that financial crimes share
splintered or siloed approach that now character- make the case for a centralized approach, then
izes financial crime efforts, is advisable. convergence may be the best course of action. The
commonalities seem to justify a deep examination
Currently, many detection, prevention, regulatory of the way financial crimes are dealt with by private-
and enforcement efforts directed at financial crime and public-sector entities. They call for a stream-
follow the siloed approach. A unified or “converged” lined, unified effort that improves effectiveness.
approach may allow private and public entities to
end underutilization of disciplines and allow internal
units to achieve greater efficiency, economies and CONCLUSION
effectiveness. The global financial crime field is complex and rap-
idly evolving, but recognizing the commonalities
Understanding and appreciating the commonal- and intersections between all financial crimes is a
ities can lead to development of a cohesive, more necessary starting point. Approaching financial
effective global approach to financial crime in pub- crime more holistically may offer a more coordi-
lic- and private-sector entities. The culmination of nated, efficient response in the compliance, inves-
this approach comes in the creation of converged tigative and enforcement fields. It also serves as a
units with titles such as the Financial Crime Risk means to introduce the wide range of topics that
Management Group within institutions and organi- will be covered in subsequent chapters.
zations. This approach has the potential to improve
results, streamline procedures, upgrade utility of
information and intelligence, increase collabora-
tion among diverse employees and organizations,
and save money.
22
CHAPTER 3
MONEY
LAUNDERING
OVERVIEW
For financial criminals, money laundering is an indispensable,

ever-present element of all financial crimes. It can occur at the
beginning, middle or end of a crime, but it always happens. No
financial crime, such as fraud, corruption, tax evasion, violations of
sanctions laws or others, may be committed without acts of money
laundering at some stage in the offense.
23
CHAPTER 3 • MONEY LAUNDERING
Money laundering is a crime that has existed since

the first time a person improperly or unlawfully took
THE FINANCIAL
something of value from someone else. Financial
criminals know that the detection of their illicit activ-
ACTION TASK FORCE
ity, or the manner by which the proceeds of the activ- The Financial Action Task Force, or FATF, was
ity are derived, moved or utilized, will unravel their formed in 1989 by the world’s largest and most
scheme and usually lead to legal consequences in economically powerful nations, the G-7 group
most countries. of countries, which at the time were Canada,
France, Germany, Italy, Japan, United King-
In effect, the detection of the movement of money dom and United States. Since its inception,
from the pockets of victims into the pockets of the the Financial Action Task Force has evolved
financial criminal is the most certain way to prove the into the principal standard-setter of global
method and actors behind most financial crimes. anti-money laundering norms and policies
adopted by nations, financial institutions and
Money laundering, broadly defined, is the process other organizations.
of concealing the existence, source or application
of income, or the disguising of its source to give it FATF was assigned to examine money launder-
the appearance of legitimacy. Efforts to detect and ing techniques and trends, assess the policy
prevent money laundering typically revolve around and enforcement action already undertaken
understanding the source and origins of funds. at a national or international level, and set out
measures still needed to combat money laun-
In other words, money laundering is the act of decep- dering. The first formal action of the FATF in
tion in the control, management or movement of early 1990 was to promulgate the “40 Recom-
money or other assets that have been derived by mendations,” a set of recommended conduct
illegal means, or that came from legitimate sources for government agencies, financial institu-
but are being moved to another location to finance or tions and other organizations in combating
perpetrate an illegal act. money laundering around the world.
Although it has been practiced for millennia, money In 2001, the development of standards in the
laundering took a long time to obtain formal designa- fight against terrorism financing was added
tion as a crime, and even longer for money laundering to the mission of the FATF. In October 2001,
laws to evolve into potent weapons against financial the FATF issued the Eight Special Recom-
and other profit-motivated crime. mendations to deal with the issue of terror-
ism financing. The continued evolution of
In 1986, the United States was the first nation to money laundering techniques led the FATF to
enact a law that classified money laundering, or the revise the FATF standards comprehensively
“laundering of monetary instruments,” as a crime. It in June 2003. In February 2012, the Recom-
was prompted to act, largely, by the realization that mendations underwent their most signifi-
international drug trafficking organizations were cant revamping in almost a decade, with the
earning billions of dollars and using financial institu- release of the revised 40 Recommendations
tions and other legitimate businesses to hide, move that merged the Special Recommendations
and disguise their massive wealth. At the same time, back into the other standards.
it recognized the negative effects of the involvement
of criminal organizations in financial institutions and
24
other legitimate businesses as customers and own- the official acts of the public official. The movement
ers, together with their corrupting influence in gov- of those funds is money laundering.
ernment operations.
In a sanctions violation, a corporation that wants to
Today, nearly every country has enacted money continue doing business with a sanctioned country
laundering laws with widely varying characteristics. routes the money involved in a prohibited transac-
However, in general, they are all designed to serve tion through a third party that does not reside in,
as a deterrent to financial and other criminals by or have direct relationships with, the sanctioned
criminalizing their relationships with financial insti- country. That is money laundering as well.
tutions and other legitimate businesses, reducing
their wealth and increasing the risk for financial In fact, any attempt or conduct designed to hide and
institutions and other businesses that knowingly do conceal the source, movement, control or ownership
business with them. of money illegally derived is an act of money laun-
dering. Similarly, a process that involves the move-
ment of money derived through legitimate means,
MONEY LAUNDERING METHODS but which is intended or destined to be used to com-
In one simple example, to carry out a Ponzi scheme, mit a crime, such as in the above example of the cor-
the promoter must disguise the funds he is paying to rupt foreign official, is also money laundering under
the initial victims of the scheme as their “investment the laws of many nations, including the United States.
earnings” when they truly represent funds received
from later victims. That is money laundering. The Financial Action Task Force (FATF) is an inter-
governmental organization formed in 1989 designed
Another example is a scheme in which a company to establish global standards on money laundering
draws funds from its account in its home country controls. It is based in Paris. Long ago, the FATF
and transports the funds across national borders developed a working definition of money laundering
so that they may be given, through an intermediary involving funds that originated in illegal activity:
or “bagman,” to a public official in another country.
The purpose of the illegal payment is to influence 1. The conversion or transfer of property,
knowing that such property is derived
from a criminal offense, for the purpose of
concealing or disguising the illicit origin of
the property or of assisting any person who is
involved in the commission of such an offense
or offenses to evade the legal consequences
of his actions;
2. The concealment or disguise of the true nature,
source, location, disposition, movement, rights
with respect to, or ownership or property,
knowing that such property is derived from a
criminal offense;
3. The acquisition, possession or use of
An image of Charles Ponzi taken August 1920. That property knowing at the time of receipt that
year, Ponzi launched the investment fraud scheme such property was derived from a criminal
that would later come to bear his name. offense or from an act of participation in
such offense.
25
• Smurfing, or using cash couriers to make

many (usually small) cash deposits in various
financial accounts
• Utilizing front companies, especially cash-
intensive businesses like bars and certain
retail stores
• Exchanging cash for commodities and assets
such as precious metals, precious stones, or
high-value luxury goods
• Changing currency into other financial
instruments like cashier’s or traveler’s checks
• Utilizing “gatekeepers”, either complicit or
THE THREE STAGES OF unwitting, like attorneys or wealth managers
to accept cash or move funds through
MONEY LAUNDERING
their accounts
One of the widely accepted precepts of money laun-
• Using complicit or corrupted financial
dering is that it is a process with three major stages.
institutions such as banks, broker-dealers
While not every act of money laundering necessar-
or MSBs that knowingly participate in a
ily executes each of these three steps, it is still a via-
criminal scheme
ble investigation methodology.
• Purchasing digital currencies in cash via direct
1. PLACEMENT contact with the sellers or online sites that
facilitate such transactions
Broadly, placement represents the initial entry of
funds into the financial system. In many scenarios
In instances where criminals are dealing in large
this is the physical movement of the cash proceeds
quantities of cash, such as narcotics traffick-
of a financial or other crime into a financial insti-
ing, placement can reduce the risks and logistical
tution, such as a bank, money services business
difficulties of storing and moving large volumes
or securities broker-dealer. The primary goal of
of currency.
placement is to gain access to the financial system,
while distancing funds or assets from their illicit
Placement is typically viewed as the stage in which
source and origin.
launderers are most vulnerable to detection. Inject-
ing large amounts of funds into the financial system
As the first step in the money laundering process,
can lead to scrutiny from financial institutions and
placement is often conducted in cash, but does not
initiate reporting to law enforcement or regulatory
need to be. It can take advantage of traditional or
agencies. Several examples of placement, such as
non-traditional financial institutions, as well as a
structuring and bulk cash smuggling, will be dis-
wide range of non-financial entities.
cussed in more detail later in the chapter.
Some common placement methods include:
2. LAYERING
• Structured deposits, or deposits of cash in
financial institutions in amounts below a Layering, the second stage, separates criminal pro-
jurisdiction’s currency reporting threshold ceeds from their source and origin through layers
of transactions. This means separating the criminal
26
proceeds and their source by the creation of layers establish their susceptibility to recovery, and pin
of financial transactions that disguise their flow and the crime on the perpetrator.
reduce their ability to be traced. It often involves
multiple participants and entities, like shell corpo- Electronic fund transfers are probably the most
rations and cross- border transactions. important layering method that money launderers
use. Millions of transfers are sent annually world-
The more complex and numerous the layers con- wide because they provide the advantages of speed,
structed by the financial or other criminal, the more distance and increased anonymity.
difficult it is to uncover the location of the funds,
THE RUSSIAN LAUNDROMAT

First revealed by journalists with the Organized Crime and Corruption Reporting Project (OCCRP), the
“Russian Laundromat” was a name given to a complex money laundering scheme that moved an esti-
mated $20.8 billion in suspicious funds from Russia through banks in Moldova and Latvia, and from
there to financial institutions and businesses around the world.
The scheme was reportedly orchestrated by a group of Russian businessmen, some with criminal pasts
and most with ties to the Russian government. The arrangement had all the hallmarks of a complex
money laundering scheme, utilizing weak points in the company formation processes, legal system and
financial systems around the globe. It illustrates the ingenuity of sophisticated financial criminals.
In simplified terms, the Laundromat functioned like this:

• The perpetrators behind the Laundromat formed a web of shell companies in Russia and transferred
funds to accounts at Russian banks held in the names of these companies.
• The scheme’s organizers also created a group of 21 shell companies in the UK, Cyprus and New
Zealand, under the names of fake directors and shareholders
• The next steps relied on exploiting the legal system in Moldova. Organizers would create a fake
“promissory note,” or document indicating that one of the Russian shell companies owed money to
one of the shells in the UK, New Zealand or Cyprus.
• Judges in Moldova would issue an order requiring the Russian company to pay the debt. This
created a seemingly legitimate business rationale to move the funds from Russian banks.
• About $8 billion was transferred to Moldindconbank in Moldova, to an account supposedly
controlled by the court, and another roughly $13 billion to Trasta Komercbanka in Latvia.
• As Latvia is a part of the European Union, the funds now appeared less risky and likely to
questioned by other financial institutions. The money was transferred from these banks to accounts
held at institutions all over the world.
The Russian Laundromat was unveiled in 2016 and has prompted investigations in several countries,
including the UK, Moldova and Russia. Three officials of Moldova’s central bank, along with 15 judges,
have been arrested in the case.
27
A good understanding of the layering process helps

collect evidence that can be used to prove the con-
cealment and knowledge of the perpetrator.
Financial criminals also utilize complex asset move-

ment among entities a launderer controls. Perpe-
trators of a laundering scheme can create multi-
ple shell corporations, trusts, offshore accounts
or even legitimate businesses, and shift assets
between them. These layering techniques typically
rely on corporate structures and vehicles set up to
disguise a money launderer’s ownership of multiple
accounts and entities. These include shell corpora-
tions, trusts and offshore accounts.
3. INTEGRATION
A good understanding of the layering process helps Integration puts laundered proceeds into the legit-
collect evidence that can be used to prove the con- imate economy to appear legitimately derived. This
cealment and knowledge of the perpetrator. Clearly, is the final stage in the money laundering process.
as in the case described above, a savvy financial Once the layering process is complete, the criminal
criminal will not make an investigator’s life easy. who is laundering the illicit proceeds must make
them look legitimate. Detecting integration can
Another viable method of layering leverages secu- require complex and resource-intensive investiga-
rities and financial instruments. A money laun- tive techniques, such as forensic accounting, infor-
derer might make multiple trades in securities, mants and undercover operations.
such as stocks, bonds, options and commodities,
to conceal the source of funds, or purchase secu- Competently done, integration makes it very diffi-
rities and transfer them between entities the laun- cult to distinguish between legitimate and illegit-
derer controls. imate funds. Front or shell companies, real estate
transactions, bearer shares, trusts, limited lia-
Other layering techniques can include: bility companies, international business compa-
• Converting deposited funds into multiple nies, nominee ownership, corrupt bank employees
different financial instruments or commodities, or collaborative international trade partners are
such as precious metals or stones popular methods of integration used by shrewd
• Transferring ownership of accounts, assets money launderers.
or properties between entities or persons
controlled by the criminal There are many methods of integration, but they
commonly revolve around real estate and asset
• Blending illicit proceeds into accounts with the investments. The purchase of, or investment in,
legitimate proceeds of a business actual or fictitious assets is one avenue to integrate
funds. As an example, a launderer could arrange
From the perspective of the money launderer, the
to buy a property from an associate for an inflated
more layers involved and the greater the complex-
price. Laundered funds thus enter into the financial
ity, the better. Adding layers makes it increasingly
system as legitimate profit from a property sale.
difficult to trace funds to perpetrator.
28
Trade-based money laundering is a popular integra- MONEY LAUNDERING INDICATORS

tion method to launder funds across borders. This
It is always advisable to visit the websites of appro-
involves using false or over-invoiced import/export
priate government agencies in one’s country to
transactions. Trade-based laundering will be cov-
view the indicators, recommended training topics,
ered in more detail later in this chapter.
suggested best practices and other vital informa-
tion that can serve financial crime officers, includ-
Other integration techniques can include:
ing AML specialists. The websites of many of these
• Purchasing or investing in legitimate businesses
agencies and the umbrella organizations under
using laundered proceeds
which they have banded together, such as the FATF
• Making investments in securities with and the Egmont Group, are contained in the Refer-
laundered funds ences section of this Manual.
• Business arrangements between entities
controlled by financial criminals, such as zero- Searching open-source information is a vital ele-
interest loans made between shell companies, ment of financial crime due diligence, investigations,
purported repayment of debts between historical reviews and analyses in all situations,
companies, false invoicing schemes and more. especially where terrorist financing or money laun-
dering may be in play.
Lawyers, accountants and intermediaries, such
as company formation agents, can also play a One of the pioneers in building public and private
role in integration, with or without their knowl- sector defenses against money laundering was
edge. Launderers can use consultants and other Australia. It was one of the earliest countries to
third parties to make financial transactions on establish a Financial Intelligence Unit (FIU), which
their behalf, such as purchasing assets or making is called Austrac. This respected agency, which has
investments. They can also set up fictitious con- been in the forefront of the world effort against
sultancies to funnel money back to themselves or financial crime and its component, money launder-
their associates. ing, since 1990, published what it called the follow-
ing “non-exhaustive” listing of money laundering
In general, the use of secrecy havens, coupled indicators in 2009.
with one or more of these tactics, allows the
financial criminal and money launderer to con- Austrac recommended that financial institutions
ceal beneficial ownership from corporate records, and other business organizations should include
utilize nominee officers, managers and corporate these indicators in their training programs, but
directors as fronts, and distort the business lifes- warned that: “Money launderers and terrorism finan-
pan of the offshore entities that were purchased ciers will continuously look for new techniques to
or established for use in the money laundering obscure the origins of illicit funds to give the appear-
activities. More on secrecy havens will be dis- ance of legitimacy to their activities. (Anti- Money
cussed in later chapters. Laundering and Counter Terrorist Financing) officers
should continually review their products, services
Regardless of the stage or technique used, money and individual customers to ensure their internal
laundering has serious economic and social effects AML/CTF systems and training remain effective.”
on society. Among them are the fostering of public
corruption, unfair competition with legitimate busi- There are more than 70 indicators of potential
nesses, and a weakening of financial institutions. money laundering that have been identified by Aus-
trac. We have grouped them below for clarity:
29
ACCOUNT PROFILE INDICATORS
• Same home address provided for funds

transfers by different people
• Income inconsistent with customer profile
• Use of false identification documentation (to
conduct transactions, etc.)
• Use of variations when spelling
Australian Transaction Reports and Analy-
names/addresses
sis Centre (AUSTRAC)
• Value of funds transfers inconsistent with
customer profile AUSTRAC oversees the compliance of Aus-
• Unusual customer behavior tralian businesses, defined as ‘reporting
entities,’ with their requirements under the
• Use of multiple accounts for deposits
Anti-Money Laundering and Counter- Ter-
rorism Financing Act 2006 and the Finan-
ACCOUNT ACTIVITY INDICATORS
cial Transaction Reports Act 1988.
• Account activity inconsistent with
customer profile These requirements include implementing
• Account operated by someone other programs for identifying and monitoring
than the owner customers and for managing the risks of
money laundering and terrorism financing;
• Common bank accounts identify and link
reporting suspicious matters, threshold
“superannuates,” facilitators and organizers
transactions and international funds trans-
• Large number of accounts held by customer fer instructions; and submitting an annual
with the same institution compliance report.
• Numerous large deposits via ATMs
In its intelligence role, AUSTRAC provides
• Purchase of bank checks
financial information to state, territory and
• Purchase of bank drafts by third parties Australian law enforcement, security, social
• Numerous loan applications for less than (a justice and revenue agencies, and certain
specific dollar figure) international counterparts.
• Same or similar methods used to acquire more
The intelligence provided has been ana-
than one bank loan
lyzed by highly qualified AUSTRAC person-
• Transactions inconsistent with customer profile nel who use sophisticated tools to identify
• Use of student accounts after their departure information that can assist AUSTRAC’s
from the country partner agencies to investigate and pros-
ecute criminal and terrorist enterprises in
• Significant cash withdrawals from
Australia and overseas.
superannuation accounts
• Unusual bank account activity into and out of
superannuation account(s)
• Use of inactive account
30
GAMBLING INDICATORS • Similar transactions conducted over a short

• Betting accounts with large deposits but with period of time
minimal betting activity • Use of stored value cards
• Cash withdrawals from betting accounts in
checks and vouchers INTERNATIONAL ACTIVITY INDICATORS
• Client is a known frequent gambler and/or high • Funds transferred to overseas account but then
roller at a casino withdrawn in (the country)
• Large funds transfers after gambling activity • Funds transfers to numerous offshore
jurisdictions with no business rationale
• Structuring of gambling purchases, payouts
and withdrawals • Departure from (the country) shortly after
making funds transfers
• Unusual pattern of phone betting transactions
• Funds transfers involving a tax haven
BUSINESS ACCOUNT INDICATORS • Multiple deposits made to same overseas
• Company account used for personal use account by different people
• Business activity inconsistent with • Large international funds transfers

business profile • Use of multiple remittance service providers
• Use of false company to transfer funds to common overseas
beneficiaries
• Use of false invoices
• Use of multiple remitters in the same
TRANSFER, DEPOSIT AND WITHDRAWAL geographical location
PATTERN INDICATORS • Use of international credit card
• Frequent cash deposits made over a short
period of time INDICATORS INVOLVING REAL PROPERTY
• Frequent check deposits • Client purchases or sells real estate above

or below the market value while apparently
• Large cash deposits unconcerned about the economic disadvantages
• Large cash transactions conducted over a short of the transaction
period of time • Low-value property purchased with
• Large cash withdrawals with a bank check improvements paid for in cash before re-selling
• Multiple funds transfers below a specific • Purchase of high-value assets (e.g., real estate,
dollar figure luxury vehicles)
• Outgoing transfer with corresponding incoming
funds transfer – appears to be a ‘u-turn’ THIRD PARTY ACTIVITY INDICATORS
transaction or ‘round tripping’ • Use of third parties to conduct international
• Purchase of travelers checks with cash funds transfers
• Withdrawing all, or nearly all, funds from an • Use of third parties to conduct transactions
account within a short period of time • Use of third party accounts
• Structuring of funds transfers or transactions • Use of family member accounts
31
• Use of gatekeepers (e.g., accountant)

• Third parties used to open bank accounts
MULTIPLE TRANSACTION RED FLAGS

• Multiple funds transfers conducted from the
same location
• Multiple funds transfers involving a high-risk
drug country
• Multiple funds transfers to common
beneficiaries
• Multiple geographical locations used to
conduct transfers
• Multiple low-value funds transfers • No business rationale or economic justification
for the transaction
• Multiple transactions occurring on the same day
from different geographical locations • Unusual cash activity in foreign bank accounts
• Multiple transactions occurring on the same day • Multiple cash deposits in small amounts in an
to the same beneficiary account followed by a large wire transfer to
another country
• Multiple transactions on the same day
• Use of multiple foreign bank accounts
INDICATORS LINKED TO FINANCIAL
TRANSACTIONS
FINANCIAL INSTITUTION
• The use of funds by the non-profit organization
is not consistent with the purpose for which it
MONEY LAUNDERING METHODS
was established AND VEHICLES
• The transaction is not economically justified Money laundering may be conducted through vir-
considering the account holder’s business tually every type of entity, vehicle or institution,
or profession including offshore entities, wire transfers, trusts,
Hawala, securities dealers, car dealers, correspon-
• A series of complicated transfers of funds from dent accounts, or wherever the criminal proceeds
one person to another as a means to hide the find the point of least resistance. However, finan-
source and intended use of the funds cial institutions are a particularly important vehi-
• Transactions which are inconsistent with the cle to criminals for the disposal and movement of
account’s normal activity criminal proceeds. They have vulnerable operations,
• Deposits were structured below the reporting customers and relations that can serve money
requirements to avoid detection launderers well.
• Multiple cash deposits and withdrawals with Following is a partial listing of some of the vul-
suspicious references nerabilities.
• Frequent domestic and international
ATM activity
32
THE EGMONT GROUP OF FINANCIAL INTELLIGENCE UNITS

The Egmont Group of Financial Intelligence Units is an informal international gathering
of financial intelligence units (FIUs). The Group, formed in 1995, took its name from the
palace in Brussels where the meeting took place.
The Egmont Group defined an FIU as a central, national agency responsible for receiv-
ing (and, as permitted, requesting), analyzing and disseminating to the competent
authorities’ disclosures of financial information: (i) concerning suspected proceeds of
crime and potential financing of terrorism, or (ii) required by national legislation or reg-
ulation, in order to counter money laundering and terrorism financing.
The goal of the Egmont Group is to provide a forum for FIUs around the world to improve
cooperation in the fight against money laundering and financing of terrorism and to
foster the implementation of domestic programs in this field. The Egmont Group pro-
vides support to member FIUs in the following ways:
• Expanding and systematizing international cooperation in the reciprocal exchange

of information;
• Increasing the effectiveness of FIUs by offering training and promoting
personnel exchanges to improve the expertise and capabilities of personnel
employed by FIUs;
• Fostering better and secure communication among FIUs through the application of
technology, such as the Egmont Secure Web (ESW);
• Fostering increased coordination and support among the operational divisions of
member FIUs;
• Promoting the operational autonomy of FIUs;
• Promoting the establishment of FIUs in conjunction with jurisdictions with an
AML/CFT program in place, or in areas with a program in the early stages of
development.
33
CORRESPONDENT BANKING ACCOUNTS PAYABLE-THROUGH ACCOUNTS

This is a bank service by which a bank in other geo- Sometimes, a correspondent bank allows the
graphic locations, often called the ‘respondent customers of a foreign bank to conduct trans-
bank,’ is allowed to establish an account at the cor- actions for themselves through accounts called
respondent bank through which payable-through accounts. These types of rela-
tionships are fraught with dangers for the corre-
it may conduct specific transactions. Many banks spondent account for various reasons. For exam-
have multiple correspondent accounts around the ple, the local bank may lack knowledge about the
world, which allows them to conduct international foreign bank’s customers and the nature of their
financial transactions for themselves and their transactions. There is also the possibility that the
customers where they have no physical presence. foreign bank may be allowing transactions by its
Large global banks often act as correspondents customers that are prohibited under local law or
for many other banks worldwide. These so-called that the correspondent bank normally does not
respondent banks receive various services through allow to be conducted.
their correspondent accounts, including wire trans-
fers, foreign exchange services, cash management, CONCENTRATION ACCOUNTS
check clearing and other services. Concentration accounts are internal accounts
established to facilitate the processing and set-
Correspondent banking relationships often force a tlement of multiple or individual customer trans-
financial institution to execute the transactions for actions within the bank, usually on the same day.
customers of another bank. Thus, the correspon- These accounts are also known as special-use,
dent bank provides services for customers which it omnibus, settlement, suspense, intraday, sweep or
has not fully identified or about whom it has no ade- collection accounts. Concentration accounts are
quate knowledge of. Correspondent accounts are frequently used to facilitate transactions for private
also known for the large sums that are involved in banking, trust and custody accounts, funds trans-
the transactions, thus raising the stakes of the host fers and international affiliates.
correspondent bank.
PRIVATE BANKING
It is a best practice for a financial institution to iden-
tify the true owners of a foreign bank that seeks to Private banking is a banking service for wealthy
establish a correspondent account and to examine individuals that provides personalized and often
deeply the account activity that is contemplated for confidential services. It is a lucrative, competi-
the account to protect against money laundering. tive and worldwide industry that has played a
A correspondent account must also guard against role in many major money laundering cases in
the possibility that a third bank may be “nested” in recent years. Private banking fees are often
the correspondent account, conducting improper or based on the size of “assets under management”
illegal transactions with that access. that the customer has deposited with the finan-
cial institution.
It is also a best practice to prohibit the establish-
ment of correspondent accounts for foreign shell ONLINE OR INTERNET BANKING
banks that have no physical presence and are vir- These accounts often offer funds transfers, cash
tual shams that exist only for the convenience of management, bill payment, loans and investment
money launderers and other criminal interests. services. The FATF warns that Internet or telephone
34
banking creates distance between banker and cli- ferred to designated beneficiaries, often in other
ent and lessens the physical contact on which tra- countries. More details on money transmitters will
ditional client identification rests. These services be provided in Chapter 11, Compliance Programs
make it more difficult to detect money laundering and Controls.
because, in some circumstances, normal monitor-
ing cannot be conducted. Online banking, by elimi- SECURITIES BROKER-DEALERS
nating personal contact between the institution and Broker-dealers, in general, facilitate the purchase
the customer, makes it more difficult to know who and sale of securities for individual and corporate
controls an account. members of the public for whom they maintain
accounts. They are subject to significant money
MONEY TRANSMITTERS laundering risks.
These businesses transfer funds for customers by
receiving cash from their clients which is trans-
100 95%
90
80
70
60
Percentage
50
40 35%
30
20%
20 15%
12%
10 4%
1%
0
Financial Money Casinos Trust Law Firms Internet Prepaid
Institutions Service Companies Payment Card
Businesses and/or Systems Providers
Accounts
Sectors and/or Services
PERCENTAGE OF MONEY LAUNDERING CASES INVOLVING THE USE OF DIFFERENT SECTORS .

SOURCE: FINANCIAL TRANSACTIONS AND REPORTS ANALYSIS CENTRE OF CANADA (FINTRAC)
35
NON-FINANCIAL INSTITUTION
MONEY LAUNDERING VEHICLES
As stated above, there are few instrumentalities,
entities, organizations or individuals that do not
pose a risk of being used for money laundering
activities; financial institutions are not the only
avenue for money laundering. The following list
and brief explanations highlight some of the more
important persons, entities and instruments that
should receive scrutiny, particularly by financial
institutions that are asked to open an account rela-
tionship, or commercial entities that are liable under
global anti-corruption rules and regulations.
a certain threshold -- the same as other financial
INSURANCE institutions.
Life insurance and annuities contain the high- DEALERS IN PRECIOUS METALS,
est money laundering risk in the insurance realm. JEWELRY AND ART
Money launderers can purchase insurance policies
and then later redeem them and request the funds Precious metals, jewelry and art have great money
be deposited into a bank account. Insurance policies laundering vulnerabilities because of the way they
with certain characteristics are much more attrac- are traded and bought and sold. Money launder-
tive to launderers than others, including transfer- ers value them in their trade because of their high
able policies and those with a cash surrender value. intrinsic value, convertibility and potential anonym-
ity in transfers.
Also, contracts for annuities may allow the benefi-
ciary, who could be a financial criminal, to exchange POLITICALLY EXPOSED PERSONS
illicit funds for an income stream. Payments from For years, corruption of public officials has been a
annuities are usually made monthly. primary concern of many nations and international
bodies, including some of the principal players in
CASINOS formulating global standards on money laundering.
Casinos generate and receive substantial cash and They recognize that public corruption is a principal
are vulnerable to money laundering via facilities facilitator of financial crime and a destabilizing ele-
they offer to their customers to manage and dis- ment to nations, contributing to poverty, reduced
pose of money. Inserting illicit funds into a gambling social services, and poorer fiscal health. For these
operation and then cashing out the funds as gam- reasons, public officials or Politically Exposed Per-
bling proceeds is a popular method to launder funds, sons (PEPs), are now a focus of public and private
due to the relative anonymity of many gambling sector efforts in the control of money laundering.
venues and the ability to conceal sudden spikes in
income as winnings. Exactly who is considered a PEP can vary based on
the laws and regulations of different jurisdictions.
In many jurisdictions, casinos are required to file Most use some variation on the definition provided
transaction reports, as well as undertake customer by the FATF in its 40 Recommendations.
identification procedures, for bets or proceeds over
36
• Foreign government officials, such as heads of with substantial extraterritorial reach. Often, that
state, legislators, judicial or military officials, reach is augmented by the simultaneous enforce-
officials in political parties, or other more senior
appointed officials
• Officials at state-owned enterprises, such as a THE ODEBRECHT
government-controlled oil company executive or
CORRUPTION SCANDAL
administrator of a state-run health system
• Domestic government officials such as heads In March 2014, federal law enforcement
of state, legislators, judicial or military officials, agents in Brazil were pursuing an investiga-
officials in political parties, or other more senior tion into an alleged money laundering ring
appointed officials when they uncovered a much wider network
• Officials of international organizations – This of corruption and financial crime.
includes non-governmental organizations like
the Red Cross and global sporting bodies like The probe, later dubbed “Operation Car
FIFA, among others Wash,” would expose an enormous brib-
ery scheme involving two of Latin Amer-
• Close associates can include business partners,
ica’s largest companies, the Brazilian
individuals connected through a charity or non-
state-owned oil company Petrobras and
profit venture, or even social connections like an
construction firm Odebrecht.
official’s long-time friends
Odebrecht was revealed to have made over
Not every government employee or official is nec-
$800 million in corrupt payments to govern-
essarily a PEP - the FATF’s definition only includes
ment officials to win contracts and secure
government officials in “prominent positions.” Some
business in twelve countries. Dozens of
countries consider only officials in “prominent posi-
high-level political figures, including the for-
tions” to be PEPs, while others cast a wider net that
mer presidents of Brazil, Peru and Colom-
includes less senior roles. Likewise, whether or not
bia, were investigated for taking funds con-
domestic officials are considered to be PEPs will
nected to Odebrecht.
vary country by country.
The sweeping case ultimately led to a
Some institutions have developed their own inter-
record-setting $3.5 billion penalty on Ode-
nal lists of roles and responsibilities that qualify as
brecht and its petrochemical unit, Braskem
“prominent positions.” This practice can prove useful
S.A from the US Department of Justice
when screening customers for their PEP status, as
and enforcement agencies in Brazil and
required in customer due diligence programs. Chap-
Switzerland.
ter 11 on Compliance Programs will feature more
on this topic.
It is considered one of the largest corrup-
tion scandals in history. It is also a glaring
Apart from that, various nations, particularly the
example of the potential money laundering
United States with its Foreign Corrupt Practices
threat presented by politically-exposed per-
Act (FCPA), the United Kingdom with its UK Bribery
sons, or PEPs.
Act and Canada with its Corruption of Foreign Pub-
lic Officials Act (CFPOA), have enacted legislation
37
ment of the money laundering and other laws in a vide many other legal services. In other countries,
particular case. such as the US and UK, notaries play a much more
limited role, primarily acting as witnesses when
These anti-corruption laws, which are addressed in important documents are signed.
the chapter on global anti-corruption, place greater
compliance pressure on banks and other financial Recognizing the roles and abilities that different
institutions that are the primary focus of money types of gatekeepers possess in your jurisdiction
laundering laws and regulations. Not only may these will help you better identify and assess their risks.
businesses be involved directly in a Foreign Corrupt
Practices Act violation, they may also be implicated,
knowingly or through “willful blindness,” in facilitat- REGULATORY FRAMEWORKS
ing the foreign corrupt payment. FOR GATEKEEPERS
The FATF and certain other international stan-
dard-setting bodies recommend that jurisdictions
THE ROLE OF LAWYERS, impose AML/CTF regulations on gatekeeper roles.
ACCOUNTANTS, AUDITORS,
NOTARIES AND In 2003, the FATF recommended that gatekeepers
OTHER GATEKEEPERS be considered Designated Non-Financial Businesses
The global financial system is not composed of and Professions (DNFBPs), which would make them
banks and other financial institutions alone. A subject to compliance with the regulatory frame-
wide range of facilitators – professionals who work laid out in the 40 Recommendations.
move funds for clients, help manage assets or
interact with financial institutions, provide tax This would generally mean that gatekeepers are
advice, purchase real estate, or form trusts and expected to implement AML compliance control
legal entities – can help open the door to the wider using a risk-based approach, similar to require-
financial system. ments for financial institutions. This includes
the following:
Like financial institutions, they, too, are vulnerable
to being exploited in money laundering and finan- • Implementing customer identification measures
cial crime schemes. These professionals are often • Conducting due diligence on clients and
referred to as “gatekeepers” because they can pro- transactions for AML and financial crime risks
vide “access (knowingly or unwittingly) to various • Reporting on suspicious transactions or
functions that might help a criminal with funds to client activity to their jurisdiction’s financial
move or conceal, per the FATF. intelligence unit
Types of professions considered to be gatekeepers • Maintaining records in the case they are needed
can vary somewhat by jurisdiction – professions can for regulatory compliance or law enforcement
have different abilities, roles and limitations in dif- investigations.
ferent countries.
Not every country has adopted this regulatory
For examples, notaries in many countries with civil framework for gatekeepers. In many Latin Amer-
law systems – such as Latin American countries and ican, Asian and European countries, most gate-
most European countries – can help clients form keeper professions are subject to AML compliance
companies, create trusts, draft contracts and pro- regulations. In the US and Canada, lawyers and
38
other legal professionals have no government-man- obviously be considered higher risk for money laun-
dated regulations, only voluntary standards put dering and financial crime.
forth by industry groups.
By the same token, some gatekeepers would be
ASSESSING THE RISKS OF GATEKEEPERS considered lower risk if they only deal with certain
Gatekeepers are generally considered a medium to types of clients and provide certain low-risk ser-
high risk by banks and other financial institutions vices. If a gatekeeper does not generally provide
that might hold accounts or conduct transactions services that facilitate transactions, hold assets or
with these professions. Certain services provided create or manage legal entities, only has domestic
by gatekeepers are riskier than others, and the clients, and/or interacts with their clients face-to-
types of functions a gatekeeper offers, along with face, then they would generally be considered low-
the geographic reach and the customers served, er-risk than other types of gatekeepers.
will significantly impact the gatekeeper’s AML risk.
One final factor that can impact gatekeeper risk
A 2013 report on gatekeeper risks by the FATF is “professional secrecy.” In many countries, some
assessed SAR/STR filings made by attorneys and gatekeeper roles, such as attorneys, have tradition-
other gatekeepers. It found the most common ser- ally enjoyed a high level of secrecy in their deal-
vices that came up in SAR/STR reports filed by ings with clients. In some countries, this secrecy
gatekeepers: is legally mandated. One example of “professional
secrecy” is the attorney-client privilege in jurisdic-
• Real estate transactions tions, such as the US.
• Formation of trusts
• Formation of companies, and mergers and REAL PROPERTY AND
acquisitions of existing companies MONEY LAUNDERING
• Trust and company services – i.e., acting as a Also known as asset conversion and typically done
trustee or corporate agent during the integration phase of money laundering,
this is the purchase of goods -- typically high-value
Along with the nature of services, the way a gate- and portable items such as gold, precious stones
keeper interacts with clients impacts the risk. Some
factors that increase risk include the following:
• Interfacing with domestic or international

politically-exposed persons (PEPs) and other
high-net-worth clients
• Taking on the role as third parties to financial
transactions
• Being a nexus to high-risk countries
Working with cash-intensive businesses
In summary, gatekeepers that provide higher-risk

services (such as real estate transactions) to high-
er-risk clients (such as international PEPs) should
39
or vehicles. Real estate is also a common target for money-laundering risks, including the receipt of
asset conversion schemes. We will focus on vehicles cash, transactions with the proceeds of illegal activ-
and real property here; precious metals and art are ity, the layering of transactions with the proceeds of
discussed elsewhere in this chapter. financial and other crime, the payment of vehicles
by third parties and more.
REAL ESTATE
Real estate has served as a vehicle to launder crim- MONEY LAUNDERING STRATEGIES
inal proceeds and disguise beneficial owners since As discussed in the introductory chapters, financial
the earliest days of the money laundering era in crime schemes are incredibly varied and diverse,
the 1980s. Criminal proceeds can be funneled to and limited only by the creativity of the financial
real estate transactions through contract deposits, criminal. So, too, are strategies to launder crim-
down payments, mortgages, trust accounts and in inal proceeds. As money laundering can be con-
the construction process. Offshore corporations, ducted through virtually any transaction involving
whose true ownership is nebulous at best, often the exchange of assets or other objects of value, it
serve as the owners of record of real estate. Escrow would be impossible to fully outline all money laun-
funds maintained in escrow accounts that are pur- dering strategies here.
portedly destined for legitimate expenses in a real
estate transaction may actually be something else. There are, however, methods that remain consis-
Escrow accounts are vulnerable to money launder- tently and globally popular with money launderers,
ing because of the many transactions that are con- and several are briefly outlined here. Many of these
ducted through them by the various parties that are described in more detail in other chapters of the
are involved in the transaction, including attorneys, manual. Where that is the case, the chapter is given.
title insurance agents, inspectors, bank mortgage
officers, appraisers and others. INTERNATIONAL TRADE PRICE
MANIPULATION
VEHICLES For more than 20 years, well-respected aca-
Many money laundering cases worldwide have demic studies have shown that the over-pricing
involved businesses that sell or trade various types or under-pricing of imports and exports in inter-
of vehicles, including automobiles, boats, airplanes national trade facilitates money laundering, and
and motorcycles. These businesses confront many other financial crimes, including fraud, corruption
40
and tax evasion. This is commonly called “trade- These smaller deposits can then be transferred and
based money laundering,” and remains a popular consolidated into a single account. Smurfing can be
method to conceal illicit proceeds and move them difficult to detect because there is frequently no
across international borders. Commodities that are apparent connection between the various accounts
to be shipped may be falsely priced in the shipping and deposits involved.
documents as higher or lower to accommodate the
direction in which the money launderer wishes to STRUCTURING
move the money. To provide the trade transaction Structuring is a close companion to smurfing.
with an air of legitimacy, the money launderers may Structuring involves splitting up funds into multi-
choose to use a financial institution to obtain trade ple deposits below certain thresholds to avoid trig-
financing and the documentation that goes with it. A gering reporting requirements. Most jurisdictions
more thorough examination of trade-based money have imposed regulations requiring many types of
laundering can be found in Chapter 10, Money and financial institutions to report transactions above a
Commodities Flow. certain amount. In the US, for example, institutions
are required to file a Currency Transaction Report
BLACK MARKET PESO EXCHANGE (BMPE) (CTR) for deposits above $10,000. Structuring of
In simple terms, this is a process by which money deposits aims to avoid this reporting requirement
derived from illegal activity in one country is pur- and escape detection of federal authorities.
chased by peso brokers, who sell currency or mon-
etary instruments to legitimate businesses. This In many jurisdictions, structuring is illegal in and
method is also widely used for legitimate purposes of itself, and institutions are required to monitor
in many countries, including Colombia. A more for patterns of deposits that indicate structuring is
thorough description of BMPE, as it is commonly taking place.
known, is available in Chapter 10, Money and Com-
modities Flow. BULK CASH SMUGGLING
Criminal operations, such as narcotics or human
PREPAID CARDS AND E-CASH trafficking, often generate large amounts of hard
Smart cards are an ever-present money laundering currency. In order for this cash to be concealed,
threat because they store value in electronic form placed within the financial system or utilized by a
that serves as the equivalent of currency. Some financial institution, it often must be smuggled
countries allow prepaid, or “smart” cards, to carry into another jurisdiction. This is referred to as bulk
unlimited value, while others place monetary limits cash smuggling.
on them. More on prepaid cards, virtual currencies
and other evolving payment systems can be found While the term is sometimes used to describe the
in Chapter 10, Money and Commodities Flow. movement of large amounts of cash within a juris-
diction, typically bulk cash smuggling takes place
SMURFING across national or jurisdictional boundaries. Many
Smurfing, which is sometimes called structuring, is jurisdictions have laws prohibiting bulk cash smug-
a well-known money laundering method that is con- gling, as it can violate reporting requirements for
sidered a crime in most countries. Smurfing involves cross-border currency transactions above a cer-
dividing illegal proceeds between multiple persons, tain threshold.
known as “smurfs,” who then make multiple depos-
In one example of a typical bulk cash smuggling
its into many separate accounts, often at different
operation, money from the sale of narcotics is
institutions, to avoid reporting thresholds.
41
collected and sorted in a central location. Smaller ations conducted by Mexican drug cartels. Conse-
bills are exchanged into larger bills, which are then quently, US enforcement agencies have assembled
packed for transport. Once prepared, the cash can the following list of red flags for bulk cash smug-
be moved across the border in a variety of ways. It gling to help financial institutions spot the activity:
may be carried across in multiple small shipments • An increase in the sale of large denomination
by cash mules crossing illegally or legally, hidden in notes from a financial institution in one
personal luggage or vehicles. It may be packed in jurisdiction to another institution in a bordering
with consumer, industrial or agricultural goods and jurisdiction
shipped commercially. Sophisticated criminal gangs
may use surveillance and intelligence-gathering • Large volumes of small denomination notes
operations to help cash shipments move across the being sent by currency exchange houses in
border successfully. one jurisdiction to their accounts at a financial
institution in another jurisdiction, or sold by the
Regardless of the methods, bulk cash smuggling exchange directly to an institution in another
operations can involve financial institutions in mul- jurisdiction.
tiple jurisdictions at several steps during the pro-
cess, either to obtain high-denomination currency Large volumes of small denomination notes
in exchange for smaller bills or to ultimately place being exchanged for large denomination notes at
the smuggled cash. The border between the US and an institution
Mexico is a prominent location for smuggling oper-
$3 Million in US Currency Seized by Law Enforcement in the US City of San Diego as Part of an Effort Targeting Bulk Cash
Smuggling. SOURCE: US Customs and Border Protection
42
CASH-INTENSIVE BUSINESSES STRUCTURES THAT HIDE

By the nature of their business models, certain busi- BENEFICIAL OWNERSHIP
ness organizations pose greater money laundering Beneficial ownership is a key concept in the finan-
challenges than others for the simple reason that cial crime field. In simple terms, a beneficial owner
they principally operate in currency. Since the princi- is someone who ultimately controls and enjoys
pal attractiveness of currency to money launderers is the benefits of an asset without being the nominal
that it leaves no trail, businesses that operate in cash, owner of that asset. A person or group can be the
such as restaurants, privately owned ATMs, vending beneficial owner of a financial account, security,
machine companies, retail stores and casinos merit physical property or nearly any other asset. A more
special scrutiny for money laundering activity and complete discussion of beneficial ownership, espe-
should be considered high risk by financial institutions. cially as it relates to financial accounts, can be found
in Chapter 11, Compliance Programs and Controls.
Another scheme prevalent in cash-intensive busi-
nesses is blending. This involves using a legitimate Beneficial ownership of assets and accounts allows
business to mingle illicit funds with legitimately-de- financial criminals to control illicit funds, assets or
rived proceeds. Often, the business is complicit in property while obscuring the criminal’s connection
the laundering scheme, or is wholly owned or cre- to them and distancing the proceeds from their
ated by the launderer. source. Most sophisticated financial crime schemes
will take advantage of one or more mechanisms and
LENDING structures to conceal the perpetrator’s beneficial
Loans extended by a financial institution for any pur- ownership of criminal proceeds. Several of the more
pose, including real estate financing, business loans common ones are described below.
and other extensions of credit, have their own money
laundering vulnerabilities about which financial insti- SHELL COMPANIES
tutions and other businesses should be aware. Due Shell companies have no physical presence, nor-
diligence procedures following internal risk-based mally have concealed owners, and sometimes proj-
approaches should be applied to the parties involved ect the image of being a solid, normal business with
in a loan, including the ultimate beneficiaries, as well funds that are legitimate. For the most part, they are
as to the use and application of the loan proceeds. companies that exist only on paper. They can hold
Financial institutions and others that extend credit bank accounts and conduct financial transactions
should be particularly alert to the money laundering while providing no signs that they are a shell. Shell
possibilities that arise from the collateral that is pro- companies usually conduct no business themselves.
vided by the borrower for the loan.
There are many legitimate reasons to form a shell
Money launderers also make loans among complicit company. In some instances, shell companies can
entities, usually combined with other mechanisms make it easier to invest overseas, help shield a com-
like offshore accounts, legitimate businesses and pany from liability, or transfer profits to reduce
shell corporations, loans and financing arrange- taxes in a way that is completely legal.
ments. This can allow launderers to integrate large
amounts of funds. In one example, a launderer could However, many characteristics of shell companies
set up a shell corporation and a legitimate business. also make them highly attractive to financial crim-
The launderer can then make a loan to the legit- inals. Typically, they are easy and inexpensive to
imate business from the shell corporation, using incorporate, and, in many jurisdictions, they can be
illicit funds. established anonymously through attorneys and
43
third parties called “company formation agents.” In most useful leads for unearthing beneficial owners
some jurisdictions, shell companies can be formed behind shell companies in criminal investigations.
online through company formation agents and
with little to no information collected on the ben- SHELF COMPANIES
eficial owners behind the shell company, for less A similar concept to a shell company, the shelf com-
than $1,000. pany is a corporation that has no activity or busi-
ness. The name refers to how these companies are
Most importantly, shell companies are an anony- formed and then left to “age,” or are “put on a shelf.”
mous, or at least concealed, vehicle to access the Some shelf companies may be completely inactive
international financial system. To further obscure for years before being sold off to a buyer.
ownership, many financial criminals will operate
through layers of shell companies, which can make There are a number of reasons why buyers may
it very difficult to trace funds or assets back to the want to purchase a shelf company, and some are
ultimate owner. completely legitimate. In many jurisdictions, it is
simply easier to purchase a pre-existing company
Consequently, shell companies have become a than to set up a new one.
fixture of financial crime schemes of all varieties.
Almost any sophisticated money laundering, fraud In other cases, a businessperson may have an easier
or corruption operation involves at least one shell time gaining interest from investors, securing loans
company at some point the process. Historically, or winning government contracts with a company
certain nations and jurisdictions have become pop- that appears to have been in business for several
ular locations to form shell companies. There is years. However, those same qualities of apparent
often an overlap between these jurisdictions and legitimacy and longevity are what make a shelf cor-
those labeled as “secrecy havens.” poration appealing to financial criminals.
Discerning beneficial owners behind shell corpo- NOMINEES

rations can be very difficult when conducting due
A nominee is a person, company or entity into
diligence or investigations. One potential source
whose name assets, securities or property is trans-
of information is the corporate registry for a given
ferred, while leaving another person or entity as the
jurisdiction, many of which are accessible online.
real owner. Nominee accounts are common among
The information that can be obtained from such
securities broker-dealers, who can hold securities
registries varies substantially between jurisdictions,
for their customers and trade them much more eas-
but it can include details such as the company name,
ily. Like all the structures listed here, nominees can
the name of the company formation agent, com-
be used for legitimate purposes. A nominee’s abil-
pany directors or board members, and sometimes a
ity to conduct transactions at a distance from the
physical address for the company.
owner of assets, however, makes nominees a use-
While this information may not be particularly ful avenue for money laundering, particularly in the
revealing in and of itself, it can provide leads that later stages like layering and integration.
can be useful for discovering the company’s true
owner. A 2012 survey of law enforcement agencies FRONTS
in the European Union, for example, found that com- In general terms, a front is a company or organiza-
pany directors and shareholders were some of the tion that is established and controlled by another
company or entity but that gives the impression it is
44
not affiliated or connected to the entity controlling the bankers settle their transactions. Hawala is
it. In the financial crime context, fronts are often attractive to money launderers because they leave
seemingly legitimate businesses with a physical a slight audit trail and the identities of the custom-
presence and actual operations, but whose primary ers who receive the funds are known only by the
purpose is to launder criminal proceeds. An exam- “bankers.” More information about ITVS will be pro-
ple is a restaurant formed by an organized crime vided in Chapter 10.
ring that, while open for regular business hours and
serving customers, mainly exists to take in money CHARITIES AND NONPROFITS
from narcotics trafficking. Charities and other nonprofit organizations can
also serve as money laundering vehicles. They have
TRUSTS access to significant funding sources, often have a
Trusts are legal entities created by a “settlor” to presence worldwide, and, in some jurisdictions, are
manage property for a beneficiary. The settlor subject to little regulation. Moreover, “donors” can
transfers property that he owns to the trust. This often make contributions to charities anonymously,
property is managed by a trustee according to the providing a convenient vehicle to launder funds or
terms described in the trust. Trusts can be mis- move money across borders.
used for hiding money and hiding the identity of the
true beneficiary. Trusts are convenient vehicles for In recent years, charities and nonprofit organiza-
money laundering and usually permit payments to tions have emerged as a significant risk for terror-
beneficiaries that could disguise money laundering. ist financing, as well as corruption. Corrupt officials
Usually, the payments need not be explained or jus- will sometimes request that bribes be paid to char-
tified. The trustees are often lawyers who hold the ities under their control, as will be discussed fur-
assets in trust for others. ther in later chapters. Terrorist organizations will
also use charitable operations as covert fundraising
BEARER BONDS AND SECURITIES operations to gather funds from supporters over-
These are convenient tools of money launderers seas. Many of the same red flags of money laun-
because they belong to the person who carries dering discussed previously also apply, such as in
them, thus the name “bearer.” Bearer shares are these examples:
transferred by a physical delivery from one per-
son to another. • Charities and nonprofits that conduct wire
transfers to countries where they have
HAWALA AND INFORMAL VALUE no operation
TRANSFER SYSTEMS • Charities and nonprofits that operate in high-
Hawala and other underground banking procedures risk countries
are often called informal value transfer systems • Charities and nonprofits with a vague
(IVTS). They are most popular with persons from description of their purpose and services
Africa and Asia and involve the transfer of value • Charities and nonprofits that have no obvious
outside the regular banking system. These informal physical presence or operate from a P.O.
value transfer systems have existed for centuries
and facilitate the secure movement of funds. Per- • Box would both be potential money launderers.
sons who wish to send funds to relatives in another
country place funds with a hawala banker. For a fee,
the banker arranges for the funds to be available
from another “banker” in another country. Later,
45
CORPORATE REGISTRIES • Date of the company formation, and date

Corporate registries collect and store information when the company was dissolved, if no longer
pertaining to corporations and other legal entities in existence
created within a given jurisdiction. They are typically • Articles of incorporation and other company
maintained by a government agency or department. formation documents, such as bylaws
Depending on the jurisdiction, there may be a single • A physical address of the corporation, or
registry for an entire nation, or multiple registries address of the company formation agent
for different states, regions or cities.
• Name and address of a registered agent
As storehouses for corporate information, regis- for the company
tries serve several functions. They record the cre-
ation or incorporation of a new legal entity, collect Roughly half of the jurisdictions surveyed also
information on that entity as required by the laws had the following information in their corpo-
and regulations of their jurisdiction, and typically rate registries:
make certain information about legal entities • Names and addresses of the legal entity’s
available publicly. Registries exist to identify enti- directors or officers
ties for tax purposes and allow other companies • Names and addresses of the shareholders,
and financial institutions to collect information on members or other legal owners of the
the corporations and legal entities they are doing legal entity
business with.
One very significant piece of information was miss-
Due to the widespread presence of corporations, ing from almost all corporate registries – the bene-
both legitimate and illegitimate, in financial crime ficial owner or owners of the legal entity. Only one
schemes, corporate registries are key sources of jurisdiction, Jersey, required this information to be
information in investigations, enforcement actions supplied at the time of entity formation. This fact
and due diligence. As mentioned, however, the qual- points to the shortcomings of corporate registries
ity and type of information that can be obtained as a resource for financial crime investigations.
from corporate registries varies substantially
between jurisdictions. More recently, some nations have taken steps to
address the lack of beneficial ownership informa-
In 2011, the World Bank conducted a global study of tion in corporate registries. The European Union’s
corporate registries to determine the information on 4th and 5th AML Directives, instituted in 2017,
legal entities could be found. The full report, based require EU member states to implement registries
partly on that study, is titled “The Puppet Masters.” that collect beneficial ownership information. In
It is a useful resource for all financial crime profes- 2016, the United Kingdom began requiring many
sionals and can be found here: http://star.world- types of legal entities to list their beneficial owners
bank.org/star/publication/puppet-masters. at the time of formation in its national corporate
registry. Despite this progress, beneficial owner-
Of the 40 jurisdictions surveyed, the World Bank ship information is still unavailable directly from the
found the following information was usually avail- registries of most jurisdictions, including the US.
able from the corporate registry:
• The name and type of the legal entity Further compounding the difficulties of corporate
registries as an investigative source is the fact that
information in them can often be outdated and inac-
46
curate. Many corporate registries are not updated THE US MONEY LAUNDERING LAW
on a regular basis, and most do not conduct due
Because it is one of the oldest and most powerful
diligence on the information provided, instead rely-
of its kind in the world, it is helpful to study the pro-
ing on the person or company registering the legal
visions of the US money laundering law. Enacted
entity to provide accurate and true information at
in 1986, the US law has a specific “extraterritorial”
the time of incorporation.
provision which, at the time of its enactment, was
unique for its far-reaching applicability.
Despite these weaknesses, registries can be a valu-
able starting point in an investigation. Information
This US law is proof that money laundering is a part
obtained from them, such as the names and contact
of all financial crimes. Anyone who works in finan-
details for registered agents or shareholders, will
cial crime should understand the architecture and
typically require further investigation and verifi-
“extraterritorial” reach of this law, which carries a
cation before the true owners behind a legal entity
maximum penalty of 20 years in prison. It can be
can be discerned.
applied to anybody, for virtually any transaction or
activity related to a crime, anywhere in the world.
Many jurisdictions have national or regional reg-
The US uses it often against fraudsters, tax evad-
istries that can be publicly accessed online. Addi-
ers, persons engaged in foreign corrupt practices
tionally, a number of international bodies maintain
and other financial criminals. The law’s more than
websites that can either be used to find corporate
220 “specified unlawful activities (SUA)” are a pre-
registry information directly, or have links to corpo-
requisite to prosecution and a catalogue of financial
rate registries of various jurisdictions. Names and
crimes. These are also known as predicate offenses.
links to these organizations and regional registries
The law permits government civil actions and the
are provided below. In the US, corporate regis-
appointment of “federal receivers” by US judges
tries are maintained at the state level, and can be
to pursue stolen assets worldwide, armed with US
accessed by searching online for the registry of a
government financial data and assistance from US
given state.
treaty partners.
• International Association of Commercial
The law may be used only if the proceeds of at least
Administrators (IACA)
one designated underlying crime are present in the
http://www.iaca.org/
laundering transaction. Without the proceeds of at
• Corporate Registers Forum (CRF) least one of more than 200 SUAs, no prosecution
http://www.corporateregistersforum.org for money laundering can proceed.
• European Business Register (EBR)
http://www.ebr.org/section/4/index.html It is important to note that not all the listed SUAs
are US crimes. Certain foreign crimes are included
• European Commerce Registers’ Forum
among the SUAs and may serve as the basis of a
http://www.ecrforum.org/
prosecution if their proceeds are part of a US trans-
• Association of Registrars of Latin America and action or are conducted with a US entity.
the Caribbean (ASORLAC)
http://www.asorlac.org/ingles/portal/ The law asserts “extraterritorial jurisdiction” if the
default.aspx “conduct … is by a US citizen or, in the case of a
non-United States citizen, the conduct occurs in
47
part in the United States” and more than $10,000 • Procure goods and supplies
is involved. • Fund other ongoing operations
The SUAs include virtually every US crime that pro- By that same token, money is the terrorist organi-
duces money or an economic advantage, including zation’s weak point. By helping to identify and cut
fraud, corruption, bank fraud, copyright infringe- off these funding sources, financial crime profes-
ment, embezzlement, export violations, illegal gam- sionals play a critical role in combating terrorism.
bling, racketeering and even environmental crimes.
In most jurisdictions, terrorist financing is cov-
The SUAs include some foreign crimes, such as brib- ered by the same legal framework established by
ery of a foreign official, embezzlement from a gov- anti-money laundering laws and regulations. This
ernment, “misappropriation, theft, or embezzlement means that customer due diligence, monitoring and
of public funds” by a foreign official, fraud against a reporting related to terrorist financing risk are an
foreign bank, extortion, narcotics offenses, kidnap- essential part of an anti-money laundering compli-
ping and robbery. They also include violations of the ance program.
Foreign Corrupt Practices Act and the Trading with
the Enemy Act. By including violations of the For- Like other money launderers, terrorist financiers
eign Corrupt Practices Act, the money laundering have shown considerable resourcefulness and
law raises the specter that a company or an individ- adaptability in the ways they move funds and con-
ual could be accused of both offenses simultane- ceal their financial activities, utilizing many of the
ously. Each violation is deemed to stand on its own. same channels and methodologies as other finan-
cial criminals.
It is also possible for an individual or company to
violate the money laundering law when conducting In one example, the director of the Financial Crimes
transactions with nations, organizations and indi- Enforcement Network, the national financial intelli-
viduals that are subject to sanctions by the US or gence unit for the US, stated that nearly 20 percent
other countries. of international terrorism cases being investigated
by the FBI in 2014 had related Suspicious Activity
Reports and Currency Transaction Reports associ-
TERRORIST FINANCING
ated with them. This reporting helped further inves-
Detecting and preventing the movement of funds tigations connected to the self-styled Islamic State,
tied to terrorism is one of the most important Al-Qaeda and other terrorist groups.
and challenging components of anti-money laun-
dering compliance, investigations and enforce- Consequently, activity detected and reported
ment. In some cases, it can literally be a matter of through AML compliance programs can be critical
life and death. to support law enforcement efforts against terror-
ist groups. This section examines terrorist financing
Money is essential to terrorist organizations, and models, methods to conduct transactions, emerg-
not only for carrying out attacks. Terrorist groups ing risks and red flags of transactions potentially
need financing to accomplish the following: linked to terrorism.
• Recruit new members, and pay
existing members
• Create and disseminate propaganda
48
FUNDRAISING MODELS OF by terrorist organizations, or may be attempting

TERRORIST FINANCING to use these organizations to further their own
Traditionally, terrorist financing relied on raising ends. In some cases, financial support comes
funds from various backers, moving them through directly from government agencies, such as
legitimate and underground financial networks, and security forces or intelligence agencies. In other
ultimately dispersing them to terrorist organiza- instances, the financing flows more indirectly
tions or cells. This fundraising was, and still is, often through wealthy and influential individuals
conducted in other countries to be funneled to ter- connected to governments, political parties or
rorist groups operating overseas, especially in con- ruling families, though it may still be sanctioned
flict regions. by the state.
Fundraising could come from a variety of sources: These fundraising models can pose a unique chal-
• Individual contributors, ranging from small lenge to detection and prevention not necessarily
amounts from low-level backers on a one-off shared by other forms of money laundering. The
basis to larger and more consistent funding funds flowing to terrorist organizations may be
streams from wealthy individuals. legally derived, at least in the initial steps.
• Nonprofits, charities and foundations, ranging For example, an individual “donor” employed in
from radicalized religious organizations and the UK may withdraw a small portion of his legiti-
their followers to sham charitable groups that mate monthly paycheck in cash, and use it to send a
act as fronts for terrorist funding. In some money order to a family member overseas.
cases, nonprofits may have some legitimate
operations and unwitting donors, while From one perspective, this transaction seems like a
skimming funds off for terrorist organizations. fairly routine remittance payment. Unknown to the
In other instances, nonprofit services may be financial institutions involved, the family member
misused to support terrorist groups, helping receiving the money order is then passing the funds
them with recruitment, supplies or other forms along to an associate of a terrorist organization.
of assistance. These types of transactions emphasize the need for
Not surprisingly, studies by the FATF have robust monitoring typologies and a keen awareness
found that non-profits providing services of the geographic risks associated with payments
within areas that have active terrorist of all sizes.
organizations are most vulnerable to misuse
by terrorist financiers. Nonprofits involved in Another challenge arises when terrorist groups
humanitarian services in conflict regions are sometimes use funding to provide social goods and
also at higher risk. services. A terrorist organization may fund a school
or a medical facility in a region where they operate,
• Legitimate businesses, operated or controlled
for example.
by the associates of terrorist organizations.
These may act as fronts to accept funds
This may be done as a recruitment tool, to gain
directed to the organization or have a portion
support of the local populace, or as a cover for
of their legitimately-derived revenues
illicit activities. These social services organizations
redirected to terrorist groups, or some
may open bank accounts, receive payments and
combination of the two.
conduct their own seemingly legitimate financial
• Nation-state backers, which may be transactions.
ideologically aligned with the causes espoused
49
SELF-FUNDING THROUGH sion of Hezbollah on money laundering charges. The

CRIMINAL ACTIVITIES four operatives were reported to be working with
Although the fundraising-based model of terrorist South American drug cartels, using Hezbollah’s
financing remains prevalent, terrorist organizations international network of members and financiers to
are increasingly turning to large-scale criminal move cocaine and other drugs to European markets,
activities to self-finance their operations. and launder the proceeds on behalf of cartels.
Terrorist organizations, such as the Taliban and This blurring of the lines between transnational
Al-Qaeda, are engaging in transnational drug traf- organized crime and terrorist financing should
ficking and human trafficking to raise funds. Others, encourage compliance professionals and law
such as the Islamic State and Boko Haram, are con- enforcement to dig even deeper when conducting
ducting massive extortion schemes in controlled investigations or reporting suspicious money laun-
territories and by the theft of commodities like oil dering activity.
and gas. Trafficking in stolen antiquities, illegal
wildlife and assets like gold and precious metals are METHODS TO CONDUCT
also lucrative funding outlets in recent years. TERRORIST FINANCING
Like others in the money laundering space, terror-
These activities and the financing streams they ist financiers generally weigh several factors when
generate bring terrorist groups more in line with determining how to move funds and conduct trans-
the operations of traditional organized crime, lead- actions, regarding their speed, certainty, expense
ing terrorist organizations to adopt similar money and risk of detection.
laundering methodologies – from complex corpo-
rate structures to trade-based laundering. Ideally, financiers want a high degree of speed and
certainty, and low degree of expense and risk. How
Many experts have also noticed another worrying this translates into transaction methods can change
trend – increased levels of coordination between greatly based on a terrorist organization’s circum-
terrorist organizations and transnational organized stances and geographic region.
crime rings unaffiliated with any ideological or reli-
gious cause. These relationships are usually profit- For example, sending $50,000 through a wire trans-
able matters of convenience, driven by overlapping fer might seem to be faster and more certain than
territories, activities or goals. using a cash courier to move funds overseas. But for
a Taliban cell operating out of a remote area of rural
Observers have noted a particularly strong connec- Pakistan, accessing the banking system might be
tion between narcotics cartels and terrorist orga- more difficult and prone to detection than sending
nizations. In Afghanistan, the Taliban has long sup- someone to physically transport the cash.
plied narcotics cartels in Eastern Europe, Southeast
Asia and other regions. In 2012, a United Nations TERRORIST FINANCIERS USE A
assessment found that a third of the Taliban’s esti- VARIETY OF METHODS:
mated $400 million budget came from the produc- Cash couriers or mules. Physical transportation
tion and trade of poppies, the precursor ingredient of currency has long been a fixture in terrorist
in heroin and opium. financing schemes. Despite the risk of detection,
cash couriers can circumvent the monitoring and
More recently, in 2016, the US Drug Enforcement reporting that might be triggered by moving funds
Agency arrested several members of a militant divi- through the formal financial system. Couriers can
50
also be very useful in the conflict zones or underde- Manual. Hawala is one of several informal systems
veloped regions where terrorist groups frequently around the world, such as Fei Ch’ien or “Flying
operate because cash is often the only means to Money” in China.
conduct transactions.
Although they have existed for hundreds of years,
In more recent years, “foreign terrorist fighters” hawala systems came under greater scrutiny after
traveling to support terrorist groups have become the September 11th terrorist attacks in New York
another type of cash courier. Residents from other in 2001. Investigations in the wake of that attack
countries traveling to conflict zones to militarily found that Al-Qaeda routinely used hawalas as one
support terrorist groups, often referred to as for- of their primary transaction methods.
eign fighters, are not a new phenomenon.
More recently, an attempt to bomb Times Square
However, after the Islamic State launched its cam- in New York in 2010 was bankrolled through hawala
paign to form a so-called “caliphate” and actively transactions. The would-be bomber, located in
courted foreign supporters to travel to its territory, Connecticut in the US, received two payments
the number and volume of FTFs increased. Rising of about $5,000 and $7,000 transmitted from a
incidences of online recruitment and radicalization Taliban-linked organization in Pakistan through
have also boosted the numbers of FTFs. hawaladars in Massachusetts and New York.
Many foreign fighters traveling to support Al-Qaeda, Money services businesses. Money services busi-
the Islamic State and other groups in Syria and Iraq nesses include a wide range of businesses, such
brought currency with them. In some cases, these as currency exchanges, check cashers and money
funds made up a substantial portion of a terrorist transmitters. While MSBs are covered by the same
group’s budget. AML regulatory requirements as other financial
institutions in most jurisdictions, many do not hold
Hawala networks and other informal value trans- accounts for customers, and often have fewer
fer systems. Methods for moving funds that exist opportunities to conduct in-depth customer due
outside of the formal financial system, hawalas diligence or develop detailed customer profiles that
are described in more detail in other parts of this could help detect suspicious transactions.
Combined with the fact that many accept cash in the

initial stages of transactions, this can make them
vulnerable to use to by terrorist financiers. Larger
money transmitters often have tens of thousands of
agents all around the world, with a global reach that
is unmatched by even the largest banks.
Terrorist financiers will sometimes exploit MSBs to

raise funds under the cover of remittance payments
from immigrant communities located in other coun-
tries. In recent years, fundraisers for the terrorist
group Al-Shabab in Somalia have attempted to raise
funds using small payments from various Somali
immigrant communities in the United States.
51
Unlicensed MSBs are also common in many coun- Some terrorist groups have also utilized gold, dia-
tries. These may operate with minimal record-keep- monds and other precious metals and stones as a
ing and little to no customer due diligence, increas- means of financing. Precious stones, in particu-
ing their attractiveness to terrorist groups. MSBs lar, are high-value assets that can be easily trans-
can often move funds rapidly and at low cost, with ported, concealed and converted into currency in
cash available to recipients in a matter of hours. another jurisdiction. Many countries in the Middle
East and Asia have thriving gold markets, mak-
Banks. Despite the level of scrutiny and attention ing it easy to transfer gold into cash and less
paid to terrorist financing within the banking sector, likely that large transactions in gold will seem
depository institutions, such as banks and credit out of place.
unions, can still be vulnerable to terrorist financing
transactions. Prepaid and stored-value cards. In 2015, a group
of individuals paid for hotel rooms in Paris using
Counter-terrorist financing controls are not con- prepaid cards. The next day, these individuals car-
sistently applied in every jurisdiction or at every ried out a terrorist attack on the Bataclan nightclub
institution. Terrorist financiers have been known to and surrounding areas in the city that left 130 dead
exploit correspondent accounts held by institutions and many others injured.
with weak controls to move substantial amounts of
funds. In less common but notable cases, financiers This incident raised the scrutiny on prepaid cards
have essentially taken over compromised banks to as a tool for financing terrorist attacks. Stored-
hold funds or conduct transactions. value cards that are rechargeable or tied to an
account often require more rigorous due diligence
Like other forms of money laundering, terrorist and monitoring of customer usage. However, low-
financing can stay under the radar by utilizing small er-value cards that cannot be reloaded and are
transactions, or seemingly legitimate transactions, often purchasable in cash are still available in many
between individuals or business entities. In one jurisdictions, with few to no restrictions on who
older but still notable example, the September 11 purchases them.
attacks were largely financed by transactions that
moved through large regional and international US Because they are highly portable and easy to con-
banks headquartered in the US. ceal, prepaid cards may be a viable funding method
for some smaller-scale terrorist attacks. Recently,
Trade-based money laundering and commod- the European Union tightened regulations on pre-
ities movement (TBML). With terrorist groups paid cards to reduce the dollar threshold of cards
moving closer to transnational organized crime that could be purchased without customer identifi-
in their operational structure and activities, their cation and documentation.
increased use of trade as a money-launder-
ing vehicle is no surprise. TBML offers the abil- EMERGING RISKS AND
ity to move large amounts of funds across bor- TERRORIST FINANCING
ders, and, although governments have boosted Like all financial criminals, terrorist financiers will
efforts at trade transparency, the risk of detect- exploit any and all methods available to obtain and
ing suspicious trade transactions remains low in move funds. This includes new payment systems,
many countries. online tools to solicit donations and fraud schemes
to raise funds, among other mechanisms.
52
In the UK, individuals supporting terrorist groups

have used “vishing” frauds to finance their own
travel to Syria and other conflict zones, or fund oth-
ers. The fraudsters call target victims on the phone
purporting to be bank officials or law enforcement,
and convince victims their accounts were some-
how compromised. The victims, often elderly adults,
are directed to transmit funds into the fraudster’s
account, or provide cash directly to a courier who is
sent to pick it up.
Once received, the fraudsters used MSBs and sent

small transactions under the reporting limit to
transmit funds to Middle Eastern countries.
To date, assessments by law enforcement and
national financial intelligence units have found lim- SOCIAL MEDIA, ONLINE
ited cases in which terrorist groups are using these CROWDFUNDING AND FINTECH
newer methods to raise or transmit funds, usually in
small amounts. For the time being, use of the formal Social media sites, such as Facebook, Twitter and
financial sector, self-funding through criminal activ- Instagram, have provided an unprecedented global
ities, and techniques such as TBML still appear to platform for terrorist groups to recruit, radicalize
be decidedly more widely used. and self-promote.
However, as new tools and techniques become more Groups and individuals affiliated with terrorist orga-
mainstream, it is likely that terrorist financiers will nizations have also used social media as a straight-
exploit them with increasing regularity. forward fundraising tool, posting calls for donations
with wire transfer coordinates or account informa-
FRAUD SCHEMES tion for funds transfers on Facebook, for example..
In other instances, fundraisers might use postings
Members of terrorist groups and their backers on social sites to attract interest, then follow up
have been known to use a variety of different fraud with potential donors using more private and secure
schemes to support themselves or raise funds. In messaging applications.
some European countries, sympathizers and mem-
bers of terrorist organizations have used fraudulent In the wake of the San Bernardino terrorist attack
tax refund applications and government benefits to in the US in December 2015, it was widely reported
raise funds. They have used credit cards obtained that the attacker had obtained a personal loan from
through stolen identities. an online peer-to-peer lending service. Although
there was not a direct line between the loan and the
In one example, a group of individuals in Spain funding needed to carry out the attack, the incident
faked traffic accidents and filed fraudulent insur- still raises concerns over how a subset of new “fin-
ance claims in an effort to raise funds for FTFs trav- tech” services could be used for terrorist financing.
eling to support the Islamic State and for another Peer-to-peer lenders may be less well-versed in CTF
group called the Movement for Unity and Jihad in compliance and less regulated than other types of
West Africa. financial institutions.
53
Organized crowdfunding sites have also been mis- LONE WOLVES AND SMALL-
used by those seeking to fund terrorism. Crowd- CELL TERRORISM
funding sites enable individuals to quickly and In recent years, the rise of so-called “lone wolf” and
easily set up a fundraising page and start solicit- small-cell terrorists have posed a new and troubling
ing donations, possibly under false pretenses or in issue for financial institutions and law enforcement.
the name of sham nonprofit organizations. In some
cases, donors may not be aware their contributions Historically, many terrorist plots have typically
are funding terrorism. required multiple participants, a degree of coordi-
nation with supervisors or superiors and technical
DIGITAL CURRENCIES skills, such as bombmaking. Lone-wolf or small-cell
Some individuals have gone beyond payment cards attacks involve one or a handful of participants, and
and bank transfers, making the leap to digital usually rely on readily available weapons or tech-
currencies to solicit funds for terrorist organiza- niques. Attackers may be self-motivated by online
tions online. propaganda, or have only limited contact with han-
dlers from terrorist organizations.
In 2015, the US arrested an Islamic State backer
named Ali Shukri Amin for using Twitter to spread For these reasons, lone-wolf attacks have low fund-
information on how to use bitcoin to fund the tering needs and create only a small financial footprint,
rorist group, in part by sharing an article Amin had with transactions that can be very difficult to distin-
written titled “Bitcoin and the Charity of Jihad.” guish from legitimate activity. The attack on French
magazine Charlie Hebdo in 2015 was thought to be
Bitcoin’s relative anonymity, the irrevocability of funded primarily through a 6,000 Euro personal
transactions and the ability to move funds across loan obtained with fraudulent documents and the
national borders are all appealing to terrorist finan- sale of a used car. Compared to other small-cell
ciers. In many situations, however, converting digi- attacks, that was a relatively complex plan, involv-
tal currencies into the real-world funding that tering firearms and three attackers. Attacks using
rorist groups need to operate may be challenging knives and vehicles already owned by the perpetra-
and impractical. tors require even less funding.
As of late 2017, law enforcement investigators and A report by a Norwegian armed forces research
analysts have noted relatively few instances of ter- group that looked at 40 terrorist plots in Europe
rorist groups moving substantial amounts of funds between 1994 and 2013 found that about 75 per-
through virtual currencies. With digital currencies cent cost less than $10,000. Some funding meth-
and online payment systems becoming more com- ods used by lone actors and small cells include
mon and widely accepted, this is likely to change the following:
in the future. • Self-funding through legitimate means, such
as employment income, sale of goods or
In early 2017, Indonesia’s national financial intelli-
possessions, government benefits or income of
gence unit reported that Bahrun Naim, one of the
a spouse or family member.
country’s most notorious militants and a member of
ISIS, used online payment services, such as PayPal • Low level crime, including petty theft, small
and bitcoin, to transfer money to his colleagues to scale fraud and drug dealing. There is an
fund terrorist activities. increasing body of evidence suggesting that
54
lone actors and small cell attackers often have vating many lone actors, and, in some cases, warn-
criminal histories. ing signs of extremism could be found on these indi-
• Small-scale fundraising, usually limited to the viduals’ social media accounts.
attacker’s family, friends and direct connections.
RED FLAGS OF TERRORIST FINANCING
Detecting activity linked to lone actors and small Due to the overlap with general money laundering
cells can be very challenging for financial institu- methods and techniques, many of the same red
tions. Some institutions have sought to create lone flags covered in previous sections also apply to ter-
wolf monitoring typologies to watch for the pur- rorist financing.
chase patterns sometimes associated with these
attacks, such as weapons, body armor or sur- The Egmont Group, a confederation of national
vival equipment. financial intelligence units of more than 130 coun-
tries, analyzed nearly two dozen cases involving
Institutions are also conducting increased due dil- terrorism and identified these indicators:
igence and ongoing review of customer’s social • Frequent domestic and international
media. Online radicalization plays a big role in moti- ATM activity
PERCENTAGE OF TERRORIST ORGANIZATIONS WHO HAD RAISED FUNDS FROM VARIOUS SOURCES, FROM A STUDY OF 40
TERRORIST CELLS OPERATING IN EUROPE. SOURCE: NORWEGIAN DEFENCE RESEARCH ESTABLISHMENT
55
• Unusual cash activity in foreign bank accounts • Media reports that the account holder is linked
• Multiple cash deposits in small amounts in an to known terrorist organizations or is engaged
account followed by a large wire transfer to in terrorist activities
another country • Beneficial owner of the account not
• Cash or ATM withdrawals in or near properly identified
regions of conflict • Use of nominees, trusts, family member or third-
• Use of multiple foreign bank accounts party accounts
• “Many-to-one” transaction clusters, or an • Use of false identification to open the account or

account receiving many low-value transactions conduct the transaction
from other accounts, which could indicate Abuse of non-profit organizations
fundraising activity
CONCLUSION
• Long periods of account inactivity, followed by
account usage (especially cash withdrawals) in Detecting and preventing terrorist financing is one
other countries, which could indicate individuals of the most important roles for financial crime pro-
acting as foreign fighters fessionals. A thorough understanding of anti-money
laundering fundamentals is the starting point, but
• Multiple cash deposits and withdrawals with
professionals should seek to learn more.
suspicious references
• The parties to the transaction (owner, By understanding common methods used to raise
beneficiary, etc.) are from countries known to and conceal terrorist funds, emerging risks in new
support terrorist activities and organizations technologies and payment systems, red flags of ter-
• Use of false corporations, including rorist transactions and characteristics of lone actor
shell-companies attacks, you will be better prepared to help combat
this insidious threat
• Inclusion of an individual involved in the
transaction on the United Nations 1267
Sanctions list
56
CHAPTER 3 PRACTICE QUESTIONS
Q 3-1. Chuck Smith conducted a Ponzi scheme by luring innocent domestic investors to
invest. He claimed they would get a steady stream of payments over time and would receive a
handsome return on their investment. The transaction worked as follows:
• All investors resided in Smith’s country and wired money to Smith in order to make an
investment based on his statements, which later turned out to be false.
• Smith next moved the funds to an offshore bank account.
• Smith then transferred some of the funds from new investors to previous investors,
claiming it was money generated by their investment.
• Smith used the remaining funds to purchase cars and other luxury gifts to create the
appearance that he was successful.
The underlying criminal activity in this case is wire fraud. At which point did money laundering
FIRST take place?
A. When the investor wired money to Smith based on his false statements
B. When Smith transferred some of the funds from new investors to previous investors,
claiming it was money generated by their investments
C. When Smith used the remaining funds to purchase cars and other luxury gifts to create
the appearance that he was successful
D. When Smith wired funds to the offshore bank account
See Answer and Rationales
Q 3-2. A compliance officer at a major insurance company has recently noticed a pattern of
potentially suspicious transactions from a long-time customer. The customer is employed in
a consulting position that requires her to travel internationally on an unpredictable schedule,
and she often resides overseas for extended periods. The customer has several properties
insured with the company for large amounts. In the past three years, she has overpaid her pre-
miums numerous times and then requested a refund be issued. Concerned that the customer
may be laundering funds through the overpayment of premiums, the officer is investigating
the transactions.
Which fact would BEST indicate money laundering may be taking place?
A. The customer often requests that refunds be made by wire transfer to banks outside of
the country.
57
B. The customer makes the overpayments at different times of the year and in
varying amounts.
C. The customer has recently taken out a sizable new insurance policy on a commercial
property with your company.
D. The customer has requested that refunds on excess premiums be made to an attorney.
Q 3-3. A financial institution holds an account for a charitable organization whose stated
mission is to promote literacy in the local community. The charity derives most of its financial
backing from periodic fundraising drives that take in hundreds of small donations from indi-
vidual donors.
Recently, the institution conducted a due diligence investigation and noticed unusual activity
in the charity’s account.
Which of these is a red flag for potential terrorist financing?
A. The charity recently purchased a large insurance policy which does not have a surrender
clause and cannot be used as collateral.
B. The charity does not have a long-term leasing agreement on a physical property in a
nearby town.
C. The transaction history indicates a pattern of wire transfers to countries with no previous
connection to the charity’s activities.
D. The transaction history for the charity shows a large number of small cash deposits.
Q 3-4. You are the chief anti-money laundering officer of a full-service bank, and you are
designing a risk-based customer acceptance program to determine the Terrorist Financing
risks specific to not-for-profit (NFP) organizations.
Knowing the elevated risk that NFPs pose, which enhanced due diligence activity is most
essential for these types of client relationships?
A. Monitoring the financial activity in relation to the stated purpose and objectives
of the entity.
B. Obtaining a copy of the organization’s charter.
C. Establishing who controls the organization and its financial activities.
D. For NFPs, customer acceptance requirements are the same as for any other customer.
58
CHAPTER 4
UNDERSTANDING
AND PREVENTING
FRAUD
OVERVIEW
For financial institutions, government agencies, companies and

individuals worldwide, fraud is not only a constant headache, but a
major operational and financial risk, in addition to causing harm to
their reputations. Fighting fraud is now an escalating war. Even pri-
vate sector organizations and government agencies with the most
advanced tools and procedures to detect and prevent fraud some-
times feel like they are falling behind. The technical advancements
and globalization of fraud will continue to provide increasing chal-
lenges to an organization’s ability to manage fraud in all of its man-
ifestations. Some of the key trends today include the following:
59
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
• Greater professionalism in fraud practices

through smarter attacks (especially online)
result in bigger payoffs, which, of course,
attracts more talented thieves
• Increased “sharing” of fraud practices from
fraudster to fraudster, often facilitated by online
communications
• More fraud perpetrated from offshore locations
• More fraud perpetrated by
organized crime rings
• More technical fraud or cybercrime, such as
hacking and other Internet-related activities, Perpetuation of the high returns requires an ever-in-
that go hand-in-hand with more traditional creasing flow of money from new investors to keep
fraud activities the scheme going. The scheme is named after
• More collusion between merchants, fraudsters Charles Ponzi, who became notorious for using the
and organization insiders technique in the 1920s. Ponzi did not invent the
scheme, but his operation took in so much money
The increase in fraud-related regulations from gov- that it was the first to become well-known through-
ernment authorities has caused a significant impact out the United States.
on the efforts of private sector organizations to bet-
ter detect and prevent fraud, especially in the areas Ponzi schemes have received a lot of attention in
of identity theft and account-takeover. Regulations recent years as they have proliferated, particularly
and governmental guidelines require increasingly during the economic downturn starting in 2008.
tougher fraud prevention measures. Implementing One of the best-known schemes was the exception-
effective fraud detection, prevention and security ally large Bernie Madoff scheme, but Ponzi schemes
regimes is a critical part of an organization’s ability occur in all shapes and sizes. The Ponzi scheme
to control operational risk. eventually — and almost inevitably — collapses on
itself because it is an investment that doesn’t exist
and could never deliver the returns it promises. At
UNDERSTANDING AND RECOGNIZING some point, the scam gets so large that it cannot
TYPES OF FRAUD keep up with the “returns” to the investors above
them, although skilled fraudsters like Madoff have
PONZI AND PYRAMID SCHEMES sometimes managed to run Ponzi schemes for
A Ponzi scheme is a fraudulent investment oper- years or even decades.
ation that pays returns to its investors from their
own money or the money paid by subsequent inves- The Madoff scheme signaled a significant red flag
tors, rather than from profit earned by the indi- that can help differentiate Ponzi schemes from
vidual or organization running the operation. This legitimate investment opportunities. While the rest
person is normally called the “promoter.” A Ponzi of the securities market was declining and even
scheme usually entices new investors by offering experiencing low levels in terms of share prices
higher returns than other investments in the form and market or investment fund performance, the
of short-term returns that are either abnormally Madoff investment vehicle seemingly continued to
high or unusually consistent. achieve impressive, consistent returns. The façade
that Madoff created for his victims was that he was
60
a shrewd investment manager who had an uncanny AFFINITY FRAUD

knack for investing in the stock market that other This type of fraud scheme refers to scams that tar-
broker-dealers did not have. get members of groups which share some central
demographic characteristic, such as members of
Fraudsters, such as those who perpetrate Ponzi the same religion, ethnic community or profession.
schemes, are able to take advantage of even Typically, the fraudster is – or claims to be – a mem-
wealthy, intelligent, sophisticated people. They are ber of the targeted group, and, in many cases, will
very good at what they do and feed off of trust and recruit community leaders and trusted members to
friendship. They use this as their weapon to accom- contribute funds to the fraud scheme, help promote
plish their goal. it, or both.
Some of the red flags of Ponzi schemes include From a fraudster’s perspective, close-knit groups
the following: that value trust and community ties are particularly
• Investment returns that are “too attractive targets. These groups may be slower to
good to be true” accept they have been victimized by a fraudster and
• Investment statements that show continued less likely to report to law enforcement or cooper-
growth or performance contrary to ate with an investigation, especially if community
market trends leaders are involved.
• Unusual/absent fee structure In recent years in the US, affinity scams have tar-
• Lack of substance behind the investment, geted groups as diverse as Amish communities,
such as when due diligence reveals little active-duty military personnel, Chinese immigrants
information on the investment or the company and Mormon church members.
or individual offering it
In many affinity frauds, the underlying mechanism
In pyramid schemes, the promoter promises big is a Ponzi scheme, pyramid scheme or other invest-
profits to investors based on their ability to recruit ment in a non-existent security. As such, red flags
other persons to join the investment opportunity will be similar to other securities fraud typologies,
and not based on sales or investment results. This including the following:
is the primary difference between a Ponzi and pyra- • Investment opportunities with terms presented
mid scheme, although functionally they often oper- verbally, and little to no information in writing
ate similarly. Some possible red flags of a pyramid
scheme include the following: • Investors are pressured with a sense of urgency.
The investment is presented as a “limited-time
• Recruiting of new investors or participants takes offer” or only a short window to get involved
place in an unlimited chain, with new recruits • The investment is presented as an “exclusive
immediately recruiting others opportunity” or limited only to participation
• Promotion or advancement to new levels of the by certain individuals with demographics that
scheme or new investment opportunities that match the group targeted in the affinity scam.
are dependent on recruiting others
• Excessive incentives to recruit other
participants or investors
61
SECURITIES FRAUD other buyers of the stock who are unaware of

