Professional Documents
Culture Documents
CFCS Study Manual 6th Edition
CFCS Study Manual 6th Edition
CFCS CERTIFICATION
EXAMINATION STUDY MANUAL
Preparing For The Certified Financial Crime Specialist Examination
CFCS CERTIFICATION EXAMINATION STUDY MANUAL
Rivergate Plaza, 444 Brickell Avenue, Suite P60 Miami, FL 33131 USA
Executive Editor
Contributing Editors
TABLE OF CONTENTS
CHAPTER 1 ACFCS AND THE CHALLENGE OF FINANCIAL CRIME.............................................................................11
The Association of Certified Financial Crime Specialists.....................................................................................................................11
ACFCS Certification Examination................................................................................................................................................................12
Construction of the CFCS Certification Exam........................................................................................................................................13
Job and Career Benefits from CFCS Certification................................................................................................................................ 14
Conclusion.......................................................................................................................................................................................................... 14
CHAPTER 2 FINANCIAL CRIME OVERVIEW, COMMONALITIES AND CONVERGENCE......................................15
Financial Crime Overview...............................................................................................................................................................................15
Defining Financial Crime and its Permutations......................................................................................................................................16
Technology Changes Complexion of Financial Crime...........................................................................................................................16
Globalization of Financial Crime.................................................................................................................................................................. 17
Commonalities of All Financial Crimes...................................................................................................................................................... 17
Capitalizing on the ‘Commonalities’ and Exploring ‘Convergence’................................................................................................ 21
Conclusion......................................................................................................................................................................................................... 22
CHAPTER 3 MONEY LAUNDERING........................................................................................................................................ 23
Overview............................................................................................................................................................................................................. 23
The Financial
Action Task Force ........................................................................................................................................................................................... 24
Money Laundering Methods........................................................................................................................................................................ 25
The Three Stages of Money Laundering..................................................................................................................................................26
The Russian Laundromat...............................................................................................................................................................................27
Money Laundering Indicators..................................................................................................................................................................... 29
Financial Institution Money Laundering Methods and Vehicles......................................................................................................32
The Egmont Group of Financial Intelligence Units.............................................................................................................................. 33
Non-Financial Institution Money Laundering Vehicles.......................................................................................................................36
The Odebrecht Corruption Scandal........................................................................................................................................................... 37
The Role of Lawyers, Accountants, Auditors, Notaries and Other Gatekeepers...................................................................... 38
Regulatory Frameworks for Gatekeepers.............................................................................................................................................. 38
Real Property and Money Laundering......................................................................................................................................................39
Structures That Hide Beneficial Ownership.......................................................................................................................................... 43
The US Money Laundering Law................................................................................................................................................................... 47
Terrorist Financing.......................................................................................................................................................................................... 48
Conclusion......................................................................................................................................................................................................... 56
Chapter 3 Practice Questions......................................................................................................................................................................57
CHAPTER 4 UNDERSTANDING AND PREVENTING FRAUD..........................................................................................59
Overview............................................................................................................................................................................................................. 59
Understanding and Recognizing Types of Fraud................................................................................................................................. 60
Fraud in loans and mortgages.................................................................................................................................................................... 64
Insurance and health care fraud.................................................................................................................................................................70
Credit and debit card fraud............................................................................................................................................................................71
Fraud in government benefits......................................................................................................................................................................72
Internal Fraud....................................................................................................................................................................................................72
Identity Theft and Fraud................................................................................................................................................................................ 74
Detecting and Preventing Fraud.................................................................................................................................................................79
11
CHAPTER 1 • ACFCS AND THE CHALLENGE OF FINANCIAL CRIME
12
@2019 Association of Certified Financial Crime Specialists
CHAPTER 1 • ACFCS AND THE CHALLENGE OF FINANCIAL CRIME
13
@2019 Association of Certified Financial Crime Specialists
CHAPTER 1 • ACFCS AND THE CHALLENGE OF FINANCIAL CRIME
14
@2019 Association of Certified Financial Crime Specialists
CHAPTER 2 FINANCIAL CRIME OVERVIEW
CONVERGENCE
The immense earnings of financial criminals and their global
co-conspirators are impossible to calculate but easily run into
the trillions of dollars annually. Notable examples of the sources
of illicit profits of financial criminals are the public and private
healthcare programs that many nations provide to their citizens.
The United States government, for example, claims its Medicare
program suffers fraud losses of about $70 billion annually, or the
equivalent of $192 million daily. Just as with other financial crimes,
the fallout goes beyond the healthcare programs themselves.
Higher taxes and insurance premiums, along with increased gov-
ernment expenses to monitor and supervise the integrity of the
programs, are some of the consequences.
15
CHAPTER 2 • FINANCIAL CRIME OVERVIEW, COMMONALITIES AND CONVERGENCE
Much of this fraud, and thousands of other similar This Manual covers all of them, focusing mainly on
instances worldwide, is facilitated by corruption crimes that have a cash or economic advantage as
of the participants in the programs or in the pub- their primary objective. However, the Manual does
lic agencies that conduct them. Lax controls and not deal with some profit-motivated crimes, such as
auditing, poor supervision by regulators, inade- drug trafficking, illegal gambling, nuclear traffick-
quate enforcement by investigative agencies and ing, prostitution and similar offenses. While these
inattention to recovering the assets stolen by finan- crimes are also motivated by the desire to make
cial criminals emboldens others and breeds more money, they do not fit into the financial crime cate-
financial crime. gories in this Manual.
Government agencies and private sector victims of For your needs, we will cover those crimes in which
financial crime fare poorly in recovering the funds perpetrators possess or control the criminal pro-
that are taken unlawfully from government programs ceeds. At that point, these criminals become clas-
and from private sector victims. While estimates are sic financial criminals who must engage in some of
inherently difficult, statistics issued by government the common steps that all financial criminals take.
agencies suggest that only 2 to 5 percent of assets Money laundering is present in all financial crimes
that private- and public-sector victims lose to finan- and is a common and essential element that all
cial criminals is ever recovered. Asset recovery is financial crimes share, regardless of how they made
addressed in its own chapter of this Manual. their money.
16
@2019 Association of Certified Financial Crime Specialists
CHAPTER 2 • FINANCIAL CRIME OVERVIEW, COMMONALITIES AND CONVERGENCE
for example, is not a new type of crime, but the investigate, report, train and remediate on financial
advance of technology has spurred its growth and institutions, businesses, and other organizations, all
made it a global menace. Similarly, cybercrime did at a significant cost.
not exist before the arrival of digital technology and
the Internet. Even in the face of these mighty defensive and
offensive efforts composed of private- and pub-
Financial crime today is more extensive, complex lic-sector organizations, financial crime continues
and technology-driven than ever before; so are the to grow. Financial criminals are industrious and find
government and private sector efforts against it. weaknesses, loopholes, negligence or corruption to
Investigative and enforcement procedures and reg- facilitate their crimes.
ulatory measures that seek to block or detect finan-
cial crime need to grow at the pace of the evolving
techniques of financial criminals. GLOBALIZATION OF
FINANCIAL CRIME
New laws and regulations, multinational agree- Financial crime flourishes when it crosses national
ments, treaties and conventions, and working borders. By crossing these borders, the financial
groups are all aimed at financial crime. Non-govern- criminal complicates law enforcement efforts by
mental organizations, such as the Financial Action forcing the agencies of one country to obtain the
Task Force (FATF), the Egmont Group, Interpol and cooperation of their counterparts in other countries
others, have been formed in the past fifty years for the purpose of gathering evidence or locating
to help public and private sector organizations to suspects and witnesses. It usually causes the perti-
combat financial crime. nent authorities to seek the assistance of an inter-
national treaty, convention or agreement, or an
Starting in 1990 with the creation of the US Finan- international organization such as Interpol.
cial Crimes Enforcement Network (FinCEN), nations
began creating agencies that have come to be This takes extra time, which favors the financial crim-
known as Financial Intelligence Units (FIUs) that inal. As time passes, the financial criminal is better
facilitate international information sharing and able to find refuge for the financial crime proceeds,
cooperation. The success of these efforts often tamper with the evidence and even seek safe haven.
depends on the political will of nations to accept,
adopt and enforce them. The more than 60 “secrecy havens” around the globe,
ranging from obscure islands, such as Nauru and
The patchwork of national and international require- Tortola, to long-standing havens, such as Lichten-
ments and standards places the duty to monitor, stein and Switzerland, are a convenient and vital
resource for financial criminals to move and hide
their assets. These havens provide financial crimi-
nals a crucial resource that completes the crime.
COMMONALITIES OF ALL
FINANCIAL CRIMES
There are many types of financial crime, such as
money laundering, fraud and corruption, each
with distinct subsets, such as terrorism and threat
17
@2019 Association of Certified Financial Crime Specialists
CHAPTER 2 • FINANCIAL CRIME OVERVIEW, COMMONALITIES AND CONVERGENCE
Europe/Mediterranean Andorra,a Channel Islands (Guernsey and Jersey), e Cyprus, e Gibralter, Isle of
Man, Ireland,a,b,e Liechtenstein, Luxembourg, Malta,ᵉ Monaco, San Marino,ᵃ,
Switzerlanda,b
Pacific, South Pacific Cook Islands, Marshall Islands,a Samoa, Nauru,c Niue,a,c Tonga,a,c,d Vanuatu
A Table Listing Countries that Appear on Multiple Lists of Tax Havens Issued by Countries and NGOs, Including the OECD, US
Government and Others. Source: US Congressional Research Service Report in 2015,
“Tax Havens: International Tax Avoidance and Evasion”
finance, identity theft and commercial bribery. lator of sanctions laws, an identity thief and other
But, they all share several constant commonalities, financial criminals, at some point, must hide or
which make them more alike than not. disguise the criminal proceeds. The domestic or
international movement of “clean” money for the
Recognizing and exploiting the commonalities purpose of committing a financial crime, money
helps private- and public-sector organizations laundering is a necessary function of the financial
build a cohesive, comprehensive and collaborative criminal because it permits him to mask his involve-
approach to financial crime, and maybe get even ment in the financial crime, evade the payment
better results. The issue of convergence is dis- of taxes and move the money to hide it from vic-
cussed in this chapter. tims and government authorities. The broad reach
of most money laundering laws and the predicate
Financial crimes have these commonalities: crimes that activate prosecutions for money laun-
All financial crimes involve money laundering. At dering, as well as the international money launder-
some point in the planning and execution of finan- ing control standards of the Financial Action Task
cial crimes, all of them involve money laundering. A Force (FATF) and other world bodies, lend cred-
business involved in a foreign corrupt payment, a ibility to the fact that all financial crimes involve
public official who receives illicit payments, a vio- money laundering.
18
@2019 Association of Certified Financial Crime Specialists
CHAPTER 2 • FINANCIAL CRIME OVERVIEW, COMMONALITIES AND CONVERGENCE
19
@2019 Association of Certified Financial Crime Specialists
CHAPTER 2 • FINANCIAL CRIME OVERVIEW, COMMONALITIES AND CONVERGENCE
20
@2019 Association of Certified Financial Crime Specialists
CHAPTER 2 • FINANCIAL CRIME OVERVIEW, COMMONALITIES AND CONVERGENCE
Egmont Group. 2 The Group facilitates the exchange applied, all major financial crimes involve multiple
of data and intelligence among its members, under countries, especially in today’s electronic world.
security protocols, with the goal of improving multi-
national efforts against financial crime. The many bilateral agreements and multinational
treaties, mutual legal assistance treaties, tax infor-
All financial crimes create the need for asset mation exchange agreements, financial informa-
recovery. All financial crime leaves someone poorer tion exchange agreements, inter- governmental
than they were before. The major recent financial agreements, extradition treaties and other interna-
crimes, such as the Bernie Madoff Ponzi scheme, tional cooperative agreements that bear on finan-
the international bank mega-fraud of Allen Stan- cial crime underscore the international nature of
ford, the legal settlements scheme of Scott Roth- these crimes.
stein and others have left behind tens of thousands
of victims with billions of dollars in losses. Some laws have an international focus by defini-
tion or by their very name. The US Foreign Corrupt
Thousands of less-celebrated financial criminals Practices Act (FCPA) is an example. The placement
worldwide leave millions of other victims behind. of law enforcement agents of a country in their
Victims that have the resources to attempt to nation’s embassies overseas and the work of inter-
recover their assets rarely succeed in these efforts. national organizations, such as Interpol and the
Government agencies that seek to recover funds FATF, all highlight the cross-border nature of major
that are stolen from government programs are financial crimes.
no more successful in their efforts, despite the
strong asset recovery, legal and judicial weapons Financial crime often involves public or private sec-
they possess.3 tor corruption. Nothing facilitates financial crime
more than a corrupt or complicit business insider or
Asset recovery is the neglected art of the financial public official. Corruption is the engine that drives
crime continuum. The failure to recover the assets most major international financial crime. Apprecia-
taken by financial criminals is a primary cause of tion of the corrosive effect of corruption has moved
the growth of financial crime. The deterrent effect many organizations to mount a broad, still blossom-
that successful asset recovery could achieve is ing assault on corruption in recent years, as evi-
missing. Financial criminals have the pleasant real- denced in part by the revised 40 Recommendations
ity that they rarely are required to relinquish the of the FATF. Global anti-corruption is covered in its
money they take from their victims — even if they go own chapter of the Manual.
to prison. Asset recovery is discussed extensively in
a later chapter. Public and private-sector corruption has many vari-
ations. Examples include the unlawful payment by
All (major) financial crimes involve more than one a business to the employee of another business to
country. Whether it is the location of the financial obtain trade secrets, or the bribery of a regulator
crime victim, the base of operations of the finan- to turn a blind eye to criminal activity in a financial
cial criminal or his co-conspirators, the home of institution or other type of business.
the financial institutions they use, or the countries
where the criminal proceeds moved through or were
21
@2019 Association of Certified Financial Crime Specialists
CHAPTER 2 • FINANCIAL CRIME OVERVIEW, COMMONALITIES AND CONVERGENCE
22
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3
MONEY
LAUNDERING
OVERVIEW
23
CHAPTER 3 • MONEY LAUNDERING
Although it has been practiced for millennia, money In 2001, the development of standards in the
laundering took a long time to obtain formal designa- fight against terrorism financing was added
tion as a crime, and even longer for money laundering to the mission of the FATF. In October 2001,
laws to evolve into potent weapons against financial the FATF issued the Eight Special Recom-
and other profit-motivated crime. mendations to deal with the issue of terror-
ism financing. The continued evolution of
In 1986, the United States was the first nation to money laundering techniques led the FATF to
enact a law that classified money laundering, or the revise the FATF standards comprehensively
“laundering of monetary instruments,” as a crime. It in June 2003. In February 2012, the Recom-
was prompted to act, largely, by the realization that mendations underwent their most signifi-
international drug trafficking organizations were cant revamping in almost a decade, with the
earning billions of dollars and using financial institu- release of the revised 40 Recommendations
tions and other legitimate businesses to hide, move that merged the Special Recommendations
and disguise their massive wealth. At the same time, back into the other standards.
it recognized the negative effects of the involvement
of criminal organizations in financial institutions and
24
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
other legitimate businesses as customers and own- the official acts of the public official. The movement
ers, together with their corrupting influence in gov- of those funds is money laundering.
ernment operations.
In a sanctions violation, a corporation that wants to
Today, nearly every country has enacted money continue doing business with a sanctioned country
laundering laws with widely varying characteristics. routes the money involved in a prohibited transac-
However, in general, they are all designed to serve tion through a third party that does not reside in,
as a deterrent to financial and other criminals by or have direct relationships with, the sanctioned
criminalizing their relationships with financial insti- country. That is money laundering as well.
tutions and other legitimate businesses, reducing
their wealth and increasing the risk for financial In fact, any attempt or conduct designed to hide and
institutions and other businesses that knowingly do conceal the source, movement, control or ownership
business with them. of money illegally derived is an act of money laun-
dering. Similarly, a process that involves the move-
ment of money derived through legitimate means,
MONEY LAUNDERING METHODS but which is intended or destined to be used to com-
In one simple example, to carry out a Ponzi scheme, mit a crime, such as in the above example of the cor-
the promoter must disguise the funds he is paying to rupt foreign official, is also money laundering under
the initial victims of the scheme as their “investment the laws of many nations, including the United States.
earnings” when they truly represent funds received
from later victims. That is money laundering. The Financial Action Task Force (FATF) is an inter-
governmental organization formed in 1989 designed
Another example is a scheme in which a company to establish global standards on money laundering
draws funds from its account in its home country controls. It is based in Paris. Long ago, the FATF
and transports the funds across national borders developed a working definition of money laundering
so that they may be given, through an intermediary involving funds that originated in illegal activity:
or “bagman,” to a public official in another country.
The purpose of the illegal payment is to influence 1. The conversion or transfer of property,
knowing that such property is derived
from a criminal offense, for the purpose of
concealing or disguising the illicit origin of
the property or of assisting any person who is
involved in the commission of such an offense
or offenses to evade the legal consequences
of his actions;
2. The concealment or disguise of the true nature,
source, location, disposition, movement, rights
with respect to, or ownership or property,
knowing that such property is derived from a
criminal offense;
3. The acquisition, possession or use of
An image of Charles Ponzi taken August 1920. That property knowing at the time of receipt that
year, Ponzi launched the investment fraud scheme such property was derived from a criminal
that would later come to bear his name. offense or from an act of participation in
such offense.
25
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
26
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
proceeds and their source by the creation of layers establish their susceptibility to recovery, and pin
of financial transactions that disguise their flow and the crime on the perpetrator.
reduce their ability to be traced. It often involves
multiple participants and entities, like shell corpo- Electronic fund transfers are probably the most
rations and cross- border transactions. important layering method that money launderers
use. Millions of transfers are sent annually world-
The more complex and numerous the layers con- wide because they provide the advantages of speed,
structed by the financial or other criminal, the more distance and increased anonymity.
difficult it is to uncover the location of the funds,
The scheme was reportedly orchestrated by a group of Russian businessmen, some with criminal pasts
and most with ties to the Russian government. The arrangement had all the hallmarks of a complex
money laundering scheme, utilizing weak points in the company formation processes, legal system and
financial systems around the globe. It illustrates the ingenuity of sophisticated financial criminals.
The Russian Laundromat was unveiled in 2016 and has prompted investigations in several countries,
including the UK, Moldova and Russia. Three officials of Moldova’s central bank, along with 15 judges,
have been arrested in the case.
27
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
28
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
29
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
30
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
• Client is a known frequent gambler and/or high • Funds transferred to overseas account but then
roller at a casino withdrawn in (the country)
• Large funds transfers after gambling activity • Funds transfers to numerous offshore
jurisdictions with no business rationale
• Structuring of gambling purchases, payouts
and withdrawals • Departure from (the country) shortly after
making funds transfers
• Unusual pattern of phone betting transactions
• Funds transfers involving a tax haven
BUSINESS ACCOUNT INDICATORS • Multiple deposits made to same overseas
• Company account used for personal use account by different people
• Withdrawing all, or nearly all, funds from an • Use of third parties to conduct transactions
account within a short period of time • Use of third party accounts
• Structuring of funds transfers or transactions • Use of family member accounts
31
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
• Multiple cash deposits and withdrawals with Following is a partial listing of some of the vul-
suspicious references nerabilities.
• Frequent domestic and international
ATM activity
32
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
The Egmont Group defined an FIU as a central, national agency responsible for receiv-
ing (and, as permitted, requesting), analyzing and disseminating to the competent
authorities’ disclosures of financial information: (i) concerning suspected proceeds of
crime and potential financing of terrorism, or (ii) required by national legislation or reg-
ulation, in order to counter money laundering and terrorism financing.
The goal of the Egmont Group is to provide a forum for FIUs around the world to improve
cooperation in the fight against money laundering and financing of terrorism and to
foster the implementation of domestic programs in this field. The Egmont Group pro-
vides support to member FIUs in the following ways:
33
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
34
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
banking creates distance between banker and cli- ferred to designated beneficiaries, often in other
ent and lessens the physical contact on which tra- countries. More details on money transmitters will
ditional client identification rests. These services be provided in Chapter 11, Compliance Programs
make it more difficult to detect money laundering and Controls.
because, in some circumstances, normal monitor-
ing cannot be conducted. Online banking, by elimi- SECURITIES BROKER-DEALERS
nating personal contact between the institution and Broker-dealers, in general, facilitate the purchase
the customer, makes it more difficult to know who and sale of securities for individual and corporate
controls an account. members of the public for whom they maintain
accounts. They are subject to significant money
MONEY TRANSMITTERS laundering risks.
These businesses transfer funds for customers by
receiving cash from their clients which is trans-
100 95%
90
80
70
60
Percentage
50
40 35%
30
20%
20 15%
12%
10 4%
1%
0
Financial Money Casinos Trust Law Firms Internet Prepaid
Institutions Service Companies Payment Card
Businesses and/or Systems Providers
Accounts
35
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
NON-FINANCIAL INSTITUTION
MONEY LAUNDERING VEHICLES
As stated above, there are few instrumentalities,
entities, organizations or individuals that do not
pose a risk of being used for money laundering
activities; financial institutions are not the only
avenue for money laundering. The following list
and brief explanations highlight some of the more
important persons, entities and instruments that
should receive scrutiny, particularly by financial
institutions that are asked to open an account rela-
tionship, or commercial entities that are liable under
global anti-corruption rules and regulations.
a certain threshold -- the same as other financial
INSURANCE institutions.
Life insurance and annuities contain the high- DEALERS IN PRECIOUS METALS,
est money laundering risk in the insurance realm. JEWELRY AND ART
Money launderers can purchase insurance policies
and then later redeem them and request the funds Precious metals, jewelry and art have great money
be deposited into a bank account. Insurance policies laundering vulnerabilities because of the way they
with certain characteristics are much more attrac- are traded and bought and sold. Money launder-
tive to launderers than others, including transfer- ers value them in their trade because of their high
able policies and those with a cash surrender value. intrinsic value, convertibility and potential anonym-
ity in transfers.
Also, contracts for annuities may allow the benefi-
ciary, who could be a financial criminal, to exchange POLITICALLY EXPOSED PERSONS
illicit funds for an income stream. Payments from For years, corruption of public officials has been a
annuities are usually made monthly. primary concern of many nations and international
bodies, including some of the principal players in
CASINOS formulating global standards on money laundering.
Casinos generate and receive substantial cash and They recognize that public corruption is a principal
are vulnerable to money laundering via facilities facilitator of financial crime and a destabilizing ele-
they offer to their customers to manage and dis- ment to nations, contributing to poverty, reduced
pose of money. Inserting illicit funds into a gambling social services, and poorer fiscal health. For these
operation and then cashing out the funds as gam- reasons, public officials or Politically Exposed Per-
bling proceeds is a popular method to launder funds, sons (PEPs), are now a focus of public and private
due to the relative anonymity of many gambling sector efforts in the control of money laundering.
venues and the ability to conceal sudden spikes in
income as winnings. Exactly who is considered a PEP can vary based on
the laws and regulations of different jurisdictions.
In many jurisdictions, casinos are required to file Most use some variation on the definition provided
transaction reports, as well as undertake customer by the FATF in its 40 Recommendations.
identification procedures, for bets or proceeds over
36
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
• Foreign government officials, such as heads of with substantial extraterritorial reach. Often, that
state, legislators, judicial or military officials, reach is augmented by the simultaneous enforce-
officials in political parties, or other more senior
appointed officials
• Officials at state-owned enterprises, such as a THE ODEBRECHT
government-controlled oil company executive or
CORRUPTION SCANDAL
administrator of a state-run health system
• Domestic government officials such as heads In March 2014, federal law enforcement
of state, legislators, judicial or military officials, agents in Brazil were pursuing an investiga-
officials in political parties, or other more senior tion into an alleged money laundering ring
appointed officials when they uncovered a much wider network
• Officials of international organizations – This of corruption and financial crime.
includes non-governmental organizations like
the Red Cross and global sporting bodies like The probe, later dubbed “Operation Car
FIFA, among others Wash,” would expose an enormous brib-
ery scheme involving two of Latin Amer-
• Close associates can include business partners,
ica’s largest companies, the Brazilian
individuals connected through a charity or non-
state-owned oil company Petrobras and
profit venture, or even social connections like an
construction firm Odebrecht.
official’s long-time friends
Odebrecht was revealed to have made over
Not every government employee or official is nec-
$800 million in corrupt payments to govern-
essarily a PEP - the FATF’s definition only includes
ment officials to win contracts and secure
government officials in “prominent positions.” Some
business in twelve countries. Dozens of
countries consider only officials in “prominent posi-
high-level political figures, including the for-
tions” to be PEPs, while others cast a wider net that
mer presidents of Brazil, Peru and Colom-
includes less senior roles. Likewise, whether or not
bia, were investigated for taking funds con-
domestic officials are considered to be PEPs will
nected to Odebrecht.
vary country by country.
The sweeping case ultimately led to a
Some institutions have developed their own inter-
record-setting $3.5 billion penalty on Ode-
nal lists of roles and responsibilities that qualify as
brecht and its petrochemical unit, Braskem
“prominent positions.” This practice can prove useful
S.A from the US Department of Justice
when screening customers for their PEP status, as
and enforcement agencies in Brazil and
required in customer due diligence programs. Chap-
Switzerland.
ter 11 on Compliance Programs will feature more
on this topic.
It is considered one of the largest corrup-
tion scandals in history. It is also a glaring
Apart from that, various nations, particularly the
example of the potential money laundering
United States with its Foreign Corrupt Practices
threat presented by politically-exposed per-
Act (FCPA), the United Kingdom with its UK Bribery
sons, or PEPs.
Act and Canada with its Corruption of Foreign Pub-
lic Officials Act (CFPOA), have enacted legislation
37
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
ment of the money laundering and other laws in a vide many other legal services. In other countries,
particular case. such as the US and UK, notaries play a much more
limited role, primarily acting as witnesses when
These anti-corruption laws, which are addressed in important documents are signed.
the chapter on global anti-corruption, place greater
compliance pressure on banks and other financial Recognizing the roles and abilities that different
institutions that are the primary focus of money types of gatekeepers possess in your jurisdiction
laundering laws and regulations. Not only may these will help you better identify and assess their risks.
businesses be involved directly in a Foreign Corrupt
Practices Act violation, they may also be implicated,
knowingly or through “willful blindness,” in facilitat- REGULATORY FRAMEWORKS
ing the foreign corrupt payment. FOR GATEKEEPERS
The FATF and certain other international stan-
dard-setting bodies recommend that jurisdictions
THE ROLE OF LAWYERS, impose AML/CTF regulations on gatekeeper roles.
ACCOUNTANTS, AUDITORS,
NOTARIES AND In 2003, the FATF recommended that gatekeepers
OTHER GATEKEEPERS be considered Designated Non-Financial Businesses
The global financial system is not composed of and Professions (DNFBPs), which would make them
banks and other financial institutions alone. A subject to compliance with the regulatory frame-
wide range of facilitators – professionals who work laid out in the 40 Recommendations.
move funds for clients, help manage assets or
interact with financial institutions, provide tax This would generally mean that gatekeepers are
advice, purchase real estate, or form trusts and expected to implement AML compliance control
legal entities – can help open the door to the wider using a risk-based approach, similar to require-
financial system. ments for financial institutions. This includes
the following:
Like financial institutions, they, too, are vulnerable
to being exploited in money laundering and finan- • Implementing customer identification measures
cial crime schemes. These professionals are often • Conducting due diligence on clients and
referred to as “gatekeepers” because they can pro- transactions for AML and financial crime risks
vide “access (knowingly or unwittingly) to various • Reporting on suspicious transactions or
functions that might help a criminal with funds to client activity to their jurisdiction’s financial
move or conceal, per the FATF. intelligence unit
Types of professions considered to be gatekeepers • Maintaining records in the case they are needed
can vary somewhat by jurisdiction – professions can for regulatory compliance or law enforcement
have different abilities, roles and limitations in dif- investigations.
ferent countries.