Securities fraud involves some form of misrepre- the falsity of the information become victims of
sentation around a “security,” which can be virtu- the scheme once the price falls.
ally any tradable asset or financial instrument. This • Perpetrators of pump-and-dumps often take
misrepresentation can include intentionally inac- advantage of “penny stocks” as the means to
curate or misleading information to encourage the carry out their scheme. In the US, the Securities
investment. It can also include selling a security and Exchange Commission defines penny stocks
that is illegal in the jurisdiction in which it is offered, as securities that trade for less than $5 a share
or that simply does not exist at all. and are not listed on a national exchange. Other
countries use similar criteria. The low share price
Securities fraud can take many forms, including and typical low levels of trading taking place
insider trading, stock manipulation, stock options among penny stocks makes it relatively easy to
fraud, “pump-and-dump” schemes, false infor- run up their share price in the pump phase.
mation and withholding key information to inves- • Short-selling or “scalping” schemes. The scheme
tors. Some common types of securities fraud are takes a similar approach to the “pump and
described below. dump” by disseminating false or fraudulent
information in an effort to cause price decreases
In countries with stock exchanges, such as the US, in a particular company’s stock. Perpetrators
UK, Canada, Japan, China, Mexico, Singapore and will short-sell that stock, or bet that its price will
India, laws prohibit fraud in the offer, purchase and decline, in order to profit from the negative news.
sale of securities. The securities regulatory agen-
cies of these nations monitor the capital markets Insider Trading. Though most often associated
and regulate the conduct of the participants in with illicit activity, insider trading can be conducted
order to prevent fraudulent activities. legally. Most jurisdictions allow company “insiders”
– employees, officers, directors and large share-
Misrepresentations are basically the equivalent holders – to buy and sell securities in their own
of false statements, which are defined as declara- companies, provided these transactions are prop-
tions or statements that mislead or create a false erly recorded and reported to securities industry
impression and are made with the intent to deceive, regulators. Trades that equally benefit all share-
manipulate or defraud.
The following are some examples of the more prev-

alent types of securities fraud:
Market manipulation schemes. Financial criminals
use two basic methods for trying to manipulate
securities markets for their personal profit:
• “Pump-and-dump” schemes. The perpetrators
typically disseminate false and fraudulent
information in an effort to cause dramatic price
increases in thinly traded stocks or stocks of
shell companies (the “pump”), then immediately
sell off their holdings of those stocks (the
“dump”) to realize substantial profits before the
stock price falls back to its usual low level. Any
62
holders that are conducted by a company employee Some indicators of insider trading include
or insider are not considered insider trading. An the following:
example would be stock repurchases. • An individual buys or sells substantial amounts
of a company’s stock or other equities shortly
Insider trading becomes illegal, however, when an ahead of a major announcement
individual is buying or selling a security based on
information not available to the general public. That • A service provider in an advisory role trades
is a violation of a relationship of trust and confidence. heavily in a company’s equities soon after
being engaged in a professional capacity
Examples of illegal insider trading cases include by the company
the following: • An individual with little or no history of investing
• A company’s officers or directors may trade suddenly invests heavily in an equity of one
shares after they learn crucial, confidential company, even borrowing funds to do so
information, such as news of a merger or
acquisition, a new product launch, the pending Stock options fraud. Stock options are generally
release of an earnings report, etc. The given as incentives to corporate employees. The
information could also be negative in nature. A employees are given the option to buy stock at a
company may be the subject of an investigation specified future date. The price of the stock is set
or regulatory enforcement action, for example. when the stock option is given. If the price of the
shares increases, the employee profits from it.
• A corporate insider may share confidential Stock options fraud involves backdating the date the
information with a friend or family member, who option was given to a time when the share was trad-
then buys or sells shares based on the tip. In ing at a lower price. This guarantees that the stock
such a case, both persons may be charged with option will be assured a profit when it is granted.
insider trading.
• Lawyers, public accountants or other corporate Prime bank note fraud. Prime bank note fraud has
advisory roles may trade on confidential become increasingly prevalent in recent years. This
information related to clients gathered in their fraud scheme typically involves selling fake deposit
professional capacity certificates to an offshore account to investors with
• Government employee trades based on the promise of quick and highly profitable returns
non-public information gained through their on the investment. As part of the prime bank note
employment can also violate insider trading fraud, the perpetrator convinces the investor/vic-
laws. For example, a regulator who discovers tim to send money to a foreign bank. The money is
sensitive data about a company’s financial eventually transferred to an offshore account con-
status during a routine examination may use trolled by the perpetrator, who then uses the funds
that information to trade in the company’s stock, for personal expenses, usually having laundered the
in violation of confidentiality. funds to erase the paper trail.
Typically, these schemes offer a guarantee of a high

yield on the victim’s investment in a relatively short
time. These guarantees, for example, assert that
investors will enjoy a profit of more than 2000 per-
cent in about one year.
63
Further, to establish legitimacy, the schemers will in large quantities of securities. An employee of the
claim to have access to bank “guarantees” that broker-dealer could trade in the security in his own
are being issued by select “prime banks.” This personal account ahead of executing the client’s
is where the term “prime bank guarantee” orig- order, then take advantage of the price change for
inated. To appear more legitimate, the promot- his own benefit. This “front-running” ahead of client
ers use the term “prime bank debenture,” and orders is considered unethical in all jurisdictions,
require that their investors sign non-disclosure and illegal in most.
agreements and non-circumvention agreements.
They usually insist that these forms are “required Similarly, an employee of a broker-dealer could
by the International Chamber of Commerce” or a trade in securities ahead of pending buy-or-sell rec-
similar international body in order to complete ommendations or investment analysis that the firm
the transaction. will soon be presenting to a client.
The following are red flags of prime bank note fraud:

FRAUD IN LOANS AND MORTGAGES
• Excessive guaranteed returns
Financial crime is adaptable in order to capitalize on
• Fictitious financial instruments, such as
new opportunities and present-day circumstances.
medium-term bank notes or debentures, bank
Thus, when there is a push to offer home ownership
guarantees and offshore trading programs
to a greater number of persons, the incidence of
• Extreme secrecy mortgage fraud is likely to rise. When a new gov-
• Exclusive opportunity ernment program is created to extend benefits to
certain persons and entities, such as healthcare
• Claims of inordinate complexity
programs, financial criminals normally find ways to
abuse the program.
Equity Crowd-Funding via the Internet. A securi-
ties option which makes it possible for a start- up
Mortgage fraud usually requires at least two per-
company to solicit investors over the Internet or
sons to collude for the fraud to succeed. A person
through social media with a lot less work and cost
applying for a mortgage loan may grossly inflate
than might be required for traditional capital invest-
the value of the property to be mortgaged or inflate
ment. The program is supposed to make it easier for
his income to increase the chance the mortgage
new companies to raise capital and grow.
loan will be given. Often, this person has the help
and collusion of an insider at the financial institu-
This is a relatively new and expanding investment
tion that extends the mortgage.
field. Because the screening is minimal, there is a
concern about it becoming a new avenue for secu-
The institution employee or other insider, in col-
rities fraud. Because investors that are attracted
laboration with property appraisers who are also
to these small, minimally screened, and arguably
colluding, will obtain an appraisal with an inflated
risky investments, they may become easy targets
value of the property that justifies a larger mort-
for con artists.
gage loan by the financial institution for which he
works. The inflation of the loan amount extended
Front-Running. Securities broker-dealer firms will
by the institution increases the institution’s risk, as
sometimes receive orders from clients to buy or
well as the illicit proceeds the conspirators derive.
sell a security which are likely to impact the secu-
rity’s price. This is especially true of firms with
large institutional clients, who may be transacting
64
In another type of credit extension, a financial insti- the housing meltdown that occurred in the US and
tution can be defrauded by the illegal use of loan other countries in the mid to late-2000s. Mortgage
proceeds that a borrower has been granted. The scams continue to occur, resulting in poorly-per-
fraudulent application of loan proceeds increases forming mortgage portfolios for lenders and inves-
the institution’s risk. The misrepresentation by a tors, as well as consumers unable to make mort-
borrower about the ultimate use of the proceeds gage payments, falling into default and becoming
of a loan can subject that individual to a separate a risk for foreclosure.
crime that is recognized in many countries -- sub-
mitting false statements to a financial institution Mortgage fraud consists of a number of different
from which a credit extension is sought. methods and approaches:
Mortgage and loan fraud involves an intentional Income fraud. This involves overstating the bor-
material misrepresentation or omission of a mate- rower’s income in order to qualify for a mortgage or
rial fact or other information on a mortgage or for a larger loan amount. Prior to the recent hous-
loan application to obtain a loan, or to obtain a ing downturn and legislative incentives requiring
larger loan than the lender would typically grant, lenders to change lending practices, these typically
if the application information was true and correct. involved “stated income” or “liar loans.” In these
Mortgage fraud was one of the leading causes of instances, the borrower, or a loan officer working
FIGURE 1: Annual MLF SAR Filings, 2001-2011
100000
90000
80000
70000
60000
50000
40000
30000
20000
10000
0
2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011
SUSPICIOUS ACTIVITY REPORTS MADE TO US REGULATOR FINANCE INVOLVING MORTGAGE FRAUD HAVE
SHOW N A STEADY INCREASE
65
on behalf of the borrower (with or without the borrower with a “rebate” which is not disclosed to the
rower’s knowledge), would state a specific income lender. The seller as well as the real estate agent
without verification. can participate in the scheme and all can share in
the “rebate.” This scheme requires a fraudulent
Today, these types of loans typically involve an appraisal to be successful.
alteration or forgery of income verification docu-
ments, tax returns or bank account statements in “Shot-gunning” fraud. This occurs when multi-
order to satisfy the income requirements. The fraud ple loans for the same property are obtained with
occurs when the borrower qualifies or attempts to different lenders at the same time and for a total
qualify for a loan, which their true income would amount in excess of the property value. This type
not support. of fraud leaves lenders greatly exposed to losses
because subsequent mortgages are junior to the
Employment fraud. This is another version of income first mortgage recorded.
fraud which involves claiming self- employment in a
non-existent company, or a claim of a higher posi- Lender Fraud. This involves fraudulent lenders or
tion in a real company, to justify the representation mortgage brokers who victimize unwitting borrow-
of a fraudulently compiled income figure. ers or lenders who actually fund or purchase the
loans. Indicators of lender fraud include a lack of a
Occupancy fraud. This usually involves a bor- license (lenders are typically licensed by the state
rower that obtains or attempts to obtain a mort- or jurisdiction in which they operate), loan terms
gage claiming that they will occupy the residence, that are too good to be true, and/or loan documen-
thereby obtaining a lower interest rate on the note. tation that is incomplete, blank or unintelligible.
In actuality, the borrower never plans to occupy
the residence. In addition, larger loans are typi- Foreclosure scams. The housing and economic cri-
cally allowed for owner-occupied dwellings than for sis that afflicted several countries has resulted in an
income properties, for which delinquency rates are increase in the incidence of mortgage foreclosure
substantially higher. scams. Perpetrators of these scams target people
at risk of losing their homes. These include mort-
Appraisal fraud. This pertains to a deliberate over- gage modification scams, as well as “foreclosure
or under-statement of the property’s true value rescue” buyers who try to rush the sale of house
to perpetrate a fraud. An over-statement of value without the proper forms having been completed.
enables the property owner to obtain more money
than the property is worth in the form of a cash-out Buy and bail fraud. As the name implies, this form
refinance; or an organized effort to generate a for- of fraud involves buying a new home with the inten-
profit mortgage fraud scheme. An under-valuation tion of abandoning mortgage payments on the old
of the property enables a buyer/borrower to get a home. Although there are a variety of reasons why a
lower price on a foreclosed home, or to persuade a homeowner might do this, some less insidious than
lender to reduce the balance in the case of a loan others, it is still considered fraudulent. Buy and bail
modification. These frauds typically involve either schemes typically involve homeowners who draw
a dishonest appraiser or a legitimate appraisal that up false rental agreements on their current home,
has been altered. and then use these agreements as part of the doc-
umentation needed to secure a loan on a new home.
Cash-back fraud. This involves deliberate inflation Once they have obtained the new home and moved,
of a property’s price in order to provide the bor- they stop making payments on their old home.
66
FLOPPING In another variation on flopping, the owner is an

Fraudsters often seek to take advantage of indi- innocent victim, and the fraudster conspires with a
viduals who are struggling to make mortgage pay- real estate agent responsible for selling the prop-
ments on a property they own, or to collaborate with erty. The agent could list the property at an inflated
these individuals to defraud a lender. One technique price to fend off other offers, then drop the price
referred to as “flopping” exploits the mechanism of just before the fraudster arrives to make an offer.
short sales to fraudulent ends. Or, the agent might steer the deal directly to the
fraudster, rejecting any other offers without inform-
In a short sale, a mortgaged property is sold for less ing the seller.
than the value of the outstanding loan. The lender
accepts the sale price in exchange for settling the From the perspective of the financial institution
loan, as this might be ultimately less expensive or involved in the short sale, flopping schemes can
more expedient than foreclosing on the property. be hard to detect without a thorough investigation.
One indicator can be repeated instances of simi-
The basic steps of a flopping scheme are lar claims from property owners in the same geo-
outlined below: graphic area. For example, several owners in a city
who are all using the same real estate agency may
• A fraudster approaches an owner who is submit expensive repair estimates listing very simi-
struggling to make mortgage payments and lar types of damages.
at risk of foreclosure with an offer below the
amount owed on the loan.
• The owner communicates the fraudster’s offer
to the lending institution, who accepts as
settlement of the mortgage.
• The fraudster immediately resells the property
to another buyer that had been previously
secured and makes a tidy profit.
While somewhat unsavory, this arrangement is not

necessarily illegal, depending on the jurisdiction.
However, flopping schemes often rely on collusion
with owners or realtors to drive down the sale price
of the property or misdirect other buyers away
from making offers, and this is where they veer into RED FLAGS OF FRAUD IN LOANS
outright fraud. AND MORTGAGES
Like all other areas of financial crime, red flags of
To convince a lender to accept a low sale price, fraud in loans and mortgages are situation-specific,
fraudsters might work with owners and other asso- and their applicability will vary based on the nature
ciates to make a property seem less appealing. Par- of the transaction and the customers involved.
ties might submit inflated or falsified repair esti-
mates claiming that expensive work is required, or
physically damage the property to discourage legit-
imate buyers.
67
While some of the red flags below are specific to FRAUD IN FINANCIAL REPORTING
mortgages in real estate transactions, most apply AND ACCOUNTING
to other types of credit extended by financial insti-
tutions, such as personal loans or vehicle loans: An organization’s financial books and records and
accounting practices are vulnerable to a wide vari-
• Discrepancies or inconsistencies in different ety of fraudulent manipulation, from deceptive
documentation, such as an individual’s tax ID tricks to boost purported earnings to techniques to
number, address, etc., that varies or appears conceal internal theft and embezzlement.
altered, within the loan file
• Same information for multiple parties in Fraud in financial reporting alone is a financial crime,
transaction (i.e., applicant and the listed but it can also be used to further many other crim-
employer have same phone) inal schemes. For example, financial records could
• Information provided for an applicant’s be altered to conceal bribe payments, or fictitious
employment is vague, inconsistent or invoices could be generated as part of money laun-
unreasonable (i.e., employer’s address is only a dering schemes.
PO Box or matches the current address of the
Although not an exhaustive list, some common
resident; the company name or applicant’s job
types of fraud in financial reporting are listed below.
title are generic or non-descriptive)
• Information provided for an applicant’s income FRAUDULENT REVENUE RECOGNITION
is questionable or unreasonable (i.e., the
Almost all companies seek to consistently grow their
income appears out of line with the nature of
revenues, and companies often have some flexibil-
employment, the applicant reports high income
ity in how they choose to recognize their earnings,
but shows no deposits in financial accounts)
as long as record-keeping does not deviate from
• Not an arms-length transaction, meaning “GAAP,” or generally accepted accounting principles.
there are ties between the buyer and the seller
of a property, which can increase the risk However, a pressure to boost revenue can lead a
of collusion company to engage in improper sales practices or
• No real estate agent involved in facilitating deceptive accounting:
the transaction
• Hidden or side agreements in sales
• Loan applicant has history of defaults or
arrangements. To create a short-term revenue
bankruptcies
increase, company employees might negotiate
• Issues with property taxes; unsure if they have sales agreements that are later altered or
been paid and who is paying them? revoked due to hidden terms and conditions.
This is done to book the revenue of the sale
before it is fully completed. These terms are
made verbally or through messages left off
the actual sales contract and might include
refunds, exchanges, different payment terms or
right of return.
68
There is nothing inherently wrong with allowing organization’s vendors to create and approve
customers to make returns or otherwise modify fake invoices.
a sale when done legitimately. However, it veers • Modifying a legitimate invoice, inflating its value,
into the realm of fraud when it is done outside or submitting duplicate invoices. An employee
of the proper channels and with erroneously could change the account details on the invoice
recorded revenue without provisions for returns, to an account under their control, and then
cancellations or other modifications. re-submit the original invoice for payment.
• Altering dates or holding open accounting • Alternately, an employee colluding with a vendor
periods. By changing the dates on certain or other third party could inflate the value of a
documentation, like shipping documentation legitimate invoice, and then receive some
or purchase orders, a company can deceptively percentage of the transaction back from the
record revenue in one accounting period that conspirator. In both cases, the employee would
should have accrued in another. Likewise, typically be someone with access to the systems
a company could improperly extend its used for a company’s accounts payable.
accounting period, holding open its receivables
to record sales that should have fallen into the
next period.
• Creation of wholly fictitious sales and
customers. Although this technique is more
vulnerable to detection in audits, there have
been numerous cases where companies simply
falsified sales transactions, and likewise created
false customers to match corresponding entries
in their accounts receivables.
FALSE INVOICING SCHEMES

False invoices are a multi-purpose tool in an array of
financial crime schemes - Providing cover for bribe
payments, or lending an air of legitimacy to money
laundering transactions between shell companies,
or many other applications.
False invoicing schemes are also one of the most

common methods that employees use to misappro- Vendors themselves can also engage in false invoic-
priate funds from employers. This can be done in ing schemes, without the assistance of an insider
the following ways: within the company. In this case, it is a matter of
• Creating a fictitious invoice for goods or playing the odds. The vendor assumes that a certain
services that were never delivered, and percentage of false, inflated or duplicate invoices
submitting it for payment. An employee may be will simply slip through the cracks and be paid by
acting alone, by submitting false invoices from the company that receives them.
companies they control, or working with others.
In some instances, employees collude with an
69
Like other internal fraud schemes, separation of A good way for a financial institution to prevent
duties and multi-step review can be a powerful tool future problems with a customer is to take reason-
to reduce the risk of false invoicing schemes. This able due diligence steps when the potential new
can be as simple as implementing a two-stage pro- customer seeks to establish a relationship. The
cess for approving invoices: applicant should be asked to corroborate all the
information, and the institution must verify the
information.
1. One employee checks the invoice to confirm it
is for a legitimate product or service. At the earliest stage of a new relationship with a
2. A second employee reviews and customer, a financial institution must assure that
authorizes payment. the person seeking to open an account or establish
When investigating a company’s records for indi- a business relationship is the true beneficial owner
cators of false invoicing, red flags can include of the funds to be invested or deposited. If a busi-
the following: ness organization is involved, the institution should
• Invoices missing common details and ensure that the person seeking to establish the
information, such as no address being provided, relationship is the real principal of the entity or can
a tax ID number is not given, etc. and will identify that person.
• The company name listed cannot be found in the
The nature and size of a relationship usually deter-
jurisdiction’s corporate registry.
mines the degree of due diligence that an institu-
• The invoice and/or supporting documents are tion should take to investigate and verify beneficial
vaguely worded or copied from other invoices. ownership and the principals of an entity. Financial
• No purchasing order that matches the criminals invariably use nominees and fronts in their
information is provided in the invoice. business and financial transactions to hide and dis-
guise their involvement.
• The goods described on the invoice cannot
be found in the company’s inventory, or the
If the account to be opened or business to be con-
services cannot be accounted for.
ducted is of sufficient size and importance, an insti-
• Multiple invoices contain the same tution or business should exercise enhanced due dil-
invoice number. igence to ensure that persons are who they say they
• There are multiple invoices with the same are and that no nominees or fronts are shielding the
amount on the same date, or from the same true parties in interest. In situations of sufficient
vendor on the same date. gravity and size, the institution should go beyond
its walls and seek facts independently from appro-
• The invoice contains errors or misspelling.
priate sources and conduct enhanced due diligence.
FRAUD IN OPENING AN ACCOUNT
If the institution or business confirms that the ben-
Financial institutions are vulnerable to fraud in eficial owner is not the person who appears at the
many ways, and the old adage, “Know Your Cus- institution seeking to establish the relationship, it
tomer,” is as effective a safeguard against external should decline the relationship in the absence of
financial crime as any government regulation. One a satisfactory explanation. If none is provided, in
way to prevent fraud risk is to ensure that an appli- addition to declining the relationship, the institution
cation for a new account or relationship by an indi- should probably report the event to the appropriate
vidual or entity is fully vetted. authorities as suspicious activity.
70
INSURANCE AND
HEALTH CARE FRAUD
Insurance and health care fraud is a growing and
increasingly expensive problem. Although health
care fraud can be perpetrated by individuals, the
largest and most successful schemes usually involve
health care providers colluding to overcharge a pri-
vate or government health insurance agency. Typi-
cally, the health care provider orders tests and ser-
vices that are not actually needed by the patient,
bills for services the patient never receives, or bills
for an office visit that never occurs.
Health care insurance fraud costs government

One of the most common forms of insurance fraud
medical and health insurance programs, such as
involves insurance brokers keeping the customer’s
Medicare in the US, hundreds of billions of dollars in
premium payments rather than applying them to the
fraudulent charges and investigations. Much of this
intended insurance plan. These “brokers” who embez-
money is never recovered, which is a good exam-
zle customer premiums may not even be licensed.
ple of the poor results of asset recovery efforts
directed at fraudsters in the US and most countries.
CREDIT AND DEBIT CARD FRAUD
There are many types of health care insurance fraud:
A lost or stolen credit or debit card is an easy
• Upcoding – billing for a higher covered service source and target of fraud. Even if the victim
than performed. immediately reports the card as missing or stolen
• Using the wrong procedure code to get - which most financial institutions and other card
something covered that would not be covered providers require in order to limit personal liabil-
under its proper code. A sign of this type of ity on fraudulent charges - a fast-acting thief has
fraud is that the provider tried the non- covered adequate time to quickly incur charges before the
code before. card is disabled.
• Breaking up a “package” into individual
procedures, which is usually more expensive. An In recent years, credit and debit card fraud has
example might be laboratory and blood work moved away from the theft of individual cards
and toward the theft of large amounts of credit
• Setting up fake clinics, often involving shell and debit card information through hacks and
companies with no physical location or just data breaches. It has also become increasingly
postal boxes to submit claims. sophisticated, with organized crime rings launch-
ing complex operations to steal credit cards
When a health care provider commits insurance
and engage in hundreds or thousands of fraud
fraud, the costs can be greater than the monetary
schemes worldwide in short time periods. More
loss. Health insurance fraud can also be damaging
information on how data breaches play into finan-
to the patients in the provider’s care, as the treat-
cial crime schemes will be discussed in the Cyber
ment or tests prescribed may be inappropriate or
Security chapter.
even harmful.
71
Credit and debit card fraud schemes include student loans, unemployment benefits, tax refunds
the following: or other government benefits.
• Tampering with card readers at ATMs and other
point-of-sale locations, typically by inserting Some fraud in government benefits may actually
skimmers to steal card numbers and passwords. be occurring with “good intention.” This can hap-
pen when another entity is trying to get benefits
• Online theft of numbers through compromises for a person without proper ID, and allows the filing
of online security. of the benefits knowing that the ID provided is not
• Identity theft to apply for credit and debit valid. While helping someone in need with this sto-
cards, such as “too good to be true” credit card len ID, the perpetrator is also creating a separate
offers through which the fraudsters obtain the victim of identity theft.
individual’s personal information and then use
that to apply for other cards. Fraud in government benefits can often involve col-
• Physical theft of the card. lusion of two or more individuals, as well as collusion
between outside actors and government employees.
• Internet fraud schemes, which involve the use
of unlawfully obtained credit card numbers to
order goods or services online. INTERNAL FRAUD
Internal theft and misappropriation of assets by
FRAUD IN GOVERNMENT BENEFITS employees and insiders of a business organization
are rampant in all countries. A business can take
Fraud in government benefits is generally perpe- several steps to minimize exposure to these crimes.
trated by identity theft. Using a stolen identity, the
fraudster can assume to be the proper recipient of As in the case of financial institutions seeking to
benefits intended for someone else. This type of prevent threats posed by the “enemy within,” the
fraud is typically perpetrated with the help of know- first step businesses should take start at the door
ing the victim’s identification or Social Security of the human resources department. Hiring wisely
numbers (or other identifier), through which access through thorough examination of applicants is cru-
to benefits is typically verified. cial in minimizing internal theft and misappropria-
tion. Thorough interviews, vetting of all important
Fraud against government agencies takes many aspects of a candidate’s background, prior job and
forms. It can be as basic as improperly applying for independent references is crucial.
and receiving benefits of small amounts offered by
a social welfare program. Or, it can involve large Background checks, due diligence and examination
sums under large contracts, such as those with mil- of criminal records are also indispensable steps.
itary and aerospace agencies, in which a contractor Depending on the sensitivity of the position and the
in the private sector inflates costs or furnishes sub- potential fraud risk it poses, companies should also
par materials to the agency or performs improperly consider screening employees against PEP lists,
under the contract. sanctions lists and negative news scans. Not all of
these screens may be required for every position,
In some cases, financial criminals even recruit the but they could be applicable for higher risk roles. All
help of prisoners who provide their identifications, of these policies and procedures should form part
such as their Social Security number if they are in of a pre-employment screening program.
the US, to pose as legitimate applicants seeking
72
A code of ethics explaining acceptable and unac- or has non-business ties to the vendor, this may
ceptable conduct and a program of mandatory warrant further investigation.
financial disclosure for key employees should also • Sudden changes in the employee’s spending
be required. habits and lifestyle — As obvious as this seems,
this red flag remains a fixture in internal fraud
Financial institutions and other businesses should schemes. If an employee suddenly starts
also strongly consider establishing an anonymous purchasing expensive luxury goods, buys a
telephone line or similar mechanism that employ- house or other assets that don’t match their
ees can use to report theft and other dishonest acts. salary, or otherwise starts living beyond their
known income, it warrants careful scrutiny.
This reporting mechanism should be separate from
the usual reporting that takes place through the • Employees that have overlapping roles with
lines of business – In other words, an employee access to the company’s funds or accounts
reporting to their superior, who then may escalate — A lack of clear division of duties is a weak
it to their superior, and so on. If there is no option point for fraudulent behavior. If one employee
to report outside of the typical reporting through is responsible for generating invoices and
the chain of command, employees may be unwill- approving their payment, or adding new vendors
ing to speak up for fear of retaliation, and will have to a company’s system and then approving
nowhere to turn if their managers are the ones them, this creates vulnerabilities for fraud.
actually involved in the suspected fraud. Organizations should carefully scrutinize these
roles and consider adding a separate layer of
Close observation of employee behavior may also authentication.
provide telltale signs of vulnerabilities to the “enemy
within.” Some common indicators and risk areas for It is worth noting that organizations should always
potential involvement in insider fraud include: be cautions when developing programs to review
employees for insider fraud risk. Legal issues arise
• Resistance to taking vacation/sick days or in monitoring employee behavior and legal coun-
refusal to share job responsibilities — If an sel of a business or institution should be consulted
employee rarely takes vacation or sick time, or before implementation of new policies. For example,
is resistant to sharing their duties with another monitoring employee use of social media may raise
employee, it could indicate something more privacy and other issues on which a lawyer should
sinister than sheer devotion to the job. This advise the business or government agency that is
is particularly true of roles with access to a contemplating a new policy.
company’s books and records or payment
processing functions. Likewise, when an Internal misappropriation can be the work of low-
employee declines a promotion or reassignment level as well as higher rank employees. They should
to a different area of the company, this can all be monitored on a risk basis, and the risks posed
raise red flags. by senior-level staff should not be ignored. Often,
higher ranking staff is capable of inflicting far
• Employees with close ties to a vendor or more harm on a business than employees at the
other third party — An employee that seems lower levels.
abnormally close to a vendor or vendors should
raise questions. For example, if an employee Internal controls aimed at reducing insider fraud
contacts a vendor more often that is necessary do not necessarily need to be complicated. Sim-
for business purposes, advocates on their behalf, ple mechanisms like division of duties and “mak-
73
er-checker” models can be highly effective at and to delay the discovery of the identity theft
detecting certain types of fraud. For example, one by the victim.
employee could be tasked with creating new ven-
dor invoices in a company’s payment system, and Identity theft and identity fraud are terms used to
another employee assigned to review and approve. refer to all types of crime in which someone wrong-
fully obtains and uses another person’s personal
One thing is certain. If no internal controls exist, data in some way that involves fraud or deception,
or if those that exist are not enforced, temptation typically for economic gain. With enough identify-
lures employees. ing information about an individual, a criminal can
take over the individual’s identity to conduct a wide
range of crimes, such as false applications for loans
IDENTITY THEFT AND FRAUD and credit cards, fraudulent withdrawals from bank
Identity theft is a giant menace of the 21st century. accounts, or obtaining other goods, services or
Often, perpetrators are employees of businesses, privileges which the criminal might be denied if he
including doctors’ offices, government agencies and were to use his real identity.
financial institutions. The goal of identity thieves is
to uncover the identities of private individuals in If the financial criminal takes steps to ensure that
order to obtain the numbers and other characteris- bills for the falsely obtained credit cards, or bank
tics of their credit cards, place of employment, res- statements showing the unauthorized withdraw-
idences, children, family members, friends, vehicles als, are sent to a physical or e-mail address other
and other personally identifying information. than the victim’s, the victim may not become aware
of what is happening until the criminal has already
By learning a person’s personal information, an inflicted substantial damage on the victim’s assets,
identity thief can penetrate a bank account, use credit and reputation.
their credit cards, receive government benefits,
seek a tax refund in someone else’s name and more. OVERVIEW AND METHODS OF
There are various red flags that indicate a person IDENTITY THEFT
has been the victim of identity theft. These include Identity theft is one of the fastest growing types
unusual activity in personal financial accounts, of consumer fraud and considered one of the lead-
unknown charges on credit card statements, noti- ing threats to deposit accounts at banks and other
fication by a tax agency that more than one tax financial institutions. It can be perpetrated by a wide
return was received in your name, and other har- variety of means, including some popular methods
rowing occurrences. listed below:
Defensive measures against victimization by an • Account takeover or account hijacking where

identity thief include using care about where Per- a fraudster captures a customer’s personal
sonal Identification Numbers (PIN) on credit cards information and uses it to take over a
and ATM cards are written and monitoring the vol- financial account
ume of mail a person receives. A substantial drop in
• New account fraud in which a fraudster
mail may indicate that someone has sent a change-
assumes the identity of a real person to open a
of-address card to the postal authorities in order
phony account
to have access to and to read one’s mail and deter-
mine a person’s bank accounts and credit cards,
74
74,915
Theft Type
Credit Card
Employment or Tax Related Fraud
Phone or Utilities Fraud
124,784
133,015
55,558
235,670
46,920
133,944
123,215
101,174 82,051
46,810 49,379 55,045

40,062
37,443
2013 2014 2015 2016 2017

Number of Identity Theft Cases Reported to the US FTC by Year and Type, 2013 - 2017
75
• Collusion between the fraudster and customer, techniques used to manipulate people into per-
or between fraudster and employees of an forming actions or revealing confidential informa-
organization tion in order to gather data, commit fraud or gain
access to computer systems or networks. The basic
COMMON TECHNIQUES USED BY tools used to obtain information are simplistic and
IDENTITY THIEVES based on human nature. The roots of social engi-
Creating fake online identities. Fraudulent identi- neering reach back to the days of traditional ‘con’
ties play a significant role in many high profile finan- men and leverage the same skills to convince a vic-
cial fraud crimes. With today’s Internet capabilities, tim to reveal sensitive information.
fraudsters can easily create new or fake identi-
ties. Utilizing social networks, blogs, forums, email Leveraging technology. Fraudsters capitalize on
accounts, domain creation, website creation and the speed and anonymity afforded by new technol-
various internet accesses, the fraudster can create ogies to perpetrate identity theft and identity fraud,
an entire false persona, including name, address, including the following:
telephone number, email address, website, etc., and • Using handheld skimmers and other devices
represent it as real. Once this basic identity is cre- that lift account information when the individual
ated, the fraudster can file for a sole proprietorship swipes his or her debit or credit card at an ATM
or set up a corporation using the identifiers of the or point-of-sale location, such as in a store
false persona. • Getting people to disclose sensitive personal
data by sending them phony emails (Phishing),
The fraudster can then obtain a government tax or text messages (Smishing) and phone
other identification number for the business and calls (Vishing)
open a new bank account for it. From all the infor-
mation associated with this person and business, it • Using malicious software to capture and
can appear to be a legitimate entity. transmit personal information to counterfeiters
over the Internet (Malware)
Social engineering. Fraudsters also engage in • Using peer-to-peer computer technology, such
social engineering to perpetrate identity theft. as the kind found on music-sharing sites, to
Social engineering typically refers to methods and search personal computers for password files,
account numbers and other information
Internal fraud. Studies of crime data have shown

that a high percentage of identity theft starts
with the theft of personal data by an organiza-
tion’s employee. This confluence of identity theft
and employee corruption is an important trend for
financial institutions and other business organiza-
tions to recognize and protect against with appro-
priate fraud tools.
SYNTHETIC IDENTITY FRAUD

Synthetic ID fraud is one of the fastest-growing
fraud types, impacting both individuals and finan-
A CREDIT CARD SKIMMER INSTALLED AT AN ATM
cial institutions. In synthetic ID fraud, bits and
76
pieces of information from a real person are mixed Since synthetic IDs usually do not have a credit
with invented data to create an entirely new identity. history, institutions should be careful and conduct
thorough due diligence when dealing with so-called
It starts with a real tax identification number, usu- “thin file” applicants. Institutions should also verify
ally belonging to a child. Because it belongs to a applicant information from one than one source,
real person, the tax ID will often show up as a valid rather than relying solely on a credit report.
number in credit reporting and other checks used
by financial institutions. Issues with an applicant’s tax ID number can also
be a red flag. If the tax ID number does not match
Tax identification numbers belonging to children the other information provided for the applicant, or
are preferred because children typically don’t have matches a different person, this can be an indicator
much of a presence in the financial system. They of synthetic ID fraud.
usually aren’t applying for accounts, checking their
credit report or doing other activities that might RED FLAGS OF IDENTITY THEFT
lead to detection. The fraudsters will then create a Due to the prevalence and increasing growth of iden-
fake name and other details around this stolen identity theft, various countries have pushed financial
tification number, including a real address (usually a institutions and other organizations to incorporate
PO box or mail drop). the following into their fraud surveillance systems:
Using this new identity, criminals now have several • A layered approach that combines scanning
years to set up accounts, establish a credit history, software with other monitoring tools to
get credit cards and obtain personal loans. Fraud- proactively identify and defend against
sters might nurture these synthetic IDs for years, identity theft
making card payments and servicing loans, to • Improved authentication procedures, including
increase the amount of credit extended to them. At layers and token or biometric authentication
some point, they will max out their credit cards and devices and procedures
loans and disappear. • Implementation of fraud detection software to
identify account takeover
In one notable recent case, a fraud ring created
nearly 7,000 synthetic IDs and used them to obtain Because so much fraud committed now involves the
more than 25,000 credit cards, as well as loans. illegal use of stolen customer or internal data, laws
The scheme went on for years, and ultimately led and regulations concerning the safeguarding of con-
to more than $200 million in losses from financial fidential customer data have been enacted in many
institutions. jurisdictions. In particular, financial institutions are
often required to make their own assessments of
Financial institutions are still struggling with how to potential red flags of identity theft within their pro-
manage the risks of this form of fraud. Like some cesses or procedures and to implement methods for
forms of loan fraud, synthetic ID fraud is often writ- detecting and preventing these red flags.
ten off as a credit loss, and never recognized as a
criminal incident. This misclassification reduces For example, the US Federal Trade Commission
the likelihood that an institution will build controls and other regulators implemented the FACT Act in
around synthetic ID fraud, or report it appropriately 2009, which established key red flag categories and
to law enforcement. specific examples indicative of identity theft. These
red flags are broadly applicable and are consistent
with identity theft red flags or scenarios identified
77
by regulators in other countries. The following are −− A social security or other identifier number,
key red flags: as well as address or phone number that has
• Alerts, notifications and warnings from a credit been used by other people opening accounts
reporting company:
• An applicant who cannot provide identifying
−− A fraud alert on a credit report information beyond what is generally available
−− A notice of credit freeze in response to a from a wallet or credit report, such as a person
request for a credit report who cannot answer a challenge question
−− A notice of address discrepancy provided by a • Suspicious account activity:
credit reporting agency −− Soon after the organization is notified of a
−− A credit report indicating a pattern of activity change of address, requests are made for
inconsistent with historic activity new or additional credit cards or to add users
−− An unusual number of recently established to an account.
credit relationships or −− A new account that is used in ways associated
−− account closing(s) because of account with fraud. For example, the customer does
privilege abuse not make the first payment or makes only an
initial payment, or most of the available credit
• Suspicious documents: is used for cash advances or for purchases of
merchandise, such as jewelry or electronics,
−− Identification that appears to be which is easily converted to cash
altered or forged
−− Account usage patterns are different
−− The person presenting the identification from historical activity, such as sudden
does not look like the photo or match the non-payment or increase in the use of
physical description available credit
−− Information on the identification differs from −− Mailed statement is returned as undeliverable,
what the person presenting is saying, or or the customer reports that he or she is not
does not match other information, such as a receiving the account statements in the mail
signature card or previous signatures
−− Customer reports unauthorized charges
−− An application looks like it has been altered, on the account
forged or torn up and reassembled
• Notice from other sources, such as reports from
• Suspicious personal identifying information: a customer, a victim of an identity theft or law
−− Inconsistencies with other information, such enforcement authorities
as an address that doesn’t match the credit
report; use of a social security number or The following are signs of identity theft that an indi-
national identifier that does not match vidual should be on the alert for:
−− An address, phone number, or other personal • Certain mail, particularly financial statements
information that has been used on an account and bills, is no longer being delivered
known to be fraudulent • Unfamiliar charges on bank statements
−− A fake address, an address for a mail drop or • The tax authorities reporting the receipt of
prison, an invalid phone number or one that is multiple tax returns using one’s name or
associated with a pager or answering service national identifying number
78
• Calls from collection agencies about

unfamiliar debts
• Decline of medical benefits because you have
reached the annual benefit maximum
• A signature that is not yours on distinct
applications
INTERPLAY OF IDENTITY THEFT WITH

OTHER TYPES OF FRAUD
Government benefits fraud. The commonality in
government benefits fraud is often identity theft
or the willingness on the part of someone to fraud-
ulently provide their identity toward government
benefits fraud, often for a small percentage or fee.
A sophisticated thief may take the time to alter perpetrate veteran’s benefits fraud. The govern-
supporting identity documents, such as a driver’s ment employees have easy access to the qualify-
license, to make sure that everything matches on ing persons they need to recruit, such as veterans
the fraudulent application he submits. who would qualify for benefits but have no need
for them. They can be used to complete fraudulent
Medicare fraud. Typically, this involves one or more applications. The employees hold the threat of a
stolen identities which are then used to bill a gov- fraudulent claim against the veterans and receive a
ernment program, such as Medicare in the US. This portion of the benefit. Fraudulent claims may also
type of fraud can be conducted using a shell com- include misstatement of injury or illness to qualify
pany with a P.O. Box address that is represented as for a claim.
the “clinic” where treatment is provided. The per-
petrators use stolen identities to process fraud-
ulent claims. DETECTING AND
PREVENTING FRAUD
Student loan application fraud. Identity thieves or In recent years, regulatory expectations around
willing accomplices take a fee for applying as “straw fraud detection and prevention have increased sub-
students” (in countries that provide programs sup- stantially. At the same time, due to easy access to
porting loans to college students). This allows the information online and through social networks,
fraudster to accumulate large amounts of finan- institutions and businesses face growing reputa-
cial aid from student loan applications. This type of tional risks from fraud. Consequently, institutions
fraud can be especially successful because, gener- and other companies and organizations are focus-
ally, the loans do not have to be repaid until after ing more now on implementing effective gover-
the student completes college. It can take a few nance, risk and compliance (GRC) programs. GRC
years for the lender to realize that the borrower is is viewed as critical to address and correct organi-
not repaying the loan. zational weaknesses that lead to significant opera-
tional risk, losses or regulatory action.
Veteran disability benefits. In the US and other
countries where military service veteran’s bene- For many companies and institutions, fraud is a key
fits are plentiful, collusion between veterans and risk to profitability and reputation. Implementing
employees of the pertinent government agency can effective fraud detection, prevention and security
79
systems has become a critical part of an organiza- that typically affect the institution or organiza-
tion’s ability to control operational risk. Integrating tion, or firms like it. Assess the potential for these
fraud detection and prevention into the organi- schemes and scenarios based on past incidents of
zation’s overall GRC framework can produce sub- fraud, the culture of the organization and its current
stantial benefit, including a better understanding framework of internal controls.
of the impact of financial crime on the organization,
improving return on risk and compliance invest- Most FRAs focus on identifying fraud risk in six
ments, enhancing the organization’s reputation and key categories:
cultivating customer trust. • Fraudulent financial reporting
FRAUD RISK ASSESSMENT AND RATING • Misappropriation of assets
Conducting a fraud risk assessment (FRA) is an • Expenditures and liabilities for an

essential step in the process of detecting and improper purpose
designing controls to prevent the specific types • Revenue and assets obtained by fraud
of fraud the organization faces. The FRA can be • Costs and expenses avoided by fraud
conducted by internal or external auditors or con-
• Financial misconduct by senior management
sultants, or through some combination. It does
not necessarily identify exactly the types of fraud
Analyze the likelihood of each scheme or scenario
occurring in the organization. Instead, it focuses
occurring. The FRA must consider not only the pos-
detection efforts on specific fraud schemes and
sible risk, but the likelihood that a particular fraud
scenarios that could occur, as well as on incidents
will occur. International auditing standards specify
that have occurred in the past. This information
four risk levels:
enables the organization’s risk management and
audit teams to make recommendations to senior 1. Remote
management and support the implementation of 2. More than remote
fraud prevention controls designed for the identi- 3. Reasonably possible
fied risks and vulnerabilities.
4. Probable
Following are the steps that normally accompany a Assess the materiality of risk. The FRA team
comprehensive fraud risk assessment: should identify fraud risks that could have an
Create a ‘fraud risk assessment’ team. The FRA important financial impact on the organization and
team should include senior internal audit and risk its stakeholders, such as shareholders and lenders.
management personnel or an experienced outside The three levels of materiality are inconsequen-
certified fraud examiner or consultant with expe- tial, more than inconsequential and material. Any
rience in conducting FRAs. According to the Basel risks that are deemed more than inconsequential
Committee on Banking Supervision, the internal or material must be addressed by gathering more
audit plan should be based on a methodical control detailed information or evidence of potential fraud-
risk assessment that documents the organization’s ulent activity. This step should take into account
significant activities and their associated risks, the risk tolerance of the firm.
as well as the principles of the risk assessment
methodology. Assess risks in the context of existing anti-fraud
controls. The FRA team should evaluate the effec-
Identify the organization’s universe of potential tiveness of existing controls in preventing the spe-
risks. Determine the fraud schemes and scenarios cific fraud scenarios which have been identified
through the preceding steps. The ultimate objective
80
of the fraud risk assessment is to guide the organi- “New account” fraud is a significant challenge and
zation’s auditors to implement specific measures to has become a main conduit for identity theft and
detect fraud, and senior risk management profes- other types of fraud. Fraudsters and criminal organ-
sionals to establish or adjust anti-fraud controls to izations that target financial institutions take
reduce the risk of fraud. advantage of gaps in employee training and com-
munication and the pressures that frontline
As part of the risk assessment, the FRA team employees typically face to provide good service
and the internal audit department must consider and bring in new accounts.
whether and how anti-fraud controls can be circum-
vented or overridden by management and others.
They should also analyze both internal and external BASEL COMMITTEE ON
threats to confidential electronic data and com- BANKING SUPERVISION
puter and network security.
The Basel Committee on Banking Supervision
KEY ELEMENTS OF A FRAUD (BCBS) is a committee of banking supervisory
COMPLIANCE PROGRAM authorities that was established by the cen-
tral bank governors of the Group of Ten coun-
Anti-fraud environment tries in 1974. It provides a forum for regular
• Proper tone set by senior management cooperation on banking supervisory matters.
• Strong, ethical corporate culture Its objective is to enhance understanding of
key supervisory issues and improve the qual-
• Meaningful code of conduct ity of banking supervision worldwide. The
Committee also frames guidelines and stan-
Education and training dards in different areas - some of the bet-
• Anti-fraud training programs ter known among them are the international
• Data and information security training programs standards on capital adequacy, the Core
Principles for Effective Banking Supervision
• Open communications with employees, vendors,
and the Concordat on Cross-Border Banking
suppliers and customers
Supervision.
Proactive detection The Basel Committee formulates broad
• Effective fraud tip hotlines supervisory standards and guidelines, and
• Whistleblower protections recommends statements of best practice
in banking supervision (such as the “Basel
• Punishment protocol
III Accord”, for example) in the expectation
that member authorities and other nations’
Investigation and follow up
authorities will take steps to implement them
• Empowered audit committee with oversight of through their own national systems, whether
fraud prevention program in statutory form or otherwise.
Other key areas

• Procedures to protect sensitive information A good Customer Identification Program (CIP) can
do far more than satisfy regulatory requirements
FRAUD DETECTION IN CUSTOMER associated with an anti-money laundering compli-
ONBOARDING AND MONITORING ance program. It can also assist the firm in reduc-
81
ing or preventing fraud by improving the ability of information, to help validate the information
the firm’s front-line employees to verify whether provided by the customer or applicant:
application information is fraudulent for a customer • Check if the customer or applicant has used
opening a new account or seeking to transact with or is using more than one national identifying
the organization. Not only must the credit side of number, a Social Security number in the US, or
the institution or organization guard against fraud, other commonly used identifier typically used
deposit accounts are also vulnerable to fraud. for the purposes of identity verification.
A sound Know Your Customer/Customer Due Dili- • Review an individual’s address history relating
gence (KYC/CDD) program includes robust cus- to their national identifying number or
tomer identification and account-opening proce- • Social Security number. Often, a fraudster has
dures, which allows the institution to determine the numerous such numbers associated with his or
true identity of each customer and to assess the her identity.
risk or potential risk presented by the customer. As • Review how the person’ s surname, or family
part of the customer onboarding process, the orga- name, appears in the credit report or other
nization should perform due diligence as follows: third-party information compared to how the
• Gather and verify customer identification name is spelled on the account or application
materials in paper documents and electronic documents at the start of the relationship.
identity verification • Check the usage of mail drop locations or rental
• Verify and authenticate the customer’s identity mailboxes, which could be a sign of multiple or
• Screen the customer against national and false identifications.
international sanctions lists and other watch
lists, such as known or suspected fraud lists OVERVIEW OF FRAUD MONITORING AND
from internal and external sources, including DETECTION SYSTEMS
law enforcement sources Because of the volume of customers, transactions
• Document the normal and expected business and data involved in monitoring and surveillance, as
activity for each customer, including occupation well as evolving fraud trends and its shifting sands,
and business operations some organizations leverage specialized technol-
ogy to help meet their fraud detection and report-
• Document the customer’s relationship within ing requirements.
the organization and its subsidiaries, including
all the lines of business Data Mining Tools. Data mining is an effective and
widely used approach for discovering and detect-
Many of these steps also apply to organizations ing fraud. Data mining is used to detect patterns
that are seeking to develop or strengthen inter- of activity or transactions which are anomalous,
nal procedures to guard against signs of corrupt or “stand out,” from typical customer or business
activities by their own employees or through third activity. It can also be used to discover previ-
parties with foreign public officials and their family ously unknown relationships between customers,
and associates. accounts and entities transacting with or through
the firm or financial institution.
• To prevent fraud, customer identification should
leverage third-party data and sources, such as Suspicious patterns are symptoms of fraud, not evi-
credit reports and other sources of identifying dence of it. Typically, further investigation must be
done to determine whether the activity is actually
82
fraud (or another form of financial crime) or is legit- prevent fraud on a product or channel- specific
imate. Therefore, data mining tools must be com- basis. Traditionally, they have focused on employing
bined with other capabilities which facilitate the “point solutions” which focus on a relatively narrow
review and investigation of the identified exceptions. scope of behavior or fraud.
Data mining tools have evolved substantially and Point solutions can be very effective for specific
are able to analyze much larger sets of data in a problem areas, such as check fraud and check kit-
much faster timeframe. Data mining techniques ing, ATM fraud, credit card fraud, and for establishing
have been integrated into many software solutions mechanisms to help protect access through remote
targeted at fraud detection. channels, such as online or mobile banking and other
services. Point solutions may use one or a combina-
Predictive analytics. Predictive analytics are widely tion of fraud detection techniques, including predic-
used in fraud detection and prevention efforts. Many tive analytics and rule patterns, to detect the specific
predictive analytical techniques were pioneered by type of fraud for which the solution specializes.
the credit card industry, and in recent years have
been leveraged in other areas including payments, Unfortunately, fraudsters do not stick with one
online banking access, account opening and small channel, line of business or product. Deploying mul-
business fraud. Like data mining techniques, pre- tiple fraud detection solutions does not support
dictive analytical models have been integrated into the ability to share and consolidate critical infor-
many fraud detection software solutions. mation among fraud detection silos, which leaves
the organization and its customers vulnerable to
Predictive analytics look at potential risk factors more sophisticated fraud schemes. Each of the
to detect the likelihood of fraudulent activity and major areas of fraudulent activity —activity creat-
develop models which can be leveraged for real time ing the most challenges for firms in terms of losses,
monitoring. For example, analytical models evaluate customer service issues, and reputation—typically
transactions to identify subtle patterns of behavior involve more than one type of mechanism, chan-
indicative of fraud, or activities that are atypical nel or product.
for an account or customer. Fraud analytical mod-
els are an excellent complement to other detection Although point solutions offer significant capa-
techniques, such as reports or rule patterns (which bilities in specific areas of fraud, they can gener-
detect known patterns of fraudulent activity). ate high levels of “false positives” and may not be
well-integrated into the overall fraud and risk man-
Analytic modeling provides flexibility because it agement regime of the organization.
allows successful automated detection of a broad
spectrum of suspicious activity, including activity Fraudsters, who sometimes associate with orga-
not previously recognized as fraudulent. Analytical nized crime, often use smarter and more sophisti-
models can also predict the likelihood or propen- cated methods to gain access to financial data in
sity of fraud based on attributes of the customer or an organization. Sometimes collusion among mer-
entity seeking to do business with the firm or finan- chants, fraudsters and organization insiders exists.
cial institution, and, therefore, are an important part For this reason, many organizations have imple-
of the account and relationship opening process. mented enterprise-wide fraud detection systems,
including transaction monitoring and case manage-
Point fraud detection products. Most business ment systems to support a broader view of fraud
organizations, including financial institutions, have across various channels and types of products
invested in products and processes to identify and and services.
83
Transaction Monitoring Systems. This is an auto- information used for analyzing or investigating
mated system, either a proprietary application or alerts or cases.
vendor-provided, for ongoing scanning of transac-
tion, customer and entity data. It filters, compiles Third party data. These can be reports, online
and summarizes transaction data and flags or issues research portals and public record and proprietary
alerts on situations of potentially suspicious or data sources and analytics provided by third-party
fraudulent behavior. Detection is typically achieved data vendors and repositories. These may include
through implementation of fraud detection scenar- credit record information, as well as more sophisti-
ios that fall into three categories: cated predictive analytics. This information can be
used at the time of account opening for Know Your
• Rules-based scenarios which identify specific
patterns of behaviors related to fraud
typologies or red flags.
• Statistical profiling scenarios which identify BENFORD’S LAW
unusual activity by modeling typical or expected When hunting fraud in financial documents,
activity profiles for a specific customer or type Benford’s Law can be a useful tool. It is a math-
of customer and identifying outliers. ematical theory that says certain digits appear
• Predictive analytical models which provide more frequently than others at certain posi-
automated detection of a broad spectrum tions in real world data sets.
of suspicious activity, including activity not
previously recognized as fraudulent. Analytical Benford researched all different sorts of data
models can also predict the likelihood or sets- from the size of butterfly wings to the
propensity of fraud. surface area of rivers - and found the same
principle held true: The number 1 appears as
Some software solutions leverage or combine mul- the first digit about 30% of the time, and the
tiple types of approaches to help improve detection number 9 appears first less than 5% of the
capabilities. In addition, most transaction monitor- time. The numbers 2 through 8 have different
ing systems also provide alert and investigations probabilities of appearing as the first digit.
management systems to facilitate and document
the analysis and investigation of alerts and cases. Benford’s Law applies to account transactions,
Comprehensive alert and case management can bank transfers and wire transfers, and can be
automate processes and reduce investigative costs. used in investigations and forensic accounting.
Enterprise case management built specifically for For example, an investigator might analyze
financial crime investigators can provide a single a company’s financial statements and note
view of fraud, risk and compliance status. It can that the number 9 is the first digit 25% of the
help prevent and reduce losses by automatically time. This will merit closer scrutiny and could
uncovering and focusing investigations on the most indicate fraud
urgent and actionable alerts.
Internal reports. These are internally generated

Customer and due diligence purposes, and to sup-
reports or systems, such as exception reports,
port alert analysis and investigations of suspicious
incident reports and leads databases, which help
or unusual activity.
flag activities and provide important ancillary
84
THE IMPORTANCE OF AN A centralized approach that combines real-time

ENTERPRISE APPROACH TO FRAUD or near real-time fraud detection with sophisti-
cated analytics often facilitates early detection of
AND FINANCIAL CRIME
fraud schemes and their participants and enhances
In their efforts to more successfully manage finan- loss prevention and mitigation. An organization
cial crime and compliance, business organizations, should determine what the recommendations
including financial services entities, often recognize or requirements of its regulators indicate about
the need to take an enterprise-wide approach to these approaches.
fraud management. Many of them, especially larger
ones, are establishing or have already established Establishing an enterprise fraud management sys-
financial crime units or financial intelligence units tem, manual or automated, can be a key step in
as a first step toward targeting fraud in a more com- better integrating fraud detection and prevention
prehensive way. The effectiveness of this approach into the organization’s overall governance, risk and
often depends on the ability to bring together and compliance framework. This can provide many ben-
coordinate existing point fraud detection software. efits, including a better understanding of the impact
of financial crime on the organization, and improved
A comprehensive fraud detection approach must return on risk and compliance investments, protec-
provide a single point of analysis for account and tion of the organization’s reputation and mainte-
customer activity and also enable the monitoring nance of customer trust.
and detection of complex behavior and patterns
that may indicate broader issues. Exposing events
as they are happening, particularly more complex,
cross-channel fraud schemes, and taking action
before assets have disappeared are critical to min-
imizing losses and then meeting the challenging
task of recovery.
85
Q 4-1. The CFO of a large public corporation sees that the company’s quarterly numbers are
going to exceed analysts’ expectations. Knowing the stock price will probably make a big jump
when this news is released, he makes several large open stock repurchases, which increases
the intrinsic value of the tens of thousands of shares he already owns.
He then mentions the earnings report to his wife, and she buys 1,000 shares of stock in her
personal trading account. Her broker, who knows that she is married to the CFO of this com-
pany, feels that she must know something, so he recommends it to many of his clients who buy
some very large blocks.
The quarterly numbers are released, and the stock makes a big move as expected. Which indi-
vidual in this scenario has committed insider trading?
A. The CFO
B. The CFO’s wife
C. The wife’s stockbroker
D. The stocks
86
CHAPTER 5
GLOBAL
ANTI-CORRUPTION
COMPLIANCE
AND
ENFORCEMENT
OVERVIEW
Corruption is an unfortunate reality throughout the world in

developed and underdeveloped countries alike. It weakens and
undermines democratic institutions, distorts national economies,
contaminates business practices, fosters government instability,
discourages external investments, unjustly enriches public offi-
cials and private sector business people, worsens social condi-
tions and public services, and impacts hundreds of millions of peo-
ple each day.
87
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
And it gives corporations an unfair competitive corrupt acts may also violate other criminal laws,
advantage by buying government employees, and such as those dealing with commercial bribery, con-
props up poorly-run companies at the expense of spiracy, money laundering and others.
rivals unwilling to make corrupt payments.
This means that all public functions, especially in
For all these reasons, corruption and its many dele- countries where corruption is pervasive, may be
terious consequences have gained great public and corroded and distorted to accommodate the corrupt
international attention in the past two decades. interests of the public officials. A legislator may be
corrupted to advance a legislative project, conduct
Official corruption, which refers to the dishonest an investigation or kill a bill that is pending in the
acts of public officials, can take many forms. It can legislative body. This corrupts the laws that guide
be bribery, extortion, embezzlement, kickbacks, business and other dealings and on which judicial
influence peddling, nepotism and alliances with decisions in business transactions are based.
criminal elements.
Similarly, there is widespread corruption worldwide
Official corruption is not limited to employees in the in the judicial branch of government. This means
executive branch of government, such as heads of judges who are sworn to impartiality and fair deal-
state, ministers, law enforcement officials, inspec- ings with parties that appear before them, are cor-
tors, regulators and other functionaries. Official rupted by a party to rule in a certain way or prohibit
corruption is also widespread around the world in someone from taking action, or compelling persons
the legislative and judicial branches of government. to do certain things. This goes to the heart of the
In addition, many countries’ governments create law and pollutes the legal system to the point where
state-owned commercial enterprises that compete the public, whose tax dollars support the system,
with private sector businesses that do the same loses confidence in the courts and respect for the
things. These state-owned enterprises engage in judiciary and the law.
many commercial activities typically performed by
private sector entities. Official corruption, which is often called public cor-
ruption, is also rampant in many countries where
State-owned airlines are an example. They fly com- organized crime, drug traffickers and other crimi-
mercial routes alongside private sector air carriers nal enterprises shower public officials with money
and have employees that perform similar jobs as and expensive gifts to neutralize the laws and their
those in private airlines. The employees of these enforcement. This creates an environment in which
state-owned companies are as prone to corruption the more traditional financial criminals - who do not
as those of standard government agencies. In gen- dirty their hands with drugs, human trafficking and
eral, the laws of most countries deem corruption the like - find public officials more receptive to their
by persons who work at state-owned entities in the corrupt payments.
same light as corruption by employees of regular
government agencies.
THE WORLD MOVEMENT TO
If an employee of a state-owned airline, for exam- COMBAT CORRUPTION
ple, seeks or obtains an unlawful payment for the Recognizing this, major international bodies have
performance of an official act related to the airline, increased international pressure on nations to
it is a corrupt act just as if it were performed by an intensify their efforts against corruption over
employee of a regular government agency. These roughly the past 15 years. This has resulted in the
88
enactment of laws by various nations, notably the In the anti-corruption field, NGOs may be divided
United Kingdom, which enacted its far- reaching into two groups:
Bribery Act in 2010. 1. Those that are associated with or supported by
governments, sometimes through international
In addition, this surge in international attention bodies like the Organization for Economic
to corruption has caused other nations to amend Cooperation and Development
their laws and step up their enforcement activity.
2. Those that are non-profit entities that are
The notable example is the US, which has greatly
not officially supported by or connected to
increased the enforcement and regulatory efforts
a government
under the Foreign Corrupt Practices Act. The FCPA,
which became law in 1977, is the grandfather of such The two types of NGOs often engage in similar work
laws around the world that prohibit and criminalize and partner with each another, thus blurring the
corrupt payments to foreign public officials. distinctions. Typically, however, NGOs connected to
national or international bodies are more active in
The new international standards that have evolved creating and promoting anti-corruption policies and
from these accelerated and intensified efforts have standards, while unaffiliated non-profit agencies
served as a beacon for nations that wish to improve normally focus on anti-corruption advocacy.
their mechanisms to prevent, deter and prosecute
corruption in their government functions. One of the best-known of the unaffiliated entities is
Transparency International (TI), which is headquar-
tered in Germany and has chapters in 100 countries.
NON-GOVERNMENTAL The chapters have considerable latitude to choose
ORGANIZATIONS AND ANTI- the projects they will pursue.
CORRUPTION ADVOCACY
TI’s anti-corruption work is wide-ranging, but some
Non-governmental organizations (NGOs) play a of its most important work is its research, analysis
significant role in these efforts. They have raised and reporting on corruption issues. TI is one of the
awareness of the effects of corruption, advocated key sources of information on global corruption,
for transparent government and business practices, which is facilitated by the data it receives from its
and created and assisted anti-corruption moni- network of chapters. One significant TI publica-
toring efforts. tion is the Corruption Perceptions Index, an annual
report that assigns rankings to all countries based
89
on their “perceived levels of corruption, as deter- erished country of billions of dollars. The suit led
mined by assessments and opinion surveys.” French authorities to seize $250 million in property
owned or controlled by the dictator’s son, includ-
There are thousands of non-profit entities world- ing luxury cars, real estate, art and other valuables
wide that are dedicated in whole or in part to located in France.
anti-corruption advocacy, monitoring and public
policy. Sometimes, these groups have urged law Many nations, such as the US, have laws that permit
enforcement agencies to investigate and bring cor- the seizure and confiscation of the assets of corrupt
ruption cases to court. On some occasions, under foreign figures and the sharing of the proceeds of
the laws of a particular country, they have brought these cases with the nation that was victimized by
civil lawsuits themselves. the corruption.
A recent example occurred in France. Three pri- Organization for Economic Cooperation and
vate sector organizations sued Teodoro Obiang, the Development (OECD). This important multina-
son of the dictator of Equatorial Guinea, who was tional organization, which also serves as the parent
suspected of having plundered his oil-rich impov- of the Financial Action Task Force, plays a signifi-
An Image of TRANSPARENCY INTERNATIONALE’S CORRUPTION PERCEPTIONS INDEX 2017. Darker Colors Indicate Higher Levels
of Perceived Corruption. Source: Transparency International
90
cant role in fostering and strengthening interna-

tional anti-corruption policies. It does this primarily
through its Anti-Bribery Convention, which has the As of January
2019, 40 nations
official title of the Convention on Combating Brib-
ery of Foreign Public Officials in International Busi-
ness Transactions. The convention requires signa-
tory countries to enact laws that criminalize bribery
of foreign public officials, such as the US Foreign had signed
the Convention…
Corrupt Practices Act (FCPA) does.
The convention also commits signatory nations

to a two-stage review by other signatory coun-
tries on their anti-corruption laws, policies and
enforcement and regulatory resources. In the administration, monitoring and finance systems in
first stage, the examining nation reviews the the government agencies.
laws to ensure they are complete and in keeping
with the mandates of the Convention. The second In partnership with the United Nations Office on
phase assesses how well the nation is implement- Drugs and Crime, the World Bank also administers
ing and enforcing its laws and how often its agen- the Stolen Asset Recovery Initiative, known as StAR.
cies bring cases. The program is intended to “support international
efforts to end safe havens for corrupt funds” and
As of January 2019, 40 nations had signed the help countries that lose funds and other resources
Convention, including Bulgaria, Iceland, New Zea- because of corruption to recover the stolen assets.
land, Colombia, France, Germany, the US, the UK,
Brazil and Turkey. The Convention has prompted StAR also trains personnel of law enforcement agen-
nations to amend corruption laws that predate the cies and other government agencies, as well as pri-
Convention, including the US, which amended the vate sector entities on asset recovery. It produces
FCPA in 1998 to bring it in line with the Conven- reports, handbooks and guides on asset recovery.
tion’s requirements.
United Nations Office on Drugs and Crime (UNODC).
World Bank. One of the most visible and important The UNODC maintains an open source database
NGOs, it is an international financial institution that of corruption-related legal cases and information,
extends loans and financing to developing coun- called Tools and Resources for Anti-Corruption
tries. One of its primary goals is to reduce poverty Knowledge, or TRACK. The UNODC provides train-
by encouraging international trade and investing on anti-corruption enforcement and good gover-
ment. Projects funded by the World Bank are often nance practices to government agencies and other
the targets of corrupt practices among the nations NGOs through numerous publications and training
that receive assistance and the contractors and documents, as well as its International Anti-Corrup-
service providers that implement them. As a result, tion Academy located in Austria. It also conducts
over the past decade, the Bank has actively devel- research on corruption and produces country- spe-
oped and promoted anti-corruption and good gov- cific reports on corruption risks.
ernance programs. Many of them provide training,
technical assistance and technology to recipient
nations with the goal of improving management,
91
United Nations. The United Nations Conven- Charitable and non-profit organizations. - Non-
tion against Corruption, which was introduced in profit organizations and donations to charities rep-
2003, establishes worldwide standards of controls resent popular corruption vehicles. A corrupt offi-
directed at official corruption and mechanisms. By cial may ask that a payment be made to a non-profit
the end of 2012, it had been signed by 140 nations. entity which he or she controls or benefits from.
Signatory nations commit to criminalize bribery,
implement laws and regulations intended to pre-
vent corruption, and cooperate on asset recovery in
corruption cases. Signatory nations may seek and
obtain the assistance of other signatories to com-
STOLEN ASSET RECOVERY
bat corruption. INITIATIVE (STAR)
Assets stolen by corrupt leaders at the
There are other prominent private sector organi- country level are frequently of staggering
zations that render valuable services to the world magnitude. The true cost of corruption far
community on the combat of official and private exceeds the value of assets stolen by the
sector corruption. These include Global Witness, leaders of countries. This would include the
which was formed in 1993 to combat corruption, degradation of public institutions, especially
natural resource exploitation, human rights abuses those involved in public financial manage-
and poverty; and the Group of States Against Cor- ment and financial sector governance, the
ruption, which is a dependency of the Council of weakening if not destruction of the private
Europe and monitors implementation of multilat- investment climate, and the corruption of
eral agreements that seek to combat corruption. social service delivery mechanisms for basic
health and education programs, with a par-
These international bodies, NGOs and other organi- ticularly adverse impact on the poor. This
zations around the world offer information, training “collateral damage,” in terms of foregone
resources and expertise that can be a very valuable growth and poverty alleviation, will be pro-
resource for financial institutions, commercial enti- portional to the duration of the tenure of the
ties and national, provincial and local governments corrupt leaders.
in their compliance, investigation and enforcement
efforts. Financial crime specialists should always Addressing the problem of stolen assets is
keep these resources in mind. an immense challenge. Even though coun-
tries as diverse as Nigeria, Peru and the
Philippines have enjoyed some success in
MECHANISMS THAT asset recovery, the process is time-consum-
FACILITATE CORRUPTION ing and costly.
Throughout the world, there is a wide variety of
mechanisms and vehicles that facilitate the plan- The Stolen Asset Recovery (StAR) initia-
ning and execution of corruption. tive was launched jointly by the UN Office
on Drugs and Crime (UNODC) and the
Here is a listing of some common vehicles for cor- World Bank Group (WBG) to respond to
ruption. Additional information on how these this problem.
can be applied can be found in the money laun-
dering section.
92
In guidance on the Foreign Corrupt Practices Act, diligence on businesses that receive payments
the US Department of Justice lists five questions may reveal fictitious businesses that are corrup-
to consider when making charitable payments in a tion vehicles.
foreign country:
• What is the purpose of the payment? Payments through loans. An organization or indi-
vidual could use loans to disguise corrupt payments
• Is the payment consistent with the company’s in several ways. A payer could give a bribe to the
internal guidelines on charitable giving? recipient directly, but then record it as a legiti-
• Is the payment at the request of a mate loan in its books and records. A company or
foreign official? individual could also give an actual loan to a gov-
• Is the foreign official associated with the charity, ernment official or entity, but provide it on very
and if so, can they make decisions impacting favorable terms, such as at a low interest rate if not
your business? interest-free.
• Is the payment conditioned upon receiving Gifts, travel, entertainment and other personal
businesses or other benefits? expenses. These are often a cover for corrupt
dealings with a public official and his family and
Political campaigns. Elected public officials have associates. For example, a public official who asks
political organizations through which corrupt pay- a business person for financial assistance to pay
ments may be made. The official may also use a his daughter’s college education may be seeking a
nominee or ‘front’ to create a company that pro- bribe. Companies that provide an official the free
vides services to the campaign and which may serve use of their apartments, cars or airplanes, in effect,
as a vehicle for corrupt payments. may be bribing that official.
Fictitious employees. A corporation or other orga- Alternately, a company might pay a government
nization can falsely increase its payrolls with fic- official directly, then record payments in its books
titious employees in order to disguise evidence of and records as fictitious gifts, travel and entertain-
corrupt payments. It could also convey bribes by ment expenses. This is one reason why strong poli-
issuing checks to employees that have already left cies on expense documentation and record-keeping
the company, or by directly adding government are important in the anti-corruption context.
officials, their family members or their associates
to the company payrolls. A company could also cor- This does not mean that any funds spent on gifts,
ruptly provide services to government officials by travel and entertainment are illegitimate or ques-
loaning employees to a political campaign while it tionable, but companies should exercise caution
continues to pay their salaries. and avoid anything approaching lavish expendi-
tures on government officials. Some examples of
Financial crime specialists investigating corruption improper travel and entertainment, provided by the
should carefully scrutinize the checks issued to US Department of Justice and based on real-world
company employees to determine if employees on cases, include:
payroll are still working for the company and if they
appear to be qualified for their position and salary. • A $12,000 birthday trip for a government official
from Mexico that included trips to wineries and
Fictitious businesses. A corrupt official may sub- expensive dinners
mit invoices for nonexistent services in the name
of a shell corporation that he or she controls. Due • A trip to Italy provided to eight Iraqi officials
that consisted mainly of sightseeing and
93
included $1,000 in spending money given to

each government official
• $10,000 spent on dinners, drinks and
entertainment for government officials
OTHER CONDUITS FOR CORRUPTION

In addition to those vehicles, there are numerous
other conduits to execute corrupt payments. Here
is a listing of some common conduits:
Offshore accounts in third countries held in the
names of nominees or family members returns and fraudulently alter books and records.
• Third parties or nominees that front for One financial crime begets another and another.
corrupt officials
• Shell companies and trusts in offshore
THE UNITED STATES FOREIGN
secrecy havens
CORRUPT PRACTICES ACT
• Nominees or “bagmen” to hide the identity of
The US Foreign Corrupt Practices Act (FCPA) has
the true beneficial owners
several distinctive features that deserve explana-
• Gatekeepers, such as lawyers and notaries, tion and analysis because they teach many lessons,
who create corporations, open bank accounts, even though it is a US law. The FCPA is the world’s
transfer proceeds, purchase property, courier oldest and most frequently enforced anti-corrup-
cash and perform other services tion law and it can punish companies worldwide for
• Diplomatic pouches carried by foreign violating it. Understanding its provisions is neces-
service officers that are protected from sary for financial crime professionals in all countries.
search or seizure
Another reason why attention to the US and British
• Embassy bank accounts maintained by a
anti-corruption laws is important is because their
country’s embassies in other countries, which
global enforcement touches on private sector orga-
may be available for use by public officials of the
nizations, business people and professionals.
embassy’s home country
• Correspondent accounts maintained in other The roots of the FCPA can be traced back more than
countries by the financial institutions of the three decades. In the mid-1970s, a series of corpo-
country where the corrupt official resides rate bribery scandals made headlines worldwide
• Using state-owned companies that are and triggered unprecedented government scrutiny
commercial entities owned by a government, of transnational corrupt business practices.
which may offer facilities and personnel to
execute a corrupt scheme Investigations of international corporate bribery
began in the US, when the political scandal known as
Corruption breeds other financial crimes. Often it ‘Watergate’ led to a wider probe of domestic corpo-
is part of larger financial crimes. To hide evidence rate corruption. These inquiries unearthed evidence
of their corruption, officials that take bribes and not only of illegal political contributions inside the
companies that pay them usually falsify their tax US, but also widespread bribery of non-US public
officials by US companies overseas.
94
One example involved Lockheed Martin Corpo- with the SEC as an “issuer” of securities, meaning
ration. An investigation in 1975 by a US Senate any company whose stocks or securities are traded
subcommittee exposed that the US aerospace on US exchanges. Even a non-US company with no
company had paid $22 million to high-ranking offices, employees or physical presence in the US
government officials in four countries to secure may be criminally prosecuted in US courts for brib-
airplane contracts. The fallout was global. In Italy, ery it committed anywhere in the world. This makes
the scandal forced the sitting president to resign. it a truly international law.
In the Netherlands, evidence implicating the coun-
try’s prince taking corrupt payments disgraced In a prosecution for violation of the FCPA, viola-
the royal family. Japan’s prime minister was tors may face the judicial precept known as “willful
arrested and convicted on charges connected to blindness.” This means that persons or entities that
his accepting bribes. may not have direct knowledge of corrupt payments
may still be held responsible if they were “willfully
The US SEC subsequently found evidence implicat- blind” to the payments and deliberately avoided
ing more than 400 US corporations that had paid knowledge of the facts. The willful blindness pre-
$300 million in bribes to non-US public officials and cept also applies in money laundering cases where
political entities. The resulting outcry in the US and
abroad led the US Congress to pass the FCPA. It
was enacted into law in 1977.
PDVSA BRIBERY SCANDAL
KEY PROVISIONS OF THE FCPA In early 2018, the US Department of Justice
The FCPA is a sweeping anti-corruption law that released the opening salvo in what would
has criminal and civil provisions. It makes it a crime become a broad campaign against corrup-
for US individuals and entities, including corporation tied to Venezuela’s state-owned oil com-
tions and non-profit organizations, to “corruptly pany, Petroleos de Venezuela S.A (PDVSA).
offer, promise or provide anything of value to a for-
eign official for the purpose of obtaining or retain- US prosecutors indicted five former officials
ing business.” The term “foreign official” has been of PDVSA for accepting tens of millions in
interpreted very broadly by US law enforcement bribes to steer contracts to two US-based
and regulatory agencies. It has come to mean not businessmen. As the officials were not US
just elected officeholders, but also political appoin- persons, some were outside the scope of
tees and virtually all employees of a state agency or the FCPA, but still subject to US money
state-owned company. laundering laws. Four of the officials were
arrested in Spain, while a fifth was at large
The FCPA also imposes record-keeping and as of early 2019.
accounting duties on certain entities. These are
known as the “books and records” provisions and In a separate case later in the year, prosecu-
are enforced by the SEC. The provisions require tors in Miami indicted a US citizen and former
companies to create effective controls that are German banker for their role in embezzling
designed to prevent and detect corrupt payments. $1.2 billion from PDVSA. In that instance
Companies that violate these provisions can face as well, prosecutors combined corruption
civil penalties. and money laundering charges, showing a
clear connection.
The FCPA also applies to non-US persons who reside
in the US and to non-US entities that are registered
95
gift of expensive luxury goods, lavish trips to a high-

end resort, contributions to a charity, the hiring of
a public official’s relatives or associates. The illegal
payments need not be briefcases full of cash.
Not only may other laws come to play in a foreign

corrupt practices case, many of the same red flags
and techniques that are used to detect and inves-
tigate other financial crimes may be applied to for-
eign corruption cases.
For conviction, the FCPA requires that a payment,

gift or offer of payment must be made with “corrupt
a person alleges that he or she did not know of the intent.” One way to demonstrate that is by show-
illicit origin of the funds involved in a transaction. ing that payments were intentionally concealed or
disguised through off-the-books transactions or
Non-US companies are justified to be concerned non-transparent payment schemes. Corrupt intent
about FCPA enforcement by the US Department of may also be shown if the payment was used to con-
Justice and the SEC. Nine of the 10 largest penalties vince a foreign official to abuse his or her position.
for FCPA violations have been imposed on non-US
companies, including entities based in Germany, Under the FCPA, corrupt payments do not have to
France, Japan, the Netherlands and the UK. be actually made to violate the act. A conspiracy
to make corrupt payments to a foreign official is
The FCPA covers only payments to foreign govern- also a violation of the FCPA, even if no payment is
ment officials, and not bribes or other corrupt pay- actually made.
ments to private companies or individuals, which
are normally classified as commercial bribery. In DEFINING A ‘FOREIGN OFFICIAL’
addition, the FCPA covers only the makers of cor- UNDER THE FCPA
rupt payments, and not the recipients. Foreign The FCPA has an open-ended definition of who can
officials who accept corrupt payments may not be be considered a government official. It prohibits
prosecuted under the FCPA. corrupt payments to any “foreign,” or non-US, offi-
cial of a “government or any department, agency or
However, this has not prevented US enforcement instrumentality.” Unfortunately, it does not define
agencies from using other laws, such as the US these terms.
money laundering laws, to pursue foreign officials.
In this respect, the FCPA intersects with other laws, This language has given the US Department of Jus-
such as those dealing with money laundering, con- tice and SEC the latitude to institute FCPA actions
spiracy and international travel for the purpose of against a wide range of entities and actors. In recent
committing corrupt acts. years, the US has successfully prosecuted corpora-
tions and individuals for bribing officials in national,
ILLEGAL PAYMENTS UNDER THE FCPA state and local governments, as well as regula-
A bribe or corrupt payment may be “anything of tors, law enforcement agents, political parties and
value.” A bribe can just as easily be conveyed by a their candidates.
96
Another important term in the FCPA is “instru- Third parties in the setting of possible foreign cor-
mentality.” US agencies have interpreted it to rupt acts are some of the biggest compliance and
include state-owned enterprises (SOEs), such as liability risks that a business organization can face.
utility companies, airlines and other state- owned The FCPA guidance by the US Justice Depart-
businesses. FCPA cases have involved employees ment and SEC devotes considerable attention to
of SOEs, including managers of so- called sover- third parties and the liability that can flow from
eign wealth funds, directors of a telecommunica- their actions.
tions utility and medical professionals employed
by state-run healthcare systems. State-owned Many companies have faced FCPA enforcement
enterprises are very common in many nations, actions as a result of corrupt payments made
and, in some nations, they have a monopoly or by third parties. One high-profile situation that
near-monopoly on industry sectors such as trans- erupted in mid-2012 involved Wal-Mart’s Mexi-
portation, energy production and infrastructure, can subsidiary, Wal-Mart de Mexico. An investiga-
and health care systems. tion and report by the New York Times revealed
that Wal-Mart de Mexico had retained attorneys,
FPCA cases have also involved companies and indi- known as “gestores,” to help obtain permits from
viduals for corrupt payments to employees of enti- federal, state and local government agencies.
ties that are not wholly-owned by a foreign govern- The attorneys were said to have made widespread
ment. US agencies have determined that foreign payments to Mexican government officials. Wal-
companies or entities can be considered an “instru- Mart is under investigation by the Justice Depart-
mentality if a foreign government has a controlling ment and SEC and has launched a broad internal
interest or otherwise exerts control over them.” investigation.
In November 2012, the US Department of Justice Middlemen who assist companies in dealing with
and the SEC issued guidance to the public on compli- governmental agencies are fixtures of the business
ance with the Act and best practices in meeting the environment worldwide. Carefully vetting and mon-
duties it imposes. They indicated they would most itoring of the third parties that are hired is essen-
likely not pursue an enforcement action against an tial to avoiding FCPA violations. Experts say the
enterprise in which a foreign government held less anti-corruption compliance measures that compa-
than a 50 percent ownership stake. nies and individuals should take when employing
third parties should include the following:
These expansive interpretations of “foreign official”
and “instrumentality” have been challenged, but no 1. Thorough reviews of the third party’s
US court has limited the broad approach of these background, reputation and experience,
government agencies. paying special attention to their connections
with government officials. Abnormally high
THIRD-PARTY LIABILITY UNDER FCPA fees charged by them can be a red flag of
corrupt payments.
Companies and individuals that operate overseas
frequently employ third parties for a variety of 2. Contract terms that explicitly describe all
business tasks, including marketing and distribut- services to be performed, and the fees or
ing new products, providing legal consultation, and expenses that are expected to be charged
acting as intermediaries between the company and and incurred. Contracts should include
government officials. Common examples of these warranties that formally commit the third party
to complying with the FCPA and other anti-
intermediaries are attorneys, sales agents, distrib-
corruption standards.
utors, consultants, accountants and lobbyists.
97
3. Continuous oversight and monitoring of third tate or obscure bribe payments, or ignore evidence
parties after a contract is signed, to include that third parties are making corrupt payments on
periodic updating of the review of the third their behalf.
party, requirement of ongoing anti- corruption
training, and annual certification that the third In these situations, various red flags such as the
party is compliant with the FCPA and local laws. following may be used to indicate that a third party
4. The due diligence procedures exercised on may be involved in a corruption scheme:
third parties should be risk-based, taking into
account the geographic area, past history and • Fees that are much higher than other third
the business rationale for hiring them and parties in the same sector, without a compelling
other factors. business rationale
• Requests for abnormal or strange compensation
RED FLAGS OF CORRUPTION IN THIRD- arrangements, such as excessive commissions
PARTY PAYMENTS or unusual reimbursements
A financial crime specialist who is reviewing a com-
pany’s compliance program or investigating a cor- • Requests that payments for services be made to
ruption case should be aware that contracts, pay- offshore accounts
ments and business arrangements with third parties
are common mechanisms for corrupt payments. • Third parties who have little experience in the
field they purportedly work in
In some cases, third parties may be paying bribes • Vaguely worded invoices from third parties or
on a company’s behalf without the knowledge or that do not describe the services rendered
authorization of the company. In other cases, com- • Close ties or past associations with
panies may seek out third parties in order to facili- government officials
A View of the Bonny Island Natural Gas Facility in Nigeria. The US Company Halliburton was Fined $579 Million for Paying Bribes to
Secure Contracts Related to the Facility Worth $6 Billion
98
• Third parties who seek to enter into a Successor liability has emerged as a large FCPA risk
business arrangement at the request of a for multinational corporations. One of the largest
government official FCPA penalties of all time was $579 million imposed
• The use of shell companies to conduct against the US corporation Halliburton in 2009.
transactions, or third parties that are This arose from corrupt payments to Nigerian offi-
themselves a shell company cials that were made by Halliburton’s foreign part-
ner in a joint venture.
OTHER METHODS OF CONCEALING
CORRUPT PAYMENTS Conducting due diligence on a company prior to
engaging in a merger and acquisition or joint ven-
There are a range of mechanisms to conceal cor- ture can be essential to avoiding liability. Pre-acqui-
ruption and the related payments. The few rep- sition or pre-venture due diligence should include
resentative examples listed here are intended to a thorough review of a company’s financial records
underscore the diversity of corrupt payments, not and documents to look for evidence of present or
to serve as an exhaustive list. past corrupt payments. The due diligence proce-
dures should look closely at records that reflect
Spotting evidence of corrupt payments involves travel, gifts and entertainment expenses, pay-
more than simply checking off a list of red flags. ments to third parties, and sales records showing
It relies on a careful examination of whether pay- high sales or large commissions paid to salesper-
ments or transactions have a convincing rationale sons overseas.
that fits the underlying business arrangement,
and whether they are transparently and accu- These reviews should take into account risk factors
rately documented. such as the characteristics of the country, where the
company operates and its relationship or ties with
Many concealment methods are seen and exploited foreign governments. A company that operates in
in other financial crimes, which emphasizes the a country where bribes and corruption are cultur-
close ties between corruption, fraud, money laun- ally acceptable, as is often the case in the high-risk
dering and tax evasion. The same investigative industries of oil and gas, would clearly require more
techniques employed in other financial crime cases extensive due diligence than one in a traditionally
may be used to detect corrupt payments and deeds. low-corruption jurisdiction.
Bribe payers and recipients are tirelessly creative in Pre-acquisition due diligence should also exam-
designing strategies to conceal corrupt payments, ine a company’s anti-corruption compliance pro-
and financial crime professionals should be equally grams to assess soundness and identify weak-
creative in identifying and flushing them out. nesses. Compliance programs will depend on
the type of business and level of risk but should
SUCCESSOR LIABILITY
include at least annual employee training, docu-
A company that purchases or merges with a com- mented anti-corruption policies and procedures,
pany overseas should be concerned about liability certification of third parties, and a mechanism
for FCPA violations under the concept known as to report suspected bribery and anti-corruption
“successor liability.” This means that if Company A legal violations.
acquires, merges or enters into a joint venture with
Company B, Company A may be held liable for the When an acquisition is completed, the two compa-
prior FCPA violations of Company B. nies should integrate their compliance programs
and ensure they are consistent across all offices,
99
branches or subsidiaries. This includes providing BOOKS AND RECORDS

consistent and adequate training to all employees PROVISIONS OF THE FCPA
as soon as possible after a merger or acquisition. The bribery provision is the most widely known and
The importance of providing training to employees historically the most aggressively enforced element
of newly acquired companies in mergers and acqui- of the FCPA. However, the law contains a ‘books and
sitions is continually highlighted by US enforcement records’ provision that creates its own anti-corrup-
agencies, who stress that it should happen within a tion compliance duties, with stiff penalties for cor-
short timeframe once the acquisition is complete. porations and individuals that violate it.
CASE STUDY: US V. CHIQUITA BRANDS INTERNATIONAL, 2007

In a historic 2007 case of bribery and corruption, Chiquita Brands International, a multinational cor-
poration and one of the world’s largest banana producers at the time, was convicted of engaging in a
transaction with a terrorist organization. Chiquita was the first major US company to face a conviction
of this kind.
Chiquita’s Colombian subsidiary, C.I. Bananos de Exportacion, S.A., or “Banadex,” was the company’s
most profitable banana-producing operation. The case revealed that Banadex gave at least $1.7 million
in 100 separate payments to a Colombian terrorist group, the Autodefensas Unidas de Colombia or the
United Self Defense Forces of Colombia (AUC), from 1997 to 2004. The company also made payments to
another terrorist organization, the Revolutionary Armed Forces of Colombia, or FARC. Both were violent
paramilitary organizations known to kidnap and murder civilians to further their agendas.
AUC was labeled a foreign terrorist organization (FTO) by the US Secretary of State in 2001 and a Spe-
cially-Designated Global Terrorist in 2003. These designations made it illegal for US entities to enter
into business with or otherwise support the AUCFrom 1989-1997, Banadex paid FARC for rights to grow
bananas in a region of Colombia. In 1997, the leader of the AUC met with the general manager of Bana-
dex and explained his intentions to remove FARC from power and institute AUC as the ruling group
in the area. The AUC leader threatened the general manager, saying that harm would come to Bana-
dex personnel and property if he did not provide regular payments to AUC. Banadex paid AUC regu-
larly until 2004.
It was revealed in the case that at least 10 top executives knew about and approved the illegal activi-
ties. Chiquita even received counsel about this predicament and was very strongly advised to stop pay-
ments. The company ignored the legal advice and continued to produce bananas in the terrorist-con-
trolled regions.
After three years of investigations and legal proceedings, Chiquita pleaded guilty to making $1.7 million
in illegal payments to designated terrorist groups. The company was fined $25 million and agreed to
adopt a large-scale corporate integrity program in the case settlement. Although the Department of
Justice considered individual prosecution of Chiquita executives, none was pursued.
100
As previously mentioned, the books and records

provision is enforced by the SEC, and applies only TOP 10 LARGEST
to entities who are registered as “issuers” of secu-
FCPA PENALTIES
rities with the SEC. This includes US and foreign
corporations whose stocks, bonds and other invest- Fines, civil penalties, disgorgement & inter-
ment devices are traded on US exchanges. The est ranging into the nine-figure  amounts
provision requires such issuers to “make and keep are not uncommon. Below were the 10 larg-
books, records, and accounts, which, in reasonable est cases as of early 2018:
detail, accurately and fairly reflect the transactions
and dispositions of the assets of the issuer.” • Telia Company AB (Sweden): $965
million in 2017
Legal professionals and FCPA advisors some- • Siemens (Germany): $800
times joke that this provision requires companies million in 2008
that make corrupt payments to accurately record VimpelCom (The Netherlands): $795
them as such in their books and records. In prac- million in 2016
tice, the books and records provision frequently Alstom (France): $772 million in 2014
comes into effect in FCPA cases because compa-
• KBR/Halliburton (US): $579
nies or individuals who make bribes or other corrupt
million in 2009
payments rarely, if ever, accurately record them in
their accounts. • Teva Pharmaceutical (Israel): $519
million in 2016
As a result, a company or individual that violates • Keppel Offshore & Marine (Singapore):
the FCPA’s bribery provision very often violates $422 million in 2017
the books and records provision as well. A defense
• Och-Ziff (US): $412 million in 2016
contractor that authorizes a consultant to pay
a $100,000 bribe to a government minister to • BAE (UK): $400 million in 2010
secure weapons contracts, and then disguises the
expense as “consulting fees” in its accounts, has
violated the books and records provision and, con- GAAP is a set of standards used at US companies and
sequently, faces the civil fines and other penalties issuers that govern how financial statements should
the SEC can impose. be prepared, presented and reported. While it is not
necessary to delve into these standards for the pur-
The provision also requires issuers to “devise and poses of this manual, a financial crime professional
maintain a system of internal accounting controls involved in FCPA compliance or investigation would be
sufficient to provide reasonable assurances” that well advised to have a general understanding of GAAP.
transactions are conducted with proper oversight
from a company’s management. This includes In the past, the SEC has played a secondary role in
management oversight of the execution of trans- enforcing the FCPA. The increased enforcement of
actions and access to an issuer’s assets only with the FCPA over the past decade has been led primar-
management authorization. It also requires issuers ily by the Justice Department, which has typically
to ensure that transactions are recorded in a man- launched investigations and assessed the largest
ner that allows financial statements to be prepared monetary penalties in settlements. SEC civil fines
according to ‘generally accepted accounting prin- for books and records violations were usually added
ciples (GAAP). to cases that were initiated by the Justice Depart-
101
ment, and focused mainly on violations of the brib- up to $5 million and civil fines of up to $150,000, as
ery provision. well as prison terms as long as 20 years.
In recent years, that trend has shifted, and the SEC Instead of pursuing criminal cases, the US Justice
has begun to pursue companies for violating the Department often employs Deferred Prosecution
books and records provision even when they were Agreements (DPA) to settle FCPA cases against
not charged with violating the bribery provision. companies. This usually includes monetary penal-
Of the eight SEC enforcement actions against cor- ties and other remedial measures, but no criminal
porations in 2012, four were civil cases that only charges brought against the company or individu-
charged books and records violations. The SEC col- als. The terms of a DPA normally include a criminal
lected more than $57.4 million in disgorgements fine and assurances by the company that it will not
from those cases. violate the FCPA again and will improve its anti-cor-
ruption compliance program. Often a company may
In total, the SEC collected $118 million from com- be required to conduct a full audit of its compliance
panies in 2012 in FCPA cases. Financial crime pro- program and submit a written plan for augmenting it.
fessionals should note that this heightened SEC
enforcement increases the pressure on compa- DPAs, which are publicly available at the US Jus-
nies to implement robust accounting controls and tice Department’s website, serve as a resource for
ensure adequate oversight by company directors. financial crime specialists who seek to fashion com-
pliance programs and measures that reduce the risk
CRIMINAL AND CIVIL PENALTIES of FCPA violations.
UNDER THE FCPA
The FCPA imposes substantial criminal and civil The cost of facing an enforcement action runs
penalties. One recent example is the settlement beyond the penalties and the remediation pro-
that the Swedish telecommunications corporation, cedures that may be imposed. At a multinational
Telia, reached with the Justice Department and SEC corporation, such as Siemens, these reviews can
for bribery of government officials in Uzbekistan involve international teams of legal professionals,
in 2017. It exceeded $900 million in civil and crimi- investigators, forensic accountants and auditors, in
nal penalties. addition to internal staff that is distracted from its
normal work for long periods. Companies that are
Companies that violate the law’s bribery provision penalized for FCPA violations have suffered con-
face criminal fines of up to $2 million per violation, siderable declines in their stock price, as well as
and civil penalties of up to $16,000 per violation. lawsuits by shareholders. The reputational harm
Individuals who violate the anti- bribery provision is also large.
face criminal fines of up to $250,000 per violation,
civil penalties of up to $16,000, and sentences of up
to five years in prison.
Violations of the books and records provision also

carry significant penalties. For companies, violat-
ing the books and records provision can result in a
criminal fine of up to $25,000 and a civil fine of up
to $725,000 per penalty. For individuals, penalties
are even more severe. Individuals face criminal fines
102
FCPA AND ANTI-CORRUPTION and connections to government agencies, officials

COMPLIANCE PROGRAMS or their family members or associates. The risk
All organizations should establish systems and con- assessment should also examine the organization's
trols to detect and prevent corrupt payments. This employees and their respective formal or informal
is known as anti-corruption compliance. In the past ties to government officials.
decade, it has become an essential responsibility
for businesses and organizations worldwide. KEY ELEMENTS OF AN EFFECTIVE ANTI-
CORRUPTION COMPLIANCE PROGRAM
Because of the increased attention to corruption In November 2012, the US Justice Department and
and the financial malfeasance of public officials SEC issued a 120-page “Guidance on the US Foreign
in countries that have suffered through difficult Corrupt Practices Act1.” Financial crime specialists
economic times, anti-corruption compliance has who work in the anti-corruption field should famil-
become almost an essential part of doing business. iarize themselves with the entire document, which
It extends beyond the FCPA. is available on the website of the US Justice Depart-
ment. A link is included in the Appendix.
The UK Bribery Act, like all other anti-corruption
laws with a broad reach, also generates compliance In addition to this guidance, other governments
responsibilities. Most nations have national, state as well as non-governmental organizations, have
and local, bribery and corruption laws that must issued guidance on anti-corruption compliance pro-
also be recognized and factored into an organiza- grams. In 2010, the UK's Financial Services Author-
tion’s anti-corruption compliance program. These ity (which became the Financial Conduct Authority
laws vary widely in scope, design and penalty, and in 2013), the principal financial industry regulator
a financial crime specialist whose responsibilities in the UK, issued guidance on the Bribery Act that
include anti-corruption compliance is well-advised included six elements of successful compliance.
to understand the laws of the jurisdiction in which
they operate. Guidance by industry associations and nonprofit
organizations, such as the International Chamber
Private business entities are not the only ones of Commerce's Rules on Combating Corruption and
that must consider and implement anti- corruption Transparency International's Business Principles for
compliance programs. International non-profit and Countering Bribery, are also useful resources for
non-governmental organizations, which often oper- financial crime specialists.
ate in countries where corruption is widespread,
frequently have their own compliance and train- The US Justice Department and SEC Guidance
ing programs. included several “hallmarks” of an FCPA compli-
ance program. The following summary is intended
Like compliance programs in other financial crime as a general overview of these hallmarks, incorpo-
fields, such as anti-money laundering, anti- corrup- rating and expanding on them with guidance from
tion compliance should be tailored to the organi- other public and private- sector organizations.
zation, its operations and risk profile. Compliance
should start with a thorough risk assessment, tak- US enforcement agencies say they take the ade-
ing into account the geographic regions in which it quacy of compliance programs into account when
operates, its products and services, its relationships they make decisions concerning the initiation or
with corporations, third parties and other entities termination of enforcement actions. They add that
1 You can download this important guidance here: http://www.justice.gov/criminal/fraud/fcpa/guidance/
103
a company with a robust, risk-based compliance

program will receive “meaningful credit” if a viola-
tion occurs. This may include a decision not to pros-
ecute or pursue a civil action against a company
that has an effective compliance program in place.
That is called a “declination.”
The Justice Department demonstrated this will-

ingness to decline prosecution in a case involving
a subsidiary of Morgan Stanley in China. A Mor-
gan Stanley employee was found to have paid
several million dollars to a Chinese official in real
estate deals and was charged with FCPA violations.
The Justice Department announced it would not Effective procedures for risk assessment and
charge Morgan Stanley because the company had internal audit. Before an organization can imple-
a well-documented and thorough compliance pro- ment policies and procedures to prevent corrup-
gram, including more than 30 training sessions for tion, it must first understand where the risks for
the employee in question over seven years. corruption lie. Procedures to assess risk, there-
fore, form a bedrock for anti-corruption compli-
Beyond risk assessment, other key elements of an ance. There are several steps an organization
effective program include the following: should consider when conducting its risk assess-
ment. Assessing risk relies on many factors, and
Commitment from senior management to the following ones should not be deemed to be an
anti-corruption compliance. This has been found exhaustive list.
repeatedly as a recommended best practice in
FCPA enforcement actions and in the guidance • Choosing and analyzing data. All organizations
from the UD and other nations with anti-corrup- rely on data to assess risks, from financial
tion laws. Commitment from top-level management reports and audit findings to corruption indexes
can include both words and actions from an orga- issued by non-governmental groups. One of the
nization's directors. These measures are designed first steps in assessing risk is to determine what
to explain and clarify an organizational culture in data will be used and how they will be organized,
which bribery and corruption are viewed as unac- weighted and analyzed. For larger multinational
ceptable, and compliance and reporting of viola- organizations in particular, this can be a
tions is encouraged. significant step that requires considerable time
and resources.
Valuable elements of the expression of commitment
• Determining key areas of risk. Before drilling
by senior management would include the participa-
down on more specific risks, such as in a certain
tion of senior management in anti-corruption train-
service, third party or overseas subsidiary, for
ing programs, statements to employees expressing
example, it is helpful to look at broad areas that
a no-tolerance policy for violations of the compli-
might present corruption risks.
ance program, and a commitment that the organi-
zation will avoid doing business with an organiza- This could include examining internal risks,
tion or entity that engages in corrupt activities. such as a lack of consistent training or
unclear gifts and entertainment policies. It
may also include assessing geographic risks
104
to determine if an organization operates in corruption agreement written into

a jurisdiction with weak anti-bribery laws or employment contracts.
enforcement, a widely recognized history of • Procedures on the actions that should be taken
commercial or governmental corruption, or if bribery or corruption is detected, and a clear
a culture in which gift-giving and bribery is chain for escalating corruption issues upward to
considered the norm. It should also examine senior management.
the risks in its existing partnerships to
determine if the partners are exposed or To build anti-corruption policies and procedures,
prone to corruption through relationships organizations should examine pre-existing compli-
or contributions to public officials, political ance programs in related fields, such as fraud and
parties or associations, charitable groups money laundering. It is possible to apply certain
or ventures. tools from other compliance regimes, such as anon-
• Determining expertise. An accurate risk ymous reporting telephone lines or transaction
assessment can be challenging based solely on monitoring systems, to anti-corruption programs.
the knowledge and expertise that is required
to carry one out. An organization must An organization should also solicit advice and
determine if it has the proper skills among its suggestions from employees when it is creating
employees and executives to properly assess anti-corruption procedures and policies. Employ-
risk, and understand what internal and external ees often have great expertise and on-the- ground
personnel and expertise it needs or plans to use. experience concerning the challenges and risks of
corruption settings and players. Involving employ-
Clearly articulated compliance policies, proce- ees may help create a sense of ownership in the
dures and code of conduct. This encompasses a compliance program and assist in building a com-
company's documented anti-corruption compliance pliance culture.
program and existing procedures to implement
them. Some measures could include the following: Compliance program oversight and monitor-
ing by senior management, autonomy and ade-
• A clear statement of commitment to adhering
quate resources. US and UK agencies make clear
to anti-corruption statutes and regulations,
that an organization should designate members of
including the FCPA, UK Bribery Act
senior management to supervise the anti-corrup-
and local laws.
tion compliance program. These persons bear ulti-
• Direction on how, when and in what amounts mate responsibility for ensuring that the program is
employees are allowed to pay for gifts, robust and effective, and should have direct access
hospitality or entertainment for foreign officials to the top levels of authority in the organization.
or their families and associates. This includes This usually includes the board of directors and the
procedures to ensure that payments are legal audit committee.
and transparently recorded, and an approval
process exists for such expenses. Senior management must ensure that the compli-
• An explicit written statement prohibiting ance program has adequate resources to effectively
bribery and corruption, possibly including a detect and prevent corruption. Such resources
no-tolerance policy for employee involvement in should include a compliance staff, funding and tools,
corrupt activities. such as databases and transaction monitoring sys-
tems. The resources may also include external legal
• Standards of behavior for the organization's
counsel, investigative professionals or technical
employees, which may include an anti-
support services. Organizations should consider
105
their risk profile, size and organizational complexity, as in response to changing market conditions,
and the services or products they offer when they service or product offerings, or partnerships
are determining the resources that will be adequate and business arrangements. When it opens a
to build and maintain the compliance program. new office overseas, it should thoroughly review
its compliance policies and procedures to ensure
Ongoing training for employees and third parties. they are adequate for conditions and risks in the
Training is another crucial element of anti- corrup- new jurisdiction.
tion compliance. It should include the provision to
employees and third parties of full information on Organizations must also take into account any
the relevant anti-corruption laws and regulations changes to applicable laws and enforcement pol-
in the jurisdiction where an organization operates, icies in all countries where it operates. Periodic
and full details on the organization’s anti-corrup- review and updates of compliance programs should
tion policies. Comprehensive direction on how to include how the review results will be reported,
report suspected instances of corruption must be to whom within the organization the report shall
included, via escalation to higher authorities. be given, and how and when the recommended
changes shall be implemented.
The training should clearly delineate the disciplinary
measures that will be taken against employees who Risk-based due diligence on third parties and
violate the policies. Many organizations require transactions. These include acquiring knowledge
termination of those employees and notification of of the third party's reputation and associations, an
the proper authorities of possible criminal or civil understanding of the business rationale for hiring
violations. Some organizations have implemented the party and the expected services the party is
measures that incent proper behavior, such as expected to provide, and ongoing monitoring and
employee bonuses for commendable adherence to due diligence of the third party.
the anti-corruption policies.
Procedures for confidential reporting of cor- THE UK BRIBERY ACT

ruption violations and internal investigation. If Like the FCPA, the Bribery Act of the UK stands
suspected bribery or corruption arises, organiza- as an anti-corruption law with international scope
tions should have processes for employees at all and broad applicability on entities that are sub-
levels to report potential violations confidentially. ject to its provisions. In many ways, the Brib-
These mechanisms should include a clear chain ery Act goes beyond the FCPA in the behavior it
of command for escalating the reports upward prohibits, and the criminalization of commercial
in the organization's hierarchy, and appropriate bribery, in addition to bribery of government offi-
procedures to inform regulatory and enforcement cials. It also contains fewer exceptions than the
authorities, where appropriate. Investigative FCPA. For example, it prohibits "facilitation pay-
steps should be documented and if weaknesses ments," whereas the FCPA does not. The Bribery
in a compliance program are identified during the Act also criminalizes domestic corruption and the
investigation they should be corrected and incor- acceptance of bribes by UK citizens. In this man-
porated into an organization’s audit and review of ual, coverage of this law will focus on its interna-
its program. tional provisions.
Updating compliance programs through test-

ing and review. An organization should audit its
compliance program on a periodic basis, as well
106
prohibition of "bribery of foreign officials." In addi-

tion, it makes it an offense to request, accept or
agree to accept a bribe. This is a crucial difference
from the FCPA, which only covers the payers or giv-
ers of bribes but not their recipients.
The offense of bribing another person is broadly

defined. It includes bribes given or promised to any
person in a public or private capacity. It covers any
person who "offers, promises or gives a financial
or other advantage…intending the advantage to
induce a person to perform improperly or to reward
a person for improperly performing…any of the fol-
lowing functions or activities:"
Legislation to strengthen the UK's corruption laws
was first proposed in the early 1970s, but it took
• “Any function of a public nature,” which
more than three decades of parliamentary debate
includes duties and efforts undertaken by
and stalled bills before the Bribery Act was passed
government officials
in 2010. The act replaced three previous British
corruption laws, all almost a century old, which had • “Any activity connected with a business”
been criticized as outdated and inadequate by the • “Any activity performed in the course of a
Organization for Economic Cooperation and Devel- person’s employment”
opment (OECD) during the ratification process of at
• “Any activity performed by or on behalf of a
the OECD's Anti-Bribery Convention.
corporation”
Although it was widely recognized as a stringent
A bribe does not have to be conveyed in cash or
anti-corruption measure when it was enacted,
other tangible assets to be an offense under the
enforcement under the law has been limited, with
Bribery Act. Any “financial or other advantage”
only a handful of cases as of early 2018. The law
may be deemed a bribe. This could include gifts
only applies to offenses committed after July
and entertainment expenses, donations to charities
1, 2011, the date it became effective. In January
or even non-financial inducements, such as favor-
2017, the UK’s Serious Fraud Office (SFO) brought
able publicity.
one of the most notable cases under the Bribery
Act, charging engineering firm Rolls-Royce with
As the law states, commercial bribery, or bribes
conspiracy to engage in corruption and failure to
given by one employee or representative of a cor-
prevent bribery.
poration to another, is prohibited. This is a key
divergence from the FCPA, which only covers bribes
Rolls-Royce entered into a deferred prosecution
given or promised to foreign officials. A function or
agreement and paid a penalty of roughly $800 mil-
activity can also be considered “improperly per-
lion to the SFO, US Justice Department and Brazil-
formed” if someone is bribed in order to prevent him
ian authorities in a global settlement.
or her from doing something, rather than actively
undertaking an action.
KEY PROVISIONS OF THE UK BRIBERY ACT
The Bribery Act contains sections that create a
blanket "offense of bribing another person," and a
107
Section 6 of the Act explicitly covers bribery of

foreign officials. Its operative provisions are sim-
ilar to the FCPA and state that a person commits
a violation if they “offer, promise or give any finan-
cial or other advantage” to a foreign official or to
another person at the request of the official. The
offer of financial or other advantage must include
the following:
• Be made to influence the foreign official in their

official capacity
• Be intended to obtain business, retain business
or gain an advantage in the business
• Not be permitted or expressly required by the to include any corporation or partnership formed
relevant written law in the foreign official's under UK law, as well as any corporation or partner-
jurisdiction ship that "carries on business" in any part of the UK.
"Commercial organizations" are not just for-profit
Unlike the FCPA, bribery of a foreign official under companies. Non-profit organizations and charitable
the UK Bribery Act does not require "corrupt intent" foundations are also covered.
on the part of a person paying a bribe. As mentioned
above, there is no "facilitation payment" exemption. In guidance on the law that it issued, the UK Min-
Payments to speed up a routine government func- istry of Justice indicated that it will ultimately be
tion are considered bribes to a government official. up to the courts to define what activities count as
Although this may be an impediment to conducting "carrying on business" in the UK. The Ministry said it
business in some circumstances, many corporations would use a "common sense approach" that weighs
and government agencies already have no-tolerance if an organization had actual commercial opera-
bribery policies that forbid facilitation payments. tions within the UK. According to the guidance, an
organization would automatically qualify as "car-
Corrupt activities do not necessarily have to take rying on business" if it was traded on the London
place in the UK to be subject to the Bribery Act. A Stock Exchange.
person or entity that pays a bribe could potentially
still be prosecuted even if the entire bribery scheme Under the Bribery Act, a commercial organization
occurred in a country outside the UK, provided the may be held liable for failing to prevent bribery by
briber or recipient had a "close connection" to the UK. an "associated person," which can include a wide
This includes British citizens, corporations formed in range of contractors, agents and other third par-
the UK and individuals who normally reside in the UK. ties operating on behalf of the organization. The
guidance states that the definition of "associated
FAILURE TO PREVENT BRIBERY person" was left open-ended in order to cover the
broad range of other companies or individuals that
Section 7 of the Bribery Act creates a standalone
could perform services for an organization.
offense of "failure by a commercial organization to
prevent bribery." Under the Bribery Act, organizations have a com-
plete defense to the charge of failing to prevent
The law casts a wide net on what may be considered
bribery if they can show they had "adequate pro-
a "commercial organization." It broadly defines it
cedures in place to prevent persons associated
108
with [them] from bribing." The Bribery Act does not • Communication (including training).
specify what “adequate procedures” are. Organizations should use thorough internal and
external communication to ensure that anti-
COMPLIANCE WITH THE UK BRIBERY ACT corruption policies are recognized, accessible
Although the Bribery Act exceeds the scope of the and understood by all employees, as well as
FCPA in several ways, many of the essential com- third parties. This includes a training program
pliance procedures and practices apply under both based and focused on the corruption risks faced
laws. The UK guidance lays out six "principles" it by an organization.
says should form part of an organization's compli- • Monitoring and Review. The anti-corruption
ance program. They are summarized here for ref- compliance program of an organization
erence, but a financial crime specialist conducting should undergo auditing and testing regularly,
a project or investigation related to the Bribery Act especially after significant changes to the
should refer to the full guidance that is included in organization's business lines, services
the Appendix: or operations, such as opening a new
affiliate overseas.
• Proportionate Procedures. An organization
should adopt processes and controls to prevent Financial crime specialists should understand and
bribery that are proportionate to the scale be aware of how the UK Bribery Act differs from
and complexity of its activities. This principle the FCPA, including the absence of an exemption
stresses that all compliance programs must be for facilitation payments and the coverage of the
tailored to the specific circumstances of the Bribery Act of all bribery, not just bribery of for-
organization. The guidance underscores that eign officials.
procedures must be "clear, practical, accessible,
effectively implemented and enforced." UK BRIBERY ACT PENALTIES
• Top-Level Commitment. The guidance Violations of the Bribery Act carry stiff penalties.
recommends that the top management of an Individuals found guilty of violations face up to 10
organization, from CEO to the board of directors, years in prison and an unlimited fine. A “commercial
must have a demonstrated commitment organization” found guilty of failing to prevent brib-
to preventing bribery, which should be ery also faces an unlimited fine.
communicated to the entire organization.
• Risk Assessment. Organizations should conduct Individuals and organizations found guilty may
a well-informed, documented and regularly- have assets confiscated under another British law,
updated risk assessment by determining the known as the Proceeds of Crime Act. A company
nature and extent of its possible external and director or senior manager who violates the Bribery
internal corruption risks. This risk assessment Act may be disqualified from serving as a director of
should include third parties and other persons any company or from taking part in the formation or
and entities associated with the organization. management of any company.
• Due Diligence. Organizations should conduct

appropriate due diligence on all persons or BRIBERY AND EXTORTION
entities that perform services, including third Bribery and extortion have many characteristics
parties such as attorneys and sales agents, in common, and the lines between the two can
based on their risks. become blurred. There are key differences, how-
ever, and for the purposes of investigating and pre-
109
venting corruption, it is important to understand insurance company if the applicant does not pay a
their distinctions. certain amount to his nominee.
 Both are criminal acts that involve a giver providing Extortion typically involves the threat of harm
assets, services or other articles of value to a recip- against a person or entity, whereas bribery involves
ient. One major difference between the two is what the offer of some benefit for a person or entity. To
the recipient will do in response to receiving the be considered extortion, the threat must be credi-
asset or article of value from the giver. In bribery ble and the harm must be immediate and tangible.
scenarios, a giver is providing something of value in
exchange for a benefit offered by the recipient. Both the FCPA and UK Bribery Act have exemp-
tions to making corrupt payments if the payments
In extortion, the recipient is typically not offering are made under real duress, and the company or
to provide anything of benefit to the giver. Instead, individual is in legitimate danger from a credible
he or she is threatening to take an action or engage threat. Even so, companies or individuals looking to
in conduct that will harm the giver if he or she does remain compliant with anti- corruption laws such as
not provide something of value, usually of a specific the FCPA should understand that, in most circum-
amount or to comply with the recipient’s demands. stances, they will not be able to protect themselves
For example, a commissioner of insurance may from liability by claiming extortion.
threaten to reject an application for a license for an
110
Q 5-1. You are a compliance analyst at a multinational financial institution that provides bank-
ing and investment services to large institutional customers. Your institution is currently seek-
ing new business opportunities providing services to universities, hospitals and other institu-
tions with potential ties to political officials and government agencies. Your institution plans
to expand into Norway, India, Botswana and Chile and has asked you to assess the corruption
risks of offering its services in each nation.
What is an accurate risk rating for these countries?
A. Providing investment and banking services in Norway poses the highest risk for
corruption due to a history of bribery by Norwegian state-owned oil companies.
B. Providing services in India poses the highest risk for corruption due to the prevalence of
state-owned entities and Politically-Exposed Persons (PEPs).
C. Providing investment and banking services in Botswana poses the highest risk for
corruption due to widespread graft in government contracts.
D. Providing services in Chile poses the highest risk due to connections between the Chilean
government and international organized crime rings.
Q 5-2. A pharmaceutical sales representative from Company X visits a hospital in the country
of Rachmanistan in order to discuss the benefit of his company’s latest drug. The hospital’s
chief of internal medicine, Dr. Y, agrees to meet with him to learn more about the drug and sug-
gests meeting over dinner at a local bistro. The week after the dinner takes place, the sales rep
sends Dr. Y a gift basket as a token of gratitude for taking the time to speak with him. Company
X is publicly traded in the United States and the healthcare industry in Rachmanistan is entirely
government-owned.
Which statement is NOT true?
A. Paying for Dr. Y’s dinner is permissible under the United States’ Foreign Corrupt
Practices Act.
B. Dr. Y is a medical professional and thus exempt from the United States Foreign Corrupt
Practices Act.
C. Dr. Y can be considered a foreign public official under the United States Foreign Corrupt
Practices Act because he is a high-level employee at a government-owned entity.
D. Sending Dr. Y a gift basket is permissible under the United States Foreign Corrupt
Practices Act.
111
CHAPTER 6
TAX
EVASION AND
ENFORCEMENT
OVERVIEW
There is an old adage that says that “the only things in life that
are certain are death and taxes.” While financial criminals may not
be able to cheat death, they certainly try, and mostly succeed, in
evading their taxes. For obvious reasons, corrupt officials, money
launderers, Ponzi schemers and others usually cannot declare
their criminal proceeds on their tax returns. This would threaten
their criminal operation with exposure. Even if they are able to
make their criminal proceeds appear legitimate for tax purposes,
financial criminals who steal and cheat for a living typically have
few qualms about evading taxes.
112
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
As a result, tax evasion is a constant element of

virtually all financial crimes. For this reason, sus-
pected criminals are sometimes charged with
tax evasion when there is insufficient evidence to
accuse them of the criminal activity that produced
the money. The famous gangster, Al Capone, is the
poster child and most famous example of this law
enforcement approach. It has also been used suc-
cessfully against organized crime figures in the US
and Europe for several decades, and continues to
be employed against money laundering master-
minds, various types of fraudsters, corrupt politi-
cians and many others.
FIGURE 1 – An Image of Notorious Gangster Al Capone Upon
His Arrest in 1931. Capone Ran a Far-Reaching Criminal
Tax enforcement procedures and capabilities vary
Organization, but was Ultimately Taken Down on Tax
greatly from nation to nation. For example, the US
Evasion Charges
Internal Revenue Service has a unit called Criminal
Investigation, which is notable for its skill pursuing
tax evasion by US citizens. Some jurisdictions lack international crackdown on all types of tax evasion,
the resources, capacity or political will to seriously domestic or through overseas accounts and enti-
pursue tax enforcement. ties. One sign of the growing recognition of tax eva-
sion as a vital element of all financial crime is the
inclusion by the Financial Action Task Force of tax
TAX EVASION IS AN ELEMENT IN evasion as a predicate offense for money launder-
VIRTUALLY ALL FINANCIAL CRIMES ing in its revised 40 Recommendations in 2012.
In addition to its serving as a vital component of
Along with many EU countries, the US has spear-
all financial crimes, tax evasion is a financial crime
headed this tax evasion crackdown. One major
in its own right, even if tax-evading individuals or
US initiative is the enactment of the US Foreign
organizations derived their funds from a legitimate
Account Tax Compliance Act of 2010 (FATCA). This
source. In the financial crime arena, tax evasion
law requires all financial institutions outside the US
is a component or necessary step in most other
to report the existence of certain accounts held by
financial misdeeds, including corruption, fraud and
US persons in their facilities. They must report this
money laundering.
information to the Internal Revenue Service, the
US government’s tax authority. FATCA is not only a
Globally, virtually all nations have enacted laws that
dramatic new global tax compliance initiative, but it
criminalize tax evasion and related offenses, such
also has implications in all fields of financial crime.
as conspiracy to commit tax fraud. Financial crime
specialists who perform their jobs in other nations
FATCA has led many nations to negotiate and sign
should always be aware of the tax ramifications of
bilateral agreements with the US fostering cooper-
any financial crime that they are investigating.
ation and a greater exchange of tax information on
their respective citizens. Perhaps more importantly,
In recent years, starting in the wake of the 2008
it has helped foster the adoption of a multilateral
global financial crisis, national governments, starv-
system of tax information exchange created by
ing for tax revenues, have confronted tax evasion
the OECD, known as the Common Reporting Stan-
more aggressively. This has produced a growing
113
dard. This will be discussed in more detail later in • Tax evasion is escaping payment of taxes by
this chapter. illegal means, such as by hiding the true state of
one’s finances from tax authorities or not filing
This chapter provides a general overview of what tax required tax documents.
evasion entails and the avenues and mechanisms • Tax avoidance is sometimes referred to as
through which it is conducted. It also covers some tax mitigation and is the legal use of the tax
common schemes of tax evasion and key indicators laws and regulations to one’s advantage to
that suggest tax fraud is occurring. Additionally, it reduce the taxes that are payable by means
provides guidance on conducting investigations that are approved by the law or regulations.
into tax evasion and using tax documents in finan- Some methods of tax mitigation are common,
cial crime investigations, generally. such as making use of pension plans or
retirement accounts in the US that postpone tax
Often, tax information that a person or business
until retirement.
organization has prepared and filed can be a crit-
ical source when investigating a financial criminal Although governments have always had enforce-
or building a legal case against one. Although many ment authority over illegal tax evasion, recent
jurisdictions have tight secrecy laws restricting economic downturns and reduced public revenues
access to tax information, it can be very valuable have forced governments and taxing authorities to
for a wide range of matters. All financial crime pro- closely look at tax evasion methods and so called
fessionals should have familiarity with tax evasion “aggressive” tax avoidance in an effort to detect
and enforcement issues. Sometimes, investigating violators and increase tax revenue.
a criminal as a tax evader can be a very effective
step in unraveling the larger financial crime scheme. Other terms that the financial crime specialist may
need to know include the following:
TAX EVASION VS. TAX AVOIDANCE • Tax shelter is a mechanism by which a taxpayer
may protect assets or income from taxation or
As a financial crime specialist, it is important to
at least delay the application of taxes. Common
distinguish between legal methods to reduce tax
forms of tax shelters may include investments
liabilities and illegal avenues to reduce taxes or
in pension plans and real estate. It is important
evade paying taxes. It is common among taxpayers
to note that many types of tax shelters are
to minimize taxes applicable to income and other
completely legal. Where tax shelters may cross
assets. The tax regimes of many jurisdictions rec-
the line into tax evasion is when they are solely
ognize legitimate methods to minimize or remove
designed for the purpose of avoiding taxes. In
tax consequences for certain transactions, but uni-
these cases, they may be deemed abusive by tax
formly prohibit and punish tax evasion.
authorities and subject the pertinent taxpayers
However, not following applicable tax laws or utiliz- to criminal or civil penalties.
ing unlawful methods to escape taxation can be a • Tax havens are jurisdictions that provide secrecy
violation of law and subject the taxpayer to serious or other means of protecting assets placed there
penalties. Generally, many courts have recognized from being taxed by other jurisdictions. Tax
that individual taxpayers may reduce the amount of havens may be states, countries or territories
taxes that would otherwise be applicable if lawful with low taxes or no taxes at all. It is not
means authorized by law are used. uncommon for corporations or individuals,
usually high-wealth individuals, to physically
relocate to these jurisdictions or shift assets
114
there by opening subsidiaries or shell companies. of transparency are limited regulatory oversight
As economies have become increasingly and enforcement powers, and the government’s
globalized in recent years, this has led to fears of inability to access financial records.
tax competition among jurisdictions, as nations • No requirement for a substantive local presence,
compete to offer lower tax burdens. Global which allows individuals and corporations to set
tax compliance efforts, like FATCA, are partly up shell companies and other entities without
intended to stem such tax competition. the need to be physically located in the haven,
sometimes with nothing more than a PO Box.
There is no one universally accepted definition of a
tax haven. One simple definition proposed by some • Self-promotion as an offshore financial center.
economists is a jurisdiction with tax laws that are Before more recent reforms, nations such as the
purposefully designed to cater to individuals and Cayman Islands and jurisdictions such as Jersey
corporations looking to avoid taxes. Often, these and Guernsey, often advertised their offshore
jurisdictions will alter their laws to make them more financial services, indirectly or directly, giving
attractive to persons and entities. the impression they were a tax haven.
Additionally, many havens have bank secrecy and

INTERNATIONAL SCOPE
data privacy laws designed to severely restrict
the tax information that may be shared with gov- OF TAX EVASION
ernment and law enforcement agencies in other By nature, tax evasion is difficult to quantify. This
jurisdictions. For this reason, tax havens are also is particularly true of offshore tax evasion, as
referred to as “secrecy havens.” Many havens also funds are often disguised by complex legal struc-
have extradition laws or treaties that only permit tures and hidden in tax haven accounts with little
extradition for a limited number of crimes, usually transparency.
violent ones, and exempt financial crimes like tax
fraud from extradition. Estimates of the scope of tax evasion exist, however.
A 2012 report by anti-tax evasion advocacy group,
One useful working definition of tax havens comes Tax Justice Network, estimated that between
from the Government Accountability Office (GAO), US$21 trillion and US$32 trillion is kept undisclosed
the US Congressional watchdog agency. In a to tax authorities in secrecy havens worldwide. This
December 2008 report on the use of tax havens by represents between 24 percent and 32 percent of
US corporations, the GAO provided the following total global investments. In an older 2007 estimate,
characteristics as suggestive of a tax haven: the OECD estimated that untaxed capital held off-
shore amounted to US$5 trillion to US$7 trillion,
• No or nominal taxes. or approximately 6 to 8 percent of total global
• Lack of effective exchange of tax information investments.
with foreign tax authorities.
Some rough calculations reveal the amounts at stake.
• Lack of transparency in the operation of Taking the OECD’s conservative $7 trillion number
legislative, legal or administrative processes, and assuming those untaxed assets would earn just
particularly in functions such as the formation of five percent each year, and these earnings would be
companies. ‘Secret rulings,’ negotiated tax rates subject only to a 20 percent tax rate, nations are
and other practices that fail to apply the law losing $70 billion a year from undisclosed offshore
openly, fairly and consistently are indicators of a assets. Some estimates are far higher.
lack of transparency. Also contributing to a lack
115
The advantages of tax havens1 basically may be for transparency and exchange of information con-
classified in four categories: cerning tax matters.
Asset holding. The first step of asset holding
involves forming a corporation, trust or other legal Tax evasion. In broad terms, tax evasion or tax fraud
entity. In more complex arrangements, a trust will is the willful violation of one’s legal duty to pay man-
be formed that controls a company. Typically, the datory taxes to the government. At its most basic
entity will be formed in one tax haven and admin- level, tax evasion may be as simple as misstating
istered in another. The purpose of the entity is to facts and numbers on a tax return, or failing to file
hold assets, which may include physical properties, a required form. Other straightforward examples
investments, funds or other companies. By trans- include the following:
ferring the control and ownership of such assets
• Underreporting of income
into an entity in a haven, the assets are often no
longer able to be taxed in other jurisdictions. Asset • Overstating deductions and losses
holding is sometimes done to avoid or evade a spe- • Overstating dependents
cific type of tax, such as inheritance tax.
• Filing returns on behalf of another without
authorization (identity theft)
Trading and other business activity. To minimize
taxes, businesses that operate online or remotely,
Tax evasion schemes can also be extraordinarily
or require only minimal staff, will sometimes relo-
complex, involving offshore accounts and multi-
cate to havens. These may include certain invest-
ple layers of corporate entities and legal trusts
ment and financial services companies, as well as
that make the true owner of assets very difficult to
technology groups. Historically, a key use of havens
determine. While international efforts to increase
for corporations attempting to minimize taxes was
transparency and the exchange of tax information
in transfer pricing schemes.
between jurisdictions have made strides in recent
years, there are still many avenues for the creative
Transfer pricing. This allows companies to shift
financial criminal to dodge taxes and disguise assets.
pre-tax profits and losses between subsidiaries and
legal entities they control in order to reduce their
A few of the more notable tax evasion and fraud
overall tax burden. In general, such schemes are
schemes are outlined below. Specific varieties of
legal, although there are limitations on them in the
tax evasion depend heavily on the tax laws of the
tax laws of many nations. The Organization for Eco-
nation or jurisdiction where the fraud takes place,
nomic Cooperation and Development (OECD) has
and these laws can vary widely. As a result, the
produced guidelines on conducting transfer pricing
financial crime specialist should be aware of tax
that many of its member nations have adopted, but
fraud schemes that are tailored to exploit the laws
the practice remains controversial. Recently, the UK
of their jurisdiction.
has indicated that further international cooperation
is needed to limit what is characterized as transfer
pricing abuses.
Because much of the revenue lost from tax eva-

sion is in more developed countries, the OECD has
taken a lead in developing international standards
1 Please note that not all of these are illegal.
116
FALSIFYING DEDUCTIONS TO sics specialist should sometimes be sought in these

UNDER-REPORT INCOME investigations.
Falsifying deductions in a tax return filed by a per-

son or business organization are a common way to SMUGGLING AND EVASION OF
evade taxes. Tax laws normally allow taxpayers a CUSTOMS DUTY
wide range of deductions from their income. Falsi-
Simply put, smuggling is moving goods or prod-
fying these deductions reduces taxes and is a crime
ucts across national or jurisdictional boundaries by
in most countries. Depending on a nation’s tax laws,
covert means, without paying the required tax. One
permissible deductions vary widely. For exam-
of the oldest forms of tax evasion, smuggling is still
ple, many tax laws allow deductions for medical
commonplace in many jurisdictions with high tariffs
expenses, which can include payments to doctors,
or customs duties on imported and exported goods.
dentists, surgeons, medical insurance, prescription
drugs, medical devices and other related costs. A
In many cases, developing nations are most reli-
taxpayer may fabricate false receipts for these pay-
ant on customs duties, especially since they often
ments to reduce his taxes.
lack effective income taxes or enforcement or tax
structures, or they have low rates of compliance
Another way to falsify medical deductions is to
with these taxes. Two common forms of evasion
disguise payments for non-deductible medical
of customs duties are through under-invoicing and
expenses, such as the cost of cosmetic surgery, by
misdeclaration of an import. These schemes are
making it appear the payments were for necessary
intended to misrepresent the type or quantity of a
medical surgery.
product that is in international commerce in order
It is more difficult to fabricate receipts for deduct- to falsely lower the tax or duty required. Misdecla-
ible expenses for taxes paid to state or provincial ration, or claiming that an import or export is a dif-
governments, including property taxes paid on real ferent type of product, is often used when there are
estate the taxpayer owns. Tax payments to these high customs duties on a certain type of product,
government agencies may be easily verified by such as tobacco goods.
these agencies.
Gross valuation overstatement. As the name
The falsification of deductions for charitable contri- implies, this involves inflating the value of property,
butions is also a frequent occurrence. To establish assets or services above the correct value when
if the contributions were actually made, receipts for that value of property or service is used to claim a
the purported contributions and the records of the deduction or tax credit.
charitable organization must be examined.
EVASION OF VALUE ADDED TAX
All deductions claimed in a tax return are now more
susceptible to being proved or disproved by the
(VAT) AND SALES TAXES
electronic data that virtually all financial transac- With the notable exception of the US, the value
tions leave behind, including those pertaining to tax added tax (VAT) is a common type of tax globally.
deductions that are claimed. The electronic records It is charged and collected on the consumption of
of taxpayers and of the organizations and agencies goods and usually levied in place of sales tax. VAT is
that are subjects of suspected falsified deductions charged by the seller to the buyer of an item, which
must be examined. The skills of a computer foren- means that typically, producers of goods collect
VAT from the consumers. This allows producers to
evade VAT by underreporting their amount of sales.
117
A Depiction of Carousel VAT Fraud Taking Place within the European Union.
Source: Dutch Tax and Customs Administration
118
To prevent their residents from going to other juris- sometimes countries. In a carousel fraud, products
dictions to avoid VAT, most jurisdictions that use will be sold to several traders before being exported.
VAT also legally mandate residents to report and One or more of those sellers will pocket the VAT
pay the tax on items purchased in another juris- instead of paying it to the government.
diction. This can be difficult and resource-inten-
sive to enforce. Consequently, most nations target In many jurisdictions, exporting products incurs no
VAT enforcement efforts at luxury items and other VAT tax. The exporter will then reclaim VAT from
high-cost goods. the government for the full value it was charged by
the sellers, but due to the “missing traders” further
Carousel Fraud. This is a variety of tax fraud that back in the chain, that VAT was never paid to the
goes by several names, including “missing trader” government in the first place.
fraud. It exploits the mechanism for collecting VAT
in order to effectively pocket tax revenues. Carousel fraud is prevalent in the European Union,
due to the number of nations that use VAT and the
Understanding carousel fraud requires knowledge fact that EU member states do not charge VAT on
of the mechanics of VAT. Any company that buys exports. Carousel frauds are often perpetrated by
and sells products will charge VAT to the consum- organized crime rings because of the number of
ers of its goods, and pay VAT to the producers it persons needed and relative complexity of this type
purchases from. The rate of VAT charged changes of fraud scheme.
depending on the step in the buying and selling
process. Essentially, VAT tax is charged each time
a product moves through the supply chain to its
ultimate consumer. An office supply company, for
example, will charge individuals VAT when they buy
a box of printer paper. The same supply company
would have already paid VAT on the same box of
paper when it purchased it from the manufacturer.
The office supply company would then turn over

the net VAT (what it collected from consumers sub-
tracted from what it paid to the manufacturer) to
its jurisdiction’s tax authority. Companies effec-
tively act as tax collectors for governments under
VAT systems.
This allows the fraudster, the person who commits

fraud, to charge VAT on the sale of goods, and then TAX FRAUD THROUGH
instead of paying this to the government’s collec- OFFSHORE ENTITIES
tion authority, to simply abscond, taking the VAT Offshore companies and other entities are among
with him. The term “missing trader” refers to the the most common and widespread avenues for
fact that the trader goes missing with the VAT. evading taxes globally. An offshore account is sim-
ply one held in a different country or jurisdiction
More sophisticated schemes are typically referred than the one where the accountholder resides and
to as “carousel fraud,” as they usually involve mov- has tax liability. Often, offshore accounts are held
ing products around between multiple sellers and in tax havens.
119
International Business Companies (IBCs). These form a captive in order to claim a tax deduction on
are a form of legal entity that is typically incorpo- their insurance premium, and then devise methods
rated in tax or secrecy havens, such as Panama, the to return the premiums paid to the participants.
British Virgin Islands and the Seychelles, as well
as emerging offshore destinations, such as Ireland Regardless of their layers or complexity, one thing
and Singapore. IBCs are intended to exist solely that tax evasion structures usually have in common
for the purpose of conducting international trade is the facilitation and involvement of third parties.
or financial transactions and typically cannot con- Law firms, private banks, accountants, auditors and
duct business in the jurisdiction in which they are others all may play a role in establishing tax shel-
incorporated. The attraction of IBCs for tax evasion ter arrangements or offshore operations, and in
purposes stems from their secrecy. Typically, in tax secrecy havens these third parties may form a thriv-
havens, a tax identification number is not required ing industry sector. In some financial crime matters,
to open a bank account for an IBC, and limited or no these intermediaries may be a good source of infor-
ownership information is publicly available. mation and potential evidence on the whereabouts,
transactions and assets of a financial criminal.
Offshore Trusts. These are another type of legal
entity typically formed in tax or secrecy havens.
The main advantage of a trust is that it can be used SPECIAL PURPOSE
to cloak ownership of accounts or assets. Many VEHICLES/ENTITIES
jurisdictions either do not collect information on A special purpose entity (SPE) is also referred to as
the beneficial owners behind such trusts, or do not a special purpose vehicle (SPV), or a financial vehi-
publicly share such ownership information. cle corporation (FVC). SPEs are also referred to as
“bankruptcy-remote entities” or “derivatives prod-
Personal Investment Corporation (PIC). Also uct companies.”
referred to as an “offshore company,” PICs are
another means for shifting tax liability from an indi- A SPE is a subsidiary corporation and a legal entity,
vidual to a corporate entity formed in an offshore usually a limited company, created with the purpose
jurisdiction, typically a secrecy haven. Individuals of executing some type of specific or temporary
can transfer assets and property to a PIC and retain objective. The main reason companies create SPEs
beneficial ownership over them, yet avoid paying is to help protect them from financial risk. There are
the appropriate taxes. Frequently, there are multi- situations in which companies abuse the power of
ple layers in the formation and control of PICs. An SPEs, such as in the case of Enron, but that aside,
offshore trust may open a PIC with a law firm act- SPEs are legal, innovative and widely used. SPEs
ing as nominee, burying the individual or entity that provide a range of securities backed by assets, such
truly controls the assets and, in some cases, com- as cash flow on car loans, credit-card and home-eq-
pletely obscuring the ownership of assets. uity debt, manufactured-housing loans, student
loans and equipment leases. Additionally, compa-
Captive Insurance Companies. Like other tax eva- nies transfer assets to SPEs for management or use
sion vehicles, captive insurance companies can be them to finance a project.
completely legitimate and formed for real business
reasons. A captive insurance company is formed The establishment of an SPE is similar to the cre-
when a group of businesses or individuals creates ation of a company in that there must be promot-
an insurance company that is wholly owned by the ers or sponsors. A sponsoring company will isolate
group and only underwrites their own operations. In certain assets into the SPE. This isolation of assets
tax evasion schemes, individuals or companies will is important for providing comfort to investors
120
because there are fewer risks associated with it. the SPEs with its own stock, which was only a tem-
With the assets and activities distanced from the porary solution at best.
parent company, the performance of the new entity
will not be affected by the ups and downs of the Although Enron’s use of SPEs was illegal, many
originating entity. Ultimately, a good SPE should be companies use these vehicles to legally con-
able to stand on its own, independently of the spon- duct “off-balance sheet” transactions. As long as
soring company. SPEs are not abused, they can be very beneficial
to companies.
There are several main reasons for creating SPEs.
They may help with securitization, or assist compa-
nies with isolating high-risk projects from a parent REPATRIATING
organization. This also allows other investors to UNDISCLOSED ASSETS
take a share of the risk. Once their proceeds are safely placed in a corpo-
rate entity, shelter or haven, a financial criminal still
Multi-tiered SPEs also allow multiple tiers of debt faces the dilemma of how to access and repatriate
and investment, or can be used for asset trans- his or her assets without alerting the tax authorities
fer. For example, many permits that are required or law enforcement within the jurisdiction in which
to operate certain assets are either non-transfer- they reside. There are myriad avenues:
able or difficult to transfer. By having an SPE own
• Credit cards set up to draw from a tax evader’s
the asset and the permits, the SPE can be sold as a
off-shore account
self-contained package.
• Loans from offshore lenders, shell corporations
Another reason companies create SPEs is to help or legal entities ultimately controlled by
maintain the secrecy of intellectual property.. the tax evader
• The use of property held by offshore entities at
Finally, SPEs are used in financial engineering zero or below-market rental
schemes. The main goal is usually avoidance of tax
• False invoices for services or goods that a tax
or manipulation of financial statements.
evader charges to an offshore entity that they
Sometimes, SPEs are illegally used. In these cases, ultimately control
SPEs are typically used to hide debt or ownership, • Scholarships or charitable foundations that
or to obscure relationships between different enti- covertly funnel funds to a tax evader’s relatives
ties which are actually related to each other, like in or associates
the case of Enron. SPEs sometimes even allow tax
avoidance strategies that are unavailable elsewhere. In addition to these, it is not uncommon for third
parties to facilitate the movement of funds or assets
Enron is the biggest example of the misuse of SPEs. from a tax evader’s offshore accounts to their juris-
In total, by 2001, Enron had used hundreds of SPEs diction of residence. In extreme instances, employ-
to hide its debt. Enron used the SPEs for more than ees of law firms or private banks have physically
just avoiding accounting conventions. The company brought cash or high-value assets to tax evading
established these numerous entities to shield itself clients in other jurisdictions. Such was the case with
from mark-to- market losses in its growing equity the “client advisors” at Swiss banks Wegelin and
investment business. When these investments UBS, who would fly to the US to meet with wealthy
started going downhill, Enron attempted to support US tax evaders and purchase artwork, jewelry and
121
other luxury items with funds from Swiss accounts Common employment tax fraud schemes include
to assist them in transferring assets. the following:
Third party withholding fraud. Many smaller busi-
nesses rely on payroll service providers or other
DEMONSTRATING TAX FRAUD
third-party employment firms to manage the pro-
IN LEGAL CASES cess of the withholding taxes employees pay. Just
The tax codes of many jurisdictions are highly com- like the employers themselves, however, these
plex, and reporting requirements are not always companies can collect the employment tax but fail
widely known or intelligible to an average taxpayer. to report it to the appropriate tax authorities. Com-
As a result, the courts of many nations have estab- panies should be aware of this type of tax fraud, as
lished a relatively high standard for proving tax it can result in liability to the company and to the
fraud, recognizing that mistakes are common. Typ- third-party perpetrator.
ically, a government must go beyond showing that
a taxpayer misstated his or her taxes or did not pay Worker status misstatement or falsification.
any taxes, and demonstrate that a taxpayer actually Employers may improperly categorize a full-time
had the intent to commit fraud. employee as part time, or record an employee as a
contractor in order to lessen or avoid certain taxes.
While these cannot be considered evidence or proof,
the following are useful as indicators suggest- Pyramiding. This refers to a company that with-
ing tax fraud: holds taxes from employees, such as for Social
Security in the US, but willfully fails to pay them to
• Repeated patterns of underpayment of taxes the appropriate tax agency. These schemes tend to
• Lack of records to substantiate income, have a short lifespan. The title “pyramid” refers to
deductions and other items in tax filings the manner in which as tax withholdings which are
not being turned over to the government agency
• Extensive use of cash transactions build up, it becomes more difficult for the employer
• Destruction or alteration of financial records, to catch up on the back-tax liability it owes.
especially those pertaining to tax liability
• Failure to provide an accountant or other tax Cash payments. If the employer has large, unex-
professional with necessary information to plained periodic cash payments, or other informa-
prepare tax returns or filings tion suggests that employees are being paid in cash,
it is a likely indicator of tax fraud because of cash
payments. It is not uncommon for employers to pay
EMPLOYMENT TAX FRAUD employees in cash to evade the employment tax
Tax evaders are not only drawn from the ranks of the requirements.
wealthy or from multinational corporations. Busi-
Offshore employee leasing. This refers to when
nesses of all sizes engage in tax evasion and employ-
a taxpayer resigns from his employment position
ment tax fraud schemes are prevalent mechanisms
and signs an employment contract with an offshore
for doing so. These schemes take a variety of forms,
employee leasing company, which indirectly leases
but usually revolve around improperly withholding
his services to his original employer. The employee
or not paying to the government the taxes employ-
performs the same services before and after
ees pay and that employers withhold.
entering into the leasing agreement and generally
receives the same payment for his services. How-
ever, his salary is sent offshore as “deferred” com-
122
pensation, in which employment and income taxes • Use of multiple identification numbers by a
may be avoided. single person or entity, or the use of incorrect or
non-existent identification numbers
• Submission of false wage and other statements
RED FLAGS OF TAX FRAUD
Because of the thin line that sometimes exists
between outright tax evasion and aggressive but INVESTIGATIVE TECHNIQUES TO
legal tax avoidance schemes, pointing to specific DETECT AND PROVE TAX FRAUD
actions or behaviors as definitive red flags can be
For the most part, investigative methods that focus
difficult in the tax enforcement field. As a result, the
on tax evasion overlap with financial crime investi-
financial crime specialist should know the tax laws
gative methods. A financial crime specialist who is
of the pertinent jurisdiction well, or consult with a
an investigator of his or her country’s tax agency
tax professional before pursuing an investigation or
must access tax documents and have knowledge of
legal action related to tax fraud.
how to obtain tax information that is typically out of
the reach for other financial crime specialists.
Some acts or situations are fairly clear indica-
tors that tax fraud by an individual or organiza-
Like other financial crime investigations, a tax fraud
tion is occurring. Some potential red flags include
investigation usually starts by gathering relevant
the following:
records and other data that provide evidence of the
tax affairs of the subject. The investigator records
• Deliberately ignoring or failing to follow advice
where, when and from whom the information was
of an accountant, attorney or return preparer
obtained and pursues the leads. Tax evasion or sus-
• Knowingly failing to inform a tax professional picious behavior by a taxpayer is often a sign that a
of all the relevant facts for the accurate larger fraud or financial crime has occurred.
preparation of tax filings or returns
• In the case of tax fraud by a business, As with all financial crime investigations, all docu-
evidence or testimony from employees about ments and other evidence obtained must not be
irregular withholding of taxes or suspicious modified by the investigator in any way. The inves-
business practices tigator must also maintain a clear chain of custody
to log how the custody and control of the records
• Destroying or altering books and records,
changed or progressed from the time it was initially
especially if it occurs just before or after an
obtained to the time it is used in a legal proceeding.
• audit or examination by tax authorities A financial crime professional investigating tax eva-
• The sudden transfer of assets in a manner that sion and other fraud must always strive to obtain the
suggests concealment, or the diversion of funds taxpayer’s explanation for discrepancies in financial
by company officials or trustees, especially to records and other documents, and ensure that their
an offshore location or secrecy haven explanations are recorded clearly and accurately.
• A significant or repeated pattern of incorrect or
In some circumstances, financial crime specialists
understated income on tax returns
will investigate a case in which a tax return has not
• Applications and tax and related documents that been filed, and tax or other fraud is suspected.
appear to be backdated
123
When conducting a tax evasion investigation, the depending on the countries involved. Generally,
first contact with the subject presents a crucial TIEAs allow one jurisdiction to request a wide range
opportunity to obtain the point of view of the tax- of information that is “foreseeably relevant” to the
payer and other important information. Tax evasion enforcement of tax laws, including details on finan-
investigations often follow an audit by the examin- cial accounts and beneficial ownership information
ers of the tax agency, in which the subject taxpayer on companies or trusts. Information shared is usu-
may not be aware that the agency may be consid- ally subject to strict confidentiality requirements,
ering a criminal tax evasion investigation focused and can only be shared with courts or judicial bod-
on him or her. ies for the purposes of determining criminal or
civil tax issues.
As a result, the subject may provide information or
access to financial and other documents that they The OECD maintains a database tool that allows
would otherwise take pains to conceal, which may be anyone to view the TIEAs that a country has in place
difficult to obtain in later stages of the investigation. with other countries. This can be a useful resource
for understanding the overall tax compliance and
Some questions that should be asked in the initial potential tax evasion risk on a jurisdiction level. If
interview of the target taxpayer are as follows: a country does not have many TIEAs in place, or is
• Who was responsible for preparing the tax not effectively following up on requests for infor-
documents and returns? mation, it could indicate that the jurisdiction has lax
tax compliance or is acting as a secrecy haven.
• Who was responsible for approving the
statements, including income, deductions and
expenses, cited in the tax filing or returns? THE UNITED STATES FOREIGN
• Who was responsible for management of the ACCOUNT TAX COMPLIANCE ACT
person’s income or business affairs? 2010 (FATCA)
• How were the person’s income or business A landmark tax reporting law, the 2010 US Foreign
receipts calculated and documented for Account Tax Compliance Act is one of the most
tax filings? sweeping changes to international tax compliance
and enforcement ever enacted. Targeting US tax
TAX INFORMATION evaders with undeclared assets offshore, FATCA
EXCHANGE AGREEMENTS compels all financial institutions outside the US
When conducting investigations across national to collect and report to the US Internal Revenue
borders, tax information exchange agreements can Service the US persons that maintain accounts
be powerful resources. Tax information exchange at their institutions. Failure to do so will subject
agreements (TIEAs) are bilateral treaties that pro- the pertinent non-US institutions to a 30 percent
vide a framework for sharing information in criminal withholding tax on US income, in addition to other
or civil tax investigations. A model TIEA was origi- applicable taxes.
nally developed by the OECD’s Global Forum Work-
ing Group on Effective Exchange of Information Although it is a US law, FATCA’s reporting require-
and have since been adopted by dozens of coun- ments cover banks and other financial institutions
tries worldwide. in all jurisdictions, making it a truly global law.
Non-US financial institutions may face considerable
Jurisdictions negotiate the terms of TIEAs between challenges and steep costs to comply with FATCA,
themselves, and the specifics may vary slightly according to several studies.
124
FATCA was inspired by a tax evasion scandal cen- as “fixed or determinable annual or periodical”
tered on UBS, one of Switzerland’s largest banks. (FDAP) payments.
UBS was found to have maintained secret bank 3. US persons with offshore accounts must
accounts for about 52,000 US persons who wanted file a new IRS Form 8938 with the IRS along
to evade their US taxes. UBS was prosecuted by the with their annual income tax return if their
US Department of accounts hold more than $50,000. US
persons that fail to file this new form may be
Justice, leading to the disclosure of more than subject to a penalty of up to 40 percent of the
4,000 US taxpayers who had hidden accounts at account value.
UBS. The case provoked the US Congress and paved
the way for FATCA. July 1, 2014, was the first effective date of many of
FATCA’s key provisions. Because of the sheer com-
According to estimates at the time of FATCA’s imple- plexity and scale of the law, provisions took effect in
mentation, the IRS expected to recover $8 billion in stages through 2017.
tax revenue from offshore accounts over the next
10 years. The total may be far higher. Because of FATCA is phased in over a long period of time to allow
the close ties between tax evasion through offshore the US and other nations to resolve the legal obsta-
accounts and other financial crime, FATCA has the cles that stand in the way of the law’s implemen-
potential to unearth millions in criminal proceeds tation. Many jurisdictions do not permit financial
linked to corruption, money laundering, fraud and institutions in their territory to share tax informa-
sanctions violations, in addition to tax evasion. tion and other financial information with the US and
other nations. Some nations and other jurisdictions,
FATCA has three key operative provisions: including many EU countries, forbid exchange of tax
information that is automatic and not in response
1. Non-US financial institutions, which can include to a court order or formal government request. As
banks, broker-dealers and investment firms, a result, many nations must amend their laws and
depending on the non-US jurisdiction and other regulations to permit FATCA compliance.
circumstances, must identify any US persons
who hold accounts and gather their names, INTERGOVERNMENTAL
addresses and tax identification numbers, FATCA AGREEMENTS
as well as their account balances, deposits,
withdrawals and other information. US persons In the process of implementing the worldwide obli-
include individuals and business organizations gations that FATCA imposes on financial institu-
formed in the US. Information on any US tions in other countries, the US Internal Revenue
accountholders with more than $50,000 for an Service has pursued and succeeded in creating
individual and $250,000 for a corporation must “Intergovernmental agreements,” or IGAs, with
then be reported to the IRS. other nations. As of April 2014, dozens of nations
in various parts of the globe2 have signed IGAs with
2. Non-US institutions that do not comply with
the US. It is very likely that many more nations in all
the law are subject to a 30% withholding tax
on certain payments originating in the US, parts of the world will sign these agreements with
as said above. Payments subject to the tax the US. In essence, IGAs outline how the signatory
include income, rents, dividends, wages, and nation and its financial institutions will comply with
certain interest payments. These are known the reporting requirements of FATCA. The US has
2 A list of FATCA IGAs is available here: http://www.treasury.gov/resource-center/tax-policy/treaties/Pages/FATCA.aspx
125
developed two template IGAs, Model I and II, which One potential problem for organizations that is
are outlined below: present in multiple jurisdictions is the management
of FATCA due diligence requirements under two
• The Model I agreement, released in early models. Institutions may be required to build mul-
2012, requires non-US institutions to report tiple systems to meet the requirements of applying
information on US accountholders to their the two models to local laws.
own tax authorities, which would collect the
information and deliver it to the IRS. FATCA COMPLIANCE FOR US
• The Model II agreement requires non-US INSTITUTIONS
institutions to report information on US While non-US institutions shoulder much of the
accountholders directly to the IRS instead data processing and reporting burden under FATCA,
of their own tax authorities. It allows non-US US institutions are not exempt from major chal-
institutions to exchange tax information with lenges. Among other things, they are required to
the IRS on request and supplement it when enforce the 30 percent withholding tax imposed on
necessary. FATCA partner countries that noncompliant non-US institutions. Consequently,
enter a Model II IGA must enable its reporting US institutions must be prepared to sort and clas-
institutions to register with the IRS and comply sify their accounts to know which of them is held
with FATCA’s due diligence, reporting, and by overseas institutions that are FATCA compliant,
withholding requirements. non-compliant or exempt.
The Model I and II templates produce distinct IGAs, US institutions must also conduct ongoing mon-
each with varying terms. Financial crime specialists itoring of the accounts they house for foreign
should know if a country of interest has entered institutions in case their FATCA compliance status
into an IGA with the US Treasury Department and changes. To ease this process for US institutions,
review its provisions. the IRS created an online FATCA registration “por-
tal.” The portal includes access to a database of
Both models allow the IRS to request more infor- FATCA-compliant non-US institutions.
mation about so-called “recalcitrant accounthold-
ers,” or US persons who refuse to provide informa- The bi-national IGAs also present compliance bur-
tion required for FATCA compliance. Depending on dens. Many of the agreements call for reciprocal
the terms of an IGA, non-US institutions may be reporting, which requires US institutions to iden-
required to close accounts of recalcitrant taxpay- tify accountholders of a nation that has signed
ers under some circumstances, but not all IGAs an IGA with the US Treasury Department and to
require this. report these accountholders to the appropriate
nation’s tax agency.
Model I agreements allow the IRS to request more
information on recalcitrant accountholders from This places US institutions in similar situations as
the partner nation’s tax authorities. Model II also their counterpart institutions abroad. This means
allows the IRS to make group requests to the part- they will be required to classify their accounts by
ner country’s tax authority for information on recal- citizenship or tax nationality, collect supporting
citrant accountholders. This information may be documents and monitor accounts for changes in
collected and reported to the IRS on an aggregate status. Adding to that analytic and compliance
basis. The IRS may also request US financial insti- headache are the differences in IGAs described
tutions for information about payments to non-US above, which could require US institutions to collect
institutions that refuse to comply with FATCA. different account information or identifying doc-
126
umentation based on the terms of the IGA with a

particular FATCA partner-nation. In time, there may
be dozens of different IGAs that US institutions will
have to comply with.
FATCA COMPLIANCE FOR NON-US

INSTITUTIONS
It was not until January 2013 that the US Internal
Revenue Service released the final regulations on
FATCA, which were enacted in 2010. As a result, the
international financial services industry had been
facing considerable uncertainty on how to proceed.
The final rules that were issued by the IRS finalize a
step-by-step process for US account identification,
information reporting and withholding require-
ments for foreign financial institutions (FFIs), other
foreign entities and US withholding agents. They
are contained in more than 500 pages of regulatory
language, examples and other provisions that have
earned for FATCA and its regulations a well-earned
reputation for complexity.3
Even with final rules in place, non-US institutions

still face considerable compliance challenges.
There is no one-size-fits-all FATCA compliance stan-

dard or template. Complying with the law and the
regulations will depend on the type of institution
and its customers, as well as whether an institution
is located in a jurisdiction with a FATCA IGA with the
US Treasury Department.
Differences aside, the key first step for all non-US

institutions is to gather the records and other data
it has on accountholders, determine the data that
are or were being collected at the time the customer
relationship was established, and understand the
gaps that exist in the customer information. It makes
little sense for institutions to take any implementa-
tion steps without first understanding the customer
data they have. A strategy to identify and gather the
missing elements, if any, would be required.
3 The final regulations for FATCA are available from the IRS site at
http://www.irs.gov/PUP/businesses/corporations/TD9610.pdf
127
Other steps advisable to take or consider for FATCA THE OECD’S COMMON REPORTING
compliance include the following: STANDARD – AN EVOLUTION IN
• Analyzing your customer procedures and GLOBAL TAX COMPLIANCE
amending them, if necessary, to capture
Efforts to boost global financial transparency and
information pertaining to a customer’s
augment tax compliance did not end with the imple-
citizenship status or tax nationality, along with
mentation of FATCA. Instead, the US was only the
related documents and records.
start of a larger and more globalized effort - The
• Classifying customer accounts by appropriate Common Reporting Standard issued by the OECD.
categories, including those for US and non-US
persons by compliant and “recalcitrant” status. Prompted by the creation of FATCA and by Euro-
Institutions will need to have or develop systems pean Union efforts to increase financial data-shar-
to monitor account activity related to other ing for tax purposes, in 2014, the OECD developed a
institutions to classify them by FATCA-compliant framework for automatic tax information exchange
and non-compliant status. that can be adopted by any nation.
• Building or acquiring new monitoring systems
to detect and flag any changes to accounts Instead of FATCA’s unilateral reporting structure, in
that affect how they are reported for which all countries are effectively required to report
purposes of FATCA. to US tax authorities, the Common Reporting Stan-
dard (CRS) is a multilateral system. Each country
• Develop procedures and data systems to
that agrees to participate must direct its finan-
process and report to the IRS, or other
cial institutions to identify accountholders from
appropriate tax authorities under an IGA
all other participant countries, and report account
agreement, the appropriate documentation
information to tax authorities. This information is
when an account’s status is in question or
then shared between the tax authorities of all par-
has changed.
ticipant countries annually, on an automatic and
• For financial institutions in nations with ongoing basis, beginning in September 2017.
certain bank secrecy laws, obtaining a signed
waiver form from account holders indicating While there are notable differences, the steps
they consent to have their account data required to comply with the CRS and the infor-
reported to the IRS. mation on financial accounts being captured and
exchanged are broadly similar to the requirements
of FATCA. The CRS covers both individual and legal
entity accounts, including trusts and foundations.
The CRS itself consists of four parts:

1. A model Competent Authority Agreement
that lays out the legal framework countries
adopt to participate in automatic exchange.
It is functionally similar to the Model I and II
agreements under FATCA.
2. Standards that establish how information
should be collected, verified and reported to
tax authorities
128
3. Commentaries that provide further exchange agreement. These requests were usually
information on the Standards and Competent only made as part of criminal or civil investigations,
Authority Agreement and, in many cases, the exchange process was slow.
4. Technical guidance to support the data
collection and transmission required The automatic and ongoing exchange under the
under the CRS CRS greatly increases the level of transparency in
the global financial system. The framework cuts
As of early 2017, there were more than 100 juris- down on the ability of tax evaders and other finan-
dictions that had agreed to implement the CRS. cial criminals to shield assets from tax authorities
The Common Reporting Standard requires finan- by moving them offshore.
cial institutions to report generally the same infor-
mation as FATCA, with some notable differences. It should be noted that like FATCA, the CRS contains
Each signatory country must gather the following loopholes – certain legal entities and types of finan-
information: cial institutions are not subject to reporting, for
example. Also, like FATCA, dozens of countries have
• The name, address, taxpayer identification not agreed to implement the CRS, including large
number and date and place of birth of each economies like the US.
customer covered by reporting requirements.
This includes most individual accounts and Although tax and secrecy havens have not been
accounts for certain legal entities. eliminated, the CRS tightens the net on tax evasion.
With fewer places to hide, tax evaders are being
• The customer account number
forced to resort to methods that are less convenient,
• The name and identifying number of the more expensive and potentially easier to detect.
Reporting Financial Institution
• The account balance or value as of the end of As tax evasion is closely connected to other forms of
the relevant calendar or, if the account was financial crime, this movement toward tax transpar-
closed during such year or period, the closure ency also has ramifications for enforcement efforts
of the account against money laundering, corruption and fraud.
This represents a significant evolution in global tax

compliance and financial account transparency.
Previously, this type of financial account informa-
tion was only shared when one country requested it
from another under the terms of a tax information
129
Q 6-1. Your bank holds a business account for a local tax preparation service.
What would MOST likely trigger further investigation by the compliance department in the bank?
A. Numerous deposits of tax refund checks in the names of different individuals but with
common addresses
B. Multiple deposits of checks in the same amount written by different tax service customers
C. Variances in the frequency of transactions depending on the calendar cycle
D. A request by the customer to have payments made to the Tax Office through a certified
check process
Q 6-2. A regional bank operates within a country that has a Model 1 agreement in place with
the US to implement the Foreign Account Tax Compliance Act (FATCA). The institution already
has a FATCA compliance program in place, but recently, there have been media reports sug-
gesting US tax evaders are using the bank’s country as a haven for undisclosed assets.
The bank has some US accountholders and is reviewing its FATCA compliance program in
response to the news reports.
Which statement is true about this bank?
A. The bank must register and report US accountholders directly with the US Internal
Revenue Service (IRS).
B. The bank must institute a 30 percent withholding on the accounts of its US customers
C. The bank must confirm that US customers filed a Form 8938 with the IRS to disclose
their accounts.
D. The bank is required to report certain details about US accountholders to its country’s tax
authorities.
130
CHAPTER 7
ASSET
RECOVERY
OVERVIEW
Whatever the financial crime, there is a certain and common ele-

ment. The financial criminal leaves someone or something behind
in poorer condition than they were before the crime. Whether it is
a fraud, corruption, tax evasion or money laundering, at the con-
clusion of the offense, there is money or something of value in the
hands or control of the financial criminal that does not belong to
him and should be recovered.
131
CHAPTER 7 • ASSET RECOVERY
Financial crime creates the opportunity or neces- The final phase is where the asset recovery profes-
sity to recover assets that have been illegally taken. sionals trace and recover the financial crime pro-
Consequently, asset recovery is the essential end- ceeds. Unless the proceeds of the financial crime
game of all financial crime. are recovered, the victim and the government
agencies that investigate, prosecute or assure com-
Because of this necessity, the skills and special- pliance by entities through which the criminal pro-
ized knowledge of investigators, lawyers, forensic ceeds flowed, the game is lost, even if the perpetra-
accountants and other professionals who under- tors go to prison.
stand the unique challenge of asset recovery efforts
are at a premium. Asset recovery skills in financial
crime cases are crucial because so much of the asset PARTICIPANTS IN AN ASSET
recovery work that needs to be done in the wake of RECOVERY TEAM
financial crime depends on private resources. Gov- Asset recovery operations are typically conducted
ernment agencies, which have heavy workloads, by teams of professionals, each with their own dis-
usually devote comparatively few resources to trac- tinct skill set and focus. Private- and public-sector
ing and recovery of financial crime proceeds of the asset recovery teams have more in common than
huge number of cases they must handle. most people realize. They typically have similar
team members who do similar jobs:
The level of recovery of all financial crime proceeds
• Investigators. In the public sector, they
is very low. Of an estimated $500 billion in crimi-
are called special agents, detectives or
nal proceeds that are generated each year in the US
commanders, and in the private sector they are
alone, for example, no more than $5 billion is recov-
called private investigators.
ered through government asset recovery efforts.
It is estimated that private sector asset recovery • Forensic Accountants. The private sector
efforts recover even less from financial criminals. usually calls them forensic accountants while
the public sector calls them auditors, examiners
Although there are significant overlaps with other and reviewers.
elements of financial crime, including investiga- • Lawyers. They are called prosecutors in
tions, compliance and prosecutions, asset recovery the government and receivers, insolvency
requires unique proficiencies and skills, and poses professionals, lawyers and trustees in the
distinct challenges. These skills are not always the private sector.
same as those required to investigate the financial
• Investigative Analysts. They are sometimes
crime and its perpetrators. In the same way, asset
referred to as intelligence analysts in the public
recovery skills are not the same as those used to
sector and litigation support specialists in the
detect and document the disguising, hiding and
private sector.
laundering of the criminal proceeds.
Receivers, trustees, monitors, “private attorneys