Not every country has adopted this regulatory
For examples, notaries in many countries with civil framework for gatekeepers. In many Latin Amer-
law systems – such as Latin American countries and ican, Asian and European countries, most gate-
most European countries – can help clients form keeper professions are subject to AML compliance
companies, create trusts, draft contracts and pro- regulations. In the US and Canada, lawyers and
38
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
other legal professionals have no government-man- obviously be considered higher risk for money laun-
dated regulations, only voluntary standards put dering and financial crime.
forth by industry groups.
By the same token, some gatekeepers would be
ASSESSING THE RISKS OF GATEKEEPERS considered lower risk if they only deal with certain
Gatekeepers are generally considered a medium to types of clients and provide certain low-risk ser-
high risk by banks and other financial institutions vices. If a gatekeeper does not generally provide
that might hold accounts or conduct transactions services that facilitate transactions, hold assets or
with these professions. Certain services provided create or manage legal entities, only has domestic
by gatekeepers are riskier than others, and the clients, and/or interacts with their clients face-to-
types of functions a gatekeeper offers, along with face, then they would generally be considered low-
the geographic reach and the customers served, er-risk than other types of gatekeepers.
will significantly impact the gatekeeper’s AML risk.
One final factor that can impact gatekeeper risk
A 2013 report on gatekeeper risks by the FATF is “professional secrecy.” In many countries, some
assessed SAR/STR filings made by attorneys and gatekeeper roles, such as attorneys, have tradition-
other gatekeepers. It found the most common ser- ally enjoyed a high level of secrecy in their deal-
vices that came up in SAR/STR reports filed by ings with clients. In some countries, this secrecy
gatekeepers: is legally mandated. One example of “professional
secrecy” is the attorney-client privilege in jurisdic-
• Real estate transactions tions, such as the US.
• Formation of trusts
• Formation of companies, and mergers and REAL PROPERTY AND
acquisitions of existing companies MONEY LAUNDERING
• Trust and company services – i.e., acting as a Also known as asset conversion and typically done
trustee or corporate agent during the integration phase of money laundering,
this is the purchase of goods -- typically high-value
Along with the nature of services, the way a gate- and portable items such as gold, precious stones
keeper interacts with clients impacts the risk. Some
factors that increase risk include the following:
39
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
or vehicles. Real estate is also a common target for money-laundering risks, including the receipt of
asset conversion schemes. We will focus on vehicles cash, transactions with the proceeds of illegal activ-
and real property here; precious metals and art are ity, the layering of transactions with the proceeds of
discussed elsewhere in this chapter. financial and other crime, the payment of vehicles
by third parties and more.
REAL ESTATE
Real estate has served as a vehicle to launder crim- MONEY LAUNDERING STRATEGIES
inal proceeds and disguise beneficial owners since As discussed in the introductory chapters, financial
the earliest days of the money laundering era in crime schemes are incredibly varied and diverse,
the 1980s. Criminal proceeds can be funneled to and limited only by the creativity of the financial
real estate transactions through contract deposits, criminal. So, too, are strategies to launder crim-
down payments, mortgages, trust accounts and in inal proceeds. As money laundering can be con-
the construction process. Offshore corporations, ducted through virtually any transaction involving
whose true ownership is nebulous at best, often the exchange of assets or other objects of value, it
serve as the owners of record of real estate. Escrow would be impossible to fully outline all money laun-
funds maintained in escrow accounts that are pur- dering strategies here.
portedly destined for legitimate expenses in a real
estate transaction may actually be something else. There are, however, methods that remain consis-
Escrow accounts are vulnerable to money launder- tently and globally popular with money launderers,
ing because of the many transactions that are con- and several are briefly outlined here. Many of these
ducted through them by the various parties that are described in more detail in other chapters of the
are involved in the transaction, including attorneys, manual. Where that is the case, the chapter is given.
title insurance agents, inspectors, bank mortgage
officers, appraisers and others. INTERNATIONAL TRADE PRICE
MANIPULATION
VEHICLES For more than 20 years, well-respected aca-
Many money laundering cases worldwide have demic studies have shown that the over-pricing
involved businesses that sell or trade various types or under-pricing of imports and exports in inter-
of vehicles, including automobiles, boats, airplanes national trade facilitates money laundering, and
and motorcycles. These businesses confront many other financial crimes, including fraud, corruption
40
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
and tax evasion. This is commonly called “trade- These smaller deposits can then be transferred and
based money laundering,” and remains a popular consolidated into a single account. Smurfing can be
method to conceal illicit proceeds and move them difficult to detect because there is frequently no
across international borders. Commodities that are apparent connection between the various accounts
to be shipped may be falsely priced in the shipping and deposits involved.
documents as higher or lower to accommodate the
direction in which the money launderer wishes to STRUCTURING
move the money. To provide the trade transaction Structuring is a close companion to smurfing.
with an air of legitimacy, the money launderers may Structuring involves splitting up funds into multi-
choose to use a financial institution to obtain trade ple deposits below certain thresholds to avoid trig-
financing and the documentation that goes with it. A gering reporting requirements. Most jurisdictions
more thorough examination of trade-based money have imposed regulations requiring many types of
laundering can be found in Chapter 10, Money and financial institutions to report transactions above a
Commodities Flow. certain amount. In the US, for example, institutions
are required to file a Currency Transaction Report
BLACK MARKET PESO EXCHANGE (BMPE) (CTR) for deposits above $10,000. Structuring of
In simple terms, this is a process by which money deposits aims to avoid this reporting requirement
derived from illegal activity in one country is pur- and escape detection of federal authorities.
chased by peso brokers, who sell currency or mon-
etary instruments to legitimate businesses. This In many jurisdictions, structuring is illegal in and
method is also widely used for legitimate purposes of itself, and institutions are required to monitor
in many countries, including Colombia. A more for patterns of deposits that indicate structuring is
thorough description of BMPE, as it is commonly taking place.
known, is available in Chapter 10, Money and Com-
modities Flow. BULK CASH SMUGGLING
Criminal operations, such as narcotics or human
PREPAID CARDS AND E-CASH trafficking, often generate large amounts of hard
Smart cards are an ever-present money laundering currency. In order for this cash to be concealed,
threat because they store value in electronic form placed within the financial system or utilized by a
that serves as the equivalent of currency. Some financial institution, it often must be smuggled
countries allow prepaid, or “smart” cards, to carry into another jurisdiction. This is referred to as bulk
unlimited value, while others place monetary limits cash smuggling.
on them. More on prepaid cards, virtual currencies
and other evolving payment systems can be found While the term is sometimes used to describe the
in Chapter 10, Money and Commodities Flow. movement of large amounts of cash within a juris-
diction, typically bulk cash smuggling takes place
SMURFING across national or jurisdictional boundaries. Many
Smurfing, which is sometimes called structuring, is jurisdictions have laws prohibiting bulk cash smug-
a well-known money laundering method that is con- gling, as it can violate reporting requirements for
sidered a crime in most countries. Smurfing involves cross-border currency transactions above a cer-
dividing illegal proceeds between multiple persons, tain threshold.
known as “smurfs,” who then make multiple depos-
In one example of a typical bulk cash smuggling
its into many separate accounts, often at different
operation, money from the sale of narcotics is
institutions, to avoid reporting thresholds.
41
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
collected and sorted in a central location. Smaller ations conducted by Mexican drug cartels. Conse-
bills are exchanged into larger bills, which are then quently, US enforcement agencies have assembled
packed for transport. Once prepared, the cash can the following list of red flags for bulk cash smug-
be moved across the border in a variety of ways. It gling to help financial institutions spot the activity:
may be carried across in multiple small shipments • An increase in the sale of large denomination
by cash mules crossing illegally or legally, hidden in notes from a financial institution in one
personal luggage or vehicles. It may be packed in jurisdiction to another institution in a bordering
with consumer, industrial or agricultural goods and jurisdiction
shipped commercially. Sophisticated criminal gangs
may use surveillance and intelligence-gathering • Large volumes of small denomination notes
operations to help cash shipments move across the being sent by currency exchange houses in
border successfully. one jurisdiction to their accounts at a financial
institution in another jurisdiction, or sold by the
Regardless of the methods, bulk cash smuggling exchange directly to an institution in another
operations can involve financial institutions in mul- jurisdiction.
tiple jurisdictions at several steps during the pro-
cess, either to obtain high-denomination currency Large volumes of small denomination notes
in exchange for smaller bills or to ultimately place being exchanged for large denomination notes at
the smuggled cash. The border between the US and an institution
Mexico is a prominent location for smuggling oper-
$3 Million in US Currency Seized by Law Enforcement in the US City of San Diego as Part of an Effort Targeting Bulk Cash
Smuggling. SOURCE: US Customs and Border Protection
42
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
43
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
third parties called “company formation agents.” In most useful leads for unearthing beneficial owners
some jurisdictions, shell companies can be formed behind shell companies in criminal investigations.
online through company formation agents and
with little to no information collected on the ben- SHELF COMPANIES
eficial owners behind the shell company, for less A similar concept to a shell company, the shelf com-
than $1,000. pany is a corporation that has no activity or busi-
ness. The name refers to how these companies are
Most importantly, shell companies are an anony- formed and then left to “age,” or are “put on a shelf.”
mous, or at least concealed, vehicle to access the Some shelf companies may be completely inactive
international financial system. To further obscure for years before being sold off to a buyer.
ownership, many financial criminals will operate
through layers of shell companies, which can make There are a number of reasons why buyers may
it very difficult to trace funds or assets back to the want to purchase a shelf company, and some are
ultimate owner. completely legitimate. In many jurisdictions, it is
simply easier to purchase a pre-existing company
Consequently, shell companies have become a than to set up a new one.
fixture of financial crime schemes of all varieties.
Almost any sophisticated money laundering, fraud In other cases, a businessperson may have an easier
or corruption operation involves at least one shell time gaining interest from investors, securing loans
company at some point the process. Historically, or winning government contracts with a company
certain nations and jurisdictions have become pop- that appears to have been in business for several
ular locations to form shell companies. There is years. However, those same qualities of apparent
often an overlap between these jurisdictions and legitimacy and longevity are what make a shelf cor-
those labeled as “secrecy havens.” poration appealing to financial criminals.
44
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
not affiliated or connected to the entity controlling the bankers settle their transactions. Hawala is
it. In the financial crime context, fronts are often attractive to money launderers because they leave
seemingly legitimate businesses with a physical a slight audit trail and the identities of the custom-
presence and actual operations, but whose primary ers who receive the funds are known only by the
purpose is to launder criminal proceeds. An exam- “bankers.” More information about ITVS will be pro-
ple is a restaurant formed by an organized crime vided in Chapter 10.
ring that, while open for regular business hours and
serving customers, mainly exists to take in money CHARITIES AND NONPROFITS
from narcotics trafficking. Charities and other nonprofit organizations can
also serve as money laundering vehicles. They have
TRUSTS access to significant funding sources, often have a
Trusts are legal entities created by a “settlor” to presence worldwide, and, in some jurisdictions, are
manage property for a beneficiary. The settlor subject to little regulation. Moreover, “donors” can
transfers property that he owns to the trust. This often make contributions to charities anonymously,
property is managed by a trustee according to the providing a convenient vehicle to launder funds or
terms described in the trust. Trusts can be mis- move money across borders.
used for hiding money and hiding the identity of the
true beneficiary. Trusts are convenient vehicles for In recent years, charities and nonprofit organiza-
money laundering and usually permit payments to tions have emerged as a significant risk for terror-
beneficiaries that could disguise money laundering. ist financing, as well as corruption. Corrupt officials
Usually, the payments need not be explained or jus- will sometimes request that bribes be paid to char-
tified. The trustees are often lawyers who hold the ities under their control, as will be discussed fur-
assets in trust for others. ther in later chapters. Terrorist organizations will
also use charitable operations as covert fundraising
BEARER BONDS AND SECURITIES operations to gather funds from supporters over-
These are convenient tools of money launderers seas. Many of the same red flags of money laun-
because they belong to the person who carries dering discussed previously also apply, such as in
them, thus the name “bearer.” Bearer shares are these examples:
transferred by a physical delivery from one per-
son to another. • Charities and nonprofits that conduct wire
transfers to countries where they have
HAWALA AND INFORMAL VALUE no operation
TRANSFER SYSTEMS • Charities and nonprofits that operate in high-
Hawala and other underground banking procedures risk countries
are often called informal value transfer systems • Charities and nonprofits with a vague
(IVTS). They are most popular with persons from description of their purpose and services
Africa and Asia and involve the transfer of value • Charities and nonprofits that have no obvious
outside the regular banking system. These informal physical presence or operate from a P.O.
value transfer systems have existed for centuries
and facilitate the secure movement of funds. Per- • Box would both be potential money launderers.
sons who wish to send funds to relatives in another
country place funds with a hawala banker. For a fee,
the banker arranges for the funds to be available
from another “banker” in another country. Later,
45
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
46
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
curate. Many corporate registries are not updated THE US MONEY LAUNDERING LAW
on a regular basis, and most do not conduct due
Because it is one of the oldest and most powerful
diligence on the information provided, instead rely-
of its kind in the world, it is helpful to study the pro-
ing on the person or company registering the legal
visions of the US money laundering law. Enacted
entity to provide accurate and true information at
in 1986, the US law has a specific “extraterritorial”
the time of incorporation.
provision which, at the time of its enactment, was
unique for its far-reaching applicability.
Despite these weaknesses, registries can be a valu-
able starting point in an investigation. Information
This US law is proof that money laundering is a part
obtained from them, such as the names and contact
of all financial crimes. Anyone who works in finan-
details for registered agents or shareholders, will
cial crime should understand the architecture and
typically require further investigation and verifi-
“extraterritorial” reach of this law, which carries a
cation before the true owners behind a legal entity
maximum penalty of 20 years in prison. It can be
can be discerned.
applied to anybody, for virtually any transaction or
activity related to a crime, anywhere in the world.
Many jurisdictions have national or regional reg-
The US uses it often against fraudsters, tax evad-
istries that can be publicly accessed online. Addi-
ers, persons engaged in foreign corrupt practices
tionally, a number of international bodies maintain
and other financial criminals. The law’s more than
websites that can either be used to find corporate
220 “specified unlawful activities (SUA)” are a pre-
registry information directly, or have links to corpo-
requisite to prosecution and a catalogue of financial
rate registries of various jurisdictions. Names and
crimes. These are also known as predicate offenses.
links to these organizations and regional registries
The law permits government civil actions and the
are provided below. In the US, corporate regis-
appointment of “federal receivers” by US judges
tries are maintained at the state level, and can be
to pursue stolen assets worldwide, armed with US
accessed by searching online for the registry of a
government financial data and assistance from US
given state.
treaty partners.
• International Association of Commercial
The law may be used only if the proceeds of at least
Administrators (IACA)
one designated underlying crime are present in the
http://www.iaca.org/
laundering transaction. Without the proceeds of at
• Corporate Registers Forum (CRF) least one of more than 200 SUAs, no prosecution
http://www.corporateregistersforum.org for money laundering can proceed.
• European Business Register (EBR)
http://www.ebr.org/section/4/index.html It is important to note that not all the listed SUAs
are US crimes. Certain foreign crimes are included
• European Commerce Registers’ Forum
among the SUAs and may serve as the basis of a
http://www.ecrforum.org/
prosecution if their proceeds are part of a US trans-
• Association of Registrars of Latin America and action or are conducted with a US entity.
the Caribbean (ASORLAC)
http://www.asorlac.org/ingles/portal/ The law asserts “extraterritorial jurisdiction” if the
default.aspx “conduct … is by a US citizen or, in the case of a
non-United States citizen, the conduct occurs in
47
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
part in the United States” and more than $10,000 • Procure goods and supplies
is involved. • Fund other ongoing operations
The SUAs include virtually every US crime that pro- By that same token, money is the terrorist organi-
duces money or an economic advantage, including zation’s weak point. By helping to identify and cut
fraud, corruption, bank fraud, copyright infringe- off these funding sources, financial crime profes-
ment, embezzlement, export violations, illegal gam- sionals play a critical role in combating terrorism.
bling, racketeering and even environmental crimes.
In most jurisdictions, terrorist financing is cov-
The SUAs include some foreign crimes, such as brib- ered by the same legal framework established by
ery of a foreign official, embezzlement from a gov- anti-money laundering laws and regulations. This
ernment, “misappropriation, theft, or embezzlement means that customer due diligence, monitoring and
of public funds” by a foreign official, fraud against a reporting related to terrorist financing risk are an
foreign bank, extortion, narcotics offenses, kidnap- essential part of an anti-money laundering compli-
ping and robbery. They also include violations of the ance program.
Foreign Corrupt Practices Act and the Trading with
the Enemy Act. By including violations of the For- Like other money launderers, terrorist financiers
eign Corrupt Practices Act, the money laundering have shown considerable resourcefulness and
law raises the specter that a company or an individ- adaptability in the ways they move funds and con-
ual could be accused of both offenses simultane- ceal their financial activities, utilizing many of the
ously. Each violation is deemed to stand on its own. same channels and methodologies as other finan-
cial criminals.
It is also possible for an individual or company to
violate the money laundering law when conducting In one example, the director of the Financial Crimes
transactions with nations, organizations and indi- Enforcement Network, the national financial intelli-
viduals that are subject to sanctions by the US or gence unit for the US, stated that nearly 20 percent
other countries. of international terrorism cases being investigated
by the FBI in 2014 had related Suspicious Activity
Reports and Currency Transaction Reports associ-
TERRORIST FINANCING
ated with them. This reporting helped further inves-
Detecting and preventing the movement of funds tigations connected to the self-styled Islamic State,
tied to terrorism is one of the most important Al-Qaeda and other terrorist groups.
and challenging components of anti-money laun-
dering compliance, investigations and enforce- Consequently, activity detected and reported
ment. In some cases, it can literally be a matter of through AML compliance programs can be critical
life and death. to support law enforcement efforts against terror-
ist groups. This section examines terrorist financing
Money is essential to terrorist organizations, and models, methods to conduct transactions, emerg-
not only for carrying out attacks. Terrorist groups ing risks and red flags of transactions potentially
need financing to accomplish the following: linked to terrorism.
• Recruit new members, and pay
existing members
• Create and disseminate propaganda
48
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
Fundraising could come from a variety of sources: These fundraising models can pose a unique chal-
• Individual contributors, ranging from small lenge to detection and prevention not necessarily
amounts from low-level backers on a one-off shared by other forms of money laundering. The
basis to larger and more consistent funding funds flowing to terrorist organizations may be
streams from wealthy individuals. legally derived, at least in the initial steps.
• Nonprofits, charities and foundations, ranging For example, an individual “donor” employed in
from radicalized religious organizations and the UK may withdraw a small portion of his legiti-
their followers to sham charitable groups that mate monthly paycheck in cash, and use it to send a
act as fronts for terrorist funding. In some money order to a family member overseas.
cases, nonprofits may have some legitimate
operations and unwitting donors, while From one perspective, this transaction seems like a
skimming funds off for terrorist organizations. fairly routine remittance payment. Unknown to the
In other instances, nonprofit services may be financial institutions involved, the family member
misused to support terrorist groups, helping receiving the money order is then passing the funds
them with recruitment, supplies or other forms along to an associate of a terrorist organization.
of assistance. These types of transactions emphasize the need for
Not surprisingly, studies by the FATF have robust monitoring typologies and a keen awareness
found that non-profits providing services of the geographic risks associated with payments
within areas that have active terrorist of all sizes.
organizations are most vulnerable to misuse
by terrorist financiers. Nonprofits involved in Another challenge arises when terrorist groups
humanitarian services in conflict regions are sometimes use funding to provide social goods and
also at higher risk. services. A terrorist organization may fund a school
or a medical facility in a region where they operate,
• Legitimate businesses, operated or controlled
for example.
by the associates of terrorist organizations.
These may act as fronts to accept funds
This may be done as a recruitment tool, to gain
directed to the organization or have a portion
support of the local populace, or as a cover for
of their legitimately-derived revenues
illicit activities. These social services organizations
redirected to terrorist groups, or some
may open bank accounts, receive payments and
combination of the two.
conduct their own seemingly legitimate financial
• Nation-state backers, which may be transactions.
ideologically aligned with the causes espoused
49
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
Terrorist organizations, such as the Taliban and This blurring of the lines between transnational
Al-Qaeda, are engaging in transnational drug traf- organized crime and terrorist financing should
ficking and human trafficking to raise funds. Others, encourage compliance professionals and law
such as the Islamic State and Boko Haram, are con- enforcement to dig even deeper when conducting
ducting massive extortion schemes in controlled investigations or reporting suspicious money laun-
territories and by the theft of commodities like oil dering activity.
and gas. Trafficking in stolen antiquities, illegal
wildlife and assets like gold and precious metals are METHODS TO CONDUCT
also lucrative funding outlets in recent years. TERRORIST FINANCING
Like others in the money laundering space, terror-
These activities and the financing streams they ist financiers generally weigh several factors when
generate bring terrorist groups more in line with determining how to move funds and conduct trans-
the operations of traditional organized crime, lead- actions, regarding their speed, certainty, expense
ing terrorist organizations to adopt similar money and risk of detection.
laundering methodologies – from complex corpo-
rate structures to trade-based laundering. Ideally, financiers want a high degree of speed and
certainty, and low degree of expense and risk. How
Many experts have also noticed another worrying this translates into transaction methods can change
trend – increased levels of coordination between greatly based on a terrorist organization’s circum-
terrorist organizations and transnational organized stances and geographic region.
crime rings unaffiliated with any ideological or reli-
gious cause. These relationships are usually profit- For example, sending $50,000 through a wire trans-
able matters of convenience, driven by overlapping fer might seem to be faster and more certain than
territories, activities or goals. using a cash courier to move funds overseas. But for
a Taliban cell operating out of a remote area of rural
Observers have noted a particularly strong connec- Pakistan, accessing the banking system might be
tion between narcotics cartels and terrorist orga- more difficult and prone to detection than sending
nizations. In Afghanistan, the Taliban has long sup- someone to physically transport the cash.
plied narcotics cartels in Eastern Europe, Southeast
Asia and other regions. In 2012, a United Nations TERRORIST FINANCIERS USE A
assessment found that a third of the Taliban’s esti- VARIETY OF METHODS:
mated $400 million budget came from the produc- Cash couriers or mules. Physical transportation
tion and trade of poppies, the precursor ingredient of currency has long been a fixture in terrorist
in heroin and opium. financing schemes. Despite the risk of detection,
cash couriers can circumvent the monitoring and
More recently, in 2016, the US Drug Enforcement reporting that might be triggered by moving funds
Agency arrested several members of a militant divi- through the formal financial system. Couriers can
50
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
also be very useful in the conflict zones or underde- Manual. Hawala is one of several informal systems
veloped regions where terrorist groups frequently around the world, such as Fei Ch’ien or “Flying
operate because cash is often the only means to Money” in China.
conduct transactions.
Although they have existed for hundreds of years,
In more recent years, “foreign terrorist fighters” hawala systems came under greater scrutiny after
traveling to support terrorist groups have become the September 11th terrorist attacks in New York
another type of cash courier. Residents from other in 2001. Investigations in the wake of that attack
countries traveling to conflict zones to militarily found that Al-Qaeda routinely used hawalas as one
support terrorist groups, often referred to as for- of their primary transaction methods.
eign fighters, are not a new phenomenon.
More recently, an attempt to bomb Times Square
However, after the Islamic State launched its cam- in New York in 2010 was bankrolled through hawala
paign to form a so-called “caliphate” and actively transactions. The would-be bomber, located in
courted foreign supporters to travel to its territory, Connecticut in the US, received two payments
the number and volume of FTFs increased. Rising of about $5,000 and $7,000 transmitted from a
incidences of online recruitment and radicalization Taliban-linked organization in Pakistan through
have also boosted the numbers of FTFs. hawaladars in Massachusetts and New York.
Many foreign fighters traveling to support Al-Qaeda, Money services businesses. Money services busi-
the Islamic State and other groups in Syria and Iraq nesses include a wide range of businesses, such
brought currency with them. In some cases, these as currency exchanges, check cashers and money
funds made up a substantial portion of a terrorist transmitters. While MSBs are covered by the same
group’s budget. AML regulatory requirements as other financial
institutions in most jurisdictions, many do not hold
Hawala networks and other informal value trans- accounts for customers, and often have fewer
fer systems. Methods for moving funds that exist opportunities to conduct in-depth customer due
outside of the formal financial system, hawalas diligence or develop detailed customer profiles that
are described in more detail in other parts of this could help detect suspicious transactions.
51
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
Unlicensed MSBs are also common in many coun- Some terrorist groups have also utilized gold, dia-
tries. These may operate with minimal record-keep- monds and other precious metals and stones as a
ing and little to no customer due diligence, increas- means of financing. Precious stones, in particu-
ing their attractiveness to terrorist groups. MSBs lar, are high-value assets that can be easily trans-
can often move funds rapidly and at low cost, with ported, concealed and converted into currency in
cash available to recipients in a matter of hours. another jurisdiction. Many countries in the Middle
East and Asia have thriving gold markets, mak-
Banks. Despite the level of scrutiny and attention ing it easy to transfer gold into cash and less
paid to terrorist financing within the banking sector, likely that large transactions in gold will seem
depository institutions, such as banks and credit out of place.
unions, can still be vulnerable to terrorist financing
transactions. Prepaid and stored-value cards. In 2015, a group
of individuals paid for hotel rooms in Paris using
Counter-terrorist financing controls are not con- prepaid cards. The next day, these individuals car-
sistently applied in every jurisdiction or at every ried out a terrorist attack on the Bataclan nightclub
institution. Terrorist financiers have been known to and surrounding areas in the city that left 130 dead
exploit correspondent accounts held by institutions and many others injured.
with weak controls to move substantial amounts of
funds. In less common but notable cases, financiers This incident raised the scrutiny on prepaid cards
have essentially taken over compromised banks to as a tool for financing terrorist attacks. Stored-
hold funds or conduct transactions. value cards that are rechargeable or tied to an
account often require more rigorous due diligence
Like other forms of money laundering, terrorist and monitoring of customer usage. However, low-
financing can stay under the radar by utilizing small er-value cards that cannot be reloaded and are
transactions, or seemingly legitimate transactions, often purchasable in cash are still available in many
between individuals or business entities. In one jurisdictions, with few to no restrictions on who
older but still notable example, the September 11 purchases them.
attacks were largely financed by transactions that
moved through large regional and international US Because they are highly portable and easy to con-
banks headquartered in the US. ceal, prepaid cards may be a viable funding method
for some smaller-scale terrorist attacks. Recently,
Trade-based money laundering and commod- the European Union tightened regulations on pre-
ities movement (TBML). With terrorist groups paid cards to reduce the dollar threshold of cards
moving closer to transnational organized crime that could be purchased without customer identifi-
in their operational structure and activities, their cation and documentation.
increased use of trade as a money-launder-
ing vehicle is no surprise. TBML offers the abil- EMERGING RISKS AND
ity to move large amounts of funds across bor- TERRORIST FINANCING
ders, and, although governments have boosted Like all financial criminals, terrorist financiers will
efforts at trade transparency, the risk of detect- exploit any and all methods available to obtain and
ing suspicious trade transactions remains low in move funds. This includes new payment systems,
many countries. online tools to solicit donations and fraud schemes
to raise funds, among other mechanisms.