Asset is the fourth phase of financial crime inves-
general” and other fiduciaries are usually appointed
tigations. First is the investigation of the crime
by a court to undertake the process of mustering
and the perpetrators. Next is the investigation of
out the affairs of a legal entity that has served as
the money laundering by the perpetrators and any
a vehicle for the financial crimes perpetrated by its
accomplices. Third is the prosecution or other res-
principals. The laws of many countries, including the
olution of the offense that the financial criminal
US, United Kingdom, Canada and Australia, provide
has committed.
for the appointment of these persons to undertake
132
the management and control of such entities and value may be heavily encumbered with mortgages,
to search for, identify and attempt to recover their liens or other legal impediments. This makes their
assets. As is explained below in this chapter, there monetary value low or possibly even negative. Still,
are many legal and equitable tools that these fidu- if a government agency views an asset as being
ciaries have at their disposal in a worldwide search worth little, but recognizes that it plays an import-
for assets to compensate the victims. ant role in the criminal activities of an organization
or financial criminal, seizure must be considered
Asset recovery teams in the private and public sec- regardless of its value. However, it should be kept
tors use similar legal and investigative asset tracing in mind that even seizure of an asset costs money.
and recovery tools. Government agents have search
warrants and seizure warrants, while the private 2. How much will it cost to maintain and preserve the
sector has civil search warrants and other tools that asset during the asset recovery process?
courts of equity may give them, as described below. After an asset is seized or taken in an asset recov-
ery effort, the asset recovery team must store and
With court orders, government agents can forci- maintain it until a court orders the divestiture and
bly enter premises, while private investigators may return of the asset to the victim, the victim‘s repre-
obtain court orders that allow them to “break and sentative or a government agency order. If the asset
seal” the premises of financial crime perpetrators requires maintenance and upkeep during this time
or their accomplices. before a final order by a court, the cost of maintain-
ing the asset may escalate rapidly.
This chapter of the manual explains tools and
resources that asset recovery specialists have, the 3. Are there potentially innocent owners of the asset
knowledge they should have about asset tracing, who may impede or prevent recovery?
and the recovery weapons and skills they should
ensure their team has. This chapter will also cover Sometimes, an asset targeted in an asset recovery
the unique issues that multinational asset recovery effort is owned by a third party, even in the case of
efforts confront, and how they should be dealt with. money that has been taken in a financial crime, such
as in the case of charitable contributions by the
financial criminal or funds contributed to a political
IMPORTANCE OF SOUND PLANNING campaign. If the financial criminal is not the owner
and the owner of the asset is not implicated in the
Sound pre-seizure planning is a must for effective
financial crime or the illegal movement of the finan-
asset recovery in both the public and private sec-
cial crime proceeds, freezing or seizure of the asset
tors. Even when an asset recovery team has the
may not be an appropriate course of action.
legal authority to freeze, seize or take an asset, it
may not be in the best interest of the overall asset
recovery effort to do so. MAKING THE CASE FOR
Before doing so, an asset recovery team in both
ASSET RECOVERY
sectors should consider the following: For law enforcement and other government agen-
cies, a successful seizure of an asset is the begin-
1. Does the asset have value?
ning of the asset recovery process. Presenting a
The value of an asset should be determined before strong case to a prosecutor for seizure and ultimate
any action is taken. Its value includes both its mone- recovery is a vital first step. Government agents
tary worth as well as its importance to the financial and investigators should submit complete and
criminal. Assets that appear to have a high market accurate requests to the prosecutor or other legal
133
officer detailing the probable cause for seizure, a certain value by an administrative action. Assets
freezing and ultimate recovery. The submission that do not fall into those categories in these juris-
should list the potential claimants that may emerge dictions may be recovered only through judicial
and full information about such persons and their proceedings and not administratively.
likely claim. The investigators are often required to
furnish the legal officer supplemental investigative Names and full contact information of all persons
reports as they learn new information. who may have a legal or other interest in an asset
that is the focus of an asset recovery effort or
Below are the recommended elements of a report that has been frozen or seized. The laws of most
by investigators to a government legal officer or jurisdictions require that names of potential claim-
prosecutor before an asset recovery effort is com- ants with an interest in an asset that is sought to be
menced, or when seizure of an asset is being con- frozen or seized be received prior formal notifica-
sidered, which also largely apply to private sector tion of the contemplated action. For this reason, it
asset recovery teams. is important that the legal officer or prosecutor in
an asset recovery effort have the accurate names,
The presentation or submission to the legal officer addresses and full contact information of the poten-
or private sector lawyer should be organized so that tial claimants so that they may be provided with
relevant information that allows evaluation of the legal notices in accordance with the law.
case is found quickly. These are the items of infor-
mation that a prosecutor or other legal officer in the A listing of all registered owners and persons
private and public sectors would normally request: holding liens on assets that are the focus of a
seizure, freezing or other asset recovery effort.
A list of each tangible or intangible assets, and Property owners routinely record their vehicle and
pieces of property for which asset recovery is interests in real estate in the records and files main-
sought. For purposes of presentations in court, the tained by government offices. These databases,
prosecutor or legal officer must accurately list each which are normally accessible by the general public,
item, with complete description of the asset. It is must be searched. Parties with recorded interests
important that the asset recovery team is mindful affecting the targeted assets must be listed in the
of the passage of time because many jurisdictions reports presented to the legal officers in a public
prescribe the number of days that an asset recov- or private sector asset recovery effort so that they
ery team in the government or private sector has may receive the required legal notice of the action.
to commence or complete procedures, including The legal officer or prosecutors must evaluate this
applications to the courts. The location of an asset information to determine if the potential claimants
is important because legal issues pertaining to have legitimate claims or have the legal status that
the rights of parties in other jurisdictions must be is normally called “innocent owners.”
addressed, and there must be certainty that the
asset recovery team is legally empowered to act in A statement explaining the legal theory and justi-
the jurisdiction. fication or probable cause for the seizure, freez-
ing or ultimate recovery of each item or asset.
An actual or appraised value for each item or A legal officer or prosecutor needs and benefits
asset that is the target of an asset recovery effort. from a concise description of the theories of sei-
The value and nature of an asset may determine zure, freezing or recovery that the asset recovery
the type of legal procedure to be initiated in vari- team will pursue. The description should include
ous jurisdictions. Certain jurisdictions permit the the full justification, or “probable cause,“ that the
seizure, freezing or ultimate recovery of assets of asset recovery team will pursue, which justifies
134
the seizure, freezing or recovery. The investigative property, require the examination of documents,
or analysis team that provides information to the and enter orders permitting the seizure of assets.
legal officer or prosecutor should strive to furnish
full information to justify the recovery of the asset Equity is the name given to a set of principles that
and linking its purported owner to the underlying are applied in common law jurisdictions, such as the
financial crime. US, United Kingdom, Canada, Australia and other
nations that inherited a system of law from England.
Complete copies of all investigative and analy- The principle of equitable relief is also intended to
sis reports and search warrants or other court supplement and complement the remedies and
orders. Legal officers and prosecutors must review relief that statutory law provides. Equitable relief
the investigative reports to evaluate the basis of is also intended to apply where the application of
seizure, freezing and ultimate recovery of specified statutory law may be unduly harsh, unfair or ineq-
assets. In the case of a government asset recovery uitable. Although equity in that name is not known
effort, search warrants must contain a statement of in civil law systems, such as those that operate in
probable cause that summarizes the investigation continental Europe, Latin America and most of Asia,
and the evidence leading to the search for and sub- those systems have and apply broad rules that give
sequent seizure of an asset. judges similar powers to fashion remedies to meet
inequitable circumstances.
Copies of all seizure orders, warrants or other
court orders previously issued in the case. Prior Equitable powers constantly adapt and evolve to
orders of the court, including a seizure order or war- meet new circumstances, particularly in the busi-
rant, will detail the justification or “probable cause“ ness and commercial environment. Common Law
that justified the taking of an asset. courts have invented a host of equitable remedies
that are powerful tools for asset recovery. These
The laws of most nations, including the US, require include things such as so-called Mareva Injunc-
that a government asset recovery, or “forfeiture,“ tions, Anton Piller Orders and Norwich Pharma-
action must be commenced within a specific cal Orders that may be used in the investigation
time from the date an asset was frozen or seized. and initial steps of asset recovery cases. They can
Government investigators, and often those in also require a party to permit a legal represen-
the private sector, should recognize that legal tative of another party to search premises and
officers and prosecutors have minimum thresh- remove evidence.
olds of property value in asset recovery cases.
These thresholds are dictated by considerations Among the powerful weapons that a court of
of the proper and efficient use of legal and judi- equity may wield in asset recovery and other
cial resources. cases are these:
• Restraining and mandatory injunctions that
ANCIENT AND POWERFUL EQUITABLE
compel certain action or inaction by a specified
POWERS OF COURTS
person or entity
The equitable powers of the court are based on the
• Civil search warrants that permit private sector
principle, “Where there’s a wrong, there’s a remedy
asset recovery teams, accompanied by law
-- if you come with clean hands.” An asset recovery
enforcement authorities, to search designated
team has potent weapons based on these judicial
premises for evidence
equitable powers. A court may compel disclosure of
information, issue civil search warrants and “break • Break and search orders that permit the forcible
and search” orders, rewrite contracts, transfer entry into businesses or residences, usually in
135
the company of law enforcement authorities, Victims of financial crime, and often government
to search for evidence pertaining to a financial agencies, may undertake various legal actions to
or other crime seek to recover the assets they have lost in a finan-
• Accounting that compels a person or entity cial crime. For example, through their representa-
to document the source and application of tives, victims may apply to a court to freeze an asset
funds, which are the subject of a financial or its transfer or consumption and request the judi-
crime or other investigation, or to require a cial imposition of a constructive trust to ensure that
broader accounting the assets are not dissipated.
• Appointment of receivers who essentially FREEZING ORDERS AND “MAREVA

represent the court in undertaking the INJUNCTIONS”
management and control of a specified entity,
including its assets and property, that are linked One of the most powerful tools in international asset
to a financial or other crime or to its insolvency recovery is a freezing order. In many jurisdictions,
or bankruptcy it is called a Mareva injunction. The name comes
from a 1980 British case, Mareva Compania Naviera
• Writ of assistance to a sheriff or court official SA vs. International Bulk Carriers, SA, in which
that requires the designated officials to provide the court order restrained a party from removing
assistance to the representatives of the victims assets from the jurisdiction and from dealing with
of a financial or other crime any assets wherever they were located.
• Authentication of records, or ‘back channel’
assistance, on beneficial owners Freezing orders are usually sought against the per-
sons who hold an asset or other property. In juris-
Through whatever appropriate means evidence and dictions where freezing orders are established or
records are located and obtained, an asset recov- permitted, such as in the United Kingdom, Canada
ery team must ensure that the documentation may and the US, there must be an arguably good case
be used in subsequent legal proceedings that seek on the merits, strong evidence that the assets are
to achieve repatriation of assets. Various interna- located in the jurisdiction or outside the jurisdiction
tional agreements, in addition to local laws of most if a global order is sought from the court, and evi-
nations, provide procedures for the authentication dence that a definable risk exists that the person
of records obtained in other countries. The for- holding the asset may unjustifiably dissipate it to
eign ministries of most countries or the office of a frustrate enforcement of an asset recovery effort
nation‘s chief legal officer normally have units that or a judgment entered by a court.
facilitate the necessary authentications.
Freezing orders are powerful and can be used
In addition, the embassies in other countries of an effectively with a variety of assets, especially bank
asset recovery team‘s country can provide helpful accounts or real property. Freezing orders typi-
“back channel“ assistance in various ways, including cally require that the asset not be transferred or
location of witnesses, authentication of documents removed without a court order. While these orders
or direction to useful public sources of information do not guarantee recovery of the assets, they
in that country that may uncover the true benefi- assure that the assets will not be transferred or
cial owner of corporations and other legal entities. dealt with in a prejudicial or harmful manner until
Often, this is the most daunting task in an interna- the case is concluded.
tional asset recovery effort.
136
A freezing order should be sought in the place where Lis pendens, which is Latin for “suit pending,” is the
the financial criminal or his accomplices reside or notice of a pending action and is filed with and cer-
hold property. Sometimes, it is possible to obtain a tified by the clerk or secretary of a court it is subse-
worldwide Mareva order from a court if the financial quently recorded in the official registry of the place
criminal has fled the jurisdiction, but not all coun- where the property is located. It notifies persons
tries recognize these global orders. with an interest in the subject real property that a
claim on the property exists. The recording of the
Other well-known judicial tools provide assistance lis pendens informs anyone interested in buying
in asset recovery efforts in common law countries or financing the property that there is a potential
or jurisdictions. The terms by which these tools are claim against it.
known are included in parentheses:
A lis pendens must include a legal description of the
NORWICH PHARMACAL (PURE BILL OF property. Usually, in common law jurisdictions, the
DISCOVERY) AND BANKERS TRUST party who filed a lis pendens is not required to show
ORDERS (PRODUCTION ORDER) a substantial likelihood of success on the merits,
These orders by a court, usually under seal and but only a connection between the ownership of the
accompanied by so-called anti-tip-off or gagging property and the dispute in the pertinent lawsuit.
restraints, are injunctions that typically seek dis-
closure of confidential records and information LETTERS ROGATORY
from financial institutions and other businesses. A letter rogatory is a request from one judge to
The orders usually require a third party to disclose another judge in another country seeking assis-
certain documents or information to the party that tance in obtaining information, documents or tes-
sought the orders. For example, a third party could timony in a particular legal matter. Letters rog-
be a financial institution that has relevant informa- atory are not treaties, but they provide a means
tion and records. by which private- and public-sector persons and
agencies may obtain international assistance in
ANTON PILLER ORDERS (STAND a case. Letters rogatory can help gather finan-
AND DELIVER) cial evidence, including bank records, and help
These are search and seizure orders that may be to restrain assets. Compliance with a letter roga-
executed simultaneously at homes and offices tory is discretionary on the part of the court that
of the targets they are issued on. An Anton Piller receives it, and the process is usually slow. With-
order is intended to preserve evidence that may be out an effective advocate in the jurisdiction that
crucial to a worldwide asset tracing case. It can be receives it, a letter rogatory may not succeed in
obtained to preserve evidence where it is shown obtaining the desired assistance.
that the target of the effort is likely to destroy evi-
dence to frustrate the investigation. Each country has its own laws and practices for
the receipt and execution of letters rogatory. Exe-
LIS PENDENS cution of letters rogatory must be in strict compli-
ance with domestic law. The process is marked by
A lis pendens is simply a written notice that a law- these uncertainties:
suit or claim affecting title or an interest in specific
real property has been filed.
137
• Letters rogatory are usually transmitted via encounter difficulties that stem from local corrup-
diplomatic channels and must be processed tion, especially in the final stages when repatria-
through a court and the diplomatic agencies. tion is sought.
Diplomats may refuse to act if a letter is deemed
inconsistent with their nation’s public policies. Asset recovery teams must obtain a judicial order
• Requests must contain certain information, to repatriate assets after they are located and fro-
including a description of the facts and details zen to prevent dissipation or flight. The order must
of persons and entities involved. The letters may divest the financial criminal and his accomplices of
be returned for clarification to the judge in the the asset and place title in the control or the names
requesting country. of the victims, their representatives or a pertinent
government agency.
• Nations sometimes refuse to execute letters
rogatory in a criminal matter until formal Mareva injunctions or other court orders at the
criminal charges have been filed in the start of a case that preclude the financial criminal
requesting country. This policy makes letters or his accomplices from transferring or liquidating
rogatory unavailable during the investigation assets are essential initial steps. The laws of certain
when they are often most needed. jurisdictions allow creation of so-called asset pro-
• In some countries, secrecy laws do not permit tection trusts. A trust protector appointed by the
bank records to be obtained by means of court usually may transfer assets from one jurisdic-
letters rogatory unless other laws authorize tion to another.
this disclosure.
STATUTES OF LIMITATION
An asset recovery team must also observe statutes
REPATRIATION OF ASSETS of limitation as a potential obstacle in its case. Stat-
In asset recovery cases, it is not enough to freeze utes of limitations vary from jurisdiction to juris-
assets. To succeed, they must be repatriated. Repa- diction and encourage prompt resolution of cases.
triation of assets from foreign hiding places is However, statutes of limitations can also sometimes
the crucial final step that private and public asset benefit financial criminals, if they succeed in con-
recovery teams must accomplish. It may be fraught cealing their conduct and assets until the statute
with complications. of limitation expires. The time period that a stat-
ute of limitation prescribes is easily learned in any
In repatriating assets, government asset recovery jurisdiction, and should be one of the first things
teams often have unique international weapons an asset recovery team does. Often, these statutes
that can provide substantial help in the recovery. impose different time limitations for different types
Private sector asset recovery teams may also have of legal actions.
access to powerful government weapons in certain
circumstances if they convince government inves- One way to mitigate the negative effect of a stat-
tigators, prosecutors or judges to utilize them on ute of limitations that expired or is about to expire
their behalf. The discussion below about Mutual is to enter into “tolling“ and standby agreements
Legal Assistance Treaties (MLATs) covers this. with adverse parties by which they agree to ignore
the statute of limitations problem. That is unlikely
There are no standard procedures that asset recov- when you are dealing with the financial criminal and
ery teams must follow for successful repatriation of his accomplices unless a bargaining or negotiation
assets. No two cases, and the laws of no two coun- benefit can be extended in return.
tries, are alike. Asset recovery cases sometimes
138
DISCOVERY
Discovery is the process by which parties in a legal
dispute, including financial crime victims and their THE HAGUE CONVENTION
representatives, may obtain information from The Convention on the Taking of Evidence
opposing parties in a case. In asset recovery cases, Abroad in Civil or Commercial Matters --
the information may pertain to the nature, location more commonly referred to as the Hague
and value of a particular asset and other things of Evidence Convention, is a multilateral treaty
value. The US has very broad discovery rules in civil which was drafted under the auspices of the
litigation, but discovery is also permitted in other Hague Conference on Private International
common law countries, such as the United Kingdom, Law. The treaty was negotiated in 1967 and
Canada, Australia and others. 1968 and signed in The Hague on March 18,
1970. It entered into force in 1972. It allows
Countries that operate in what is known as the civil transmission of letters of request (letters
law system, generally, do not have similar discovery rogatory) from one signatory state (where
rules, although other measures exist that provide the evidence is sought) to another signa-
mutual disclosure of pertinent evidence between tory state (where the evidence is located)
the parties. without recourse to consular and diplo-
matic channels.
Distinct discovery options and rules apply in civil
and criminal cases in countries that permit discov- The Hague Evidence Convention was not the
ery. In criminal cases in most countries, the defen- first convention to address the transmis-
dants may not be forced to produce evidence that sion of evidence from one state to another.
represents self-incrimination. Often, this privilege The 1905 Civil Procedure Convention — also
is guaranteed by the nation‘s constitution, such as signed in The Hague — contained provisions
in the US. In the US, corporations do not receive this dealing with the transmission of evidence.
protection against self-incrimination. However, that earlier convention did not
command wide support and was only ratified
by 22 countries. The United States initiated
INFORMATION SHARING AND the negotiations that led to the creation of
MUTUAL LEGAL ASSISTANCE The Hague Evidence Convention. However,
TREATIES (MLATS) insofar as requests to United States courts
An information-sharing agreement is an under- are concerned, the use of the Hague Evi-
standing between government agencies by which dence Convention has been replaced in
they agree to exchange information that assists large part by the simpler discovery provi-
them in their work, including asset recovery. These sion codified at 28 U.S.C. § 1782 (see Sec-
agreements can be in the form of a formal agree- tion 1782 Discovery).
ment, protocol, memorandum of understanding,
exchange of letters, or a treaty or convention. The Between states of the European Union, the
Hague Convention, for example, provides for inter- Hague Evidence Convention has largely
national cooperation in obtaining evidence for use in been supplanted by Council Regulation (EC)
legal proceedings of various types. All appropriate No. 1206/2001 on Cooperation Between the
international agreements, such as the Hague Con- Courts of the Member States in the Taking
vention, that provide channels of information-shar- of Evidence in Civil or Commercial Matters.
139
ing should be reviewed by asset recovery teams in some circumstances, as explained below in this
the private and public sectors at the start of a case. chapter, representatives of private sector victims of
financial crime may persuade the lawyers or agents
In addition, as discussed in more detail in other of a government agency that have received infor-
chapters of this Manual, in accordance with Egmont mation under an MLAT from another country to
Group recommendations some 132 nations have share the information.
established Financial Intelligence Units (FIUs).
These agencies collect a wide variety of financial Government asset recovery teams have no obsta-
information and reporting forms from financial cles to the use of MLATs if they have been signed
institutions, businesses and individuals in their and ratified by their countries. Many industrialized
countries and disseminate it to their law enforce- countries have entered into dozens of MLATs. The
ment agencies and prosecutors. They also sign US, for example, has entered into more than 60 of
bilateral and multinational agreements that autho- them, as of early 2013. A full listing of all the bilat-
rize and facilitate the mutual exchange of intelli- eral and multilateral agreements that a nation has
gence and information. ratified may usually be found in the website of a
jurisdiction‘s state department or foreign ministry.
MUTUAL LEGAL ASSISTANCE TREATIES In the US, the website of the US State Department
Mutual Legal Assistance Treaties (MLATs) provide provides this listing in a publication called Trea-
for the broad exchange of information, assistance ties in Force.
and other cooperation between two nations. In
an international asset recovery case, they can be An example of how an MLAT describes the assistance
a valuable tool for gathering pertinent informa- the signatory nations agree to extend to the other
tion and evidence. The execution and operation of nation is found in Article 16 of the MLAT between
MLATs is often cumbersome and time-consuming. the US and the United Kingdom, which follows:
“The parties shall assist each other in proceedings
Most MLATs require the requested country to assist involving the identification, tracing, freezing, sei-
the requesting nation to take actions that include zure or forfeiture of the proceeds and instrumen-
these measures: talities of crime and in relation to proceedings
• Taking testimony or statements of persons involving the imposition of fines related to a crim-
inal prosecution.“
• Providing documents, records and evidence
• Service of documents Most MLATs include restrictions on the use of the
• Locating or identifying persons information they provide.
• Executing requests for search and seizure A government agency that files an MLAT request
• Identifying, seizing and tracing may seek permission to share information with a
proceeds of crime court-appointed receiver or other formal represen-
tative of financial crime victims. If the information
The “requested“ party in an MLAT request usually is sought for restitution to victims, the government
pays all costs related to its execution, except for the officials should so specify in the request. It is advis-
fees of expert witnesses, translation, transcription able that private sector representatives of financial
and travel expenses. crime victims establish appropriate, cordial profes-
sional relationships with these government officials.
MLATs may only be used by government agencies
and are designed for their benefit. However, under
140
Parties that are considering the filing of an MLAT BANKRUPTCY AND INSOLVENCY AS
request should consider all possible uses of the ASSET RECOVERY TOOLS
information you may provide. The language of the
request should cover all the intended uses of the The asset tracing and recovery fields have several
information and, generally speaking, it is advis- off-the-beaten-path legal weapons, such as bank-
able to request approval for broad usage of the ruptcy and insolvency. They can serve very well in
information. locating, safeguarding and recovering assets. Per-
sons appointed by courts as trustees, receivers,
MLATs can be helpful in piecing together money administrators, monitors or liquidators of entities
trails in financial crime cases, including those that have served to spawn or execute a financial
involving corruption. They can lead to the discovery crime are given great powers of investigation and
of bank accounts, property ownership or evidence recovery of assets. Especially in financial crime
of the ownership of business entities. cases, in which the business or corporate entities
that financial criminals use collapse upon the discov-
Often, nations provide mutual assistance under ery of the financial crime, the tools discussed here
other types of international agreements that can are important parts of the asset recovery arsenal.
impact asset recovery case. These agreements
include Organization for Economic Co- operation A trustee, receiver or liquidator steps into the shoes
and Development (OECD) Anti-Bribery Convention, of the directors of the business entity and is enti-
the Inter-American Convention Against Corruption, tled by law to all information about the entity to
the Council of Europe Criminal Law Convention on which its directors were entitled. Similarly, a trustee
Corruption, the Council of Europe Civil Law Conven- in bankruptcy steps into the shoes of the bankrupt
tion on Corruption, and the United Nations Conven- entity and is entitled by law to all the information to
tion against Corruption. which the bankrupt entity’s directors were entitled.
An MLAT request for assistance is normally made in Judicial orders appointing receivers, liquidators or
writing and usually includes the following: “officeholders,“ as they are called in the United King-
dom, typically require the subjects of asset recov-
1. The name of the agency conducting the ery efforts, their agents and all persons in concert
investigation, prosecution or other proceeding
with them who receive notice of the order, to hand
2. The facts about the subject of the investigation, over all assets that belong to the subject entity or
prosecution or other proceeding receivership. These cover securities, money and
3. The nature and stage of the matter and the text property of any kind, including all money at finan-
of the relevant laws of the requesting party cial institutions for the benefit of the targets of
4. A description of the assistance requested the investigation. The laws of many nations allow a
receiver to take control of assets located in other
5. A description of the purpose of the jurisdictions.
requested assistance
All nations and jurisdictions have an interest in reg-
The requested party in an MLAT can be instructed ulating improper conduct in their territory. If assets
to keep confidential the request that has been are not repatriated by a person who has been
made, the contents of a request, the outcome of the ordered to do so, a receiver will likely seek recogni-
request‘s execution and other information concern- tion abroad of the order appointing him or her, and
ing the request. try to convince a foreign bank to honor the request
to transfer the funds. These efforts may require
141
proof of the underlying financial crime and of the Forfeiture is handled through judicial or admin-
receiver‘s plan to distribute assets to the financial istrative procedures that govern the transfer of
crime victims. ownership of specified funds or other assets to a
government agency. Many countries, including the
As mentioned above, The Hague Convention allows US, have asset forfeiture laws that authorize pro-
parties to request, through a bankruptcy or other ceedings against assets that are the proceeds of
court, the assistance of another nation in obtaining criminal activity or that served as the instrumental-
evidence and testimony. ities of crime.
Asset forfeiture or recovery laws vary depending

TRACING, FORFEITURE AND on the jurisdiction. An asset recovery team member
SUBSTITUTION OF ASSETS should study the laws on forfeiture and asset recov-
Courts may assist financial crime victims in several ery in the jurisdiction where she or he is handling
ways in tracing and recovering assets. Under com- the case. Persons or entities that had an interest in
mon law, tracing is restricted to assets that origi- the assets at the time of forfeiture lose all rights to
nally belonged to the claimant, and to the profits the seized or frozen funds or other assets upon a
from the asset or its substitute. judicial or administrative ruling of forfeiture. Many
nations, including the US, allow both criminal and
In the US, Article 9 of the Uniform Commercial civil forfeiture.
Code provides the doctrines that are applied in
asset tracing by a creditor. These rules guide practi- CRIMINAL FORFEITURE
tioners when the proceeds are commingled. A criminal forfeiture accompanies a criminal convic-
tion in countries that recognize both types of forfei-
Forfeiture is defined as the permanent deprivation ture. It is an action against the defendant or person.
of property by order of a court or other competent If a defendant is acquitted of the crime, the gov-
authority. It is a term used interchangeably with ernment’s criminal forfeiture case against him fails.
recovery and confiscation. In a criminal forfeiture, the burden of proof is the
same as in a criminal prosecution, “proof beyond a
reasonable doubt.“
Criminal proceeds may be the subject of a criminal

forfeiture action if they are related to or derived
from criminal activity. There is no requirement that
the proceeds must have been obtained directly
from an illegal act. For example, if a financial crim-
inal derives money from his crime and then uses it
to buy a car, then sells the car and uses the money
for a down payment on a house, the portion of the
house purchased with illicit funds may be consid-
ered criminal proceeds.
142
CIVIL FORFEITURE if the recoverable property has been dissipated or

Civil or ‘in rem’ forfeiture, meaning a case against cannot be found. Civil asset recovery or forfeiture
the property, is a legal action against the property cases do not permit this. Therefore, criminal forfei-
based on a finding that it represents the proceeds ture is more powerful as a law enforcement tool.
or instrumentality of unlawful activity. It is not an
action against the asset’s owner but against the
OTHER EVIDENCE-
property (“rem“ means thing), and is unrelated to
a criminal action against the wrongdoer. The stan-
GATHERING TOOLS
dard of proof is lower in a civil action, meaning that Court orders facilitating investigation are a princi-
the government lawyer must prove by a “prepon- pal mechanism for obtaining information in asset
derance of the evidence“ that the property was recovery cases. Private sector entities are often
used in the commission of, or to facilitate, a crime, unwilling or legally unable to disclose information
or was obtained illegally. about their finances or customers without a court
order that releases them from client confidentiality
This is particularly useful in cases where a finan- restrictions.
cial criminal has not been apprehended or is still
unknown, but illegally obtained assets have been The following are examples of court orders that
identified. By initiating an in rem proceeding against may be issued in many nations and serve as
the property, either the criminal must default on potent evidence-gathering tools for government
the proceeding and automatically lose if they do investigators:
not show up to claim ownership, or show up and risk Production orders. Require individuals to produce
apprehension. documents and are frequently served on banks and
other intermediaries to obtain financial records.
SUBSTITUTE ASSETS
The incentives a defendant has in transferring assets Search warrants. Available to government inves-
to another jurisdiction, placing them beyond the tigators and are executed on the premises owned
reach of a court, or taking other actions to render by targets and defendants. They may also be used
his property unavailable are understandably great. on other premises where documents and informa-
As a result, the impact of asset recovery actions is tion are located. Investigators also often request
lost unless the private or public sector asset recov- warrants allowing the seizure and examination of
ery team can recover or forfeit non-tainted, substi- documents that cannot reasonably be reviewed on
tute assets of the target or the defendant and his the premises being searched. Private sector asset
accomplices. recovery teams may obtain similar weapons under
the equitable powers of courts, as explained above
Many jurisdictions provide for the recovery or for- in this chapter.
feiture of substitute assets. These laws permit
recovery of untainted assets that have an equiva- Customer information orders. Enable an investi-
lent value to the assets that cannot be recovered gator to discover at which institution an individual
because they have been spent, hidden or dissipated. holds accounts. The orders may require a bank to
search for accounts held in the names of aliases or
The action is against the person, called an in perso- in different spellings.
nam action. The court in a criminal asset recovery or
forfeiture case may order the person or defendant Account monitoring orders. Require financial insti-
to pay a money judgment or forfeit substitute assets, tutions to inform government investigators regu-
larly about transactions in an account and to fur-
143
enter appropriate orders giving effect to these rem-

edies granted by the foreign court.
LIABILITY OF THIRD PARTIES

One of the hallmarks of asset recovery actions and
principles and financial crime cases, in general, is
that the financial crime perpetrator is not the sole
source of recovery. Financial criminals are adept
not only at taking money from others, but they also
are skilled at making the money vanish in hiding
spots and behind fronts that are difficult to iden-
tify, penetrate and uncover. So, if a financial crimi-
nal and the stolen assets vanish, the victims are left
nish information that did not exist when the order with the challenge of identifying third parties that
was granted. may be liable for their losses under various theories
of liability.
Disclosure orders and subpoenas or summons.
Enable an investigator to require an individual to Recovering from third parties has several major
attend an interview, answer questions and pro- advantages. They are usually stationary and immo-
duce documents. bile, have substantial assets and are averse to bad
publicity. They will resist paying, however. Evolving
legal theories of liability and a changed legal atmo-
ENFORCEMENT OF JUDGMENTS sphere have made many wealthy third parties wor-
Most countries have laws modeled on the Uniform thy of pursuit in nearly all financial crime cases, big
Foreign Money Judgments Recognition Act that and small. But, battles against third parties can be
“recognizes” and enforces proper judgments ren- very expensive.
dered in other countries. Simply, when this occurs,
a court enters a judgment that is substantially the PRELIMINARY QUESTIONS ON THIRD-
same as the one entered in the other country. Simi- PARTY LIABILITY
larly, judgments entered in a domestic court receive Before launching a legal effort against a third party,
the same treatment and enforcement based on one must determine the assets the financial crim-
international notions of “comity.” inal has. Second, once affiliated parties, enablers,
aiders and abettors and facilitators with assets
If a foreign judgment orders a monetary recov- have been identified, they should be pursued if the
ery and the debtor has assets in the country or in facts and the laws so justify. To make this determi-
another jurisdiction that recognizes the foreign nation, two preliminary questions should be posed:
judgment, the person pursuing asset recovery
may take advantage of enforcement and collec- Does the financial criminal have a license or a
tion tools, as if the judgment had been entered in a parent company?
domestic court.
If a person has been victimized by a financial crimi-
If another form of relief was obtained under the for- nal who is a licensed entity or a subsidiary of a pub-
eign judgment, such as an injunction, the domestic lic company, the chances of recovery dramatically
court where the foreign judgment is enforced may increase. When a financial crime is committed by
144
someone acting on behalf of such an entity, the big- the illicit funds and increase the risk the money or
gest hurdle to recovery generally consists of prov- the recipients may disappear.
ing liability instead of searching for assets.
Understand cash withdrawals. Often, frequent
Does the financial criminal have assets or money? large cash withdrawals or unexplained transfers
Because successful financial crime and fraud from an account are noticed. Look for explanations,
schemes involve getting, transferring and spend- which may include the purchase of cashier’s checks,
ing large sums of money, records to reconstruct withdrawals of cash to purchase money orders or
the flow of funds will generally be available. Even wire transfers at other institutions, cash withdrawn
in the absence of reliable records, it is hard to exe- for deposit into other accounts at other institutions,
cute a large financial crime without creating an or cash payments to public officials.
audit trail. These records will provide trails to third
parties, firms and institutions that may be liable for If the money was used for wire transfers, the records
damages for participating in the financial crime or of the money transmitter or funds transfer institu-
enabling or fostering it knowledgeably. tion will document this. If other financial accounts
are suspected, subpoenas or requests for pro-
To lay the groundwork for the pursuit of third par- duction to the institutions where the accounts are
ties, various possible steps should be considered: maintained should be issued. Withdrawals by the
financial criminal should be cross-checked against
Source and use analysis. All bank records the finan- travel records, including credit card statements, to
cial criminal and his accomplices used, bank state- establish travel to secrecy havens or to other loca-
ments, both sides of all checks, deposit items and tions soon after cash withdrawals.
wire transfers should be obtained. After this data is
placed in a spreadsheet or account recreation soft- Find related entities. Determine the other entities
ware, the money that came into the accounts, where the financial criminal and his accomplices have cre-
it came from, how much was spent, and where it ated. The asset recovery team should check cor-
went may be determined. porate and other public records to determine other
business entities that list him, his family members,
When pursuing third parties, a keen eye should be affiliated companies or accomplices as officers,
trained on fee payments to professionals, includ- directors or registered agents.
ing “investment advisors.” After it is input, the
data should be sorted by source and payee, a pro- Check public records. Many assets generate pub-
cess often called “Source and Use Analysis.” This lic records when they are purchased or transferred,
can show how much money the financial criminal’s whether they are homes, cars, boats, jewels, air-
entity had at any point, how funds were used as they planes, negotiable instruments or other assets. As
came in, and how much went to various recipients. more government agencies put these records on
their websites, these searches become easier to
Identify the payees. When the recipients of the conduct. Searches should be expanded to look
funds from the financial criminal are known, the for ownership by family members, close associ-
purpose of each payment should be determined. ates, suspected accomplices and affiliated entities
The records of the financial criminal may answer of the target.
this or interviews of employees may do so. Oth-
erwise, subpoenas or requests for production of Intelligence sources. Many financial criminals
records should be sent to the recipients to obtain realize that their schemes ultimately will fail. At
explanations. However, this may tip off recipients of that point, they become more creative in hiding
145
assets, utilizing more cash transactions, transfer- may be voidable. For Ponzi frauds and other finan-
ring property to others, opening accounts at dif- cial crime schemes, the test of insolvency is met by
ferent financial institutions or purchasing goods in the entity’s financial obligations to existing inves-
the names of others. These actions are difficult to tors. Good faith transactions, where fairly equiva-
detect. The best sources for finding these trans- lent value was given, are excepted. This protects
fers are people who had contact with the financial outside service providers or vendors who acted in
criminal and his accomplices. good faith, and still permits receivers to recoup
improper payments.
Some sources, like former spouses, unhappy
employees or angry investors, can provide assis- Overpaid investors. Investors in long-running Ponzi
tance. Other sources must be persuaded to coop- and similar financial crime schemes sometimes
erate, which can come through compulsion, such as receive more in distributions than they contrib-
subpoenas, court orders or protecting self-interest, uted as capital. Distributions to investors beyond
including the fear of being charged with crimes or the amount of their principal investment must be
sued for money, and incentives, such as immunity returned under the laws of most countries, includ-
from prosecution that must be expended by gov- ing the US. If the investor or victim did not act in
ernment authorities. good faith because he or she knew of the fraud or
withdrew funds because of suspicions that some-
Affiliated entities. The affiliates and entities of the thing was not right, good faith was missing and a
financial criminal should be analyzed to determine if receiver or other fiduciary can demand a return of
their conduct gave rise to liability, or if their actions all the distributions he received.
as agents of the financial criminal created grounds
to pursue their assets. With these considerations taken into account, an
asset recovery team may focus on specific third
Gratuitous donees. Payments by financial crimi- parties whose deep pockets may secure the restitu-
nals that benefit others are also recoverable under tion of the financial crime victims.
the laws of many countries, including the US. While
payments by an entity of the financial criminal for GATEKEEPERS AND INTERMEDIARIES
normal business expenses are not voidable if the When a financial crime has come to an end, one
payments represented fair value for the services may ask, “Where were the gatekeepers?” This
provided, payments to satisfy the debts of others, refers to attorneys, accountants, brokers, audi-
including the financial criminal’s personal debts, are tors, investment advisors, consultants, corporate
voidable. Examples are the payment of bank loans directors and others. They often play a crucial role
owed by employees or affiliates of the financial in facilitating or promoting a financial crime and
criminal and the payment of the indebtedness for have a duty to prevent the crime in transactions
assets purchased by others. Charitable contribu- where they are involved. Under recent laws in some
tions and political contributions made by the finan- countries, gatekeepers and intermediaries must
cial criminal or the promoter of the financial crimes now actively attempt to avoid facilitating a finan-
scheme are also recoverable. cial crime, including fraud. If they fail to meet this
obligation, they may be liable for some or all of the
Fraudulent conveyances. Under the laws appli-
losses incurred by the victims.
cable to fraudulent conveyances, payments made
by a financial criminal or his entity, when the pay-
ments would have made the company insolvent,
146
A primary consideration in any claim against a third he used them to execute transactions during the
party is whether that person or institution owed commission of the financial crime, the intermediar-
a duty of care to the defrauded party or financial ies may be liable to the victims. Often, these firms
crime victim. Some courts will consider whether must conduct due diligence and implement “know
they had a duty of care to persons about whom they your customer” procedures, just as banks do, on
were not aware when their professional responsi- their customers and counterparts.
bilities began.
Even if the firms were fooled by the financial crimi-
nal, they may be liable if they failed to conduct suf-
THIRD PARTIES THAT MAY BE ficient due diligence or if their operational proce-
HELD LIABLE TO FINANCIAL dures were lax, or if they can be viewed as having
CRIME VICTIMS aided and abetted the fraud or other financial crime.
For example, if a broker-dealer executed transac-
If gatekeepers and intermediaries act as cheer-
tions based on forged signatures, the firm may be
leaders and enablers and facilitate a financial crime,
liable if the broker-dealer should have known that
they may rightly be considered aiders and abettors
was improper.
or co-conspirators in the financial crime. The follow-
ing gatekeepers and intermediaries may be liable if
Company directors. As part of the due diligence
the financial criminal’s identified and located assets
procedures, an asset recovery team should attempt
are not sufficient to satisfy the losses of the victims.
to determine if there is liability on the part of the
officers and directors of an entity that did business
Banks. In most nations, banks must conduct due dili-
with the financial criminal. Director and officer lia-
gence examinations on their account holders, includ-
bility insurance may be a source of recovery for vic-
ing “know your customer” procedures required by
tims of financial crime. A failure by the directors to
anti-money laundering laws. These are records an
obey their duty to creditors and investors may give
asset recovery team should obtain. Usually, Suspi-
rise to claims against them by a receiver or other
cious Activity Reports (SAR/STR) may not be dis-
fiduciary. Directors may also be liable for wrong-
closed by a financial institution under the laws of
ful or fraudulent trading or when preferential pay-
many countries, including the US. An asset recovery
ments were made to creditors.
team should understand the banking regulations in
the jurisdiction where the recovery operation is tak-
Employees. Employees who held responsible posi-
ing place in order to determine the reporting and
tions may be held liable for failing to detect or halt
recordkeeping responsibilities of financial institu-
financial crimes, including fraud, of which they had
tions and businesses used by the target of the opera-
knowledge or should have had knowledge.
tion. Obtaining this information can help significantly
in financial crime and asset recovery investigations.
Attorneys. To the extent attorneys helped prepare
solicitation or other documents that contained false
Financial institution records, including govern-
information, which induced investment by innocent
ment-required forms they file, can provide a wealth
third parties, they may be liable if they failed to con-
of information in asset recovery cases, although
duct sufficient due diligence. Attorneys may also be
the ability to access them is tightly regulated in
forced to return money they received for represent-
many jurisdictions.
ing the financial criminal if the money was paid by a
Broker-dealers, investment advisers, futures legal entity that had been controlled by the finan-
commission merchants. If a financial criminal hired cial criminal and is now in bankruptcy. Retainers
registered financial intermediaries to advise him, or paid from stolen funds may also be recovered.
147
Auditors and certified public accountants. A case company management or from error. Determining if
for recovery against an auditor may arise where a duty of care is owed by an auditor to a third party
a duty of care has been proved and the duty was normally depends on the circumstances, including
breached and led to a loss to a person to whom the the relationship between the auditor and third party
auditor owed the duty. An example is where a lender and how an audit report was produced and commu-
suffers a loss by relying on a company’s financial nicated to the third party.
statements indicating it was financially sound and
the statements are supported by an audit report.
The misstatement could be the result of fraud by
Q 7-1. In a Venezuela court case for fraud against individuals and companies around the
world, documents have been obtained that would be helpful in a related proceeding in the US
in Miami. Venezuela and the US are parties to the Hague Evidence Convention on the Taking of
Evidence Abroad in Civil or Commercial Matters. No special laws exist in either jurisdiction for
the evidence sought.
To ensure these documents are properly received in evidence in the US, which two are accept-
able methods of requesting such evidence?
A. Letters rogatory through the authority designed by Venezuela or other authority

allowed by such law
B. Transmission of the discovery request to the target of discovery
C. Transmission through a private party, such as an attorney in Venezuela, if private
law so provides
D. Issuance of subpoena duces tecum and scheduling of place and time for the party to make
itself available for examination
148
CHAPTER 8
FINANCIAL
CRIME
INVESTIGATIONS
INTRODUCTION
Whether it is uncovering evidence of bribes paid to public officials

or uncovering the true source of laundered funds hidden behind
layers of nominees and front companies, successful detection
and prevention of financial crime is often the result of long and
rigorous investigation. Just as all financial criminals share certain
strategies to perpetrate their misdeeds and conceal the illicit pro-
ceeds, the specialists charged with uncovering their wrongdoing
also share common investigative tools and techniques.
149
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
This chapter describes some of the key methods to Civil law courts are generally not bound by prece-
investigate financial crimes and gather evidence dent and are restricted to what is contained in the
in compliance, enforcement and regulatory cases. law. Judges within the civil law system are usually
In some respects, except for a few notable differ- specially trained judicial officers with a limited abil-
ences such as grand juries, the procedures and ity to interpret the law.
tools available to financial crime specialists in the
private and public sector are similar. Consequently, Civil law is primarily contrasted with common law,
the investigative techniques presented here are which is a legal system that developed historically
designed to be applicable to a wide range of finan- in Anglo Saxon societies, especially in England and
cial crime matters. its colonies. Common law countries are most nota-
bly represented by the United Kingdom—members
It is important to note that the legal and investiga- of what was historically called the British Common-
tive techniques in financial crime are often closely wealth, such as Canada, Australia, New Zealand,
related. In many cases, a financial crime specialist India, Pakistan, the English-speaking Caribbean
will be conducting an investigation as part of a legal islands—and the US.
action or in cooperation with a legal professional. In
criminal and civil cases, the financial crime special- The US inherited and adopted this legal system
ist must take care to conduct investigations in a way from England. Historically, civil law and common
that ensures their findings can be used as evidence law differed in that common law developed from
in a legal proceeding. As such, understanding some customary practices and court decisions that
of the key legal principles underpinning civil and established legal principles that were followed over
common law systems, as well as criminal and civil time by other courts and became the “common law”
cases, is a necessary starting point for a financial or precedent. The precedents are applied by courts
crime investigation, as is discussed below. unless legislation prohibits or modifies a common
law precedent.
CIVIL LAW AND Over time, many jurisdictions have incorporated

COMMON LAW SYSTEMS characteristics of both systems so that mere cod-
Civil law is a legal system rooted in Roman law. It is ification and adherence to written laws is no lon-
the most prevalent and oldest surviving legal sys- ger the defining characteristic of a civil law system.
tem in the world. Its primary feature is that laws are Mixed systems that combine aspects of both com-
written into a collection, codified and, for the most mon and civil law systems may be found in jurisdic-
part, not determined by judges, unlike most com- tions such as Scotland, Louisiana, Namibia, the Phil-
mon law systems. ippines, Quebec, Sri Lanka, Mauritius, South Africa
and Zimbabwe.
In a civil law country, legislation is deemed the pri-
mary source of law; it determines the rights, reme- The most notable continuing difference between
dies and actions available in a civil law jurisdiction. civil law and common law is in the approach to
Unless there is specific legislation allowing for a codes and statutes, as well as in the remedies and
particular procedure, that procedure is generally procedures available to resolve claims and disputes.
not available in that jurisdiction. In civil law systems,
courts and judges tend to be inquisitorial, often KEY DIFFERENCES IN CIVIL LAW AND
asking the questions that in a common law system COMMON LAW SYSTEMS
would be the province of the prosecution/plaintiff In civil law countries, legislation is seen as the pri-
or defense counsel. mary source of law; therefore, courts base their
150
judgments on the provisions of codes and statutes

from which cases are resolved. Courts under the
civil law system have to reason on the basis of gen-
eral rules and principles in the provisions of the code,
sometimes drawing analogies from other code pro-
visions to fill in gaps in the law or achieve coherence.
By contrast, in the common law system, case law

is the major source of guidance, providing rules of
conduct, liability, interpretation of statutes, doc-
uments, actions and contracts. Courts in common
law countries are frequently asked to apply to the
facts of the case legal principles that are derived
from precedents. Common law courts often fashion This difference can be illustrated by the following
legal remedies that are not specified in a statute. example. A bank officer embezzles money from
accounts under his control or supervision.
Legal proceedings under the two systems also vary.
Civil law courts are generally inquisitorial, with the Under criminal law:
judge acting as fact-finder in the case. Civil law judges
• The officer could be charged and prosecuted
may ask the parties questions designed to see how the
for theft as a crime defined by the legislation of
facts of the case square up against the requirements
the jurisdiction in which the incident happens.
of the code. Common law proceedings are adversar-
Under most legal systems, the accused would
ial, with a prosecutor and defense attorney or plaintiff
not be required to testify and would be entitled
and defendant squaring off against each other.
to a presumption of innocence. The burden of
proving guilt would fall upon the prosecution,
For a financial crime specialist, recognizing the type
which must usually meet a standard of guilt
of system that may be available or applicable in a
beyond “reasonable doubt.”
given case is important. This can help in evaluating
which jurisdiction may be more appropriate to initi- • In most common law and some civil law systems,
ate or pursue claims or litigation, as well as in deter- the accused is entitled to a jury to try facts and
mining the cost and effort of pursuing a claim, and determine guilt, although he may waive that
the likelihood of success. right and be tried by the judge only.
• Upon conviction, the accused (defendant)
may be subject to imprisonment, fines and
CRIMINAL LAW AND CIVIL LAW suspension of certain privileges, such as special
Criminal law is the body of law involving the state licensing or the ability to be hired by a bank
against individuals (including corporations, legal in the future. In some cases, the court may
entities, and other organizations), in which the state order the defendant to pay restitution or other
relies on statutory powers. compensation to the financial institution or the
account holders as victims. The court may also,
Civil law, in this context and not to be confused with where allowed, order the forfeiture of assets
the civil law system described earlier, is the area identified as proceeds of the criminal activity.
of law that deals with disputes between individu-
als and/or organizations, in which compensation or
monetary damages may be awarded to the victim.
151
In a civil case: either paid by the plaintiffs or recovered through

• Aggrieved victims (as plaintiffs) would sue or the proceeds of judgment.
bring a legal action against the bank officer (as
defendant) for restitution.
PRIVATE VS. PUBLIC
• In this type of proceeding, the victims need INVESTIGATIONS
only establish his case by a “preponderance of
The techniques used to gather evidence vary with
evidence1” to win.
the type of investigation — public or private — and
• A jury trial may be available in common law the jurisdiction. Generally, a public investigation is
jurisdictions; however, in some jurisdictions, conducted by a grand jury, law enforcement agency
a unanimous verdict is not always required. or a government regulatory body. Accordingly, it
If the plaintiff prevails, the court can order deploys all the powers and authority granted by the
the defendant to pay restitution and other government for such actions.
compensatory damages.
A private investigation may be conducted by a vari-
If you have the choice, consider the following fac- ety of private sector financial crime specialists who
tors in determining whether to proceed criminally can be investigators, forensic accountants or law-
or civilly in a case: yers, all of whom may be
Criminal prosecutions are driven by the prosecu-
tor. Although the victims may have a say in the pro- supported by investigative analysts, whom the
ceedings, such as providing testimony and offering government usually calls intelligence analysts.
statements in support of sentencing, the prosecutor Although the government usually confers no inves-
has ultimate control over strategy and tactics in the tigative powers on these private sector individuals,
case. The costs of criminal prosecutions are borne they are armed with powerful weapons under the
by the government, and the prosecutor has a wide equitable powers of courts, and the bankruptcy
range of resources to use in gathering evidence in and insolvency and other laws. In some instances, a
support of the case. In some civil law jurisdictions, a private individual or firm may be hired by a govern-
private party can join in a criminal proceeding; this ment agency to assist in an investigation or file suit
is not the practice under common law systems. on its behalf.
In civil proceedings, victims have much more input Different types of financial crime investigations
in the conduct and course of the case. Plaintiffs can be pursued depending on the jurisdiction and
select and retain the attorney to represent them. the facts of the case. It is important to understand
However, the costs are the responsibility of the these actions to know what types of investigative
plaintiffs, except in some situations where legal approaches should be used in each situation.
counsel has undertaken the case on a contingent
fee basis. This means counsel is compensated based
on a percentage of the judgment obtained. In a civil
case, the plaintiffs do not have the resources avail-
able to public prosecutors, and the cost of investi-
gation and other technical aspects of the case are
1 Though it cannot be reduced to a formula, preponderance of evidence is generally understood to mean the level of evidence
needed to make it appear more likely than not that what a claimant seeks to prove is true.
152
INVESTIGATIVE TECHNIQUES application of funds analysis is being prepared,

then the beginning and ending balances will be
There are countless investigative techniques that
identified as part of this computation.
can be used in financial crime cases. Often, it is only
the ingenuity of the financial crime professional, Compulsory power to obtain testimony. As with
including the investigator, forensic accountant, the power to obtain records that is shared by pub-
compliance officer, lawyer and investigative analyst, lic and private sector investigative teams, they can
which limits the investigative approach that may be also -- in most jurisdictions -- take the testimony
applied in a challenging case. of witnesses. In certain cases, government inves-
tigators and lawyers may compel testimony of wit-
The following lists some but not all the investigative nesses even if they do not wish to cooperate.
techniques and tools that may be used by private
and public financial crime investigators, along with This testimony may explain records and transac-
the benefits and restrictions applicable to each. tions, clarify relationships, identify leads, establish
organizational structures, etc. Records and docu-
Compulsory power to obtain documents. This pow- ments do not speak for themselves and are often
erful tool, which is available to both private and pub- created to mislead. Interviewing skills are criti-
lic sector investigative teams through subpoenas, cal, and should be honed by all members of a pub-
requests for production and the like, compels pro- lic and private sector investigative team in order
duction of records through an agency summons, a to enhance their ability to elicit crucial facts and
grand jury subpoena or a statute providing these pow- uncover relevant leads.
ers. It allows the investigator to follow money flows
through bank accounts, brokerage companies, asset Telephone wire interception. Public sector law
purchases, nominee owners, shell companies and pri- enforcement agents and some regulators may
vate individuals. The discovery of one document may obtain court authorization, based on probable
trigger a domino effect in which one piece of evidence cause to intercept telephone conversations under
flows directly to another lead and evidence. tightly restricted conditions. These recorded con-
versations can provide “smoking gun” evidence
The analysis of bank accounts, for instance, is a in some cases.
three-step process that can lead to many other
investigative angles: Search warrants. Court orders are required for
1. List, group and analyze all inflows (deposits) search warrants. There are no limits to the evi-
of money. Follow the domino chain backwards dence that can be obtained by a well-drafted and
to determine the source of each deposit and properly executed search warrant (the evidence
continue tracing until the ultimate source of seized must fall within the four corners of the war-
funds is identified. rant). The seizure may be financial information, vid-
2. List, group and analyze all outflows (checks eotapes, transaction records, contraband or many
or debits) of money from the account. Follow other things.
the chain of the outflows until their ultimate
destination is determined. This may be the Computer seizures and evidence recovery. This
purchase of multiple assets after the money may be obtained through a search warrant and
has passed through many accounts. requires special computer forensic skills to ensure
the recovery and admissibility of the evidence. The
3. Identify the balances in the account at key
investigator should always be mindful of the chain
moments, depending on the needs of the
investigation. For example, if a source and
153
of custody requirements in seizing and safekeeping ing country, to undertake the requested specified
an item for presentation as evidence in court. assistance. The assistance may include obtaining
bank records, interviewing witnesses, executing
Electronic surveillance. Any surveillance using search warrants or any other specified investigative
electronic equipment that invades the expected or evidence gathering procedure. Generally, a for-
privacy of an individual usually requires a court mal mutual legal assistance request is based on a
order. This could involve eavesdropping equipment, bilateral or multilateral global or regional treaty, or
long-range video devices, wireless intercepts, etc. a letter rogatory.
In most jurisdictions and circumstances, a private
sector investigator would not be permitted to con- Undercover operations. In public sector investiga-
duct these surveillances and utilizing them could tions, an undercover operation typically requires
constitute a criminal violation. authorization and official approval before it can be
started. The undercover operation may continue for
Bi-national and International Mutual Legal Assis- the period of time that is authorized. Undercover
tance Treaties (MLAT) and less formal mutual operations conducted by the private sector must be
assistance. Mutual legal assistance is the process mindful of the risk of violating privacy laws.
of requesting or providing evidence and information
from one country to another for use in a criminal Physical surveillance. Both public and private inves-
investigation. The request can be formal or informal. tigators can engage in surveillance with restrictions
A formal request may originate in an investigative and advantages for each. This can include exam-
agency in the requesting country but must follow ples such as tailing an investigative subject or his
the procedures that the requesting country speci- associates, or staking out a location to track the
fies. Usually an international request for assistance movements of a target. Surveillance can help locate
is transmitted through the country’s designated assets (bank accounts, real property, brokerage
“National Central Authority,” which is the name of accounts, boats, cars, etc.) and criminal associates,
a nation’s office that coordinates international law and identify patterns of activity and establish prob-
enforcement assistance with and through Interpol. able cause for search warrants.
In the US, the National Central Authority is located in
the US Department of Justice. The National Central Another investigative tool is garbage pickups. Prop-
Authority, or Bureau as it is called in the US, also often erly conducted, garbage pickups can provide con-
serves as the intermediary between a nation’s law siderable evidence and lead to hidden assets, fronts
enforcement agencies and Interpol in Lyon, France. and associates. Law enforcement agencies must
ensure that information obtained from both sur-
Requests for assistance may also be required to veillance and garbage pickups is legally admissible
be transmitted through diplomatic channels to the and that the process of obtaining the information
central authority of the “receiving country” and, was proper in the jurisdiction where the garbage
finally, to a law enforcement authority in the receiv- pickup occurred.
MLATs are a key tool for law

enforcement in cross-border
investigations
154
Private sector investigators should also be on firm For example, the US FIU is the Financial Crimes
ground concerning the legal requirements of these Enforcement Network (FinCEN) Canada’s is Fintrac.
types of investigative techniques to avoid trespass- FIUs generally collect, collate and analyze substan-
ing or other violations. tial amounts of financial information, much of which
is derived from reporting forms that the financial
Informants. Government agency investigations and business communities of a nation are required
have strict guidelines for the use of informants, while to submit, including suspicious activity reports.
the private sector has few or no restrictions. Infor-
mants usually request anonymity, which may make Information obtained from these sources may serve
their information inadmissible but still a source of as evidence or extremely valuable intelligence and
excellent leads and intelligence. Mandatory disclo- leads. In most cases, the information obtained by
sure to the defense in some jurisdictions may com- FIUs, particularly suspicious activity reports, is not
plicate the use of informants and create evidentiary available to the private sector directly from the FIU,
and security problems. Similar problems rarely but may often be subpoenaed or obtained by other
exist for the private sector. The risks and benefits of legal process from the opposing party that filed a
using information derived from informants must be form. The private sector also does not have access
carefully weighed by both sectors. to the records and assistance provided by Interpol,
whose headquarters is in Lyon, France.
Recording conversations with one party consent-
ing. Public sector investigators can obtain authori- Civil society information. Numerous private sec-
zation, often required from a court, before record- tor organizations that serve as watchdogs, such
ing conversations where one side consents. This is as Transparency International, Open Society Jus-
a significant tool in obtaining evidence and is simi- tice Initiative, Sherpa and Global Integrity, employ
lar to a telephone intercept except that the level of investigators, forensic accountants and attorneys
probable cause required to be shown is generally to gather evidence and intelligence against corrupt
less stringent. In some, but not all, states in the leaders and politicians. Occasionally, they use this
US, a private sector asset recovery team member information in lawsuits to recover assets for the
may record a conversation, either on the phone or victims of corrupt regimes. Other times, the infor-
in non-electronic circumstances, when one party to mation is used for publications and offered to law
the conversation consents. Some jurisdictions allow enforcement and private sector investigators to
this activity by non-government entities, while oth- help bring corrupt officials to justice. This intel-
ers, such as Florida, make it a criminal violation. ligence can be extremely valuable to private and
Careful research of the law in the jurisdiction where public investigators. The private sector and law
operating is essential in these situations. enforcement can use the information as intelligence
and leads to assets. Creating working relationships
Informal international assistance. There are many with these groups is often very productive.
routes of productive informal, non-treaty, interna-
tional assistance that are available to private and
public asset recovery team members. Examples
of informal MLA requests include the use of Inter-
pol, embassy contacts, police-to- police actions, or
national Financial Intelligence Units (FIUs) of the
Egmont Group.
155
A financial crime investigator will benefit from

knowledge in search engine optimization and effec-
tive searching. The exact same keyword search
in multiple search engines will generate differ-
ent results and rankings. Each search engine uses
metadata differently and will often rank content
differently when delivering the results of an online
search. As an investigation continues, one should
develop a list of search engine keywords for inves-
tigations. The list could include multiple aliases of a
subject and names of shell corporations.
The search engine industry has shifted from provid-

OPEN-SOURCE INTELLIGENCE ing purely text content results to include other results
Open-source intelligence (OSINT) is information in searches, such as videos and photos. These results
that is publicly available and accessible; yet OSINT, are known as Blended or Universal Search Results
although publicly available, is not necessarily free and they are useful to financial crime investigators,
or easily discoverable. OSINT gathering will play a as following a result on a seemingly irrelevant photo
powerful role in most investigations. It contributes may link one to a more useful content page. Effec-
to the foundation and justification for more intru- tive searching investigation should include visually
sive evidence and information collection methods. scanning and checking images and video. Also, when
checking a page source, one should scan for com-
OSINT does not require a court order to obtain. ments that are related to a video or image.
The collection techniques used for OSINT are
not intrusive. SOCIAL MEDIA, BLOGS AND
MICROBLOGGING
There are several types of OSINT sources: Social media sources can be extremely helpful in a
• Online Searching and Web Content financial crime investigation. A photo, a comment
or a tweet may be enough to establish a timeline or
• Social Media, Blogs and Microblogging location of someone that may be of interest. Social
• Media Outlets and News Sources media is also an excellent source of investigative
• Geospatial Open-Source information from people who may be observing
and documenting fraudulent activity for distinct
• Public Records motives or a sense of duty.
• Professional Conferences and Live Events
• Observation and Reporting Social media includes sites such as Facebook, Linke-
dIn and LiveJournal. Online profiles have varying
ONLINE SEARCHING AND WEB CONTENT levels of security, but even a search that generates
a main social media page can show some contacts
A growing and easily accessible source of OSINT is
for further searching; people are not always selec-
Internet searching through search engines. These
tive about “friending” or “connecting.” Dating sites
are among the best known and frequently used
(eHarmony, POF, etc.) often have online discussion
online tools worldwide, and include sites such as
Google, Bing and Yahoo.
156
boards that are open and searchable with or with- forms can be useful sources of real-time informa-
out an online dating account. tion about a subject. In more than one case, photos
and other information posted to social media sites
“Microblogging” platforms are sites where users have helped to track and locate suspected finan-
share and contribute short messages or photo and cial criminals.
video content, such as Twitter, Tumblr, Facebook,
Instagram and Pinterest. Microblogging can be a MEDIA OUTLETS AND NEWS SOURCES
powerful and extremely fast way to move a message. The media are powerful sources of open-source
Content is typically generated and buried quickly, information. A financial crime specialist will want to
and microblogging platforms have tools to com- research beyond the media releases that are freely
ment (or “like”), and share and spread it. Depend- available from search engine results. Media includes
ing on the audience, messages can be transmitted newspapers, journals and other publications, and
in extreme short-hand or particular style than is radio and television broadcasts. Some of the major
difficult to parse if you are not the intended audi- online newspapers require online subscriptions to
ence. Since users often update them once or many access their material, which may require a fee but
times a day, microblogging and social media plat- will be more effective than searching a stack of
PRACTICAL EXAMPLE: FINDING MARY

Commercial record databases have evolved to • A possible date of birth
where almost all public information is available • Street level photos from all angles of the
online. Hundreds of websites now provide access front of her house
to this information, some at no cost and others
for a nominal fee. To test the ease of acquiring • Photos of her with her grandchild
this information, a person with average search • A corporation of which Mary was an officer
engine capabilities was asked to locate a person • The corporation’s annual filing reports
and find as much information as possible in 30
minutes. The person was provided with a name, This was the tip of the iceberg. If the researcher
an approximate age, and three possible cities of had invested $9.95, the discovered information
residence. We will call the person Mary. would have quadrupled.
Within the allotted time, the following informa- The advent of social media, such as Facebook,
tion was found on the Internet at no charge: LinkedIn, MySpace and others, has put invalu-
• Mary’s current and previous two addresses able personal information at every financial
crime specialist’s fingertips. Today, people post
• The current value of her house
almost everything online, including information
• A map of the house including aerial views about friends, travel, assets or even their bank.
• The names of her neighbors Postings on Facebook, Twitter and other social
• Her telephone number media exchanges range from daily activities to
personal pictures, making them crucial resources
• Names of relatives for investigations.
157
county seat where the property is located, and each

county would need to be visited and the property
records manually searched through mountains
of handwritten logs. Today this same search, for
the entire US, can be conducted in minutes from
the desktop computer of an investigative analyst,
investigator, forensic accountant or other financial
crime specialist.
Here is a sampling of the information that can be

easily found through a simple Internet search:
• Locations of people
newspapers. Online publications also often allow • Telephone numbers
user comments, which can lead to further resources.
−− Reverse phone number lookups
Radio and television broadcasts may end up, legally • Marriage records
or not, posted to other social networking sites. Most • Divorce records
of the main US broadcasting companies maintain
some of their content online for search or upon • Birth records
request. Access to the full content may require a • Death records
subscription or fee and a good Internet connection • Corporation records
for streaming large files.
−− Officers, directors and registered agents
GEOSPATIAL OPEN-SOURCE −− Address and type of business
Geospatial information is the equivalent of a virtual −− Annual reports
globe, such as GoogleMaps or Google Earth. These • Fictitious name (“doing business as” or “DBA”)
tools display advanced information and update their company records for sole proprietorships and
content frequently. partnerships
While the data will not be real-time, users may also • Criminal history records
create custom maps to update places of interest and • Court records
obtain other information. This can aid in tracking a • Names and salaries of government and
subject’s activities by potentially revealing details corporate employees
of his or her current location and helping an investi-
gator review locations and confirm addresses. Tools • Business and other government-required
such as Google Maps allow an investigator to get a licenses (liquor, building permits, etc.)
good view of a location, which can be very useful. • Public records by state
• Real estate records
CONDUCTING AN INTERNET AND • Adoption records
PUBLIC RECORD DATA SEARCH • Universal Commercial Code (UCC) filings
Not long ago, checking the real property ownership
of an investigative subject might have taken months. A simple example, from a commercial database and
Real estate ownership in the US is registered at the a social media posting, can demonstrate the power
158
of these investigative inquires in financial crime an expensive coastal area. The husband is a public
investigations. official earning a mid-range salary and is suspected
of taking bribes or kickbacks. A former friend of the
Example 1: An informant says the subject of an wife disclosed the Facebook posting. A commercial
investigation was divorced two years ago, but the database search reveals no property owned by the
location is unknown. A commercial database search public official in the coastal town.
reveals the county and state of the divorce. A fur-
ther inquiry discloses that there was a property A subsequent Facebook posting by the wife states
settlement agreement. A copy of this agreement, that she is looking forward to a trip to their new
obtained online for a fee, reveals two bank accounts vacation home this weekend. A surveillance of the
and a Mercedes-Benz vehicle, traced to a dealership. wife and husband Friday evening leads investiga-
Contact with the Mercedes-Benz dealership reveals tors to the property. County records indicate the
a financial statement that discloses additional bank vacation home is in the name of a shell corporation.
accounts and property. A simple Internet search Numerous investigative leads will follow from here,
uncovered more than $1 million in assets. including the tracing of money used to purchase
the property.
It should be noted that bank accounts are usually
found by tracing financial transactions and follow- Meaningful OSINT collection requires creativity,
ing each lead. There is no Internet or government time and monitoring of trends in online tools. A
database of bank accounts. financial crime specialist also needs a deep under-
standing of the industry or individual they are
Example 2: The wife of the subject of a financial researching to conduct productive searches.
crime investigation has just posted on Facebook
that she is very happy with the new penthouse
vacation home that her husband has purchased in INTERVIEWING TECHNIQUES
Few skills are as important to the success of a finan-
cial crime investigation as the command of inter-
viewing techniques. Understanding the different
types of these techniques and their pros and cons is
essential to the success of the interview, especially
in financial crime cases.
INTERVIEW VS. INTERROGATION

To appreciate the art of interviewing and, in partic-
ular, financial interviewing, it is important to know
the difference between interviewing and interro-
gating. The main difference is in the objective.
FIGURE 1 – A Sign Outside the Panama City Headquarters of
In an interrogation, the investigator has a single
Mossack Fonseca, the Law Firm Whose Records Were Leaked
objective: To learn if the suspect committed the
in the “Panama Papers.” One of the Largest Data Leaks of All
crime or is responsible for another thing the investi-
Time, the Panama Papers are Publicly Available Online, and
gator is seeking to prove or disprove. If not, who did
Have Led Law Enforcement Agencies Around the World to
it? The investigator is looking for confessions and
Launch Corruption and Tax Evasion Investigations.
admissions, asking simple and direct questions and
159
expecting simple and direct answers. The question- copies must be obtained. It is important to
ing is accusatory in nature. understand the motivation of third-party
witnesses, and one must ensure that facts are
In an interview, particularly a financial interview, the not selectively provided.
investigator attempts to develop a rapport with the • Interview of parties who are represented and
witness and looks for detailed answers. Financial not represented by lawyers. In planning to
interviewing involves systematically questioning interview witnesses, cooperating individuals
individuals with knowledge of the events, the people and subjects, it is important to understand
involved and the physical and intangible evidence: and respect the attorney-client relationship.
Represented parties should not be contacted
• Subject interview (custodial or non-custodial). directly, but only through their attorneys,
Custodial interviews by a government depending on the laws of the jurisdiction.
investigator often require the obligation to Failure to identify and acknowledge legal
provide warnings about the right to counsel. It representation can prove devastating to one’s
is critical to document the recitation of required investigation and the admissibility of evidence.
warnings in the country where the interview was
conducted and to remain aware of perceptions
regarding implied custody. The subject must AFFIDAVITS
also understand his ability to walk away, if
An affidavit is a written statement of the witness’
any. In conducting a non-custodial interview,
testimony, made under oath by the witness. It is an
it is important to consider and prepare for
effective tool for locking down testimony of poten-
the likelihood of obtaining incriminating
tially hostile or unreliable witnesses.
statements. Consider protections, perceptions
of custody and other factors in charting your
Keep in mind the following:
course of action.
• The affidavit must be voluntary.
• Interview of cooperating witness. Cooperating
persons can provide intimate details about the • Attester must give oath before a person having
actions, comments, records and assets of a authority to administer the oath.
subject. It is important to maintain transparency in • The affidavit is usually prepared by the
negotiations with a cooperating witness to prevent interviewer, but may be prepared by the
the perception of a quid pro quo arrangement witness, providing it addresses all of the
– i.e., “tell me what I want to hear and I’ll give necessary issues.
you what you want or need.” Informants are apt • It may be constructed contemporaneously at
to manipulate facts and circumstances to fit a the time of the interview or prepared later from
current need. All statements by cooperating the interview notes.
individuals must be corroborated.
• The person signing the affidavit must sign each
• Interview of non-cooperating witness. Other page and initial any changes or corrections.
third-party witnesses can provide information,
leads and documents. Properly document • The affidavit must be signed by the person
all witness contacts and statements. Any taking the oath and (preferably) a witness.
documents received must be authenticated
and the chain of custody established. Any lead
documents need to be followed up, and certified
160
RECORDED TESTIMONY admissible in court. The rules of evidence governing

admissibility vary from country to country.
Recorded testimony may be obtained through
depositions or question-and-answer (Q&A) ses-
Intelligence takes several forms and comes from a
sions. A deposition is testimony taken by counsel
variety of sources:
before trial in which the “deponent” answers ques-
tions under oath. The deposition is often under- • Human intelligence, such as undercover
taken under court order (subpoena) and recorded operatives, confidential informants and
by a stenographer or mechanical recording device, eyewitnesses
or both. A lawyer, or sometimes an investigator, • Open-source intelligence, such as the
poses questions to the deponent or witness. Internet, radio and television broadcasts, and
publications
Remember that the following:
• Signals intelligence, which includes electronic
• Obtaining recorded testimony usually requires eavesdropping
the consent of the witness. Consent must be
obtained before the recording device is turned Evidence must be relevant and bear some relation-
on and should be obtained again as part of the ship to the matter being litigated. It must be material
recorded proceedings. and directly or circumstantially prove or disprove
• Although this is an effective technique some part of the matter being litigated. It must be
for locking down testimony of hostile or competent and meet legal rules of admissibility.
uncooperative witnesses, copies of the original
recording are discoverable in many jurisdictions. Examples of evidence include the following:
The interviewer’s demeanor, recorded • Commercial records obtained by a subpoena
comments and method of eliciting information and introduced by the records custodian
are also recorded and subject to attack by the of a company
opposing side in the case.
• The statements of a defendant, knowing
• The taping should not be shut off once the his right to counsel, made freely to a law
session begins. Any interruptions to the enforcement agent
recording should be explained before the
• Facts observed by law enforcement during a
recorder is stopped (why) and after it is
legal surveillance, except hearsay
resumed (what was discussed).
• Official government records legally submitted
• In most jurisdictions, the non-consensual
by the agency
recording of a party to a live or telephone
conversation is illegal without a court order. • Testimony of a witness at trial (Note: An affidavit
or other written witness statement taken during
the investigation is generally not admissible by
INTELLIGENCE VS. EVIDENCE itself at trial)
The key difference between intelligence and evidence Examples of intelligence and inadmissible evidence:
is admissibility in court. Intelligence is information
that is not generally admissible because it does not Example 1: An investigator obtains a non-consen-
prove a relevant fact. Generally, its source or the sual recorded telephone conversation of a target
manner in which it was collected may not be revealed. discussing his foreign bank accounts. The intercept
Evidence is information that meets the standards of was conducted without a court order. The infor-
reliability according to the rules of evidence and is mation is both relevant and material to the matter
161
now being tried; however, because of the way it learn what the rules are before undertaking evi-
was obtained, it is not admissible. In most circum- dence- gathering.
stances, any legally obtained information received
as a direct result of the illegal intercept often would Special investigative techniques. In government
not be admissible in court proceedings either, under cases, it is very important to know how evidence
the so-called exclusionary rule2. will be obtained in the requested country if “special
investigative techniques” will be involved. The juris-
Example 2: A news article reports that the alleged diction that is gathering the evidence may have a
ringleader of a fraud scheme has a shell corporation lower standard of probable cause to obtain autho-
in Panama. This is good intelligence, but is not con- rization for the use of invasive procedures, such as
sidered admissible as evidence unless introduced by wiretaps, search warrants and electronic surveil-
someone who has direct knowledge of the account. lance. This may cause the evidence to be ruled inad-
missible when it is introduced in court in the juris-
diction of the requesting country.
FINANCIAL CRIME INVESTIGATIONS
ACROSS INTERNATIONAL BORDERS Dual criminality. In a government financial crime
Instances of large-scale corruption, money launder- case, where the assistance of a foreign nation is
ing, fraud and asset recovery often require assis- requested, it is important to know if the requested
tance from other nations and jurisdictions, which nation requires that the offense being investigated
may have different laws on collection of evidence, qualify as an offense in both jurisdictions before
taking of testimony, investigative procedures and assistance will be rendered.
the level of cooperation afforded to other countries.
For example, most countries criminalize income
When seeking foreign assistance in a government or tax evasion, but Switzerland does not. If a mutual
public-sector case, or when a private sector financial legal assistance request is sent to Switzerland for
crime team seeks to obtain records in another coun- evidence to be gathered in support of a criminal
try, it is important to understand the procedures that income tax investigation, it will be denied.
must be followed to obtain the required evidence.
The following issues may affect the admissibility of One should keep the following considerations in
the evidence that is obtained in that fashion. mind when considering sending a request to a for-
eign nation for assistance:
Testimony of witnesses. If the goal is to use testi-
mony as evidence and the witness will not be avail- • What does one need to ensure that the
able to attend the proceedings in the home country, information gathered in the foreign country
it is important to ensure that correct procedures will be admissible as evidence when it is
are followed during the interview of the witness transmitted?
to preserve the evidence for later use in trial. It is • What are the legal and statutory requirements
necessary to understand the procedures that the of the foreign country? For example, if one is
court will require to admit the testimony of a wit- attempting civil asset forfeiture (non-conviction
ness questioned in a foreign jurisdiction. Some based) and wants assets frozen in a foreign
jurisdictions require that counsel for both sides be jurisdiction, does that country have laws that
present during the questioning. Others require the allow non-conviction-based seizures and
testimony to be taken before a judge. One should forfeitures?
2 This is often referred to as “fruit from the poison tree.”
162
• Is one legally compelled to inform the subject TAX AND SECRECY HAVENS
of the investigation of the assistance being
Although we covered these extensively in the Tax
requested in the foreign country? For example,
Evasion and Enforcement Chapter, we will briefly
obtaining testimony of witnesses that the
mention them here. Because of their obvious ben-
opposing side may not be able to interview
efits, tax and secrecy haven countries are favored
may result in the statements being deemed
locations of tax evaders, fraudsters and other finan-
inadmissible.
cial criminals to hide unreported income and crimi-
• Will the subject of the investigation be notified nally derived proceeds.
of the requested assistance by the foreign
authorities? Some countries require the holder Secrecy havens are nations, or jurisdictions
of a bank account to be notified prior to the within nations, that typically have the following
disclosure of records to the government. characteristics:
• What level of probable cause is required to
authorize certain enforcement actions or • Few or no taxes
investigative techniques, such as searches • Lack of effective exchange of tax information
and seizures? with foreign tax authorities
• Lack of transparency in the operation of
The best way to answer these questions is to con-
legislative, legal or administrative provisions
tact the proper authorities in the foreign country
prior to sending a formal request for assistance. • No requirement for a substantive local presence
Another source of helpful information may be the • Self-promotion as an offshore financial center
appropriate legal or other attachés in the embas-
sies of one’s country. Requestors should always In recent years, many regions or countries that his-
follow their agency’s internal rules and procedures torically had reputations as secrecy havens, such
in making contact with foreign authorities. Often, as the Cayman Islands and Switzerland, have taken
a phone call to the appropriate person in the for- steps to reform their financial systems and intro-
eign jurisdiction, or to one’s embassies overseas, duce greater transparency. But new havens have
will provide answers to these questions, save time opened their doors, and some in unexpected loca-
and ensure that the evidence is admissible at trial. tions, like the US states of Delaware and Nevada. It
is often very difficult to obtain useful information
One should always keep in mind the resources of on beneficial owners, accounts, legal entities or
one’s embassies throughout the world and the companies in these secrecy havens.
embassies of foreign nations in your country’s capi-
tal city. The US, for example, has embassies or mis- This difficulty may arise because the jurisdiction
sions in more than 150 countries, and, in Washing- restricts what information can be provided in investi-
ton, DC, more than 150 countries have embassies gations, or because accurate information on account
or missions in Washington, DC. All these embas- or business ownership is not collected in the first
sies have officers or attachés that are capable of place. Delaware, for example, does not require any
answering pertinent questions. In all US embassies, information on the true owners of a corporation to
for example, there are representatives of federal be provided at time of incorporation, leading investi-
investigative agencies, such as the Federal Bureau gators to dead ends when they pursue a source to a
of Investigation, whose representatives in foreign shell corporation formed in that state. More informa-
embassies are called Legal Attachés or “Legats.”
163
US SECRECY HAVENS
In recent years, national governments of many ficial owners at the time of company formation.
nations, as well as international bodies such as Likewise, no information on the true owners of
the FATF, have highlighted the need for corporate companies is available from Delaware’s corpo-
transparency to help combat money laundering rate registry. Delaware corporations that do not
and tax evasion. Although the US has partici- actually do business in the state of Delaware do
pated in these calls for transparency, critics have not need to file annual income tax reports or
justifiably highlighted the fact that the country company financial statements, allowing the com-
plays host to its own secrecy havens, in the form pany’s financial records to remain private. The
of states with very lax incorporation laws. state also allows for company formation agents
to conduct incorporation, and for the company
Four US states in particular, Delaware, Nevada, to be held in the name of nominee directors and
Oregon and Wyoming, have emerged as popu- shareholders.
lar locations to form shell companies because
of the almost complete anonymity in the com- Despite the increasing attention and public
pany formation process. Delaware is most nota- outcry over the role of US states like Delaware
ble because it offers very low taxes and minimal as secrecy havens, to date these states have
requirements for maintaining a company after resisted calls for increased transparency and
it is formed. stricter customer identification procedures. It
should be noted that the vast majority of com-
Most importantly, Delaware, along with several panies incorporated in Delaware and the other
other states, collects no information on bene- states highlighted are entirely legitimate.
tion on secrecy havens is provided in the Tax Evasion • Other related documents
and Enforcement chapter of this Manual. • Employee interviews
• Whistleblowers or anonymous tips
INFORMATION SOURCES FOR A • Physical property and assets search
FINANCIAL CRIME INVESTIGATION • Information on company structure, directors
Once a financial crime investigation begins, a finan- and ownership
cial crime specialist should start with the least
intrusive methods possible and conduct limited COOPERATING DEFENDANTS
initial interviews and discussions with people least Cooperating persons are usually prompted by simi-
close to the suspected financial crime. This will lar motivations as informants. They may be seeking
strengthen the information in hand before talking to avoid prosecution, or seeking a lenient sentence
to the person or persons directly implicated in the after conviction. They are looking to “cut a deal” or
financial crime. Information sources that are avail- gain favor in exchange for information or testimony.
able include the following: They can provide valuable information on financial
transactions and movements of targets and their
• Open-source intelligence accomplices. They may also identify co-conspira-
• Financial documents tors and lawyers, accountants and other “gatekeep-
164
ers” who assisted in purchasing, moving and hiding to provide helpful background information or
funds and other assets. They can also identify the potential leads.
origin and true ownership of assets derived from
financial crime. They may also be able to interpret A private company may have its own regulations
books and records. concerning employee cooperation in an internal
investigation, but it may not conflict with national or
FINANCIAL DOCUMENTS local law. Private company regulations may include
Financial documents are not limited to financial termination for not cooperating during a financial
statements but can include other financial records, crime investigation.
such as receipts, checks and checkbook ledger
and bank records. Financial documents provided EMPLOYER-PROVIDED MATERIALS
or made available by an entity normally require no If the cooperating entity in an investigation is an
court order. Many financial documents, such as an employer, it can usually provide employee e-mails,
employee’s personal bank statements, require a phone logs and computer usage without employee
court order if the employee is not willing to provide permission and knowledge. The e-mail server log
them voluntarily. A selection of some of the most can be useful to show outgoing attachments from
important and common financial documents will be an employee’s e-mail and their file sizes.
covered in detail later in the next chapter, Interpret-
ing Financial Documents. The materials that may be disclosed in investiga-
tions may depend on the laws and regulations of
RELATED DOCUMENTS the jurisdiction where the investigation takes place,
Important information about the culture of a busi- as well as the terms of the employment contract.
ness entity, including the financial condition and Investigators should consult legal counsel if there
direction or pressure from management, may be is a question whether it is legal and advisable to
learned from documents that are not necessarily of obtain and use employee records without consent.
a financial nature. A financial crime specialist should
ask to see an ethics statement for the company, as LEGAL CONSIDERATIONS
well as human resources policies and employee
contracts. If these documents do not exist, ask why. A financial crime specialist should know the legal
process and laws of his or her jurisdiction before and
Another useful document might be the internal bul- during the investigation. Even if the investigation is
letin that gives a sense of the management tone not part of a legal action, it must be documented
and style. If the company is publicly traded and has properly. Documentation should be preserved due
to file with the appropriate regulator, one should to the possibility of a legal proceeding.
review not only the financial documents that were
filed, but also the auditor’s report and other writ- An initial investigation may develop into a criminal
ten statements and footnotes associated with the investigation if it is discovered that criminal activity
financial filings and annual reports. has taken place or is in progress. Law enforcement
involvement may make it easier to obtain some evi-
EMPLOYEE INTERVIEWS dence, such as personal financial documents, for
review. These legal requests typically go through
When planning employee interviews, one should
the court. Evidence seized pursuant to a court order
start with the employees furthest removed from
must be obtained within the scope of the court
the potential financial crime but who are still able
order if it is to be used at trial.
165
Exhaustive open-source intelligence (OSINT) work Failure to follow the terms of the search warrant
and client cooperation can lay the foundation of an may render the evidence useless in trial.
investigation if criminal activity has not yet been
determined. Overt, open and non- intrusive evi- For a judge to approve a search warrant request, he
dence gathering will help determine if an investiga- or she must be shown probable cause that a suspect
tion needs to be escalated to a legal action. This will has participated in the criminal activity or com-
also strengthen the case made to a judge in request- mitted a crime.
ing a court order for more intrusive investigation.
SUBPOENA
COURT ORDERS The subpoena is the legal tool most commonly used
If a financial crime specialist has been retained by to obtain information. It is a legally enforceable
an employer to conduct an investigation, he or she command for a specified person or entity to produce
will probably have substantial access to files and records or things at a specified place at a specified
physical property, including the employee’s com- time, either with or without accompanying testi-
puter, electronic data and phone records. mony. A subpoena may be issued by a clerk of court
in connection with a legal proceeding; an attorney
A private sector financial crime specialist may also in connection with many national and state court
be engaged after a law enforcement agency has proceedings; and, in some cases, by law enforce-
begun an investigation. Evidence may have already ment officials and administrative agencies in con-
been seized and removed from the initial placement nection with their investigations and proceedings.
location before the private sector financial crime
specialist ever comes on the scene. During a criminal investigation in many countries,
a grand jury reviews the evidence and decides if
Regardless of the sequence of events, if an inves- the case will go to trial. Further evidence may be
tigator needs a court order to preserve, obtain, requested on behalf of the court through subpoenas.
search and protect information, he or she will likely
need the support of the court and law enforce- There is considerable variation in the subpoena pro-
ment agents to get it. Legal counsel should be con- cess from country to country and even within states
sulted once criminal activity in the matter has been and jurisdictions of certain countries. Generally, a
established. subpoena is a blank document issued by the court
clerk to be filled out by an attorney and then served
SEARCH WARRANT by law enforcement agents.
As an investigation grows, a financial crime special-
ist may need access to property and documents Individuals or entities that fail to comply with a sub-
to which a person has a reasonable expectation poena may be held in contempt of court, which may
of privacy and is not willing to grant permission to include monetary penalties or jail depending on the
access them. jurisdiction. Individuals or entities are subject to the
terms of the subpoena unless they can prove that
Law enforcement agents, usually through a pros- they do not have to comply with it.
ecutor, can request search warrants from a judge,
who may issue them with specific rules for seizing The subpoena process is not necessarily as fast as
and searching the evidence. A search warrant spec- that of the search warrant. A search warrant for
ifies the time, place and items that can be searched. public sector agencies may be preferable if infor-
mation must be seized immediately.
166
PRESERVATION ORDERS (LITIGATION ate steps to preserve it until a cyber-investigation

HOLD, HOLD ORDERS) is conducted.
A financial crime specialist conducting an investiga-
tion may find he or she needs to protect electronic Once important electronic material has been
data from being deleted, altered or otherwise “spo- located, it may be wise to seek a “protective” order
liated.” Due to the ephemeral nature of electronic to prevent a party from accessing, destroying, over-
data, which can be easily erased or overwritten writing or modifying it. “Litigation holds” may also
intentionally or accidentally, capturing and preserv- be imposed internally by companies that reason-
ing such evidence can pose a real challenge. ably anticipate litigation or by an attorney working
for an adversary. They are mechanisms to preserve
Some electronic data, by nature, is overwritten data while the legal issue is addressed and resolved.
quickly while some persists until a decision is made
to overwrite it. It is important to understand what
evidence can be overwritten, and take the appropri-
167
CHAPTER 9
INTERPRETING
FINANCIAL
DOCUMENTS
A financial crime specialist needs to interpret and handle financial

documents as if they will be used in a legal case. During the inves-
tigation, it may be hard to know what will be relevant, so you must
treat all documents as relevant evidence. This includes maintain-
ing the proper chain of custody and documentation.
A financial crime specialist should have working knowledge of the

industry related to the financial records he or she is examining, or
consult an expert that does. Knowing the industry will make per-
sons more effective in recognizing the red flags in the documents.
168
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
FINANCIAL CRIME VERSUS ERROR

One primary factor that distinguishes fraud from INTERNATIONAL FINANCIAL
error is whether the underlying action that results REPORTING STANDARDS (IFRS)
in the misstatement of the financial statements is
The International Financial Reporting Stan-
intentional or unintentional.
dards (IFRS) are a uniform, international
language for accounting and recording
Consider the overall accounting environment when
business transactions. They are designed
reviewing financial statements for red flags of
to allow company accounts to be under-
financial crime. A financial crime specialist should
stood and compared across international
review for the proper application of accounting
boundaries. The IFRS have been developed
principles and for changes in accounting estimates
in response to increasing globalization and
or accounting principles. Although they will not be
international trade, and they are particu-
reviewed in detail here, the financial crime special-
larly significant for companies with a mul-
ist should have at least an introductory knowledge
tinational presence. While their adoption
of “generally accepted accounting principles,” or
has been gradual in many jurisdictions, they
GAAP, in the jurisdiction in which the entity under
are progressively replacing the many dif-
review operates. There is no current internation-
ferent national accounting standards, such
ally used system of accounting principles, although
as “generally accepted accounting princi-
many nations have adopted the International Finan-
ples,” or GAAP, in the US. The rules are to be
cial Reporting Standards.
followed by accountants to maintain books
of accounts which are comparable, under-
When looking for red flags, the culture of the entity
standable, reliable and relevant to reviewers
under review is an important guide and possible
internally or externally.
source of information. Observation of the tone
of the company and the division of duties provide
IFRS began in the European Union as a way
important background information as financial doc-
to create an EU-wide accounting standard.
uments are collected and analyzed.
However, the value of harmonization quickly
made the concept attractive around the
Financial reporting fraud may include the following:
world. They are sometimes still called by
• Manipulation the original name of International Account-
• Misrepresentation ing Standards (IAS). The development and
implementation of the IFRS is led by the
• Misapplication
international organization the Board of the
International Accounting Standards Com-
Financial reporting fraud can also be a result of
mittee (IASC).
“earnings management,” as opposed to a larger
criminal conspiracy. Regardless of the reasoning
behind the financial reporting fraud, there can be
significant implications to investors that rely on this
information, as well as the employees, and the over-
all financial health of the entity. Fraudulent financial
reporting can also mislead business partners, ven-
dors and financial institutions about loans by repre-
senting an inaccurate financial picture.
169
UNDERSTANDING AND USING TYPES OF FINANCIAL STATEMENTS

FINANCIAL STATEMENTS The ability to understand bank and other financial
From a business and investment standpoint, finan- records is a critical skill in financial crime and asset
cial statements offer a view of a company’s perfor- recovery work. Banks and other financial institu-
mance and financial health for a particular period of tions keep various types of records, file various
time. For the financial crime investigator, financial forms with government agencies, and undertake
statements should be viewed as a source of leads to various services for customers. These practices
do the following: generate information and records that may prove
invaluable to financial crime matters. Similarly,
• Specific financial transactions that could form forensic accountants and financial crime investi-
the basis of violations of criminal and civil law gators use and analyze financial records to identify
witnesses, leads, evidence and assets. They also
• Civil and criminal recovery or
use financial records as evidence.
forfeiture of assets
• Civil torts committed against a specific
party or parties INCOME STATEMENT OR STATEMENT
OF EARNINGS (PROFIT AND LOSS)
In short, the financial crime investigator’s job is to
An organization’s profit and loss (P&L) statement3
discover the story behind the numbers.
is a calculation and display of its financial perfor-
mance for a specified time period, usually a specific
The type of financial crime or wrongdoing must be
year. It is important to note that a P&L statement
taken into account when analyzing financial state-
always represents a period of time (as opposed
ments. If the alleged criminal act is the laundering of
to a balance sheet, which represents a single
criminal proceeds through a company, the financial
moment in time).
crime investigator will be looking for an infusion of
money into the company’s bank accounts through
Revenue sources and amounts are listed, often in
new sources, or spikes in the following:
general terms. Depending on the type of business,
• Revenues the “Cost of Goods Sold” (COGS) will be deducted
to arrive at gross profit. Expenses, again probably
• Loans from officers or third parties
in general terms, will be deducted to arrive at net
• Inclusions of assets with no corresponding profit from business operations. In its most basic
outflow of funds sense, a P&L statement is just a statement of reve-
nue minus expenses to determine profit.
Properly kept books and records should provide the
financial crime specialist with an audit trail to the
As a financial crime investigator, a quick analysis of
persons responsible for the entries in the books and
the profit and loss statement can serve as a pointer
records. They will also lead to the persons respon-
system to get you started in where to begin the analy-
sible for the classification of the entries and those
sis of the organization’s books and records. It is often
responsible for the activity. The financial crime spe-
instructive to compare “P&Ls” over several periods
cialist must follow the funds through the books and
to look for unusual fluctuations. Following are some
records and document their origins, forms and des-
questions that financial crime investigators should ask:
tinations, as well as the related source documents.
3 It is generally known as an income statement in the US, or profit and loss account in the UK. It can also be referred to as a profit
and loss statement (P&L), revenue statement, statement of financial performance, earnings statement, operating statement, or
statement of operations. We will refer to it as a P&L Statement in this manual.
170
• Are there any sources of income that appear the expenses from the gross profit to determine
out of the ordinary, or inordinately high, for the the ‘Income from Operations.’
company or the industry? • And finally, at the bottom, usually after a
• Is the Cost of Goods Sold within industry section for other income and/or non-operating
standards? Are there items in Cost of Goods expenses (such as taxes), will be the ‘Net Profit
• Sold that don’t seem to be connected to the (or Loss).’ This is simply derived from the Income
production process? In the US, due to some from Operations and adding any other income
Tax Court decisions, questionable payments and subtracting and non- operating expenses.
are placed in Cost of Goods Sold rather than
deducted below as operating expenses. Formatting and line items will be different in every
P&L you see, but, in the end, it is simply a statement
• Is the gross profit too high a percentage for of revenue minus expenses to determine net profit
industry standards? or loss for the year.
• Are business expenses delineated, and, if so, are
there indications of where fraudulent expenses In the example, you should notice that a great deal
may be concealed? of the information on the statement is derived
• Are there unusual fluctuations in any from other data on the sheet. To clarify what data
of the revenue or expense categories is derived from other entries; rows that are used
between periods? in calculations are labeled with a letter label. For
example, Total Sales Revenue is labeled with a [J].
Profit and loss statements can be limited by items For derived results, the formula to determine that
omitted (examples are values such as brand recog- row’s value is included in the row. For example,
nition that have no established guidelines for mea- ‘Gross Profit’ is the result of [J] minus [K], and we
suring); by accounting methods used to produce will now refer to gross profit as [L]. In other words,
the numbers (companies in the same industry may gross profit is the total sales revenue minus the
use different depreciation methods); and by mea- total cost of sales.
surements that involve judgment (such as life of an
asset, or estimates of future bad debt write-offs). To further clarify the statement, you should notice
You should always be aware of industry norms when that all ‘cells’ that are calculated from other data
analyzing statements. and not manually entered are shaded grey. Any
changes to entered data in the non- shaded cells
In the following example of a P&L, you can see the should automatically change the results in the
primary elements of a typical statement. Every shaded cells.
company will have a slight variation of this as far
as specific line items—sometimes far more gran- In our example, there are additional columns for
ular, and sometimes less—but all will have three ‘Current Period as a % of Sales’ and ‘% Change from
basic sections: Prior Period.’ You will not always see these on a P&L,
but we include them here to demonstrate some
• The top section will show revenue and cost of of the conclusions you can draw from the data in
sales4, and the result of the revenue minus the our example.
cost of sales which is the ‘Gross Profit.’
• The next section will show all expenses and The first column of those two columns is simply the
derive a sum of expenses. It will then subtract entry in that row for the current period divided by
the total sales revenue for the current period, which
4 This is also known as the Cost of Goods Sold, or COGS.
171
Profit and Loss Statement

Universal Widget
For the Year ending 2012 Stated in 000s
Gross margin [L/J] 35.0%

Return on sales [T/J] 10.8%
Cur- % Change
rent Period as from Prior
Prior Period Current Period % of Sales Period
Sales Revenue
Software Sales 100 130 32.5% 30.0%
Hardware Sales 220 270 67.5% 22.7%
Total Sales Revenue [J] 320 400 100.0% 25.0%
Cost of Sales
Software Sales 80 120 30.0% 50.0%
Hardware Sales 130 140 35.0% 7.7%
Total Cost of Sales [K] 210 260 65.0% 23.8%
Gross Profit [L=J-K] 110 140 35.0% 27.3%
Operating Expenses
Sales and Marketing
Advertising 18 22 5.5% 22.2%
Marketing 2 3 0.8% 50.0%
Total Sales and Marketing Expenses [M] 20 25 6.3% 25.0%
General and Administrative
Wages and salaries 22 23 5.8% 4.5%
Supplies 2 4 1.0% 100.0%
Rent 12 12 3.0% 0.0%
Utilities 4 6 1.5% 50.0%
Depreciation 9 9 2.3% 0.0%
Insurance 1 2 0.5% 100.0%
50 56 14.0% 12.0%
Total Operating Expenses [P=M+N+O] 70 81 20.3% 15.7%
Income from Operations [Q=L-P] 40 59 14.8% 47.5%

Other Income [R] 5 0 0.0%
Taxes
Income taxes 10 12 3.0% 20.0%
Payroll taxes 3 4 1.0% 33.3%
Total Taxes [S] 13 16 4.0% 23.1%
Net Profit [T=Q+R-S] 32 43 10.8% 34.4%
172
in our example is $400,0005. We can clearly see in and thus will have not profit or loss. However, they
this column that software sales were 32.5% of total often do have reporting requirements, either to a
revenue in 2012. regulator, donors or a board of directors.
The final column simply shows the percentage Instead, they produce a similar statement that
change in that row from the prior period to the reflects funding sources compared against program
current period. This should highlight any signifi- expenses, administrative costs, and other operating
cant year over year changes. For example, the cost commitments. This statement is commonly referred
of supplies increased 100 percent in 2012, or dou- to as the statement of activities.
bled year over year. Granted, the numbers are small
in this example (only increasing from $2,000 to Although not depicted in our example, most P&L
$4,000), but should highlight the kind of year over statements from companies of any significant size
year changes that should catch your eye. include a Notes section at the end. As with any
financial statement, the Notes section is common
What can you determine from this statement? place to hide irregularities.
Usually, any issues will require making an analy-
sis of the results to determine what might be sus- Some questionable entries in the Notes section
picious depending on what you are investigating. might include the following:
On this statement, a financial crime specialist may • Write-downs of inventories
want to look into why the cost of sales for software
• Litigation settlements
increased by 50 percent from one year to the next,
but the revenue from software sales only increased • Discontinued operations
30 percent. There may be a simple and easily • Disposal of assets such as property, plants
explained reason for this, but it shows you the kind and equipment
of item that might warrant more investigation.
• Disposals of investments
Charitable organizations do not produce a P&L • Restructurings activities of an entity
statement. Charities, by definition, are not for profit, • Other reversals of provisions
Once again, this manual will not make you an

accounting expert, but you should be familiar with
P&L statements and the red flags that might require
further investigation.
5 Note that the actual entry in that row is 400, but at the top of the statement you should notice that all numbers are ‘stated in
000s.’ That simply means the statement is in thousands, and you should add three zeros to the end of all numbers on the statement
to get the actual number. This is a common practice to reduce the clutter on a P&L statement.
173
BALANCE SHEET (STATEMENT OF • Suspicious loans and other transactions

FINANCIAL POSITION) with principals
As we mentioned in the P&L section, an entity’s bal- • Transfers of assets to Special Purpose Entities
ance sheet shows information on assets and liabili- (SPEs: off-balance sheet entities)
ties for a single point in time. It is, in essence, a net • Personal assets of corporate officers carried on
worth statement for a company. the books of the organization
• Apparent manipulation of the organization’s
The balance sheet should reflect the balancing stock price to meet market analysts’ forecasts
equation: Assets = Liabilities + Owner’s Equity.
Alternatively, you can look at it as the difference The example balance sheet shows the three main
between assets and liabilities equals owner’s equity, sections clearly: assets, liabilities and owner’s
or Assets - Liabilities = Owner’s Equity. Please note equity (sometimes referred to as shareholder’s
that owner’s equity is not always a positive number; equity). Although a balance sheet represents a
a company that is in trouble may have more liabili- moment in time, there may be multiple moments in
ties than assets. time depicted on a balance sheet to show the change
over time. This is typical with a year-end statement.
Assets are usually listed in order of liquidity with In our example, the balance sheet shows the com-
the most liquid assets being listed first starting with pany status on three specific days: December 31 of
current assets. Similarly, liabilities are listed from 2012, 2011 and 2010. This allows us to compare the
short term to long term. Owner’s equity follows the same moment in the year between several years.
liability and loosely is listed in order of liquidity.
The assets section begins with current assets.
The financial crimes investigator can also use a These are defined as assets that will mature in less
company’s balance sheet to locate potential leads than a year or can be liquidated in less than a year.
to various financial criminal transactions. Like the Healthy companies typically have a strong current
profit and loss statement, fluctuations between asset position that can cover all of their short-term
periods will often be a key to uncovering these hid- liabilities, often with a surplus.
den transactions. Some of the things to look for
include the following: The current assets in our example:
• An influx of cash or other liquid assets from non- • Cash and Cash Equivalents – Basically the
revenue sources company’s cash position
• Accounts receivable on the books that don’t • Short Term Investments – Investments that will
correspond to sales and revenues mature in less than a year or that are intended
• Inventory valuations that don’t correspond to to be liquidated within a year. If a company
import or export valuations (a sign of trade- has a strong cash position, it will likely also
based money laundering) have significant short-term investments which
• A significant amount of “goodwill” (see next will yield a higher return than cash or cash
page) from acquisitions equivalents but are still reasonably liquid.
• Appearance of asset valuations that don’t • Net Receivables – Outstanding payments

correspond to outlays of cash and/or expected from customers less the amount
loans payable expected to be uncollectable
174
• Inventory – The value of inventory currently in • Other Assets. Once again, a catchall category
stock but not sold yet for assets not covered elsewhere.
• Other Current Assets – This is, basically, a
catchall section for any assets that have As with the asset section, the liability section begins
value and can be readily liquidated but are with current liabilities, or liabilities that will come
not covered elsewhere in this section. It is not due in less than a year.
uncommon for this to fluctuate over time, but
The current liabilities in our example include
massive changes should be looked into.
the following:
Below the current assets are the fixed assets of the • Accounts Payable. These are the bills owed by
company. These assets are considered less liquid: the company, typically to suppliers.
• Long Term Investments. These are investments • Short/Current Long-term Debt. Short-term debt
that the company intends to hold for more than is debt that will come due in less than a year,
a year and might never mature. Stock positions and current long-term debt is the payment due
in other companies and bonds might fall in on long-term debt with a year.
this category. • Other Current Liabilities. As in the asset section,
• Property, Plant and Equipment (PP&E). This these are liabilities that are not large enough
represents relatively illiquid assets a company to qualify as line items. It is a catchall for small,
might hold and, without reinvestment over time, miscellaneous liabilities.
will decrease due to depreciation. It may be a
very large item for some types of companies or As a general rule, in a healthy company, the current
a very small line item for others6. liabilities should not be greater than the current
assets. Below the current liabilities are the long-
• Goodwill. This is a line item typically found when
term liabilities the company carries. These are lia-
a company acquires another company. In order
bilities that will not mature in the next year.
to balance the books, this is added as an asset
to reflect any premium paid over the book value
As with the asset section, the liability section begins
of the company7. It is intended to reflect the
with current liabilities, or liabilities that will come
intangible assets that are considered part of
due in less than a year.
the purchase, such a brand value or reputation
of the acquired company. Although there was
The long-term liabilities in our example are as follows:
likely a clear reason the company paid over book
value for an acquisition, goodwill is generally not • Long Term Debt. This can represent financing
a good thing to have on the books. on PP&E, bond issues, or any other long-term
leasing or financing relationship.
• Intangible Assets. Assets that are not physical
in nature, such as patents and other intellectual • Negative Goodwill. Negative goodwill is actually
property. Intangible assets are typically very considered a good thing to have on a balance
hard to value and could be inflated on some sheet. This reflects an acquisition where less
balance sheets. than the book value was paid, or basically the
company paid less than the acquisition was
6 For example, a shipping company would likely have a very high PP&E since most of its assets would be in the fleet of ships it owns.
A consulting company would likely have a small number in this line item.
7 The book value of a company is basically the value of its assets minus its liabilities.
175
worth. This typically happens in distressed sales (P&L) shows non-cash items such as depreciation.
or a sale in which the assets of the company These are typically produced quarterly by most
being acquired are very illiquid. companies depending on the requirements of the
• Other Liabilities. This is another catchall jurisdiction’s regulator.
category that covers liabilities that are not
covered in another line item. A statement of cash flows is a critical piece of infor-
mation to review to truly determine the health of
Balance sheets in particular, are very industry-spe- the company and to note any irregularities. There
cific. While all will have the general line items found are many ways to manipulate an income statement
here, there will be industry variances. to appear very liquid or profitable, yet the compa-
ny’s cash position is extremely poor.
There are many ways a balance sheet can be manip-
ulated. One example is the early recognition of An example would be if a company wins a large
assets. Assets with long-term contingencies, or contract with a very big customer. On the income
that cannot be billed in the near future, can be rec- statement, it would be recognized as revenue, but
ognized early. These assets could be placed in the they might not get paid for the contract for quite
“accounts receivable” account in order to push up some time. A more accurate look into a company’s
revenue for a given period. liquidity should include a review of their Statement
of Cash Flows.
This is inaccurate because the sale of a long-term
asset beyond a year would be inappropriately clas-
OTHER TYPES OF
sified if put in the accounts receivable account.
Consequently, unusually large accounts receivable FINANCIAL RECORDS
on a balance sheet for a given period should rouse In addition to the usual statements that most com-
the interest of a financial crime investigator. panies are required to prepare, there are myriad
other documents retained that might lead to solv-
This is only one example. There are many others, ing or discovering a financial crime.
such as moving assets from PP&E to current assets
if they are intended to be sold within a year even TRANSACTION RECORDS
though the sale may never happen or the valuation Transaction records kept by financial institutions
may be inflated and not reflective of the likely sale can produce invaluable information. Transaction
price. You need to review balance sheets with a crit- records, such as those that follow, are just the
ical eye to discern discrepancies. beginning of what one can find in a commercial
bank or credit union, otherwise known as a deposi-
tory institution:
STATEMENT OF CASH FLOWS
• Deposit tickets
The statement of cash flows presents the use of
cash and cash generated in a defined period of time • Deposited items (checks and other monetary
(fiscal year ending, quarter ending, etc.). It will be instruments)
broken into three categories: operation activities, • Checks drawn
investing activities and financing activities.
• Debit memos
Although usually issued regularly like the income • Credit memos
statement, the statement of cash flows shows • Outgoing wire transfer orders
actual cash items only, while the income statement
176
Balance Sheet / Universal Widget
Year End Statement 2012 Stated in 000s
Increase in Stockholders Equity 2012 29.2%

Increase in Stockholders Equity 2011 -2.6%
December 31st, 2012 December 31st, 2011 December 31st, 2010
Assets
Current Assets
Cash and Cash Equivalents 2,000 1,900 2,200
Short Term Investments 575 325 290
Net Receivables 1,625 1,435 1,512
Inventory 420 410 415
Other Current Assets 56 20 75
Total Current Assets 4,676 4,090 4,492

Long Term Investments 500 610 500
Property, Plant, and Equipment 2,400 2,200 2,100
Goodwill 190 180 110
Intangible Assets 75 75 75
Other Assets 203 190 135
Total Assets 8,044 7,345 7,412
Liabilities
Current Liabilities
Accounts Payable 1,250 1,190 1,210
Short/Current Long-term Debt - 275 -
Other Current Liabilities 980 1,190 1,290
Total Current Liabilities 2,230 2,655 2,500
Long Term Debt 875 790 770
Negative Goodwill - - -
Other Liabilities 450 425 575
Total Liabilities 3,555 3,870 3,845
Owners Equity 5 0 0.0%
Preferred Stock 200 200 200
Common Stock 3,230 3,200 3,010
Retained Earnings 1,059 75 357
177
• Incoming wire transfers Along with the account records, an investigator

• Money orders should obtain all the account documents related
to the account opening and customer onboarding,
• Cashier’s checks sold including the following:
• Foreign currency sold • Account application
• Signature cards • Copy of signature card
• Monthly statements • Copy of customer IDs used to open account
• Cancelled checks written on the account • Letter of referral or introduction
• Standing orders • The bank’s due diligence records prepared for
• Draft checks the customer
Key transaction records that should be tracked are RECEIPTS AND RELATED EXPENSE
records of wire transfers. Wire transfers move funds DOCUMENTATION
from one bank to another within or between coun- Receipts can be helpful for verifying a journal entry,
tries. A wire transfer is initiated by a bank customer a reimbursed expense, or a department’s expenses.
or other person, called the sender, instructing the One red flag to be aware of with receipts is if cop-
bank to send funds by wire to an account or per- ies are allowed or accepted. Copies can be applied
son at another bank. The ultimate recipient is called to more than one account or conceal alterations to
the beneficiary. Sometimes, a wire transfer goes the original.
through or is processed by an intermediary bank.
Another red flag in receipts and expenses investiga-
Many countries require financial institutions to keep tions is the absence of a division of duties in review
records of transactions above certain amounts. In of expenses, or possibly the absence of a review
the US, financial institutions, including broker-deal- system. A proper review system should include ver-
ers, must keep records of the parties involved in wire ifying the expense, checking that it was approved
or funds transfers in amounts of more than $3,000. before the expense occurred, and collection of orig-
These records may be subpoenaed in criminal and inal documentation to support the expense.
civil litigation. Money transmitters, which often
deal in smaller amounts, must also keep records of JOURNAL ENTRIES
their transfers.
Journal entries can be completely falsified, espe-
Once the records are obtained or gathered, the cially in a fraud, to inappropriately recognize assets
investigator should prepare summaries of the infor- or create fictitious assets. They may also be a good
mation in all the financial documents received from source of information on inappropriate revenues or
a financial institution, including the following: expenses. Look for ambiguous entries for “services”
or “consulting” that either the entity does not pro-
• A summary of deposits and withdrawals vide or need. There may also be a trend toward one
• A summary of checks written on the account vendor, employee or department.
• A summary of wire transfers into or out
of the account Another red flag with journal entries are descriptions
that include specifics on extensive payment contin-
• Increases and decreases in account balances gencies, which possibly indicates “channel stuff-
178
list to see if there is an address or name in common.

THE WORLD CUSTOMS This may necessitate a detailed search, as the shell
company could be registered in a family member
ORGANIZATION (WCO)
name of the employee.
The World Customs Organization (WCO) is
an intergovernmental organization head- Look for vendor charges that are steadily rising or
quartered in Brussels, Belgium. The WCO inappropriate to the industry. There may be collu-
is noted for its work in areas covering the sion between the vendor and an employee with the
development of international conventions, authority to pay or approve the shipment.
instruments and tools on topics such as
commodity classification, valuation, rules In many cases, businesses and organizations will
of origin, collection of customs revenue, maintain a “preferred vendor list.” These are ven-
supply chain security, international trade dors that have already had due diligence con-
facilitation, customs enforcement activi- ducted on them by the business and are considered
ties, combating counterfeiting in support approved as suppliers or service providers. This
of Intellectual Property Rights (IPR), integ- preferred vendor list can also be a helpful source
rity promotion and delivering sustainable in financial crime investigations. The financial crime
capacity building to assist with customs professional should compare the preferred vendor
reforms and modernization. The WCO main- list against vendors that have been used recently
tains the international Harmonized System to determine if an employee or company insider is
(HS) goods nomenclature and administers using vendors that do not appear on the preferred
the technical aspects of the World Trade list. Vendors that appear to have been added to
Organization (WTO) Agreements on Cus- the preferred list without proper due diligence or
toms Valuation and Rules of Origin. authorization can also be a potential indicator of
suspicious or fraudulent activity.
ing.” This is the process of pushing more products INVENTORY

through a given distribution than the channel can Obtaining inventory records is crucial in cases
possibly sell. It is designed to inflate sales figures. involving loss or theft of physical inventory. When
reviewing inventory records, financial crime profes-
Items in journal entries on a more detailed trans- sionals should look for dates of physical counts as
action can be subject to error, intentional or well as a policy for physical counts, such as boxes
not. This can be a source of information to verify that are opened and visually inspected.
where incorrectly entered transactions should be
located. For example, did the transaction, such as One should check the policy for disposal of obso-
income from a loan, actually belong in cash but was lete or spoiled inventory. Look for patterns of either
reported as revenue? writing off inventory for year-end “earnings man-
agement” or suspicious writing off that is actually
VENDOR/CUSTOMER LIST theft of the inventory by an employee.
If the entity is paying vendors or customers, inves-
tigators need complete access to that list. Look for COMMERCIAL INVOICES
legitimacy when researching the vendor list. Illegiti- A commercial invoice may be just a simple bill pre-
mate vendors, which in some situations may be shell sented in a commercial transaction. More often, it
companies, can be compared against the employee
179
refers to a document used in international trade. It • Large price differences between the declared
typically will contain the information necessary for value of the goods and the WCO standard values
presentation of shipping declarations to a customs for similar goods
authority of a particular country. Although there is • Atypical financing for the goods
no standard format for a commercial invoice, the
World Customs Organization (WCO) sets standards • Illogical shipping routes and stops for the goods
for the information needed on the form in an effort on their way to their final destination
to create transparency of information between • Inconsistent size of the declared amount and/
countries. Some of the information contained in a or size of the declared trade goods with the
commercial invoice includes the following: shipping container or the weight
• The parties involved in the shipping transaction • Counterfeit, false documentation
• The goods being transported • False sets of books
• The country of manufacture, and codes
Some of the money laundering methodologies asso-
for those goods
ciated with commercial invoices and trade-based
A commercial invoice must also include a statement money laundering includes under and over invoic-
certifying that the invoice is true, and a signature. ing; misrepresentation of quantity, quality, product,
Due to the amount of information typically required or cost; recycling products; and non-existent or
by customs authorities, the commercial invoice can false products.
provide valuable information to the financial crime
Investigative strategies for commercial invoice
specialist. Caution should always be taken to notice
manipulation include the following:
not just the information that is on the form, but also
what information appears to be missing. • Bank account analysis for unusual deposit
activity associated with the payment
Although estimates vary widely, the consensus is for trade goods
that international trade is one of the biggest vehi- • Analysis of Financial Intelligence Unit (FIU)
cles used by transnational criminal and terrorist reporting of large currency transactions and
organizations for financing and laundering the suspicious activity
proceeds of their illicit activities. Therefore, when
• Analysis of shippers’ import and export
investigating these types of criminal activity, the
declarations against inventory amount and
commercial invoice is a vital piece of evidence
valuation data
needed for analyzing the financial activities of sub-
jects of the investigation. Commercial invoices are • Spot inspection of import or export trade goods
also critical evidence in customs duties, tax evasion for quality and quantity comparisons to the
and alternative remittance systems investigations. commercial invoice
Following are some of the red flags for the finan- Sources of information available to the financial
cial crime specialist in analyzing commercial crime specialist in investigations involving commer-
invoice data: cial invoicing include freight forwarders, insurance
companies, transport companies, customs services
• Discrepancies in the description of goods
and shipping companies.
shipped between the commercial invoice and
other documentation
RECONCILIATIONS ON
INTERCOMPANY ACCOUNTS
180
Intercompany transactions can be material, such as Cancelled checks have always provided one of the
a transfer of inventory or allocation of R&D costs most fruitful caches of leads for the financial crime
between units. However, if the company does not investigator because one document may provide
correctly reconcile these transactions with a pol- the complete picture of a financial transaction,
icy to investigate discrepancies, it could result in an including date to amount, the recipient of the funds,
overall company material misstatement. the payer of the funds, the method and location of
negotiation, and the final disposition of the funds.
This may be in error or intentional, but will start with This has changed to some extent in the US with
an investigation on how transfers of inventory are the advent of laws allowing digital copies of checks,
initiated, received and reconciled. which eliminates the need to retain the physical
copy. Other countries now have similar laws in place,
There are many ways to overstate income or assets: so the financial crime investigator should be well-
• Bill and hold transactions. These overstate versed in his or her country’s rules regarding can-
revenue when a company invoices the customer celled check retention.
and records the sale as recognized even though
the asset remains in the seller’s physical Copies of cancelled checks are still maintained by
possession until a later date. A sign of fraud banks in accordance with regulatory requirements of
would be the seller counting both the “inventory the countries in which they are located. Paper copies
not yet shipped” as “inventory on hand,” as well of cancelled checks may not be available to custom-
as recognizing the revenue from the sale. ers of the banks and, thus, not available for subpoena
or search warrant. However, the electronic age has
• Late recognition of returns. This could be brought new formats and record retention, which
another form of “earnings management” or when understood may provide better and quicker
a sign of theft and fraud. If returns are not access to the financial information associated with
recognized at all (for example the inventory the traditional cancelled check. Since all of the data
count does not change to the return), this could is now captured electronically, it can be searched
be a fraud at point of sale/point of return. This and retrieved with greater accuracy and quickness.
can be incredibly hard to detect, especially if
there is collusion. The following outline identifies some lines of inquiry
• Mark-to-market accounting. This is an the financial crime specialist should follow when
accounting practice that refers to recording dealing with cancelled checks:
assets or liabilities based on their current A. Business or personal check
market price, rather than their historical costs.
Although an entirely legitimate practice if done • May identify an unknown bank account
correctly, it can also be used to commit fraud, −− Who owns or opened the account?
particularly in situations where it is difficult to −− What is the source of funds going into
determine an accurate market price for assets. the account?
• Inappropriate inventory write-off. This is the −− What other account activity is connected
moving, spoiling or destroying of inventory to the subject or identified associates or
to change year-end reporting or to hide co-conspirators?
employee theft.
• May identify a nominee, front or shell company,
CANCELLED CHECKS or associate the subject is using to conceal
illicit proceeds
181
• May identify a business or individual who is OBTAINING TAX RETURNS

conspiratorially linked to the subject The value of tax returns is offset somewhat by the
difficulty in obtaining them. In the majority of juris-
B. Cashier’s or bank check dictions, tax information is guarded by strict secrecy
• On what bank is the cashier’s check drawn? laws. In a private sector financial crime case, a tax
• Was it drawn against an account? return can be very hard to obtain unless the target
furnishes it.
−− If not, how was it paid for?
−− What was the form of payment? In the public sector, one must follow the procedures
• Who purchased the cashier’s check? of the appropriate tax authority. Individual and
business tax returns should be obtained, if possi-
• Was a large currency or suspicious activity
ble. They may reveal a trove of otherwise unavail-
report filed by the bank in connection with the
able information. Sometimes, tax returns aid in
purchase of the cashier’s check, if such a report
unearthing hidden assets or income, such as hid-
was required?
den business ventures acquired with financial crime
proceeds. Review interest or dividends from hidden
C. Money orders and travelers checks
investments or capital gains on the sale of hidden
• Where were they purchased? assets or income from the criminal activity that may
• By whom were they purchased? be listed as “consulting fees or commissions.”
• What was the form of payment?
You should not ignore the tax lawyer, accountant
or preparer who may be inclined to cooperate
It is a good practice when dealing with bank checks
because of their potential liability under the tax
and monetary instruments not drawn on an account
laws. Usually, they will not cooperate unless their
to request the consecutively numbered bank checks
client authorizes them to do so or unless they
and monetary instruments immediately preceding
appear under compulsory legal process, such as a
and following the identified monetary instrument,
grant of immunity.
in case the subject or co-conspirator purchased
more than one.
Other ways to obtain tax returns include the following:
ANALYSIS OF TAX RETURNS • Subpoena the tax preparer or certified public

accountant, keeping in mind that they risk
Tax returns can yield important information about liability to their client if they release the tax
a multitude of a subject’s activities and assets, return without permission or compulsion
including real estate and personal property, secu-
rities accounts, insurance policies, cars, boats and • Subpoena the taxpayer or target
many other things. Sources of income, including • Asking business partners for copies of the
salary, interest, dividends, rents, purchase and sale corporate or partnership tax return, if they also
of assets, may also be identified. The tax return lists signed the return
banks and broker- dealers that paid dividends or • Subpoena the mortgage company, bank
interest. Comparing tax return items from one year or closing agent, or mortgage broker, who
to the next, such as property taxes and interest may have copies of the tax return provided
expense, can tell a lot about assets, incomes and by the subject
sources of funding.
182
• Subpoena municipal and state tax authorities erally need a clear and thorough understanding of
for copies of tax returns filed by the subjects in how the data were obtained and who was involved
their jurisdiction in gathering, storing and transmitting it. For some
investigations, including those involving multiple
countries or jurisdictions, this can be challenging.
PROTECTING THE EVIDENCE
At the beginning of an investigation, one does not Professionals should determine if they need parties
have a clear picture of which financial documents with technical skills to ensure data are captured
will be relevant and which will not. Thus, all finan- correctly at the outset and preserved throughout
cial documents should be handled as if they will be the process of investigation. If the source, origin and
material evidence in a future legal proceeding or chain of custody of data are not clear, the ability to
action. A proper chain of custody must be followed. enter that data into evidence may be compromised.
Chain of custody procedures include a documented For example, let’s say an investigator involved in
chronology of the handling of the document or an anti-corruption probe has requested payment
physical evidence. Important chain of custody doc- records from an affiliate of a multinational corpora-
umentation may include the following: tion. The affiliate is in another country. The investi-
gator receives the records on a hard drive, but there
• Where the item was initially located
is no accompanying documentation explaining how
• Who collected it the data was originally obtained, which employees
• Where it was filed were involved in handling it, and the process they
followed. This lack of clarity will greatly reduce the
• Documentation of each person who handled it
chances that the payment records could be used in
Whenever possible, original documents should be a legal case.
obtained, or it should be noted why the originals
were unavailable. This makes it extremely import-
ant to protect and control the document. Detailed
and accurate chain of custody records will help if
evidence is ever altered or damaged – either acci-
dentally or intentionally.
When dealing with electronic information, handling

for integrity and documenting a chain of custody are
equally important. Just as original documents need
to be protected, controls need to be established to
prevent the overwriting of electronic information.
Investigators should be careful not to unintention-
ally alter metadata that could be useful, such as the
name of the user who last edited a file, for example,
or the date a file was last accessed.
To maximize the likelihood that electronic records

can be entered into evidence, investigators will gen-
183
CHAPTER 10
MONEY AND
COMMODITIES
FLOW
OVERVIEW
Financial crime usually has several goals. It seeks to earn or pre-

serve money or other assets obtained through illegal means,
including corruption, tax evasion, money laundering, fraud, sanc-
tions violations, and those that have emerged from, or were facil-
itated by, new electronic tools, such as identity theft and various
types of cybercrimes.
184
CHAPTER 10 • MONEY AND COMMODITIES FLOW
In the execution, cover-up, laundering and ultimate money movement popular in parts of the world like
use and enjoyment of financial crime proceeds, the the Middle East and Africa, which moves billions of
money or commodity that is involved typically must dollars in paperless form often without leaving trails.
be transferred through multiple accounts, vehicles
and entities. This “flow” of money or commodities
linked to financial crime is executed and directed FREQUENTLY USED VEHICLES
by the financial criminal and his collaborators and TO MOVE MONEY
co- conspirators. The collaborators and co-conspir- We first examine the tools that financial criminals
ators could include a banker or corporate official, use most often. Some methods to move money and
who knowingly or unknowingly is an accomplice in other assets include the following:
the criminal operation. The word “commodities,”
• Checks
as used here, refers to value or goods obtained
through illegal activity. • Wire transfers
• Electronic transfers
Without the successful movement or flow of the
• Correspondent banking
criminal proceeds and their ultimate use, the finan-
cial criminal cannot succeed. His goal is to take • Private banking
from, or deprive, someone or something, such as • Informal systems for the movement of assets
an institution or government agency, of money
• International trade, including trade finance
or other assets. The vital step in the process is to
move the proceeds of his crime for his own purpose • Currency
and enjoyment. • Securities and financial products and
instruments, such as futures, bonds, derivatives
This chapter will discuss some of the major methods and insurance policies.
that are employed in the movement of money and
other financial assets. This will include red flags that Two of the old but popular informal methods to
financial crime specialists should look for in their move funds include Hawala and the so-called Black
work of examining money flows. Market Peso Exchange, which are covered later in
this chapter.
The number of money movement mechanisms is
limited only by the creativity and ingenuity of the Among the emerging technologies that serve to
financial criminal. Wire and electronic funds transfer move money and create new challenges for finan-
facilities, currency, international trade, Hawala, and cial crime specialists are the following:
mobile money and other vehicles spawned by new
• Virtual currencies and online money exchanges
technologies are just a few of the avenues available
to move money and value at various phases of the • Pre-paid cards
financial crime process. • Mobile payments
As new routes are opened by technology, the old USE OF MULES AND OTHER
ones do not go away. They remain, leaving financial THIRD PARTIES
crime specialists with a constantly growing list of
Money mules are persons who move criminal pro-
routes through which money can move. Thus, the
ceeds for the purpose of disguising the identity of
new technological vehicles stand alongside ancient
the beneficiary or source. Sometimes they are will-
ones, such as Hawala, a centuries-old method of
ing participants who know they are moving crimi-
185
nal proceeds, and other times they are unwitting • Note any large checks or transfers that do not
participants who have been recruited through fit the normal pattern of the general use of
the Internet or e-mail scams. The typical scheme the account.
involves placing a large deposit into the account of • Canceled checks often have notes and numbers
the “mule,” who then moves the money to another written on the back by bank employees,
account or person, retaining a fee for his service. indicating such things as the purchase of a
cashier’s check or use of the funds for a wire
transfer. The financial crime specialist should
CHECKS AND BANK STATEMENTS
make notes of all these markings, including
Virtually everyone is familiar with a check, the paper the names of the bank employees, and start an
document that orders the payment of money from inventory of all accounts to which transfers are
the account of the writer, known as the drawer, at made, the names of any reference to individuals
a bank or other financial institution to the account and other information.
of the receiver. The use of paper checks and other
documents as the primary means of making pay-
ments in the financial system has fallen significantly CORRESPONDENT
in recent years. Also, most financial institutions no
BANK ACCOUNTS
longer have an obligation to return canceled checks,
thus reducing, or making more difficult, the amount A basic domestic bank typically only offers
of information that can be gathered unless the local services to customers, including depos-
information is subpoenaed in an electronic format. its and loans. If those customers travel outside
In addition to examining the paper or electronic of the bank’s operating region, accept inter-
version of a check, the examination of a bank state- national deposits or engage in other activities
ment, which may or may not include digital copies outside the bank’s coverage area, the bank
of checks, can be very useful in mapping the flow of either needs to open a new branch or make
money or other assets. arrangements with a correspondent bank.
Opening new branches may not always be fea-
When a financial crime specialist has the oppor- sible or desirable, so a correspondent bank
tunity to review checks and bank statements, it is account provides a convenient solution.
wise to be guided by these procedures:
A correspondent bank is a financial institution
• Make note of payees on a check, especially that acts as an agent for another bank, provid-
corporations, trusts, foreign entities and other ing services and products in an area the other
organizations. bank does not operate in, so its customers can
access things like wire transfers and interna-
• Compare the payees to the endorsers or the
tional deposits. This allows banks of all sizes
ultimate deposit accounts to determine their
to do business in other regions and countries
consistency, among other things.
without having to open new branches, keep-
• Pay attention to checks drawn to cash, which ing these services at an affordable price for
will often provide information about the customers. Banks of all sizes can act as corre-
recipient and his or her related organizations. spondent banks, and numerous international
• In reviewing a bank statement, make note of financial institutions have a correspondent
the volume of checks and the pattern of use of banking branch to provide services to smaller
the account. banks with less reach.
186
WIRE TRANSFERS In the international interbank context, a cover pay-

ment is an agreement to cover the funds related to
Wire transfers have long been identified as a tool
an underlying monetary movement. In other words,
at all steps in the financial crime process: To move
there are two payments. One is a payment order,
money from the victim to the financial criminal;
which instructs the bank for the beneficiary of the
from the financial criminal through the various lay-
payment to pay the receiver a specified sum. The
ers that he may use to hide, disguise and move the
second message is the bank-to-bank instruction
proceeds; and to the ultimate application the finan-
that tells the intermediary bank to cover the pay-
cial criminal makes of the proceeds.
ment of the beneficiary’s bank.
Wire transfers are an all-purpose vehicle to move
Financial institutions can mitigate the risk associ-
money and assets in most financial crime scenarios.
ated with cover payments by managing correspon-
They can be used in the placement, layering or inte-
dent banking relationships carefully. The Wolfsberg
gration stages of money laundering of the financial
Group’s best practices, which are discussed below,
crime proceeds. All three classic money launder-
and the SWIFT standards for sending wires, which
ing stages should be kept in mind when the finan-
recommend appropriate transaction screening and
cial crime specialist is evaluating or assessing the
monitoring, are two sound starting points for a cor-
money flow aspects of a financial crime.
respondent and wire compliance program.
Financial institutions, which serve as the conduit
by which wire transfers are executed, must have
well-considered policies and processes that man-
age these risks of the susceptibility of wire and
INTERMEDIARY BANKS
other funds transfers for serving illegal purposes. An Intermediary Bank is any bank through
which a payment must go to reach the ben-
These policies and procedures should encompass eficiary bank. Intermediary Banks help pro-
more than regulatory recordkeeping minimums, cess a transfer of funds and perform any
including monitoring whether wire transfers violate necessary currency exchange.
sanctions laws or further financial criminal activity
in all stages in the process. The policies and pro- An Intermediary Bank is a bank that has your
cesses should cover foreign correspondent bank beneficiary bank’s account. This is usually
accounts and transactions in which the affiliates the case if the beneficiary’s bank doesn’t
and agencies of foreign banks and other financial have an office in a particular location. For
institutions serve as intermediaries for their head- example, if you were executing a payment
quarters office. order via SWIFT 200 and you wanted to pay
a vendor in the Bahamas, the payment order
Correspondent banking is covered in other sections would leave your bank and go to the benefi-
of this manual and is an important element in the ciary’s bank, but before the money is cred-
overall financial crime picture. For the purposes of ited to the beneficiary, it passes through the
this chapter, it is worth mentioning that the due beneficiary’s bank’s account at the Inter-
diligence procedures applied to correspondent mediary Bank. Basically, it’s the bank of the
accounts should take into account the correspon- beneficiary’s bank.
dent institution’s practices concerning monitoring
and processing of wire transfers.
187
The Basel Committee on Banking Supervision Outgoing funds transfers requested by a non-cus-
issued a May 2009 paper on cross-border cover tomer or account holder. If the policies of a bank
payments called the BIS Cover Payments Paper. or other financial institution permit the purchase of
It encouraged financial institutions that conduct a wire transfer by a non-customer, especially one
international payments transactions to adhere to for a significant amount, the institution should be
the message standards developed by the Wolfsberg extremely careful about the identities of the parties
Group in 2007, and others. and the destination of the money, especially to an
offshore location.
RED FLAGS OF WIRE TRANSFERS
Laws and regulations have been enacted in many Wire transfers that do not make sense or appear
countries attempting to make it difficult to exploit to have no legitimate business reason. A customer
wire transfers to move criminal money. The follow- who engages in frequent wire transfer activity that
ing types of funds transfer activities should be scru- is not justified by his or her normal circumstances
tinized closely because they can serve to move illicit should receive extreme scrutiny by the financial
funds. This is not meant to be an exhaustive list, and institution, and, in appropriate circumstances,
their mere existence in a scenario does not equate become the subject of a suspicious activity report.
to criminal activity. However, mapping the flows and
A customer with low account balances who
objectively determining a valid reason for these
sends or receives frequent wire transfers. This
transactions is a very important step in financial
type of activity should prompt suspicions among
crime investigation, prevention or detection.
the employees of the affected financial institution
because it is not logical for a customer with low
Because of their thoroughness and completeness,
account balances to be serving as a conduit for
this listing borrows from some of the elements
incoming and outgoing funds transfers.
contained in the guidance published by the United
States Federal Financial Institutions Examination
A quick succession of incoming and outgoing wire
Council (US FFIEC), an umbrella organization that
transfers in similar or exact monetary amounts.
serves as a forum for the collaboration of various
Often, this pattern of wire transfers of like amounts
US financial institutions and regulatory agencies.
in and out of an account or related accounts close in
time should raise deep suspicions. A customer may
Funds transfers to tax and secrecy havens. There
also receive several small incoming wires, and then
are more than 60 such havens around the world.
send a large transfer to another city or country.
What jurisdictions can be considered secrecy
havens is a much-debated issue. Some commonly
Customers with cash-intensive businesses that
cited examples include Switzerland, Lichtenstein,
send large funds transfers. This situation could
Panama, the Cayman Islands, the Cook Islands, the
reflect several illegal financial activities, including
US states of Delaware and Nevada, and others.
tax evasion, laundering of the proceeds of other
crimes, and the payment or transmittal of funds
Funds transfers that are subject to instructions to
destined for corrupt payments. In general, busi-
“pay upon proper identification.” The “PUPI instruc-
nesses that are cash-intensive should receive scru-
tions” are made to the receiving bank. Financial
tiny, and when they involve frequent wire transfers,
crime investigators should be alert to the amount
special scrutiny is recommended.
that is transferred for signs that it may be just under
the amount that triggers a currency transaction
report to the authorities in the receiver’s country.
188
several official bank checks, travelers checks or

personal checks drawn on financial institutions in
one’s country and made payable to the same or
related individual or business in amounts below a
governmental reporting threshold, is, or borders on,
suspicious activity.
MOVEMENT OF MONEY IN TRADE AND

COMMODITIES TRANSACTIONS
Financial criminals are nimble and adapt their activ-
ities and procedures to skirt statutory and regula-
tory requirements. As laws and regulations change
to thwart the ability of financial criminals to move
A customer who uses cash or bearer instruments or use their criminal proceeds, financial criminals
to purchase funds transfers. The use of cash, in adopt new methods to make safe use of their money
general, is cause for concern, but when it is used and escape detection. One method that first came
to purchase wire or other funds transfers, it bor- to widespread attention in the late 1980s used inter-
ders on outright suspicious, especially if it is a fre- national trade through the manipulation of prices of
quent occurrence. imports and exports.
Unusual funds transfer transactions by correspon- This method, which is now known by the popu-
dent banks or other financial institutions. Trans- lar name Trade-Based Money Laundering (TBML),
actions with one’s own institution by foreign corre- was recognized by the Financial Action Task force
spondent banks always deserve scrutiny because in 2006 as one of the three principal avenues for
of the history that correspondent accounts have moving money to disguise or integrate criminal
of being involved in a multitude of financial crimes proceeds into the legitimate economy or to move
and money laundering. Suspicious activity by these money needed to finance other crimes, including
institutions may include a volume of wire transfers terrorism. The FATF defines TBML as ‘the process of
that is inordinately large in relation to the size of the disguising the proceeds of crime and moving value
bank, the large volume of funds transfer activities through the use of trade transactions in an attempt
that are inconsistent with the size and policies of to legitimize their illicit origin.’ In 2008, the defini-
the institution, and a high volume of funds transfers tion was revised in the FATF Best Practices Paper to
of similar amounts on one or consecutive days. expand the definition:
Out-of-country funds transfers that are incon- “…the process of disguising the proceeds of crime
sistent with the customer’s profile or business. A and moving value through the use of trade trans-
domestic customer who engages in international actions in an attempt to legitimize their illicit ori-
funds transfers in amounts or frequency that are gins or finance their activities.” (Emphasis added).
inconsistent with the nature of the customer’s legit-
imate business may indicate involvement in a finan- TBML may be accomplished by using combinations
cial crime, including money laundering. of over-valued or under-valued imports and exports
to achieve a transfer of money from one coun-
Payment for international funds transfers with try to another.
several monetary instruments. A customer who
pays for outgoing international wire transfers with
189
A simple example would be: imported goods or understate the price of

Assume Person A wishes to move money from exported goods.
Country X to Person B in Country Y. Person B buys
10,000 widgets in Country Y and exports them to These international trade operations require the
Person A in Country X with an invoice for $100 per two parties working in league with each other. By
widget, although he only paid $10 per widget. Per- doing so, they can achieve their goals in moving
son A or B goes to a bank to obtain trade financ- different amounts of money at any time. To facil-
ing to finance the exportation or importation of itate the commission of crimes, such as terrorism,
10,000 widgets at $100 apiece. The financing is trade-based money laundering may be used to send
achieved, and Person A pays Person B the $1 mil- money to terrorists in the jurisdiction where they
lion that is invoiced. By this transaction, he is able are operating.
to move an excess of $900,000 disguised in an
More than 35 million containers of goods arrive in
international trade procedure.
or leave the US every year, and major industrialized
By using international trade and the manipulation of nations, as well as rapidly developing nations such
the prices that pertain to the products being shipped, as China and Brazil, have even higher totals. The
persons may move money in either direction dis- sheer magnitude of this commerce makes it very
guised as the cost of the products being imported difficult to detect the movement of money linked to
or exported. This works both ways, as follows: financial crime in wider international trade. It is like
finding a lone needle in a haystack of needles.
• To move money into one country from
another, the parties may understate the price Sophisticated data mining may serve to detect and
of imported goods or overstate the price of identify some international trade transactions that
exported goods. are linked to financial crime and money laundering.
• To move money from one country to another,
the parties may overstate the price of According to the US Department of Homeland Secu-
rity, which started the first Trade Transparency Unit
(TTU) with the goal of identifying customs fraud, tax
evasion, smuggling, trade-based money laundering
and terrorist financing, the following indicators are
red flags of the movement of illicit funds in interna-
tional trade transactions:
• Payments to vendors in cash by unrelated
third parties
• Payments to vendors by wire transfers from
unrelated third parties
• Payments to vendors by checks, bank drafts
or postal money orders from unrelated
third parties
• False reporting, such as commodity
An Image of the Port of Shanghai.
misclassification, over-valuation or
One of the World’s Largest, it Handled Approximately 32
under-valuation
Million Shipping Containers in 2012, Demonstrating the Sheer
Volume of Global Trade
190
• Carousel transactions, meaning repeated • Because of the high volume of customers,

importation and exportation of the same high- reduced possibilities of verification of customer
value commodity identification
• Trading in commodities that do not match • Customer relationships are less formal and
the business customers rotate often
• Unusual shipping routes or transshipment points
INFORMAL VALUE TRANSFER SYSTEMS
• Packaging that is inconsistent with the AND THE MOVEMENT OF MONEY
commodity or shipping method
An informal value transfer system (IVTS) is a sys-
• Double-invoicing tem for transferring value through the exchange of
goods or currency from one person in one country
to another person in another country. IVTS busi-
NON-BANK FOREIGN EXCHANGE
nesses are not banks in the traditional sense. They
COMPANIES AND MONEY maintain their own financial accounts but do not uti-
TRANSMITTERS lize the banking system to transfer money or other
Currency exchange providers and money transmit- value for their customers.
ters, which are often referred to as money services
businesses or MSBs, may be used in several ways
in the perpetration of financial crimes and the laun-
dering of criminal proceeds. In that respect, they INFORMAL VALUE TRANSFER
are no different than commercial banks which may SYSTEM LEGALITY
also be used in multiple ways in the commission of As a type of Money Services Business (MSB)
financial crimes. and specifically, as a type of money transmit-
ter, IVTS may legally operate in the United
MSBs are used by millions of people for legitimate States, so long as they abide by applicable
reasons, including the transmittal of small sums to state and federal laws. This includes regis-
family members of the sender in other countries. tering with FinCEN and complying with anti-
money laundering and counter-terrorist
VULNERABILITY OF MSBS TO MOVING financing provisions of the Bank Secrecy Act
MONEY LINKED TO FINANCIAL CRIME (BSA) applicable to all money transmitters
As stated above, MSBs are no different than banks and to certain other MSBs. A more sophis-
in their vulnerability to, and use by, financial crimi- ticated form of IVTS operating in the United
nals. The following are the principal reasons for this States often interacts with other financial
vulnerability of MSBs: institutions in storing currency, clearing
checks, remitting and receiving funds, and
• Simplicity and certainty of the transactions
obtaining other routine financial services,
• Global reach of the network of MSBs rather than acting independently of the for-
• Cash nature of the initial steps of the mal financial system.
transactions
Source: FinCEN Advisory, September 1, 2010
• Fewer customer identification rules are imposed
FIN-2010-A011
191
IVTS businesses pre-date traditional banks. Initially, a system by which illicit proceeds are laundered
they offered barter systems to resolve accounts through a combination of exchange of currencies
and to foster trade. But the systems have survived and international trade in goods.
and today are used to send money worldwide. Com-
mon types of IVTS include Hawala networks and the A BMPE, despite the name, does not have to involve
Black Market Peso Exchange. pesos, although the scheme originated in Colom-
bia and is still prevalent there. Traditionally, laun-
BLACK MARKET PESO EXCHANGE dering through BMPE begins with the proceeds of
The Black Market Peso Exchange (BMPE) method narcotics sold in the US. These funds are in US dol-
is an elaborate means of moving money and laun- lars. Narcotics traffickers then contract with money
dering criminal proceeds. In broad terms, BMPE is exchangers, referred to as “cambistas” or peso bro-
kers, to purchase the dollars at a reduced rate. The
An Illustration of a Colombian Black Market Peso Exchange Ring, Broken Up in 2005 by US Law Enforcement as Part of an Initiative
Called Operation Mallorca. Source: US Drug Enforcement Administration
192
cambista holds accounts in financial institutions in A basic example of a Hawala transaction would be
both the US and Colombia. a customer from country X seeking to send money
or satisfy an obligation to another from country
The cambista then swaps the US dollars for pesos Y. A hawaladar from country X would then receive
with import/export businesses in Colombia and funds from country X and provide the customer
other Latin American countries. These businesses from country X with an authentication code. A cor-
need US dollars to purchase and import goods responding hawaladar from country Y would be
from the US, which range from tobacco products to instructed to deliver funds in the currency of coun-
home appliances. Many businesses involved in the try Y to a specified beneficiary, who needs to dis-
BMPE are completely legitimate, while others ille- close the authentication code to receive funds.
gally smuggle goods from the US to avoid customs
duties. In either case, businesses typically receive Another example of how Hawala works is found in a
US dollars at a significantly lower rate than the offi- report titled, The Hawala Alternative Remittance Sys-
cial exchange rate. tem and Its Role in Money Laundering, by the Finan-
cial Crimes Enforcement Network, FinCEN, a bureau
Cambistas then pay off narcotics rings in Colombia of the US Department of the Treasury and Interpol.
with the pesos they receive from these businesses,
completing the BMPE cycle. As cambistas receive Note the trust that is inherent in the example that
substantial commissions and fees from the exchanges, follows. Tariq gave his money to Yasmeen and
and businesses receive a favorable exchange rate, the received no receipt. He trusts that the Rs 180,000
BMPE can be quite profitable for all parties involved. will reach his brother, Waleed. Yasmeen keeps track
That is one of the reasons the scheme has been so of how much money she owes Ghulam and Ghulam,
successful in past years. Greater awareness of BMPE of course, will keep track of what Yasmeen owes
has led many US financial institutions to restrict or cut him. The relationship between Yasmeen and Ghu-
off business with suspect Colombian and other South lam could be one of several types:
American peso brokers, lessening the impact of BMPE 1. They could be business partners or individuals
in recent years. Nevertheless, the financial crime spe- who do business together on a regular basis.
cialist should remain aware of it, especially if they are It could be in addition to other business they
pursuing a case or assignment in a jurisdiction where engage in, such as CD or video import or
use of BMPE is common. a tour agency
2. Ghulam could owe Yasmeen a debt, and this is a
HAWALA
way to repay the debt,
Hawala is a type of IVTS that began in India but is 3. Yasmeen may have a surplus of rupees, and this
now used around the world, particularly in Asia and is a way to liquidate the surplus.
the Middle East. It has been referred to as an under-
ground banking system. This is not entirely correct In the above example, neither number 2 or 3
because many hawaladars, as they are called, con- require Ghulam to recover any money. But in the
duct business in the open, legitimately, with adver- first example, further interaction is needed to bal-
tising and competition. ance the books.
Hawala is based on trust and there is little paper The lack of formal structure in Hawala leads to a
trail, such as checks or other instruments. Hawala less bureaucratic approach than formal financial
relies on strong personal and family connections institutions and, to those who use it, is thought to be
and other affiliations. more reliable and convenient. As there is no paper
193
AN EXAMPLE OF A HAWALA TRANSACTION

Tariq is a Pakistani living in New York and driving This arrangement will allow Tariq to send Waleed
a taxi. He entered the US on a tourist visa, which Rs166,250, instead of 154,225. As we will see,
has long since expired. From his job as a taxi the delivery associated with a Hawala trans-
driver, he has savings of $5,000 that he wants action is faster and more reliable than in bank
to send to his brother, Waleed, who lives in Kara- transactions. He is about to make arrangements
chi. Even though Tariq is familiar with the Hawala to do business with Iqbal when he sees the
system, his first stop is a major bank, where he following ad:
learns several things: MUSIC BAZAAR AND TRAVEL SERVICES
• The bank would prefer that he open an Latest Bollywood Hits Video Conversations
account before doing business with them. Cheap Tickets to India and Pakistan
• The bank will sell him Pakistani rupees (Rs) at Great Rupee deals (service to India and Paki-
the official rate of 31 to the dollar. stan) Call Yasmeen at 718-555-1111
• The bank will charge $25 to issue Tariq calls the number and speaks with Yasmeen.
a bank draft. She offers him the following deal:
This will allow Tariq to send Waleed Rs154,225. • A fee of 1 rupee for each dollar transferred
Delivery would be extra—an overnight courier • 37 rupees for a dollar
service because surface mail is not always reli- • Delivery is included
able, especially if it contains something valuable,
and can cost as much as $40 to Pakistan—and Under these terms, Tariq can send Waleed
take up to a week to arrive. Tariq believes he Rs180,000. He decides to do business
can get a better deal through Hawala, and talks with Yasmeen.
to Iqbal, a fellow taxi driver who is also a part-
time hawaladar. The Hawala transaction proceeds as follows:
• Tariq gives the $5,000 to Yasmeen.
Iqbal offers Tariq the following terms:
• Yasmeen contacts Ghulam in Karachi and
• A 5% “commission” for handling
gives him the details.
the transaction
• Ghulam arranges to have Rs180,000
• 35 instead of 31 rupees for a dollar
delivered to Waleed.
• Delivery is included
194
trail or actual transfer of funds between institutions, USING SECURITIES, FUTURES AND
cultural factors such as kinship and ethnicity play a DERIVATIVES TO MOVE MONEY
vital role in the facilitation of the transactions. Trade in securities represents a multi-trillion dollar
sector of the global economy, with millions of stocks,
REASONS FOR USING HAWALA bonds, derivatives, futures, credit swaps and other
Hawala may seem like a lot of trouble in today’s financial instruments being sold and purchased on
world, when money can be moved rapidly through dozens of exchanges worldwide. The actors involved
the traditional banking system or through elec- in securities trading include most of the world’s
tronic means. However, Hawala offers many advan- largest banks, major international investment firms
tages, according to these points gleaned from the and government entities such as sovereign wealth
above-mentioned study by FinCEN and Interpol: funds. They also include an array of smaller broker-
• Cost effectiveness age firms, sole proprietorship broker-dealers and
individual traders. Together with banking, the secu-
• Efficiency
rities industry is one of the key ways that persons
• Reliability worldwide access the global financial system.
• Lack of bureaucracy
Monitoring securities trading presents a distinct
• No paper trail
challenge, as it can not only be used to launder and
• Allows evasion of taxes move the proceeds of criminal activity, but also
COMMODITIES TRADING
TO MOVE MONEY COMMON INDICATORS OF
One emerging method of moving funds is commod- SUSPICIOUS ACTIVITY
ities purchases and trades. In these situations, a Some of the most common indicators of sus-
financial criminal will purchase a type of commod- picious activity in the securities industry are:
ity and export it to a “beneficiary.” Purchase orders,
• Changing share ownership when making
invoices and other records lend an air of legitimacy
a transfer across borders
to the transaction.
• Liquidating what would usually be a long-
Once the commodity is received in the destination term investment within a short period
country, it is sold locally, which accomplishes the • Using a brokerage account similar to a
task of exchanging one currency for another. Some- depository account
times, a third country is utilized to further obscure
• Opening multiple accounts or
the transaction.
nominee accounts
• Engaging in transactions involving
nominees or third parties
Source: FATF Report October 2009, Money

Laundering and Terrorist Financing in the
Securities Sector
195
be manipulated to earn illicit proceeds. As insider A similar type of security is a “bill of exchange” in a
trading and other forms of securities fraud are jurisdiction where it is redeemable upon presenta-
addressed in the Understanding and Preventing tion. Similar to the bearer bond, a bill of exchange
Fraud chapter, this chapter focuses on using secu- may be viewed as having a high level of risk of being
rities as a mechanism for transferring dirty money. used in a financial crime scenario or to launder
The financial crime specialist should note that secu- criminal proceeds.
rities fraud and laundering through securities are
often closely interconnected. SECURITIES TRADING AS LAYERING
Purchasing most securities on exchanges or mar-
The laws governing securities trading vary consider- kets almost always requires an account of some
ably from jurisdiction to jurisdiction, as do the reg- kind held with a securities broker, which is typically
ulatory and enforcement frameworks around secu- funded by another account at a financial institution.
rities markets. Many of the larger global exchanges, As a result, securities trading is not often the first
such as the London or New York Stock Exchanges, stage in laundering dirty money. However, because
are closely watched by a number of market reg- securities trades can be executed in high values
ulators and oversight bodies. Other exchanges and large volumes, they do represent a potential
receive considerably less scrutiny. In a 2010 typol- avenue for layering illicit proceeds, by quickly cre-
ogy report, the FATF found that, generally, suspi- ating a chain of transactions to obscure the source
cious activity reporting by the securities industry of the funds.
worldwide remained low, potentially due to a lack of
awareness of AML and terrorist financing issues in One example of this is wash trading of stocks, or
the securities field. simultaneously buying and selling shares of stock
in the same company through two different brokers.
The term “securities” refers to different types of Although this is usually done as a form of market
financial instruments issued by companies and gov- manipulation in order to make it appear as if there
ernment entities. A complete explanation of the is a high level of trading activity around a certain
instruments that qualify as securities is beyond the stock, it can also be done simply to pile up transac-
scope of this manual, especially as types of securi- tions and layer funds.
ties continuously grow and evolve. Further reading
is advised for the financial crime specialist involved Another sign that securities trading may be lay-
in cases involving securities. ering is if a broker is directed to make many rapid
purchases of a security with no discernible pattern,
BEARER SECURITIES purpose or underlying market rationale, and then
Although most securities are not now maintained sell these securities after holding them only briefly.
in paper form, “bearer” securities, including bearer
bonds, still exist in certain jurisdictions. These DERIVATIVES
instruments are owned by the person who “bears,” Derivatives come in three forms: futures, options
or possesses them. Once a bearer instrument has and swaps. Using derivatives to move money
been issued, the holder can transfer it to another derived from financial crime requires at least a cur-
recipient without the need to record the transaction. sory understanding of how derivatives work.
Bearer securities can be deposited into a brokerage
account and then be used to make other trades or Derivatives are essentially a bet on which direction
to withdraw or wire the entire funds. the price will move for some underlying value, which
196
WASH TRADING
Futures: A financial contract obligating The most common technique used in derivatives
the buyer to purchase an asset (or the trading to obscure illicit funds is known as wash trad-
seller to sell an asset), such as a physical ing. The financial criminal establishes two accounts.
commodity or a financial instrument, at a One account, the “dirty money” account, is held by
predetermined future date and price. a seemingly unrelated party. The second account is
held by the party that should “receive” the payment,
Options: Financial derivative that repre- such as a politician who may be receiving a bribe.
sents a contract sold by one party (option This scheme, of course, requires the assistance of a
writer) to another party (option holder). complicit broker.
The contract offers the buyer the right, but
not the obligation, to buy (call) or sell (put) The financial criminal and the broker agree to set
a security or other financial asset at an up two positions that offset each other. When the
agreed-upon price (the strike price) dur- positions come due, the loss is assigned to the dirty
ing a certain period of time or on a specific money account and the gain to the clean money
date (exercise date). account. The difference in the two is the cost of
laundering the money.
Swaps: Traditionally, the exchange of one
security for another to change the matu- OTHER DERIVATIVE TRADING RISKS
rity (bonds), quality of issues (stocks or
Derivatives can be used in a multitude of other com-
bonds) or because investment objec-
binations to create the illusion of legitimacy while,
tives have changed. Recently, swaps have
at the same time, moving money across borders to
grown to include currency swaps and
further a financial crime, launder criminal proceeds
interest rate swaps.
or finance terrorism. Taking offsetting positions
that result in double commissions for the complicit
broker, options trading with offshore companies,
can be a commodity, a share of stock, a financial client- originated insider trading, swaps in the com-
asset, foreign exchange or an index of these. The modities market and auto-trading are some of the
party betting that the price will go down is said to schemes or factors that have been noted in recent
be “short” on the contract. The party betting that years as vehicles for moving money.
the price of the underlying value will go up is said to
be “long” on the contract. If the price of the under- The real complexity of a derivative lies in the under-
lying value moves, there will be a winner and a loser lying contract, which is also often complex. The
in connection with the contract. If the price goes FATF has said in a report: “The way in which deriva-
up, the long side wins. If the price goes down, the tives are traded and the number of operators in the
short side wins. market ensure that there is the potential to obscur-
ing the connection between each new participant
The key to money laundering with derivatives is to and the original trade.”
manipulate the two sides of the contract in such a
way that the losing side is associated with the dirty
money, and to ensure that both sides are partic-
ipants in the money laundering scheme. Thus, the
winning side gets clean money from successful con-
tracts, a legitimate source of income.
197
ONLINE SECURITIES TRADING ACCOUNTS OVER-THE-COUNTER MARKETS