52
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
However, as new tools and techniques become more Groups and individuals affiliated with terrorist orga-
mainstream, it is likely that terrorist financiers will nizations have also used social media as a straight-
exploit them with increasing regularity. forward fundraising tool, posting calls for donations
with wire transfer coordinates or account informa-
FRAUD SCHEMES tion for funds transfers on Facebook, for example..
In other instances, fundraisers might use postings
Members of terrorist groups and their backers on social sites to attract interest, then follow up
have been known to use a variety of different fraud with potential donors using more private and secure
schemes to support themselves or raise funds. In messaging applications.
some European countries, sympathizers and mem-
bers of terrorist organizations have used fraudulent In the wake of the San Bernardino terrorist attack
tax refund applications and government benefits to in the US in December 2015, it was widely reported
raise funds. They have used credit cards obtained that the attacker had obtained a personal loan from
through stolen identities. an online peer-to-peer lending service. Although
there was not a direct line between the loan and the
In one example, a group of individuals in Spain funding needed to carry out the attack, the incident
faked traffic accidents and filed fraudulent insur- still raises concerns over how a subset of new “fin-
ance claims in an effort to raise funds for FTFs trav- tech” services could be used for terrorist financing.
eling to support the Islamic State and for another Peer-to-peer lenders may be less well-versed in CTF
group called the Movement for Unity and Jihad in compliance and less regulated than other types of
West Africa. financial institutions.
53
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
Organized crowdfunding sites have also been mis- LONE WOLVES AND SMALL-
used by those seeking to fund terrorism. Crowd- CELL TERRORISM
funding sites enable individuals to quickly and In recent years, the rise of so-called “lone wolf” and
easily set up a fundraising page and start solicit- small-cell terrorists have posed a new and troubling
ing donations, possibly under false pretenses or in issue for financial institutions and law enforcement.
the name of sham nonprofit organizations. In some
cases, donors may not be aware their contributions Historically, many terrorist plots have typically
are funding terrorism. required multiple participants, a degree of coordi-
nation with supervisors or superiors and technical
DIGITAL CURRENCIES skills, such as bombmaking. Lone-wolf or small-cell
Some individuals have gone beyond payment cards attacks involve one or a handful of participants, and
and bank transfers, making the leap to digital usually rely on readily available weapons or tech-
currencies to solicit funds for terrorist organiza- niques. Attackers may be self-motivated by online
tions online. propaganda, or have only limited contact with han-
dlers from terrorist organizations.
In 2015, the US arrested an Islamic State backer
named Ali Shukri Amin for using Twitter to spread For these reasons, lone-wolf attacks have low fund-
information on how to use bitcoin to fund the ter- ing needs and create only a small financial footprint,
rorist group, in part by sharing an article Amin had with transactions that can be very difficult to distin-
written titled “Bitcoin and the Charity of Jihad.” guish from legitimate activity. The attack on French
magazine Charlie Hebdo in 2015 was thought to be
Bitcoin’s relative anonymity, the irrevocability of funded primarily through a 6,000 Euro personal
transactions and the ability to move funds across loan obtained with fraudulent documents and the
national borders are all appealing to terrorist finan- sale of a used car. Compared to other small-cell
ciers. In many situations, however, converting digi- attacks, that was a relatively complex plan, involv-
tal currencies into the real-world funding that ter- ing firearms and three attackers. Attacks using
rorist groups need to operate may be challenging knives and vehicles already owned by the perpetra-
and impractical. tors require even less funding.
As of late 2017, law enforcement investigators and A report by a Norwegian armed forces research
analysts have noted relatively few instances of ter- group that looked at 40 terrorist plots in Europe
rorist groups moving substantial amounts of funds between 1994 and 2013 found that about 75 per-
through virtual currencies. With digital currencies cent cost less than $10,000. Some funding meth-
and online payment systems becoming more com- ods used by lone actors and small cells include
mon and widely accepted, this is likely to change the following:
in the future. • Self-funding through legitimate means, such
as employment income, sale of goods or
In early 2017, Indonesia’s national financial intelli-
possessions, government benefits or income of
gence unit reported that Bahrun Naim, one of the
a spouse or family member.
country’s most notorious militants and a member of
ISIS, used online payment services, such as PayPal • Low level crime, including petty theft, small
and bitcoin, to transfer money to his colleagues to scale fraud and drug dealing. There is an
fund terrorist activities. increasing body of evidence suggesting that
54
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
lone actors and small cell attackers often have vating many lone actors, and, in some cases, warn-
criminal histories. ing signs of extremism could be found on these indi-
• Small-scale fundraising, usually limited to the viduals’ social media accounts.
attacker’s family, friends and direct connections.
RED FLAGS OF TERRORIST FINANCING
Detecting activity linked to lone actors and small Due to the overlap with general money laundering
cells can be very challenging for financial institu- methods and techniques, many of the same red
tions. Some institutions have sought to create lone flags covered in previous sections also apply to ter-
wolf monitoring typologies to watch for the pur- rorist financing.
chase patterns sometimes associated with these
attacks, such as weapons, body armor or sur- The Egmont Group, a confederation of national
vival equipment. financial intelligence units of more than 130 coun-
tries, analyzed nearly two dozen cases involving
Institutions are also conducting increased due dil- terrorism and identified these indicators:
igence and ongoing review of customer’s social • Frequent domestic and international
media. Online radicalization plays a big role in moti- ATM activity
PERCENTAGE OF TERRORIST ORGANIZATIONS WHO HAD RAISED FUNDS FROM VARIOUS SOURCES, FROM A STUDY OF 40
TERRORIST CELLS OPERATING IN EUROPE. SOURCE: NORWEGIAN DEFENCE RESEARCH ESTABLISHMENT
55
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
• Unusual cash activity in foreign bank accounts • Media reports that the account holder is linked
• Multiple cash deposits in small amounts in an to known terrorist organizations or is engaged
account followed by a large wire transfer to in terrorist activities
another country • Beneficial owner of the account not
• Cash or ATM withdrawals in or near properly identified
regions of conflict • Use of nominees, trusts, family member or third-
• Use of multiple foreign bank accounts party accounts
56
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
Q 3-1. Chuck Smith conducted a Ponzi scheme by luring innocent domestic investors to
invest. He claimed they would get a steady stream of payments over time and would receive a
handsome return on their investment. The transaction worked as follows:
• All investors resided in Smith’s country and wired money to Smith in order to make an
investment based on his statements, which later turned out to be false.
• Smith next moved the funds to an offshore bank account.
• Smith then transferred some of the funds from new investors to previous investors,
claiming it was money generated by their investment.
• Smith used the remaining funds to purchase cars and other luxury gifts to create the
appearance that he was successful.
The underlying criminal activity in this case is wire fraud. At which point did money laundering
FIRST take place?
A. When the investor wired money to Smith based on his false statements
B. When Smith transferred some of the funds from new investors to previous investors,
claiming it was money generated by their investments
C. When Smith used the remaining funds to purchase cars and other luxury gifts to create
the appearance that he was successful
D. When Smith wired funds to the offshore bank account
Q 3-2. A compliance officer at a major insurance company has recently noticed a pattern of
potentially suspicious transactions from a long-time customer. The customer is employed in
a consulting position that requires her to travel internationally on an unpredictable schedule,
and she often resides overseas for extended periods. The customer has several properties
insured with the company for large amounts. In the past three years, she has overpaid her pre-
miums numerous times and then requested a refund be issued. Concerned that the customer
may be laundering funds through the overpayment of premiums, the officer is investigating
the transactions.
Which fact would BEST indicate money laundering may be taking place?
A. The customer often requests that refunds be made by wire transfer to banks outside of
the country.
57
@2019 Association of Certified Financial Crime Specialists
CHAPTER 3 • MONEY LAUNDERING
B. The customer makes the overpayments at different times of the year and in
varying amounts.
C. The customer has recently taken out a sizable new insurance policy on a commercial
property with your company.
D. The customer has requested that refunds on excess premiums be made to an attorney.
Q 3-3. A financial institution holds an account for a charitable organization whose stated
mission is to promote literacy in the local community. The charity derives most of its financial
backing from periodic fundraising drives that take in hundreds of small donations from indi-
vidual donors.
Recently, the institution conducted a due diligence investigation and noticed unusual activity
in the charity’s account.
A. The charity recently purchased a large insurance policy which does not have a surrender
clause and cannot be used as collateral.
B. The charity does not have a long-term leasing agreement on a physical property in a
nearby town.
C. The transaction history indicates a pattern of wire transfers to countries with no previous
connection to the charity’s activities.
D. The transaction history for the charity shows a large number of small cash deposits.
Q 3-4. You are the chief anti-money laundering officer of a full-service bank, and you are
designing a risk-based customer acceptance program to determine the Terrorist Financing
risks specific to not-for-profit (NFP) organizations.
Knowing the elevated risk that NFPs pose, which enhanced due diligence activity is most
essential for these types of client relationships?
A. Monitoring the financial activity in relation to the stated purpose and objectives
of the entity.
B. Obtaining a copy of the organization’s charter.
C. Establishing who controls the organization and its financial activities.
D. For NFPs, customer acceptance requirements are the same as for any other customer.
58
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4
UNDERSTANDING
AND PREVENTING
FRAUD
OVERVIEW
59
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
Some of the red flags of Ponzi schemes include From a fraudster’s perspective, close-knit groups
the following: that value trust and community ties are particularly
• Investment returns that are “too attractive targets. These groups may be slower to
good to be true” accept they have been victimized by a fraudster and
• Investment statements that show continued less likely to report to law enforcement or cooper-
growth or performance contrary to ate with an investigation, especially if community
market trends leaders are involved.
• Unusual/absent fee structure In recent years in the US, affinity scams have tar-
• Lack of substance behind the investment, geted groups as diverse as Amish communities,
such as when due diligence reveals little active-duty military personnel, Chinese immigrants
information on the investment or the company and Mormon church members.
or individual offering it
In many affinity frauds, the underlying mechanism
In pyramid schemes, the promoter promises big is a Ponzi scheme, pyramid scheme or other invest-
profits to investors based on their ability to recruit ment in a non-existent security. As such, red flags
other persons to join the investment opportunity will be similar to other securities fraud typologies,
and not based on sales or investment results. This including the following:
is the primary difference between a Ponzi and pyra- • Investment opportunities with terms presented
mid scheme, although functionally they often oper- verbally, and little to no information in writing
ate similarly. Some possible red flags of a pyramid
scheme include the following: • Investors are pressured with a sense of urgency.
The investment is presented as a “limited-time
• Recruiting of new investors or participants takes offer” or only a short window to get involved
place in an unlimited chain, with new recruits • The investment is presented as an “exclusive
immediately recruiting others opportunity” or limited only to participation
• Promotion or advancement to new levels of the by certain individuals with demographics that
scheme or new investment opportunities that match the group targeted in the affinity scam.
are dependent on recruiting others
• Excessive incentives to recruit other
participants or investors
61
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
62
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
holders that are conducted by a company employee Some indicators of insider trading include
or insider are not considered insider trading. An the following:
example would be stock repurchases. • An individual buys or sells substantial amounts
of a company’s stock or other equities shortly
Insider trading becomes illegal, however, when an ahead of a major announcement
individual is buying or selling a security based on
information not available to the general public. That • A service provider in an advisory role trades
is a violation of a relationship of trust and confidence. heavily in a company’s equities soon after
being engaged in a professional capacity
Examples of illegal insider trading cases include by the company
the following: • An individual with little or no history of investing
• A company’s officers or directors may trade suddenly invests heavily in an equity of one
shares after they learn crucial, confidential company, even borrowing funds to do so
information, such as news of a merger or
acquisition, a new product launch, the pending Stock options fraud. Stock options are generally
release of an earnings report, etc. The given as incentives to corporate employees. The
information could also be negative in nature. A employees are given the option to buy stock at a
company may be the subject of an investigation specified future date. The price of the stock is set
or regulatory enforcement action, for example. when the stock option is given. If the price of the
shares increases, the employee profits from it.
• A corporate insider may share confidential Stock options fraud involves backdating the date the
information with a friend or family member, who option was given to a time when the share was trad-
then buys or sells shares based on the tip. In ing at a lower price. This guarantees that the stock
such a case, both persons may be charged with option will be assured a profit when it is granted.
insider trading.
• Lawyers, public accountants or other corporate Prime bank note fraud. Prime bank note fraud has
advisory roles may trade on confidential become increasingly prevalent in recent years. This
information related to clients gathered in their fraud scheme typically involves selling fake deposit
professional capacity certificates to an offshore account to investors with
• Government employee trades based on the promise of quick and highly profitable returns
non-public information gained through their on the investment. As part of the prime bank note
employment can also violate insider trading fraud, the perpetrator convinces the investor/vic-
laws. For example, a regulator who discovers tim to send money to a foreign bank. The money is
sensitive data about a company’s financial eventually transferred to an offshore account con-
status during a routine examination may use trolled by the perpetrator, who then uses the funds
that information to trade in the company’s stock, for personal expenses, usually having laundered the
in violation of confidentiality. funds to erase the paper trail.
63
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
Further, to establish legitimacy, the schemers will in large quantities of securities. An employee of the
claim to have access to bank “guarantees” that broker-dealer could trade in the security in his own
are being issued by select “prime banks.” This personal account ahead of executing the client’s
is where the term “prime bank guarantee” orig- order, then take advantage of the price change for
inated. To appear more legitimate, the promot- his own benefit. This “front-running” ahead of client
ers use the term “prime bank debenture,” and orders is considered unethical in all jurisdictions,
require that their investors sign non-disclosure and illegal in most.
agreements and non-circumvention agreements.
They usually insist that these forms are “required Similarly, an employee of a broker-dealer could
by the International Chamber of Commerce” or a trade in securities ahead of pending buy-or-sell rec-
similar international body in order to complete ommendations or investment analysis that the firm
the transaction. will soon be presenting to a client.
64
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
In another type of credit extension, a financial insti- the housing meltdown that occurred in the US and
tution can be defrauded by the illegal use of loan other countries in the mid to late-2000s. Mortgage
proceeds that a borrower has been granted. The scams continue to occur, resulting in poorly-per-
fraudulent application of loan proceeds increases forming mortgage portfolios for lenders and inves-
the institution’s risk. The misrepresentation by a tors, as well as consumers unable to make mort-
borrower about the ultimate use of the proceeds gage payments, falling into default and becoming
of a loan can subject that individual to a separate a risk for foreclosure.
crime that is recognized in many countries -- sub-
mitting false statements to a financial institution Mortgage fraud consists of a number of different
from which a credit extension is sought. methods and approaches:
Mortgage and loan fraud involves an intentional Income fraud. This involves overstating the bor-
material misrepresentation or omission of a mate- rower’s income in order to qualify for a mortgage or
rial fact or other information on a mortgage or for a larger loan amount. Prior to the recent hous-
loan application to obtain a loan, or to obtain a ing downturn and legislative incentives requiring
larger loan than the lender would typically grant, lenders to change lending practices, these typically
if the application information was true and correct. involved “stated income” or “liar loans.” In these
Mortgage fraud was one of the leading causes of instances, the borrower, or a loan officer working
100000
90000
80000
70000
60000
50000
40000
30000
20000
10000
0
2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011
SUSPICIOUS ACTIVITY REPORTS MADE TO US REGULATOR FINANCE INVOLVING MORTGAGE FRAUD HAVE
SHOW N A STEADY INCREASE
65
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
on behalf of the borrower (with or without the bor- rower with a “rebate” which is not disclosed to the
rower’s knowledge), would state a specific income lender. The seller as well as the real estate agent
without verification. can participate in the scheme and all can share in
the “rebate.” This scheme requires a fraudulent
Today, these types of loans typically involve an appraisal to be successful.
alteration or forgery of income verification docu-
ments, tax returns or bank account statements in “Shot-gunning” fraud. This occurs when multi-
order to satisfy the income requirements. The fraud ple loans for the same property are obtained with
occurs when the borrower qualifies or attempts to different lenders at the same time and for a total
qualify for a loan, which their true income would amount in excess of the property value. This type
not support. of fraud leaves lenders greatly exposed to losses
because subsequent mortgages are junior to the
Employment fraud. This is another version of income first mortgage recorded.
fraud which involves claiming self- employment in a
non-existent company, or a claim of a higher posi- Lender Fraud. This involves fraudulent lenders or
tion in a real company, to justify the representation mortgage brokers who victimize unwitting borrow-
of a fraudulently compiled income figure. ers or lenders who actually fund or purchase the
loans. Indicators of lender fraud include a lack of a
Occupancy fraud. This usually involves a bor- license (lenders are typically licensed by the state
rower that obtains or attempts to obtain a mort- or jurisdiction in which they operate), loan terms
gage claiming that they will occupy the residence, that are too good to be true, and/or loan documen-
thereby obtaining a lower interest rate on the note. tation that is incomplete, blank or unintelligible.
In actuality, the borrower never plans to occupy
the residence. In addition, larger loans are typi- Foreclosure scams. The housing and economic cri-
cally allowed for owner-occupied dwellings than for sis that afflicted several countries has resulted in an
income properties, for which delinquency rates are increase in the incidence of mortgage foreclosure
substantially higher. scams. Perpetrators of these scams target people
at risk of losing their homes. These include mort-
Appraisal fraud. This pertains to a deliberate over- gage modification scams, as well as “foreclosure
or under-statement of the property’s true value rescue” buyers who try to rush the sale of house
to perpetrate a fraud. An over-statement of value without the proper forms having been completed.
enables the property owner to obtain more money
than the property is worth in the form of a cash-out Buy and bail fraud. As the name implies, this form
refinance; or an organized effort to generate a for- of fraud involves buying a new home with the inten-
profit mortgage fraud scheme. An under-valuation tion of abandoning mortgage payments on the old
of the property enables a buyer/borrower to get a home. Although there are a variety of reasons why a
lower price on a foreclosed home, or to persuade a homeowner might do this, some less insidious than
lender to reduce the balance in the case of a loan others, it is still considered fraudulent. Buy and bail
modification. These frauds typically involve either schemes typically involve homeowners who draw
a dishonest appraiser or a legitimate appraisal that up false rental agreements on their current home,
has been altered. and then use these agreements as part of the doc-
umentation needed to secure a loan on a new home.
Cash-back fraud. This involves deliberate inflation Once they have obtained the new home and moved,
of a property’s price in order to provide the bor- they stop making payments on their old home.
66
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
67
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
While some of the red flags below are specific to FRAUD IN FINANCIAL REPORTING
mortgages in real estate transactions, most apply AND ACCOUNTING
to other types of credit extended by financial insti-
tutions, such as personal loans or vehicle loans: An organization’s financial books and records and
accounting practices are vulnerable to a wide vari-
• Discrepancies or inconsistencies in different ety of fraudulent manipulation, from deceptive
documentation, such as an individual’s tax ID tricks to boost purported earnings to techniques to
number, address, etc., that varies or appears conceal internal theft and embezzlement.
altered, within the loan file
• Same information for multiple parties in Fraud in financial reporting alone is a financial crime,
transaction (i.e., applicant and the listed but it can also be used to further many other crim-
employer have same phone) inal schemes. For example, financial records could
• Information provided for an applicant’s be altered to conceal bribe payments, or fictitious
employment is vague, inconsistent or invoices could be generated as part of money laun-
unreasonable (i.e., employer’s address is only a dering schemes.
PO Box or matches the current address of the
Although not an exhaustive list, some common
resident; the company name or applicant’s job
types of fraud in financial reporting are listed below.
title are generic or non-descriptive)
• Information provided for an applicant’s income FRAUDULENT REVENUE RECOGNITION
is questionable or unreasonable (i.e., the
Almost all companies seek to consistently grow their
income appears out of line with the nature of
revenues, and companies often have some flexibil-
employment, the applicant reports high income
ity in how they choose to recognize their earnings,
but shows no deposits in financial accounts)
as long as record-keeping does not deviate from
• Not an arms-length transaction, meaning “GAAP,” or generally accepted accounting principles.
there are ties between the buyer and the seller
of a property, which can increase the risk However, a pressure to boost revenue can lead a
of collusion company to engage in improper sales practices or
• No real estate agent involved in facilitating deceptive accounting:
the transaction
• Hidden or side agreements in sales
• Loan applicant has history of defaults or
arrangements. To create a short-term revenue
bankruptcies
increase, company employees might negotiate
• Issues with property taxes; unsure if they have sales agreements that are later altered or
been paid and who is paying them? revoked due to hidden terms and conditions.
This is done to book the revenue of the sale
before it is fully completed. These terms are
made verbally or through messages left off
the actual sales contract and might include
refunds, exchanges, different payment terms or
right of return.
68
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
There is nothing inherently wrong with allowing organization’s vendors to create and approve
customers to make returns or otherwise modify fake invoices.
a sale when done legitimately. However, it veers • Modifying a legitimate invoice, inflating its value,
into the realm of fraud when it is done outside or submitting duplicate invoices. An employee
of the proper channels and with erroneously could change the account details on the invoice
recorded revenue without provisions for returns, to an account under their control, and then
cancellations or other modifications. re-submit the original invoice for payment.
• Altering dates or holding open accounting • Alternately, an employee colluding with a vendor
periods. By changing the dates on certain or other third party could inflate the value of a
documentation, like shipping documentation legitimate invoice, and then receive some
or purchase orders, a company can deceptively percentage of the transaction back from the
record revenue in one accounting period that conspirator. In both cases, the employee would
should have accrued in another. Likewise, typically be someone with access to the systems
a company could improperly extend its used for a company’s accounts payable.
accounting period, holding open its receivables
to record sales that should have fallen into the
next period.
• Creation of wholly fictitious sales and
customers. Although this technique is more
vulnerable to detection in audits, there have
been numerous cases where companies simply
falsified sales transactions, and likewise created
false customers to match corresponding entries
in their accounts receivables.
69
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
Like other internal fraud schemes, separation of A good way for a financial institution to prevent
duties and multi-step review can be a powerful tool future problems with a customer is to take reason-
to reduce the risk of false invoicing schemes. This able due diligence steps when the potential new
can be as simple as implementing a two-stage pro- customer seeks to establish a relationship. The
cess for approving invoices: applicant should be asked to corroborate all the
information, and the institution must verify the
information.
1. One employee checks the invoice to confirm it
is for a legitimate product or service. At the earliest stage of a new relationship with a
2. A second employee reviews and customer, a financial institution must assure that
authorizes payment. the person seeking to open an account or establish
When investigating a company’s records for indi- a business relationship is the true beneficial owner
cators of false invoicing, red flags can include of the funds to be invested or deposited. If a busi-
the following: ness organization is involved, the institution should
• Invoices missing common details and ensure that the person seeking to establish the
information, such as no address being provided, relationship is the real principal of the entity or can
a tax ID number is not given, etc. and will identify that person.
• The company name listed cannot be found in the
The nature and size of a relationship usually deter-
jurisdiction’s corporate registry.
mines the degree of due diligence that an institu-
• The invoice and/or supporting documents are tion should take to investigate and verify beneficial
vaguely worded or copied from other invoices. ownership and the principals of an entity. Financial
• No purchasing order that matches the criminals invariably use nominees and fronts in their
information is provided in the invoice. business and financial transactions to hide and dis-
guise their involvement.
• The goods described on the invoice cannot
be found in the company’s inventory, or the
If the account to be opened or business to be con-
services cannot be accounted for.
ducted is of sufficient size and importance, an insti-
• Multiple invoices contain the same tution or business should exercise enhanced due dil-
invoice number. igence to ensure that persons are who they say they
• There are multiple invoices with the same are and that no nominees or fronts are shielding the
amount on the same date, or from the same true parties in interest. In situations of sufficient
vendor on the same date. gravity and size, the institution should go beyond
its walls and seek facts independently from appro-
• The invoice contains errors or misspelling.
priate sources and conduct enhanced due diligence.
FRAUD IN OPENING AN ACCOUNT
If the institution or business confirms that the ben-
Financial institutions are vulnerable to fraud in eficial owner is not the person who appears at the
many ways, and the old adage, “Know Your Cus- institution seeking to establish the relationship, it
tomer,” is as effective a safeguard against external should decline the relationship in the absence of
financial crime as any government regulation. One a satisfactory explanation. If none is provided, in
way to prevent fraud risk is to ensure that an appli- addition to declining the relationship, the institution
cation for a new account or relationship by an indi- should probably report the event to the appropriate
vidual or entity is fully vetted. authorities as suspicious activity.
70
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
INSURANCE AND
HEALTH CARE FRAUD
Insurance and health care fraud is a growing and
increasingly expensive problem. Although health
care fraud can be perpetrated by individuals, the
largest and most successful schemes usually involve
health care providers colluding to overcharge a pri-
vate or government health insurance agency. Typi-
cally, the health care provider orders tests and ser-
vices that are not actually needed by the patient,
bills for services the patient never receives, or bills
for an office visit that never occurs.
71
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
Credit and debit card fraud schemes include student loans, unemployment benefits, tax refunds
the following: or other government benefits.
• Tampering with card readers at ATMs and other
point-of-sale locations, typically by inserting Some fraud in government benefits may actually
skimmers to steal card numbers and passwords. be occurring with “good intention.” This can hap-
pen when another entity is trying to get benefits
• Online theft of numbers through compromises for a person without proper ID, and allows the filing
of online security. of the benefits knowing that the ID provided is not
• Identity theft to apply for credit and debit valid. While helping someone in need with this sto-
cards, such as “too good to be true” credit card len ID, the perpetrator is also creating a separate
offers through which the fraudsters obtain the victim of identity theft.
individual’s personal information and then use
that to apply for other cards. Fraud in government benefits can often involve col-
• Physical theft of the card. lusion of two or more individuals, as well as collusion
between outside actors and government employees.