A relatively recent development is the rise of Inter- While most securities are traded on open exchanges
net-based securities trading accounts. These are where any registered securities broker can buy or
typically offered by financial institutions and invest- sell them, some securities are traded on over-the-
ment firms, and allow individual investors to access counter, or OTC, markets. “OTC securities” generally
their portfolio of securities. In some jurisdictions, refers to all securities traded outside of the tradi-
they allow individual customers to transfer secu- tional exchanges, which usually have greater regu-
rities to another customer account, the account of lation, more participants and stricter requirements
a family member or a company account they con- for the securities they will allow to be listed. In some
trol. Such easily accessible means to transfer secu- cases, OTC markets are regulated and organized,
rities can be used in tax fraud schemes, as a tax and OTC traders must become market members.
evader can shift their control of the securities to
another person or multiple persons and, therefore, In other cases, OTC markets receive significantly
avoid certain tax liabilities on the dividends of their less oversight and can simply involve groups of secu-
investments. rities brokers trading securities among themselves,
on terms they negotiate and not at market rates.
Such a transfer scheme could also be used for
money laundering. A financial criminal could con- In these instances, it is possible for OTC trades to be
ceivably have an associate or family member open manipulated to pay more for a security than would be
an online securities account and invest in a portfo- paid at a reasonable market rate, and thus covertly
lio of securities. The financial criminal would then transfer money to another party in the process. One
pay them the cash value of their securities port- example is through the trade in OTC options, a form
folio with illicit proceeds, allowing the criminal to of security that allows a seller to drastically inflate
instantly gain access to “clean” funds. the price they are offering for the option, or charge
substantial premiums to a buyer on their sale of
The growth of online securities trading accounts options. In either case, funds could be transferred
has also made it easier for financial criminals to from the buyer to the seller if the buyer purchased
access securities markets generally. High volumes options at the inflated price, or agreed to the high
of transactions through online trading services and premium. As OTC options trades can occur between
a lack of direct contact with customers can make it parties in different jurisdictions, this is one potential
difficult for the financial institutions that host such avenue to move funds internationally.
accounts to know their customers and detect suspi-
cious transactions. Like any online account, online
securities accounts are also vulnerable to identity PREPAID CARDS AND THEIR
thieves and account takeover schemes. FINANCIAL CRIME RISKS
Also called “stored value cards,” these are an
Identity thieves can open online accounts in order increasingly popular way of carrying, transmitting
to move illicit proceeds or engage in securities and moving value. Hundreds of billions of dollars
frauds such as insider trading. Hackers can take move worldwide through prepaid cards each year.
control of an online securities account as part of
securities manipulation schemes, using the account There are several types of prepaid cards. Some are
to buy up a certain stock in order to pump up its called “closed loop,” meaning they are issued by a
price, for example. particular business and may only be redeemed for
198
Prepaid card fraud is often tied to credit card fraud

in which a lost, stolen or counterfeit credit card is
used to buy or load prepaid cards, which are sold
at a discount from the value they contain. Prepaid
cards are also frequently used in identity theft or
account takeover schemes, in which a hacker will
obtain control of a victim’s online bank account
and use the funds to purchase prepaid cards, which
are then retrieved by mules or smuggled out of
the country.
Because prepaid cards are easily transported across

national boundaries, they serve as a convenient
and portable money laundering vehicle. A criminal
goods and services at that business. Closed loop seeking to launder money can load the card in one
cards usually may not be reloaded after their initial country, transport the card to another country and
value is consumed. withdraw cash through ATM machines. It is a simple,
secure and anonymous way to move and launder
“Open loop cards” have no specific business, service money. Financial institutions, retail establishments
or product they must be used for, and can typically and other businesses may combat money launder-
be utilized at any business that accepts credit or ing and other financial crime through prepaid cards
debit cards. They often may be used for ATM trans- with systems that monitor their sale and usage. The
actions and are normally reloadable. In most cases, system should issue alerts on card use, and limit
open loop cards are issued through a bank and use or block the use of prepaid cards that exceed the
the networks of major credit card companies, such established standards for normal use.
as American Express, MasterCard and Visa. They
are usually restricted for use with merchants that Understand how and why a card will be used.
accept the respective credit cards. While prepaid card issuers may not always collect
information or conduct due diligence to the same
Like any other mechanism to store and transfer extent as a bank or credit card issuer, they should
value, prepaid cards are susceptible to exploitation still have some recognition of the card’s intended
by financial criminals. Several attributes of prepaid use in order to determine what customer transac-
cards make them an attractive avenue for fraud- tions are normal and which may be suspicious. It is
sters and money launderers. They can be a highly important to note that transaction behavior may be
portable means to carry a large amount of funds, different from typical debit card or credit card use.
and are usually difficult to distinguish from a stan- One example is prepaid payroll cards, in which all
dard bank-issued credit or debit card. In some juris- the stored value on the card may be deposited or
dictions, they can be obtained with fewer customer withdrawn at once.
due diligence procedures than would be conducted
when opening a bank account or applying for a Monitor load activity and set parameters how
credit card. Some jurisdictions have few regulations cards can be loaded and for number of reloads in
on prepaid cards, allowing prepaid providers to a given timeframe. This is one of the most essen-
issue cards paid for in cash, with little information tial steps to prevent prepaid cards from being used
collected from the purchaser. in money laundering schemes. Restricting the
total amount that can be loaded onto a card, and
199
restricting or not allowing the card to be reloaded, EMERGING PAYMENT METHODS AND
limits the ability to store and move large amounts THEIR FINANCIAL CRIME RISKS
of value. Again, these thresholds and load moni- In Kenya, a trader in precious metals buys and sells
toring systems should be tailored to the intended gold using funds stored on his cell phone. In Ger-
use of the card and the type of customer. If reloads many, a customer buys electronic goods over the
are allowed, prepaid issuers typically should limit internet with Bitcoins. In the US, a user of Second
the amount that can be loaded onto the card in a Life uploads funds into an in-game account in order
given timeframe. to purchase virtual items.
Be able to identify the source and location of  All of these scenarios are examples of emerging
loads and reloads. Prepaid providers should mon- technologies to move and transmit funds called
itor the geographic location and flag or potentially “new payment methods” by the Financial Action
block cards loaded or reloaded from unexpected Task Force. Online communication tools, social and
and high-risk jurisdictions. They should also have gaming networks, and mobile devices such as smart
mechanisms in place to know the source of reloads, phones and tablets, are opening up more avenues
whether that is cash, credit card, wire transfer or for storing and transferring value than ever before.
money order. Many of these payment methods are either so
new as to be entirely unregulated, or intentionally
Monitor the number and type of cards issued to
designed in such a way that they can be used anon-
any given customer. A customer holding dozens or
ymously. As such, the attraction for financial crimi-
hundreds of prepaid cards without any compelling
nals is obvious, especially as the web-based nature
business reason would obviously raise major red
of many of these tools makes it possible to move
flags. Issuers should track the cards it issues to cus-
funds internationally with only a computer and a lit-
tomers and place limits as appropriate.
tle creativity.
Conduct due diligence to understand all parties
It is difficult to judge the financial crime risks of
involved in the issuance of cards in a prepaid pro-
these new payment methods, as most have only
gram. Prepaid cards are typically issued by banks,
been in existence a handful of years. Despite the
many of which are smaller regional institutions.
attention they have received from some compliance
These banks often outsource the actual operations
professionals and law enforcement agencies, there
and maintenance of their card programs to third
are very few well-documented cases of the pro-
parties, including the compliance function. Whether
ceeds of financial crime moving through venues like
the financial crime specialist is advising a prepaid
mobile payments and virtual currencies. With that
issuer or investigating a case involving prepaid
said, it is still important for the financial crime spe-
cards, they should understand who ultimately con-
cialist to understand these methods and recognize
trols cardholder information, and who is responsible
their potential vulnerabilities. As they continue to
for supervising compliance.
grow in use and amount of value being transferred,
it is almost inevitable that they will be exploited by
Prepaid card issuers must also be alert to the
financial criminals in some capacity.
responsibility of suspicious activity reporting
requirements. Some jurisdictions require suspi-
MOBILE PAYMENTS
cious activity reports to be filed with the perti-
nent authorities on prepaid activity, similar to the It is estimated that in 2012, roughly 1.5 billion peo-
requirements on other financial transactions. ple had direct access to a financial institution, yet
there were more than five billion cell phones. With
200
phones and other mobile technology proliferat- One risk of such a system is “digital value smurfing,”
ing, the potential to transfer, send or receive funds which simply means using multiple money mules or
through mobile devices, or “mobile payments,” rep- “smurfs” to make small cash deposits of financial
resents a rapidly growing new financial service. crime proceeds into their mobile accounts. Once the
money is in the mobile payment system, the smurfs
Currently, mobile payment systems are most com- can then transfer the virtual value into an account
mon in developing countries like the Philippines, controlled by a launderer or other financial criminal.
Ghana and especially Kenya, where access to banks
or other traditional financial services is often lim- Such a scheme has none of the typical difficulties
ited. Depending on the size and sophistication of associated with bulk cash smuggling. Because many
the system, mobile payments can be used to deposit mobile payment networks are relatively unregu-
and withdraw funds from accounts, transfer funds lated, it could also evade currency and transaction
between phones, and buy goods and services. Some reporting requirements placed on more traditional
employers will even pay their employees directly to financial institutions.
their phones. Mobile payments have also become
a popular means for emigrants to remit payments In addition, mobile payment systems may make it
back to their home countries. easier for launderers and other financial criminals
to erase their tracks, as they usually leave behind
Perhaps the best example of a mobile payment sys- fewer records than more established financial
tem in action is Kenya’s M-PESA. Launched in 2007, transactions. Law enforcement would be left with
M-PESA relies on a network of more than 100,000 little physical evidence that a financial crime took
small businesses, who register as agents with the place, and if the mobile payments are transferred
mobile payment system. An M-PESA user can then across borders, they may lack jurisdiction to pursue
bring cash to these agents, who will then exchange the financial criminal.
it for virtual value credited to a user’s M-PESA
account. Users can then exchange this value with VALUE TRANSFER THROUGH
other M-PESA users, buy items at some stores VIRTUAL WORLDS
and restaurants, or withdraw the value as cash at As online role-playing games became increasingly
another agent. As of late 2012, more than $1 billion popular worldwide, some began incorporating the
was transferred through M-PESA each month. ability to convert real-world currency into virtual
value that could be used to purchase items in the
game. As these games continued to develop, some
of the larger and more sophisticated ones spawned
virtual economies where items, services and even
virtual real estate could be bought and sold. Criti-
cally, some even developed means to convert vir-
tual value back into real-world funds or other assets.
These virtual worlds present yet another new avenue

that could be utilized by money launderers. Moving
value to and from a virtual world would allow funds
to easily cross national borders, and could be an
effective means to place and layer illicit proceeds.
Smurfs could create accounts in virtual worlds and
exchange real-world money for virtual value, then
201
transfer that value to an organized crime group by Less than two years later, Nakamoto ceased pub-
purchasing items in the game world. Additionally, lic communications and effectively disappeared.
some virtual worlds require little information from Whether he is a real person, a pseudonym used by
users to open accounts, allowing financial crimi- someone else, or a group of individuals is still not
nals to enter these online communities and conduct clear. But in the years since, the Bitcoin system has
transactions with relative anonymity. grown dramatically, launching a new era of digi-
tal currencies.
One of the oldest and most robust virtual worlds for
the exchange of real and virtual value is Second Life. Digital currencies existed prior to Bitcoin, some
An online community of roughly one million users dating back to the 1990s, and the name can refer to
worldwide, it allows users to create characters, a wide variety of electronic money and value trans-
design virtual items and create in-game buildings fer systems. Some of the earliest digital currencies
and structures. All these items and this real estate were systems that allowed users to open and fund
can be bought and sold, using an in-game currency accounts tied to the price of gold or other precious
called “Linden Dollars,” named after the company metals, and conduct transactions with other users.
that created Second Life. Linden Dollars can be pur- More recently, “decentralized” digital currencies
chased with real-world currency, and traded back based on mathematical systems, like Bitcoin, have
into real-world currency through the company’s risen to prominence.
currency exchange. In 2012, roughly $119 million
was traded on Linden’s currency exchange.  Virtual Since their beginning, digital currencies have
worlds have almost no oversight from any regula- attracted vocal supporters who claim they are the
tory body. As a 2012 report on currency trading future of money and payments, and equally vocal
in virtual worlds from the European Central Bank critics who argue they mostly exist for illicit trans-
stated: “Every criminal act which takes place in the actions. To date, both sides seem partially right.
real world might also be reproduced and adapted to Some digital currencies are innovative and have
Second Life and probably also to other virtual com- potentially far-reaching applications. But like any
munities. But the likelihood is even stronger as a system that can be used to store and transfer value,
result of the lack of proper regulation and oversight they are also vulnerable to use by money launder-
and owing to the high degree of anonymity that ers, cybercriminals and terrorist financiers.
exists in these online worlds.”
The FATF uses the terms “virtual currency” and
“digital currency” interchangeably. It defines these
DIGITAL CURRENCIES currencies as “a digital representation of value that
In October 2008, someone going by the name of can be digitally traded and functions as a medium of
Satoshi Nakamoto published a paper, which detailed exchange, a unit of account, and/or a store of value.
the development of a peer-to-peer electronic cash
system, to a mailing list for programmers and cryp- The FATF notes that digital currencies are not issued
tography researchers. or backed by any country or jurisdiction – they hold
value only due to their acceptance by a user com-
A few months later, Nakamoto released the source munity. Digital currencies are separate and distinct
code for the project outlined in the paper, and from “fiat” currencies, the real-world money issued
became the first person to hold currency generated by national governments. Some digital curren-
by this new system: Bitcoin. cies, in fact, were originally intended by their cre-
ators as replacements for fiat currencies. In broad
202
terms, digital currencies can be divided into two By their nature, centralized systems are more eas-
types of systems. ily subjected to regulatory oversight or enforce-
ment. One person or entity administers them, in
CENTRALIZED CURRENCIES some cases running the platform off of a handful of
Centralized currencies exist on their own propri- servers. If the person behind the system is arrested,
etary platform and are operated by a single com- or the servers seized, a centralized currency can
pany or person, usually referred to as the admin- essentially disappear overnight.
istrator. While users hold accounts and can initiate
transactions, the administrator sets the rules of Closed-loop currencies are less at risk for money
the system and acts as an intermediary to process laundering than open-loop or convertible ones, and
transactions and maintain a payment ledger. their use in financial crime schemes is generally lim-
ited to smaller transactions by lower-level criminals.
Most centralized currencies are “closed-loop” or
non-convertible, meaning they can only be used However, savvy financial criminals have figured
for transactions on a specific platform. Some are out ways to exploit even seemingly obscure value
“open-loop” or convertible, meaning they can be transfer systems for their own benefit, and closed-
exchanged for fiat currencies. Common examples of loop digital currencies are no exception. Secondary
closed-loop systems are the currencies used to buy markets or unauthorized exchanges have devel-
and sell items in online games and virtual worlds. oped around some non-convertible currencies,
allowing users to convert virtual funds back into
Users can transfer real-world money onto accounts fiat currency.
in these closed-loop systems and conduct trans-
actions between users of the system, but typically DECENTRALIZED CURRENCIES
cannot spend or convert the currency outside of Decentralized currencies do not have an adminis-
the platform. trator, and there is no single entity that controls
them. Instead, they operate on a peer-to-peer
model. The platform that maintains and adminis-
ters the currency is distributed between the users,
and its rules and operations are established by its
programming.
Most decentralized currencies are also “cryptocur-

rencies.” This means that their operations are based
on principles originally developed in the cryptogra-
phy field. Cryptocurrencies rely on cryptographic
keys to transfer value between users, and validate
the transaction. The system’s programming main-
tains a ledger of transactions. This ledger is sup-
ported and secured by mathematical operations
conducted by the users themselves.
A Photograph of a Smartphone with A Bitcoin Wallet. A Wide
Variety of Cryptocurrencies in Any Quantity Can Be Held in This description of cryptocurrencies is simplified, as
Mobile Wallet Applications. a full technical explanation of cryptocurrency oper-
ations is beyond the scope of this manual. However,
203
while they may sound complex, most cryptocurren- into circulation. Through its programming, Bitcoin
cies are fairly simple to obtain and use. has a cap on the total number of Bitcoins that will
be brought into circulation, at 21 million.
Bitcoin has become the de facto standard for cryp-
tocurrencies, although there are many others Resolving the mathematical puzzles required for
inspired by Bitcoin that have tried to present them- mining takes substantial computational power. To
selves as modified or improved versions. As of early incentivize mining, the system rewards miners with
2018, some of the more popular cryptocurrencies a small transaction fee. When a new Bitcoin is peri-
after Bitcoin were Ethereum, Litecoin, Zcash, Dash, odically released into circulation, the miner who
Ripple and Monero. unlocks that Bitcoin also receives it as a reward.
Mining has become significantly more difficult
The most common way that users obtain Bitcoins, over time, due to the programming constraints of
or other cryptocurrencies, is through an exchange. Bitcoin. Some other cryptocurrencies also rely on
These exchanges operate similarly to securities mining as part of their operations, while others use
trading accounts, with the prices of currencies con- different models.
stantly changing. Exchanges generally will require
a users’ real name and contact information, and Because setting up accounts on digital currency
conduct customer due diligence before open- platforms is often a quick and easy process that can
ing an account. be done online, these systems lend themselves to
“micro-laundering.” A launderer may open multiple
Customers can then purchase digital currencies different accounts under his control on a currency
through bank accounts or credit or debit cards. platform, and use them to send many different
Some exchanges also provide wallets or electronic small-value payments to other recipients.
storage for a user’s Bitcoins. Users can also cre-
ate their own wallet online. A wallet comes with a This technique takes advantage of the ability to con-
unique address that allows users to receive Bitcoins. duct rapid or instantaneous payments using digital
currencies. W the amounts transmitted in each pay-
Once they have obtained and stored Bitcoins, users ment may be very small, a criminal can move large
can transfer payments using the recipient’s public sums quickly by conducting hundreds or even thou-
address, purchase items from retailers who accept sands of low-level transactions.
Bitcoin, buy gift cards, or even exchange Bitcoins for
other digital currencies. There were nearly 100,000 CRYPTOCURRENCY AND MONEY
retailers that accepted Bitcoin as of mid-2017. LAUNDERING RISKS
Why would a money launderer, fraudster or other
There are several other ways to obtain Bitcoins and financial criminal decide to use a cryptocurrency?
other digital currencies besides purchasing them After all, there are established money laundering
from an exchange, including through “mining.” In channels that are proven to be effective, and pay-
simple terms, mining involves using computing ment systems like money remitters have transac-
power to solve complex mathematical formulas, tion fees that are comparable or lower than many
and is an integral part of how Bitcoin and some cryptocurrency exchanges.
other cryptocurrencies operate.
Furthermore, cryptocurrencies are a tradable asset.
Mining helps process transactions in Bitcoin, and Speculation on cryptocurrency markets can lead
maintains the currency’s open payment ledger, or to large fluctuations in their price, and their value
“blockchain.” It is also how new Bitcoins are released tends to be less stable than many real-world cur-
204
rencies and investments like real estate. Although use of financial institutions and the regulatory over-
their acceptance by retailers and even some finan- sight that comes with them, is another reason why
cial institutions is growing, the ability to convert financial criminals might exploit cryptocurrencies.
cryptocurrencies into cash, or use them to buy
goods and services, is still more limited than real- It is worth noting that there is a major caveat in Bit-
world currencies. coin’s perceived anonymity. All transactions in Bit-
coin are stored on its public ledger, or blockchain.
However, there are key features of cryptocurren- If someone – for example, a law enforcement agent
cies that may make them attractive to the crim- – knows the addresses of the sender or recipient,
inal element: they can theoretically trace the transaction through
the blockchain.
ANONYMITY
Much of the concern from law enforcement and In 2015, agents with the FBI and IRS Criminal Inves-
regulators has focused on the potential for largely tigations Division were able to trace nearly 4,000
anonymous transactions using cryptocurrencies. Bitcoin transactions to Silk Road, a notorious online
drug bazaar. This tracing was possible after agents
Many exchanges will conduct customer due dili- seized a laptop containing the personal addresses of
gence, monitoring and reporting on the funds com- Ross Ulbricht, Silk Road’s owner and operator, and
ing into customer accounts. Once funds move from analyzed these addresses against the blockchain.
real-world currencies into cryptocurrencies, how-
ever, they become much more difficult to trace back For this reason, Bitcoin is often referred to as pseu-
to a real person. Once a customer has transferred do-anonymous. Even if a transaction is traced, it
Bitcoins purchased on an exchange into his wallet, can be challenging to tie an address back to its true
the transaction trail is obscured from the eyes of owner, and requires extensive investigation.
law enforcement and regulators.
SPEED AND IRREVOCABILITY
At this point, cryptocurrency transactions act simi- An individual who orders a wire transfer for payment
larly to transactions in cash. Users can transfer cur- to a recipient overseas may have to wait several
rency to other users, buy goods or services or store days for the transaction to clear. During that time,
currency in an online or offline wallet with little to the bank will conduct due diligence checks on the
no reporting or audit trail. customer and recipient, and the transaction could
be cancelled or reversed if it is found to be fraudu-
Although exchanges require a user to provide his lent or in violation of sanctions.
real identity, wallets typically do not – many can
be opened using only an email address and alias Cryptocurrency transactions have no such limita-
or fake name. Wallets can be held on a user’s own tions. Once initiated, the currency leaves one user’s
device, such as a computer, phone or even USB wallet, is processed through the ledger, and enters
drive. Addresses tied to these wallets, and used to the recipient’s wallet in a matter of minutes or less.
transact in Bitcoin and other cryptocurrencies, can Transactions are usually irrevocable. Like a cash
be hard to link back to an individual or entity. payment, there is no built-in mechanism to reverse
a cryptocurrency payment unless the recipient sim-
Unlike cash, digital currency users do not need to ply agrees to return it.
physically move large volumes of currency or be in
the same area to conduct transactions. This ability Many exchanges and service providers will respond
to conduct cross-border transactions, without the to user complaints, and may shut down accounts
205
suspected of illicit activity. But the decentralized ers have little ability to recover them. The same
nature of cryptocurrencies means there is no sin- is true for cybercriminals offering hacking skills
gle administrator to police transactions or field or malware, or sellers of narcotics or illegal goods,
appeals from users. who want to ensure they will be paid without hav-
ing to reveal any personally identifying informa-
From the perspective of a criminal conducting an tion to buyers.
online fraud scheme, this makes cryptocurren-
cies an appealing option. Online Ponzi and pyra- INCONSISTENT REGULATION AND
mid schemes will often ask for payment in Bitcoin ENFORCEMENT OF DIGITAL CURRENCIES
or other cryptocurrencies, ensuring the fraudster In the early days of digital currencies, lawmakers
receives his funds quickly and defrauded custom- and regulators in many jurisdictions seemed baffled
A Notice Posted on the Dark Markets Alphabay and Hansa After Both Were Seized by Dutch Police in 2017. In Recent Years, Law
Enforcement has Become More Adept at Dark Web and Cryptocurrency-related Investigations.
206
by what to make of this strange new phenomenon. Digital currencies are widely used in markets for
Cryptocurrencies seemed especially confusing. illegal goods and services online, however. Digital
currencies have become the preferred payment
Some countries ignored them, some outlawed their method for illicit online transactions, especially on
use entirely, and still others debated whether they the dark web. The “dark web” describes an Internet
were even a financial asset that should be subject network that exists outside of the “surface web,” or
to regulation. That debate continues, but some the online world that most people typically inter-
nations have adopted a framework for regulating act with through their browser. The dark web can
parts of the digital currency world. The most com- only be accessed through specialized software and
mon approach has been to focus on regulation of is not discoverable through search engines or web
digital currency administrators and exchanges. indexing tools.
In the US, Canada and European Union, for example, The largest and perhaps most well-known dark web
administrators and exchanges are considered to a is accessible through The Onion Router (Tor), an
form of money services business, and subject to the online anonymity tool. Tor is free software that any-
same AML regulation as other MSBs. This includes one can download. It was initially developed to help
customer due diligence, transaction monitoring, persons in repressive countries access the Internet
reporting and record-keeping requirements. Glob- and avoid government censorship.
ally, the regulatory framework for digital currencies
remains inconsistent and varied. Some countries It directs an individual’s online activity through a
still do not regulate digital currency exchanges; oth- network of more than 7,000 relays, disguising a
ers have regulations on the books but do not seem user’s true location and making it difficult to con-
to enforce them. Whether and how individuals have duct online surveillance on a user. Web sites can
to report their digital currencies for tax purposes is be configured so that they are accessible only to
also unresolved in many countries. computers running Tor software. This has created a
hidden online environment shielded from the public
CRIMINAL USE OF DIGITAL CURRENCIES view of the surface web.
AND THE DARK WEB
If digital currencies are vulnerable to use by finan- Much of its dark web is innocuous. There are per-
cial criminals, there is an obvious question: What sonal websites, blogs and even social media sites
are criminals using them to do? similar to Facebook, but, inevitably, criminals have
also been drawn to the dark web. There are forums
Much concern about digital currencies has focused where credit card fraudsters trade tips and share
on their potential for money laundering by transna- skills, and others where cybercriminals discuss new
tional organized crime groups and terrorist finan- malware and attack techniques and offer sugges-
ciers. As of mid-2017, researchers and law enforce- tions on easy targets. Criminal actors have also set
ment have found infrequent though growing use by up dark web marketplaces, where a vast array of
organized crime rings, and limited cases involving illegal goods and services can be purchased using
terrorist financing. cryptocurrencies.
In July 2017, a report by the European Commission Many well-trafficked illicit bazaars in the Tor dark
noted that use by organized crime was “quite rare” web, such as Silk Road, Silk Road 2.0 and AlphaBay,
at that time, and suggested that digital currencies have been closed by law enforcement or shut down
presented a higher bar for entry and were less con- by their own creators. Yet each time, others open up
venient than other money laundering methods. to take their place.
207
These marketplaces act as a middleman, provid- At the same time, institutions should recognize that
ing the online platform to connect sellers and buy- there is nothing inherently suspicious about pur-
ers. Many will mimic the functionality and even the chasing or transacting in digital currencies. Most
appearance of legitimate surface-web retail sites, customers are likely to be moving funds to a digital
such as eBay or Amazon. Markets may specialize currency exchange for a legitimate purpose.
in one type of good or service, but larger ones will
usually have a variety of offerings. Specific digital currencies rise and fall in promi-
nence, and some have disappeared completely.
Cryptocurrencies have enabled these dark markets
to thrive. The ability to conduct rapid cross-bor- However, the concepts underlying digital currencies,
der payments that do not require trust between especially the decentralized public ledger or block-
buyer and seller makes cryptocurrencies ideal for chain, are here to stay. As innovation continues and
illicit online transactions. Most marketplaces only mainstream use increases, blockchain applications
use Bitcoin or other cryptocurrency as their pay- are poised to expand into the new fields, and digital
ment mechanism. currencies seem likely to become a widely accepted
part of the global financial system.
DIGITAL CURRENCY COMPLIANCE
CONSIDERATIONS
HUMAN TRAFFICKING AND
Along with overtly criminal marketplaces, there are
thousands of legitimate merchants who accept dig-
FINANCIAL FLOWS
ital currencies, on both the dark web and surface A lucrative and rapidly growing criminal activity,
web. They range from global corporations such human trafficking is by most estimates second only
as Microsoft and Dell and online retailers such as to drug trafficking in its global scale and profitability.
Overstock to travel sites such as Expedia, along
with many smaller sites and stores. Some bars and On the positive side, awareness of the issue has
restaurants have adopted Bitcoin payments. Even greatly increased in recent years, as have resources
some political parties and non-profits have begun to train financial crime professionals to spot illicit
taking donations via cryptocurrency. financial flows tied to human trafficking. Some
countries have also seen positive results combat-
As digital currencies become more mainstream and ting human trafficking with initiatives to increase
more merchants start accepting them, criminals cooperation and information-sharing between law
who transact in cryptocurrencies have more outlets enforcement and the financial sector, such as Proj-
to use their illicit proceeds. Even so, criminal actors ect Protect in Canada.
may still want, or need, to convert digital currencies
back into real-world funds to bankroll ongoing oper- Despite these advances, the statistics behind
ations or enjoy their ill-gotten gains. This creates an human trafficking remain staggering. In 2017, the
interface with financial institutions and raises com- International Labor Organization estimated that
pliance concerns for AML professionals. forced labor generated more than $150 billion per
year from nearly 25 million people in involuntary
Banks and other financial institutions should con- servitude. Of those people, the largest portion – 16
sider monitoring their customer accounts for sig- million - were in forced labor in private sector work
nificantly large or frequent funds transfers to and like agriculture, construction and domestic ser-
from digital currency exchanges. These transac- vice. An additional 4.8 million were in forced sexual
tion patterns could indicate potential illicit activity exploitation, while the remaining 4.1 million were in
involving digital currency. forced labor from government authorities.
208
A 2016 report by the United Nations Office on Drugs A thorough assessment can help respond to these
and Crime, Global Trafficking in Persons, found that questions. Some factors to consider can include:
71% of victims were female, though the proportion of • Geographic region – Is the institution
male victims had grown rapidly in recent years. The providing services in a jurisdiction with high
report also found that 28% of victims were children. prevalence of trafficked individuals, or in a
human trafficking corridor? Reports from the
A growing body of research and intelligence on UN Office on Drugs and Crime, FATF, the US
human trafficking has led to a more nuanced under- State Department and others can help identify
standing of its financial footprint, which can vary higher-risk regions.
widely based on the type of trafficking and exploita-
tion that is taking place. Human trafficking schemes • Customer type – Business types at higher risk
are diverse, and how they register as incoming for use in sexual exploitation have historically
and outgoing financial flows can be very different included massage parlors, online and print
depending on the details of the scheme, including classified ad providers, bars and nightclubs,
factors like: and hotels/hospitality industry providers,
among others.
• The recruitment and transportation mechanisms
used for trafficked individuals, ranging Business types at risk for forced labor
from forcible abduction to false promises of commonly include agriculture, low-skills
employment, immigration or even marriage. manufacturing, construction services,
transportation service providers, and labor
• Whether the perpetrators are operating brokers or recruiters, especially those focused
domestically or internationally on seasonal or transient work.
• How the perpetrators benefit from trafficking • Products and services – Like any financial
and exploitation – For example, whether funds criminal, human traffickers are versatile
are taken from victims of forced labor in cash, or opportunists, and will rely on nearly any
whether wages are stolen after being deposited financial service that is accessible and
in a bank account, or by other methods. convenient. Historically, schemes have
operated with prepaid cards, cash and money
As such, there’s no “one-size-fits-all” approach to orders to take funds from victims and finance
detecting and preventing human trafficking within operations, though the use of personal bank
the context of a financial crime compliance pro- accounts is also common.
gram, nor one comprehensive list of red flags.
More recently, law enforcement agencies in
For this reason, it’s important for financial insti- some countries have an increase in the use of
tutions and other organizations to consider their digital currencies and email money transfers,
exposure to human trafficking as part of risk assess- such as those offered by Paypal, in sexual
ment, and to drill down on the specific types of traf- exploitation cases. In one case in Canada,
ficking they may be dealing with. Should an institu- victims of sexual exploitation were being paid
tion on focus personal accounts that may be held in bitcoin and email money transfers, which
by victims of sex trafficking, or business accounts once received were immediately sent to
being utilized by companies abusing forced labor? another account.
For non-financial companies, are there human traf-
ficking risks within the supply chain?
209
RED FLAGS OF HUMAN TRAFFICKING • Low cost, high-volume transactions related to

As research and reporting on human trafficking transportation and logistics
have advanced, so too have the resources from • Common telephone numbers or emails
regulators and international organizations that between multiple (seemingly unrelated)
are available to support compliance programs and customer’s accounts
investigations. The links highlighted below are just • A customer with no clear full-time employment,
a few examples: despite significant account turnover
• FATF Report – Financial Flows from Human • Accounts with frequent transactions to
Trafficking (2018) – Includes statistics and classified advertising sites/services
descriptions, case studies, and red flags
• Accounts that are tied to customers at the same
• FinCEN Advisory - Guidance on Recognizing address receive funds that are then immediately
Activity that May be Associated with Human withdrawn in cash
Smuggling and Human Trafficking (2014) –
Includes a compendium of red flags organized • Accounts for individuals that have deposits
by type of financial institution coming in, but no living expenses – E.g. no
transactional activity related to food purchases,
• United Nations Office on Drugs and Crime – rent, credit card payments, etc.
Human Trafficking Knowledge Portal - Archive
of known cases of human trafficking, updated
on an ongoing basis
It’s worth noting that front line staff can be very

important watchdogs for detecting suspicious activ-
ity tied to human trafficking. For example, one key
red flag is a customer who establishes an account or
conducts transactions while accompanied by a third
party. This third party may purport to be a transla-
tor, and often possesses the client’s identification.
While such may never show up in an alert, a well-

trained staff member could quickly raise the issue
to compliance staff for further investigation.
Other transactional activity that could be red flags

of human trafficking includes:
• Customers that cash payroll checks, then
remit all or the majority of funds back to an
employer account
• Accounts that appear to operate as funnel
accounts, which receive cash deposits from
states, cities or regions outside of where the
accountholder resides
210
Q 10-1. An investigation of an export-import corporation in Florida that exports large house-

hold appliances to Colombia discloses the following:
1. The corporation’s sources of funds for the purchase of the items is large check deposits
from a small number of other Florida export companies.
2. Each of the business accounts of these other export companies is funded by small
checks from numerous personal accounts that are domiciled in banks in New York or
South Florida. Each deposit is for less than $3,000 and for an amount in even $100
dollar increments.
What is this money laundering scheme known as?
A. Transfer Pricing Scheme
B. Black Market Peso Exchange (BMPE)
C. Bulk Cash Smuggling
D. Carousel Fraud
Q 10-2. A young woman, who is a national of Country A, works as a caregiver for a family in
the US. She sends much of her earnings to support her family back in Country A by giving the
amount in cash to a local grocer, whose family is also in Country A. Once the grocer receives
the cash, he calls his partner who runs a market in one of the larger cities in Country A. From
there, the young woman’s family can pick up the money sent.
What is the name commonly used to describe this form of remittance transaction?
A. Cash transfer
B. Hawala
C. Referral Banking
D. Black Market Peso Exchange (BMPE)
211
CHAPTER 11
COMPLIANCE
PROGRAMS
AND CONTROLS
OVERVIEW
In simple terms, compliance programs of financial institutions and

other corporations are aimed at assuring that the organization
complies with the statutory, regulatory and other governmen-
tal requirements that apply in a particular field. In the financial
crime arena, because of a strong public policy against permitting
financial institutions and other corporations from being used and
abused for the commission or facilitation of crime, a great deal of
laws and regulations over the past 45 years have created a patch-
work of requirements.
212
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
These compliance programs have compelled var- tinct financial crime units into an overall unit that
ious business organizations to create new depart- may be called “The Financial Crimes Risk Manage-
ments to ensure obedience with the legal requirement Program,” or something similar.
ments. Over time, these compliance departments
have grown dramatically in terms of the number How does one create such a program and the
of people involved, the diverse occupational fields accompanying structure?
that these people represent, and their cost to the
organization. In fact, regulatory agencies not only A compliance structure for a financial crimes risk
review the operations of the business organization management program involves multiple coordinated
to ensure that it is not conducting or facilitating the functions. As with any compliance program, its suc-
particular financial crime activity that is the agen- cess requires development, implementation and
cy’s jurisdiction, but they also examine the com- ongoing operation, effective corporate oversight and
pliance department to enure that it is sufficient to the interaction of executive leadership, key group
guard the organization against the pertinent finan- and line of business leaders, compliance, product
cial crime problem. managers, the legal department, an auditing process
and other employees across the organization.
CONVERGENCE OF FINANCIAL
CRIME FUNCTIONS One essential element, if the organization is large
enough, is a governance function. This element of
As compliance programs have grown, so have their
the overall financial crime compliance program
structures and focus. One of the significant devel-
should set policies and have an effective and effi-
opments in compliance program management and
cient method of implementing them across the
organization in recent years is the concept of “con-
entire organization, including ways to handle
vergence.” Just as the term “financial crime” con-
requests for exceptions and exemptions.
notes an embrace of distinct components of that
term, including corruption, money laundering, fraud,
sanctions and related crimes, convergence signifies ORGANIZATIONAL OVERVIEW OF
the enveloping of distinct financial crime-control
FINANCIAL CRIME CONTROLS
functions to improve effectiveness, efficiency and
economy in compliance by business organizations, A company’s size, structure, complexity and risks
including financial institutions. are the basis of internal controls designed to limit
Many large, medium and small financial institutions

and other corporations have embraced the concept
of convergence. They have concluded that many
of the functions of distinct financial crime controls
and the personnel who work in various units would
achieve more in the overall picture as a combined
unit than separately.
Later in this chapter, the traditional compliance

program in the AML and other financial crime fields
is explained. For now, because it is the new wave in
financial crime compliance programs, it is instruc-
tive to explore and explain the convergence of dis-
213
and control risks and achieve compliance with the • Monitoring the activity of both employees
appropriate laws. Internal controls are typically and third parties when they act on behalf
divided into “preventive” and “detective,” although of the company
they are not strictly linear. In whatever names the • Screening, blocking and rejecting transactions
controls are labeled, a program should be designed and customers appropriately
to promote a strong compliance culture that pro-
vides oversight and permits members of the group • Reporting these matters (and other regulatory
to challenge persons in the business units and the reporting requirements, including CTRs)
examiners, as appropriate. • Exiting customer relationships
• Compliance testing
Preventive controls include the following and others:
• Maintaining corporate financial crimes Prevention and detection depend on the following:
policy program • Employees who design, build and implement the
• Maintaining a customer identification and policies and controls
due diligence program that identifies and • Processes and procedures that implement and
prevents inappropriate people and entities from integrate those controls in the line of businesses
becoming customers or a representative in a and operational groups
foreign country, and has a process to exit risky
• Technology that leverages these employees
relationships after being discovered
and processes
• Providing appropriate training
• Training to ensure employees understand the
• Performing appropriate risk assessments and risks and controls
gap analysis
• Providing line of business reporting, issue POLICY PROGRAM
remediation and root cause analysis Effectively implemented and sustainable policies
• Preparing useful senior management and are one of the cornerstones of a strong risk man-
board reporting agement program. One way of accomplishing this
is to require central policies that lines of business
• Maintaining functions that promote liaison with
implement by developing procedures to meet them.
the audit unit and coordination of examinations
This allows roles and responsibilities to be clear.
Detective controls include the following duties An effective policy program should also include
and attributes: the following:
• Identifying suspicious activity through unusual • New policy consideration

activity referrals by employees or automated • Policy revisions
transaction monitoring, customer surveillance, • Policy implementation
or other customer or transactional monitoring
• Policy exception & exemptions processes
tools and processes
• Policy gap analysis review
• Investigating the identified unusual activities
• Monitoring customer activity, and applying
predictive analytics for customer-centric, cross-
channel fraud detection
214
TRAINING CUSTOMER RISK-RATING

Training is an essential element of any compliance Risk assessments are a way of looking at the inher-
program, to the point that it is one of the “five pil- ent and residual risk of a line of business. However,
lars” of anti-money laundering compliance under it is also important to evaluate individual customers
the US regulatory regime. Regulations often specify by performing customer risk ratings. The purpose
that covered financial institutions and other compa- of a customer risk rating system is to identify those
nies must ensure that their personnel are trained in customers who pose a higher risk to the company,
the laws and rules relevant to their positions. and who may require enhanced due diligence or
whose relationships should be ended.
A program should require that all employees com-
plete role-specific training tailored to their jobs and Risk ratings are best managed by a data analytics
responsibilities. In addition, organizations should group that can modify the program as needed. For
consider supplying employees with appropriate instance, additional risk models may be needed to
training on wider financial crime issues likely to account for product risk, such as when a customer
affect multiple departments business lines such as adds a higher risk product that changes the cus-
fraud, global anti-corruption, cybercrime and tax tomer’s risk profile. Corporate policy should require
evasion, among others. that all lines of business use an enterprise-wide
methodology to risk-rate their customers to ensure
Training should be given on at least an annual basis, that customer risk is evaluated consistently across
though many organizations use a quarterly training the enterprise. A suggested model is based on a
model. Newly hired employees should be required scale of 1 (lowest risk) through 5 (highest risk) or
to complete training within 60 days of being hired. whatever scale of merit the organization selects.
PRODUCT RISK
RISK ASSESSMENTS
Having a product or service risk policy for new and
Risk assessments should be based on the govern- modified offerings allows an organization to have
mental requirements and designed so that they are a more comprehensive view of its overall financial
conducted at a business unit level that then can be crime risks.
aggregated for other units, including at the cor-
porate level.
SANCTIONS COMPLIANCE
For financial crimes, a risk assessment should fol- The laws of certain countries impose sanctions, or
low a documented process. It is useful to apply the authorize regulations imposing sanctions, against
following categories to a risk assessment process: specific foreign governments, organizations and per-
• Types of distribution channels used by the sons. Sanctions generally prohibit transactions with
business unit countries, individuals and organizations and require
• Complexity of the business unit’s that transactions involving them be blocked. The
business model laws that authorize sanctions also usually impose
penalties on individuals, financial institutions, or
• Degree of change in the business other businesses and organizations that conduct
• Amount and type of growth in the business transactions or engage in commerce with the sanc-
tioned nations, individuals and organizations.
215
In essence, sanctions are a nation’s objections to

the policies or conduct of a nation, organization or
individual. They include travel restrictions; restric-
tions or prohibitions of trade, financial transactions
or other commerce with the subject nation; and
other measures. They also authorize the seizure
or freezing of property owned or controlled by the
sanctioned nation, organization or person if it is sit-
uated in the country imposing the sanctions.
OFFICE OF FOREIGN ASSETS

CONTROL (OFAC)
The Office of Foreign Assets Control (OFAC) FIGURE 1 – Russian President Vladmir Putin Pictured with
is an agency of the United States Depart- Oleg Deripaska (at Right) at a Summit in 2006. Once Russia’s
ment of the Treasury. It is overseen by the Richest Man, Derispaska Was Placed on OFAC’s List of SDNs
Under Secretary of the Treasury for Ter- in 2018 for Ties to Organized Crime and Illicit Activities.
rorism and Financial Intelligence. OFAC’s
purpose is to administer and enforce eco-
In addition to national sanctions, the United Nations,
nomic and trade sanctions against targeted
through the UN Security Council, may ask member
nations, organizations, and individuals. US
countries to apply sanctions against certain coun-
sanctions are imposed based on US foreign
tries. Some nations, such as Canada, impose their
policy and national security goals.
own sanctions and enact domestic laws in response
To enforce economic sanctions, OFAC acts to UN Security Council resolutions.
to prevent “prohibited transactions.” These
The websites of the foreign ministries or other appro-
are described by OFAC as ‘trade or financial
priate agencies of most nations contain information
transactions and other dealings in which US
on their sanctions policies and sanctions lists.
persons may not engage unless authorized
by OFAC or expressly exempted by statute.’
In the US, which has the world’s most active and
OFAC can grant exemptions to prohibitions
broad sanctions regime, the Office of Foreign
on such transactions, either by issuing a
Assets Control (OFAC) of the US Department of
general license for certain categories of
the Treasury administers and enforces sanctions
transactions, or by specific licenses on a
against nations, drug traffickers, terrorists and per-
case-by-case basis. OFAC essentially relies
sons and organizations linked to the proliferation of
on financial institutions and businesses to
mass destruction weapons.
enforce its “prohibited transactions, by
requiring them to block assets and pre-
OFAC sanctions usually prohibit trade, cause the
vent transactions to and from sanctioned
“blocking” of assets, and prevent financial transactions
individuals, organizations and nations.
with sanctioned countries, organizations and individ-
See the OFAC page for more information:
uals. OFAC also imposes sanctions on “specially des-
www.ustreas.gov/offices/enforcement/ofac
ignated nationals,” known as SDNs, whose property
216
must be blocked. OFAC’s website, at www.ustreas. sanctioned entities or regimes. Sanctions lists, such
gov/offices/enforcement/ofac, provides information as those of OFAC, consist of SDNs and countries, as
on US sanctions policy and sanctioned nations, per- well as economic sanctions against specific coun-
sons and organizations. tries or regimes as part of specific laws.
Sanctions regulations are complex and varied. Pen- OFAC SANCTIONS

alties for violation apply to institutions, businesses The US has one of the most complex and actively
and individuals. In the US, the maximum prison enforced network of sanctions laws in the world. As
term upon a criminal conviction is 20 years. Civil previously mentioned, US sanctions are adminis-
monetary penalties may also be imposed for each tered and enforced by the Office of Foreign Assets
prohibited transaction. Control, or OFAC.
The sanctions program of a financial institution or The US has comprehensive sanctions in place
other business must not only employ and continu- against a number of countries, which as of May
ally train employees on sanctions policies, enforce- 2017 included Cuba, Myanmar, Iran, North Korea,
ment and compliance, but it should also ensure its Sudan and Syria. These prohibit most forms of
procedures provide current information on sanc- trade and financial transactions to these countries.
tions developments worldwide, including new and There are also targeted sanctions in place against
modified sanctions. Close monitoring of transac- over 5,000 individuals, businesses, nonprofits and
tions to ensure they do not involve a sanctioned entities, including terrorist organizations, drug
nation, individual or organization and prompt block- traffickers and organized crime figures located
ing of those that do, coupled with effective internal anywhere in the world.
reporting and training, are essential elements of a
good sanctions compliance program. Entities that are owned by these specially desig-
nated nationals, or in which SDNs have a more than
50 percent stake, must be treated as SDNs. All
SANCTIONS
US citizens, corporations and legal entities must
COMPLIANCE PROGRAMS comply with US sanctions. In addition, any person
Sanctions programs of various nations, such as or entity physically located in the US must comply
those managed by the US Treasury Department’s with US sanctions, including branches of non-US
Office of Foreign Assets Control (OFAC) or the financial institutions located in the US.
UK Treasury, are designed to block or prevent the
transfer or use of funds through the global financial The procedures that institutions use to enforce US
system by certain designated entities or countries. sanctions on financial transactions will vary some-
Usually, sanctions compliance is an important com- what depending on the terms of the specific law
ponent in the organization’s overall AML program. imposing that sanction. In general, however, institu-
Sanctions carry heavy civil and criminal penalties, tions will follow these steps:
ranging from large fines to criminal prosecutions, • The originator and recipient of a transaction
as well as significant reputational damage. are screened against lists of sanctioned
countries and SDNs.
Sanctions program laws and regulations in vari-
ous countries include a number of obligations and • Transactions that match an entry on the
expectations. Principal among these are the block- sanctions list must be “blocked,” or prevented,
ing of funds and rejecting of transactions involving from being processed. The funds must be placed
217
in a separate, interest-bearing account at the Even non-US institutions with very limited US oper-
institution. ations, or only one branch in the US to conduct dol-
• Based on OFAC recommendations, institutions lar-clearing transactions, must still comply with US
should conduct a thorough review against a sanctions. Failure to comply with OFAC sanctions
variety of information sources and databases, can incur very high monetary and criminal penalties,
or contact OFAC directly, before blocking a including up to 20 years in prison for individuals.
transaction. Institutions should only block
transactions if there is an exact match with an This fact has been vividly demonstrated by
entity or individual on a sanctions list. Partial or enforcement actions recent years, including in a
inconclusive matches are not sufficient grounds major sanctions case against British bank Stan-
to block a transaction. dard Chartered that ended in nearly $800 mil-
lion paid to US state and national enforcement
• The institution must submit a blocking reporting agencies. Standard Chartered was based almost
with OFAC within 10 days of blocking the entirely outside the US, but had one office in New
transaction. York that it used only for clearing transactions in
• The institution cannot notify the person, US dollars. The fact that it routed transactions that
company or organization that the transaction violated US sanctions through this office was suffi-
has been blocked. cient to trigger liability.
Depending on their specific provisions, OFAC EU SANCTIONS

sanctions may sometimes require a US institu- The European Union also issues a wide range of
tion to freeze assets. This may occur, for exam- sanctions on countries, individuals and entities.
ple, when an institution screens existing account While EU sanctions are intended to be policy guid-
holders against a sanctions list and discovers one ing member states, it is still left up to individual EU
of its account holders is a match with an entity on countries to implement these measures. In some
an SDN list. In that case, the institution may be cases, the level of enforcement of EU sanctions var-
required to freeze the entire account and report ies between member nations.
its actions to OFAC.
Like OFAC sanctions, EU sanctions include a wide
array of restrictive measures. Some examples
include the following:
• Trade restrictions, such as arms and technology
embargoes to certain countries
• Bans or limitations on providing services or
technical assistance
• Restrictions or bans on EU financial institutions
providing loans, trade finance or other financial
assistance to sanctioned countries or entities
• Requirements to freeze funds of sanctioned
individuals or entities
218
Generally, EU sanctions tend to be more targeted −− Adequate controls to identify and terminate
against certain persons and entities, and are typ- correspondent and other relationships with
ically not blanket measures on a country-wide banks, vendors, partners and other entities
level. OFAC sanctions, on the other hand, tend to whose owners have links to, or present a high
be more comprehensive, banning all business or risk of involvement with, terrorist financing
financial transactions with sanctioned individuals or corruption
and entities. • Becoming knowledgeable about the different
sanctions lists and executive orders the
EU sanctions apply to any persons or entities either institution or organization is subject to. Lists
physically located or incorporated in the EU. They typically used globally by several of countries,
also apply to any business conducted “whole or in include OFAC SDN lists of the US, Canadian
part” within the EU by any person or entity, regard- sanctions lists (OSFI), the UK Her Majesty’s
less of their nationality. Like OFAC sanctions, they Treasury list, and the UN global sanctions
also apply to foreign subsidiaries of EU-based com- lists. In addition, each list has its own nuances
panies or entities. and some laws and executive orders of
different nations apply to every individual and
In regard to financial accounts, some EU sanc- organization associated with certain countries.
tions will require financial institutions to freeze the
• Establishing a sanctions risk assessment to
accounts or assets they hold for a customer if the
determine which areas of the organization
institution discovers that customer is a match with
are more vulnerable. Risk mitigation controls
a person or entity on the EU sanctions list.
can help reduce exposure to sanctions
violations and better focus the overall sanctions
ESSENTIAL ELEMENTS OF A SANCTIONS
compliance program, resulting in proper
COMPLIANCE PROGRAM
attention, coverage and allocation of resources.
In recent years, sanctions around the world have
• Leveraging the combination of technology
been one of the most active areas in compliance.
and procedures to help prevent or detect
Many new names have been added to sanctions
manipulation of payments information, such as
lists, including individuals and firms linked to terror-
wire-stripping, where key details are removed
ist organizations, drug dealers and cartels, and spe-
from a wire or message to avoid sanctions
cific sanctioned countries. Sanctions compliance
requirements and accommodate payments to or
programs, coupled with active enforcement by per-
from sanctioned parties.
tinent government agencies, are an effective tool
in reducing the money that reaches these types of • Development and delivery of training
individuals and organizations. programs to all pertinent employees and
key operational areas. This includes the wire
A sound sanctions compliance program should transfer departments in a financial institution,
include the following components, according to to ensure that the employees understand
widely accepted best practices: sanctions compliance requirements. This
can help them determine if a transaction is
• Development and implementation of
permitted by law, and to identify potential red
policies, procedures and processes to
flags and know the mechanism for reporting
ensure full compliance with all sanctions
suspicious or unusual activity.
prohibitions, including:
• Implementation of a regular program
−− The freezing, rejecting and reporting of
of testing and annual updates of the
appropriate transactions
risk assessment.
219
DUAL-USE GOODS AND IDENTIFYING AND REPORTING

SANCTIONS COMPLIANCE UNUSUAL OR SUSPICIOUS ACTIVITY
There are many items imported and exported on a
daily basis that have both civil and military appli- INTERNAL DETECTION METHODS
cations. These range from raw materials such as A suspicious activity reporting (SAR) policy in an
metals and chemicals and machine parts, software organization should require all employees to sub-
and aviation equipment to and industrial and scien- mit an “unusual activity referral” when they identify
tific tools. A centrifuge is one possible example. It unusual activity potentially related to corruption,
could be used for legitimate research, but a rogue fraud, money laundering, terrorist financing or other
state may also seek to use it as part of a program to illegal activities. It is important that employees
develop nuclear weapons. refer activity they have been trained to recognize
as merely unusual, rather than outright suspicious.
These items are referred to as “dual-use goods,” The financial crime investigations or compliance
and are sometimes subject to export limitations or group in an organization investigates and makes
prohibition under sanctions regimes. The US, Euro- the final determination about whether the unusual
pean Union and other countries have regulations activity is suspicious and if a report must be filed to
in place restricting trade in certain dual-use goods, the appropriate governmental authority.
for example, those involved in the production of
weapons of mass destruction. These nations typi- EXTERNAL DETECTION METHODS
cally publish lists of restricted goods and guidance
In addition to reviewing internal customer and
related to their trade.
transactional systems for potential suspicious
Businesses who produce, sell or trade in dual-use activity, the investigations group of an organization
goods need to be aware of the restrictions placed or institution should be responsible for reviewing
on them, including consulting the lists of restricted external sources. These can include regulatory and
goods and guidelines, and applying for licenses to law enforcement notices or requests, media reviews
trade in these goods from the appropriate authori- and other public sources. Many organizations will
ties if necessary. conduct monitoring of so-called “negative news”
on certain customers, especially those customers
Financial institutions involved in trade finance considered high- risk. This can include setting up
should also consider their policies and procedures automatic news alerts on an online service, such as
around reviewing letters of credit and other trans- Google Alerts, or manually searching for a customer
actions for the presence of dual-use goods. One or entity in proprietary or public-access databases.
step could involve screening trade documents and
the parties in transactions against export control Many jurisdictions also have formal or information
lists issued by the US, EU and others. Identifying arrangements under which financial institutions and
dual-use goods is no easy task, but with concern companies can share information with each other.
growing on the proliferation of nuclear weapons One example is the information-sharing sources
among hostile states, it is an important component that are applicable in the US under Sections 314(a)
of sanctions compliance. and (b) of the USA Patriot Act.
220
ANALYTICAL DETECTION organization’s overall compliance regime. A solid

The financial crime data analytics group should pro- AML compliance program helps to protect the firm
vide analytical detection tools and processes, based against being used for corruption, fraud, money
on the customers, accounts, products, services and laundering, terrorist financing, sanctions violations
transactions being conducted on behalf of customers. and other illegal purposes. It also helps to ensure
The purpose is to identify unusual activity and cus- that the organization is in full compliance with rele-
tomers and third parties who may present a money vant laws, regulations and international norms.
laundering, corruption, due diligence or fraud risk.
In many countries, financial institutions, non-bank
financial services providers and other business orga-
THE EVOLVING nizations must establish effective AML programs.
COMPLIANCE LANDSCAPE Financial institutions must develop, administer and
maintain an effective program for compliance with
Compliance expectations for financial institutions
the money laundering laws and regulations in the
and other corporations have changed dramati-
countries where it operates. Worldwide, a consen-
cally in recent years, as statutory and regulatory
sus has emerged that there are the following “Four
expectations have evolved around the world. There
Pillars” of a sound program:
are four essential parts of an effective compliance
management system: 1. A comprehensive written program
encompassing an effective AML internal
• A firm-wide approach to compliance risk control structure. This includes the institution’s
management and oversight policies, procedures and processes designed
• Independence of compliance staff to mitigate and control risks associated with
money laundering and achieve compliance with
• Compliance monitoring and testing
relevant laws and regulations.
• Assumption of oversight of the compliance
2. Independent testing conducted by the
and risk management function by senior
internal audit department, outside auditors
management and the board of directors
or other qualified independent parties. The
testing should occur annually and should be
It is important to note that a compliance test- commensurate with the AML risk profile of the
ing team must be created to conduct compliance organization.
reviews that ensure adherence with all major legal
and internal compliance requirements in the home 3. Designation of an AML compliance officer.
The organization’s board of directors must
jurisdiction. A strong compliance program should
designate an experienced, qualified individual
operate across the entire enterprise to identify,
to serve as the AML compliance officer to
measure and mitigate compliance risk. Compliance
coordinate the program and monitor day-to-
has evolved from an administrative or operational
day compliance.
cost center, typically managed through the institu-
tion’s legal or audit department, to a true risk man- 4. An ongoing employee training program. The
agement discipline in many countries. organization must ensure that appropriate
personnel, including senior management and
THE AML COMPLIANCE PROGRAM the board, are trained regularly in applicable
aspects of regulatory requirements as well as
Because money laundering is a vital component of internal policies, procedures and processes.
all financial crime, the anti-money laundering (AML)
compliance program is a critical component of an
221
GLOBAL EXPECTATIONS FOR AML OVERVIEW OF THE RISK-

COMPLIANCE PROGRAMS BASED APPROACH
Several globally recognized organizations have, The FATF and numerous member countries, as well
over the years, established expectations and norms as the Basel Committee and Wolfsberg Group, rec-
related to AML compliance which have become ommend risk-based controls. No financial institu-
accepted standards or best practices in many coun- tion or other business organization can reasonably
tries. These recommended procedures and stan- be expected to detect all money laundering or other
dards also apply in large measure to compliance financial crime and illicit activities. However, the
programs beyond AML, such as global anticorrup- universal consensus is that without the ability to
tion and fraud. detect and control all such criminal activity a risk-
based approach is recommended. It relies on levels
The Financial Action Task Force (FATF), the Basel of due diligence and identifiable risk metrics and
Committee, the Wolfsberg Group and the European provides the most effective levels of compliance
Union Directive against Money Laundering provide and ability to detect, report and prevent corruption,
important and thorough recommendations. These money laundering, fraud, sanctions violations and
recommendations provide governance standards, terrorist financing.
which promote effective implementation of legal,
regulatory and operational measures for combating The key elements of a risk assessment program
money laundering and other financial crime threats include the following:
to the integrity of the organization and the interna- • Methodology to quantify the level of the risk and
tional financial system. the adequacy of the controls
Every financial institution, non-bank financial ser- • An assessment of the risk associated with each
vices entity or other business provider faces great line of business
AML compliance challenges. These challenges • An enterprise-wide assessment to identify
include increased costs and protection of the orga- systemic risk that is not apparent in a line of
nization from abuse, including protecting the integ- business or unit-focused risk assessment, such
rity of the financial system and the economies of as in the case of financial institutions and the
the countries in which they operate. risk associated with foreign correspondent
banking, remote deposit capture, private
They must achieve compliance while operating banking, mobile banking and other high-risk
in a competitive environment and trying to meet products, services and customers
their targets for revenue, operating margins and
return on assets. Thus, organizations are pushed Risk scoring models generally use a weighted
to “do more with less” to endeavor to keep compli- numerical ranking of risk and look primarily at the
ance costs as low as possible, while ensuring that “triad” of customer, product/service and geography.
compliance needs are met. Unfortunately, in some Risk models should also take into account the line of
organizations, the commercial business side of the business because certain lines, such as private ban-
staff often prevails over the compliance side and king or correspondent banking and financial institu-
engages in business or transactions that are either tions, for example, are considered more vulnerable
non-compliant or illegal. This can result in signifi- to financial crime, including money laundering.
cant adverse consequences, publicity, fines, forfei-
ture and prosecutions.
222
HIGH-RISK CUSTOMERS • Professional service providers and so-called

Although any type of account is potentially vul- gatekeepers, such as attorneys, accountants,
nerable to fraud, corruption, money laundering or notaries and even real estate brokers and
other illegal activity by the nature of their business, intermediaries.
occupation or anticipated transaction activity, cer-
tain customers and entities may pose specific risks. HIGH-RISK PRODUCTS AND SERVICES
In assessing customer risk, financial institutions Certain products and services offered by financial
should consider other variables, such as services institutions, non-bank financial services and other
sought and geographic locations. The following business organizations may pose a higher risk of
are types of customers that present greater poten- financial crime, including money laundering or ter-
tial AML risk: rorist financing, depending on the nature of the
• Foreign financial institutions, including banks product or service offered. Such products and ser-
and foreign money services providers, such vices may facilitate a higher degree of anonymity or
as Casas de Cambio, currency exchanges and involve the handling of high volumes of currency or
money transmitters to name a few examples currency equivalents. These products and services
include but are certainly not limited to the following:
• Nonbank financial institutions, such as money
services businesses, casinos, brokers and Electronic funds payment services, including elec-
dealers in securities, and dealers in precious tronic cash, prepaid and payroll cards, domestic
metals, stones or jewels and international funds transfers, “payable upon
proper identification” (PUPID) transactions, third-
• Senior foreign political figures, their immediate party payment processors, money remittances,
family members and close associates, who automated clearing house (ACH) transactions and
are collectively known as politically exposed automated teller machines (ATM):
persons (PEP)
• Electronic banking
• Nonresident aliens (NRA) and accounts of
foreign individuals • Private banking (domestic and international)
• Foreign corporations and domestic business • Trust and asset management services
entities, particularly offshore corporations, • Monetary instruments
such as domestic shell companies, Private • Foreign correspondent accounts, such as bulk
Investment Companies (PICs) and international shipments of currency, pouch activity and
business corporations (IBCs), located in higher- payable through accounts (PTA)
risk geographic locations
• Trade finance
• Deposit brokers, particularly those based in
• Services provided to third party payment
other countries
processors or senders
• Cash-intensive businesses, such as convenience
• Foreign exchange
stores, restaurants, retail stores, liquor stores,
cigarette distributors, privately owned ATMs, • Special use or concentration accounts
vending machine operators and parking garages • Lending activities, particularly loans secured by
• Foreign and domestic nongovernmental cash collateral and marketable securities
organizations and charities • Non-deposit account services, such as non-
deposit investment products and insurance
223
HIGH-RISK JURISDICTIONS AND • The risk model may take into account whether
GEOGRAPHIC AREAS a country is a member of FATF or of a FATF-
Identifying geographic locations that may pose a style regional body, and has implemented
higher risk is essential to the compliance program practices commensurate with international
of an organization, especially to control corruption, standards promulgated by the FATF and other
money laundering and sanctions violations. Finan- international organizations.
cial institutions should understand and evaluate • The risk model should also take into account
the specific risks associated with doing business in, regional risk inside a particular country, such
opening accounts for customers from, or facilitating as the cross-border areas between nations, or
transactions involving certain geographic locations. designated areas of high intensity financial
crime or drug trafficking, such as the US High
Certain countries, jurisdictions and regions pose a Intensity Financial Crime Areas (HIFCA) or High
greater threat of money laundering, terrorist financ- Intensity Drug Trafficking Areas (HIDTA).
ing, bribery and corruption, and fraud. The organi-
zation should establish a documented geography EVOLVING RISK ASSESSMENT
risk rating methodology that leverages internal and EXPECTATIONS
external information sources, including these: The overall AML and sanctions risk assessment can
• Sanctions and terrorist financing lists published serve as an effective tool and solid basis for overall
by governments and international organizations financial crime compliance program design. How-
can be helpful in assessing financial crime ever, some challenges or potential risks do not fit
and money laundering risks. These include neatly into a product, customer or geography cat-
lists published by the US Office of Foreign egory but should be considered in the design of
Assets Control (OFAC), the UK Financial controls and evaluation across multiple risk areas.
Services Authority, the United Nations Security There should be a clear link between the organiza-
Council Committee, the US Financial Crimes tion’s risk assessment and program design.
Enforcement Network (FinCEN) and the
European Union. These days, regulatory examiners place more
• The overall reputation of a country should emphasis on assessing the adequacy of a financial
be factored into the risk model. For example, institution’s efforts to ensure ongoing effective-
certain countries or jurisdictions have high ness and integrity of their compliance programs.
levels of corruption or unstable governments. For example, in the US, the Office of the Comptroller
Some are known as bank secrecy and money of the Currency (OCC), the key regulator of national
laundering havens or suffer from high levels banks and thrifts, has been prompting institutions
of drug production and shipping and cartel to include their AML compliance programs and con-
activities. Information sources to help identify trols into their overall risk model validation. Part of
reputational risk include Transparency this validation includes assessing the systems, pro-
International’s “Corruption Perceptions cesses and procedures used within business lines,
Index” and the US State Department’s annual as well as for compliance.
International Narcotics Control Strategy Report
Financial institutions, corporations and organi-
(INCSR), which rates countries based on their
zations must look to their service technology and
money laundering controls and corruption. Most
identify the account or service technologies that
of these are available on the websites of the
are right for their business model and how financial
appropriate organization.
crime, money laundering or terrorist financing risks
224
might vary by this technology. They must define tively addressing areas of internal, statutory or reg-
and identify vulnerabilities and develop a clear ulatory focus. This helps them stay in compliance,
roadmap on how those vulnerabilities are assessed facilitates the examination process, contributes to
and addressed. This should be a cross-institutional operational efficiencies and ensures the reputa-
effort undertaken with support across business tional integrity of the organization.
lines throughout the organization.
CUSTOMER ONBOARDING
When attempting to address vulnerabilities, the AND MONITORING
organization should focus on the following: Customer onboarding is the process of opening a
• Vulnerability assessments that identify new account or accounts, providing certain prod-
weaknesses in systems or controls and the ucts and services, and beginning to build a rela-
features of unique financial products or services tionship with the customer. In the context of AML
which may make them open to abuse or compliance, customer onboarding involves due
exploitation for money laundering or terrorist diligence on new customers. Monitoring of the cus-
financing. Vulnerability assessments primarily tomer means regular reassessment of the risk or
focus on weaknesses that could allow for potential risk, presented by the customer based on
financial crime, including money laundering or the customer’s activities at the institution or organi-
terrorist financing. zation. Establishing and following proper onboard-
• Potential threat recognition identifies ing and monitoring policies and procedures are key
potential threats presented by the nature of parts of developing the customer relationship, and
the organization’s business, customers, and help protect the institution against financial crime,
the geographies in which it operates. The including corruption, money laundering, terrorist
combination of an external threat coupled financing and fraud.
with internal vulnerability often results in
occurrences of financial crime, including KEY ELEMENTS OF A “KNOW YOUR
corruption, fraud, money laundering or CUSTOMER” PROGRAM
terrorist financing. A sound Know Your Customer and Customer Due
Diligence (KYC/CDD) program includes robust cus-
As the organization conducts its assessment, it tomer identification and account-opening customer
should determine whether the assessment mea- initiation procedures that allow the institution or
sures are retrospective or prospective in nature. organization to determine the true identity of each
Retrospective analysis will provide learning and customer and assess the risk or potential risk pre-
insights by drawing on data from past events in sented by the customer. The major components of
order to fine-tune any present vulnerability. Con- KYC include account opening, the customer identi-
ducting prospective analysis is equally important. fication program (CIP) and ongoing monitoring. KYC
A prospective analysis is a process of attempting can also include “Enhanced Due Diligence” (EDD)
to look into the future with the benefit of historical for customers that pose a higher risk based on attri-
data to help better identify emerging vulnerabili- butes determined at the opening of the account or
ties or threats. the customer activities after the account is opened.
Implementing continuous system risk assessment

and model risk validation programs helps ensure
the financial institution or organization is proac-
225
Common account opening procedures and best be collected at the time the customer seeks to open
practices include: an account and must be verified within a reasonable
• Gathering and verifying customer identification time after the account is established.
materials through paper documents and/or
electronic identity verification In addition, financial institutions must verify the
identity of customers prior to undertaking large
• Clarifying and stating the services that are currency transactions, purchasing certain finan-
available to the customer cial instruments or ordering wire transfers. This
• Having all forms available and understanding includes vetting the customers against relevant
them sufficiently well to explain them sanctions or other watch lists.
professionally to the customer
• Verifying and authenticating the Under current rules and regulations in many coun-
customer’s identity tries, CIP regulations do not require a financial insti-
tution or other organization to authenticate the iden-
• Screening the customer against sanctions tity of the beneficial owners of proposed accounts in
lists, watch lists and politically exposed all cases. However, an organization is obliged to look
persons (PEP) lists through a non- individual customer particularly busi-
• Documenting the normal and expected activity ness organizations to attempt to identify the individ-
of each customer, including occupation and uals with authority or control over the account. This
business operations is crucial when the institution or other organization
• Documenting the customer’s relationship with cannot verify the customer’s true identity after using
the institution or organization, including all standard verification methods.
lines of business within the organization and its
subsidiaries that the customer will utilize Typically, the institution does not have to complete
unanimous verification of all identifying information.
CUSTOMER IDENTIFICATION But it must achieve a level of confidence through a
PROGRAM (CIP) plurality of defined metrics or indicators, assumed
to be sufficient, to establish and verify the custom-
Regulated entities in the banking and securities er’s information.
industries in many countries are required to imple-
ment a “customer identification program,” or CIP, CUSTOMER MONITORING
as it is called in the US. A CIP must include risk-
based procedures for the verification of the iden- Financial institutions are often required by regu-
tity of each customer to the extent reasonable and lation to apply ongoing monitoring to certain cor-
practical. Essential identification information must respondent and private banking accounts, as well
The chart below provides a simple example of a risk rating summary and levels of due diligence required:
Risk score 41 - 50 31 – 40 21 – 30 11 – 20 1 – 10
Risk level Highest High Intermediate Low Intermediate Lowest
Due diligence applied Enhanced Standard Simplified
due diligence due diligence due diligence
Approval required from: Senior man- AML officer AML Rela-
agement staff member tionship manager
of institution
226
as to the accounts of customers who pose higher traded companies and pension funds are common
risk or potentially higher risk. This is determined examples of low-risk customer types.
by information collected at the time of onboarding,
specific customer activity, and other material fac- Customers at higher risk tiers will require further
tors that may have changed since onboarding. measures, or enhanced due diligence, to manage
their financial crime risk. Some common EDD tech-
The institution should collect customer due dili- niques include:
gence information in a database or system that is • Additional investigation into a customer’s
accessible to relationship managers and compli- source of funds or wealth. Institutions could
ance personnel. Designated personnel should peri- request additional records and information from
odically update these customer records to reflect customers, such as financial documents for a
changes in behavior, activity profile, or other fac- company or copies of tax returns for individuals,
tors that impact the AML and other financial crime or conduct their own research
risk posed by the customer. This new information
should be factored into a re-assessment of cus- • Identifying and verifying beneficial owners down
tomer risk along with supporting factors, such as to a lower ownership threshold
transactional activity, geographic exposure and • Additional verification of customer-supplied
suspicious activity history. information, using multiple sources
• Thresholds on the size or frequency of
ENHANCED DUE DILIGENCE (EDD) FOR transactions a customer can conduct
HIGH-RISK SERVICES, CUSTOMERS, AND
JURISDICTIONS • Approval by progressively higher levels of
management based on the risk of the customer
Customer due diligence requirements have
increased in recent years in keeping with evolving In some cases, institutions may determine that a
regulatory expectations for a more effective and customer poses an undue risk, and decline the rela-
ongoing monitoring of existing customers. Cus- tionship or transaction. Institutions should have
tomer and third party due diligence is the corner- policies in place for when and how to manage the
stone of a strong compliance program and requires termination of a customer relationship, including
that institutions and other organizations conduct what records to keep and when to file suspicious
and record specialized or enhanced due diligence transaction reports.
(EDD) for high-risk customers.
Management should establish periodic reviews of
The information gathered in CIP, customer ques- higher risk customers to determine if their activ-
tionnaires, and results of screening will provide the ity is reasonable, that customer due diligence
raw material for risk assessment and rating. and enhanced due diligence procedures are com-
pleted, and the customer risk rating is accurate
The risk score will guide the level of additional due and up-to-date.
diligence required, if any. For customers at the low-
est risk of involvement in financial crime, institutions
may choose to conduct simplified due diligence, or EMPLOYEE ONBOARDING
the minimum level required under the jurisdiction’s AND MONITORING
AML regulations. Institutions may allow relationship
Similar to customer onboarding and monitoring,
managers or lower levels of staff to approve cus-
employee onboarding and monitoring plays a critical
tomers subject to simplified due diligence. Publicly
role in financial crime prevention at all business orga-
227
A Graphic Displaying the Cyclical Process of Customer Risk Assessment, Onboarding, Monitoring and Audit in a Financial Crime
Compliance Program.
nizations, including financial institutions. An insider a proper introduction to the company culture and
can pose the same money laundering threat as a cus- the expectations the employee is supposed to meet
tomer. Establishing and following proper employee in that culture. This orientation should include rules,
onboarding policies and procedures help protect regulations, responsibilities and the organization’s
the organization against potential employee involve- code of ethics. Senior management must set the
ment or collusion in all financial crime and protects tone or culture at and from the top, consistently and
the integrity and sanctity of internal processes and regularly communicate the organization’s ethical
information from filtration to outside elements. policies and code of conduct as well as emphasize
the important role each employee plays in ensuring
KEY ELEMENTS OF “KNOW YOUR that these policies are adhered to and honored.
EMPLOYEE” PROGRAMS
A Know Your Employee (KYE) program allows the Best practices that have evolved for effective
organization to understand an employee’s back- employee onboarding include the following:
ground, associations, conflicts of interest and sus- • Onboarding and assessment, which begins
ceptibility to corruption, money laundering, tax eva- during the interview process. The vetting should
sion or fraudulent activities. When an employee is include background screening, especially for
hired, part of the orientation process should include criminal history. It is important to conduct a
228
complete review of the employee before hiring, of automated monitoring software, so-called
including checking references and relevant exception reports, log files, and the like.
background checks. • Regular reviews and updates on the company’s
• Gathering and verifying employee identification ethics policies and ethical compliance culture
materials through paper documents and • Regular communication that enforces the
electronic identity verification organization’s policies, including full disclosure
• Screening the employee against sanctions if financial crime has occurred and the actions
lists, watch lists and politically exposed that were taken
persons (PEP) lists • Ongoing employee training in recognizing
• Providing new employees with a copy of red flags for corruption, tax evasion, money
the organization’s written ethics policy and laundering, fraud and other financial crime, as
code of conduct well as clear guidelines on how to follow up and
• Providing appropriate training for the position report on financial crime suspicions
the employee is hired for, including written
regulations and web-based or classroom When an employee is supported by an ethical com-
training on financial crime addressing pany culture, he or she is constantly reminded to
corruption, money laundering, fraud and perform the required customer due diligence and
sanctions with scenarios that are appropriate to pay attention to how customers and third parties
to the business and the clientele with which the establish relationships with employees. One exam-
employee will be working ple is where a customer is grooming an employee
for a future financial crime or money laundering
• The institution of a “hotline” that employees transaction, or collusion in a related scheme where
may use to anonymously report financial crime the employee does not merely rubber- stamp ques-
tips covering a range of financial crimes on tionable transactions, and does not accept corrupt
which they should be trained or improper compensation.
Proper employee onboarding improves productiv- RED FLAGS OF EMPLOYEE PARTICIPATION

ity and contribution by ensuring that the employee IN FINANCIAL CRIME
fully understands his or her job responsibilities and
has access to necessary tools. Employee perpetration of or collusion in financial
crime, including corruption, tax evasion money
EMPLOYEE MONITORING laundering, sanctions violations and fraud can
occur in financial and non-financial organizations.
Best practices for effective employee monitoring Employees in financial institutions or other financial
can include the following: services providers may have access to customer
• Regularly scheduled background screening and account data and the ability to move funds in
especially of criminal history to identify and out of accounts. Employees in other organi-
employees who should be removed zations may have access to account information
• Ongoing monitoring of employee actions and through statements or online access and financial
activities as they pertain to their facilitation of instruments, such as checks or electronic access
account or transactional activity for customers. to payment mechanisms. This access highlights the
This can be achieved through a combination vulnerability to insider financial crime, including
fraud, and the importance of ongoing monitoring
229
of employee activity and lifestyle factors when they unusual levels of activity, such as internal
are available to help detect and prevent financial transfers into the accounts followed by wires or
crime by the “enemy within.” other transactions out of the accounts
• Employee never takes a vacation, or takes much
Although not an exhaustive list, the following are red less than the minimum vacation period that is
flags or indicators of potential employee involve- mandated by the organization
ment in financial crime of a wide variety:
• Employee resists an internal transfer to another
• Employee approves or is involved in an unit or element of the organization
inordinate number of exceptions to policies,
procedures, account limits and other rules of • Employee enjoys a lavish lifestyle, including
the organization high-end cars, real estate and lavish trips, for
example, which cannot be supported by his or
• Employee frequently overrides or circumvents her normal compensation
internal controls, approval authority or
established policies, including accessing
accounts and records for which the employee INVESTIGATING AND IDENTIFYING
has no legitimate business purpose to access BENEFICIAL OWNERS
• Employee misrepresents the identity, As previously mentioned in the Money Launder-
background, associations or financial resources ing chapter, the term “beneficial ownership,” when
of a customer at the time of onboarding, used to refer to beneficial ownership of a financial
updating customer documentation or account, is conventionally understood to refer to
due diligence the person who maintains ultimate control over
• Employee is involved in completing or funds in an account through ownership or other
expediting financial or business transactions means. “Control” in this sense is distinguished from
where the identity of the counter party or mere signature authority or legal title. The specific
ultimate beneficiary is not identified definition of a beneficial owner of a legal entity
Employee accounts or other accounts linked includes an individual who owns or controls, directly
to the employee, such as those opened in the or indirectly, greater than a certain percentage of
names of family members and associates, show the legal entity.
Beneficial ownership recognizes that a person in

whose name an account is opened with a financial
services provider or other organization is not nec-
essarily the person who ultimately controls these
funds. This distinction is important because the
focus of financial crime and AML efforts should be
on the person who has this ultimate level of control.
Placing the emphasis on this person is typically a
necessary step in determining the source of wealth.
The beneficial owner concept plays an important but
understated role in the global crackdown on corrup-
tion, fraud, money laundering and tax evasion.
230
Determining beneficial ownership has become There are no firm rules on what constitutes suspi-
increasingly important from a regulatory stand- cious activity. However, there are known typolo-
point internationally and in many nations. The gies of transactions and other activities that serve
Financial Action Task Force now emphasizes it in its as common indicators of financial crime, including
recommendations and interpretive notes. Benefi- money laundering. In addition, activity that is not
cial ownership involves establishing mechanisms to consistent with a customer’s known style of living,
record basic information about the organization or source of income or wealth, type of business, or type
individual to enable financial institutions, the perti- of accounts or services used should be scrutinized.
nent authorities and others to determine the true
ownership. This is needed to conduct appropriate Because most organizations must monitor and
due diligence on the real customer. attempt to flag thousands and maybe millions of
transactions each day, they should employ a risk-
Many countries and the FATF have progressively based approach determined by elements such as
raised expectations regarding beneficial owner- their business profile, location, types of products
ship rules. For example, the US Financial Crimes and services offered, third-party relationships and
Enforcement Network, which is that nation’s Finan- geography. When suspicious or unusual activity is
cial Intelligence Unit, has officially announced that detected, organizations must investigate to deter-
it may require the institutions it regulates to determine if there is a reasonable explanation for the
mine the names of individuals who directly or indi- activity, or if there is a likelihood of financial crime
rectly own more than 25 percent of a legal entity in the broad sense.
that has a relationship with the financial institution.
If financial crime, including money laundering, is
Beneficial ownership has also been a central focus suspected, or if the activity cannot be reasonably
of the FATF’s mutual evaluation process as to the explained, the organization is likely obliged to report
adequacy of controls that exist in various nations. the activity through a suspicious activity report
This focus is part of a larger strategy to improve the or suspicious transaction report. This depends on
availability of beneficial ownership information for the requirements of the country in which it oper-
legal entities that open accounts or conduct trans- ates. Each country’s laws and regulations dictate
actions through financial institutions and to facili- the length of time the organization has to report
tate the implementation of global standards for the suspicious activity, the frequency of additional
obtaining beneficial ownership information by finan- reporting if the activity continues, and the length of
cial institutions and other business organizations. time it must maintain these records.
It should be noted that suspicious activity reporting

DETECTING AND REPORTING often takes place in two contexts: reporting within
SUSPICIOUS ACTIVITY an organization or institution, or reporting to exter-
Financial institutions in most countries, including nal government agencies and regulators.
non-bank financial services providers, are required
to monitor customer and entity behavior to detect In the case of reporting to government agencies,
transactions or activity which could be indicative of many jurisdictions have specific reporting forms
money laundering or other financial crime activity. they must complete and file with a regulatory or
This includes corruption, tax evasion, fraud and ter- enforcement agency. In Canada, for example, the
rorist financing. forms for financial institutions are called “Suspi-
cious Transaction Reports (STRs)” and are filed
231
with FINTRAC, that nation’s governmental financial Along with training, other general best practices for
intelligence unit, or FIU. In the US, the forms are a reporting program include:
called “Suspicious Activity Reports (SARs)” and are • Processes to identify suspicious activity
filed with the Financial Crimes Enforcement Net- through multiple channels, including alerts
work. In most jurisdictions, reports are filed with produced by transaction monitoring systems,
the governmental FIU, which then has the respon- referrals or notifications from employees, and
sibility of analyzing and disseminating them to law requests or queries from law enforcement
enforcement. and regulators.
Most jurisdictions have clearly prescribed pro- • Investigation and review processes for each
cedures for filing suspicious transaction reports, suspicious activity identified.
along with standard forms or electronic filing sys- • Decision-making procedures for when to
tems that institutions use. These forms typically file a report, when to escalate the decision
contain several sections: and when to decline, supported by thorough
• Contact information for the filing institution documentation.
• Information on the institution where suspicious • Periodic briefings to senior management

activity occurred that can include metrics on suspicious activity
reporting, amounts involved, notable trends and
• Information on the subject(s) involved in any issues requiring immediate attention. In
the suspicious activity, including personal some jurisdictions, this periodic reporting is a
information, account and transactional details regulatory requirement.
• Fields to select the type(s) of suspicious activity • Ongoing review, quality assurance and
being reported oversight of STR/SAR filing program –
• A narrative portion, in which the filer can Ongoing oversight can include several elements:
describe the activity and provide further −− Periodic evaluations of actual reports filed for
supporting details quality and completeness
−− Reviews of the decision-making process and
Training on effective suspicious transaction report- accompanying documentation
ing is a critically important part of an institution’s
overall compliance training program. STRs/SARs −− Procedures for oversight of the employees
are the main mechanism the financial sector uses to responsible for filing reports
provide intelligence on potential financial crime to Additionally, many institutions and organizations
law enforcement. will have some system of internal reporting of
suspicious activity. One example could be slightly
In some cases, high-quality reports provided by a uncharacteristic or irregular transactions in a busi-
well-trained compliance staffer can literally make ness account that, while they do not rise to the level
or break an investigation. A form’s narrative section of a governmental suspicious activity report, may
can be particularly useful in this regard, allowing an still warrant monitoring and follow-up. An institu-
institution to provide insights on the transactions tion employee may file a report with their internal
and supporting intelligence that otherwise would FIU to flag the account for further review.
not be available in the standard form fields.
232
The information provided in suspicious activity • Rules-based scenarios that identify specific
reports to governmental FIUs is a key resource for patterns of behavior related to known financial
law enforcement investigations in many jurisdic- crime and money laundering typologies
tions. Information from suspicious activity reports or red flags
can help enforcement agencies find information on • Statistical profiling scenarios that identify
individual accounts or persons they are investigat- unusual activity by modeling typical or expected
ing, or alert them to new potential criminal activity activity profiles for a specific customer or type
in progress. of customer and identifying outliers
Suspicious activity reporting can also be used by Some software leverages both approaches to help
institutions or law enforcement to get a high-level ensure the best possible detection capabilities. In
view of financial crime in a given area or jurisdic- addition, most transaction monitoring systems also
tion. Governmental FIUs can analyze all reports provide alert and investigations management sys-
involving mortgage fraud, for example, and place tems to facilitate and document the analysis and
that information on a map to gain a better under- investigation of alerts and cases.
standing of where such fraud is happening most fre-
quently. Internal FIUs can conduct similar analytics. Cases are reviewed by financial crime analysts,
This ability to capture large-scale financial crime including those devoted to AML, who investigate
trends can help institutions and governments allo- the activity along with supporting data and infor-
cate resources more effectively. mation. The analyst then determines whether to
clear the case or escalate it for further review and
action, including suspicious activity reporting in the
OVERVIEW OF AML COMPLIANCE
appropriate jurisdiction.
MONITORING SYSTEMS
Because of evolving regulatory expectations, as Like any other element of the compliance program,
well as the volume of customers, transactions and transaction monitoring solutions require ongoing
data involved in monitoring and surveillance, many quality assurance and review to function effectively.
organizations leverage specialized technology to This includes refining monitoring rules, statistical
help meet their detection and reporting require- models, and the data feeding into monitoring sys-
ments. The major types of information technology tems to address two types of problematic issues:
systems or solutions used in financial crime in gen- False positives and false negatives.
eral, particularly AML and sanctions compliance,
include the following: • False positives are transactions or patterns
that are not actually suspicious, but incorrectly
Transaction monitoring systems. An automated flagged as suspicious by monitoring system
system, either a proprietary application or ven- • False negatives are transactions or patterns
dor-provided solution, for ongoing scanning of that are actually suspicious or indicative
transaction, customer and entity data. The solution of financial crime that are NOT flagged by
filters, compiles and summarizes transaction data transaction monitoring system
and flags or alerts on instances of potentially suspi-
cious behavior. Detection is typically accomplished False positives tend to receive the most attention
through implementation of AML scenarios that fall from compliance staff, for understandable reasons.
into two broad categories: A false positive is visible and apparent to analysts,
and dealing with large numbers of them can waste
233
It should be noted that false negatives can crop up

in any system used to monitor accounts, includ-
ing sanctions screening tools, negative news
sweeps, and others.
Sanctions and watch list filtering software. An

automated system, either proprietary or provided
by a vendor, for filtering of customers and entities
that are present in sanctions lists or other types of
internal or external risk-based watch lists. Scanning
of accounts against sanctions and watch lists is
performed at the time of new account opening and
during periodic customer database scans. Trans-
action reviews (often called transaction filtering)
considerable time and resources. False negatives against sanctions lists are performed as transac-
are far less obvious, since by definition they trigger tions and are initiated or received using either a
no alerts and are typically not detected until well batch or real-time process. Transactions involving
after the fact, through periodic audits, reviews trig- sanctioned entities are blocked.
gered by suspicious activity in an account, or even
Know your customer and customer due diligence
regulatory enforcement actions.
modules. Increasingly, transaction monitoring solu-
tions provide modules that support ongoing moni-
There are several issues that can lead to false neg-
toring and due diligence of customers and accounts.
atives. In some instances, they are a result of sheer
These systems typically leverage customer data
user error – Staff are not trained properly, or are
obtained at account opening as well as alerts or
not using the transaction monitoring system in the
exceptions detected through ongoing monitoring.
way it was designed. In other cases, the system is
They also facilitate the recording and updating of
not operating effectively – Rules and scenarios are
customer information and risk assessments.
incomplete based on an institution’s financial crime
risk, or not being properly applied.
Internal reports. Internally generated reports or
systems, such as large transaction reports, third-
In still other cases, false negatives result from data
party activity, incident reports, leads database and
issues. Information is not flowing into the transac-
others, which flag activities and provide import-
tion monitoring system properly due to technical
ant ancillary information that is used to analyze or
issues, or an institution is not utilizing the full range
investigate alerts or cases.
of data it has at its disposal for monitoring purposes.
Third-party data. Reports, online research portals,
The goal of auditing a monitoring system should be
and public record or proprietary data sources and
to reduce both, but any indication that monitoring is
analytics that are provided by third party data ven-
leading to false negatives should generally be given
dors and repositories. This information is used at
priority. The existence of false negatives can mean
account opening for upfront “know your customer
that a monitoring system is entirely missing activity
and customer information program” purposes, as
that may be indicative of financial crime.
well as to support alerts analysis and investigation
of suspicious or unusual activity.
234
Automation can play a key role in financial crime monitoring systems to assess the integrity of data
control programs and should be part of an organi- inputs, the accuracy of algorithms, the appropriate-
zation’s strategic planning process in information ness of thresholds and scenarios, and the structure
technology. Ongoing maintenance and evolution of case management, investigation and reporting.
of these systems may be factored into the financial
crime compliance program as a component. Financial institutions must put in place a program to
consistently and regularly assess their compliance
This should include periodic validation of the sys- systems’ performance and apply corrective action
tem through internal audit, regulatory examination, to address deficiencies. Two key areas of evaluation
or third party independent evaluation optimizing should be included:
the system through scenario and threshold tuning, • Effectiveness: the system’s ability to properly
and improvements to data quality and availability. It identify and report suspicious activity and help
should also include changes made to enable prompt ensure compliance with regulations, as well as
response in evolving regulatory requirements or reputational and legal integrity
new financial crime typologies, including those for
money laundering and terrorist financing. • Efficiency: the system’s ability to reduce the
number of false positive alerts or exceptions
while minimizing the risk of “missing something.”
ONGOING TESTING AND DUE Efficiency helps reduce costs without increasing
DILIGENCE OF MONITORING AND the risk of non-compliance.
REPORTING PROCESSES
Implementing a continuous system and perfor-
In virtually every country, examiners conduct peri- mance assessment program facilitates the exam-
odic examinations of AML and financial crime com- ination process, proactively addresses areas of
pliance programs. When reviewing compliance regulatory focus, and contributes to operational
monitoring and reporting systems, they usually efficiencies. A well-structured and rigorous compli-
focus on the adequacy of the system and evaluate ance program of periodic assessment coupled with
the reasonableness of the scenarios and param- independent testing can provide compliance offi-
eters applied, as well as changes to the systems cers, senior management and the board of directors
and policies. with the information needed to keep financial crime
compliance program effective and responsive.
Recently, they have begun to place more emphasis
on assessing the adequacy of the efforts of finan-
cial institutions and other organizations to ensure
ongoing effectiveness and integrity. In many coun-
tries, regulators have been signaling increased
scrutiny of automated systems supporting financial
crime, AML and sanctions compliance programs.
Their recommendations often focus on validation of
235
Q 11-1. As the compliance officer in a national financial institution, you have recently received
an alert from your regulator warning of suspected bulk cash smuggling into your jurisdiction.
Which recent activity might be indicative of bulk cash smuggling?
A. An increase in domestic wire transfers between another bank within your jurisdiction and
your financial institution
B. A significant number of cash withdrawals, all under $10,000, from your
financial institution
C. Large amounts of small denomination currency being sent from a Foreign Financial
Institution (FFI) to an account at your bank
D. A dramatic increase in domestic ACH transactions at your bank
Q 11-2. A US bank receives a letter of credit from an issuing bank in connection with the pur-
chase of wheat from a bank customer. The buyer/applicant is located in Belarus, a country in
which certain senior government officials are on the US Specially Designated National (SDN)
List. The country is not, however, subject to comprehensive US sanctions.
The buyer is determined to be a joint venture in which a Belarus SDN has a 50 percent interest
through two separate companies wholly owned by the SDN. Each has a 25 percent interest in
the joint venture. No funds have yet been received by the bank. Which statement is true about
this situation?
A. The letter of credit can be processed and the funds paid because the customer is not on
the SDN List, and the SDN does not have a majority or controlling interest.
B. The letter of credit can be processed and the funds paid because the US Office of Foreign
Assets Control (OFAC) has issued general licenses exempting food from US sanctions.
C. The letter of credit must be blocked by the US bank and reported to OFAC even though no
funds have yet been received.
D. The letter of credit cannot be accepted or acted on so it must be returned to the advising
bank with notice that any funds received will be blocked.
236
Q 11-3. A small regional bank has recently started using a new transaction monitoring tool
that utilizes several custom scenarios to identify specific activity which was defined by the
Financial Crimes Compliance team. There are five scenarios that are live in production. The
Analytics team within Financial Crimes Compliance has performed some research on the sce-
narios and is ready to make recommendation to management regarding possible changes to
the scenarios.
Which scenario(s) should the Analytics team recommend making changes to first?
A. Scenario A that has generated 100 alerts in the past three months and 50 percent of
those have been deemed suspicious and a suspicious transaction report was filed.
B. Scenario B that has generated 180 alerts with a 95 percent false positive rate.
C. Scenario C that has generated no alerts and there appears to be a problem with the
mapping of data.
D. Scenarios D and E that were put into production in the last 30 days to address a matter
requiring attention from a regulator.
237
CHAPTER 12
CYBERSECURITY
OVERVIEW
The international financial system, like many other segments of

the private and public sectors, has been transformed by the tech-
nological developments of recent decades. Tools such as online
banking, electronic funds transfers and virtual currencies have
moved a huge portion of the world’s economic activity and finan-
cial transactions into the digital realm.
238
CHAPTER 12 • CYBERSECURITY
Financial criminals have followed closely behind, financial crimes in and of themselves, designed to
quickly adopting and exploiting online and elec- directly steal assets from financial accounts. Other
tronic tools to their own illicit ends. Fraudsters cybercrimes, such as online identity theft and data
use social networks to make connections and lend breaches, are often one element in a wider finan-
legitimacy to their false investments or nonexistent cial crime scheme. Personal data stolen online, for
business enterprises. Organized crime rings use example, may later be used to create a false identity
elaborate schemes to implant malware on the com- to apply for government benefits as part of a fraud
puters of businesses worldwide, obtain passwords scheme. Systems and networks can also be tam-
and login information, and drain millions from busi- pered with to disguise illicit transactions or destroy
ness accounts. Hackers, acting alone or in teams, evidence of a financial crime.
breach the data systems of major corporations and
government agencies to steal and resell customer Globally, incidents of cyber financial crime have
data, from bank account access codes to credit exploded in recent years. A report by cyber secu-
card and tax identification numbers. rity firm Symantec estimated that in 2011 more than
232 million customer records were stolen from pri-
It is no exaggeration to say that financial crime has vate corporations across the globe. Worldwide, 40
moved into a new digital era, and protecting net- percent of all cyberattacks targeted financial insti-
works and data is essential to detecting and pre- tutions, according to the 2012 Data Breach Investi-
venting a wide range of financial crimes. Conse- gations Report by Verizon.
quently, a working knowledge of cybersecurity is
rapidly becoming a necessity for all financial crime The type of entities orchestrating cybercrimes has
professionals. also changed considerably over the past decade.
Increasingly sophisticated organized crime, terror-
For the purposes of this Manual, the term cyber- ist and activist groups have moved into the cyber-
security is used in a broad sense. It encompasses crime field, either for profit or to further a political
methods to recognize, prevent and detect cyber- or ideological agenda. State- sponsored group and
crimes, as well as the understanding of the recom- military organizations also have a growing online
mended controls to prevent unauthorized access presence, engaging in covert cyber warfare opera-
from external actors. Recognizing that employees tions that strike not only government agencies but
and other internal sources are a significant finan- unwitting targets in the private sector.
cial crime risk as well, the concept of cybersecurity
also includes policies and procedures to safeguard Financial institutions of all types and sizes are par-
against unauthorized internal access. ticularly at risk. Their online banking and transac-
tion services and wealth of potentially valuable
Additionally, data management and data privacy customer data make them rich pickings for tradi-
also form another key component of cybersecurity, tional cybercriminals seeking money and assets. At
and this chapter will provide guidance on standards the same time, their strategic importance makes
for retaining and destroying sensitive data, sharing institutions attractive targets to state-sponsored
data with law enforcement and transmitting data groups looking to disrupt a country’s economy, or
across international borders. “hacktivists” trying to send a message.
Cybercrimes, or criminal activities conducted All these factors make cybersecurity a critical front
using online and electronic tools, can intersect in the battle against financial crime. It is important
with financial crimes in a variety of ways. Some, to note that cybersecurity is a fast-evolving field,
like account takeovers previously mentioned, are with rapidly developing technologies. The mate-
239
The sheer variety of cyber financial crimes would

make it impractical to assemble a comprehensive
list here, and constantly-changing tactics and tech-
nologies would be likely to make such a list obsolete
soon after it was published. This section examines
some of the common techniques employed in cyber
financial crime, but it should be noted that these
techniques are very often used in combination with
one another. A phishing attack by e-mail may steal
one element of confidential data needed to access
a bank account, while keystroke- logging malware
may gather another, with the end result being a suc-
rial presented here collects and synthesizes best cessful account takeover scheme.
practices from a variety of public and private sec-
tor sources. As always, the financial crime specialist Whether investigating cyber financial crimes or
should seek to apply it to the specific circumstances building controls to prevent them, the financial
of their organization and profession. crime specialist should look out for the ways that
one cybercrime can feed into and amplify another,
and likewise understand how one data breach can
RECOGNIZING AND DETECTING leave an entire account or network vulnerable.
CYBER FINANCIAL CRIME
Cyber financial crimes may have emerged more SOCIAL ENGINEERING
recently than their real-world counterparts, but
they are rapidly becoming just as diverse and per- Broadly defined, social engineering is the act of
vasive. With only a computer and Internet connec- deceiving or manipulating a target into turning over
tion required for many crimes, the barrier to entry is confidential information or personal data. This dif-
quite low, and cybercrime schemes are often limited fers from using technical hacking techniques, such
only by the criminal’s imagination and ingenuity. as computer programs that crack passwords or
break encryption. In recent years, cyber financial
It is important to recognize that cyber criminals crime schemes have become increasingly reliant on
may have a wide range of motives. Not all cyber- social engineering, and the majority of data thefts
crimes are driven by the pursuit of financial gain, from corporations and financial institutions cur-
and not all can be considered financial crimes. A rently involve some element of social engineering.
state-sponsored cyber-espionage unit may breach
a defense contractor’s network in order to steal Although the term “social engineering” was coined
military technology, for example, or a hacker may in the 90s, the strategies it relies on are much older,
vandalize a website purely for their own amusement and are essentially the same as what con men and
and bragging rights. Cyber financial crimes have a fraudsters have been using for hundreds of years.
profit motive, and primarily revolve around efforts Assisted by technology, social engineering schemes
to obtain or steal data, with the ultimate goal being exploit human tendencies to trust appearances and
to either sell that data directly or use that data to take communications at face value, particularly
illicitly gain control over funds, accounts or assets. those from authoritative persons or sources.
240
Social engineering schemes can and often do occur past several years, phishers have expanded their
through multiple channels. Some social engineering targets, attacking government agencies such as the
schemes may use phone calls impersonating a bank US Internal Revenue Service, and social networking
employee, auditor or law enforcement agent to websites in an attempt to steal personal identifying
deceive a target into turning over confidential infor- information also used in the commission of various
mation. Others may use social networks to contact identity theft and account take over schemes.
targets, build credibility by conducting background
research on targets, or create fake profiles to imper- There are several variations to phishing attempts:
sonate a target’s real friends or business associates. Email Phishing. The most common form of phishing
is via email. Phishers ‘spam,’ or send the same phish-
Criminals leveraging social engineering schemes ing email to millions of individual e-mail addresses,
have even appeared in-person at financial insti- requesting the recipient to divulge personal infor-
tutions and other companies posing as “security mation under false pretenses. They typically send
consultants” or law enforcement agents, in order the victims to a fake website that looks almost iden-
to steal data from internal networks or install mal- tical to the actual site the victims thought they were
ware on company computers. However, by far the going to. These pieces of information are then used
most common type of social engineering is phish- by phishers for various illegal activities, but, most
ing through electronic communications, which is commonly, to facilitate an identity theft scheme.
explained in more detail below. Most phishing email messages have an urgent
subject line which requests the user to enter their
Consequently, there is no one-size-fits-all strategy credentials to update account information, change
for guarding against social engineering at organi- passwords or verify account details.
zations, whether banks, businesses or government
agencies. One low-tech, but effective, solution is These types of attack have a relatively low success
employee training. rate now that people are more skilled at recognizing
these types of email. But even a tiny success rate on
PHISHING the millions of phishing emails sent per day means
Phishing refers to the act of sending an email or that many still fall victim to this type of attack.
other electronic message falsely claiming to be a
legitimate communication in order to manipulate Man-in-the-Middle Attack. Man-in-the-Middle
the recipient into providing confidential informa- Attacks are one of the more sophisticated phish-
tion. Typically, a phishing message will direct the ing techniques in which the phisher is virtually
recipient to a sham website with the same look and located in between the legitimate website and the
feel as the legitimate website of a business, govern- user terminal. The phisher intercepts details during
ment agency or other organization, and instruct the a transaction between the legitimate website and
unsuspecting user to divulge sensitive information the user. As the users enter their personal informa-
such as passwords, credit card numbers and bank tion, it is then captured by the phishers without the
account information. The website, however, is not user’s knowledge.
genuine and solely created in an attempt to steal
the user’s information. Man-in-the-Middle attacks require far more sophis-
tication that standard phishing attacks, but are far
Traditionally, phishing has been a technique more successful. Since victims are going to the real
intended to facilitate identity theft schemes tar- website of the organization in the link provided, and
geting customers of financial institutions. Over the the safeguards users might have installed to rec-
241
ognize phishing sites, like antivirus or browser con- Voice Phishing. Also known as Vishing, this is a very
trols, will not detect this. straight forward type of social engineering in which
a scammer simply calls an organization and pre-
Instant Messaging Phishing. Similar to email phish- tends to be someone in authority to convince the
ing, instant message phishing is the method by person they called to reveal passwords and other
which the user receives a message via an instant confidential information. Skilled con men can be
messaging software program with a link directing surprisingly successful at eliciting information from
them to a phishing website which has the same look a victim over a phone.
and feel as the legitimate website. The user is then
prompted to enter their personal information. Spear-Phishing. A more refined phishing technique,
spear-phishing involves sending targeted messages
SMS Phishing. Similar to IM Phishing, SMS Phishing with information or content tailored to a specific
(also known as Smishing), is sending SMS messages recipient, thereby increasing the likelihood they will
to people’s phones with links to site that will cap- believe it is a genuine message. What distinguishes
ture their information. spear-phishing from traditional phishing schemes
A Graphic Displaying the Process Organized Cybercrime Rings will Sometimes Use in
Business Email Compromise Attacks. Source: U.S. Federal Bureau of Investigations.
242
that typically rely on template messages sent out to Of course, no such vendor exists. The message
large numbers of recipients, is the inclusion of some includes payment instructions to an account con-
personal information about the recipient. trolled by the cyberfraudster, typically in another
country. Once transferred, the funds will be
Spear-phishing messages can be quite sophisticated, laundered through further accounts and effec-
and may include the subject’s name and personal tively disappear.
identifying information. They may also mimic mes-
sages from a recipient’s friends, relations or business Attackers will either spoof the sender’s email
associates. Spear-phishers must have some level of address or create a new address that looks nearly
information on their recipient in order to make their identical. In other cases, attackers obtain a target’s
message seem plausible, and as a result, spear-phish- email account credentials and take control of it to
ing is often used in combination with data breaches send messages.
or theft. For example, a phisher may gather some
personal details on a subject by stealing them from a In a variation, messages are sent directly to a finan-
company database, and then use that information to cial institution, purportedly from a business execu-
follow up with a directed phishing message to obtain tive controlling the account, directing that funds be
login credentials for a bank account. transferred to another party immediately.
Victims are far more likely to be susceptible to Another tactic is for cybercriminals to impersonate
a spear phishing attempt that a simple tem- a supplier or vendor, and contact a company with
plate-based phishing attempt. Many people by updated account information for monthly payments.
second nature recognize the standard phishing In one case in 2016, a Lithuanian man was able to
attempts that fill our email boxes and delete them steal $100 million from tech giants Google and Face-
by reflex. The inclusion of some individuality to the book in a matter of months using this technique.
attempt makes it appear far more authentic and is
much more likely to be successful. Attackers will either spoof the sender’s email
address, or create a new address that looks nearly
BUSINESS EMAIL COMPROMISE identical. In other cases, attackers obtain a tar-
Business email compromise (BEC) is a variant of social get’s email account credentials, and take control
engineering that has been lucrative for cybercriminals. of it to send messages. Overall, the FBI estimated
In simple terms, a fraudster impersonates someone that BEC was responsible for $3.1 billion in losses
else via email to deceive a target into making a wire in 2016 alone.
transfer, processing a payment or otherwise taking
actions that will transmit funds to the attackers. PROTECTING AGAINST BEC ATTACKS
Fortunately, there are some relatively low-tech pol-
In one common example, cybercriminals send a icies and procedures that you can use to protect
message to a company employee in accounts pay- against BEC and other social engineering attacks.
able or the finance department that appears to be
sent from the company CEO, CFO or other execu- One is requiring more than one employee in a com-
tive. The message will request immediate payment pany to authorize a wire transfer, vendor account
to a vendor or other party, indicating it’s a very update or transmittal of sensitive data. Depending
urgent matter – the payment must be completed on the size and sensitivity, you may require multiple
before the close of business. individuals to sign off.
243
Another is verifying with the person who suppos- • Remain cautious about opening electronic
edly sent the email. This confirmation should always communication attachments and
be done through an outside channel, such as known or downloading files from electronic
phone numbers or company web sites - not by communication. If the message is suspect or not
replying to the email, text or voice message, or call- from a known source, at a minimum, files should
ing any numbers provided in the message, as these be scanned by antivirus program.
are likely to be controlled by the fraudster. • Never send personal or financial information
via electronic communication, and only provide
Ongoing training and awareness on the part of all personal or financial information through
employees is perhaps the best defense. Like other an organization’s website once it has been
forms of fraud, social engineering often preys on reviewed to ensure its legitimacy
the shared human desire to be helpful, and the ten-
dency to take things at face value.
ACCOUNT TAKEOVER
Every individual should maintain a level of profes-
Account takeover is one of the more common forms
sional skepticism when dealing with email, text and
of identity theft, occurring when a fraudster obtains
phone communications, especially those that are
unauthorized access to an individual or organiza-
out of the ordinary. Simple steps like reviewing an
tion’s financial accounts. The nature of the takeover
email header, checking hyperlinks in a text a mes-
and the level of sophistication can vary. In the sim-
sage before clicking, or scanning email attachments
plest form, an attacker could use malware, phish-
before opening can head off a social engineering
ing or other techniques to obtain a person’s online
attack before it starts. A company’s networks are
banking credentials, then access the account and
only as secure as their weakest point.
initiate transfers.
PREVENTION & DETECTION OF SOCIAL
More elaborate attacks might gain account creden-
ENGINEERING ATTACKS
tials and some personally identifying information
The most effective method in the detection of poten- (such as the victim’s tax identification number or
tial cyber fraud is to stay educated and up-to-date answers to online security questions) and use this
on phishing techniques and identity theft schemes, to change the official mailing address or online
as well as become familiar with the channels that banking credentials with that individual’s financial
legitimate organizations use to communicate with institution. Once accomplished, the fraudster can
their customers. Legitimate companies and govern- perform unauthorized transactions using the vic-
ment agencies will almost never request personal tims account without the victim’s knowledge ( cash
identifying information via electronic communica- withdrawals, check orders, wire transfers, online
tion. Any electronic communication requesting such banking transactions, etc.).
information should be treated as highly suspicious.
Account take over (ATO) schemes are often the
Other prevention steps include the following: end result of a combination of many identity theft
• Verify the hyperlinks within electronic tactics used to obtain personal information. ATO
communication. This can usually be done by schemes can impact nearly any financial product or
hovering a mouse cursor over links to view account type across all customer segments within a
the true URL, although this is not a sure-fire financial institution, including individual customers,
solution, as links can be masked. small-business customers, private banking custom-
ers and large commercial and corporate custom-
244
ers. Small businesses and non-profit organizations • Using complex passwords that are changed
are an especially common target of ATO attacks, regularly. This can make it more difficult for
as they typically hold more funds in their accounts financial criminals behind ATOs to capture
than individuals, but tend to have less robust cyber- a password, or guess it if they have already
security programs than larger organizations. gathered other personal data.
• Multifactor or strong authentication. These are
Although it is difficult to produce hard numbers on systems that require multiple pieces of evidence
losses, some security analysts estimate that $2 to to verify a user before they are allowed access
$3 billion per year is stolen solely from US accounts to an account. Traditionally, a multifactor
in account takeover attacks. In a 2011 survey of system requires 2 of 3 “factors” to allow
more than 500 US small businesses conducted by access, which are:
a cybersecurity firm, 56 percent of the respondents
said they had been targets of fraud involving elec- −− Something a user knows (password or
tronic payments in the past year. About 75 percent personal information)
of those said they were the subject of an attempted −− Something the user has (typically a
or successful account takeover. card or token)
−− Something the user is (fingerprints, voice ID or
As previously mentioned, account takeovers are other biometric identification)
often the end result of identity theft schemes. Social
engineering and phishing are common methods to • Multi-channel authentication. Although a
obtain the data needed to take control of a financial robust system for verifying users, multifactor
account, as are malware such as trojans and key- authentication is not always practical online. In
stroke loggers, which will be discussed later in this its place, some organizations use multichannel
chapter. In addition, illicit actions in the real world, authentication to verify a user or confirm
such as mail theft or the theft of personal items or a transaction, especially if it is suspicious
documents, dumpster diving and even “shoulder or above a certain threshold. One simple
surfing” (surreptitiously watching a person as they example of multichannel authentication would
log in to accounts) can be used to support ATOs. be an institution that asks users to log in to
their account with a standard password and
The adaptability, breadth and combination of such username, and then has an employee call or
schemes make them increasingly difficult to detect text the user to confirm before executing the
and prevent, as it is often very difficult to determine transaction.
the root causes and how an account take over scam • Understanding responsibilities and liabilities.
was perpetrated. Other methods to prevent ATO Many account agreements with a bank or
schemes, as well as mitigate the damage should financial institution detail what reasonable
they occur, include the following: security measures are required to protect
• Protecting the cyber environment. A cyber accounts. In some cases, these may direct an
environment should be guarded just as would accountholder to implement measures. It is
cash or assets in a physical location. Do not use critical that users understand and implement
unprotected Internet connections. Sensitive the security safeguards in the agreement. If
data should be encrypted, and virus protections they do not, they could be liable for losses
should be updated regularly. resulting from a takeover.
245
CASE STUDY - EPSILON DATA BREACH

On March 30, 2011, network security at Epsilon, Secret Service to determine how the breach hap-
the world’s largest distributor of permission- pened and how to secure against further attacks.
based email, was breached and millions of per-
sonal email addresses were exposed. At the time, What is significant about the Epsilon breach is that
Epsilon was sending 40 billion marketing emails attackers did not directly seek credit card num-
per year for 2,500 corporate customers, includ- bers or other sensitive financial data. The attack
ing Best Buy, Capital One, JPMorgan Chase, Citi, was intended to steal individual e-mail addresses,
Home Shopping Network and others. The com- names and other personal identifying informa-
pany was believed to store more than 250 million tion of individuals, most likely to support other
e-mail addresses. cybercrime schemes like spear-phishing attacks.
The company had been warned by ReturnPath, The attack began with basic phishing attacks
a cyber-security firm, in 2010 to prepare for against Epsilon employees. This basic phishing
an increase in phishing and hacking attempts attack sent a few employees to a fake website
against email distributors. Epsilon heeded the that installed malware on their computers. This
warning and installed additional protection that malware allowed remote hackers to log into their
was designed to monitor traffic and to alert machine via the internet and access the data
administrators of unusual activity or download Epsilon had through their own internal comput-
patterns. Even so, these countermeasures were ers. As mentioned earlier, this will likely result in
not sufficient to detect and prevent the data spear-phishing attacks against the final targets,
breach, in which unknown attackers gained the accounts at Epsilon. Spear phishing attacks
access to servers containing tens of millions of are usually geared toward account takeovers for
names and e-mail addresses. the ultimate financial goal.
Epsilon notified its corporate customers almost This is an example of how multiple types of
immediately of the security breach, and these attacks can be cascaded to achieve account take-
companies began to contact the individuals overs. Cyber criminals will continue to get more
whose email addresses had been compromised. creative to accomplish their goals. The eventual
Epsilon also notified enforcement and partic- account takeovers that might result from this
ipated in an extensive investigation with the attack will have required six or seven steps. The
cost of this attack on Epsilon’s reputation, and
ultimately its bottom line, will be staggering.
It is very important to note that all steps to prevent rity or authentication processes. User activity and
account takeovers, as well as cybercrimes in gen- transactions must be assessed to determine what
eral, should be proportionate to the risks of the user is normal, and actions that deviate from that base-
and transaction. line should receive greater scrutiny. Transactions
above a certain threshold, in unusual amounts or at
Consequently, not every user, every log in by a odd dates or times, or an account being accessed
user, or every online transaction a user attempts from an unknown IP address or location, should all
to conduct should be subject to the same secu- be subject to stronger authentication and monitor-
246
ing than routine transactions or logins that fit the • A small funds transfer to a previously
user’s typical patterns. unknown recipient, followed by one or more
larger transfers to the recipient in a short
In some cases, an institution implementing what it period of time
believes to be a rigorous approach can actually be • A series of funds transfers to a recipient located
harmful if it is not tailored to specific risks and situ- in another country or jurisdiction that are
ations. In one notable recent example, a small bank uncharacteristic for the customer
was sued by a corporation whose business account
was taken over by an Eastern European hacking • Disabling or changing transaction alerts
gang. The judge ultimately ruled in favor of the cor- and/or notifications in a customer’s online
poration due to the bank’s insufficient data security banking accounts
policies and protections. One shortcoming cited • Logins to a customer’s account from different or
was the bank’s requiring users to answer security unusual IP addresses
questions before conducting any transaction above
$1, which gave hackers many opportunities to inter- USE OF MALWARE
cept the needed data for the account takeover. Malware is a class of malicious or intrusive com-
puter code (or software application) that includes
Although the bank considered this to be a robust viruses, trojan horses and computer worms used by
security measure, it really only served to give attackers to obtain personal/non-public user infor-
cybercriminals more chances to obtain information mation. They can also be used to gain access to or
that would help them access the account. Like com- control over private computer systems and data-
pliance in other financial crime fields, data security bases, or interrupt a computer’s functionality and
programs and controls should be risk-based, not availability to its users. Malware’s objective is typi-
one-size-fits-all. cally to remain undetected, either by actively hiding
within a computer system or by simply not making
its presence on a system known to the user.
ACCOUNT TAKEOVER RED FLAGS
• Computer Virus- a computer program that can
Red flags of account takeover can be similar to
replicate itself and extend from one computer
those for other forms of fraud, which is to say, activ-
to another through actions undertaken by the
ity that does not have a clear rationale or match
user intervention to proliferate.
the expected behavior of the customer. Red flags
can also include actions taken in an online banking • Trojan horse or Trojan- a non-self-replicating
account that could potentially conceal the attack- type of malware which appears to perform
er’s intrusion from detection. Some examples a desirable function of a legitimate software
include the following: application but instead facilitates unauthorized
access to the user’s computer system.
• Logins to customer accounts and/or funds
transfers at unusual times of day or outside of a • Computer Worm - a standalone malware
customer’s normal hours computer program that replicates for the
purposes of spreading to other computers
• New accounts or payees linked to an online
automatically.
account, followed by one or multiple funds
transfers initiated to these new accounts
One common type of malware used in financial
shortly afterwards
crime schemes, which can be deployed as a Trojan
247
or worm, is a keystroke logger. This piece of soft- Enterprising cybercriminals have even found ways
ware runs surreptitiously on the background of a to program malware onto the “firmware” of devices
user’s computer, capturing everything typed on a like wireless routers and USBs. Firmware is the
computer’s keyboard and periodically transmitting permanent software that comes embedded into a
that information to another computer or external device’s memory.
network. Eventually, those keystrokes are parsed
and analyzed by a financial criminal to find pass- Advanced cybercriminals will write their own mal-
words, logins and other sensitive personal infor- ware programs, but more common is purchasing or
mation. There are a number of variations on key- modifying an existing one. Thousands of malware
stroke loggers, such as malware, that secretly takes applications are available for sale or even free down-
screenshots of a user’s computer. load on web forums and dark web marketplaces.
Any channel used to connect computers and trans- RANSOMWARE

mit data can be exploited to spread malware. Com- Ransomware is one strain of malware that has
promised websites or “attack sites” and malware proven popular among cybercriminals – and highly
bundled into email attachments are common vec- disruptive for their victims. Ransomware prevents
tors. Malware can also be packaged into other appli- a user from accessing their computer or locks files
cations downloaded online, including legitimate until a ransom is paid, typically through cryptocur-
ones, or transferred over file-sharing services. rencies. Some versions are a form of “scareware,”
A Screenshot of a Computer Infected with the Petya Ransomware, a Variant that Appeared in 2016 and Spread Quickly in the
Ukraine and Europe.
248
which attempt to frighten a victim into paying by erwise been exposed to malware. Similar to phish-
threatening to permanently lock or delete files, ing, malware presents significant risks to nearly any
even though the program doesn’t have that ability. computer user as a result of the malicious code’s
ability to infect users either in an undetectable
More advanced ransomware will actually encrypt environment or embedded within legitimate soft-
files. Cybercriminals will then only provide the key ware applications. Below are some industry best
to unlock them upon receipt of payment – if they practices around avoiding malware attacks.
provide it at all. • Use reputable antivirus software program on
computers, and keep the computer’s operating
Ransomware is available in a “malware as a service” system and anti-virus software up to date.
model, which accounted in part for its rapid rise
in popularity in the mid 2010s. On the dark web, a • Remain cautious about opening electronic
cybercriminal can purchase a package that includes communication attachments and or
a ransomware program and everything needed to downloading files online, especially if the site or
get it up and running, spamming services to distrib- source is unknown or unverified.
ute it, cryptocurrency wallets to receive payment, • Browse the Internet responsibly by only visiting
and even ongoing technical support. reputable web sites.
• Do not click on pop-up advertisements,
It’s not just individuals that have been targeted by especially advertisements pertaining to anti-
ransomware. Entire companies and government virus or anti-spyware software.
agencies have had operations disrupted and net-
works shut down. Ransomware has had serious Outside of programs designed explicitly to disrupt
impacts on critical infrastructure, such as health- or destroy computer networks, malware is rarely
care providers, energy companies and transporta- used in isolation and is usually a means of facilitat-
tion services. In 2016, a global ransomware attack ing another crime. Although the steps to prevent it
dubbed WannaCry led several hospitals in the are relatively straightforward, they should be used
UK’s National Health Service to redirect patients in conjunction with other security controls and pro-
and cancel surgeries after their networks were hit tocols. The following section of this chapter will
with encryption. Overall, the WannaCry program detail some industry best practices and standards
struck an estimated 200,000 computers across for network security and the detection and preven-
150 countries. tion of unauthorized access.
One of the best safeguards against ransomware is OTHER TYPES OF ATTACK

robust data backups. Organizations should ensure
that they are backing up data, especially sensitive Network vulnerabilities are simply weaknesses in
or essential data, on a regular basis and in more a system that can be exploited by a cyber- threat.
than one location. To maximize the security of Several system vulnerabilities are explained below
sensitive data, backups should take place in three in detail. Reducing a system’s vulnerabilities will
locations – internally, on a location off their internal reduce the number and impact of such threats.
network, and on a third external location that is not
connected to the internal network or Internet. IPL (Initial Program Load) vulnerabilities. The start
of a network or system, called the initial program
MALWARE PREVENTION & DETECTION load (IPL), presents very specific system vulnera-
bilities. During the IPL, the operator brings up an
The vast majority of Internet users globally have organization’s system and can perform operations
knowingly or unknowingly been impacted by or oth-
249
to compromise the security. An operator could load Reserve Bank of New York (FRBNY). This
unauthorized programs or data, reset passwords, software, which handles all kinds of US
rename various resources, reset the system’s time government financial transactions, cost more
and date and bypass the security checks. than $9 million to develop.
• A 31-year-old Russian national living in New
Traffic analysis. An intruder analyzes data charac- York, was charged with hacking into accounts
teristics (message length, message frequency and at Fidelity, Scottrade, E*Trade and Schwab
so forth) and the patterns of transmissions (rather in a complex scheme that involved making
than any knowledge of the actual information trans- unauthorized trades that profited the gang he
mitted) to infer information that might be useful to recruited to open bank accounts to receive the
an intruder. illegal proceeds. The brokerage firms said they
lost $1 million because of his fraud.
Data scavenging attacks. This is the technique
of piecing together information from found bits of • Yahoo accidentally leaked the private key that
data on a network, and using that data to expose was used to digitally sign its new Axis extension
weaknesses or launch a cyberattack. for Google Chrome. Axis is a new search and
browsing tool from Yahoo. A security blogger
Network address hijacking. It may be possible for discovered the package including the private
an intruder to reroute data traffic from a server or crypto key, noting it offered a malicious attacker
network device to a personal machine, either by the ability “to create a forged extension that
device address modification or by network address Chrome will authenticate as being from Yahoo.”
“hijacking.” This diversion enables the intruder to Yahoo was forced to release a new version of its
capture traffic to and from the devices for data Axis extension for Google Chrome.
analysis or modification or to steal the password file
from the server and gain access to user accounts
PLANNING A
Representative Examples – Unauthorized CYBERSECURITY PROGRAM
Network Access Considering the amount of sensitive data within
• The FBI arrested a computer programmer their custody, such as personal identifying informa-
in New York and charged him with stealing tion, financial records and other forms of nonpublic
proprietary software code from the Federal information, cybersecurity is a critical element for
most companies and organizations. Organizations
should constantly be taking proactive measures to
protect themselves against internal misuse or theft
of data, external theft of data and the threat of mal-
ware intrusions on their networks.
Proper cybersecurity policies and procedures allow

organizations to effectively manage the protection
of their physical and financial resources, reputation,
legal position, employees, and other tangible and
intangible assets.
Some of the same core principles from the financial

crime compliance arena also apply to cybersecurity.
250
One of these is assessing risks and building controls assessment of systems and information
and protections accordingly. A cyber security plan requiring protect to determine the areas of
starts with a risk assessment. highest priority.
• Establish a methodology to assess the adequacy
The following are introductory steps an organi- of existing cybersecurity controls against the
zation should consider when first deciding on its perceived level of risk.
cybersecurity approach:
• Create cybersecurity policies, including
• Assess what networks and data are being measures to assess whether policies are being
protected, which may include data from clients, followed, and plans for periodic reassessment.
such as personally identifying information A good security plan should be flexible to
of customers, an organization’s own internal technology and staff changes, scalable,
data, and the networks required to run the informative and user friendly, considering
organization’s operations. security is a daily issue.
• Assess risks and cyber threats facing the
organization, and compare this against an
PRACTICAL EXAMPLE—CYBER BANKING FRAUD

In many cases, large corporations and major municipalities opened the e-mail, the malicious
financial institutions are less vulnerable to cyber software installed itself on the victimized com-
attacks than smaller organizations, as they often puter, secretly capturing passwords, account
devote considerable resources to online and data numbers, and other data used to log into online
security. As a result, cybercriminals frequently banking accounts.
target the accounts of medium-sized compa-
nies, towns, non-profits and even churches. In The hackers used this information to take over the
one notable example from 2010, members of an victims’ bank accounts and make unauthorized
account takeover ring managed to steal $70 mil- transfers of thousands of dollars at a time, often
lion from small and mid-size US organizations. routing the funds to other accounts controlled
by a network of “money mules,” many recruited
“This was a major theft ring,” said Gordon Snow, from overseas. They created bank accounts using
assistant director of the FBI’s Cyber Division fake documents and phony names, where money
in a statement after members of the ring were from hacked accounts was transmitted. Once the
arrested. “Global criminal activity on this scale money was in a mule’s account, they could either
is a threat to our financial infrastructure, and it wire it back to their bosses in Eastern Europe or
can only be effectively countered through the turn it into cash and smuggle it out of the country.
kind of international cooperation we have seen The mules received a commission for their work,
in this case.” and some were unwitting participants in the
scheme, believing they were helping a real busi-
Using a Trojan horse virus known as Zeus, hack- ness to conduct legitimate financial transactions.
ers in Eastern Europe infected computers around In all, the global theft ring attempted to steal
the world. The virus was carried in an e-mail, and some $220 million and was actively involved in
when targeted individuals at businesses and using Zeus to infect more computers.
251
• Consider the human aspects of cybersecurity. A used by its employees and approved contractors
2014 study of cyber incidents by IBM found that to access specific nonpublic company information
90 percent had a human component to them, such as corporate policies, announcements, corpo-
meaning that the actions of an employee helped rate financial information, employee forums, inter-
further the cyber attack rather than a purely nal job postings and event calendars.
technical failure. An organization’s internal
security practices and training are as important An extranet is a computer network that facilitates
as its controls around network access from controlled access from the outside, for specific busi-
the outside. ness or informative purposes. Access is restricted
• Recognize that cybersecurity also has a physical to particular outside users and specific information
component. Attackers will use any weak within the network. Information can be shared from
point to launch an attack, including physical various areas of the business, and can be used to
vulnerabilities. In past cases, cyberfraudsters communicate sales and customer services, product
have posed as consultants for a financial development and marketing and personnel recruit-
institution, using forged security badges to ment, among other things.
enter the server room and steal data directly off
For example, a company may choose to share prod-
the institution’s network. In another instance,
uct information with its business partners, or it may
criminals simply stole the entire server racks.
use electronic document interchange (EDI) to allow
• Consider the potential repercussions for customers to place orders, deliver goods and pro-
cybersecurity incidents. Thinking through the cess payments electronically.
possible fallout that can result from a data
breach, malware disruption or other attack To detect and prevent unauthorized access to or
can help an organization decide how robust its use of an organization’s computers and networks,
data security program should be. For example, it is necessary to develop an effective frontline of
a software company may lose millions if their security mechanisms, as well as data breach detec-
application source code is discovered and made tion systems to discover intrusions and thefts if
available to public. they do occur.
STRUCTURE AND SAFEGUARDS Cybersecurity does not take place solely in the
IN A NETWORK virtual world. Network, system and physical secu-
In the simplest terms, a network can be described rity as well as controls for dealing with people are
as a collection of computers and other hardware required. The intangible aspects of data security
that are used to store information and carry out the also need to be considered, such as the effects of
functions of an organization. With the expansion of tight security controls on business operations and
the Internet, big data and mobile access, there is a company morale.
greater demand placed on companies to safeguard
their intranet and extranets. THE BASICS OF CYBERSECURITY
Best practices for securing an organization’s sys-
The Internet is defined as a global network that links tems and data can be grouped into two broad cate-
computers worldwide and uses data transfer proto- gories: those focused on organizational policies and
cols, such as FTP and HTTP, to transfer information controls, and those focused on the training and pro-
and data across locations. An intranet is a private cedures of individual employees. We’ll look at the
or closed network that uses internet technology. latter first.
For example, a company’s intranet site can only be
252
Training and Awareness. Human-centric best prac- Accessing WiFi and Storage Devices. Employees
tices start with training and awareness on the part should exercise caution when accessing wireless
of all employees. Training should focus on help- networks and avoid connecting to any unsecured
ing employees to modify their behavior to reduce networks. Cybercriminals can use these to target
cyber risk. Employees should be aware of the cyber others on the network, or may set up their own net-
threats they face, and understand how their day-to- work to lure unaware victims. Likewise, individuals
day actions on the job – opening email attachments, should not connect to unknown devices – a USB
for example – can increase or decrease their vulner- stick found in a company’s break room, for example
ability for attack. – as these could be vectors for malware.
To the extent possible, organizations should extend ORGANIZATIONAL POLICIES

their training and awareness of cyber threats to AND CONTROLS
their customers. For example, if an institution is Manage log of changes to the existing data net-
seeing a rise in incidences of business email com- work. Any changes to the network, including ele-
promise attacks affecting its customer accounts, ments such as software updates, authorized users
it could send out a customer alert warning them of and access controls, should always be tracked
the fraud trend and teaching them what to look for. and accurately recorded in a network log. This log
should be accessible to all IT staff and administra-
Cyber Hygiene. All staff should exercise good cyber tors with permissions to make changes to the net-
hygiene, or routine practices to safeguard their own work. System logs must be retained for 30 to 90
devices and online activity. This includes setting days and then destroyed unless further retention
strong passwords and changing them frequently, is necessary due to legal, regulatory or contractual
not reusing the same password or passwords across requirements.
multiple platforms, and running regular scans
for malware. Prevent keeping data for any more time than is
necessary. Data retention and deletion policies
Safe Browsing Practices. Individuals should prac- are an essential element of data security. All orga-
tice safe search and browsing when maneuvering nizations should assess what data is being stored,
online, such as checking hyperlinks before visiting for what reasons, and on what time scale. In many
sites, avoiding suspicious or untrustworthy sites, cases, it may be that an organization is preserving
and downloading and installing software only from more data, or preserving it for longer time periods,
trusted sources. Browser extensions that rate a than is necessary which is more expensive to the
site’s reputation or highlight sites with security companies. This leaves the organization and its cus-
issues can assist with this. tomers more vulnerable to data theft and breaches.
Data that is non-essential for business, regulatory
Bring Your Own Device Policies. Organizations or legal reasons should usually be deleted.
that allow employees to bring their own devices,
such as phones, tablets or personal computers, Actively monitor fraudulent human behavior.
into the workplace or otherwise connect them to Unusual communication, requests outside of nor-
the organization’s network should have security mal workflow and instructions to provide informa-
policies and controls in place to manage this risk. tion or take actions contrary to policies should be
Devices infected with malware can compromise a viewed as suspect. Outbound traffic should also be
company’s network, and cybercriminals may use monitored to identify suspicious traffic.
employee devices as an attack channel.
253
Restrict administrative connections to specific Partitioning. This means that systems and net-
internal sources, and do not allow external admin- works should share hardware and resources only
istrative access. Administrative access typically with other systems that have similar security
allows a user full control to install or delete pro- requirements. Systems which share similar security
grams, extract data or make changes to the code requirements should have user communities of sim-
in a computer or network. It can be very dangerous ilar size and character, similar firewall profiles, and
if a financial criminal gains administrative access to similar technical requirements.
a system, and, as such, organizations should main-
tain restrictions on what employees and functions
are granted administrative access. In most circum- OTHER NETWORK SECURITY
stances, external administrative access should STANDARDS AND INDUSTRY
not be allowed. BEST PRACTICES
In most circumstances, a financial crime profes-
Implement a firewall and access control list. This
sional will not be required to have a specialized
is a basic but vital step for protecting an organi-
knowledge of network security. However, some
zation’s servers that can be accessed externally
fluency in the more technical aspects of cyberse-
-- firewalls are software or hardware devices (or a
curity can be useful in compliance, investigations
combination of both) that monitor and limit access
and enforcement matters. Below are some slightly
to traffic flowing into and out of the network based
more advanced techniques and tools for safeguard-
on predetermined protocols. An access control list
ing networks:
(ACL) specifies what systems or users have permis-
sion to access a server or system. • Avoid using point-of-sale systems to connect
to the web directly, and ensure your point-of-
Change default credentials of internet facing sale system is compliant with the requirements
devices. The default or out-of-the-box passwords designed by the Payment Card Industry Data
or login information should always be changed for Security Standard (PCI DSS) to ensure that all
any device with an external connection. A surpris- companies that process, store or transmit credit
ing number of companies will connect devices that card information maintain a secure environment.
can be accessed externally without changing ven- • Use encryption and decryption methods to
dor-supplied usernames and passwords. Financial convert information into a version that is
criminals will take advantage of this fact to easily meaningful only when the intended recipient
exploit holes in the data security system. Almost all uses a key or code when transferring files.
password cracking tools start with the list of default Strong encryption methodologies, such as
passwords from every manufacturer. Advanced Encryption Standard (AES), which
uses the same key to encrypt and decrypt
Systems must be configured to automatically data, can be used for particularly sensitive
update any software. Operating system software, information such as credit card numbers, bank
server applications (webserver, mail server, data- account information and payment details.
base server, etc.), client software (web browsers,
• Adopt inspection firewalls on network
mail clients, office suites, etc.), and malware protec-
connections, which are the most common
tion software (antivirus, anti-spyware, etc.) should
firewalls in use today. These firewalls track the
all be updated automatically to protect against con-
state of a network connection to determine if a
stantly-shifting threats. A plan to manually apply
packet of data being transmitted to or from the
new updates within a documented time period is an
network should be filtered. Proxy firewalls allow
acceptable alternative.
254
deeper packet inspection for more granular development department, who have no reason
control and authentication. to view customer files.
• Require password changes upon suspicion • Controlling access to sensitive information by
of theft or data breach for all users. In some requiring employees to use “strong” passwords
cases, this may include notifying customers and that must be changed on a regular basis.
requiring them to change passwords as well. For (Tough-to-crack passwords require the use of
very secure data or transactions, organizations at least six characters, upper- and lower-case
could also consider using one-time or limited- letters, and a combination of letters, numbers,
use passwords. and symbols).
• Consider blocking large address blocks/regions • Using password-activated screen savers to lock
if they have no legitimate business purpose, employee computers after a period of inactivity.
also known as IP blacklisting. Similarly, an • Developing policies for the use and protection
organization could use a web content filter of mobile devices, including laptops, PDAs
to check every URL request originating and cell phones. For example, implement a
from its network against a blacklist of policy of encrypting any user data that is
undesirable websites. kept or transferred on to a mobile device, and
provide training to employees using such
PROTECTING AGAINST UNAUTHORIZED devices on properly storing and using them in
INTERNAL ACCESS secure locations.
A significant percentage of data breaches and thefts • Providing training to employees on the steps
involve the participation of insiders, and organiza- they should take to maintain the security,
tions should not underestimate the threat of unau- confidentiality and integrity of customer
thorized internal access. Depending on the nature information.
of their business operations, firms should consider
implementing the following practices: MONITORING AND TESTING FOR
• Thoroughly checking references or conducting CYBERSECURITY
background checks before hiring employees Cybersecurity testing and network intrusion mon-
who will have access to customer information. itoring is an ongoing and evolving effort to ensure
• Requiring new employees to sign an agreement protection against new and dynamic threats to net-
committing them to following your company’s works. A critical aspect of any security program is
confidentiality and security standards for proactive testing and monitoring procedures that
handling customer information at the time of remains flexible and dynamic.
hiring. If this has not previously been done, all
current employees should also be required to Vulnerability assessments and penetration testing
sign such an agreement. should occur when a cybersecurity program is first
• Limiting access to customer information to put into place, as well as periodically on an ongoing
employees who have a business reason to see basis. In simple terms, penetration testing involves
it. For example, give employees who respond to conducting an authorized attack on a network or
customer inquiries access to customer files, but system, in order to assess the strength of security
only to the extent they need it to do their jobs, measures and identify weak points.
and do not grant the same access privileges to
employees in the organization’s research and
255
An intrusion detection system (IDS) is a device logins, to prevent malware from running
or software application that monitors network or multiple rapid password guesses)
system activities for malicious activities or policy • Password cracking tests
violations and produces reports to a management
station. Some systems may attempt to stop an When creating and implementing cybersecurity pro-
intrusion attempt but this is neither required nor grams, understanding legal and regulatory duties
expected of a monitoring system. is essential. Many jurisdictions have laws or regu-
lations that lay out the requirements for cyberse-
Intrusion detection and prevention systems (IDPS) curity programs, including when and how to report
are primarily focused on identifying possible inci- cyber incidents.
dents, logging information about them, and report-
ing attempts. In addition, organizations use IDPSs One example is the Directive on Network and
for other purposes, such as identifying problems Information Security, which establishes cyberse-
with security policies, documenting existing threats curity standards for organizations in European
and deterring individuals from violating security Union member states. In the US, the state of New
policies. IDPSs have become a necessary addi- York implemented Rule 500 in 2017, which lays out
tion to the security infrastructure of nearly every detailed cybersecurity program requirements for
organization. financial institutions.
IDPSs typically record information related to DATA RETENTION AND DELETION

observed events, notify security administrators of
Many jurisdictions also have requirements for
important observed events, and produce reports.
retaining various types of records. The US and its
Many IDPSs can also respond to a detected threat
states are one example. In the state of Texas for
by attempting to prevent it from succeeding. They
example, disability and sick benefit records must
use several response techniques, which involve the
be retained for six years and claims of employee
IDPsS stopping the attack itself, changing the secu-
inventions must be retained for 25 years. Accord-
rity environment (e.g. reconfiguring a firewall), or
ing to US federal law, financial account records
changing the attack’s content.
must be retained a minimum of five years after an
OTHER MONITORING AND TESTING account is closed.
INDUSTRY BEST PRACTICES
Depending on the nature of your business, there
• Routine log monitoring may be multiple agencies that have their own spe-
• Flagging and monitoring failed login attempts cific requirements. Even if an organization does not
(especially those indicating widespread have explicit regulatory mandates, data retention
sequential guessing) and deletion policies and procedures are still an
• Locking out accounts after a specified important part of a cybersecurity program.
number of tries
Data retention policy is generally written by legal
• Requiring help desk calls for account lockouts counsel with the help of security personnel, and it
• Enforcing password policies (length, complexity, should include the following:
clipping levels) • Purpose of the policy
• Password throttling (increasing lag in a • Who is affected by this policy
computer or system after successive failed
256
• The type of data and electronic systems covered

by this policy “It is only a matter of time
• Define key terms especially legal and before your organization
technical terminology
• Describe the requirements in detail from the
gets hit with some type of
legal, business and personal perspective cyber incident.”
• Outline the procedures for ensuring data is
properly retained
more information can lead to increased risk that
• Outline the procedures for ensuring data is data is stolen, misused or mismanaged. Instead,
properly destroyed organizations should put in place policies for
• Clearly document the litigation removing data when it is no longer required for a
exception process and how to respond to business, legal or regulatory purpose.
discovery requests
Organizations should be cautious about how they
• A list of responsibilities for those involved in
delete information to ensure that it is completely
data retention activities
and fully removed. Simply deleting information off
one computer, or one folder on a server, may not
Data retention and disposal takes the cooperation
be sufficient, as data may be held in multiple files,
of many departments: Legal, Human Resources,
databases, or locations on a network.
IT and Management, to name a few. It is also the
responsibility of all employees to do their best at
complying with the data retention policy. RESPONDING TO A CYBER INCIDENT
When involved in litigation, organizations in most Given the current reality of the cyber threat
jurisdictions will be required to retain all pertinent landscape, it is likely a matter of time before your
to the case or anything likely to lead to the discovery organization gets hit by some type of cyber incident.
of admissible evidence, and provide it to lawyers An important part of your cybersecurity program is
or court officials upon request in a timely manner. how you react.
Otherwise, potential evidence could be destroyed
either intentionally or accidentally. Organizations should create cyber preparedness
plans, and conduct exercises to practice in advance
The important thing is to understand what of a real incident. Assigning leadership roles, staff
absolutely must be saved and then make a good responsibilities, and processes for decision-making
faith effort to follow your defined process to the in advance can speed up the response time and
best of your ability. Don’t forget to exercise caution reduce the negative impact of cyberattacks.
during litigation, and try to plan ahead for how you
would respond. Deciding who takes the lead and how to react can
be surprisingly difficult in the midst of a cyber
It can be tempting for some organizations to retain emergency. In the case of large-scale ransomware
as much data as they possibly can, either out of attack where key systems are locked down, for
an abundance of caution, or because storage example, the organization will be dealing with a
is inexpensive and widely accessible. However, highly disruptive incident that may impact multiple
this “save everything” approach often does not departments. Communications may be disrupted,
align with cybersecurity best practices. Storing employees may not know whom to contact, and
257
there may be disagreements over the proper course and remediate. This often requires cyber
of action. It could be crippling if it’s not clear who forensic expertise.
is in charge. • Identify whether data can be recovered or the
damage done by the attack can be repaired. In
Your plan should include consideration of legal many incidents, the answer will be a resounding
reporting requirements and voluntary reporting “no.” In certain situations – files locked by
responsibilities. In many jurisdictions, a cyberattack ransomware, for example, or fraudulent
will require institutions covered by AML regulations transactions initiated due to business email
to file a suspicious transaction or activity report compromise – it may be possible to fully or
with their national financial intelligence unit. partially reverse damages.
Beyond this, there may be mandates to report to
other government agencies. • Establish a complete list of subjects affected
and their contact details. This can include
Companies may also be part of public-private customers, employees and other stakeholders.
information-sharing groups that encourage • Notify members of the crisis management
voluntary reporting, to help other businesses stay team (including, but not limited to, information
aware of cyber incidents. security officer, CEO, corporate counsel and HR).
• If needed, start drafting communications for
When cybersecurity staff are faced with reporting a both public and private notifications to subjects
security breach, especially with regard to notifying and the appropriate government authorities.
an Information Commissioner's Office (ICO) or
similar governing body specific to that territory, • Prepare a public relations strategy in the event
it will be in the best interests of the company the loss is made public.
to examine the legal and regulatory disclosure • Consult legal advisors and determine if the loss
requirements. will be investigated internally or undertaken by
external consultants.
The first step in responding to a cyber incident • Establish if policies and procedures have
is to stop the bleeding. Identify the gaps and been broken and what disciplinary action
vulnerabilities that led to the attack, and close them will be taken.
immediately.
Below is the list of other immediate actions a com-

pany should take in response to a cyberattack:
• Identify the sensitivity of the incident and level
of impact on the subjects and the organization.
• If data has been stolen, lost or corrupted,
establish whether the systems housing the data
can be accessed or used without specialized
knowledge or software. In the aftermath of
a cyber incident, the affected computers
and networks are a crime scene. They need
to be preserved and accessed in a way that
doesn’t interfere with efforts to investigate
258
• Review the incident against internal policies and Like all elements of cybersecurity, data privacy
procedures to identify any weakness in security programs must be tailored to the specific types of
and enhance the policies to avoid future losses. information collected and the services and prod-
ucts a company provides. One first step in safe-
It can often be tempting for companies to simply guarding data privacy is to develop a written plan
sweep a data breach under the rug and look for that describes their program to protect customer
quick fixes, as acknowledging a breach can lead to information. The plan must be appropriate to the
loss of customers, negative publicity, and even lia- company’s size and complexity, the nature and
bility in extreme circumstances. Though it may be scope of its activities, and the sensitivity of the cus-
more painful in the short term, a robust and thor- tomer information it handles.
ough response to cyber incidents is always the best
in the long run, as it will help correct deficient poli- As part of its plan, each company should do
cies and ultimately lead to a more secure cyberse- the following:
curity program. • Designate one or more employees to coordinate
its privacy program.
ESSENTIALS OF A DATA • Identify and assess the risks to customer
PRIVACY PROGRAM information in each relevant area of the
company’s operation, and evaluate the
STORING AND RETAINING
effectiveness of the current safeguards for
CUSTOMER INFORMATION
controlling these risks.
Many companies collect personal information
• Design and implement a privacy program, and
from their customers, including names, addresses
regularly monitor and test it.
and phone numbers; bank and credit card account
numbers; income and credit histories; and Social • Select service providers that can maintain
Security numbers. As custodians of this sensitive appropriate safeguards, make sure your
personal information, organizations must have poli- contract requires them to maintain safeguards,
cies and procedures to protect data privacy and use and oversee their handling of customer
data ethically. information.
• Evaluate and adjust the program in light of
These are similar to cybersecurity programs, but relevant circumstances, including changes in
have slightly different goals. Cybersecurity focuses the firm’s business or operations, or the results
on preventing unauthorized access to networks or of security testing and monitoring.
information, whereas data privacy is focused on
managing, using and sharing data in a way that con- Organizations should implement safeguards appro-
forms to privacy regulations and customer expecta- priate to their own circumstances. A company may
tions. This can include how data are handled inter- decide to designate a single employee to coordinate
nally, shared with affiliates or other third parties, or safeguards or may assign this responsibility to sev-
transmitted to law enforcement and regulators. eral employees who will work together. In addition,
companies must consider and address any unique
Internationally, there is a patchwork of laws and reg- risks raised by their business operations, such as
ulations that governs how sensitive personal infor- the risks raised when employees access customer
mation should be stored and retained, and when data from their homes or other off-site locations, or
and how it can be shared. Collectively, these prin- when customer data are transmitted electronically
ciples provide guidance on data privacy programs. outside the company network.
259
RESPONDING TO LAW ENFORCEMENT Establishing such relationships in advance of receiv-

REQUESTS FOR DATA ing a request for information should greatly facili-
Financial crime investigations will often be accom- tate the response and provide an opportunity to
panied by compulsory legal requests from law discuss legal and policy issues around law enforce-
enforcement, courts or private litigants for data ment access to data.
or information. As an industry best practice when
dealing with such requests, a financial institution or
INTERNATIONAL DATA PRIVACY
firm should designate a specific person or specific
office to receive all requests for information and to
LAWS AND REGULATIONS
coordinate the responses to such requests. The notion of a right to privacy is dramatically dif-
ferent across geographies, and certain countries
With the possible exception of public records have developed aggressive legislation to protect
requests, the persons handling requests generally these cultural values.
should be in-house legal counsel for those institu-
tions that have one, or a senior level manager or In October 1998, the European Union’s Data Pro-
compliance officer for those that do not. tection Directive went into effect to protect the pri-
vacy of information and prohibit the transfer of per-
The receiving office or person should have a basic sonal data to non-European Union countries. Some
understanding of such requests: non-EU countries are thought to not “adequately”
meet EU standards for privacy protection.
• The nature and kinds of records and information
that are maintained on campus and that are
The US Department of Commerce, in consultation
likely to be requested.
with the European Data Privacy Commission, has
• The nature and structure of the institution’s developed a “Safe Harbor” framework to provide
recordkeeping systems, including, but not a means for US companies to comply with the EU
limited, to its IT systems. Data Protection Directive via the US-EU Safe Har-
• The institution’s record retention policies and bor program. In addition to applying for safe harbor
other institutional policies certification, companies have also found it effective
to have internal groups and policies that strictly
• State and federal laws that govern the
address data privacy and the transmission of elec-
maintenance and disclosure of records and
tronically stored information across borders.
other information.
Data privacy is a legal decision that must be care-
The receiver should also consider developing a
fully analyzed before collecting or transferring data
working relationship with the offices of the law
belonging to employees. It is advisable to seek the
enforcement agencies that are most likely to make
advice of local counsel in the specific country to pro-
such requests. In some areas, formal structures
vide guidance on compliance with local regulations.
may already exist to facilitate such relationships.
One such example is InfraGard, a US public-private
THE EU GENERAL DATA
partnership association that promotes informa-
PROTECTION REGULATION
tion-sharing and reporting between companies and
the Federal Bureau of Investigation. The EU has a wide-ranging data privacy law that
has been implemented by individual countries. The
EU data privacy law extends to any document con-
260
taining information about an EU citizen, and it gov- affected persons that their personal information
erns not just the production of this information, but will be processed, and possibly disclosed, and offer
also how, where and under what circumstances the such persons the right to object.
information can be processed and stored.
Necessary for compliance with a legal obligation.
Under EU data privacy laws, “personal information” Processing is permitted where a member state has
has a much broader definition than is understood in authorized it for the purposes of meeting a legal
the US. In Europe and elsewhere, personal informa- obligation to comply with a court order of another
tion is virtually any information about an individual, jurisdiction regarding pre-trial discovery.
including name, physical and email address, family
members and similar facts that can be used to iden- Necessary for meeting a legitimate interest. Pro-
tify someone, even if the information is created and cessing and transferring personal information data
maintained in a business environment. EU data pro- may be authorized to meet the demands of litigation
tection laws control the processing and transfer of if accomplished in a measured, proportionate and
data containing any personal information. secure manner. Processing for litigation requires
balancing the rights of the individuals whose per-
The General Data Protection Directive (GDPR) does sonal data are processed against the rights and
not completely prohibit processing and transferring. interests of litigating parties.
The directive has, however, been interpreted to seek
compliance with certain data protection require- PROTECTING THE DATA UNDER THE EU
ments. For example, in February 2009, a Working DATA PROTECTION REGULATION
Group established under the Directive published A party seeking to process personal data for litiga-
“Working Document 1/2009 on Pre-Trial Discovery tion must take numerous steps to protect personal
for Cross Border Civil Litigation,” which provides information. As much processing as possible should
guidance in managing the tension between US liti- be accomplished within the European Union. The
gation discovery obligations and the EU’s data pro- data must be anonymized or at least pseudonymized,
tection requirements. and must be culled of irrelevant personal informa-
tion. Truly sensitive information, such as official
The Working Group’s recommendations, which are ID numbers, health and tax information should be
not binding on the privacy authorities of the various purged from the data. If the data to be transferred
EU countries, include the following: contains personal information, the request to trans-
fer it must be proportionate to the legitimate needs
Consent. Individuals may consent to the process- of the case, and reasonable provisions should be
ing of their personal information. Obtaining con- made to secure the data and to prevent its use and
sent, however, is no simple matter. To be effective, transfer beyond the matter at hand. Personal infor-
consent must be given freely—it cannot be coerced, mation must not be indefinitely retained.
even mildly, by an employer—voluntarily, and know-
ingly. Evidence of consent must be clear and con- Penalties for violating privacy laws can be severe.
sent, once given, may be revoked. Broad advance Private parties seeking data that contains personal
waivers as a condition of employment are not effec- information must be very familiar with the laws of
tive; consent must be provided affirmatively and the jurisdiction hosting the data. Even data created
with reference to the specific documents the pro- in the work environment generally falls within the
duction of which has been requested. Where obtain- scope of the Data Protection Regulation. For exam-
ing consent is not feasible, the party from whom ple, unlike what typically is held to be the case in
documents are requested must at least disclose to
261
the US, email created in the work environment that • Public declaration of commitment to the Privacy
identifies a natural person by name, address or con- Shield Framework
text is considered protected personal information • Informing individuals of their rights to access
under the directive. Reports from committees that their data, and informing individuals what
identify committee members may also be consid- regulatory bodies have authority over the
ered personal information. organization’s compliance with the Framework
THE US-EU PRIVACY SHIELD FRAMEWORK

In the US, private parties may lawfully receive data
protected by the GDPR if the company has volun-
tarily joined the Privacy Shield Framework created
by the US Department of Commerce following
negotiations with the European Commission. The
Department of Commerce provides a process of
self-certification based upon adherence to several
principles pertaining to the protection of personal
data. These include:
• Mechanisms for effective supervision of data
management with strong ongoing oversight
• Limits on how data can be accessed and used
for purposes of US national security and
intelligence
• The ability to field and respond to individual
complaints brought to a participating
organization within 45 days
262
Q 12-1. Your financial institution has been subject to several hacking attempts over the last
few weeks. While none have been successful, you worry that it might be a matter of time. To
keep your network secure, you have decided to update your network security policies.
What is an important step to include in your network security policy?
A. Educate your online customers to detect phishing attempts and other fraudulent
email scams.
B. Disable auto deletion of old data, including access logs, and move them to an
archive server.
C. Only permit administrative connections via the Internet through HTTPS or SSH
connections.
D. Require confirmation from network engineering before resetting any lost passwords.
Q 12-2. Your organization has a large online presence, providing all key services online. You
have recently found out that a hacker has gained access to your secure network, stealing
millions of customer usernames and passwords. You think the access was gained via social
engineering.
Your company’s success depends on your keeping this data secure, so your organization wants
to put procedures in place to ensure it can prevent any such further attacks. As an initial step
you have terminated Internet access for engineering and IT.
What would be the MOST effective further action for your firm to immediately take to prevent
this specific type of attack from happening again?
A. Restrict external access on all routers and servers allowing administrative access only
from workstations in the engineering and IT departments.
B. Staff should not be allowed to download any materials from the Internet or private disks
to the organization’s local drives.
C. Require all customers to change their passwords on a regular basis to access their
accounts and require strong passwords.
D. Upgrade all network firewalls and ensure they are running current software.
263
CHAPTER 13
ETHICAL
RESPONSIBILITIES
AND BEST
PRACTICES
OVERVIEW
Specialists and professionals who work as AML, anti-corruption,

fraud and anti-sanctions compliance officers, regulators, enforce-
ment agents, investigators, prosecutors, risk officers and other
professionals in the global financial crime field have one thing in
common. They all face frequent tests of their ethics
264
CHAPTER 13 • ETHICAL RESPONSIBILITIES AND BEST PRACTICES
These tests may arise from the following represen- cial crime specialists in the public and private sectors
tative examples: have been lured into wrongdoing when they confront
• A private banking client who applies pressure the chance to earn many times their salaries by con-
to not file a required government report on ducting a single transaction.
a transaction
Financial criminals usually go to great effort and
• A public official who asks that a suspicious expense to obtain and conceal the proceeds of their
transaction be overlooked or obfuscated crimes. Often, they attempt to manipulate or cor-
• A judge or regulator who insinuates that an rupt employees of financial institutions and their
unlawful payment to him or her would achieve pursuers, including law enforcement agents, reg-
the result you want ulators, compliance officers, risk officers, lawyers,
• A customer who asks you to misstate the facts financial institution executives and others. Their
about him so that he may be accepted as a goal is to frustrate the control and compliance
customer by your financial institution systems that have been built to combat them. It is
important that a financial crime specialist remain
• A superior who asks you to ignore an internal on guard against ethical temptations and violations.
policy to facilitate an unlawful transaction he This can mean the difference between a successful
is advocating career and a situation that results in losing your job
• The temptation to sell or trade on confidential and your freedom.
information that comes to you on the job
• An employee who approaches you with possible Financial crime professionals work in many dis-
evidence of a financial crime implicating a senior ciplines. Many of them, such as attorneys and
manager and asks you to suppress it accountants, must adhere to codes of ethics pro-
mulgated by their professional associations. These
• A request to ignore an item in a profit and loss professionals must always be sensitive to these
statement that might show wrongdoing standards and the laws and regulations that govern
their conduct. The work of financial crime special-
Examples of situations that test the ethical bear- ists is closely tied to the law, but for them, operating
ings of diverse players in the financial crime arena in a legal manner is not enough.
worldwide could fill up pages of this Manual.
Ethics go beyond obeying the law. It entails adher-
If one starts with the conclusion that nothing is worth ence to a standard of conduct higher than the
risking one’s career and the well-being of one’s family, minimum required by law. To become a Certified
and that it is important to always act with the highest Financial Crime Specialist (CFCS), financial crime
integrity, ethical lapses will not occur. Because finan- professionals must demonstrate knowledge of the
cial crime invariably involves illicit proceeds, there ethical standards that govern them and a commit-
are many opportunities for temptation. Many finan- ment to maintain them. The work of financial crime
professionals should meet the highest legal, ethical
and professional standards.
Ethics go beyond This chapter covers these ethical standards and
obeying the law…

addresses ethical issues faced by certain groups of
specialists, such as public and private sector inves-
tigators, compliance officers, regulators, attorneys
265
and employees of financial institutions, corpora- deciding where to focus an investigation and other
tions and other business entities. similar situations.
If a fair resolution cannot be found, the financial

CODES OF CONDUCT crime specialist should not continue favoring one
Apart from the routine “right or wrong” decisions client over another.
that financial crime specialists must make each
day, preventing, detecting and combating financial
crime often offers a dimension of moral ambigu- WHAT ARE ETHICS?
ity that is difficult to define. This is where a strong The dictionary defines ethics as, “The discipline of
code of conduct issued by the organization where dealing with what is good and bad; and with a moral
the financial crime specialist works helps guide the duty and obligation.”
employees. However, a code of conduct is only as
good as the supervision and enforcement it receives Ethics consists of the principles that guide us in
from the organization that issued it. deciding what is right and wrong. It establishes a
sense of duty and obligation -- what we expect of
No private- or public-sector organization should ourselves and of others in any given situation.
operate without a written code of conduct. Employ-
ees of all ranks should receive it and be required to Ethics describes standard of behavior. It is different
read and sign it. The signed copy should be placed than obeying the law because the law prescribes
in the employee’s personnel file. what we may do without incurring a penalty and
what the penalties are if we don’t follow it. Eth-
It is also advisable to maintain a mandatory “con- ics, on the other hand, provides the framework for
flict of interest” reporting regimen for all employ- how we make decisions and how we determine our
ees. Among other things, the employees should course of action.
be required to report gifts, potentially conflictive
personal relationships with outsiders, potentially MAKING ETHICAL DECISIONS
conflictive jobs held by family members and the like. Making sound decisions requires awareness of eth-
Improper requests or communications by present ical issues and a process for considering the ethi-
or prospective customers or outsiders should also cal aspects of these decisions. The more difficult
be reported by the employees. an ethical choice is, the more important it is to
communicate with others about the dilemmas that
When dealing with conflicts of interests among sev- are before us.
eral clients, a Certified Financial Crime Specialist
should consult the clients to resolve the issues in a By seeking the guidance of someone else, we are
way that is acceptable to all. better positioned to make sound ethical choices. On
the other hand, an old adage on ethics says, “If you
A guiding principle in resolving conflicts of inter- have to ask about it, it’s probably wrong.”
est should be the fair and equal treatment of the
clients. In these situations, one client should not Ethical decision-making should include the fol-
receive preferential treatment over another, such lowing steps:
as in deciding which client should have an invest-
Identify the issues — It is important to mentally
ment opportunity or a financial crime investigator
identify issues that present a real or potential eth-
266
ical dilemma, and to understand how one’s actions When instituting conflict of interest rules for an
affect others. We must weigh the expectations of organization, do the following:
others about our conduct and how they may affect • Develop a systematic and objective approach
us. It is difficult to act ethically if we don’t recognize for screening new clients or selecting cases
issues as they arise. to pursue or embarking on any task where
objectivity and ethical standards may be tested.
Get the facts — Obtain as much information as pos-
sible to illuminate the situation and obtain specific, • If possible, select a colleague who is not
objective information. One must take a broad view affiliated with the matter to screen the relevant
even when only partial information is available. One facts and the persons in a particular situation.
must consider how to find other pertinent informa- • Designate a conflict of interest officer for your
tion. Consider the motivation some persons may organization or unit.
have in supplying partial or incorrect information.
Consider alternative courses of action— In UNDERSTANDING THE RESPECTIVE

resolving ethical dilemmas, one must take a broad ROLES IN YOUR ORGANIZATION
approach, consider other alternatives and how oth- Two of the most important principles that govern
ers will view our actions. One should decide which the conduct of a financial crime specialist are to
principles apply to a situation and prioritize them. constantly remember the rights, well-being and
One should consider the rights of other stakehold- obligations of one’s organization and to honor these
ers, treat people fairly and act in the best interests factors. One owes a duty of honesty and diligence
of the affected persons. to one’s organization, along with its mission and
constituency.
Consider professional standards — Many profes-
sional organizations issue written codes of the stan- The work of every financial crime specialist can
dards of conduct, which provide a good measure involves potential conflicts of interest that threaten
and test of possible courses of action. Experienced these interests. They must be recognized and
colleagues or supervisors may offer valuable guid- resolved ethically.
ance in resolving ethical dilemmas. They may pres-
ent other issues, share a new perspective or identify INFORM THE ORGANIZATION
areas that one was not viewing objectively. AND CLIENTS OF SCOPE AND
COST OF PROJECTS
Make a decision— It is advisable to choose the best
Financial crime specialists are sometimes engaged
option to resolve a particular situation. Act deci-
by clients or their organizations for a specified proj-
sively and implement your plan even though this is
ect, such as representing a person or organization
sometimes difficult.
that is under investigation for foreign corrupt prac-
tices, fraud, money laundering or violation of the
Act and assess — It is a good practice to assess
sanctions laws and regulations. The clients or orga-
one’s actions and weigh whether they achieve the
nization should be informed of the likelihood of cer-
desired result. It is never wrong to ask yourself, “Am
tain outcomes so they can make informed decisions
I doing the right thing? Would an independent per-
on the scope of the work, the projected fees and
son think that this action is correct and fair? How
costs, and the risk of reputational harm and other
would I react if this were done to me?”
negative consequences.
267
The briefing of an organization’s superiors or clients UNDERSTANDING THE ROLES OF

has two requirements. First, they must be thor- MEMBERS OF AN ORGANIZATION
oughly informed at the outset about the full nature A financial crime specialist also must understand
of the project, including the good and bad aspects. the division of roles and responsibilities in an orga-
nization. This should be clear to everyone in the
Second, they must be informed regularly about organization so they may make appropriate deci-
the progress and the actual and future costs. This sions and understand the actions they may take
applies to employees of government agencies who without obtaining approval.
have a choice of moving forward on two matters
where resources permit embarking on only one. In financial crime matters, everyone should under-
stand the objectives of particular projects and par-
The financial crime specialist should offer a project ticipate, as appropriate, in deciding on the areas of
plan and budget to the client or organization that focus, the budgets and desired outcomes.
identifies the significant steps that must be taken
and the expected costs of each stage. In appropriate circumstances in the private sec-
tor, it is prudent to use an engagement letter to
When preparing this plan and budget, the financial describe the nature of the work that the specialist is
crime specialist is in a better position to identify the expected to undertake, the limitations imposed by
stages and expected costs. Thus, specialist should the client, and a clear description of the projected
always be accurate in estimating expected time fees and costs.
frames and costs and avoid the temptation to pro-
vide unrealistically low estimates in order to secure The financial crime specialist, including clients and
authorization, or to continue a matter that he or she superiors, should recognize that the objectives of
knows is unpromising. the project may change over time as more informa-
tion is gathered. It is advisable to maintain a con-
COMMUNICATING WITH CLIENTS tinuing dialogue to refine the objectives and other
Financial crime specialists should also maintain elements of the project and to document the deci-
open lines of communication with their superiors, sions in writing.
clients or constituents to inform them of ongoing
developments. The duty to educate them continues
throughout the course of the matter. Specialists CONFLICTS OF INTEREST
may find it necessary to communicate beyond rou- In the private and public sectors, the work of a
tine updates, such as in these scenarios: financial crime specialist often raises potential con-
• Before undertaking any action that may require flicts of interest. They can be difficult to resolve. A
informed consent by the organization or specialist must be sensitive to different situations
an individual that can create these conflicts. Policies should be
implemented by the organization to avoid or miti-
• Notifying clients or superiors when a
gate conflicts and their effects and resolve them.
requested action is limited or prohibited by law
or regulation
The financial crime specialist must remain alert
to potential conflicts of interest. One type of con-
flict that is inherent in the nature of most engage-
ments, including those in the private sector, is the
desire to earn fees from the client or others. Work
268
that generates fees should not be prolonged in intentionally or unintentionally, to some customers
order to continue the payment of fees. Clients over others.
should be informed promptly at significant points
where a more economical approach is possible and Conflicts of interest may arise in transactions or
not harmful. dealings involving insider or privileged information.
Similar situations exist in the public sector where a Financial institution and corporate regulators often
government operation may be prolonged for improper have rules or guidelines that govern how the regu-
motives. Financial crime specialists at government lated entities should manage and prevent conflicts
agencies must always remember that their resources, of interests. Most countries prohibit conduct that
including their salaries, are paid by the taxpayers, who arises from conflicts of interest, such as insider trad-
are owed the same honest dealings and conduct as ing or self-dealing. Conflicts of interest can easily
are clients of private sector specialists. elevate from an ethical violation to a financial crime.
Some conflicts of interest are so significant they In other situations, a situation that begins as a fail-
compel a decision to decline to undertake a matter ure of internal controls and insensitivity to ethical
or to withdraw from an existing one. In other situa- obligations can become a financial crime which
tions, conflicts may be managed by adopting pro- brings severe financial consequences to innocent
tective measures, such as obtaining written waivers individuals and organizations, including reputa-
from one’s superiors or clients, disclosing potential tional harm, governmental penalties or prosecution
conflicts to superiors or clients or blocking access and lawsuits by the victims.
to documents and other things to prevent people
and information from a different case from contam- INFORMATION BARRIERS
inating or affecting a current matter. Information barriers or “firewalls” can provide
strong protection against conflicts of interest at pri-
UNDERSTANDING & RESOLVING vate- and public-sector entities. These barriers are
CONFLICTS AT DISTINCT PRIVATE AND intended to limit the flow of information between
PUBLIC ENTITIES internal units and persons. They are designed to
Everyone who works in the financial crime field allow employees of an organization to advance their
has the obligation to place the interests of their legitimate activities without exposure to informa-
organization, customers, constituents and other tion that may produce a conflict of interest.
stakeholders above their own. Employees of finan-
cial institutions in the broad sense of the term, in  Information barriers at private- and public-sec-
particular, must recognize the purposes for which tor organizations may take various forms based
accounts, relationships or trusts they manage on the size and services the organization provides.
and oversee were created, and administer them They can be physical barriers, such as the physical
accordingly. separation of units of employees in the blocking of
access to certain information by electronic means.
Institutions and commercial corporations must
also ensure that their customers are treated hon- Information barriers should also include policies
estly, fairly and equitably, and that their employees and procedures that explain problems that may be
are not extending undue privileges and benefits, encountered, how to resolve them and how to apply
the organization’s policies. Some common controls
269
on conflicts of interest at private- and public-sector because of a personal bias against the customer or
organizations may include the following: a “feeling” without supporting evidence.
• Assessing the services, activities, functions and
distinct types of employees to identify where Similarly, decisions to not follow certain onboarding
conflicts of interest may arise or monitoring procedures should, of course, not be
based on an expectation of financial gain offered
• Restricting employee access to information by the customer, or bonuses or other benefits
through a system of multi-tiered access rights from the organization for onboarding or monitor-
or similar limitations ing a customer.
• Written conflict of interest policies that clearly
outline prohibited behavior and provide Financial crime specialists, including compliance
guidance, instructions and examples on avoiding and risk management specialists, frequently have
conflicts of interest access to a customer’s personal information. A spe-
• Training programs that teach awareness of cialist must securely store and manage customer
and sensitivity to conflicts of interest and their information and access and retain if it is necessary
ethical resolution for onboarding and monitoring and as required by
law or regulations. The Data Security and Privacy
• Secure methods to record and preserve relevant chapter of this manual cover other considerations
information at the start of an operation or a in the handling of customer and other sensitive
customer and business relationship to identify information.
and manage conflicts of interest
• Clear policies and instructions that govern BUILDING CONFLICT OF
disclosure to the appropriate government INTEREST POLICIES
authorities of internal lapses in honest and When not properly managed, conflicts of interest
proper conduct by the organization and can be a source of serious repercussions and conse-
its employees quences. To manage conflicts effectively, business
and government organizations must have thought-
ETHICAL ISSUES IN ONBOARDING AND ful and sound written policies and procedures.
MONITORING CUSTOMERS
Financial crime specialists who work in compliance The key part of a sound process is the ability to
and risk management sometimes have latitude in identify all the parties involved in any case, an
the onboarding and monitoring of customers and account, business transaction or matter. By know-
customer activity. The ethical considerations for ing who is involved, potential conflicts are more
persons who onboard and monitor customers are readily identified.
similar to those that can be used to resolve conflicts
of interest. At larger organizations, identifying conflicts can be
complicated. All relationships and conflicts may not
When deciding whether to onboard a customer be readily apparent. Poor internal communications
and monitor customer activity, a financial crime can allow conflicts to go undetected. Staff turnover
specialist must follow the policies and proce- also increases risk levels by increasing the loss of
dures of the organization. Compliance officers and institutional knowledge.
other employees should not subject a customer to
enhanced due diligence procedures, for example, In conflict management, the staff and their rela-
tives and business and personal connections are an
270
important consideration. A conflict of interest pol- All employees at all levels should be required to
icy should alert pertinent units of an organization to know and receive proper training on internal con-
possible conflicts in distinct types of relationships. flict of interest and ethics policies and the organiza-
Developing and implementing a system to capture tion’s expectations and procedures.
and retrieve employee and client information is
essential to identify potential conflicts of interest.
PRIVACY CONSIDERATIONS
Employee privacy and an organization’s needs require Investigations in the public and private sectors often
a delicate balance. Confidential information about present financial crime specialists with difficult eth-
an organization’s employees must be safeguarded ical decisions. For example, one of the more diffi-
and kept private. The reasons for determining that a cult issues that investigators confront are the pri-
conflict of interest existed should not be shared with vacy rights of investigative subjects, including their
other staff members, customers or clients, unless it is inclusion in databases that are accessible by many
compelling or there is an official reason to do so. persons, sometimes even outside the organization.
Some organizations require a committee to review With the pervasive use of technology, violating the
confidential information to decide what should be privacy rights of a subject, customer or colleague is
placed in a conflict of interest database. Having a easy. It may be tempting to surreptitiously access
well-defined protocol for this process is import- a person’s computer, place cameras to monitor a
ant to ensure uniformity and fairness. Information subject, enter a subject’s property to place tracking
concerning employees, their relatives and private devices on their vehicles, or tap a telephone without
dealings should be deleted or stored separately and court authorization. These are steps that can ruin
securely when an employment relationship ends. the careers of a financial crime specialist.
Other guidance that should be included in an It is ethically questionable or even illegal for a finan-
organization’s conflict of interest policies include cial crime specialist or others to misrepresent them-
the following: selves in order to obtain personal or financial infor-
• The relationships of directors, officers and other mation about a subject, customer, client, opponent
officials with outside organizations in a legal matter, or others. Posing as an employer
to obtain a credit report, for example, is a crime in
• The extension to employees of free or
some jurisdictions.
discounted services from the organization as
fringe benefits
Whether an action is an unlawful invasion of privacy
• The names of all employees who receive gifts or or is a legitimate investigative step depends on the
entertainment benefits from outside persons, laws where the action occurs. Financial crime spe-
businesses, customers or vendors cialists should know the applicable laws and regula-
tions in jurisdictions where they work or where they
This data from new engagements or relationships seek information. They should remember that what
should be added to the conflict system or database is legal in one jurisdiction may not be legal in another.
as soon as they commence or are identified. Failure
to manage and update these systems in a timely Bending the rules in a due diligence procedure per-
manner may result in loss of business, harm to rep- formed at a financial institution or other business
utation and potential legal liability. may do significant harm, in addition to constituting
an ethical violation. It may also jeopardize a case or
271
other matter and cause reputational harm to the

individual and the organization. In most jurisdic-
tions, records that are illegally obtained are inad-
missible as evidence in court and may lead to the
dismissal or discharge of legal proceedings against
the target, and expose the organization and individ-
uals to legal liability.
To avoid these consequences, financial crime spe-

cialists should understand the applicable laws and
regulations. The guidance of an attorney to resolve
unclear areas and doubts about the legality of a
contemplated action should be sought.
persons with connections to prior work done by the
CONFLICTS IN THE INTERACTION OF specialist or the organization.
INVESTIGATIVE TARGETS AND LAW
ENFORCEMENT AGENTS A potential conflict also arises when a new case will
be affected by confidential information the special-
It is not uncommon for a financial crime specialist
ist learned in an unrelated situation. Possession of
to interact with the subjects or targets of a case or
this information could result in prejudice to the prior
investigation. These persons may make improper
client and affect one’s ability to fulfill the full obliga-
requests, such as to ignore or not disclose certain
tions with the new client. Similar conflicts may arise
information, and may also offer unlawful compen-
for specialists who work in government agencies.
sation to look the other way.
The first step a financial crime specialist should take
Any agreement to such a request is a betrayal of the
when a new matter arrives is to conduct a “conflict
duty to the organization. Such offers or requests
of interest check.” This involves comparing the
should be reported immediately to the appropri-
names of all persons and entities that were associ-
ate superiors, including internal affairs officers,
ated with a prior matter with those involved in the
because they may amount to attempted bribery or
new matter. The names of persons and entities that
extortion that should be reported to law enforce-
are connected to the new client or matter should
ment authorities.
also be checked against those in prior matters. This
process requires a current list of all persons, orga-
If there is a duty to notify law enforcement author-
nizations and clients with whom the financial crime
ities, legal counsel should be consulted to assure
specialist or the organization had prior dealings.
obedience with applicable laws and regulations.
Because of the harm that may result to innocent
The second recommended step is to determine
parties, everything reasonable should be done to
overlaps in the work done in the past, and the antic-
verify the credibility of the allegations.
ipated work in the new matter. When a name associ-
ated with a new matter is the same as one in a prior
FORMER AND CURRENT CLIENTS
matter, attention should be paid to determine if a
AND COLLEAGUES
conflict exists. If a financial crime specialist is asked
A financial crime specialist may encounter conflicts to take action against a former client, this poses
from work that he or she has previously performed, a significant conflict of interest and the specialist
such as when a new matter is opened that involves should decline the matter.
272
The third step is to establish procedures that assure CONFLICTS BETWEEN THE CLIENT AND
that an overlap in names does not prejudice past THE FINANCIAL CRIME SPECIALIST
or prospective clients. The greater the overlap, Many conflicts may arise between a financial crime
the greater the actions a financial crime specialist specialist and his or her colleagues or clients. Some
should take to prevent harm to the organization, are inherent in work performed for a fee. Proce-
matter or present or past clients. dures should exist that ensure that all work billed to
a client is honestly and fairly performed. A financial
The following actions may be taken to prevent harm crime specialist has a responsibility to the organi-
when potential conflicts of interest arise: zation, colleagues and clients to assure that work
• Promptly disclosing to past or present performed is authorized and reasonably crafted to
colleagues, clients or organizations the nature accomplish the ultimate goal set by the organization.
of a potential conflict of interest
• Asking these persons and organizations to Some conflicts arise from disagreements over fees
waive conflicts of interest that may exist, if it or difficulties of an organization or client to find an
is appropriate operation. An example is when a financial crime
asset recovery specialist has agreed to provide
• Creating a wall or other safeguards to ensure services on a contingent basis with the fees to be
that persons who were involved with a prior paid from a client’s winnings. If the client becomes
matter will not see or have access to files of the unable to continue funding the case, the specialist
new matter and will not participate in it faces the prospect of losing an opportunity to col-
• Declining to accept the prospective lect a good contingency fee and may be tempted to
matter or case propose improper funding of the case. These con-
flicts should be addressed quickly and discussed in
Sometimes a conflict of interest cannot be avoided the initial engagement agreement.
in advance because its existence is not known until
a later stage. When conflicts are discovered later, a Conflicts may arise for non-financial reasons, such
complete, prompt disclosure to all affected parties as when a superior or client imposes limitations that
must be made. In most cases, skilled financial crime the financial crime specialist believes are unreason-
specialists can work with the affected persons to able. A client may insist that the financial crime spe-
reach an acceptable resolution. cialist focus on a target that the specialist believes
has little value to the case, for example. Or, when
If a resolution cannot be found, the specialist should a superior or a client may ask the financial crime
not continue to work in a situation where one client specialist to engage in illegal or unethical conduct.
may be favored over another. These problems must be confronted directly and
discussed with appropriate persons in the organiza-
In government matters, similar conflicts to those in tion. The financial crime specialist should document
the private sector may arise. A government financial all pertinent actions discussed and taken.
crime specialist should never compromise a proper
action in order to obtain an advantage in a present PROTECTING THE INTERESTS OF THE
matter, unless a well-considered decision favoring a ORGANIZATION OR CLIENT
concession is justified. A plea bargain, coupled with
A financial crime specialist should assure that he
other inducements that government agents may
or she is not engaging in conduct that may harm
offer to a target or informants in a financial crime
his organization or client. It is a good idea to follow
matter, is an example of such a compromise.
the medical field’s Hippocratic Oath, “First, do no
273
harm.” Financial crime specialists perform a valu- This was illustrated in the mid-2000s when a For-
able service when they advise their organizations, tune 500 company hired private investigators to
colleagues or clients that the actions they are sug- identify the source of leaks of confidential board of
gesting may be unproductive, counterproductive, director information to the media. The investigators
harmful, improper or unethical. Examples include used deceptive telephone calls to obtain banking
the following: and phone records of suspected persons. When the
• Pursuing a civil action where the costs are scheme was discovered, the company and several
expected to exceed the value of the successful officers became the subjects of criminal investi-
outcome or recovery gations. The company paid a large fine and several
officers were fired.
• Engaging in conduct likely to be offensive to a
court and result in sanctions or other negative By its very nature, financial crime is full of circum-
consequences to the client and the financial stances that may harm or destroy the reputations of
crime specialist persons. Being mindful and respectful of the ethical
• Undertaking actions that will likely obligations that a specialist carries as part of the
cause embarrassment or harm to an job is an essential part of all financial crime posi-
organization or client tions and a crucial element of the Certified Financial
Crime Specialist (CFCS) certification.
274
Q 13-1. Sallie Jones holds a significant administrative position in the Defense Department of
her home country, overseeing various information technology projects. Sallie’s husband, Joe,
was recently hired in sales by a software company, Company A. The CEO of Company A is a
personal friend of Sallie’s, and ultimately hired Joe.
Shortly after Joe was hired, the Defense Department and Company A entered into a contract
for the purchase of software. Joe was assigned to the account. Sallie was not involved in the
initial contract negotiations and did not know they were taking place. After the contract was
signed, Sallie was involved in the decisions to use the company on subsequent projects.
When did Sallie commit an ethical violation?