• Internet fraud schemes, which involve the use
of unlawfully obtained credit card numbers to
order goods or services online. INTERNAL FRAUD
Internal theft and misappropriation of assets by
FRAUD IN GOVERNMENT BENEFITS employees and insiders of a business organization
are rampant in all countries. A business can take
Fraud in government benefits is generally perpe- several steps to minimize exposure to these crimes.
trated by identity theft. Using a stolen identity, the
fraudster can assume to be the proper recipient of As in the case of financial institutions seeking to
benefits intended for someone else. This type of prevent threats posed by the “enemy within,” the
fraud is typically perpetrated with the help of know- first step businesses should take start at the door
ing the victim’s identification or Social Security of the human resources department. Hiring wisely
numbers (or other identifier), through which access through thorough examination of applicants is cru-
to benefits is typically verified. cial in minimizing internal theft and misappropria-
tion. Thorough interviews, vetting of all important
Fraud against government agencies takes many aspects of a candidate’s background, prior job and
forms. It can be as basic as improperly applying for independent references is crucial.
and receiving benefits of small amounts offered by
a social welfare program. Or, it can involve large Background checks, due diligence and examination
sums under large contracts, such as those with mil- of criminal records are also indispensable steps.
itary and aerospace agencies, in which a contractor Depending on the sensitivity of the position and the
in the private sector inflates costs or furnishes sub- potential fraud risk it poses, companies should also
par materials to the agency or performs improperly consider screening employees against PEP lists,
under the contract. sanctions lists and negative news scans. Not all of
these screens may be required for every position,
In some cases, financial criminals even recruit the but they could be applicable for higher risk roles. All
help of prisoners who provide their identifications, of these policies and procedures should form part
such as their Social Security number if they are in of a pre-employment screening program.
the US, to pose as legitimate applicants seeking
72
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
A code of ethics explaining acceptable and unac- or has non-business ties to the vendor, this may
ceptable conduct and a program of mandatory warrant further investigation.
financial disclosure for key employees should also • Sudden changes in the employee’s spending
be required. habits and lifestyle — As obvious as this seems,
this red flag remains a fixture in internal fraud
Financial institutions and other businesses should schemes. If an employee suddenly starts
also strongly consider establishing an anonymous purchasing expensive luxury goods, buys a
telephone line or similar mechanism that employ- house or other assets that don’t match their
ees can use to report theft and other dishonest acts. salary, or otherwise starts living beyond their
known income, it warrants careful scrutiny.
This reporting mechanism should be separate from
the usual reporting that takes place through the • Employees that have overlapping roles with
lines of business – In other words, an employee access to the company’s funds or accounts
reporting to their superior, who then may escalate — A lack of clear division of duties is a weak
it to their superior, and so on. If there is no option point for fraudulent behavior. If one employee
to report outside of the typical reporting through is responsible for generating invoices and
the chain of command, employees may be unwill- approving their payment, or adding new vendors
ing to speak up for fear of retaliation, and will have to a company’s system and then approving
nowhere to turn if their managers are the ones them, this creates vulnerabilities for fraud.
actually involved in the suspected fraud. Organizations should carefully scrutinize these
roles and consider adding a separate layer of
Close observation of employee behavior may also authentication.
provide telltale signs of vulnerabilities to the “enemy
within.” Some common indicators and risk areas for It is worth noting that organizations should always
potential involvement in insider fraud include: be cautions when developing programs to review
employees for insider fraud risk. Legal issues arise
• Resistance to taking vacation/sick days or in monitoring employee behavior and legal coun-
refusal to share job responsibilities — If an sel of a business or institution should be consulted
employee rarely takes vacation or sick time, or before implementation of new policies. For example,
is resistant to sharing their duties with another monitoring employee use of social media may raise
employee, it could indicate something more privacy and other issues on which a lawyer should
sinister than sheer devotion to the job. This advise the business or government agency that is
is particularly true of roles with access to a contemplating a new policy.
company’s books and records or payment
processing functions. Likewise, when an Internal misappropriation can be the work of low-
employee declines a promotion or reassignment level as well as higher rank employees. They should
to a different area of the company, this can all be monitored on a risk basis, and the risks posed
raise red flags. by senior-level staff should not be ignored. Often,
higher ranking staff is capable of inflicting far
• Employees with close ties to a vendor or more harm on a business than employees at the
other third party — An employee that seems lower levels.
abnormally close to a vendor or vendors should
raise questions. For example, if an employee Internal controls aimed at reducing insider fraud
contacts a vendor more often that is necessary do not necessarily need to be complicated. Sim-
for business purposes, advocates on their behalf, ple mechanisms like division of duties and “mak-
73
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
er-checker” models can be highly effective at and to delay the discovery of the identity theft
detecting certain types of fraud. For example, one by the victim.
employee could be tasked with creating new ven-
dor invoices in a company’s payment system, and Identity theft and identity fraud are terms used to
another employee assigned to review and approve. refer to all types of crime in which someone wrong-
fully obtains and uses another person’s personal
One thing is certain. If no internal controls exist, data in some way that involves fraud or deception,
or if those that exist are not enforced, temptation typically for economic gain. With enough identify-
lures employees. ing information about an individual, a criminal can
take over the individual’s identity to conduct a wide
range of crimes, such as false applications for loans
IDENTITY THEFT AND FRAUD and credit cards, fraudulent withdrawals from bank
Identity theft is a giant menace of the 21st century. accounts, or obtaining other goods, services or
Often, perpetrators are employees of businesses, privileges which the criminal might be denied if he
including doctors’ offices, government agencies and were to use his real identity.
financial institutions. The goal of identity thieves is
to uncover the identities of private individuals in If the financial criminal takes steps to ensure that
order to obtain the numbers and other characteris- bills for the falsely obtained credit cards, or bank
tics of their credit cards, place of employment, res- statements showing the unauthorized withdraw-
idences, children, family members, friends, vehicles als, are sent to a physical or e-mail address other
and other personally identifying information. than the victim’s, the victim may not become aware
of what is happening until the criminal has already
By learning a person’s personal information, an inflicted substantial damage on the victim’s assets,
identity thief can penetrate a bank account, use credit and reputation.
their credit cards, receive government benefits,
seek a tax refund in someone else’s name and more. OVERVIEW AND METHODS OF
There are various red flags that indicate a person IDENTITY THEFT
has been the victim of identity theft. These include Identity theft is one of the fastest growing types
unusual activity in personal financial accounts, of consumer fraud and considered one of the lead-
unknown charges on credit card statements, noti- ing threats to deposit accounts at banks and other
fication by a tax agency that more than one tax financial institutions. It can be perpetrated by a wide
return was received in your name, and other har- variety of means, including some popular methods
rowing occurrences. listed below:
74
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
74,915
Theft Type
Credit Card
Employment or Tax Related Fraud
Phone or Utilities Fraud
124,784
133,015
55,558
235,670
46,920
133,944
123,215
101,174 82,051
75
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
• Collusion between the fraudster and customer, techniques used to manipulate people into per-
or between fraudster and employees of an forming actions or revealing confidential informa-
organization tion in order to gather data, commit fraud or gain
access to computer systems or networks. The basic
COMMON TECHNIQUES USED BY tools used to obtain information are simplistic and
IDENTITY THIEVES based on human nature. The roots of social engi-
Creating fake online identities. Fraudulent identi- neering reach back to the days of traditional ‘con’
ties play a significant role in many high profile finan- men and leverage the same skills to convince a vic-
cial fraud crimes. With today’s Internet capabilities, tim to reveal sensitive information.
fraudsters can easily create new or fake identi-
ties. Utilizing social networks, blogs, forums, email Leveraging technology. Fraudsters capitalize on
accounts, domain creation, website creation and the speed and anonymity afforded by new technol-
various internet accesses, the fraudster can create ogies to perpetrate identity theft and identity fraud,
an entire false persona, including name, address, including the following:
telephone number, email address, website, etc., and • Using handheld skimmers and other devices
represent it as real. Once this basic identity is cre- that lift account information when the individual
ated, the fraudster can file for a sole proprietorship swipes his or her debit or credit card at an ATM
or set up a corporation using the identifiers of the or point-of-sale location, such as in a store
false persona. • Getting people to disclose sensitive personal
data by sending them phony emails (Phishing),
The fraudster can then obtain a government tax or text messages (Smishing) and phone
other identification number for the business and calls (Vishing)
open a new bank account for it. From all the infor-
mation associated with this person and business, it • Using malicious software to capture and
can appear to be a legitimate entity. transmit personal information to counterfeiters
over the Internet (Malware)
Social engineering. Fraudsters also engage in • Using peer-to-peer computer technology, such
social engineering to perpetrate identity theft. as the kind found on music-sharing sites, to
Social engineering typically refers to methods and search personal computers for password files,
account numbers and other information
76
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
pieces of information from a real person are mixed Since synthetic IDs usually do not have a credit
with invented data to create an entirely new identity. history, institutions should be careful and conduct
thorough due diligence when dealing with so-called
It starts with a real tax identification number, usu- “thin file” applicants. Institutions should also verify
ally belonging to a child. Because it belongs to a applicant information from one than one source,
real person, the tax ID will often show up as a valid rather than relying solely on a credit report.
number in credit reporting and other checks used
by financial institutions. Issues with an applicant’s tax ID number can also
be a red flag. If the tax ID number does not match
Tax identification numbers belonging to children the other information provided for the applicant, or
are preferred because children typically don’t have matches a different person, this can be an indicator
much of a presence in the financial system. They of synthetic ID fraud.
usually aren’t applying for accounts, checking their
credit report or doing other activities that might RED FLAGS OF IDENTITY THEFT
lead to detection. The fraudsters will then create a Due to the prevalence and increasing growth of iden-
fake name and other details around this stolen iden- tity theft, various countries have pushed financial
tification number, including a real address (usually a institutions and other organizations to incorporate
PO box or mail drop). the following into their fraud surveillance systems:
Using this new identity, criminals now have several • A layered approach that combines scanning
years to set up accounts, establish a credit history, software with other monitoring tools to
get credit cards and obtain personal loans. Fraud- proactively identify and defend against
sters might nurture these synthetic IDs for years, identity theft
making card payments and servicing loans, to • Improved authentication procedures, including
increase the amount of credit extended to them. At layers and token or biometric authentication
some point, they will max out their credit cards and devices and procedures
loans and disappear. • Implementation of fraud detection software to
identify account takeover
In one notable recent case, a fraud ring created
nearly 7,000 synthetic IDs and used them to obtain Because so much fraud committed now involves the
more than 25,000 credit cards, as well as loans. illegal use of stolen customer or internal data, laws
The scheme went on for years, and ultimately led and regulations concerning the safeguarding of con-
to more than $200 million in losses from financial fidential customer data have been enacted in many
institutions. jurisdictions. In particular, financial institutions are
often required to make their own assessments of
Financial institutions are still struggling with how to potential red flags of identity theft within their pro-
manage the risks of this form of fraud. Like some cesses or procedures and to implement methods for
forms of loan fraud, synthetic ID fraud is often writ- detecting and preventing these red flags.
ten off as a credit loss, and never recognized as a
criminal incident. This misclassification reduces For example, the US Federal Trade Commission
the likelihood that an institution will build controls and other regulators implemented the FACT Act in
around synthetic ID fraud, or report it appropriately 2009, which established key red flag categories and
to law enforcement. specific examples indicative of identity theft. These
red flags are broadly applicable and are consistent
with identity theft red flags or scenarios identified
77
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
by regulators in other countries. The following are −− A social security or other identifier number,
key red flags: as well as address or phone number that has
• Alerts, notifications and warnings from a credit been used by other people opening accounts
reporting company:
• An applicant who cannot provide identifying
−− A fraud alert on a credit report information beyond what is generally available
−− A notice of credit freeze in response to a from a wallet or credit report, such as a person
request for a credit report who cannot answer a challenge question
−− A notice of address discrepancy provided by a • Suspicious account activity:
credit reporting agency −− Soon after the organization is notified of a
−− A credit report indicating a pattern of activity change of address, requests are made for
inconsistent with historic activity new or additional credit cards or to add users
−− An unusual number of recently established to an account.
credit relationships or −− A new account that is used in ways associated
−− account closing(s) because of account with fraud. For example, the customer does
privilege abuse not make the first payment or makes only an
initial payment, or most of the available credit
• Suspicious documents: is used for cash advances or for purchases of
merchandise, such as jewelry or electronics,
−− Identification that appears to be which is easily converted to cash
altered or forged
−− Account usage patterns are different
−− The person presenting the identification from historical activity, such as sudden
does not look like the photo or match the non-payment or increase in the use of
physical description available credit
−− Information on the identification differs from −− Mailed statement is returned as undeliverable,
what the person presenting is saying, or or the customer reports that he or she is not
does not match other information, such as a receiving the account statements in the mail
signature card or previous signatures
−− Customer reports unauthorized charges
−− An application looks like it has been altered, on the account
forged or torn up and reassembled
• Notice from other sources, such as reports from
• Suspicious personal identifying information: a customer, a victim of an identity theft or law
−− Inconsistencies with other information, such enforcement authorities
as an address that doesn’t match the credit
report; use of a social security number or The following are signs of identity theft that an indi-
national identifier that does not match vidual should be on the alert for:
−− An address, phone number, or other personal • Certain mail, particularly financial statements
information that has been used on an account and bills, is no longer being delivered
known to be fraudulent • Unfamiliar charges on bank statements
−− A fake address, an address for a mail drop or • The tax authorities reporting the receipt of
prison, an invalid phone number or one that is multiple tax returns using one’s name or
associated with a pager or answering service national identifying number
78
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
79
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
systems has become a critical part of an organiza- that typically affect the institution or organiza-
tion’s ability to control operational risk. Integrating tion, or firms like it. Assess the potential for these
fraud detection and prevention into the organi- schemes and scenarios based on past incidents of
zation’s overall GRC framework can produce sub- fraud, the culture of the organization and its current
stantial benefit, including a better understanding framework of internal controls.
of the impact of financial crime on the organization,
improving return on risk and compliance invest- Most FRAs focus on identifying fraud risk in six
ments, enhancing the organization’s reputation and key categories:
cultivating customer trust. • Fraudulent financial reporting
80
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
of the fraud risk assessment is to guide the organi- “New account” fraud is a significant challenge and
zation’s auditors to implement specific measures to has become a main conduit for identity theft and
detect fraud, and senior risk management profes- other types of fraud. Fraudsters and criminal organ-
sionals to establish or adjust anti-fraud controls to izations that target financial institutions take
reduce the risk of fraud. advantage of gaps in employee training and com-
munication and the pressures that front- line
As part of the risk assessment, the FRA team employees typically face to provide good service
and the internal audit department must consider and bring in new accounts.
whether and how anti-fraud controls can be circum-
vented or overridden by management and others.
They should also analyze both internal and external BASEL COMMITTEE ON
threats to confidential electronic data and com- BANKING SUPERVISION
puter and network security.
The Basel Committee on Banking Supervision
KEY ELEMENTS OF A FRAUD (BCBS) is a committee of banking supervisory
COMPLIANCE PROGRAM authorities that was established by the cen-
tral bank governors of the Group of Ten coun-
Anti-fraud environment tries in 1974. It provides a forum for regular
• Proper tone set by senior management cooperation on banking supervisory matters.
• Strong, ethical corporate culture Its objective is to enhance understanding of
key supervisory issues and improve the qual-
• Meaningful code of conduct ity of banking supervision worldwide. The
Committee also frames guidelines and stan-
Education and training dards in different areas - some of the bet-
• Anti-fraud training programs ter known among them are the international
• Data and information security training programs standards on capital adequacy, the Core
Principles for Effective Banking Supervision
• Open communications with employees, vendors,
and the Concordat on Cross-Border Banking
suppliers and customers
Supervision.
Proactive detection The Basel Committee formulates broad
• Effective fraud tip hotlines supervisory standards and guidelines, and
• Whistleblower protections recommends statements of best practice
in banking supervision (such as the “Basel
• Punishment protocol
III Accord”, for example) in the expectation
that member authorities and other nations’
Investigation and follow up
authorities will take steps to implement them
• Empowered audit committee with oversight of through their own national systems, whether
fraud prevention program in statutory form or otherwise.
81
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
ing or preventing fraud by improving the ability of information, to help validate the information
the firm’s front-line employees to verify whether provided by the customer or applicant:
application information is fraudulent for a customer • Check if the customer or applicant has used
opening a new account or seeking to transact with or is using more than one national identifying
the organization. Not only must the credit side of number, a Social Security number in the US, or
the institution or organization guard against fraud, other commonly used identifier typically used
deposit accounts are also vulnerable to fraud. for the purposes of identity verification.
A sound Know Your Customer/Customer Due Dili- • Review an individual’s address history relating
gence (KYC/CDD) program includes robust cus- to their national identifying number or
tomer identification and account-opening proce- • Social Security number. Often, a fraudster has
dures, which allows the institution to determine the numerous such numbers associated with his or
true identity of each customer and to assess the her identity.
risk or potential risk presented by the customer. As • Review how the person’ s surname, or family
part of the customer onboarding process, the orga- name, appears in the credit report or other
nization should perform due diligence as follows: third-party information compared to how the
• Gather and verify customer identification name is spelled on the account or application
materials in paper documents and electronic documents at the start of the relationship.
identity verification • Check the usage of mail drop locations or rental
• Verify and authenticate the customer’s identity mailboxes, which could be a sign of multiple or
• Screen the customer against national and false identifications.
international sanctions lists and other watch
lists, such as known or suspected fraud lists OVERVIEW OF FRAUD MONITORING AND
from internal and external sources, including DETECTION SYSTEMS
law enforcement sources Because of the volume of customers, transactions
• Document the normal and expected business and data involved in monitoring and surveillance, as
activity for each customer, including occupation well as evolving fraud trends and its shifting sands,
and business operations some organizations leverage specialized technol-
ogy to help meet their fraud detection and report-
• Document the customer’s relationship within ing requirements.
the organization and its subsidiaries, including
all the lines of business Data Mining Tools. Data mining is an effective and
widely used approach for discovering and detect-
Many of these steps also apply to organizations ing fraud. Data mining is used to detect patterns
that are seeking to develop or strengthen inter- of activity or transactions which are anomalous,
nal procedures to guard against signs of corrupt or “stand out,” from typical customer or business
activities by their own employees or through third activity. It can also be used to discover previ-
parties with foreign public officials and their family ously unknown relationships between customers,
and associates. accounts and entities transacting with or through
the firm or financial institution.
• To prevent fraud, customer identification should
leverage third-party data and sources, such as Suspicious patterns are symptoms of fraud, not evi-
credit reports and other sources of identifying dence of it. Typically, further investigation must be
done to determine whether the activity is actually
82
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
fraud (or another form of financial crime) or is legit- prevent fraud on a product or channel- specific
imate. Therefore, data mining tools must be com- basis. Traditionally, they have focused on employing
bined with other capabilities which facilitate the “point solutions” which focus on a relatively narrow
review and investigation of the identified exceptions. scope of behavior or fraud.
Data mining tools have evolved substantially and Point solutions can be very effective for specific
are able to analyze much larger sets of data in a problem areas, such as check fraud and check kit-
much faster timeframe. Data mining techniques ing, ATM fraud, credit card fraud, and for establishing
have been integrated into many software solutions mechanisms to help protect access through remote
targeted at fraud detection. channels, such as online or mobile banking and other
services. Point solutions may use one or a combina-
Predictive analytics. Predictive analytics are widely tion of fraud detection techniques, including predic-
used in fraud detection and prevention efforts. Many tive analytics and rule patterns, to detect the specific
predictive analytical techniques were pioneered by type of fraud for which the solution specializes.
the credit card industry, and in recent years have
been leveraged in other areas including payments, Unfortunately, fraudsters do not stick with one
online banking access, account opening and small channel, line of business or product. Deploying mul-
business fraud. Like data mining techniques, pre- tiple fraud detection solutions does not support
dictive analytical models have been integrated into the ability to share and consolidate critical infor-
many fraud detection software solutions. mation among fraud detection silos, which leaves
the organization and its customers vulnerable to
Predictive analytics look at potential risk factors more sophisticated fraud schemes. Each of the
to detect the likelihood of fraudulent activity and major areas of fraudulent activity —activity creat-
develop models which can be leveraged for real time ing the most challenges for firms in terms of losses,
monitoring. For example, analytical models evaluate customer service issues, and reputation—typically
transactions to identify subtle patterns of behavior involve more than one type of mechanism, chan-
indicative of fraud, or activities that are atypical nel or product.
for an account or customer. Fraud analytical mod-
els are an excellent complement to other detection Although point solutions offer significant capa-
techniques, such as reports or rule patterns (which bilities in specific areas of fraud, they can gener-
detect known patterns of fraudulent activity). ate high levels of “false positives” and may not be
well-integrated into the overall fraud and risk man-
Analytic modeling provides flexibility because it agement regime of the organization.
allows successful automated detection of a broad
spectrum of suspicious activity, including activity Fraudsters, who sometimes associate with orga-
not previously recognized as fraudulent. Analytical nized crime, often use smarter and more sophisti-
models can also predict the likelihood or propen- cated methods to gain access to financial data in
sity of fraud based on attributes of the customer or an organization. Sometimes collusion among mer-
entity seeking to do business with the firm or finan- chants, fraudsters and organization insiders exists.
cial institution, and, therefore, are an important part For this reason, many organizations have imple-
of the account and relationship opening process. mented enterprise-wide fraud detection systems,
including transaction monitoring and case manage-
Point fraud detection products. Most business ment systems to support a broader view of fraud
organizations, including financial institutions, have across various channels and types of products
invested in products and processes to identify and and services.
83
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
Transaction Monitoring Systems. This is an auto- information used for analyzing or investigating
mated system, either a proprietary application or alerts or cases.
vendor-provided, for ongoing scanning of transac-
tion, customer and entity data. It filters, compiles Third party data. These can be reports, online
and summarizes transaction data and flags or issues research portals and public record and proprietary
alerts on situations of potentially suspicious or data sources and analytics provided by third-party
fraudulent behavior. Detection is typically achieved data vendors and repositories. These may include
through implementation of fraud detection scenar- credit record information, as well as more sophisti-
ios that fall into three categories: cated predictive analytics. This information can be
used at the time of account opening for Know Your
• Rules-based scenarios which identify specific
patterns of behaviors related to fraud
typologies or red flags.
• Statistical profiling scenarios which identify BENFORD’S LAW
unusual activity by modeling typical or expected When hunting fraud in financial documents,
activity profiles for a specific customer or type Benford’s Law can be a useful tool. It is a math-
of customer and identifying outliers. ematical theory that says certain digits appear
• Predictive analytical models which provide more frequently than others at certain posi-
automated detection of a broad spectrum tions in real world data sets.
of suspicious activity, including activity not
previously recognized as fraudulent. Analytical Benford researched all different sorts of data
models can also predict the likelihood or sets- from the size of butterfly wings to the
propensity of fraud. surface area of rivers - and found the same
principle held true: The number 1 appears as
Some software solutions leverage or combine mul- the first digit about 30% of the time, and the
tiple types of approaches to help improve detection number 9 appears first less than 5% of the
capabilities. In addition, most transaction monitor- time. The numbers 2 through 8 have different
ing systems also provide alert and investigations probabilities of appearing as the first digit.
management systems to facilitate and document
the analysis and investigation of alerts and cases. Benford’s Law applies to account transactions,
Comprehensive alert and case management can bank transfers and wire transfers, and can be
automate processes and reduce investigative costs. used in investigations and forensic accounting.
Enterprise case management built specifically for For example, an investigator might analyze
financial crime investigators can provide a single a company’s financial statements and note
view of fraud, risk and compliance status. It can that the number 9 is the first digit 25% of the
help prevent and reduce losses by automatically time. This will merit closer scrutiny and could
uncovering and focusing investigations on the most indicate fraud
urgent and actionable alerts.
84
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
85
@2019 Association of Certified Financial Crime Specialists
CHAPTER 4 • UNDERSTANDING AND PREVENTING FRAUD
Q 4-1. The CFO of a large public corporation sees that the company’s quarterly numbers are
going to exceed analysts’ expectations. Knowing the stock price will probably make a big jump
when this news is released, he makes several large open stock repurchases, which increases
the intrinsic value of the tens of thousands of shares he already owns.
He then mentions the earnings report to his wife, and she buys 1,000 shares of stock in her
personal trading account. Her broker, who knows that she is married to the CFO of this com-
pany, feels that she must know something, so he recommends it to many of his clients who buy
some very large blocks.
The quarterly numbers are released, and the stock makes a big move as expected. Which indi-
vidual in this scenario has committed insider trading?
A. The CFO
B. The CFO’s wife
C. The wife’s stockbroker
D. The stocks
86
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5
GLOBAL
ANTI-CORRUPTION
COMPLIANCE
AND
ENFORCEMENT
OVERVIEW
87
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
And it gives corporations an unfair competitive corrupt acts may also violate other criminal laws,
advantage by buying government employees, and such as those dealing with commercial bribery, con-
props up poorly-run companies at the expense of spiracy, money laundering and others.
rivals unwilling to make corrupt payments.
This means that all public functions, especially in
For all these reasons, corruption and its many dele- countries where corruption is pervasive, may be
terious consequences have gained great public and corroded and distorted to accommodate the corrupt
international attention in the past two decades. interests of the public officials. A legislator may be
corrupted to advance a legislative project, conduct
Official corruption, which refers to the dishonest an investigation or kill a bill that is pending in the
acts of public officials, can take many forms. It can legislative body. This corrupts the laws that guide
be bribery, extortion, embezzlement, kickbacks, business and other dealings and on which judicial
influence peddling, nepotism and alliances with decisions in business transactions are based.
criminal elements.
Similarly, there is widespread corruption worldwide
Official corruption is not limited to employees in the in the judicial branch of government. This means
executive branch of government, such as heads of judges who are sworn to impartiality and fair deal-
state, ministers, law enforcement officials, inspec- ings with parties that appear before them, are cor-
tors, regulators and other functionaries. Official rupted by a party to rule in a certain way or prohibit
corruption is also widespread around the world in someone from taking action, or compelling persons
the legislative and judicial branches of government. to do certain things. This goes to the heart of the
In addition, many countries’ governments create law and pollutes the legal system to the point where
state-owned commercial enterprises that compete the public, whose tax dollars support the system,
with private sector businesses that do the same loses confidence in the courts and respect for the
things. These state-owned enterprises engage in judiciary and the law.
many commercial activities typically performed by
private sector entities. Official corruption, which is often called public cor-
ruption, is also rampant in many countries where
State-owned airlines are an example. They fly com- organized crime, drug traffickers and other crimi-
mercial routes alongside private sector air carriers nal enterprises shower public officials with money
and have employees that perform similar jobs as and expensive gifts to neutralize the laws and their
those in private airlines. The employees of these enforcement. This creates an environment in which
state-owned companies are as prone to corruption the more traditional financial criminals - who do not
as those of standard government agencies. In gen- dirty their hands with drugs, human trafficking and
eral, the laws of most countries deem corruption the like - find public officials more receptive to their
by persons who work at state-owned entities in the corrupt payments.
same light as corruption by employees of regular
government agencies.
THE WORLD MOVEMENT TO
If an employee of a state-owned airline, for exam- COMBAT CORRUPTION
ple, seeks or obtains an unlawful payment for the Recognizing this, major international bodies have
performance of an official act related to the airline, increased international pressure on nations to
it is a corrupt act just as if it were performed by an intensify their efforts against corruption over
employee of a regular government agency. These roughly the past 15 years. This has resulted in the
88
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
enactment of laws by various nations, notably the In the anti-corruption field, NGOs may be divided
United Kingdom, which enacted its far- reaching into two groups:
Bribery Act in 2010. 1. Those that are associated with or supported by
governments, sometimes through international
In addition, this surge in international attention bodies like the Organization for Economic
to corruption has caused other nations to amend Cooperation and Development
their laws and step up their enforcement activity.
2. Those that are non-profit entities that are
The notable example is the US, which has greatly
not officially supported by or connected to
increased the enforcement and regulatory efforts
a government
under the Foreign Corrupt Practices Act. The FCPA,
which became law in 1977, is the grandfather of such The two types of NGOs often engage in similar work
laws around the world that prohibit and criminalize and partner with each another, thus blurring the
corrupt payments to foreign public officials. distinctions. Typically, however, NGOs connected to
national or international bodies are more active in
The new international standards that have evolved creating and promoting anti-corruption policies and
from these accelerated and intensified efforts have standards, while unaffiliated non-profit agencies
served as a beacon for nations that wish to improve normally focus on anti-corruption advocacy.
their mechanisms to prevent, deter and prosecute
corruption in their government functions. One of the best-known of the unaffiliated entities is
Transparency International (TI), which is headquar-
tered in Germany and has chapters in 100 countries.
NON-GOVERNMENTAL The chapters have considerable latitude to choose
ORGANIZATIONS AND ANTI- the projects they will pursue.
CORRUPTION ADVOCACY
TI’s anti-corruption work is wide-ranging, but some
Non-governmental organizations (NGOs) play a of its most important work is its research, analysis
significant role in these efforts. They have raised and reporting on corruption issues. TI is one of the
awareness of the effects of corruption, advocated key sources of information on global corruption,
for transparent government and business practices, which is facilitated by the data it receives from its
and created and assisted anti-corruption moni- network of chapters. One significant TI publica-
toring efforts. tion is the Corruption Perceptions Index, an annual
report that assigns rankings to all countries based
89
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
on their “perceived levels of corruption, as deter- erished country of billions of dollars. The suit led
mined by assessments and opinion surveys.” French authorities to seize $250 million in property
owned or controlled by the dictator’s son, includ-
There are thousands of non-profit entities world- ing luxury cars, real estate, art and other valuables
wide that are dedicated in whole or in part to located in France.
anti-corruption advocacy, monitoring and public
policy. Sometimes, these groups have urged law Many nations, such as the US, have laws that permit
enforcement agencies to investigate and bring cor- the seizure and confiscation of the assets of corrupt
ruption cases to court. On some occasions, under foreign figures and the sharing of the proceeds of
the laws of a particular country, they have brought these cases with the nation that was victimized by
civil lawsuits themselves. the corruption.
A recent example occurred in France. Three pri- Organization for Economic Cooperation and
vate sector organizations sued Teodoro Obiang, the Development (OECD). This important multina-
son of the dictator of Equatorial Guinea, who was tional organization, which also serves as the parent
suspected of having plundered his oil-rich impov- of the Financial Action Task Force, plays a signifi-
An Image of TRANSPARENCY INTERNATIONALE’S CORRUPTION PERCEPTIONS INDEX 2017. Darker Colors Indicate Higher Levels
of Perceived Corruption. Source: Transparency International
90
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
91
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
United Nations. The United Nations Conven- Charitable and non-profit organizations. - Non-
tion against Corruption, which was introduced in profit organizations and donations to charities rep-
2003, establishes worldwide standards of controls resent popular corruption vehicles. A corrupt offi-
directed at official corruption and mechanisms. By cial may ask that a payment be made to a non-profit
the end of 2012, it had been signed by 140 nations. entity which he or she controls or benefits from.
Signatory nations commit to criminalize bribery,
implement laws and regulations intended to pre-
vent corruption, and cooperate on asset recovery in
corruption cases. Signatory nations may seek and
obtain the assistance of other signatories to com-
STOLEN ASSET RECOVERY
bat corruption. INITIATIVE (STAR)
Assets stolen by corrupt leaders at the
There are other prominent private sector organi- country level are frequently of staggering
zations that render valuable services to the world magnitude. The true cost of corruption far
community on the combat of official and private exceeds the value of assets stolen by the
sector corruption. These include Global Witness, leaders of countries. This would include the
which was formed in 1993 to combat corruption, degradation of public institutions, especially
natural resource exploitation, human rights abuses those involved in public financial manage-
and poverty; and the Group of States Against Cor- ment and financial sector governance, the
ruption, which is a dependency of the Council of weakening if not destruction of the private
Europe and monitors implementation of multilat- investment climate, and the corruption of
eral agreements that seek to combat corruption. social service delivery mechanisms for basic
health and education programs, with a par-
These international bodies, NGOs and other organi- ticularly adverse impact on the poor. This
zations around the world offer information, training “collateral damage,” in terms of foregone
resources and expertise that can be a very valuable growth and poverty alleviation, will be pro-
resource for financial institutions, commercial enti- portional to the duration of the tenure of the
ties and national, provincial and local governments corrupt leaders.
in their compliance, investigation and enforcement
efforts. Financial crime specialists should always Addressing the problem of stolen assets is
keep these resources in mind. an immense challenge. Even though coun-
tries as diverse as Nigeria, Peru and the
Philippines have enjoyed some success in
MECHANISMS THAT asset recovery, the process is time-consum-
FACILITATE CORRUPTION ing and costly.
Throughout the world, there is a wide variety of
mechanisms and vehicles that facilitate the plan- The Stolen Asset Recovery (StAR) initia-
ning and execution of corruption. tive was launched jointly by the UN Office
on Drugs and Crime (UNODC) and the
Here is a listing of some common vehicles for cor- World Bank Group (WBG) to respond to
ruption. Additional information on how these this problem.
can be applied can be found in the money laun-
dering section.
92
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
In guidance on the Foreign Corrupt Practices Act, diligence on businesses that receive payments
the US Department of Justice lists five questions may reveal fictitious businesses that are corrup-
to consider when making charitable payments in a tion vehicles.
foreign country:
• What is the purpose of the payment? Payments through loans. An organization or indi-
vidual could use loans to disguise corrupt payments
• Is the payment consistent with the company’s in several ways. A payer could give a bribe to the
internal guidelines on charitable giving? recipient directly, but then record it as a legiti-
• Is the payment at the request of a mate loan in its books and records. A company or
foreign official? individual could also give an actual loan to a gov-
• Is the foreign official associated with the charity, ernment official or entity, but provide it on very
and if so, can they make decisions impacting favorable terms, such as at a low interest rate if not
your business? interest-free.
• Is the payment conditioned upon receiving Gifts, travel, entertainment and other personal
businesses or other benefits? expenses. These are often a cover for corrupt
dealings with a public official and his family and
Political campaigns. Elected public officials have associates. For example, a public official who asks
political organizations through which corrupt pay- a business person for financial assistance to pay
ments may be made. The official may also use a his daughter’s college education may be seeking a
nominee or ‘front’ to create a company that pro- bribe. Companies that provide an official the free
vides services to the campaign and which may serve use of their apartments, cars or airplanes, in effect,
as a vehicle for corrupt payments. may be bribing that official.
Fictitious employees. A corporation or other orga- Alternately, a company might pay a government
nization can falsely increase its payrolls with fic- official directly, then record payments in its books
titious employees in order to disguise evidence of and records as fictitious gifts, travel and entertain-
corrupt payments. It could also convey bribes by ment expenses. This is one reason why strong poli-
issuing checks to employees that have already left cies on expense documentation and record-keeping
the company, or by directly adding government are important in the anti-corruption context.
officials, their family members or their associates
to the company payrolls. A company could also cor- This does not mean that any funds spent on gifts,
ruptly provide services to government officials by travel and entertainment are illegitimate or ques-
loaning employees to a political campaign while it tionable, but companies should exercise caution
continues to pay their salaries. and avoid anything approaching lavish expendi-
tures on government officials. Some examples of
Financial crime specialists investigating corruption improper travel and entertainment, provided by the
should carefully scrutinize the checks issued to US Department of Justice and based on real-world
company employees to determine if employees on cases, include:
payroll are still working for the company and if they
appear to be qualified for their position and salary. • A $12,000 birthday trip for a government official
from Mexico that included trips to wineries and
Fictitious businesses. A corrupt official may sub- expensive dinners
mit invoices for nonexistent services in the name
of a shell corporation that he or she controls. Due • A trip to Italy provided to eight Iraqi officials
that consisted mainly of sightseeing and
93
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
94
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
One example involved Lockheed Martin Corpo- with the SEC as an “issuer” of securities, meaning
ration. An investigation in 1975 by a US Senate any company whose stocks or securities are traded
subcommittee exposed that the US aerospace on US exchanges. Even a non-US company with no
company had paid $22 million to high-ranking offices, employees or physical presence in the US
government officials in four countries to secure may be criminally prosecuted in US courts for brib-
airplane contracts. The fallout was global. In Italy, ery it committed anywhere in the world. This makes
the scandal forced the sitting president to resign. it a truly international law.
In the Netherlands, evidence implicating the coun-
try’s prince taking corrupt payments disgraced In a prosecution for violation of the FCPA, viola-
the royal family. Japan’s prime minister was tors may face the judicial precept known as “willful
arrested and convicted on charges connected to blindness.” This means that persons or entities that
his accepting bribes. may not have direct knowledge of corrupt payments
may still be held responsible if they were “willfully
The US SEC subsequently found evidence implicat- blind” to the payments and deliberately avoided
ing more than 400 US corporations that had paid knowledge of the facts. The willful blindness pre-
$300 million in bribes to non-US public officials and cept also applies in money laundering cases where
political entities. The resulting outcry in the US and
abroad led the US Congress to pass the FCPA. It
was enacted into law in 1977.
PDVSA BRIBERY SCANDAL
KEY PROVISIONS OF THE FCPA In early 2018, the US Department of Justice
The FCPA is a sweeping anti-corruption law that released the opening salvo in what would
has criminal and civil provisions. It makes it a crime become a broad campaign against corrup-
for US individuals and entities, including corpora- tion tied to Venezuela’s state-owned oil com-
tions and non-profit organizations, to “corruptly pany, Petroleos de Venezuela S.A (PDVSA).
offer, promise or provide anything of value to a for-
eign official for the purpose of obtaining or retain- US prosecutors indicted five former officials
ing business.” The term “foreign official” has been of PDVSA for accepting tens of millions in
interpreted very broadly by US law enforcement bribes to steer contracts to two US-based
and regulatory agencies. It has come to mean not businessmen. As the officials were not US
just elected officeholders, but also political appoin- persons, some were outside the scope of
tees and virtually all employees of a state agency or the FCPA, but still subject to US money
state-owned company. laundering laws. Four of the officials were
arrested in Spain, while a fifth was at large
The FCPA also imposes record-keeping and as of early 2019.
accounting duties on certain entities. These are
known as the “books and records” provisions and In a separate case later in the year, prosecu-
are enforced by the SEC. The provisions require tors in Miami indicted a US citizen and former
companies to create effective controls that are German banker for their role in embezzling
designed to prevent and detect corrupt payments. $1.2 billion from PDVSA. In that instance
Companies that violate these provisions can face as well, prosecutors combined corruption
civil penalties. and money laundering charges, showing a
clear connection.
The FCPA also applies to non-US persons who reside
in the US and to non-US entities that are registered
95
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
96
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
Another important term in the FCPA is “instru- Third parties in the setting of possible foreign cor-
mentality.” US agencies have interpreted it to rupt acts are some of the biggest compliance and
include state-owned enterprises (SOEs), such as liability risks that a business organization can face.
utility companies, airlines and other state- owned The FCPA guidance by the US Justice Depart-
businesses. FCPA cases have involved employees ment and SEC devotes considerable attention to
of SOEs, including managers of so- called sover- third parties and the liability that can flow from
eign wealth funds, directors of a telecommunica- their actions.
tions utility and medical professionals employed
by state-run healthcare systems. State-owned Many companies have faced FCPA enforcement
enterprises are very common in many nations, actions as a result of corrupt payments made
and, in some nations, they have a monopoly or by third parties. One high-profile situation that
near-monopoly on industry sectors such as trans- erupted in mid-2012 involved Wal-Mart’s Mexi-
portation, energy production and infrastructure, can subsidiary, Wal-Mart de Mexico. An investiga-
and health care systems. tion and report by the New York Times revealed
that Wal-Mart de Mexico had retained attorneys,
FPCA cases have also involved companies and indi- known as “gestores,” to help obtain permits from
viduals for corrupt payments to employees of enti- federal, state and local government agencies.
ties that are not wholly-owned by a foreign govern- The attorneys were said to have made widespread
ment. US agencies have determined that foreign payments to Mexican government officials. Wal-
companies or entities can be considered an “instru- Mart is under investigation by the Justice Depart-
mentality if a foreign government has a controlling ment and SEC and has launched a broad internal
interest or otherwise exerts control over them.” investigation.
In November 2012, the US Department of Justice Middlemen who assist companies in dealing with
and the SEC issued guidance to the public on compli- governmental agencies are fixtures of the business
ance with the Act and best practices in meeting the environment worldwide. Carefully vetting and mon-
duties it imposes. They indicated they would most itoring of the third parties that are hired is essen-
likely not pursue an enforcement action against an tial to avoiding FCPA violations. Experts say the
enterprise in which a foreign government held less anti-corruption compliance measures that compa-
than a 50 percent ownership stake. nies and individuals should take when employing
third parties should include the following:
These expansive interpretations of “foreign official”
and “instrumentality” have been challenged, but no 1. Thorough reviews of the third party’s
US court has limited the broad approach of these background, reputation and experience,
government agencies. paying special attention to their connections
with government officials. Abnormally high
THIRD-PARTY LIABILITY UNDER FCPA fees charged by them can be a red flag of
corrupt payments.
Companies and individuals that operate overseas
frequently employ third parties for a variety of 2. Contract terms that explicitly describe all
business tasks, including marketing and distribut- services to be performed, and the fees or
ing new products, providing legal consultation, and expenses that are expected to be charged
acting as intermediaries between the company and and incurred. Contracts should include
government officials. Common examples of these warranties that formally commit the third party
to complying with the FCPA and other anti-
intermediaries are attorneys, sales agents, distrib-
corruption standards.
utors, consultants, accountants and lobbyists.
97
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
3. Continuous oversight and monitoring of third tate or obscure bribe payments, or ignore evidence
parties after a contract is signed, to include that third parties are making corrupt payments on
periodic updating of the review of the third their behalf.
party, requirement of ongoing anti- corruption
training, and annual certification that the third In these situations, various red flags such as the
party is compliant with the FCPA and local laws. following may be used to indicate that a third party
4. The due diligence procedures exercised on may be involved in a corruption scheme:
third parties should be risk-based, taking into
account the geographic area, past history and • Fees that are much higher than other third
the business rationale for hiring them and parties in the same sector, without a compelling
other factors. business rationale
• Requests for abnormal or strange compensation
RED FLAGS OF CORRUPTION IN THIRD- arrangements, such as excessive commissions
PARTY PAYMENTS or unusual reimbursements
A financial crime specialist who is reviewing a com-
pany’s compliance program or investigating a cor- • Requests that payments for services be made to
ruption case should be aware that contracts, pay- offshore accounts
ments and business arrangements with third parties
are common mechanisms for corrupt payments. • Third parties who have little experience in the
field they purportedly work in
In some cases, third parties may be paying bribes • Vaguely worded invoices from third parties or
on a company’s behalf without the knowledge or that do not describe the services rendered
authorization of the company. In other cases, com- • Close ties or past associations with
panies may seek out third parties in order to facili- government officials
A View of the Bonny Island Natural Gas Facility in Nigeria. The US Company Halliburton was Fined $579 Million for Paying Bribes to
Secure Contracts Related to the Facility Worth $6 Billion
98
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
• Third parties who seek to enter into a Successor liability has emerged as a large FCPA risk
business arrangement at the request of a for multinational corporations. One of the largest
government official FCPA penalties of all time was $579 million imposed
• The use of shell companies to conduct against the US corporation Halliburton in 2009.
transactions, or third parties that are This arose from corrupt payments to Nigerian offi-
themselves a shell company cials that were made by Halliburton’s foreign part-
ner in a joint venture.
OTHER METHODS OF CONCEALING
CORRUPT PAYMENTS Conducting due diligence on a company prior to
engaging in a merger and acquisition or joint ven-
There are a range of mechanisms to conceal cor- ture can be essential to avoiding liability. Pre-acqui-
ruption and the related payments. The few rep- sition or pre-venture due diligence should include
resentative examples listed here are intended to a thorough review of a company’s financial records
underscore the diversity of corrupt payments, not and documents to look for evidence of present or
to serve as an exhaustive list. past corrupt payments. The due diligence proce-
dures should look closely at records that reflect
Spotting evidence of corrupt payments involves travel, gifts and entertainment expenses, pay-
more than simply checking off a list of red flags. ments to third parties, and sales records showing
It relies on a careful examination of whether pay- high sales or large commissions paid to salesper-
ments or transactions have a convincing rationale sons overseas.
that fits the underlying business arrangement,
and whether they are transparently and accu- These reviews should take into account risk factors
rately documented. such as the characteristics of the country, where the
company operates and its relationship or ties with
Many concealment methods are seen and exploited foreign governments. A company that operates in
in other financial crimes, which emphasizes the a country where bribes and corruption are cultur-
close ties between corruption, fraud, money laun- ally acceptable, as is often the case in the high-risk
dering and tax evasion. The same investigative industries of oil and gas, would clearly require more
techniques employed in other financial crime cases extensive due diligence than one in a traditionally
may be used to detect corrupt payments and deeds. low-corruption jurisdiction.
Bribe payers and recipients are tirelessly creative in Pre-acquisition due diligence should also exam-
designing strategies to conceal corrupt payments, ine a company’s anti-corruption compliance pro-
and financial crime professionals should be equally grams to assess soundness and identify weak-
creative in identifying and flushing them out. nesses. Compliance programs will depend on
the type of business and level of risk but should
SUCCESSOR LIABILITY
include at least annual employee training, docu-
A company that purchases or merges with a com- mented anti-corruption policies and procedures,
pany overseas should be concerned about liability certification of third parties, and a mechanism
for FCPA violations under the concept known as to report suspected bribery and anti-corruption
“successor liability.” This means that if Company A legal violations.
acquires, merges or enters into a joint venture with
Company B, Company A may be held liable for the When an acquisition is completed, the two compa-
prior FCPA violations of Company B. nies should integrate their compliance programs
and ensure they are consistent across all offices,
99
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
Chiquita’s Colombian subsidiary, C.I. Bananos de Exportacion, S.A., or “Banadex,” was the company’s
most profitable banana-producing operation. The case revealed that Banadex gave at least $1.7 million
in 100 separate payments to a Colombian terrorist group, the Autodefensas Unidas de Colombia or the
United Self Defense Forces of Colombia (AUC), from 1997 to 2004. The company also made payments to
another terrorist organization, the Revolutionary Armed Forces of Colombia, or FARC. Both were violent
paramilitary organizations known to kidnap and murder civilians to further their agendas.
AUC was labeled a foreign terrorist organization (FTO) by the US Secretary of State in 2001 and a Spe-
cially-Designated Global Terrorist in 2003. These designations made it illegal for US entities to enter
into business with or otherwise support the AUCFrom 1989-1997, Banadex paid FARC for rights to grow
bananas in a region of Colombia. In 1997, the leader of the AUC met with the general manager of Bana-
dex and explained his intentions to remove FARC from power and institute AUC as the ruling group
in the area. The AUC leader threatened the general manager, saying that harm would come to Bana-
dex personnel and property if he did not provide regular payments to AUC. Banadex paid AUC regu-
larly until 2004.
It was revealed in the case that at least 10 top executives knew about and approved the illegal activi-
ties. Chiquita even received counsel about this predicament and was very strongly advised to stop pay-
ments. The company ignored the legal advice and continued to produce bananas in the terrorist-con-
trolled regions.
After three years of investigations and legal proceedings, Chiquita pleaded guilty to making $1.7 million
in illegal payments to designated terrorist groups. The company was fined $25 million and agreed to
adopt a large-scale corporate integrity program in the case settlement. Although the Department of
Justice considered individual prosecution of Chiquita executives, none was pursued.
100
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
101
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
ment, and focused mainly on violations of the brib- up to $5 million and civil fines of up to $150,000, as
ery provision. well as prison terms as long as 20 years.
In recent years, that trend has shifted, and the SEC Instead of pursuing criminal cases, the US Justice
has begun to pursue companies for violating the Department often employs Deferred Prosecution
books and records provision even when they were Agreements (DPA) to settle FCPA cases against
not charged with violating the bribery provision. companies. This usually includes monetary penal-
Of the eight SEC enforcement actions against cor- ties and other remedial measures, but no criminal
porations in 2012, four were civil cases that only charges brought against the company or individu-
charged books and records violations. The SEC col- als. The terms of a DPA normally include a criminal
lected more than $57.4 million in disgorgements fine and assurances by the company that it will not
from those cases. violate the FCPA again and will improve its anti-cor-
ruption compliance program. Often a company may
In total, the SEC collected $118 million from com- be required to conduct a full audit of its compliance
panies in 2012 in FCPA cases. Financial crime pro- program and submit a written plan for augmenting it.
fessionals should note that this heightened SEC
enforcement increases the pressure on compa- DPAs, which are publicly available at the US Jus-
nies to implement robust accounting controls and tice Department’s website, serve as a resource for
ensure adequate oversight by company directors. financial crime specialists who seek to fashion com-
pliance programs and measures that reduce the risk
CRIMINAL AND CIVIL PENALTIES of FCPA violations.
UNDER THE FCPA
The FCPA imposes substantial criminal and civil The cost of facing an enforcement action runs
penalties. One recent example is the settlement beyond the penalties and the remediation pro-
that the Swedish telecommunications corporation, cedures that may be imposed. At a multinational
Telia, reached with the Justice Department and SEC corporation, such as Siemens, these reviews can
for bribery of government officials in Uzbekistan involve international teams of legal professionals,
in 2017. It exceeded $900 million in civil and crimi- investigators, forensic accountants and auditors, in
nal penalties. addition to internal staff that is distracted from its
normal work for long periods. Companies that are
Companies that violate the law’s bribery provision penalized for FCPA violations have suffered con-
face criminal fines of up to $2 million per violation, siderable declines in their stock price, as well as
and civil penalties of up to $16,000 per violation. lawsuits by shareholders. The reputational harm
Individuals who violate the anti- bribery provision is also large.
face criminal fines of up to $250,000 per violation,
civil penalties of up to $16,000, and sentences of up
to five years in prison.
102
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
103
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
104
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
105
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
their risk profile, size and organizational complexity, as in response to changing market conditions,
and the services or products they offer when they service or product offerings, or partnerships
are determining the resources that will be adequate and business arrangements. When it opens a
to build and maintain the compliance program. new office overseas, it should thoroughly review
its compliance policies and procedures to ensure
Ongoing training for employees and third parties. they are adequate for conditions and risks in the
Training is another crucial element of anti- corrup- new jurisdiction.
tion compliance. It should include the provision to
employees and third parties of full information on Organizations must also take into account any
the relevant anti-corruption laws and regulations changes to applicable laws and enforcement pol-
in the jurisdiction where an organization operates, icies in all countries where it operates. Periodic
and full details on the organization’s anti-corrup- review and updates of compliance programs should
tion policies. Comprehensive direction on how to include how the review results will be reported,
report suspected instances of corruption must be to whom within the organization the report shall
included, via escalation to higher authorities. be given, and how and when the recommended
changes shall be implemented.
The training should clearly delineate the disciplinary
measures that will be taken against employees who Risk-based due diligence on third parties and
violate the policies. Many organizations require transactions. These include acquiring knowledge
termination of those employees and notification of of the third party's reputation and associations, an
the proper authorities of possible criminal or civil understanding of the business rationale for hiring
violations. Some organizations have implemented the party and the expected services the party is
measures that incent proper behavior, such as expected to provide, and ongoing monitoring and
employee bonuses for commendable adherence to due diligence of the third party.
the anti-corruption policies.
106
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
107
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
108
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
with [them] from bribing." The Bribery Act does not • Communication (including training).
specify what “adequate procedures” are. Organizations should use thorough internal and
external communication to ensure that anti-
COMPLIANCE WITH THE UK BRIBERY ACT corruption policies are recognized, accessible
Although the Bribery Act exceeds the scope of the and understood by all employees, as well as
FCPA in several ways, many of the essential com- third parties. This includes a training program
pliance procedures and practices apply under both based and focused on the corruption risks faced
laws. The UK guidance lays out six "principles" it by an organization.
says should form part of an organization's compli- • Monitoring and Review. The anti-corruption
ance program. They are summarized here for ref- compliance program of an organization
erence, but a financial crime specialist conducting should undergo auditing and testing regularly,
a project or investigation related to the Bribery Act especially after significant changes to the
should refer to the full guidance that is included in organization's business lines, services
the Appendix: or operations, such as opening a new
affiliate overseas.
• Proportionate Procedures. An organization
should adopt processes and controls to prevent Financial crime specialists should understand and
bribery that are proportionate to the scale be aware of how the UK Bribery Act differs from
and complexity of its activities. This principle the FCPA, including the absence of an exemption
stresses that all compliance programs must be for facilitation payments and the coverage of the
tailored to the specific circumstances of the Bribery Act of all bribery, not just bribery of for-
organization. The guidance underscores that eign officials.
procedures must be "clear, practical, accessible,
effectively implemented and enforced." UK BRIBERY ACT PENALTIES
• Top-Level Commitment. The guidance Violations of the Bribery Act carry stiff penalties.
recommends that the top management of an Individuals found guilty of violations face up to 10
organization, from CEO to the board of directors, years in prison and an unlimited fine. A “commercial
must have a demonstrated commitment organization” found guilty of failing to prevent brib-
to preventing bribery, which should be ery also faces an unlimited fine.
communicated to the entire organization.
• Risk Assessment. Organizations should conduct Individuals and organizations found guilty may
a well-informed, documented and regularly- have assets confiscated under another British law,
updated risk assessment by determining the known as the Proceeds of Crime Act. A company
nature and extent of its possible external and director or senior manager who violates the Bribery
internal corruption risks. This risk assessment Act may be disqualified from serving as a director of
should include third parties and other persons any company or from taking part in the formation or
and entities associated with the organization. management of any company.
109
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
venting corruption, it is important to understand insurance company if the applicant does not pay a
their distinctions. certain amount to his nominee.
Both are criminal acts that involve a giver providing Extortion typically involves the threat of harm
assets, services or other articles of value to a recip- against a person or entity, whereas bribery involves
ient. One major difference between the two is what the offer of some benefit for a person or entity. To
the recipient will do in response to receiving the be considered extortion, the threat must be credi-
asset or article of value from the giver. In bribery ble and the harm must be immediate and tangible.
scenarios, a giver is providing something of value in
exchange for a benefit offered by the recipient. Both the FCPA and UK Bribery Act have exemp-
tions to making corrupt payments if the payments
In extortion, the recipient is typically not offering are made under real duress, and the company or
to provide anything of benefit to the giver. Instead, individual is in legitimate danger from a credible
he or she is threatening to take an action or engage threat. Even so, companies or individuals looking to
in conduct that will harm the giver if he or she does remain compliant with anti- corruption laws such as
not provide something of value, usually of a specific the FCPA should understand that, in most circum-
amount or to comply with the recipient’s demands. stances, they will not be able to protect themselves
For example, a commissioner of insurance may from liability by claiming extortion.
threaten to reject an application for a license for an
110
@2019 Association of Certified Financial Crime Specialists
CHAPTER 5 • GLOBAL ANTI-CORRUPTION COMPLIANCE AND ENFORCEMENT
Q 5-1. You are a compliance analyst at a multinational financial institution that provides bank-
ing and investment services to large institutional customers. Your institution is currently seek-
ing new business opportunities providing services to universities, hospitals and other institu-
tions with potential ties to political officials and government agencies. Your institution plans
to expand into Norway, India, Botswana and Chile and has asked you to assess the corruption
risks of offering its services in each nation.