A. When the CEO of Company A paid for a dinner with Sallie and her husband during the
hiring process for her husband
B. When she continued to maintain a close friendship with the CEO of a vendor of the
Defense Department
C. When she was part of the subsequent decision process knowing that her spouse had a
financial interest in the matter
D. When she did not disclose her conflict of interest during the initial contract negotiations
Q 13-2. The CEO of Company X, a publicly traded corporation, caused Company X to enter
into a transaction with Company Y in which the CEO is a shareholder. The CEO failed to inform
the shareholders of Company X of his interest in Company Y. However, the transaction will
greatly benefit Company X as well as Company Y.
Which statement is true about this situation?
A. The CEO has participated in insider trading.
B. The CEO has committed self-dealing.
C. The CEO has been involved with selling away.
D. The CEO has not committed an ethical violation.
275
CHAPTER 14
INTERNATIONAL
AGREEMENTS
AND STANDARDS
OVERVIEW
From the local to the global, efforts to detect and prevent finan-
cial crime occur on many levels. As discussed in previous chap-
ters of this Manual, financial crime is a global plague that takes
place across borders and throughout the national and interna-
tional financial systems. That is why financial crime must also be
addressed on the international level.
276
CHAPTER 14 • INTERNATIONAL AGREEMENTS AND STANDARDS
This has long been recognized by governments these norms are not self-executing and require the
and their enforcement and regulatory agencies. political will and commitment to implement them by
Through treaties, interagency arrangements and laws, regulations and enforcement.
international organizations, governments world-
wide have sought for decades to build cooperation This chapter will highlight the noteworthy interna-
concerning standards and procedures for policy, tional standards and the organizations behind them.
regulation and enforcement concerning financial In many cases, the standards and agreements are only
crime. These efforts were spearheaded by North summarized briefly. When documents or recommen-
American and European nations in the past, but, in dations are referenced by name, the financial crime
recent years, many developing nations have played professional should consult these sources. Links are
a significant role. provided throughout the chapter and in the Appendix.
Developing consensus around best practices in

financial crime control has not been limited to the UNITED NATIONS
public sector. Private sector groups, particularly in The United Nations is the most visible international
banking and financial services sectors, are increas- body with 193 member nations. The nations act sim-
ingly active in setting international guidelines on ilarly to a global legislative body, voting on a wide
compliance, ranging from your customer proce- variety of policies and resolutions, which are then
dures to due diligence procedures for customers are supposed to be implemented by member coun-
and third parties. tries. Many measures enacted by the UN are not
legally binding, and are seen as mainly symbolic.
Most recently, nonprofit organizations and advo-
cacy groups have also established a major presence The UN can also propose multilateral treaties, known
on the international level. Groups such as Trans- as conventions, which bind member nations to adopt
parency International, Global Financial Integrity, legislative measures or regulatory policies to imple-
Human Rights Watch, and others have used lobby- ment them. While implementation often varies widely
ing and media campaigns to pressure governments, among UN member states, conventions can be pow-
financial institutions and other corporations to act erful tools to drive policy changes internationally.
on important financial crime issues ranging from
corruption and tax evasion to secrecy havens. One convention with significant effect in the finan-
cial crime field is the United Nations Convention
Taken together, there is a clear trend toward greater Against Corruption, which is discussed in the Global
international cooperation and coordination on Anti-Corruption chapter.
financial crime issues in the public and private sec-
tors. New initiatives such as the US Foreign Account Another important international agreement that
Tax Compliance Act of 2010 (FATCA) have acceler- originated with the UN is the United Nations Con-
ated this trend. Therefore, a financial crime special- vention Against Transnational Organized Crime.
ist should know the principal actors and standards This convention was adopted in 2000 and has been
in the international arena. ratified by more than 175 member nations. Generally,
it commits signatories to adopt laws and enforce-
There is no scarcity of international standards, con- ment mechanisms to combat human trafficking,
ventions and organizations that establish standards migrant smuggling and arms trafficking. Some of
of proper conduct in dealing with financial crime. the measures required by the convention include
The great limitation on their effectiveness is that money laundering and asset forfeiture laws to seize
277
criminal proceeds. Signatories to the convention The FATF’s stated purpose is to develop policies to
are monitored for compliance with the treaty’s pro- control and prevent money laundering and terrorist
visions by panels of UN-appointed experts under financing. Over the years, the FATF 40 Recommen-
the direction of the UN Office on Drugs and Crime. dations have been revised to reflect the changing
financial crime landscape. Before the most recent
The United Nations also issues sanctions against amendments in 2012, the FATF 40 Recommenda-
countries that are deemed to be violating interna- tions were revised in 1996, 2001 and 2003. After
tional principles. The sanctions impose prohibitions the terrorist attacks of September 11, 2001, (9/11)
on commerce and financial transactions with the the FATF issued nine special recommendations
sanctioned countries. aimed at the financing of terrorism.
UN sanctions originate with the UN Security Coun- In early 2012, the FATF took its biggest step away
cil and commit UN member states that adopt them from a strict focus on money laundering. It began to
to comply with the limitations on trade and transac- emphasize the importance of targeting corruption
tions. These sanctions are similar to those imposed and tax evasion, which are intertwined with money
by the US Treasury Department’s Office of Foreign laundering. Thus, the FATF’s recommendations
Assets Control (OFAC) and other nations. They typ- seem to be taking the same route toward financial
ically include a list of sanctioned entities, agen- crime “convergence” that financial institutions and
cies or individuals. In the case of sanctions limit- government agencies around the world are pursu-
ing financial transactions, they usually require the ing. (See Appendix for the FATF 40 Recommenda-
blocking of transactions to or from the sanctioned tions of 2012.)
entity and the placing of the funds in an inter-
est-bearing account. They do not require countries As of early 2018, The FATF had 37 members, con-
to detain or arrest persons or entities that are listed sisting of 35 jurisdictions and two regional organi-
in sanctions lists. zations (the Gulf Cooperation Council and the Euro-
pean Commission).
UN sanctions are sometimes used to deter coun-
tries from taking aggressive military action against The FATF also has a global network of so-called
other countries, or to punish countries that do so. FATF-Style Regional Bodies (FSRBs) that follow
their own, albeit compatible, programs and policies.
These bodies promote implementation of the FATF
FINANCIAL ACTION TASK FORCE 40 Recommendations by their members and advise
The Financial Action Task Force, or FATF, was formed FATF on regional issues and conditions. There are
in 1989 by the G-7 nations, which then were Can- eight regional FSRBs.
ada, France, Germany, Italy, Japan, United Kingdom
and the US. Since then, the FATF has evolved into The FATF is strictly a policy-making body without
the principal standard-setter of global anti-money enforcement authority. To drive implementation of
laundering controls and policies for nations, finan- its policies and recommendations, the FATF orga-
cial institutions and other private sector organiza- nizes programs of mutual assessments of nations.
tions. The first formal action of the FATF in April In an FATF mutual assessment, a nation submits to
1990 was to promulgate the “40 Recommenda- a review by teams of experts from other countries,
tions,” which recommend conduct by government who gauge the nation’s progress toward full imple-
agencies, financial institutions and other organiza- mentation of the 40 Recommendations.
tions to combat money laundering.
278
This assessment may lead to public exposure of To show their scope and the topics they cover, a list-
deficiencies in money laundering and financial ing of the recommendations follows:
crime policies and enforcement. This exposure and • Anti-money laundering and terrorist financing
the potential political embarrassment and public
1. Assessing risks and applying a risk-
outcry that may follow exerts pressure on nations
based approach
to comply with the FATF’s Recommendations.
2. National cooperation and coordination
Additionally, since 2000, the FATF has published a • Money Laundering and the confiscation of
so-called “blacklist” of nations that refuse to fol- associated proceeds and instrumentalities
low the FATF Recommendations or to comply with
3. Money laundering offense
its international standards on money laundering
and financial crime enforcement. The blacklist 4. Confiscation and provisional measures
proved to be so effective that all countries were • Terrorist financing and the financing of
removed by 2008, although the FATF still publishes proliferation
a semi-annual list of “high- risk and non-coopera- 5. SR-II [Special Recommendation on
tive” countries. terrorist financing II] related to the terrorist
financing offense
40 RECOMMENDATIONS OF THE
FINANCIAL ACTION TASK FORCE 6. SR-III [Special Recommendation on
terrorist financing III] addressing targeted
The 40 Recommendations can be found at the FATF financial sanctions related to terrorism and
website, www.fatf-gafi.org. They are listed in seven terrorist financing
broad categories and focus on policy measures for
7. Proliferation and related targeted
nations and best practices for financial crime con-
financial sanctions
trols at financial institutions and corporations.
8. Non-profit organizations
Although primarily focused on money laundering • Preventive measures
and terrorist financing, the FATF Recommenda- 9. Secrecy laws of financial institutions
tions have increasingly branched out to cover finan-
cial crime as a whole. The 2012 version of the rec- 10. Customer due diligence standards
ommendations, for example, included provisions 11. Record keeping requirements
directing countries to make tax crimes predicate 12. Politically exposed persons (PEP)
offenses for money laundering cases and calling for
13. Correspondent banking
enhanced scrutiny of politically-exposed persons
(PEPs) to combat corruption. 14. Money or value transfer services
15. Emerging or new technologies
The 40 Recommendations apply directly to compli-
16. Wire transfers
ance professionals. Many of the Recommendations
have been widely implemented as key elements of 17. Third parties and reliance on their data
compliance programs at financial institutions world- and reporting
wide. Because of their importance and broad accep- 18. Internal controls, foreign branches and
tance as a global anti-money laundering baseline, subsidiaries
financial crime specialists should read the full text 19. High risk jurisdictions
of the 40 Recommendations, available at http://
20. Suspicious transaction reporting
www.fatf-gafi.org/topics/fatfrecommendations.
21. Confidentiality and non-disclosure
279
22. Designated non-financial businesses and Cooperation and Development (OECD), has the
professions (DNFBPs) mission to promote policies that improve economic
23. Other measures related to DNFBPs and social conditions worldwide. The OECD was
created in September 1961 and presently has 34
• Transparency and beneficial ownership of legal
member nations.
persons and arrangements
24. Transparency and beneficial ownership of The OECD concentrates its efforts in four main areas:
legal persons
1. The restoration of confidence in markets and
25. Transparency and beneficial ownership of the institutions and companies that make
legal arrangements them function, including improved regulation
• Powers and responsibilities of competent and more effective governance at all levels of
authorities and other institutional measures political and business life
26. Regulation and supervision of financial 2. The restoration of public finance as a basis for
institutions future economic growth
27. Supervisory powers and authority 3. Support for new sources of growth through
innovation, environmentally friendly ‘green
28. DNFBP regulation and supervision growth’ strategies and development of
29. Financial Intelligence Units (FIU) emerging economies
30. Investigative authorities and law 4. To foster innovation and growth, ensuring
enforcement and their responsibilities that people of all ages develop the skills to
31. The powers of investigative authorities and work productively and satisfactorily in the
law enforcement jobs of tomorrow
32. Cash couriers The OECD has three components: Council, Commit-
tees and Secretariat. The Council is the overall deci-
33. Statistic gathering and reporting
sion maker and has at least one representative per
34. Guidance and feedback protocols member country and a representative of the Euro-
35. Sanctions pean Commission. The permanent representatives
of the Council meet frequently and decide by con-
• International cooperation
sensus. There are approximately 250 committees,
36. International instruments working groups and expert groups that discuss pro-
37. Mutual legal assistance grams and review progress on issues. The Secretar-
38. Freezing and confiscation pursuant to iat is located in Paris and consists of about 2,500
mutual legal assistance staff members, including financial specialists, law-
yers, scientists and other professionals. The Sec-
39. Extradition
retariat supports committees and completes tasks
40. Other forms of international cooperation based on priorities set by the OECD Council. The
OECD is funded by members countries based on
ORGANIZATION FOR a formula that takes into account the size of each
ECONOMIC COOPERATION AND member’s economy.
DEVELOPMENT (OECD)
The OECD may develop standards and models, rec-
One of the older and more influential intergov-
ommendations or guidelines. OECD publications
ernmental bodies, the Organization for Economic
play an important role in disseminating the OECD’s
280
programs and positions. Because of the OECD’s BASEL COMMITTEE AND

diverse focus, the standards it promotes apply in ITS GUIDANCE
a number of financial crime fields. One of the most
important is the OECD Anti-Bribery Convention, The Basel Committee is an international body con-
which contains provisions seeking enactment of sisting of senior representatives of central banks
laws to criminalize bribery of foreign public offi- and government banking regulatory agencies. Orig-
cials in international business transactions. It also inally intended as a forum to discuss bank supervi-
provides a host of related enforcement measures. sion issues when it was established by the Group
The Convention on Combating Bribery of Foreign Pub- of 10 countries in 1974, it has evolved into a body
lic Officials in International Business Transactions that sets international standards on banking super-
and Related Documents is discussed in the Global vision generally, including standards on financial
Anti-Corruption chapter, and a link is included in crime compliance.
the appendix.
One of the most important documents of the Basel
The OECD has also been active in building interna- Committee is the Basel III Accords, a comprehen-
tional cooperation on tax evasion and tax avoidance. sive set of measures designed to reinforce the reg-
In addition to helping create formal tax treaties, the ulation, supervision and risk management of the
OECD member countries have used the organiza- banking sector. Although it is an important docu-
tion as a forum for increased cooperation for the ment for the financial sector, its recommendations
exchange of tax information among countries. In do not directly touch financial crime and is not
April 2013, the OECD called for member states to addressed in detail here.
implement a system of automatic exchange of finan-
CUSTOMER DUE DILIGENCE FOR BANKS
cial account information for tax purposes, similar to
the model established by the US Foreign Account The Basel Committee publication, Customer Due
Tax Compliance Act. This later became the Common Diligence for Banks, is another significant guide-
Reporting Standard. line, particularly for compliance officers. It provides
guidance on the elements and implementation of
To help execute the provisions of its conventions, customer due diligence programs for banks and
the OECD organizes Working Groups, composed of explains key elements of a “know your customer”
experts from member nations. The Working Groups policy, including policies for accepting custom-
collect information from OECD members on how ers, identifying customers, ongoing monitoring of
they are implementing the policies of the conven- accounts and transactions and risk management.
tions and issues reports on the progress of member It also discusses the key role of supervisors and
states, similar to the FATF mutual evaluation pro- managers in the KYC process and best practices for
cess. The Working Group on Bribery, for example, implementing KYC across national borders.
oversees implementation of the OECD Anti-Brib-
ery Convention. The Customer Due Diligence standards range from
the general, such as recommending that due dil-
The Working Groups, as well as other OECD groups igence is proportionate to the customer risk, to
such as the CleanBizGov Initiative, promote greater the much more specific. For example, the stand-
public and private sector transparency, issue ards recommend that a customer’s first payment
reports and publications that are useful for finan- through an account in the customer’s name with
cial crime specialists. All are available on the OECD another institution should be subject to similar cus-
website at http://www.oecd.org. tomer due diligence standards.
281
In addition to financial institutions, the committee The EU’s governing bodies also agreed to a package
says customer due diligence principles should be of amendments and enhancements, known as the
developed for non-bank financial institutions and 5th Directive, that expanded corporate transpar-
mediators of financial services, such as account- ency through publicly accessible national registries.
ants and lawyers.
The Directives apply not only to the financial sec-
CONSOLIDATED KNOW YOUR CUSTOMER tor but also to lawyers and accountants, casinos,
(KYC) RISK MANAGEMENT estate agents, trust and company service providers
The Committee published the Consolidated KYC and high value dealers. All persons subject to the
Risk Management in October 2004, which includes Directive must be supervised for AML controls by a
guidelines for policies and procedures governing competent authority.
“know your customer” operations at banks. In a brief
nine pages, it provides a good high-level overview These are some of the other highlights of
of KYC processes and best practices. the Directives:
• Cover terrorist financing as well as
It also covers management and oversight of KYC money laundering.
programs, policies for customer identification and • Contain detailed customer due diligence
acceptance, and recommendations for transaction standards. In particular, it states that:
and account monitoring. In addition, it addresses
how institutions should have a global process for −− CDD is defined as including not just customer
KYC, shared among all branches and businesses identification and verification, but also
lines, as well as information-sharing across the establishment of the purpose and intended
entire business subject to privacy laws. nature of the business relationship and
ongoing monitoring
−− CDD applies to new and existing customers
EUROPEAN UNION DIRECTIVES ON
−− It requires identification of beneficial
MONEY LAUNDERING owners and verification of the beneficial
European Union Directives on Money Laundering owner’s identity.
are the key AML policy for EU member countries. −− It contains guidelines for simplified due
Directives specify the legal and regulatory frame- diligence for certain low risk situations, and
work that EU nations are required to implement requires enhanced due diligence in situations
concerning money laundering controls. Directives that present a higher money laundering or
imposes major compliance requirements on banks, terrorist financing risk – including non-face-
other financial institutions and gatekeepers that to-face business, ‘politically exposed persons’
operate in or do business in EU nations. and international correspondent banking
relationships.
In many respects, Directives mirror the FATF Rec-
ommendations. EU member states are allowed to • Recognize and reinforce the concept of a risk-
independently enact more stringent AML and finan- based approach to anti-money laundering.
cial crime policies than those specified in the Direc- Under the 4th Directive, the EU Commission and
tives. As of early 2018, EU authorities had imple- European supervisory authorities (ESAs) will
mented the 4th AML Directive, which aligned the conduct assessments of financial crime risks
EU’s AML regime with the revised 40 Recommen- and make them available to member states.
dations of the FATF released in 2012.
282
• Implement a system of corporate registries to The Group consists of Banco Santander, Bank of
capture the beneficial ownership information Tokyo-Mitsubishi UFJ, Barclays, Citigroup, Credit
of companies and other entities. Each EU state Suisse, Deutsche Bank, Goldman Sachs, HSBC, J.P.
is required to create or enhance a corporate Morgan Chase, Société Générale and UBS. It was
registry that includes the beneficial owners formed in 2000.
of companies and trusts. Beneficial owners of
corporations will be publicly available, while The Group publishes numerous documents called the
owners of trusts will be available to government Wolfsberg Standards that deal with various aspects
authorities, financial institutions and civil of banking. The Wolfsberg Standards cover a wide
society groups. array of topics from general subjects, such as AML
Apply a licensing-registration system for and terrorist financing, to more industry-specific
‘currency exchange offices’ as well as trust and guidance on prepaid cards, trade finance and corre-
company formation and other service providers spondent banking. They are a valuable resource for
that involve a “fit and proper test” for those who compliance professionals. The Wolfsberg Standards
direct or beneficially own these businesses. are available at https://www.wolfsberg-principles.
• As of the 5th Directive, include digital com/publications/wolfsberg-standards.
currency administrators and exchanges under
The Wolfsberg Anti-Money Laundering Principles for
institutions that are subject to AML regulations
Private Banking, along with its accompanying doc-
and reporting
uments on intermediaries and beneficial ownership,
• As of the 5th Directive, reduce the thresholds on are key guidance for financial institutions. The Prin-
anonymous pre-paid card transactions so that ciples were released in October 2000 and revised in
they can only be used for small transactions May 2002 and May 2012 (see Appendix).
• Require the EU Commission to issue a list of
jurisdictions with AML deficiencies, including Principles for Private Banking takes into account
jurisdictions with weak frameworks on certain recognized risks associated with private
beneficial ownership banking to prevent the use of a bank’s international
Require financial firms to apply customer operations for criminal purposes and to protect
due diligence and record-keeping standards the organization’s reputation. The Principles lay
to overseas branches and majority-owned out guidance on customer identity and verifica-
subsidiaries (unless it is not permitted tion of beneficial ownership, as well as how to treat
by local law) customers that arrive through intermediaries. For
example, the Principles state that in certain circum-
• Requires art dealers and professionals who
stances banks may rely on the intermediary to col-
provide “similar services” to accountants,
lect information and documents required for cus-
tax advisors or auditors to comply with
tomer due diligence.
AML regulations
The Principles cover situations that may warrant

WOLFSBERG GROUP enhanced due diligence, including customers
located in high-risk jurisdictions and PEPs. They
The Wolfsberg Group is a private-sector associa-
also provide direction on recommended actions
tion of eleven global financial institutions. It is a
to take when unusual or suspicious activities are
standard-setting organization that issues recom-
detected, as well as ongoing customer monitoring
mended policies and procedures for Know Your
and screening.
Customer, AML and terrorist financing in the finan-
cial services sector.
283
In addition to its Statements and Principles, the CONCLUSION

Wolfsberg Group also created the “International
While they may sometimes seem remote from a
Due Diligence Repository,” a database of due dili-
professional’s day-to-day duties, international stan-
gence information and documentation on financial
dards and agreements, as well as the organizations
institutions.
that develop them, are an essential element of the
financial crime field. Many standards contain guid-
According to the Wolfsberg Group, the Repository
ance on compliance and enforcement best prac-
includes information on each financial institution’s
tices that can be applied at financial institutions
license (and the licenses of their subsidiaries) and
and government agencies. Others raise awareness
copies of corporate governance documents, such as
of key policy or regulatory weaknesses that are not
company by-laws, Articles or Certificate of Incorpo-
being addressed in the public and private sectors.
ration, and Memorandum, Articles or Certificate of
Association.
Whatever their source and purpose, these stan-
dards serve as a reminder of the vast and complex
Other information that can be obtained from the
spectrum of financial crime. Preventing financial
Repository includes biographies of board members
crime is a global battle fought on many levels, which
and senior management of a financial institution,
extends from the smallest transaction at a local
annual reports and standard AML questionnaire
bank to the halls of the United Nations.
forms from financial institutions. The Repository
can be a valuable resource for other institutions
conducting due diligence, as well as investigators
and regulators attempting to assess a bank’s gover-
nance and AML program.
284
REFERENCES AND RESOURCES
CHAPTER 3: MONEY LAUNDERING Laundering the Proceeds of Corruption
http://www.fatf- gafi.org/media/fatf/documents/
AML CFT Measures and Financial Institutions
reports/Laundering%20the%20Proceeds%20of%20
http://www.fatf-gafi.org
Corruption. pdf
FATF provides support to countries and their financial Created to better understand corruption, its mecha-
institutions in designing AML/CFT measures that meet nisms and vulnerabilities, through an AML/CFT lens.
the national goal of financial inclusion, without com-
promising the measures that exist for the purpose of Money Laundering Risks Arising from Trafficking in
combating crime. Human Beings and Smuggling of Migrants
http://www.fatf- gafi.org/topics/methodsandtrends/
Deterring and Detecting Money Laundering and Ter- documents/moneylaunderingrisksarisingfromtraffick-
rorist Financing ingofhu manbeingsandsmugglingofmigrants.html
http://www.osfi-bsif.gc.ca Examines the nature of criminals turning to traffick-
OSFI intends this guidance to help reduce the suscepti- ing in human beings and the smuggling of migrants
bility of financial institutions to being used by individu- to a greater extent, as these crimes are seen as
als or organizations to launder funds and fight terrorist highly profitable.
financing, thereby reducing their exposure to damage
to their reputation, a key asset in the financial ser- Money Laundering Awareness Handbook for Tax
vices industry. Examiners and Tax Auditors
http://www.oecd.org/corruption/crime
FATF Typologies Raises the awareness level of tax examiners and audi-
http://www.fatf-gafi.org tors about money laundering. It provides guidance in
Search the FATF website for specific typologies. identifying money laundering during the conduct of
normal tax audits.
FFIEC Examination Material (2010 or most recent)
http://www.ffiec.gov/bsa_aml_infobase/pages_man- Money Laundering Cycle
ual/manual_print.htm http://www.unodc.org/unodc/en/money-laundering/
laundrycycle.html
The current examination manual used by US regulators
to determine if US institutions are compliant with AML, UNODC describes the money laundering cycle.
CTF and other financial crime compliance laws.
Money Laundering Control and Suppression of
Initiatives by the BCBS, IAIS and IOSCO to Combat Financing of Terrorism
Money Laundering and the Financing of Terrorism http://www.ecosocdoc.be/static/module/bibliography-
http://www.bis.org/publ/joint11.htm Document/document/001/405.pdf
Focuses on recent guidance for addressing the vulner- Some thoughts on the impact of customer due diligence
abilities identified in the earlier report and ongoing and measures on financial exclusion.
future work.
285
APPENDIX A • REFERENCES AND RESOURCES
Money Laundering Using Trust and Company Ser- Fraud Prevention Best Practices
vice Providers http://www.freddiemac.com/singlefamily/pdf/fraud-
http://www.fatf-gafi.org prevention_practices.pdf
Evaluates the effectiveness of the practical implemen- Detailed explanation of best practices for fraud preven-
tation of the Financial Action Task Force Forty Recom- tion by Freddie Mac, a US federal housing agency.
mendations and Nine Special Recommendations (the
FATF 40 + 9 Recommendations) as they relate to Trust Fraudulent Transfer Claims and Defenses In
and Company Service Providers. Ponzi Schemes
http://www.dgdk.com/tasks/sites/dgdk/assets/image/
Operational Issues Financial Investigations Guidance AIRAFraudulentTransferFinal2.pdf
http://www.fatf-gafi.org/media/fatf/documents/ These materials outline issues arising from fraudulent
reports/Operational%20Issues_Financial%20investi- transfer claims brought by trustees against inves-
gations%20 Guidance.pdf tors and salespeople and the defenses which can be
Guidance created by FATF. In this revision, empha- asserted to those claims.
sis was given to the operational anti-money laun-
dering/countering the financing of terrorism (AML/ Identity Theft Red Flags
CFT) framework. http://www.ftc.gov/os/2009/06/090611redflagsfaq.pdf
Frequently asked questions about the Identity Theft
Specific Risk Factors in Laundering the Proceeds Red Flags rules.
of Corruption
http://www.fatf- gafi.org/media/fatf/documents/
Audit Standard #5
reports/Specific%20Risk%20Factors%20in%20
http://pcaobus.org/standards/auditing/pages/audit-
the%20Launderin g%20of%20Proceeds%20of%20
ing_standard_5.aspx#testingcontrol
Corruption.pdf
Lists how an auditor should test for effective controls in
Discusses the interrelationship between corruption and
an institution.
money laundering, discovers the most common meth-
ods used to launder the proceeds of corruption, and
Statements on Auditing Standards #99 Consideration
highlights the vulnerabilities leading to an increased
of Fraud in a Financial Statement Audit
risk of corruption-related money laundering.
http://www.aicpa.org/Research/Standards/AuditAt-
test/DownloadableDocuments/AU- 00316.pdf
CHAPTER 4: UNDERSTANDING AND
Explains the elements of an effective auditing process
PREVENTING FRAUD
and focuses on detection of fraud.
FBI Annual Reports on Mortgage Fraud
http://www.fbi.gov/about-us/investigate/white_ The President’s Identity Theft Task Force: Combating
collar/mortgage-fraud/mortgage_fraud Identity Theft a Strategic Plan, 2007
http://www.identitytheft.gov/reports/Stra-
Reports that provide statistics on mortgage fraud. tegicPlan.pdf
Task force report that reveals the three stages in Iden-
FBI warns of various fraud types tity Theft and discusses how to prevent crimes of fraud
http://www.fbi.gov/scams-safety/fraud by identity theft with each stage.
This website defines several types of fraud of which
private citizens should be aware.
286
CHAPTER 5: GLOBAL ANTI-CORRUPTION Exporting Corruption? Country Enforcement of the

OECD Anti-Bribery Convention Progress Report 2012
Arab Convention to Fight Corruption
http://www.transparency.org/whatwedo/pub/export-
http://www.uncaccoalition.org/learn-more/arti-
ing_corruption_country_enforcement_of_the_oecd_
cles-archive/123-a-glance-to-the-arab- conven-
anti_bribery_convention
tion-to-fight-corruption
The eighth annual progress report on OECD Convention
Online article which summarizes the Arab Conven-
enforcement by Transparency International (TI), the
tion to Fight Corruption signed by the League of global coalition against corruption.
Arab States on 21 Dec 2010 by 21 Arab countries
except Somalia. Money, Politics, Power: Corruptions Risks in Europe
http://www.transparency.org/whatwedo/pub/money_
Boosting Integrity, Fighting Corruption politics_and_power_corruption_risks_in_europe
http://www.oecd.org/daf/anti-bribery
This report brings together the findings of 25
Describes the multiple domains where the OECD is National Integrity System assessments carried out
engaged in fighting corruption and boosting integrity. across Europe.
It relates how the CleanGovBiz initiative is drawing
together for the first time these anti-corruption tools OECD Fights Corruption Synopsis
under a single umbrella. http://www.oecd.org/corruption
OECD is the leading source of anti-corruption tools and
Bribe Payers Index 2011
expertise in areas such as international business, taxa-
http://www.transparency.org/whatwedo/pub/bpi_2011
tion, governance, export credits and development aid.
Examines different types of bribery across sectors
including, for the first time, bribery among companies The OECD targets Switzerland about its Financial
(‘private-to-private’ bribery). Transparency
http://en.actu-cci.com/finance-banking/11897-
Corruption Perceptions Index the-oecd-targets-switzerland-about-its- finan-
https://www.transparency.org/research/cpi/overview cial-transparency
The Corruption Perceptions Index ranks countries Online article on Switzerland about its financial
according to their perceived levels of public- sec- transparency.
tor corruption.
OECD Working Group on Bribery
Convention on Combating Bribery of Foreign Public http://www.oecd.org/ctp/taxandcrime/oecdworking-
Officials in International Business Transactions grouponbribery-annualreport.htm
http://www.oecd.org/daf/anti-bribery/oecdantibribery-
Annual report which monitors the implementation of
convention.htm
the OECD Convention on Combating Bribery of Foreign
Contains the official text and commentaries of the 1997 Public Officials in International Business Transactions.
Convention, the 2009 Recommendation of the Council
for Further Combating Bribery, the 2009 Recommen- Politically Exposed Persons
dation on the Tax Deductibility of Bribes to Foreign http://www1.worldbank.org/finance/star_site/publica-
Public Officials. tions/politically_exposed.html
Designed to help banks and regulatory authorities
European Union Treaty
address the risks posed by Politically Exposed Persons
http://www.consilium.europa.eu/uedocs/cmsUpload/
(PEPs) and prevent corrupt PEPs from using domestic
treatychap5.pdf
and international financial systems to launder the pro-
Text of the treaty of the European Union, espe- ceeds of corruption.
cially Article 11.
287
The Puppet Masters United Nations Convention Against Corruption

http://www1.worldbank.org/finance/star_site/publica- http://www.unodc.org/unodc/en/treaties/CAC
tions/Puppet-Masters.html Introduces a comprehensive set of standards, mea-
Using cases, interviews with investigators, corporate sures and rules that all countries can apply in order to
registries, financial institutions and case studies, the strengthen their defenses against the most prevalent
book puts forward policy recommendations to guide forms of corruption.
national legislation and regulations, as well as interna-
tional standard setters, on issues of public corruption CHAPTER 6: TAX EVASION
and beneficial ownership. AND ENFORCEMENT
FATCA Model 1A
Putting Corruption Out of Business
http://www.treasury.gov/resource-center/tax-pol-
http://www.transparency.org/news/feature/putting_
icy/treaties/Documents/FATCA-Reciprocal-Mod-
corruption_out_of_business
el-1A-Agreement-Preexisting-TIEA-or-DTC-11-4-13.pdf
Online results of a survey on the way business people
Template of FATCA Model 1A Agreement.
perceive corruption in their work.
FATCA Model 1B
Recommendation of the Council for Further Combat-
http://www.treasury.gov/resource-center/tax-policy/
ing Bribery of Foreign Public Officials in International
treaties/Documents/FATCA-Nonreciprocal-Mod-
Business Transactions
el-1B-Agreement-Preexisting-TIEA-or-DTC-11-4-13.pdf
http://www.oecd.org/daf/anti-bribery/oecdantibribery-
convention.htm Template of FATCA Model 1B Agreement.
The Recommendation was adopted by the OECD in
order to enhance the ability of the 39 States Parties FATCA Model 2
to the Anti-Bribery Convention to prevent, detect and http://www.treasury.gov/resource-center/tax-policy/
investigate allegations of foreign bribery and includes treaties/Documents/FATCA-Model-2-Agreement-Pre-
the Good Practice Guidance on Internal Controls, Ethics existing-TIEA-or-DTC-11-4-13.pdf
and Compliance. Template of FATCA Model 2 Agreement.
Transparency in Corporate Reporting: Assessing the FATCA User Guide

World’s Largest Companies https://www.irs.gov/pub/irs-utl/froug.pdf
http://www.transparency.org/whatwedo/pub/transpar- A 75-page guide created by the US Internal Revenue
ency_in_corporate_reporting_assessing_the_worlds_ Service that covers FATCA’s purpose, regulations, and
largest_companies steps needed to comply. The guide is primarily intended
Reading material on corruption and bribery from Trans- for non-US institutions with FATCA compliance
parency International. This study analyzes the trans- obligations.
parency of corporate reporting on a range of anti-cor-
ruption measures among the 105 largest publicly listed OECD Tax Transparency Report on Progress 2016
multinational companies. https://www.oecd.org/tax/transparency/GF-annual-re-
port-2016.pdf
UK Bribery Act This 2016 Report on Progress publication describes
http://www.legislation.gov.uk/ the progress made since the OECD’s Global Forum
ukpga/2010/23/contents on Transparency launched its peer review mecha-
The original text of the 2010 UK Bribery Act. nism in 2010.
288
CHAPTER 7: ASSET RECOVERY FATF Guidance for Financial Institutions for Detecting
Terrorist Financing
Asset Recovery Handbook
http://www.fatf- gafi.org/media/fatf/documents/Guid-
https://star.worldbank.org/star/sites/star/files/asset_
ance%20for%20financial%20institutions%20in%20
recovery_handbook_0.pdf 
detectin g%20terrorist%20financing.pdf
Describes approaches to recovering proceeds of cor-
Detailed report on how to detect terrorist financing.
ruption located in foreign jurisdictions; identifies the
difficulties that practitioners are likely to encounter;
suggests strategic and tactical options to address the Tracing Stolen Assets
challenges; and introduces good practices. http://www.baselgovernance.org/fileadmin/docs/pub-
lications/books/asset-tracing_web- version.pdf
Barriers to Asset Recovery A guide published by the Basel Institute on Governance
https://star.worldbank.org/star/sites/star/files/Barri- that explains how to trace stolen assets.
ers%20to%20Asset%20Recovery.pdf
Recommends the implementation of new policies and Investigative Dashboard
operational procedures to foster trust and mentor other http://www.datatracker.org/category/wwd/elastic-list
jurisdictions; legislative reforms to facilitate freezing Investigative Dashboard includes several databases
and confiscation of stolen assets; and better application that allow collaboration and data-sharing between
of existing anti-money laundering measures. investigative reporters across the world.
Stolen Asset Recovery Initiative Non-Conviction SAR Electronic Filing

Based Asset Forfeiture http://treas.yorkcast.com/webcast/viewer/?pe-
http://www1.worldbank.org/finance/star_site/publica- id=a93e7d2b1a07427a93b0cf2e764a57421d
tions/non_conviction.html FinCEN Webinar explaining the new electronic SAR,
Identifies the key concepts—legal, operational, and mandatory as of April 1, 2013.
practical—that a Non-Conviction Based asset forfeiture
system should encompass to be effective in recovering Terrorist Finance Tracking Program
stolen assets. http://www.treasury.gov/resource-center/ter-
rorist-illicit-finance/Terrorist-Finance- Tracking/
Tracing Stolen Assets Pages/tftp.aspx
http://www.baselgovernance.org/fileadmin/docs/pub- This website provides a description of the Department
lications/books/asset-tracing_web- version.pdf of Treasury’s Terrorist Finance Tracking Program, along
A guide published by the Basel Institute on Governance with details about the Program’s actions and addi-
that explains how to trace stolen assets. tional resources.
World Bank Stolen Asset Recovery Initiative CHAPTER 9: INTERPRETING

http://star.worldbank.org/star FINANCIAL DOCUMENTS
Reports about politically exposed persons, asset recov- Federal Accounting Standards Advisory Board
ery and corruption. http://www.fasab.gov/accounting-standards/authorita-
tive-source-of-gaap
CHAPTER 8: FINANCIAL CRIME A US government agency that provides guidance on
INVESTIGATIONS accounting standards. Primarily applies to generally
FATF Typologies accepted accounting principles in the US.
http://www.fatf-gafi.org
Search the FATF website for specific typologies. International Financial Reporting Stan-
dards Foundation
http://www.ifrs.org
289
Provides guidance on the International Financial Provides an overview and lists of OFAC sanctions
Reporting Standards, a global system of accounting and related to individual terrorists, designated terrorist
bookkeeping principles that is gradually gaining wider organizations, and affiliated businesses, nonprofits and
international acceptance. legal entities.
CHAPTER 10: MONEY AND Non-Proliferation Sanctions

COMMODITIES FLOWS http://www.state.gov/t/isn/c15231.htm
International Organization of Securities Commissions Provides general information about the three distinct
http://www.iosco.org sanctions programs designed to combat the prolifera-
tion of weapons of mass destruction.
Reports on money laundering, risk assessment, finan-
cial crime, due diligence or ethical standards.
Transnational Criminal Organizations
http://www.treasury.gov/resource-center/sanctions/
Report on Funds of Hedge Funds programs/pages/tco.aspx
http://www.iosco.org/library/pubdocs/pdf/
IOSCOPD276.pdf Overview of the sanctions against Transnational Crimi-
nal Organizations.
Examines the existing regulations of funds of hedge
funds in various TC Standing Committee on Investment
FFIEC Examination Material (2010 or most recent)
Management member jurisdictions, and identifies with
http://www.ffiec.gov/bsa_aml_infobase/pages_man-
the help of industry representatives, present issues of
ual/manual_print.htm
concern to regulators in this area.
The examination manual of the US FFIEC, a inter-agency
Virtual Currency Schemes group of banking and financial regulators. Outlines
http://www.ecb.int/pub/pdf/other/virtualcurrency- regulatory expectations on financial crime compliance
schemes201210en.pdf programs at US institutions.
A 2012 publication by the European Central Bank on

Financial Crimes Enforcement Network’s Customer
virtual currency schemes.
Due Diligence Requirements for Financial Institutions
https://www.federalregister.gov/docu-
Virtual Currencies: Key Definitions and Potential ments/2016/05/11/2016-10567/customer-due-dili-
AML/CTF Risks gence-requirements-for-financial-institutions
http://www.fatf-gafi.org/publications/method-
sandtrends/documents/virtual-currency-defini- Published by the US FinCEN, this is a customer due dil-
tions-aml-cft-risk.html igence (CDD) regulation that codifies, clarifies, consoli-
dates, and strengthens existing CDD regulatory require-
A 2014 publication by the FATF examining the virtual ments and supervisory expectations. It also establishes
currency landscape and summarizing their financial a categorical requirement for financial institutions to
crime risks. identify beneficial ownership of their accountholders,
subject to risk-based verification.
CHAPTER 11: COMPLIANCE PROGRAMS
OFAC Counter Narcotics Trafficking Sanctions Basel III Global Framework
http://www.treasury.gov/resource-center/sanctions/ http://www.bis.org/bcbs/basel3.htm
Programs/Pages/narco.aspx Reading material on the Basel III Accords. Presents the
Provides an overview and lists of OFAC sanctions Basel Committee’s reforms to strengthen global capital
related to narcotic traffickers and drug kingpins. and liquidity regulations with the goal of promoting a
more resilient banking sector.
Counter Terrorism Sanctions
http://www.treasury.gov/resource-center/sanctions/
Programs/Pages/terror.aspx
290
High Risk and Non-Cooperative Jurisdictions UK Data Protection Act

http://www.fatf-gafi.org/topics/high-riskandnon-coop- http://www.legislation.gov.uk/
erativejurisdictions ukpga/1998/29/contents
Discusses high risk and non-cooperative jurisdictions The Act implements new regulations on the process-
and the way FATF deals with said jurisdictions. ing of information relating to individuals, including the
obtaining, holding, use or disclosure of such information.
Basel Institute for Governance AML Index
http://www.baselgovernance.org/gov/aml/project-de- The Impact on US Discovery of EU Data Protection
tails/article/the-basel-aml- index/?tx_ttnews%5B- and Discovery Blocking Statutes
backPid%5D=335&cHash=df11b5a634 http://www.hugheshubbard.com/PublicationDocu-
AML Risk Index that assesses countries’ risk levels ments/Data%20Protection%20in%20the%20 EU%20
regarding money laundering/terrorist financing. and%20Its%20Impact%20on%20US%20Discovery.pdf
Document provides an overview of the EU Directive
Office of Foreign Assets Control Sanction Programs and discovery blocking statutes, explains their critical
http://www.treasury.gov/resource-center/sanctions/ value on US discovery, and identifies, by country, the
Pages/default.aspx applicable data privacy statute, blocking statutes and
recent case law.
International Center for Political Violence and Terror-
ism Research Response Series Executive Order Improving Critical Infrastructure
http://www.pvtr.org/pdf/Financial%20Response/Ter- Cyber Security
rorist-Financing.pdf http://www.whitehouse.gov/the-press-of-
fice/2013/02/12/executive-order-improving-critical-
Summary of expectations of regulators and enforce-
infrastructure-cybersecurity
ment from banks on counter-terrorist financing and a
discussion of CFT requirements. President Barack Obama’s Executive Order on Cyber
Security that mandates increased sharing of infor-
Wolfsberg Group Private Banking Principles mation about cyber threats and attacks between
http://www.wolfsberg-principles.com/pdf/Wolfs- private financial institutions and regulating govern-
berg-Private-Banking-Prinicples-May-2012.pdf ment agencies.
The objectives of these principles are to prevent the use
Cybersecurity Strategy of the European Union: An
of the bank’s worldwide operations for criminal pur-
Open, Safe and Secure Cyberspace
poses and to protect the firm’s reputation in a private
http://eeas.europa.eu/policies/eu-cyber-security/cyb-
banking context.
sec_comm_en.pdf
CHAPTER 12: Text of the European Union’s Cyber Security strategy,

enacted in 2013.
CYBERSECURITY AND PRIVACY
FFIEC Authentication Guidance 2011
CHAPTER 13: ETHICS
http://www.ffiec.gov
American Bar Association Code of Professional
Includes the original guidance and supplements. Rein-
Responsibility
forces the 2005 Guidance’s risk management frame-
http://www.americanbar.org/groups/professional_
work on customer identification and updates the Agen-
responsibility/publications/model_rules_of_profes-
cies’ expectations regarding customer authentication,
sional_conduct.html
layered security or other controls in the increasingly
hostile online environment. The code of ethical conduct for the American Bar Asso-
ciation, a member organization of lawyers and legal
professionals, and one of the largest bar associations in
the world. Although its provisions apply most directly to
lawyers, it also covers conflicts of interest.
291
Model Code of Ethics United Nations Security Council Sanctions

http://www.iosco.org/library/pubdocs/pdf/ http://www.un.org/sc/committees/list_compend.shtml
IOSCOPD217.pdf Provides more information on the countries and orga-
Provides the collective views on ethics of the self-regu- nizations targeted for sanctions by the United Nations
latory organizations that make up the Securities Com- Security Council. Also provides lists of sanctioned coun-
missions SRO Consultative Committee. tries and entities.
CHAPTER 14: INTERNATIONAL 4th European Union Directive on Money Laundering

AGREEMENTS AND STANDARDS http://eur-lex.europa.eu/legal-content/EN/TXT/
PDF/?uri=OJ:JOL_2015_141_R_0003&from=ES
United Nations Office on Drugs and Crime
http://www.unodc.org The key AML policy for EU member countries, the Direc-
tive lays out the legal and regulatory framework that
The Department of the UN that oversees a variety of EU nations are required to implement regarding money
financial crime-related initiatives and treaties, includ- laundering controls.
ing the Convention Against Corruption. Also includes
relevant links, research and news related to the UNDOC
Basel III Global Framework
projects and initiatives.
http://www.bis.org/bcbs/basel3.htm
United Nations Convention Against Corruption Reading material on the Basel III Accords. Presents the
http://www.unodc.org/unodc/en/treaties/CAC Basel Committee’s reforms to strengthen global capital
and liquidity regulations with the goal of promoting a
The full text and related materials on the UN Conven- more resilient banking sector.
tion Against Corruption, an international anti-corrup-
tion treaty adopted by more than 140 jurisdictions.
Basel Committee Customer Due Diligence for Banks
http://www.bis.org/publ/bcbs85.htm
FATF 40 Recommendations
http://www.fatf-gafi.org/topics/fatfrecommendations Provides the Basel Committee’s recommendations for
developing and implementing a customer due diligence
Lays out best practices and policy recommendations for program at banks.
governments, as well as financial institutions and other
private-sector entities, on developing and implement-
Basel Committee Consolidated KYC Risk Management
ing anti-money laundering legal structures, procedures
http://www.bis.org/publ/bcbs101.htm
and processes. Recognized as a global benchmark for
AML and CTF practices. Provides the Basel Committee’s recommendations for
KYC procedures and best practices, including assessing
FATF High Risk and Non-Cooperative Jurisdictions the risk of customers.
http://www.fatf-gafi.org/topics/high-riskandnon-coop-
erativejurisdictions Basel Institute for Governance AML Index
http://www.baselgovernance.org/gov/aml/project-de-
Discusses high risk and non-cooperative jurisdictions
tails/article/the-basel-aml- index/?tx_ttnews%5B-
and the way FATF deals with said jurisdictions.
backPid%5D=335&cHash=df11b5a634
Wolfsberg Standards AML Risk Index that assesses countries’ risk levels
http://www.wolfsberg-principles.com/standards.html regarding money laundering/terrorist financing.
The Wolfsberg Standards are best practices produced

by a private-sector association of major financial
institutions. They cover a wide array of topics, from
general subjects such as AML and terrorist financing to
more industry specific guidance on prepaid cards, trade
finance and correspondent banking.
292
ANSWERS TO PRACTICE QUESTIONS
CHAPTER 3 – MONEY LAUNDERING:
Q 3-1. Chuck Smith conducted a Ponzi scheme by luring innocent domestic investors to invest. He claimed they
would get a steady stream of payments over time and would receive a handsome return on their investments.
The transaction worked as follows:
• All investors reside in Smith’s country and wired money to Smith in order to make an investment in reliance on his
representations, which later turned out to be false.
• Smith next moved the funds to an offshore bank account.
• Smith then transferred some of the funds from new investors to previous investors claiming it was money generated
by their investment.
• Smith used the remaining funds to purchase cars and other luxury gifts to create the appearance that he
was successful.
The underlying criminal activity in this case was wire fraud. At which point did money laundering FIRST take place?
A. When the investor wired money to Smith in reliance on his false representations
B. When Smith transferred some of the funds from new investors to previous investors claiming it was money gener-
ated by their investment
C. When Smith used the remaining funds to purchase cars and other luxury gifts to create the appearance that he
was successful
 D. When Smith wired funds to the offshore bank account
Answer A is incorrect because the investors’ funds could not be considered proceeds of illegal activity until
they were in the possession of the Ponzi schemer. The transaction was therefore not an act of money laundering,
although it could be considered a “specified unlawful activity.”
Answer B is incorrect because the question asks for the first instance money laundering took place. Although
this could be considered money laundering, it is not the first occurrence.
Answer C is incorrect for the same reason as Answer B.
Answer D is correct because this is the first instance where Smith had obtained the proceeds of a criminal activ-
ity and was conducting a transaction with them. It is the most appropriate first instance of money laundering in
this scenario.
293
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
Q 3-2. A compliance officer at a major insurance company has recently noticed a pattern of potentially suspi-
cious transactions from a long-time customer. The customer is employed in a consulting position that requires
her to travel internationally on an unpredictable schedule and she often resides overseas for extended peri-
ods. The customer has several properties insured with the company for large amounts. In the past three years,
she has overpaid her premiums numerous times and then requested a refund be issued. Concerned that the
customer may be laundering funds through the overpayment of premiums, the officer is investigating the
transactions.
Which fact would BEST indicate money laundering may be taking place?
A. The customer often requests that refunds be made by wire transfer to banks outside of the country.
B. The customer makes the overpayments at different times of the year and in varying amounts.
C. The customer has recently taken out a sizeable new insurance policy on a commercial property with your company.
 D. The customer has requested that refunds on excess premiums be made to an attorney.Q 3-3. A financial institution
holds an account for a charitable organization whose stated mission is to promote literacy in the local community. The
charity derives most of its financial backing from periodic fundraising drives that take in hundreds of small donations
from individual donors.
Answer A is incorrect because it cannot be considered unusual activity due to her customer profile. In the sce-
nario, we state “The customer is employed in a consulting position that requires her to travel internationally on an
unpredictable schedule and she often resides overseas for extended periods.” As such, requesting wire transfers
to banks outside her country would not be out of the ordinary for this customer.
Answer B is incorrect because the nature of the overpayments actually matches the customer profile. The fact
that she travels on an “unpredictable schedule” supports the fact that the activity is happening at different times
of the year. Also, the fact that she “has several properties insured with the company for large amounts” contribu-
tes to the fact that the overpayments are in different amounts.
Answer C is incorrect because it is largely irrelevant to the scenario, and the fact that she already has several
large policies with the company makes it consistent with her profile.
Answer D is correct because it incorporates a classic red flag of money laundering, in that the refunds of the
overpayment of premiums are being sent to a third party.
294
Q 3-3. A financial institution holds an account for a charitable organization whose stated mission is to pro-
mote literacy in the local community. The charity derives most of its financial backing from periodic fundraising
drives that take in hundreds of small donations from individual donors.
Recently, the institution conducted a due diligence investigation and noticed anomalous activity in the charity’s account.
Which of these is a red flag for potential terrorist financing?
A. The charity recently purchased a large insurance policy which does not have a surrender clause and cannot be used
as collateral.
B. The charity has no long-term leasing agreement on a physical property in a nearby town.
 C. The transaction history indicates a pattern of wire transfers to countries with no previous connection to the cha-
rity’s activities.
D. The transaction history for the charity shows a large number of small cash deposits.
Answer A is incorrect. It would not be uncommon for an insurance policy to lack a surrender clause and colla-
teral. Those features actually increase the risk that an insurance policy could be used in a financial crime scheme.
Answer B is incorrect. A lack of long-term lease is not generally indicative of terrorist financing or other finan-
cial crime, is not the best choice of the options given here.
Answer C is correct. Wire transfers to other countries outside of an entity’s operation are an indicator of poten-
tial terrorist financing, especially in the case of non-profits and charities.
Answer D is incorrect. As the scenario states, the charity obtains its funding from drives that take in hundreds
of small donations. This would be consistent with the deposit activity indicated here.
295
Q 3-4. You are the chief anti-money laundering officer of a full-service bank, and you are designing a risk-
based customer acceptance program to determine the Terrorist Financing risks specific to not-for-profit (NFP)
organizations.
Which enhanced due diligence activity is most essential for these types of client relationships due to the elevated risk
that NFPs pose?
A. Monitor the financial activity in relation to the stated purpose and objectives of the entity.
B. Obtain a copy of the organization’s charter
 C. Establish who controls the organization and its financial activities down to a low threshold
D. For NFPs, customer acceptance requirements are the same as for any other customer
Answer A is incorrect. Conducting monitoring of transactions based on the expected activity and purpose of
account is a minimum requirement for any customer, and would not be considered enhanced due diligence in
response to higher risk.
Answer B is incorrect. Obtaining a charter or other formation documents would be a typical part of the custo-
mer onboarding process, and would not generally be considered enhanced due diligence.
Answer C is correct. Capturing ownership of NFPs, and going beyond the typical threshold to gain more tho-
rough understanding of the control structure and risks posed by an entity, is a key step for enhanced due diligence
Answer D is incorrect. According to best practices from the FATF and others, NFPs should generally be conside-
red as elevated above the standard risk, and require additional measures for customer due diligence.
296
CHAPTER 4 – UNDERSTANDING AND PREVENTING FRAUD:

Q 4-1. The CFO of a large public corporation sees that the company’s quarterly numbers are going to exceed
analysts’ expectations. Knowing the stock price will probably make a big jump when this news is released, he
makes several large open stock repurchases, which increases the intrinsic value of the tens of thousands of
shares he already owns.
He then mentions the earnings report to his wife, and she buys 1,000 shares of stock in her personal trading account. Her
broker, who knows that she is married to the CFO of this company, feels that she must know something, so he recom-
mends it to many of his clients who buy some very large blocks.
The quarterly numbers are released, and the stock makes a big move as expected. Which individual in this scenario has
committed insider trading?
A. The CFO
 B. The CFO’ wife
C. The wife’s stockbroker
D. The stockbroker’s clients
Answer A is incorrect due to the fact that while the CFO clearly had insider information, he did not execute
any trades or participate in any actions that personally benefitted him. The large stock repurchases would likely
indirectly benefit him since they reduce the liquidity in the marketplace and increase the intrinsic value of the
remaining outstanding stock, of which he owns a great deal. Therefore, any subsequent good news (like beating
analyst projections) would have a greater positive impact on the stock price. However, since this action benefits
ALL shareholders it cannot be considered insider trading.
Answer B is correct because the wife had insider knowledge and executed a trade that personally benefitted
her. While she did not hold an insider position, she still had the requisite insider knowledge to commit insider tra-
ding. Nowhere in the scenario does it say that the husband had knowledge of this action. If he did, he might be
considered in violation of insider trading rules as well. In real life, the CFO might be hard pressed to prove he had
no knowledge of this trade. In this scenario, choosing between answer A and B is clear due the fact the CFO’s wife
actually executed the trade, and there is no mention of the CFO having knowledge.
Answer C is incorrect due to the fact that the stockbroker did not have any insider knowledge. Since corporate
officers are required to report on their trades, following the actions of known insiders is common in the market-
place and not illegal.
Answer D is not correct because the clients are even further removed from insider knowledge.
297
CHAPTER 5 – GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT:

Q 5-1. You are a compliance analyst at a multinational financial institution that provides banking and invest-
ment services to large institutional customers. Your institution is currently seeking new business opportunities
providing services to universities, hospitals, and other institutions with potential ties to political officials and
government agencies. Your institution plans to expand into Norway, India, Botswana and Chile and has asked
you to assess the corruption risks of offering its services in each nation.
What is an accurate risk rating for these countries?
A. Providing investment and banking services in Norway poses the highest risk for corruption due to a history of brib-
ery by Norwegian state-owned oil companies.
 B. Providing services in India poses the highest risk for corruption due to the prevalence of state-owned entities and
Politically-Exposed Persons (PEPs).
C. Providing investment and banking services in Botswana poses the highest risk for corruption due to widespread
graft in government contracts.
D. Providing services in Chile poses the highest risk due to connections between the Chilean government and interna-
tional organized crime rings.
Answer A is incorrect, as while there have been some FCPA cases involving Norwegian state-owned oil com-
panies, Norway is still considered to be a highly transparent and compliant jurisdiction by international organi-
zations. This question relies on some knowledge of commonly-used standards and resources used to rate cor-
ruption and financial crime risks internationally, such as the Transparency International Corruption Perceptions
Index, Basel Committee AML Index, and FATF lists of high-risk and non-cooperative jurisdictions.
Answer B is correct as state-owned entities and public-private partnerships are very prevalent in India, and the
country has a history of corruption among public officials. India is generally considered a higher risk for corrup-
tion than the other nations listed here.
Answer C is incorrect, as while Africa is generally considered to be high-risk for corruption, Botswana is widely
recognized as a clean nation that has taken considerable efforts in recent years to combat corruption and ensure
transparent governance.
Answer D is incorrect and simply intended to distract the test-taker. While organized crime groups operate in
Chile like any other country, there is little to suggest they have close ties to government agencies within Chile.
298
Q 5-2. A pharmaceutical sales representative from Company X visits a hospital in the country of Rachmani-
stan in order to discuss the benefit of his company’s latest drug. The hospital’s chief of internal medicine, Dr. Y,
agrees to meet with him to learn more about the drug and suggests meeting over dinner at a local bistro. The
week after the dinner takes place, the sales rep sends Dr. Y a gift basket as a token of gratitude for taking the
time to speak with him. Company X is publicly traded in the United States and the healthcare industry in Rach-
manistan is entirely government-owned.
Which statement is NOT true?
A. Paying for Dr. Y’s dinner is permissible under the United States’ Foreign Corrupt Practices Act.
 B. Dr. Y is a medical professional and thus exempt from the United States Foreign Corrupt Practices Act.
C. Dr. Y can be considered a foreign public official under the United States Foreign Corrupt Practices Act because he
is a high-level employee at a government-owned entity.
D. Sending Dr. Y a gift basket is permissible under the United States Foreign Corrupt Practices Act.
Answer A is incorrect because taking someone to dinner, as long as it is not excessively extravagant, is permis-
sible. This is reinforced by the section of the scenario that says that they “had dinner at a local bistro,” rather than
a fancy restaurant.
Answer B is correct because Dr. Y is not exempt due to the fact that he is a medical professional. Medical pro-
fessionals can still be considered public officials under the FCPA, and there are no exemptions for product type
or profession.
Answer C is incorrect because he can, in fact, be considered a public official because he is a high-ranking
employee of a state-owned enterprise. The definition of public official is intentionally broad in this law to prevent
state owned business employees from leveraging their position to affect bribes.
Answer D is incorrect because sending a gift basket can be considered a ‘token gift’ under the FCPA. Token gifts
are an intentionally vague definition, but a simple gift basket would qualify. There is no indication that there were
any high value items, such as champagne or caviar, as a component of this gift basket.
299
CHAPTER 6 – TAX EVASION AND ENFORCEMENT:

Q 6-1. Your bank holds a business account for a local tax preparation service.
What would MOST likely trigger further investigation by the compliance department in the bank?
 A. Numerous deposits of tax refund checks in the names of different individuals but with common addresses
B. Multiple deposits of checks in the same amount written by different tax service customers
C. Variances in the frequency of transactions depending on the calendar cycle
D. A request by the customer to have payments made to the Tax Office through a certified check process
Answer A is the correct answer due to the fact that this is a classic red flag for tax fraud. Multiple tax refund
checks for different individuals going to the same address should set off warning alarms in nearly every jurisdiction.
Answer B is incorrect because this perfectly fits the customer’s profile. The deposit of checks from different tax
service customers is what you would expect as each customer paid their bill for the service. You would also expect
many of them to be in the same amount for a typical tax preparation service since the fee for tax preparation
would be the same for many customers.
Answer C is incorrect because, once again, this fits the customer profile. You would expect variances depending
on the calendar cycle as this is largely a seasonal business based on tax reporting deadlines.
Answer D is incorrect because there is no indication of tax fraud in this response. The customer is making pay-
ments to his jurisdiction’s tax authorities using a certified check, which is simply a check for which a bank has
confirmed sufficient funds exist to cover the amount of the check. This is not a viable means to commit tax fraud,
and would more likely indicate no fraud is taking place.
300
Q 6-2. A regional bank operates within a country that has a Model 1 agreement in place with the United States
to implement the Foreign Account Tax Compliance Act (FATCA). The institution already has a FATCA compli-
ance program in place, but recently, there have been media reports suggesting US tax evaders are using the
bank’s country as a haven for undisclosed assets.
The bank has some US accountholders, and is reviewing its FATCA compliance program in response to the news reports.
Which statement is true about this bank?
A. The bank must register and report US accountholders directly with the US Internal Revenue Service (IRS)
B. The bank must institute a 30% withholding on the accounts of its US customers
C. The bank must confirm that U.S. customers filed a Form 8938 with the IRS to disclose their accounts
 D. The bank is required to report certain details about US accountholders to its country’s tax authorities
Answer A is incorrect. As the scenario states, the bank is located in a country with a Model 1 agreement in place
to implement FATCA. Under the terms of a Model 1 agreement, institutions do not have to report information
directly to the IRS, they report to their country’s own tax authorities instead.
Answer B is incorrect. FATCA does not require institutions to impose the 30% withholding on US accounthold-
ers by default. The withholding is a penalty intended for accounts or institutions who refuse to cooperate with
FATCA requirements.
Answer C is incorrect. US persons with accounts in other countries are required to file Form 8938 with the IRS,
but this is an obligation of the taxpayer. Financial institutions are not required to ensure that taxpayers have filed
the required form.
Answer D is correct. Under FATCA and a Model 1 agreement, a bank would be required to report information on
US persons to its own tax authorities, who are then responsible for transmitting it to the IRS.
301
CHAPTER 7 – ASSET RECOVERY:

Q 7-1. In a Venezuela court case for fraud against individuals and companies around the world, documents have
been obtained that would be helpful in a related proceeding in Miami in the United States. Venezuela and the US
are parties to the Hague Evidence Convention on the Taking of Evidence Abroad in Civil or Commercial Matters.
No special laws exist in either jurisdiction for the evidence sought.
To ensure these documents are properly received in evidence in the US, which two are acceptable methods of requesting
such evidence?
 A. Letters Rogatory through the authority designed by Venezuela or other authority allowed by such law
B. Transmission of the discovery request to the target of discovery
 C. Transmission through a private party, such as an attorney, in Venezuela, if private law so provides
D. Issuance of subpoena duces tecum and scheduling of place and time for the party to make itself available
for examination
Answer A is correct because Letters Rogatory are a viable means to request information in a legal matter across
borders in a way that maximizes the likelihood that it can be used as evidence. From the study manual: “A Letter
Rogatory is a request from one judge to another judge in another country seeking assistance in obtaining infor-
mation, documents or testimony in a particular legal matter.”
Answer B is incorrect because directly asking the target of the discovery request for the documents holds no
legal weight. It is extremely unlikely that this will be successful in an adversarial case, particularly in a fraud case.
Answer C is correct because this is a viable method of requesting cross border documents under The
Hague Convention.
Answer D is incorrect because a subpoena duces tecum is not an internationally used legal order. Even if it was,
making a party available for examination does nothing to advance the effort of getting the documents produced,
which is the focus in this scenario.
302
CHAPTER 10 – MONEY AND COMMODITIES FLOWS:

Q 10-1. An investigation of an export-import corporation in Florida that exports large household appliances to
Colombia discloses the following:
1. The corporation’s sources of funds for the purchase of the items are large check deposits from a small
number of other Florida export companies.
2. Each of the customer business accounts is funded by small checks from numerous personal accounts
that are domiciled in banks in New York or South Florida. Each deposit is for less than $3,000 and for an
amount in even $100 dollar increments. increments.
What is this money laundering scheme known as?
A. Transfer Pricing Scheme
 B. Black Market Peso Exchange (BMPE)
C. Bulk Cash Smuggling
D. Carousel Fraud
Answer A is incorrect because the fact pattern described bears no resemblance to transfer pricing. Transfer
pricing schemes are a method of allocating profits between different branches or subsidiaries of a legal entity in
order to reduce the entity’s overall tax burden.
Answer B is correct because the pattern of transactions is indicative of BMPE. There is unusual deposit activ-
ity that is indicative of structuring, followed by lump-sum payments to US appliance exporters. Another indi-
cator is the parties and locations involved. An exporter in the US sending appliances to Colombia is a classic
example of BMPE.
Answer C is incorrect because there is no cross-border movement of large volumes of cash in described in
this scenario, and no other red flags or suspicious activity that would indicate the exporter is involved in bulk
cash smuggling
Answer D is incorrect in part because carousel fraud is a tax fraud scheme, not a money laundering scheme. It
hinges on abusing the value-added tax (VAT) system, which is common in Europe but not present in the US, where
this investigation is taking place.
303
Q 10-2. A young woman, who is a national of Country A, works as a caregiver for a family in the US. She sends
much of her earnings to support her family back in Country A by giving the amount in cash to a local grocer,
whose family heritage is also in Country A. Once the grocer receives the cash, he calls his partner who runs a
market in one of the larger cities in Country A. From there, the young woman’s family can pick up the money sent.
What is the name commonly used to describe this form of remittance transaction?
A. Cash transfer
 B. Hawala
C. Referral Banking
D. Black Market Peso Exchange (BMPE)
Answer A is incorrect because Cash Transfer is not a real type of funds transmission. It is the colloquial term
used for Money Transmitter Business (MSBs) services; but there is no actual transfer taking place here.
Answer B is correct as this is a classic Hawala transfer.
Answer C is incorrect as this has nothing to do with referral banking. This response is simply a distraction.
Answer D is incorrect because the fact pattern described here bears little relation to Black Market Peso
Exchange, which typically involves the movement of both currency and goods across borders and the presence of
currency brokers, and is not a trust-based informal value transfer system as described here.
304
CHAPTER 11 – COMPLIANCE PROGRAMS AND CONTROLS:

Q 11-1. As the compliance officer in a national financial institution, you have recently received an alert from your
regulator warning of suspected bulk cash smuggling into your jurisdiction.
Which recent activity might be indicative of bulk cash smuggling?
A. An increase in domestic wire transfers between another bank within your jurisdiction and your financial institution
B. A significant number of cash withdrawals, all under $10,000, from your financial institution
 C. Large amounts of small denomination currency being sent from a Foreign Financial Institution (FFI) to their account
at your bank
D. A dramatic increase in domestic ACH transactions at your bank
Answer A in incorrect because the alert received was for bulk cash smuggling into your jurisdiction. The fact
that the transfers are all taking place within your jurisdiction eliminates this answer.
Answer B is incorrect as bulk cash smuggling would result in large cash deposits into your institution; not with-
drawals. The amounts being under $10,000 is a red herring because it is close to many jurisdiction’s report-
ing threshold.
Answer C is correct as this is a classic red flag of bulk cash smuggling. When physically smuggling large amounts
of cash across a border most criminals would want to reduce the physical bulk of the cash by converting as much
as they could into larger denomination bills. This would result in significant amount s of small denomination cur-
rency being sent by foreign banks into your jurisdiction.
Answer D is incorrect as ACH transactions usually have no connection to bulk cash smuggling. Also, these
are domestic transactions, which would indicate they are not connected to any cross-border cash-smug-
gling operation.
305
Q 11-2. A US bank receives a letter of credit from an issuing bank in connection with the purchase of wheat
from a bank customer. The buyer/applicant is located in Belarus, a country in which certain senior government
officials are on the US Specially Designated National (SDN) List. The country is not, however, subject to com-
prehensive US sanctions.
The buyer is determined to be a joint venture in which a Belarus SDN has a 50% interest through two separate companies
wholly owned by the SDN. Each has a 25% interest in the joint venture. No funds have yet been received by the bank.
A. The letter of credit can be processed and the funds paid because the customer is not on the SDN List and the SDN
does not have a majority or controlling interest.
B. The letter of credit can be processed and the funds paid because the US Office of Foreign Assets Control (OFAC) has
issued general licenses exempting food from US sanctions.
 C. The letter of credit must be blocked by the US bank and reported to OFAC even though no funds have yet
been received.
D. The letter of credit cannot be accepted or acted on so it must be returned to the advising bank with notice that any
funds received will be blocked.
Answer A is incorrect because one of the customers involved in the transaction is in fact an SDN. The buyer
mentioned in the scenario is said to be a joint venture that is 50% owned by two persons on the SDN list. Under US
sanctions regimes, if a person or entity on an SDN list has a 50% or more ownership stake in an entity or company,
that entity or company is subject to the same restrictions as an SDN, including blocking of transactions.
Answer B is incorrect because US sanctions regimes are country, person or entity-specific. OFAC does not issue
blanket licenses exempting an entire class of good or transaction from sanctions. While under some sanctions
laws food and agricultural goods are exempt from sanctions, in other cases they are not.
Answer C is correct because it accurately describes the steps the bank must take in order to remain compliant
with OFAC sanctions laws. The buyer was found to be an SDN, which requires the bank to block the transaction.
Answer D is incorrect because notifying the parties to a sanctioned transaction that it would be blocked is
explicitly prohibited by US sanctions laws. Funds or financial instruments involved in sanctioned transactions are
typically required to be blocked, and are not returned to any of the parties in a transaction.
306
Q 11-3. A small regional bank has recently started using a new transaction monitoring tool that utilizes sev-
eral custom scenarios to identify specific activity which was defined by the Financial Crimes Compliance team.
There are five scenarios that are live in production. The Analytics team within Financial Crimes Compliance has
performed some research on the scenarios and is ready to make recommendation to management regarding
possible changes to the scenarios.
Which scenario(s) should the Analytics team recommend making changes to first?
A. Scenario A that has generated 100 alerts in the past three months and 50% of those have been deemed suspicious
and a suspicious transaction report was filed.
B. Scenario B that has generated 180 alerts with a 95% false positive rate.
 C. Scenario C that has generated no alerts and there appears to be a problem with the mapping of data.
D. Scenarios D and E that were put into production in the last 30 days to address a matter requiring attention from
a regulator.
Answer A in incorrect as this appears to be a well performing scenario. It is generating alerts, and the percent-
age of those that were actually deemed suspicious is reasonable.
Answer B is incorrect because while the false positive rate is far too high, it is at least generating alerts and
some are still deemed suspicious. The false positive rate is clearly an issue that will have to be addressed, but
this scenario would not be the one that would need to be addressed first. There will often be scenarios on the live
exam that require you to pick the best answer. In this case, this is not the best answer.
Answer C is correct as this clearly is a broken scenario since not one alert has been generated. The fact that
there appears to be a problem with the mapping of the data only reinforces the conclusion that this scenario must
be addressed first.
Answer D is incorrect as there is no evidence that the scenarios are not performing as expected.
307
CHAPTER 12 – CYBERSECURITY
Q 12-1. Your financial institution has been subject to several hacking attempts over the last few weeks. While
none have been successful, you worry that it might be a matter of time. To keep your network secure, you have
decided to update your network security policies.
What is an important step to include in your network security policy?
 A. Educate your online customers to detect phishing attempts and other fraudulent email scams.
B. Disable auto deletion of old data, including access logs, and move them to an archive server.
C. Only permit administrative connections via the Internet through HTTPS or SSH connections.
D. Require confirmation from network engineering before resetting any lost passwords.
Answer A is correct as this is a recommended step in all network security policies. While not high tech or glam-
orous, educating your staff and your customers to recognize phishing and fraudulent emails is a fundamental and
highly successful way to prevent fraud.
Answer B is incorrect as this is the opposite of a good data retention policy, and has nothing to do with a network
security policy.
Answer C is incorrect as a good security policy will not allow any administrative connections through the inter-
net, even via secure connections like HTTPS or SSH. Administrative connections are those that allow you to log
into internal devices and make changes to how they function. This task should only be allowed from internal
connections.
Answer D is incorrect as it is not very scalable and network engineering is the wrong group to manage this
anyway. There are hundreds of password resets that are performed every day by most large financial institutions.
There is no way that the network engineering staff would be able to keep up with the requests. They would also
have no way to determine if the requests should be approved or denied.
308
Q 12-2. Your organization has a large online presence, providing all key services online. You have recently found
out that a hacker has gained access to your secure network, stealing millions of customer usernames and pass-
words. You think the access was gained via social engineering.
Your company’s success depends on your keeping this data secure, so your organization wants to put procedures in
place to ensure it can prevent any such further attacks. As an initial step you have terminated internet access for engi-
neering and IT.
What would be the MOST effective further action for your firm to immediately take to prevent this specific type of attack
from happening again?
 A. Restrict external access on all routers and servers allowing administrative access only from workstations in the
engineering and IT departments.
B. Staff should not be allowed to download any materials from the internet or private disks to the organization’s
local drives.
C. Require all customers to change their passwords on a regular basis to access their accounts and require
strong passwords.
D. Upgrade all network firewalls and ensure they are running current software.
Answer A is correct as this is a viable and recommended security strategy. Not only should administrative
access be restricted to only internal computers (no outside internet connections), it should be restricted to only
those groups that have a viable business purpose for logging into those devices, such as engineering and IT. If
someone manages to acquire information to access the network, via social engineering or otherwise, there is not
much they would be able to do with that information if they had to be sitting at a desk in your engineering depart-
ment to actually use it.
Answer B is incorrect. While this is a viable, if extreme, security measure, it does not prevent this specific type
of attack from happening again. Though a common security measure in some very secure government and pri-
vate-sector facilities, it does nothing to prevent social engineering attacks. The question specifically asks for
ways to prevent that type of attack.
Answer C is incorrect. While this too is a viable customer security policy, it would not be a component of a net-
work security policy. It also would do nothing to prevent social engineering attacks.
Answer D is incorrect. Once again, upgrading firewalls and ensuring they are running current software is a good
network security policy, but does not prevent “this specific type of attack from happening again.”
309
CHAPTER 13 – ETHICAL RESPONSIBILITIES AND BEST PRACTICES:

Q 13-1. Sallie Jones holds a significant administrative position in the Defense Department of her home country,
overseeing various information technology projects. Sallie’s husband, Joe, was recently hired in sales by a soft-
ware company, Company A. The CEO of Company A, a personal friend of Sallie, and ultimately hired Joe.
Shortly after Joe was hired, the Defense Department and Company A entered into a contract for the purchase of software.
Joe was assigned to the account. Sallie was not involved in the initial contract negotiations and did not know they were tak-
ing place. After the contract was signed, Sallie was involved in the decisions to use the company on subsequent projects.
When did Sallie commit an ethical violation?
A. When the CEO of Company A paid for a dinner with Sallie and her husband during the hiring process for her husband
B. When she continued to maintain a close friendship with the CEO of a vendor of the Defense Department
 C. When she was part of the subsequent decision process knowing that her spouse had a financial interest in the matter
D. When she did not disclose her conflict of interest during the initial contract negotiations
Answer A is incorrect as paying for the dinner in itself is not an ethical violation, and this dinner pre-dates any
other interaction with Company A and the Defense department.
Answer B is incorrect as maintaining a close friendship with someone, regardless of the business relationship,
is not an ethical violation. Only if you allow that relationship to influence your decisions does it cross the line into
an ethical issue.
Answer C is correct because there is a clear conflict of interest in this case. Sallie should have recused herself
from the decision-making process once her family had a financial interest in the selection of the vendor.
Answer D is incorrect because she had no reason to disclose a conflict of interest because she was not part of
the decision-making process to select the vendor.
310
Q 13-2. The CEO of Company X, a publicly traded corporation, caused Company X to enter into a transaction
with Company Y in which the CEO is a shareholder. The CEO failed to inform the shareholders of Company X of
his interest in Company Y. However, the transaction will greatly benefit Company X as well as Company Y.
A. The CEO has participated in insider trading.
 B. The CEO has committed self-dealing.
C. The CEO has been involved with selling away.
D. The CEO has not committed an ethical violation.
Answer A is incorrect as insider trading involves using insider knowledge to make open market trades to a per-
son’s personal benefit.
Answer B is correct. A person with a fiduciary responsibility to others (like other shareholders) entering a trans-
action with another company in which he has a financial interest is self-dealing. Even though the transaction
benefited both companies, the CEO would have been required to disclose the relationship beforehand, which he
did not. There could have been another, more beneficial, transaction that might have been considered if all of the
facts were known. In many jurisdictions, this is not only an ethical violation, but a legal one as well.
Answer C is incorrect as selling away is when a broker solicits you to purchase securities not held or offered
by the brokerage firm. As a general rule, such activities are a violation of securities regulations, but that did
not occur here.
Answer D is incorrect as there is clearly an ethical violation here. The self-dealing would not have been consid-
ered an ethical violation if he disclosed the relationship first though.
Association of Certified Financial Crime Specialists

Rivergate Plaza, 444 Brickell Avenue | Suite P60 | Miami, FL 33131
Phone: 844-992-2337 | Email: customerservice@ACFCS.org | 50-19
311

CFCS Study Manual 6th Edition

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CFCS Study Manual 6th Edition

Uploaded by

Copyright:

Available Formats

6th Edition

Association of Certified Financial Crime Specialists

Tel: 786-530-8231 Email: customerservice@acfcs.org

© Copyright 2019. All rights reserved. Association of Certified Financial Crime

Notice: The Certified Financial Crime Specialist Examination Preparation

@2019 Association of Certified Financial Crime Specialists

CFCS CERTIFICATION EXAMINATION

Brian Svoboda Kindle

Kenneth Barden, Esq.

Brian Golden, HSBC

Donald Semesky, Financial Operations Consultants

Karen Van Ness, Compliance Risk Solutions

@2019 Association of Certified Financial Crime Specialists

SPECIAL ACKNOWLEDGMENT AND APPRECIATION

Beth Berenbaum John Lash, Esq.

RECOGNITION OF THE FINANCIAL CRIME SPECIALISTS WHO ASSISTED IN

Heather Adams Joram Borenstein Lynn Correia

Albert Allison Daniel P. Boylan Annette Dance

Scott Andersen Lorice E. Brown Nyron Davidson

Carlota Arias Alice Campbell Delina Dhamo

@2019 Association of Certified Financial Crime Specialists

Juan Ducali Rebecca LaPorte Patricia Potts

JR Helmig Isabel Medrano Lisa Schor Babin

Elizabeth Henry Michael McDonald, Esq. Donald C. Semesky

Ken Krys Ron Penninger

@2019 Association of Certified Financial Crime Specialists

@2019 Association of Certified Financial Crime Specialists

Basel Committee on Banking Supervision...............................................................................................................................................81

@2019 Association of Certified Financial Crime Specialists

Other Evidence-Gathering Tools..............................................................................................................................................................143

@2019 Association of Certified Financial Crime Specialists

Common Indicators of Suspicious Activity...........................................................................................................................................195

@2019 Association of Certified Financial Crime Specialists

CHAPTER 14 INTERNATIONAL AGREEMENTS AND STANDARDS......................................................................... 276

@2019 Association of Certified Financial Crime Specialists

THE ASSOCIATION OF CERTIFIED FINANCIAL

The Association of Certified Financial Crime Specialists (ACFCS)

To build the certification examination, ACFCS took

Once they identified the job tasks, their work was

This Certification Examination Preparation Manual

This process was overseen by a professional staff with

ACFCS is independent of all government agencies,

JOB AND CAREER BENEFITS FROM CONCLUSION

With thoughtful attention to the

FINANCIAL The world is awash in financial crime. No person or organization,

CRIME OVERVIEW, public or private, secular or religious, profit or nonprofit is immune.

What is financial crime? A good working definition

COUNTRIES LISTED ON VARIOUS TAX HAVEN LISTS

Coast of East Asia Hong Kong,b,e Macau, a,b,e Singaporeb

Indian Ocean Maldives,a,d Mauritius, a,c,e Seychellesᵃ,

Middle East Bahrain, Jordan,a,b Lebanon a,b

North Atlantic Bermuda,e

West Africa Liberia

All financial crimes result in tax evasion. It would

corrupt official. The public official who receives the

The irony is that despite this ability to inflict so

Financial institutions spend significant time and

Financial criminals appreciate the value of a com-

All financial crimes interface with government

If a financial crime occurs at or through a business

In most countries, data from suspicious activity

1. These are known as Suspicious Transaction Reports (STRs) in many jurisdictions.

2. To learn more, please click here: www.egmontgroup.org

CAPITALIZING ON THE For example, some financial institutions have uni-

Beth Berenbaum  John Lash, Esq.

Scott Andersen  Lorice E. Brown Nyron Davidson

JR Helmig  Isabel Medrano  Lisa Schor Babin

 Elizabeth Henry Michael McDonald, Esq. Donald C. Semesky