What is an accurate risk rating for these countries?
A. Providing investment and banking services in Norway poses the highest risk for
corruption due to a history of bribery by Norwegian state-owned oil companies.
B. Providing services in India poses the highest risk for corruption due to the prevalence of
state-owned entities and Politically-Exposed Persons (PEPs).
C. Providing investment and banking services in Botswana poses the highest risk for
corruption due to widespread graft in government contracts.
D. Providing services in Chile poses the highest risk due to connections between the Chilean
government and international organized crime rings.
Q 5-2. A pharmaceutical sales representative from Company X visits a hospital in the country
of Rachmanistan in order to discuss the benefit of his company’s latest drug. The hospital’s
chief of internal medicine, Dr. Y, agrees to meet with him to learn more about the drug and sug-
gests meeting over dinner at a local bistro. The week after the dinner takes place, the sales rep
sends Dr. Y a gift basket as a token of gratitude for taking the time to speak with him. Company
X is publicly traded in the United States and the healthcare industry in Rachmanistan is entirely
government-owned.
Which statement is NOT true?
A. Paying for Dr. Y’s dinner is permissible under the United States’ Foreign Corrupt
Practices Act.
B. Dr. Y is a medical professional and thus exempt from the United States Foreign Corrupt
Practices Act.
C. Dr. Y can be considered a foreign public official under the United States Foreign Corrupt
Practices Act because he is a high-level employee at a government-owned entity.
D. Sending Dr. Y a gift basket is permissible under the United States Foreign Corrupt
Practices Act.
111
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6
TAX
EVASION AND
ENFORCEMENT
OVERVIEW
There is an old adage that says that “the only things in life that
are certain are death and taxes.” While financial criminals may not
be able to cheat death, they certainly try, and mostly succeed, in
evading their taxes. For obvious reasons, corrupt officials, money
launderers, Ponzi schemers and others usually cannot declare
their criminal proceeds on their tax returns. This would threaten
their criminal operation with exposure. Even if they are able to
make their criminal proceeds appear legitimate for tax purposes,
financial criminals who steal and cheat for a living typically have
few qualms about evading taxes.
112
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
113
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
dard. This will be discussed in more detail later in • Tax evasion is escaping payment of taxes by
this chapter. illegal means, such as by hiding the true state of
one’s finances from tax authorities or not filing
This chapter provides a general overview of what tax required tax documents.
evasion entails and the avenues and mechanisms • Tax avoidance is sometimes referred to as
through which it is conducted. It also covers some tax mitigation and is the legal use of the tax
common schemes of tax evasion and key indicators laws and regulations to one’s advantage to
that suggest tax fraud is occurring. Additionally, it reduce the taxes that are payable by means
provides guidance on conducting investigations that are approved by the law or regulations.
into tax evasion and using tax documents in finan- Some methods of tax mitigation are common,
cial crime investigations, generally. such as making use of pension plans or
retirement accounts in the US that postpone tax
Often, tax information that a person or business
until retirement.
organization has prepared and filed can be a crit-
ical source when investigating a financial criminal Although governments have always had enforce-
or building a legal case against one. Although many ment authority over illegal tax evasion, recent
jurisdictions have tight secrecy laws restricting economic downturns and reduced public revenues
access to tax information, it can be very valuable have forced governments and taxing authorities to
for a wide range of matters. All financial crime pro- closely look at tax evasion methods and so called
fessionals should have familiarity with tax evasion “aggressive” tax avoidance in an effort to detect
and enforcement issues. Sometimes, investigating violators and increase tax revenue.
a criminal as a tax evader can be a very effective
step in unraveling the larger financial crime scheme. Other terms that the financial crime specialist may
need to know include the following:
TAX EVASION VS. TAX AVOIDANCE • Tax shelter is a mechanism by which a taxpayer
may protect assets or income from taxation or
As a financial crime specialist, it is important to
at least delay the application of taxes. Common
distinguish between legal methods to reduce tax
forms of tax shelters may include investments
liabilities and illegal avenues to reduce taxes or
in pension plans and real estate. It is important
evade paying taxes. It is common among taxpayers
to note that many types of tax shelters are
to minimize taxes applicable to income and other
completely legal. Where tax shelters may cross
assets. The tax regimes of many jurisdictions rec-
the line into tax evasion is when they are solely
ognize legitimate methods to minimize or remove
designed for the purpose of avoiding taxes. In
tax consequences for certain transactions, but uni-
these cases, they may be deemed abusive by tax
formly prohibit and punish tax evasion.
authorities and subject the pertinent taxpayers
However, not following applicable tax laws or utiliz- to criminal or civil penalties.
ing unlawful methods to escape taxation can be a • Tax havens are jurisdictions that provide secrecy
violation of law and subject the taxpayer to serious or other means of protecting assets placed there
penalties. Generally, many courts have recognized from being taxed by other jurisdictions. Tax
that individual taxpayers may reduce the amount of havens may be states, countries or territories
taxes that would otherwise be applicable if lawful with low taxes or no taxes at all. It is not
means authorized by law are used. uncommon for corporations or individuals,
usually high-wealth individuals, to physically
relocate to these jurisdictions or shift assets
114
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
there by opening subsidiaries or shell companies. of transparency are limited regulatory oversight
As economies have become increasingly and enforcement powers, and the government’s
globalized in recent years, this has led to fears of inability to access financial records.
tax competition among jurisdictions, as nations • No requirement for a substantive local presence,
compete to offer lower tax burdens. Global which allows individuals and corporations to set
tax compliance efforts, like FATCA, are partly up shell companies and other entities without
intended to stem such tax competition. the need to be physically located in the haven,
sometimes with nothing more than a PO Box.
There is no one universally accepted definition of a
tax haven. One simple definition proposed by some • Self-promotion as an offshore financial center.
economists is a jurisdiction with tax laws that are Before more recent reforms, nations such as the
purposefully designed to cater to individuals and Cayman Islands and jurisdictions such as Jersey
corporations looking to avoid taxes. Often, these and Guernsey, often advertised their offshore
jurisdictions will alter their laws to make them more financial services, indirectly or directly, giving
attractive to persons and entities. the impression they were a tax haven.
115
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
The advantages of tax havens1 basically may be for transparency and exchange of information con-
classified in four categories: cerning tax matters.
Asset holding. The first step of asset holding
involves forming a corporation, trust or other legal Tax evasion. In broad terms, tax evasion or tax fraud
entity. In more complex arrangements, a trust will is the willful violation of one’s legal duty to pay man-
be formed that controls a company. Typically, the datory taxes to the government. At its most basic
entity will be formed in one tax haven and admin- level, tax evasion may be as simple as misstating
istered in another. The purpose of the entity is to facts and numbers on a tax return, or failing to file
hold assets, which may include physical properties, a required form. Other straightforward examples
investments, funds or other companies. By trans- include the following:
ferring the control and ownership of such assets
• Underreporting of income
into an entity in a haven, the assets are often no
longer able to be taxed in other jurisdictions. Asset • Overstating deductions and losses
holding is sometimes done to avoid or evade a spe- • Overstating dependents
cific type of tax, such as inheritance tax.
• Filing returns on behalf of another without
authorization (identity theft)
Trading and other business activity. To minimize
taxes, businesses that operate online or remotely,
Tax evasion schemes can also be extraordinarily
or require only minimal staff, will sometimes relo-
complex, involving offshore accounts and multi-
cate to havens. These may include certain invest-
ple layers of corporate entities and legal trusts
ment and financial services companies, as well as
that make the true owner of assets very difficult to
technology groups. Historically, a key use of havens
determine. While international efforts to increase
for corporations attempting to minimize taxes was
transparency and the exchange of tax information
in transfer pricing schemes.
between jurisdictions have made strides in recent
years, there are still many avenues for the creative
Transfer pricing. This allows companies to shift
financial criminal to dodge taxes and disguise assets.
pre-tax profits and losses between subsidiaries and
legal entities they control in order to reduce their
A few of the more notable tax evasion and fraud
overall tax burden. In general, such schemes are
schemes are outlined below. Specific varieties of
legal, although there are limitations on them in the
tax evasion depend heavily on the tax laws of the
tax laws of many nations. The Organization for Eco-
nation or jurisdiction where the fraud takes place,
nomic Cooperation and Development (OECD) has
and these laws can vary widely. As a result, the
produced guidelines on conducting transfer pricing
financial crime specialist should be aware of tax
that many of its member nations have adopted, but
fraud schemes that are tailored to exploit the laws
the practice remains controversial. Recently, the UK
of their jurisdiction.
has indicated that further international cooperation
is needed to limit what is characterized as transfer
pricing abuses.
116
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
117
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
A Depiction of Carousel VAT Fraud Taking Place within the European Union.
Source: Dutch Tax and Customs Administration
118
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
To prevent their residents from going to other juris- sometimes countries. In a carousel fraud, products
dictions to avoid VAT, most jurisdictions that use will be sold to several traders before being exported.
VAT also legally mandate residents to report and One or more of those sellers will pocket the VAT
pay the tax on items purchased in another juris- instead of paying it to the government.
diction. This can be difficult and resource-inten-
sive to enforce. Consequently, most nations target In many jurisdictions, exporting products incurs no
VAT enforcement efforts at luxury items and other VAT tax. The exporter will then reclaim VAT from
high-cost goods. the government for the full value it was charged by
the sellers, but due to the “missing traders” further
Carousel Fraud. This is a variety of tax fraud that back in the chain, that VAT was never paid to the
goes by several names, including “missing trader” government in the first place.
fraud. It exploits the mechanism for collecting VAT
in order to effectively pocket tax revenues. Carousel fraud is prevalent in the European Union,
due to the number of nations that use VAT and the
Understanding carousel fraud requires knowledge fact that EU member states do not charge VAT on
of the mechanics of VAT. Any company that buys exports. Carousel frauds are often perpetrated by
and sells products will charge VAT to the consum- organized crime rings because of the number of
ers of its goods, and pay VAT to the producers it persons needed and relative complexity of this type
purchases from. The rate of VAT charged changes of fraud scheme.
depending on the step in the buying and selling
process. Essentially, VAT tax is charged each time
a product moves through the supply chain to its
ultimate consumer. An office supply company, for
example, will charge individuals VAT when they buy
a box of printer paper. The same supply company
would have already paid VAT on the same box of
paper when it purchased it from the manufacturer.
119
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
International Business Companies (IBCs). These form a captive in order to claim a tax deduction on
are a form of legal entity that is typically incorpo- their insurance premium, and then devise methods
rated in tax or secrecy havens, such as Panama, the to return the premiums paid to the participants.
British Virgin Islands and the Seychelles, as well
as emerging offshore destinations, such as Ireland Regardless of their layers or complexity, one thing
and Singapore. IBCs are intended to exist solely that tax evasion structures usually have in common
for the purpose of conducting international trade is the facilitation and involvement of third parties.
or financial transactions and typically cannot con- Law firms, private banks, accountants, auditors and
duct business in the jurisdiction in which they are others all may play a role in establishing tax shel-
incorporated. The attraction of IBCs for tax evasion ter arrangements or offshore operations, and in
purposes stems from their secrecy. Typically, in tax secrecy havens these third parties may form a thriv-
havens, a tax identification number is not required ing industry sector. In some financial crime matters,
to open a bank account for an IBC, and limited or no these intermediaries may be a good source of infor-
ownership information is publicly available. mation and potential evidence on the whereabouts,
transactions and assets of a financial criminal.
Offshore Trusts. These are another type of legal
entity typically formed in tax or secrecy havens.
The main advantage of a trust is that it can be used SPECIAL PURPOSE
to cloak ownership of accounts or assets. Many VEHICLES/ENTITIES
jurisdictions either do not collect information on A special purpose entity (SPE) is also referred to as
the beneficial owners behind such trusts, or do not a special purpose vehicle (SPV), or a financial vehi-
publicly share such ownership information. cle corporation (FVC). SPEs are also referred to as
“bankruptcy-remote entities” or “derivatives prod-
Personal Investment Corporation (PIC). Also uct companies.”
referred to as an “offshore company,” PICs are
another means for shifting tax liability from an indi- A SPE is a subsidiary corporation and a legal entity,
vidual to a corporate entity formed in an offshore usually a limited company, created with the purpose
jurisdiction, typically a secrecy haven. Individuals of executing some type of specific or temporary
can transfer assets and property to a PIC and retain objective. The main reason companies create SPEs
beneficial ownership over them, yet avoid paying is to help protect them from financial risk. There are
the appropriate taxes. Frequently, there are multi- situations in which companies abuse the power of
ple layers in the formation and control of PICs. An SPEs, such as in the case of Enron, but that aside,
offshore trust may open a PIC with a law firm act- SPEs are legal, innovative and widely used. SPEs
ing as nominee, burying the individual or entity that provide a range of securities backed by assets, such
truly controls the assets and, in some cases, com- as cash flow on car loans, credit-card and home-eq-
pletely obscuring the ownership of assets. uity debt, manufactured-housing loans, student
loans and equipment leases. Additionally, compa-
Captive Insurance Companies. Like other tax eva- nies transfer assets to SPEs for management or use
sion vehicles, captive insurance companies can be them to finance a project.
completely legitimate and formed for real business
reasons. A captive insurance company is formed The establishment of an SPE is similar to the cre-
when a group of businesses or individuals creates ation of a company in that there must be promot-
an insurance company that is wholly owned by the ers or sponsors. A sponsoring company will isolate
group and only underwrites their own operations. In certain assets into the SPE. This isolation of assets
tax evasion schemes, individuals or companies will is important for providing comfort to investors
120
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
because there are fewer risks associated with it. the SPEs with its own stock, which was only a tem-
With the assets and activities distanced from the porary solution at best.
parent company, the performance of the new entity
will not be affected by the ups and downs of the Although Enron’s use of SPEs was illegal, many
originating entity. Ultimately, a good SPE should be companies use these vehicles to legally con-
able to stand on its own, independently of the spon- duct “off-balance sheet” transactions. As long as
soring company. SPEs are not abused, they can be very beneficial
to companies.
There are several main reasons for creating SPEs.
They may help with securitization, or assist compa-
nies with isolating high-risk projects from a parent REPATRIATING
organization. This also allows other investors to UNDISCLOSED ASSETS
take a share of the risk. Once their proceeds are safely placed in a corpo-
rate entity, shelter or haven, a financial criminal still
Multi-tiered SPEs also allow multiple tiers of debt faces the dilemma of how to access and repatriate
and investment, or can be used for asset trans- his or her assets without alerting the tax authorities
fer. For example, many permits that are required or law enforcement within the jurisdiction in which
to operate certain assets are either non-transfer- they reside. There are myriad avenues:
able or difficult to transfer. By having an SPE own
• Credit cards set up to draw from a tax evader’s
the asset and the permits, the SPE can be sold as a
off-shore account
self-contained package.
• Loans from offshore lenders, shell corporations
Another reason companies create SPEs is to help or legal entities ultimately controlled by
maintain the secrecy of intellectual property.. the tax evader
• The use of property held by offshore entities at
Finally, SPEs are used in financial engineering zero or below-market rental
schemes. The main goal is usually avoidance of tax
• False invoices for services or goods that a tax
or manipulation of financial statements.
evader charges to an offshore entity that they
Sometimes, SPEs are illegally used. In these cases, ultimately control
SPEs are typically used to hide debt or ownership, • Scholarships or charitable foundations that
or to obscure relationships between different enti- covertly funnel funds to a tax evader’s relatives
ties which are actually related to each other, like in or associates
the case of Enron. SPEs sometimes even allow tax
avoidance strategies that are unavailable elsewhere. In addition to these, it is not uncommon for third
parties to facilitate the movement of funds or assets
Enron is the biggest example of the misuse of SPEs. from a tax evader’s offshore accounts to their juris-
In total, by 2001, Enron had used hundreds of SPEs diction of residence. In extreme instances, employ-
to hide its debt. Enron used the SPEs for more than ees of law firms or private banks have physically
just avoiding accounting conventions. The company brought cash or high-value assets to tax evading
established these numerous entities to shield itself clients in other jurisdictions. Such was the case with
from mark-to- market losses in its growing equity the “client advisors” at Swiss banks Wegelin and
investment business. When these investments UBS, who would fly to the US to meet with wealthy
started going downhill, Enron attempted to support US tax evaders and purchase artwork, jewelry and
121
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
other luxury items with funds from Swiss accounts Common employment tax fraud schemes include
to assist them in transferring assets. the following:
Third party withholding fraud. Many smaller busi-
nesses rely on payroll service providers or other
DEMONSTRATING TAX FRAUD
third-party employment firms to manage the pro-
IN LEGAL CASES cess of the withholding taxes employees pay. Just
The tax codes of many jurisdictions are highly com- like the employers themselves, however, these
plex, and reporting requirements are not always companies can collect the employment tax but fail
widely known or intelligible to an average taxpayer. to report it to the appropriate tax authorities. Com-
As a result, the courts of many nations have estab- panies should be aware of this type of tax fraud, as
lished a relatively high standard for proving tax it can result in liability to the company and to the
fraud, recognizing that mistakes are common. Typ- third-party perpetrator.
ically, a government must go beyond showing that
a taxpayer misstated his or her taxes or did not pay Worker status misstatement or falsification.
any taxes, and demonstrate that a taxpayer actually Employers may improperly categorize a full-time
had the intent to commit fraud. employee as part time, or record an employee as a
contractor in order to lessen or avoid certain taxes.
While these cannot be considered evidence or proof,
the following are useful as indicators suggest- Pyramiding. This refers to a company that with-
ing tax fraud: holds taxes from employees, such as for Social
Security in the US, but willfully fails to pay them to
• Repeated patterns of underpayment of taxes the appropriate tax agency. These schemes tend to
• Lack of records to substantiate income, have a short lifespan. The title “pyramid” refers to
deductions and other items in tax filings the manner in which as tax withholdings which are
not being turned over to the government agency
• Extensive use of cash transactions build up, it becomes more difficult for the employer
• Destruction or alteration of financial records, to catch up on the back-tax liability it owes.
especially those pertaining to tax liability
• Failure to provide an accountant or other tax Cash payments. If the employer has large, unex-
professional with necessary information to plained periodic cash payments, or other informa-
prepare tax returns or filings tion suggests that employees are being paid in cash,
it is a likely indicator of tax fraud because of cash
payments. It is not uncommon for employers to pay
EMPLOYMENT TAX FRAUD employees in cash to evade the employment tax
Tax evaders are not only drawn from the ranks of the requirements.
wealthy or from multinational corporations. Busi-
Offshore employee leasing. This refers to when
nesses of all sizes engage in tax evasion and employ-
a taxpayer resigns from his employment position
ment tax fraud schemes are prevalent mechanisms
and signs an employment contract with an offshore
for doing so. These schemes take a variety of forms,
employee leasing company, which indirectly leases
but usually revolve around improperly withholding
his services to his original employer. The employee
or not paying to the government the taxes employ-
performs the same services before and after
ees pay and that employers withhold.
entering into the leasing agreement and generally
receives the same payment for his services. How-
ever, his salary is sent offshore as “deferred” com-
122
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
pensation, in which employment and income taxes • Use of multiple identification numbers by a
may be avoided. single person or entity, or the use of incorrect or
non-existent identification numbers
• Submission of false wage and other statements
RED FLAGS OF TAX FRAUD
Because of the thin line that sometimes exists
between outright tax evasion and aggressive but INVESTIGATIVE TECHNIQUES TO
legal tax avoidance schemes, pointing to specific DETECT AND PROVE TAX FRAUD
actions or behaviors as definitive red flags can be
For the most part, investigative methods that focus
difficult in the tax enforcement field. As a result, the
on tax evasion overlap with financial crime investi-
financial crime specialist should know the tax laws
gative methods. A financial crime specialist who is
of the pertinent jurisdiction well, or consult with a
an investigator of his or her country’s tax agency
tax professional before pursuing an investigation or
must access tax documents and have knowledge of
legal action related to tax fraud.
how to obtain tax information that is typically out of
the reach for other financial crime specialists.
Some acts or situations are fairly clear indica-
tors that tax fraud by an individual or organiza-
Like other financial crime investigations, a tax fraud
tion is occurring. Some potential red flags include
investigation usually starts by gathering relevant
the following:
records and other data that provide evidence of the
tax affairs of the subject. The investigator records
• Deliberately ignoring or failing to follow advice
where, when and from whom the information was
of an accountant, attorney or return preparer
obtained and pursues the leads. Tax evasion or sus-
• Knowingly failing to inform a tax professional picious behavior by a taxpayer is often a sign that a
of all the relevant facts for the accurate larger fraud or financial crime has occurred.
preparation of tax filings or returns
• In the case of tax fraud by a business, As with all financial crime investigations, all docu-
evidence or testimony from employees about ments and other evidence obtained must not be
irregular withholding of taxes or suspicious modified by the investigator in any way. The inves-
business practices tigator must also maintain a clear chain of custody
to log how the custody and control of the records
• Destroying or altering books and records,
changed or progressed from the time it was initially
especially if it occurs just before or after an
obtained to the time it is used in a legal proceeding.
• audit or examination by tax authorities A financial crime professional investigating tax eva-
• The sudden transfer of assets in a manner that sion and other fraud must always strive to obtain the
suggests concealment, or the diversion of funds taxpayer’s explanation for discrepancies in financial
by company officials or trustees, especially to records and other documents, and ensure that their
an offshore location or secrecy haven explanations are recorded clearly and accurately.
• A significant or repeated pattern of incorrect or
In some circumstances, financial crime specialists
understated income on tax returns
will investigate a case in which a tax return has not
• Applications and tax and related documents that been filed, and tax or other fraud is suspected.
appear to be backdated
123
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
When conducting a tax evasion investigation, the depending on the countries involved. Generally,
first contact with the subject presents a crucial TIEAs allow one jurisdiction to request a wide range
opportunity to obtain the point of view of the tax- of information that is “foreseeably relevant” to the
payer and other important information. Tax evasion enforcement of tax laws, including details on finan-
investigations often follow an audit by the examin- cial accounts and beneficial ownership information
ers of the tax agency, in which the subject taxpayer on companies or trusts. Information shared is usu-
may not be aware that the agency may be consid- ally subject to strict confidentiality requirements,
ering a criminal tax evasion investigation focused and can only be shared with courts or judicial bod-
on him or her. ies for the purposes of determining criminal or
civil tax issues.
As a result, the subject may provide information or
access to financial and other documents that they The OECD maintains a database tool that allows
would otherwise take pains to conceal, which may be anyone to view the TIEAs that a country has in place
difficult to obtain in later stages of the investigation. with other countries. This can be a useful resource
for understanding the overall tax compliance and
Some questions that should be asked in the initial potential tax evasion risk on a jurisdiction level. If
interview of the target taxpayer are as follows: a country does not have many TIEAs in place, or is
• Who was responsible for preparing the tax not effectively following up on requests for infor-
documents and returns? mation, it could indicate that the jurisdiction has lax
tax compliance or is acting as a secrecy haven.
• Who was responsible for approving the
statements, including income, deductions and
expenses, cited in the tax filing or returns? THE UNITED STATES FOREIGN
• Who was responsible for management of the ACCOUNT TAX COMPLIANCE ACT
person’s income or business affairs? 2010 (FATCA)
• How were the person’s income or business A landmark tax reporting law, the 2010 US Foreign
receipts calculated and documented for Account Tax Compliance Act is one of the most
tax filings? sweeping changes to international tax compliance
and enforcement ever enacted. Targeting US tax
TAX INFORMATION evaders with undeclared assets offshore, FATCA
EXCHANGE AGREEMENTS compels all financial institutions outside the US
When conducting investigations across national to collect and report to the US Internal Revenue
borders, tax information exchange agreements can Service the US persons that maintain accounts
be powerful resources. Tax information exchange at their institutions. Failure to do so will subject
agreements (TIEAs) are bilateral treaties that pro- the pertinent non-US institutions to a 30 percent
vide a framework for sharing information in criminal withholding tax on US income, in addition to other
or civil tax investigations. A model TIEA was origi- applicable taxes.
nally developed by the OECD’s Global Forum Work-
ing Group on Effective Exchange of Information Although it is a US law, FATCA’s reporting require-
and have since been adopted by dozens of coun- ments cover banks and other financial institutions
tries worldwide. in all jurisdictions, making it a truly global law.
Non-US financial institutions may face considerable
Jurisdictions negotiate the terms of TIEAs between challenges and steep costs to comply with FATCA,
themselves, and the specifics may vary slightly according to several studies.
124
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
FATCA was inspired by a tax evasion scandal cen- as “fixed or determinable annual or periodical”
tered on UBS, one of Switzerland’s largest banks. (FDAP) payments.
UBS was found to have maintained secret bank 3. US persons with offshore accounts must
accounts for about 52,000 US persons who wanted file a new IRS Form 8938 with the IRS along
to evade their US taxes. UBS was prosecuted by the with their annual income tax return if their
US Department of accounts hold more than $50,000. US
persons that fail to file this new form may be
Justice, leading to the disclosure of more than subject to a penalty of up to 40 percent of the
4,000 US taxpayers who had hidden accounts at account value.
UBS. The case provoked the US Congress and paved
the way for FATCA. July 1, 2014, was the first effective date of many of
FATCA’s key provisions. Because of the sheer com-
According to estimates at the time of FATCA’s imple- plexity and scale of the law, provisions took effect in
mentation, the IRS expected to recover $8 billion in stages through 2017.
tax revenue from offshore accounts over the next
10 years. The total may be far higher. Because of FATCA is phased in over a long period of time to allow
the close ties between tax evasion through offshore the US and other nations to resolve the legal obsta-
accounts and other financial crime, FATCA has the cles that stand in the way of the law’s implemen-
potential to unearth millions in criminal proceeds tation. Many jurisdictions do not permit financial
linked to corruption, money laundering, fraud and institutions in their territory to share tax informa-
sanctions violations, in addition to tax evasion. tion and other financial information with the US and
other nations. Some nations and other jurisdictions,
FATCA has three key operative provisions: including many EU countries, forbid exchange of tax
information that is automatic and not in response
1. Non-US financial institutions, which can include to a court order or formal government request. As
banks, broker-dealers and investment firms, a result, many nations must amend their laws and
depending on the non-US jurisdiction and other regulations to permit FATCA compliance.
circumstances, must identify any US persons
who hold accounts and gather their names, INTERGOVERNMENTAL
addresses and tax identification numbers, FATCA AGREEMENTS
as well as their account balances, deposits,
withdrawals and other information. US persons In the process of implementing the worldwide obli-
include individuals and business organizations gations that FATCA imposes on financial institu-
formed in the US. Information on any US tions in other countries, the US Internal Revenue
accountholders with more than $50,000 for an Service has pursued and succeeded in creating
individual and $250,000 for a corporation must “Intergovernmental agreements,” or IGAs, with
then be reported to the IRS. other nations. As of April 2014, dozens of nations
in various parts of the globe2 have signed IGAs with
2. Non-US institutions that do not comply with
the US. It is very likely that many more nations in all
the law are subject to a 30% withholding tax
on certain payments originating in the US, parts of the world will sign these agreements with
as said above. Payments subject to the tax the US. In essence, IGAs outline how the signatory
include income, rents, dividends, wages, and nation and its financial institutions will comply with
certain interest payments. These are known the reporting requirements of FATCA. The US has
125
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
developed two template IGAs, Model I and II, which One potential problem for organizations that is
are outlined below: present in multiple jurisdictions is the management
of FATCA due diligence requirements under two
• The Model I agreement, released in early models. Institutions may be required to build mul-
2012, requires non-US institutions to report tiple systems to meet the requirements of applying
information on US accountholders to their the two models to local laws.
own tax authorities, which would collect the
information and deliver it to the IRS. FATCA COMPLIANCE FOR US
• The Model II agreement requires non-US INSTITUTIONS
institutions to report information on US While non-US institutions shoulder much of the
accountholders directly to the IRS instead data processing and reporting burden under FATCA,
of their own tax authorities. It allows non-US US institutions are not exempt from major chal-
institutions to exchange tax information with lenges. Among other things, they are required to
the IRS on request and supplement it when enforce the 30 percent withholding tax imposed on
necessary. FATCA partner countries that noncompliant non-US institutions. Consequently,
enter a Model II IGA must enable its reporting US institutions must be prepared to sort and clas-
institutions to register with the IRS and comply sify their accounts to know which of them is held
with FATCA’s due diligence, reporting, and by overseas institutions that are FATCA compliant,
withholding requirements. non-compliant or exempt.
The Model I and II templates produce distinct IGAs, US institutions must also conduct ongoing mon-
each with varying terms. Financial crime specialists itoring of the accounts they house for foreign
should know if a country of interest has entered institutions in case their FATCA compliance status
into an IGA with the US Treasury Department and changes. To ease this process for US institutions,
review its provisions. the IRS created an online FATCA registration “por-
tal.” The portal includes access to a database of
Both models allow the IRS to request more infor- FATCA-compliant non-US institutions.
mation about so-called “recalcitrant accounthold-
ers,” or US persons who refuse to provide informa- The bi-national IGAs also present compliance bur-
tion required for FATCA compliance. Depending on dens. Many of the agreements call for reciprocal
the terms of an IGA, non-US institutions may be reporting, which requires US institutions to iden-
required to close accounts of recalcitrant taxpay- tify accountholders of a nation that has signed
ers under some circumstances, but not all IGAs an IGA with the US Treasury Department and to
require this. report these accountholders to the appropriate
nation’s tax agency.
Model I agreements allow the IRS to request more
information on recalcitrant accountholders from This places US institutions in similar situations as
the partner nation’s tax authorities. Model II also their counterpart institutions abroad. This means
allows the IRS to make group requests to the part- they will be required to classify their accounts by
ner country’s tax authority for information on recal- citizenship or tax nationality, collect supporting
citrant accountholders. This information may be documents and monitor accounts for changes in
collected and reported to the IRS on an aggregate status. Adding to that analytic and compliance
basis. The IRS may also request US financial insti- headache are the differences in IGAs described
tutions for information about payments to non-US above, which could require US institutions to collect
institutions that refuse to comply with FATCA. different account information or identifying doc-
126
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
3 The final regulations for FATCA are available from the IRS site at
http://www.irs.gov/PUP/businesses/corporations/TD9610.pdf
127
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
Other steps advisable to take or consider for FATCA THE OECD’S COMMON REPORTING
compliance include the following: STANDARD – AN EVOLUTION IN
• Analyzing your customer procedures and GLOBAL TAX COMPLIANCE
amending them, if necessary, to capture
Efforts to boost global financial transparency and
information pertaining to a customer’s
augment tax compliance did not end with the imple-
citizenship status or tax nationality, along with
mentation of FATCA. Instead, the US was only the
related documents and records.
start of a larger and more globalized effort - The
• Classifying customer accounts by appropriate Common Reporting Standard issued by the OECD.
categories, including those for US and non-US
persons by compliant and “recalcitrant” status. Prompted by the creation of FATCA and by Euro-
Institutions will need to have or develop systems pean Union efforts to increase financial data-shar-
to monitor account activity related to other ing for tax purposes, in 2014, the OECD developed a
institutions to classify them by FATCA-compliant framework for automatic tax information exchange
and non-compliant status. that can be adopted by any nation.
• Building or acquiring new monitoring systems
to detect and flag any changes to accounts Instead of FATCA’s unilateral reporting structure, in
that affect how they are reported for which all countries are effectively required to report
purposes of FATCA. to US tax authorities, the Common Reporting Stan-
dard (CRS) is a multilateral system. Each country
• Develop procedures and data systems to
that agrees to participate must direct its finan-
process and report to the IRS, or other
cial institutions to identify accountholders from
appropriate tax authorities under an IGA
all other participant countries, and report account
agreement, the appropriate documentation
information to tax authorities. This information is
when an account’s status is in question or
then shared between the tax authorities of all par-
has changed.
ticipant countries annually, on an automatic and
• For financial institutions in nations with ongoing basis, beginning in September 2017.
certain bank secrecy laws, obtaining a signed
waiver form from account holders indicating While there are notable differences, the steps
they consent to have their account data required to comply with the CRS and the infor-
reported to the IRS. mation on financial accounts being captured and
exchanged are broadly similar to the requirements
of FATCA. The CRS covers both individual and legal
entity accounts, including trusts and foundations.
128
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
3. Commentaries that provide further exchange agreement. These requests were usually
information on the Standards and Competent only made as part of criminal or civil investigations,
Authority Agreement and, in many cases, the exchange process was slow.
4. Technical guidance to support the data
collection and transmission required The automatic and ongoing exchange under the
under the CRS CRS greatly increases the level of transparency in
the global financial system. The framework cuts
As of early 2017, there were more than 100 juris- down on the ability of tax evaders and other finan-
dictions that had agreed to implement the CRS. cial criminals to shield assets from tax authorities
The Common Reporting Standard requires finan- by moving them offshore.
cial institutions to report generally the same infor-
mation as FATCA, with some notable differences. It should be noted that like FATCA, the CRS contains
Each signatory country must gather the following loopholes – certain legal entities and types of finan-
information: cial institutions are not subject to reporting, for
example. Also, like FATCA, dozens of countries have
• The name, address, taxpayer identification not agreed to implement the CRS, including large
number and date and place of birth of each economies like the US.
customer covered by reporting requirements.
This includes most individual accounts and Although tax and secrecy havens have not been
accounts for certain legal entities. eliminated, the CRS tightens the net on tax evasion.
With fewer places to hide, tax evaders are being
• The customer account number
forced to resort to methods that are less convenient,
• The name and identifying number of the more expensive and potentially easier to detect.
Reporting Financial Institution
• The account balance or value as of the end of As tax evasion is closely connected to other forms of
the relevant calendar or, if the account was financial crime, this movement toward tax transpar-
closed during such year or period, the closure ency also has ramifications for enforcement efforts
of the account against money laundering, corruption and fraud.
129
@2019 Association of Certified Financial Crime Specialists
CHAPTER 6 • TAX EVASION AND ENFORCEMENT
Q 6-1. Your bank holds a business account for a local tax preparation service.
What would MOST likely trigger further investigation by the compliance department in the bank?
A. Numerous deposits of tax refund checks in the names of different individuals but with
common addresses
B. Multiple deposits of checks in the same amount written by different tax service customers
C. Variances in the frequency of transactions depending on the calendar cycle
D. A request by the customer to have payments made to the Tax Office through a certified
check process
Q 6-2. A regional bank operates within a country that has a Model 1 agreement in place with
the US to implement the Foreign Account Tax Compliance Act (FATCA). The institution already
has a FATCA compliance program in place, but recently, there have been media reports sug-
gesting US tax evaders are using the bank’s country as a haven for undisclosed assets.
The bank has some US accountholders and is reviewing its FATCA compliance program in
response to the news reports.
A. The bank must register and report US accountholders directly with the US Internal
Revenue Service (IRS).
B. The bank must institute a 30 percent withholding on the accounts of its US customers
C. The bank must confirm that US customers filed a Form 8938 with the IRS to disclose
their accounts.
D. The bank is required to report certain details about US accountholders to its country’s tax
authorities.
130
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7
ASSET
RECOVERY
OVERVIEW
131
CHAPTER 7 • ASSET RECOVERY
Financial crime creates the opportunity or neces- The final phase is where the asset recovery profes-
sity to recover assets that have been illegally taken. sionals trace and recover the financial crime pro-
Consequently, asset recovery is the essential end- ceeds. Unless the proceeds of the financial crime
game of all financial crime. are recovered, the victim and the government
agencies that investigate, prosecute or assure com-
Because of this necessity, the skills and special- pliance by entities through which the criminal pro-
ized knowledge of investigators, lawyers, forensic ceeds flowed, the game is lost, even if the perpetra-
accountants and other professionals who under- tors go to prison.
stand the unique challenge of asset recovery efforts
are at a premium. Asset recovery skills in financial
crime cases are crucial because so much of the asset PARTICIPANTS IN AN ASSET
recovery work that needs to be done in the wake of RECOVERY TEAM
financial crime depends on private resources. Gov- Asset recovery operations are typically conducted
ernment agencies, which have heavy workloads, by teams of professionals, each with their own dis-
usually devote comparatively few resources to trac- tinct skill set and focus. Private- and public-sector
ing and recovery of financial crime proceeds of the asset recovery teams have more in common than
huge number of cases they must handle. most people realize. They typically have similar
team members who do similar jobs:
The level of recovery of all financial crime proceeds
• Investigators. In the public sector, they
is very low. Of an estimated $500 billion in crimi-
are called special agents, detectives or
nal proceeds that are generated each year in the US
commanders, and in the private sector they are
alone, for example, no more than $5 billion is recov-
called private investigators.
ered through government asset recovery efforts.
It is estimated that private sector asset recovery • Forensic Accountants. The private sector
efforts recover even less from financial criminals. usually calls them forensic accountants while
the public sector calls them auditors, examiners
Although there are significant overlaps with other and reviewers.
elements of financial crime, including investiga- • Lawyers. They are called prosecutors in
tions, compliance and prosecutions, asset recovery the government and receivers, insolvency
requires unique proficiencies and skills, and poses professionals, lawyers and trustees in the
distinct challenges. These skills are not always the private sector.
same as those required to investigate the financial
• Investigative Analysts. They are sometimes
crime and its perpetrators. In the same way, asset
referred to as intelligence analysts in the public
recovery skills are not the same as those used to
sector and litigation support specialists in the
detect and document the disguising, hiding and
private sector.
laundering of the criminal proceeds.
132
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
the management and control of such entities and value may be heavily encumbered with mortgages,
to search for, identify and attempt to recover their liens or other legal impediments. This makes their
assets. As is explained below in this chapter, there monetary value low or possibly even negative. Still,
are many legal and equitable tools that these fidu- if a government agency views an asset as being
ciaries have at their disposal in a worldwide search worth little, but recognizes that it plays an import-
for assets to compensate the victims. ant role in the criminal activities of an organization
or financial criminal, seizure must be considered
Asset recovery teams in the private and public sec- regardless of its value. However, it should be kept
tors use similar legal and investigative asset tracing in mind that even seizure of an asset costs money.
and recovery tools. Government agents have search
warrants and seizure warrants, while the private 2. How much will it cost to maintain and preserve the
sector has civil search warrants and other tools that asset during the asset recovery process?
courts of equity may give them, as described below. After an asset is seized or taken in an asset recov-
ery effort, the asset recovery team must store and
With court orders, government agents can forci- maintain it until a court orders the divestiture and
bly enter premises, while private investigators may return of the asset to the victim, the victim‘s repre-
obtain court orders that allow them to “break and sentative or a government agency order. If the asset
seal” the premises of financial crime perpetrators requires maintenance and upkeep during this time
or their accomplices. before a final order by a court, the cost of maintain-
ing the asset may escalate rapidly.
This chapter of the manual explains tools and
resources that asset recovery specialists have, the 3. Are there potentially innocent owners of the asset
knowledge they should have about asset tracing, who may impede or prevent recovery?
and the recovery weapons and skills they should
ensure their team has. This chapter will also cover Sometimes, an asset targeted in an asset recovery
the unique issues that multinational asset recovery effort is owned by a third party, even in the case of
efforts confront, and how they should be dealt with. money that has been taken in a financial crime, such
as in the case of charitable contributions by the
financial criminal or funds contributed to a political
IMPORTANCE OF SOUND PLANNING campaign. If the financial criminal is not the owner
and the owner of the asset is not implicated in the
Sound pre-seizure planning is a must for effective
financial crime or the illegal movement of the finan-
asset recovery in both the public and private sec-
cial crime proceeds, freezing or seizure of the asset
tors. Even when an asset recovery team has the
may not be an appropriate course of action.
legal authority to freeze, seize or take an asset, it
may not be in the best interest of the overall asset
recovery effort to do so. MAKING THE CASE FOR
Before doing so, an asset recovery team in both
ASSET RECOVERY
sectors should consider the following: For law enforcement and other government agen-
cies, a successful seizure of an asset is the begin-
1. Does the asset have value?
ning of the asset recovery process. Presenting a
The value of an asset should be determined before strong case to a prosecutor for seizure and ultimate
any action is taken. Its value includes both its mone- recovery is a vital first step. Government agents
tary worth as well as its importance to the financial and investigators should submit complete and
criminal. Assets that appear to have a high market accurate requests to the prosecutor or other legal
133
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
officer detailing the probable cause for seizure, a certain value by an administrative action. Assets
freezing and ultimate recovery. The submission that do not fall into those categories in these juris-
should list the potential claimants that may emerge dictions may be recovered only through judicial
and full information about such persons and their proceedings and not administratively.
likely claim. The investigators are often required to
furnish the legal officer supplemental investigative Names and full contact information of all persons
reports as they learn new information. who may have a legal or other interest in an asset
that is the focus of an asset recovery effort or
Below are the recommended elements of a report that has been frozen or seized. The laws of most
by investigators to a government legal officer or jurisdictions require that names of potential claim-
prosecutor before an asset recovery effort is com- ants with an interest in an asset that is sought to be
menced, or when seizure of an asset is being con- frozen or seized be received prior formal notifica-
sidered, which also largely apply to private sector tion of the contemplated action. For this reason, it
asset recovery teams. is important that the legal officer or prosecutor in
an asset recovery effort have the accurate names,
The presentation or submission to the legal officer addresses and full contact information of the poten-
or private sector lawyer should be organized so that tial claimants so that they may be provided with
relevant information that allows evaluation of the legal notices in accordance with the law.
case is found quickly. These are the items of infor-
mation that a prosecutor or other legal officer in the A listing of all registered owners and persons
private and public sectors would normally request: holding liens on assets that are the focus of a
seizure, freezing or other asset recovery effort.
A list of each tangible or intangible assets, and Property owners routinely record their vehicle and
pieces of property for which asset recovery is interests in real estate in the records and files main-
sought. For purposes of presentations in court, the tained by government offices. These databases,
prosecutor or legal officer must accurately list each which are normally accessible by the general public,
item, with complete description of the asset. It is must be searched. Parties with recorded interests
important that the asset recovery team is mindful affecting the targeted assets must be listed in the
of the passage of time because many jurisdictions reports presented to the legal officers in a public
prescribe the number of days that an asset recov- or private sector asset recovery effort so that they
ery team in the government or private sector has may receive the required legal notice of the action.
to commence or complete procedures, including The legal officer or prosecutors must evaluate this
applications to the courts. The location of an asset information to determine if the potential claimants
is important because legal issues pertaining to have legitimate claims or have the legal status that
the rights of parties in other jurisdictions must be is normally called “innocent owners.”
addressed, and there must be certainty that the
asset recovery team is legally empowered to act in A statement explaining the legal theory and justi-
the jurisdiction. fication or probable cause for the seizure, freez-
ing or ultimate recovery of each item or asset.
An actual or appraised value for each item or A legal officer or prosecutor needs and benefits
asset that is the target of an asset recovery effort. from a concise description of the theories of sei-
The value and nature of an asset may determine zure, freezing or recovery that the asset recovery
the type of legal procedure to be initiated in vari- team will pursue. The description should include
ous jurisdictions. Certain jurisdictions permit the the full justification, or “probable cause,“ that the
seizure, freezing or ultimate recovery of assets of asset recovery team will pursue, which justifies
134
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
the seizure, freezing or recovery. The investigative property, require the examination of documents,
or analysis team that provides information to the and enter orders permitting the seizure of assets.
legal officer or prosecutor should strive to furnish
full information to justify the recovery of the asset Equity is the name given to a set of principles that
and linking its purported owner to the underlying are applied in common law jurisdictions, such as the
financial crime. US, United Kingdom, Canada, Australia and other
nations that inherited a system of law from England.
Complete copies of all investigative and analy- The principle of equitable relief is also intended to
sis reports and search warrants or other court supplement and complement the remedies and
orders. Legal officers and prosecutors must review relief that statutory law provides. Equitable relief
the investigative reports to evaluate the basis of is also intended to apply where the application of
seizure, freezing and ultimate recovery of specified statutory law may be unduly harsh, unfair or ineq-
assets. In the case of a government asset recovery uitable. Although equity in that name is not known
effort, search warrants must contain a statement of in civil law systems, such as those that operate in
probable cause that summarizes the investigation continental Europe, Latin America and most of Asia,
and the evidence leading to the search for and sub- those systems have and apply broad rules that give
sequent seizure of an asset. judges similar powers to fashion remedies to meet
inequitable circumstances.
Copies of all seizure orders, warrants or other
court orders previously issued in the case. Prior Equitable powers constantly adapt and evolve to
orders of the court, including a seizure order or war- meet new circumstances, particularly in the busi-
rant, will detail the justification or “probable cause“ ness and commercial environment. Common Law
that justified the taking of an asset. courts have invented a host of equitable remedies
that are powerful tools for asset recovery. These
The laws of most nations, including the US, require include things such as so-called Mareva Injunc-
that a government asset recovery, or “forfeiture,“ tions, Anton Piller Orders and Norwich Pharma-
action must be commenced within a specific cal Orders that may be used in the investigation
time from the date an asset was frozen or seized. and initial steps of asset recovery cases. They can
Government investigators, and often those in also require a party to permit a legal represen-
the private sector, should recognize that legal tative of another party to search premises and
officers and prosecutors have minimum thresh- remove evidence.
olds of property value in asset recovery cases.
These thresholds are dictated by considerations Among the powerful weapons that a court of
of the proper and efficient use of legal and judi- equity may wield in asset recovery and other
cial resources. cases are these:
• Restraining and mandatory injunctions that
ANCIENT AND POWERFUL EQUITABLE
compel certain action or inaction by a specified
POWERS OF COURTS
person or entity
The equitable powers of the court are based on the
• Civil search warrants that permit private sector
principle, “Where there’s a wrong, there’s a remedy
asset recovery teams, accompanied by law
-- if you come with clean hands.” An asset recovery
enforcement authorities, to search designated
team has potent weapons based on these judicial
premises for evidence
equitable powers. A court may compel disclosure of
information, issue civil search warrants and “break • Break and search orders that permit the forcible
and search” orders, rewrite contracts, transfer entry into businesses or residences, usually in
135
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
the company of law enforcement authorities, Victims of financial crime, and often government
to search for evidence pertaining to a financial agencies, may undertake various legal actions to
or other crime seek to recover the assets they have lost in a finan-
• Accounting that compels a person or entity cial crime. For example, through their representa-
to document the source and application of tives, victims may apply to a court to freeze an asset
funds, which are the subject of a financial or its transfer or consumption and request the judi-
crime or other investigation, or to require a cial imposition of a constructive trust to ensure that
broader accounting the assets are not dissipated.
136
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
A freezing order should be sought in the place where Lis pendens, which is Latin for “suit pending,” is the
the financial criminal or his accomplices reside or notice of a pending action and is filed with and cer-
hold property. Sometimes, it is possible to obtain a tified by the clerk or secretary of a court it is subse-
worldwide Mareva order from a court if the financial quently recorded in the official registry of the place
criminal has fled the jurisdiction, but not all coun- where the property is located. It notifies persons
tries recognize these global orders. with an interest in the subject real property that a
claim on the property exists. The recording of the
Other well-known judicial tools provide assistance lis pendens informs anyone interested in buying
in asset recovery efforts in common law countries or financing the property that there is a potential
or jurisdictions. The terms by which these tools are claim against it.
known are included in parentheses:
A lis pendens must include a legal description of the
NORWICH PHARMACAL (PURE BILL OF property. Usually, in common law jurisdictions, the
DISCOVERY) AND BANKERS TRUST party who filed a lis pendens is not required to show
ORDERS (PRODUCTION ORDER) a substantial likelihood of success on the merits,
These orders by a court, usually under seal and but only a connection between the ownership of the
accompanied by so-called anti-tip-off or gagging property and the dispute in the pertinent lawsuit.
restraints, are injunctions that typically seek dis-
closure of confidential records and information LETTERS ROGATORY
from financial institutions and other businesses. A letter rogatory is a request from one judge to
The orders usually require a third party to disclose another judge in another country seeking assis-
certain documents or information to the party that tance in obtaining information, documents or tes-
sought the orders. For example, a third party could timony in a particular legal matter. Letters rog-
be a financial institution that has relevant informa- atory are not treaties, but they provide a means
tion and records. by which private- and public-sector persons and
agencies may obtain international assistance in
ANTON PILLER ORDERS (STAND a case. Letters rogatory can help gather finan-
AND DELIVER) cial evidence, including bank records, and help
These are search and seizure orders that may be to restrain assets. Compliance with a letter roga-
executed simultaneously at homes and offices tory is discretionary on the part of the court that
of the targets they are issued on. An Anton Piller receives it, and the process is usually slow. With-
order is intended to preserve evidence that may be out an effective advocate in the jurisdiction that
crucial to a worldwide asset tracing case. It can be receives it, a letter rogatory may not succeed in
obtained to preserve evidence where it is shown obtaining the desired assistance.
that the target of the effort is likely to destroy evi-
dence to frustrate the investiga- tion. Each country has its own laws and practices for
the receipt and execution of letters rogatory. Exe-
LIS PENDENS cution of letters rogatory must be in strict compli-
ance with domestic law. The process is marked by
A lis pendens is simply a written notice that a law- these uncertainties:
suit or claim affecting title or an interest in specific
real property has been filed.
137
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
• Letters rogatory are usually transmitted via encounter difficulties that stem from local corrup-
diplomatic channels and must be processed tion, especially in the final stages when repatria-
through a court and the diplomatic agencies. tion is sought.
Diplomats may refuse to act if a letter is deemed
inconsistent with their nation’s public policies. Asset recovery teams must obtain a judicial order
• Requests must contain certain information, to repatriate assets after they are located and fro-
including a description of the facts and details zen to prevent dissipation or flight. The order must
of persons and entities involved. The letters may divest the financial criminal and his accomplices of
be returned for clarification to the judge in the the asset and place title in the control or the names
requesting country. of the victims, their representatives or a pertinent
government agency.
• Nations sometimes refuse to execute letters
rogatory in a criminal matter until formal Mareva injunctions or other court orders at the
criminal charges have been filed in the start of a case that preclude the financial criminal
requesting country. This policy makes letters or his accomplices from transferring or liquidating
rogatory unavailable during the investigation assets are essential initial steps. The laws of certain
when they are often most needed. jurisdictions allow creation of so-called asset pro-
• In some countries, secrecy laws do not permit tection trusts. A trust protector appointed by the
bank records to be obtained by means of court usually may transfer assets from one jurisdic-
letters rogatory unless other laws authorize tion to another.
this disclosure.
STATUTES OF LIMITATION
An asset recovery team must also observe statutes
REPATRIATION OF ASSETS of limitation as a potential obstacle in its case. Stat-
In asset recovery cases, it is not enough to freeze utes of limitations vary from jurisdiction to juris-
assets. To succeed, they must be repatriated. Repa- diction and encourage prompt resolution of cases.
triation of assets from foreign hiding places is However, statutes of limitations can also sometimes
the crucial final step that private and public asset benefit financial criminals, if they succeed in con-
recovery teams must accomplish. It may be fraught cealing their conduct and assets until the statute
with complications. of limitation expires. The time period that a stat-
ute of limitation prescribes is easily learned in any
In repatriating assets, government asset recovery jurisdiction, and should be one of the first things
teams often have unique international weapons an asset recovery team does. Often, these statutes
that can provide substantial help in the recovery. impose different time limitations for different types
Private sector asset recovery teams may also have of legal actions.
access to powerful government weapons in certain
circumstances if they convince government inves- One way to mitigate the negative effect of a stat-
tigators, prosecutors or judges to utilize them on ute of limitations that expired or is about to expire
their behalf. The discussion below about Mutual is to enter into “tolling“ and standby agreements
Legal Assistance Treaties (MLATs) covers this. with adverse parties by which they agree to ignore
the statute of limitations problem. That is unlikely
There are no standard procedures that asset recov- when you are dealing with the financial criminal and
ery teams must follow for successful repatriation of his accomplices unless a bargaining or negotiation
assets. No two cases, and the laws of no two coun- benefit can be extended in return.
tries, are alike. Asset recovery cases sometimes
138
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
DISCOVERY
Discovery is the process by which parties in a legal
dispute, including financial crime victims and their THE HAGUE CONVENTION
representatives, may obtain information from The Convention on the Taking of Evidence
opposing parties in a case. In asset recovery cases, Abroad in Civil or Commercial Matters --
the information may pertain to the nature, location more commonly referred to as the Hague
and value of a particular asset and other things of Evidence Convention, is a multilateral treaty
value. The US has very broad discovery rules in civil which was drafted under the auspices of the
litigation, but discovery is also permitted in other Hague Conference on Private International
common law countries, such as the United Kingdom, Law. The treaty was negotiated in 1967 and
Canada, Australia and others. 1968 and signed in The Hague on March 18,
1970. It entered into force in 1972. It allows
Countries that operate in what is known as the civil transmission of letters of request (letters
law system, generally, do not have similar discovery rogatory) from one signatory state (where
rules, although other measures exist that provide the evidence is sought) to another signa-
mutual disclosure of pertinent evidence between tory state (where the evidence is located)
the parties. without recourse to consular and diplo-
matic channels.
Distinct discovery options and rules apply in civil
and criminal cases in countries that permit discov- The Hague Evidence Convention was not the
ery. In criminal cases in most countries, the defen- first convention to address the transmis-
dants may not be forced to produce evidence that sion of evidence from one state to another.
represents self-incrimination. Often, this privilege The 1905 Civil Procedure Convention — also
is guaranteed by the nation‘s constitution, such as signed in The Hague — contained provisions
in the US. In the US, corporations do not receive this dealing with the transmission of evidence.
protection against self-incrimination. However, that earlier convention did not
command wide support and was only ratified
by 22 countries. The United States initiated
INFORMATION SHARING AND the negotiations that led to the creation of
MUTUAL LEGAL ASSISTANCE The Hague Evidence Convention. However,
TREATIES (MLATS) insofar as requests to United States courts
An information-sharing agreement is an under- are concerned, the use of the Hague Evi-
standing between government agencies by which dence Convention has been replaced in
they agree to exchange information that assists large part by the simpler discovery provi-
them in their work, including asset recovery. These sion codified at 28 U.S.C. § 1782 (see Sec-
agreements can be in the form of a formal agree- tion 1782 Discovery).
ment, protocol, memorandum of understanding,
exchange of letters, or a treaty or convention. The Between states of the European Union, the
Hague Convention, for example, provides for inter- Hague Evidence Convention has largely
national cooperation in obtaining evidence for use in been supplanted by Council Regulation (EC)
legal proceedings of various types. All appropriate No. 1206/2001 on Cooperation Between the
international agreements, such as the Hague Con- Courts of the Member States in the Taking
vention, that provide channels of information-shar- of Evidence in Civil or Commercial Matters.
139
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
ing should be reviewed by asset recovery teams in some circumstances, as explained below in this
the private and public sectors at the start of a case. chapter, representatives of private sector victims of
financial crime may persuade the lawyers or agents
In addition, as discussed in more detail in other of a government agency that have received infor-
chapters of this Manual, in accordance with Egmont mation under an MLAT from another country to
Group recommendations some 132 nations have share the information.
established Financial Intelligence Units (FIUs).
These agencies collect a wide variety of financial Government asset recovery teams have no obsta-
information and reporting forms from financial cles to the use of MLATs if they have been signed
institutions, businesses and individuals in their and ratified by their countries. Many industrialized
countries and disseminate it to their law enforce- countries have entered into dozens of MLATs. The
ment agencies and prosecutors. They also sign US, for example, has entered into more than 60 of
bilateral and multinational agreements that autho- them, as of early 2013. A full listing of all the bilat-
rize and facilitate the mutual exchange of intelli- eral and multilateral agreements that a nation has
gence and information. ratified may usually be found in the website of a
jurisdiction‘s state department or foreign ministry.
MUTUAL LEGAL ASSISTANCE TREATIES In the US, the website of the US State Department
Mutual Legal Assistance Treaties (MLATs) provide provides this listing in a publication called Trea-
for the broad exchange of information, assistance ties in Force.
and other cooperation between two nations. In
an international asset recovery case, they can be An example of how an MLAT describes the assistance
a valuable tool for gathering pertinent informa- the signatory nations agree to extend to the other
tion and evidence. The execution and operation of nation is found in Article 16 of the MLAT between
MLATs is often cumbersome and time-consuming. the US and the United Kingdom, which follows:
“The parties shall assist each other in proceedings
Most MLATs require the requested country to assist involving the identification, tracing, freezing, sei-
the requesting nation to take actions that include zure or forfeiture of the proceeds and instrumen-
these measures: talities of crime and in relation to proceedings
• Taking testimony or statements of persons involving the imposition of fines related to a crim-
inal prosecution.“
• Providing documents, records and evidence
• Service of documents Most MLATs include restrictions on the use of the
• Locating or identifying persons information they provide.
• Executing requests for search and seizure A government agency that files an MLAT request
• Identifying, seizing and tracing may seek permission to share information with a
proceeds of crime court-appointed receiver or other formal represen-
tative of financial crime victims. If the information
The “requested“ party in an MLAT request usually is sought for restitution to victims, the government
pays all costs related to its execution, except for the officials should so specify in the request. It is advis-
fees of expert witnesses, translation, transcription able that private sector representatives of financial
and travel expenses. crime victims establish appropriate, cordial profes-
sional relationships with these government officials.
MLATs may only be used by government agencies
and are designed for their benefit. However, under
140
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
Parties that are considering the filing of an MLAT BANKRUPTCY AND INSOLVENCY AS
request should consider all possible uses of the ASSET RECOVERY TOOLS
information you may provide. The language of the
request should cover all the intended uses of the The asset tracing and recovery fields have several
information and, generally speaking, it is advis- off-the-beaten-path legal weapons, such as bank-
able to request approval for broad usage of the ruptcy and insolvency. They can serve very well in
information. locating, safeguarding and recovering assets. Per-
sons appointed by courts as trustees, receivers,
MLATs can be helpful in piecing together money administrators, monitors or liquidators of entities
trails in financial crime cases, including those that have served to spawn or execute a financial
involving corruption. They can lead to the discovery crime are given great powers of investigation and
of bank accounts, property ownership or evidence recovery of assets. Especially in financial crime
of the ownership of business entities. cases, in which the business or corporate entities
that financial criminals use collapse upon the discov-
Often, nations provide mutual assistance under ery of the financial crime, the tools discussed here
other types of international agreements that can are important parts of the asset recovery arsenal.
impact asset recovery case. These agreements
include Organization for Economic Co- operation A trustee, receiver or liquidator steps into the shoes
and Development (OECD) Anti-Bribery Convention, of the directors of the business entity and is enti-
the Inter-American Convention Against Corruption, tled by law to all information about the entity to
the Council of Europe Criminal Law Convention on which its directors were entitled. Similarly, a trustee
Corruption, the Council of Europe Civil Law Conven- in bankruptcy steps into the shoes of the bankrupt
tion on Corruption, and the United Nations Conven- entity and is entitled by law to all the information to
tion against Corruption. which the bankrupt entity’s directors were entitled.
An MLAT request for assistance is normally made in Judicial orders appointing receivers, liquidators or
writing and usually includes the following: “officeholders,“ as they are called in the United King-
dom, typically require the subjects of asset recov-
1. The name of the agency conducting the ery efforts, their agents and all persons in concert
investigation, prosecution or other proceeding
with them who receive notice of the order, to hand
2. The facts about the subject of the investigation, over all assets that belong to the subject entity or
prosecution or other proceeding receivership. These cover securities, money and
3. The nature and stage of the matter and the text property of any kind, including all money at finan-
of the relevant laws of the requesting party cial institutions for the benefit of the targets of
4. A description of the assistance requested the investigation. The laws of many nations allow a
receiver to take control of assets located in other
5. A description of the purpose of the jurisdictions.
requested assistance
All nations and jurisdictions have an interest in reg-
The requested party in an MLAT can be instructed ulating improper conduct in their territory. If assets
to keep confidential the request that has been are not repatriated by a person who has been
made, the contents of a request, the outcome of the ordered to do so, a receiver will likely seek recogni-
request‘s execution and other information concern- tion abroad of the order appointing him or her, and
ing the request. try to convince a foreign bank to honor the request
to transfer the funds. These efforts may require
141
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
proof of the underlying financial crime and of the Forfeiture is handled through judicial or admin-
receiver‘s plan to distribute assets to the financial istrative procedures that govern the transfer of
crime victims. ownership of specified funds or other assets to a
government agency. Many countries, including the
As mentioned above, The Hague Convention allows US, have asset forfeiture laws that authorize pro-
parties to request, through a bankruptcy or other ceedings against assets that are the proceeds of
court, the assistance of another nation in obtaining criminal activity or that served as the instrumental-
evidence and testimony. ities of crime.
142
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
143
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
144
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
someone acting on behalf of such an entity, the big- the illicit funds and increase the risk the money or
gest hurdle to recovery generally consists of prov- the recipients may disappear.
ing liability instead of searching for assets.
Understand cash withdrawals. Often, frequent
Does the financial criminal have assets or money? large cash withdrawals or unexplained transfers
Because successful financial crime and fraud from an account are noticed. Look for explanations,
schemes involve getting, transferring and spend- which may include the purchase of cashier’s checks,
ing large sums of money, records to reconstruct withdrawals of cash to purchase money orders or
the flow of funds will generally be available. Even wire transfers at other institutions, cash withdrawn
in the absence of reliable records, it is hard to exe- for deposit into other accounts at other institutions,
cute a large financial crime without creating an or cash payments to public officials.
audit trail. These records will provide trails to third
parties, firms and institutions that may be liable for If the money was used for wire transfers, the records
damages for participating in the financial crime or of the money transmitter or funds transfer institu-
enabling or fostering it knowledgeably. tion will document this. If other financial accounts
are suspected, subpoenas or requests for pro-
To lay the groundwork for the pursuit of third par- duction to the institutions where the accounts are
ties, various possible steps should be considered: maintained should be issued. Withdrawals by the
financial criminal should be cross-checked against
Source and use analysis. All bank records the finan- travel records, including credit card statements, to
cial criminal and his accomplices used, bank state- establish travel to secrecy havens or to other loca-
ments, both sides of all checks, deposit items and tions soon after cash withdrawals.
wire transfers should be obtained. After this data is
placed in a spreadsheet or account recreation soft- Find related entities. Determine the other entities
ware, the money that came into the accounts, where the financial criminal and his accomplices have cre-
it came from, how much was spent, and where it ated. The asset recovery team should check cor-
went may be determined. porate and other public records to determine other
business entities that list him, his family members,
When pursuing third parties, a keen eye should be affiliated companies or accomplices as officers,
trained on fee payments to professionals, includ- directors or registered agents.
ing “investment advisors.” After it is input, the
data should be sorted by source and payee, a pro- Check public records. Many assets generate pub-
cess often called “Source and Use Analysis.” This lic records when they are purchased or transferred,
can show how much money the financial criminal’s whether they are homes, cars, boats, jewels, air-
entity had at any point, how funds were used as they planes, negotiable instruments or other assets. As
came in, and how much went to various recipients. more government agencies put these records on
their websites, these searches become easier to
Identify the payees. When the recipients of the conduct. Searches should be expanded to look
funds from the financial criminal are known, the for ownership by family members, close associ-
purpose of each payment should be determined. ates, suspected accomplices and affiliated entities
The records of the financial criminal may answer of the target.
this or interviews of employees may do so. Oth-
erwise, subpoenas or requests for production of Intelligence sources. Many financial criminals
records should be sent to the recipients to obtain realize that their schemes ultimately will fail. At
explanations. However, this may tip off recipients of that point, they become more creative in hiding
145
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
assets, utilizing more cash transactions, transfer- may be voidable. For Ponzi frauds and other finan-
ring property to others, opening accounts at dif- cial crime schemes, the test of insolvency is met by
ferent financial institutions or purchasing goods in the entity’s financial obligations to existing inves-
the names of others. These actions are difficult to tors. Good faith transactions, where fairly equiva-
detect. The best sources for finding these trans- lent value was given, are excepted. This protects
fers are people who had contact with the financial outside service providers or vendors who acted in
criminal and his accomplices. good faith, and still permits receivers to recoup
improper payments.
Some sources, like former spouses, unhappy
employees or angry investors, can provide assis- Overpaid investors. Investors in long-running Ponzi
tance. Other sources must be persuaded to coop- and similar financial crime schemes sometimes
erate, which can come through compulsion, such as receive more in distributions than they contrib-
subpoenas, court orders or protecting self-interest, uted as capital. Distributions to investors beyond
including the fear of being charged with crimes or the amount of their principal investment must be
sued for money, and incentives, such as immunity returned under the laws of most countries, includ-
from prosecution that must be expended by gov- ing the US. If the investor or victim did not act in
ernment authorities. good faith because he or she knew of the fraud or
withdrew funds because of suspicions that some-
Affiliated entities. The affiliates and entities of the thing was not right, good faith was missing and a
financial criminal should be analyzed to determine if receiver or other fiduciary can demand a return of
their conduct gave rise to liability, or if their actions all the distributions he received.
as agents of the financial criminal created grounds
to pursue their assets. With these considerations taken into account, an
asset recovery team may focus on specific third
Gratuitous donees. Payments by financial crimi- parties whose deep pockets may secure the restitu-
nals that benefit others are also recoverable under tion of the financial crime victims.
the laws of many countries, including the US. While
payments by an entity of the financial criminal for GATEKEEPERS AND INTERMEDIARIES
normal business expenses are not voidable if the When a financial crime has come to an end, one
payments represented fair value for the services may ask, “Where were the gatekeepers?” This
provided, payments to satisfy the debts of others, refers to attorneys, accountants, brokers, audi-
including the financial criminal’s personal debts, are tors, investment advisors, consultants, corporate
voidable. Examples are the payment of bank loans directors and others. They often play a crucial role
owed by employees or affiliates of the financial in facilitating or promoting a financial crime and
criminal and the payment of the indebtedness for have a duty to prevent the crime in transactions
assets purchased by others. Charitable contribu- where they are involved. Under recent laws in some
tions and political contributions made by the finan- countries, gatekeepers and intermediaries must
cial criminal or the promoter of the financial crimes now actively attempt to avoid facilitating a finan-
scheme are also recoverable. cial crime, including fraud. If they fail to meet this
obligation, they may be liable for some or all of the
Fraudulent conveyances. Under the laws appli-
losses incurred by the victims.
cable to fraudulent conveyances, payments made
by a financial criminal or his entity, when the pay-
ments would have made the company insolvent,
146
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
A primary consideration in any claim against a third he used them to execute transactions during the
party is whether that person or institution owed commission of the financial crime, the intermediar-
a duty of care to the defrauded party or financial ies may be liable to the victims. Often, these firms
crime victim. Some courts will consider whether must conduct due diligence and implement “know
they had a duty of care to persons about whom they your customer” procedures, just as banks do, on
were not aware when their professional responsi- their customers and counterparts.
bilities began.
Even if the firms were fooled by the financial crimi-
nal, they may be liable if they failed to conduct suf-
THIRD PARTIES THAT MAY BE ficient due diligence or if their operational proce-
HELD LIABLE TO FINANCIAL dures were lax, or if they can be viewed as having
CRIME VICTIMS aided and abetted the fraud or other financial crime.
For example, if a broker-dealer executed transac-
If gatekeepers and intermediaries act as cheer-
tions based on forged signatures, the firm may be
leaders and enablers and facilitate a financial crime,
liable if the broker-dealer should have known that
they may rightly be considered aiders and abettors
was improper.
or co-conspirators in the financial crime. The follow-
ing gatekeepers and intermediaries may be liable if
Company directors. As part of the due diligence
the financial criminal’s identified and located assets
procedures, an asset recovery team should attempt
are not sufficient to satisfy the losses of the victims.
to determine if there is liability on the part of the
officers and directors of an entity that did business
Banks. In most nations, banks must conduct due dili-
with the financial criminal. Director and officer lia-
gence examinations on their account holders, includ-
bility insurance may be a source of recovery for vic-
ing “know your customer” procedures required by
tims of financial crime. A failure by the directors to
anti-money laundering laws. These are records an
obey their duty to creditors and investors may give
asset recovery team should obtain. Usually, Suspi-
rise to claims against them by a receiver or other
cious Activity Reports (SAR/STR) may not be dis-
fiduciary. Directors may also be liable for wrong-
closed by a financial institution under the laws of
ful or fraudulent trading or when preferential pay-
many countries, including the US. An asset recovery
ments were made to creditors.
team should understand the banking regulations in
the jurisdiction where the recovery operation is tak-
Employees. Employees who held responsible posi-
ing place in order to determine the reporting and
tions may be held liable for failing to detect or halt
recordkeeping responsibilities of financial institu-
financial crimes, including fraud, of which they had
tions and businesses used by the target of the opera-
knowledge or should have had knowledge.
tion. Obtaining this information can help significantly
in financial crime and asset recovery investigations.
Attorneys. To the extent attorneys helped prepare
solicitation or other documents that contained false
Financial institution records, including govern-
information, which induced investment by innocent
ment-required forms they file, can provide a wealth
third parties, they may be liable if they failed to con-
of information in asset recovery cases, although
duct sufficient due diligence. Attorneys may also be
the ability to access them is tightly regulated in
forced to return money they received for represent-
many jurisdictions.
ing the financial criminal if the money was paid by a
Broker-dealers, investment advisers, futures legal entity that had been controlled by the finan-
commission merchants. If a financial criminal hired cial criminal and is now in bankruptcy. Retainers
registered financial intermediaries to advise him, or paid from stolen funds may also be recovered.
147
@2019 Association of Certified Financial Crime Specialists
CHAPTER 7 • ASSET RECOVERY
Auditors and certified public accountants. A case company management or from error. Determining if
for recovery against an auditor may arise where a duty of care is owed by an auditor to a third party
a duty of care has been proved and the duty was normally depends on the circumstances, including
breached and led to a loss to a person to whom the the relationship between the auditor and third party
auditor owed the duty. An example is where a lender and how an audit report was produced and commu-
suffers a loss by relying on a company’s financial nicated to the third party.
statements indicating it was financially sound and
the statements are supported by an audit report.
The misstatement could be the result of fraud by
Q 7-1. In a Venezuela court case for fraud against individuals and companies around the
world, documents have been obtained that would be helpful in a related proceeding in the US
in Miami. Venezuela and the US are parties to the Hague Evidence Convention on the Taking of
Evidence Abroad in Civil or Commercial Matters. No special laws exist in either jurisdiction for
the evidence sought.
To ensure these documents are properly received in evidence in the US, which two are accept-
able methods of requesting such evidence?
148
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8
FINANCIAL
CRIME
INVESTIGATIONS
INTRODUCTION
149
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
This chapter describes some of the key methods to Civil law courts are generally not bound by prece-
investigate financial crimes and gather evidence dent and are restricted to what is contained in the
in compliance, enforcement and regulatory cases. law. Judges within the civil law system are usually
In some respects, except for a few notable differ- specially trained judicial officers with a limited abil-
ences such as grand juries, the procedures and ity to interpret the law.
tools available to financial crime specialists in the
private and public sector are similar. Consequently, Civil law is primarily contrasted with common law,
the investigative techniques presented here are which is a legal system that developed historically
designed to be applicable to a wide range of finan- in Anglo Saxon societies, especially in England and
cial crime matters. its colonies. Common law countries are most nota-
bly represented by the United Kingdom—members
It is important to note that the legal and investiga- of what was historically called the British Common-
tive techniques in financial crime are often closely wealth, such as Canada, Australia, New Zealand,
related. In many cases, a financial crime specialist India, Pakistan, the English-speaking Caribbean
will be conducting an investigation as part of a legal islands—and the US.
action or in cooperation with a legal professional. In
criminal and civil cases, the financial crime special- The US inherited and adopted this legal system
ist must take care to conduct investigations in a way from England. Historically, civil law and common
that ensures their findings can be used as evidence law differed in that common law developed from
in a legal proceeding. As such, understanding some customary practices and court decisions that
of the key legal principles underpinning civil and established legal principles that were followed over
common law systems, as well as criminal and civil time by other courts and became the “common law”
cases, is a necessary starting point for a financial or precedent. The precedents are applied by courts
crime investigation, as is discussed below. unless legislation prohibits or modifies a common
law precedent.
150
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
151
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
In civil proceedings, victims have much more input Different types of financial crime investigations
in the conduct and course of the case. Plaintiffs can be pursued depending on the jurisdiction and
select and retain the attorney to represent them. the facts of the case. It is important to understand
However, the costs are the responsibility of the these actions to know what types of investigative
plaintiffs, except in some situations where legal approaches should be used in each situation.
counsel has undertaken the case on a contingent
fee basis. This means counsel is compensated based
on a percentage of the judgment obtained. In a civil
case, the plaintiffs do not have the resources avail-
able to public prosecutors, and the cost of investi-
gation and other technical aspects of the case are
1 Though it cannot be reduced to a formula, preponderance of evidence is generally understood to mean the level of evidence
needed to make it appear more likely than not that what a claimant seeks to prove is true.
152
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
153
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
of custody requirements in seizing and safekeeping ing country, to undertake the requested specified
an item for presentation as evidence in court. assistance. The assistance may include obtaining
bank records, interviewing witnesses, executing
Electronic surveillance. Any surveillance using search warrants or any other specified investigative
electronic equipment that invades the expected or evidence gathering procedure. Generally, a for-
privacy of an individual usually requires a court mal mutual legal assistance request is based on a
order. This could involve eavesdropping equipment, bilateral or multilateral global or regional treaty, or
long-range video devices, wireless intercepts, etc. a letter rogatory.
In most jurisdictions and circumstances, a private
sector investigator would not be permitted to con- Undercover operations. In public sector investiga-
duct these surveillances and utilizing them could tions, an undercover operation typically requires
constitute a criminal violation. authorization and official approval before it can be
started. The undercover operation may continue for
Bi-national and International Mutual Legal Assis- the period of time that is authorized. Undercover
tance Treaties (MLAT) and less formal mutual operations conducted by the private sector must be
assistance. Mutual legal assistance is the process mindful of the risk of violating privacy laws.
of requesting or providing evidence and information
from one country to another for use in a criminal Physical surveillance. Both public and private inves-
investigation. The request can be formal or informal. tigators can engage in surveillance with restrictions
A formal request may originate in an investigative and advantages for each. This can include exam-
agency in the requesting country but must follow ples such as tailing an investigative subject or his
the procedures that the requesting country speci- associates, or staking out a location to track the
fies. Usually an international request for assistance movements of a target. Surveillance can help locate
is transmitted through the country’s designated assets (bank accounts, real property, brokerage
“National Central Authority,” which is the name of accounts, boats, cars, etc.) and criminal associates,
a nation’s office that coordinates international law and identify patterns of activity and establish prob-
enforcement assistance with and through Interpol. able cause for search warrants.
In the US, the National Central Authority is located in
the US Department of Justice. The National Central Another investigative tool is garbage pickups. Prop-
Authority, or Bureau as it is called in the US, also often erly conducted, garbage pickups can provide con-
serves as the intermediary between a nation’s law siderable evidence and lead to hidden assets, fronts
enforcement agencies and Interpol in Lyon, France. and associates. Law enforcement agencies must
ensure that information obtained from both sur-
Requests for assistance may also be required to veillance and garbage pickups is legally admissible
be transmitted through diplomatic channels to the and that the process of obtaining the information
central authority of the “receiving country” and, was proper in the jurisdiction where the garbage
finally, to a law enforcement authority in the receiv- pickup occurred.
Private sector investigators should also be on firm For example, the US FIU is the Financial Crimes
ground concerning the legal requirements of these Enforcement Network (FinCEN) Canada’s is Fintrac.
types of investigative techniques to avoid trespass- FIUs generally collect, collate and analyze substan-
ing or other violations. tial amounts of financial information, much of which
is derived from reporting forms that the financial
Informants. Government agency investigations and business communities of a nation are required
have strict guidelines for the use of informants, while to submit, including suspicious activity reports.
the private sector has few or no restrictions. Infor-
mants usually request anonymity, which may make Information obtained from these sources may serve
their information inadmissible but still a source of as evidence or extremely valuable intelligence and
excellent leads and intelligence. Mandatory disclo- leads. In most cases, the information obtained by
sure to the defense in some jurisdictions may com- FIUs, particularly suspicious activity reports, is not
plicate the use of informants and create evidentiary available to the private sector directly from the FIU,
and security problems. Similar problems rarely but may often be subpoenaed or obtained by other
exist for the private sector. The risks and benefits of legal process from the opposing party that filed a
using information derived from informants must be form. The private sector also does not have access
carefully weighed by both sectors. to the records and assistance provided by Interpol,
whose headquarters is in Lyon, France.
Recording conversations with one party consent-
ing. Public sector investigators can obtain authori- Civil society information. Numerous private sec-
zation, often required from a court, before record- tor organizations that serve as watchdogs, such
ing conversations where one side consents. This is as Transparency International, Open Society Jus-
a significant tool in obtaining evidence and is simi- tice Initiative, Sherpa and Global Integrity, employ
lar to a telephone intercept except that the level of investigators, forensic accountants and attorneys
probable cause required to be shown is generally to gather evidence and intelligence against corrupt
less stringent. In some, but not all, states in the leaders and politicians. Occasionally, they use this
US, a private sector asset recovery team member information in lawsuits to recover assets for the
may record a conversation, either on the phone or victims of corrupt regimes. Other times, the infor-
in non-electronic circumstances, when one party to mation is used for publications and offered to law
the conversation consents. Some jurisdictions allow enforcement and private sector investigators to
this activity by non-government entities, while oth- help bring corrupt officials to justice. This intel-
ers, such as Florida, make it a criminal violation. ligence can be extremely valuable to private and
Careful research of the law in the jurisdiction where public investigators. The private sector and law
operating is essential in these situations. enforcement can use the information as intelligence
and leads to assets. Creating working relationships
Informal international assistance. There are many with these groups is often very productive.
routes of productive informal, non-treaty, interna-
tional assistance that are available to private and
public asset recovery team members. Examples
of informal MLA requests include the use of Inter-
pol, embassy contacts, police-to- police actions, or
national Financial Intelligence Units (FIUs) of the
Egmont Group.
155
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
156
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
boards that are open and searchable with or with- forms can be useful sources of real-time informa-
out an online dating account. tion about a subject. In more than one case, photos
and other information posted to social media sites
“Microblogging” platforms are sites where users have helped to track and locate suspected finan-
share and contribute short messages or photo and cial criminals.
video content, such as Twitter, Tumblr, Facebook,
Instagram and Pinterest. Microblogging can be a MEDIA OUTLETS AND NEWS SOURCES
powerful and extremely fast way to move a message. The media are powerful sources of open-source
Content is typically generated and buried quickly, information. A financial crime specialist will want to
and microblogging platforms have tools to com- research beyond the media releases that are freely
ment (or “like”), and share and spread it. Depend- available from search engine results. Media includes
ing on the audience, messages can be transmitted newspapers, journals and other publications, and
in extreme short-hand or particular style than is radio and television broadcasts. Some of the major
difficult to parse if you are not the intended audi- online newspapers require online subscriptions to
ence. Since users often update them once or many access their material, which may require a fee but
times a day, microblogging and social media plat- will be more effective than searching a stack of
Within the allotted time, the following informa- The advent of social media, such as Facebook,
tion was found on the Internet at no charge: LinkedIn, MySpace and others, has put invalu-
• Mary’s current and previous two addresses able personal information at every financial
crime specialist’s fingertips. Today, people post
• The current value of her house
almost everything online, including information
• A map of the house including aerial views about friends, travel, assets or even their bank.
• The names of her neighbors Postings on Facebook, Twitter and other social
• Her telephone number media exchanges range from daily activities to
personal pictures, making them crucial resources
• Names of relatives for investigations.
157
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
While the data will not be real-time, users may also • Criminal history records
create custom maps to update places of interest and • Court records
obtain other information. This can aid in tracking a • Names and salaries of government and
subject’s activities by potentially revealing details corporate employees
of his or her current location and helping an investi-
gator review locations and confirm addresses. Tools • Business and other government-required
such as Google Maps allow an investigator to get a licenses (liquor, building permits, etc.)
good view of a location, which can be very useful. • Public records by state
• Real estate records
CONDUCTING AN INTERNET AND • Adoption records
PUBLIC RECORD DATA SEARCH • Universal Commercial Code (UCC) filings
Not long ago, checking the real property ownership
of an investigative subject might have taken months. A simple example, from a commercial database and
Real estate ownership in the US is registered at the a social media posting, can demonstrate the power
158
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
of these investigative inquires in financial crime an expensive coastal area. The husband is a public
investigations. official earning a mid-range salary and is suspected
of taking bribes or kickbacks. A former friend of the
Example 1: An informant says the subject of an wife disclosed the Facebook posting. A commercial
investigation was divorced two years ago, but the database search reveals no property owned by the
location is unknown. A commercial database search public official in the coastal town.
reveals the county and state of the divorce. A fur-
ther inquiry discloses that there was a property A subsequent Facebook posting by the wife states
settlement agreement. A copy of this agreement, that she is looking forward to a trip to their new
obtained online for a fee, reveals two bank accounts vacation home this weekend. A surveillance of the
and a Mercedes-Benz vehicle, traced to a dealership. wife and husband Friday evening leads investiga-
Contact with the Mercedes-Benz dealership reveals tors to the property. County records indicate the
a financial statement that discloses additional bank vacation home is in the name of a shell corporation.
accounts and property. A simple Internet search Numerous investigative leads will follow from here,
uncovered more than $1 million in assets. including the tracing of money used to purchase
the property.
It should be noted that bank accounts are usually
found by tracing financial transactions and follow- Meaningful OSINT collection requires creativity,
ing each lead. There is no Internet or government time and monitoring of trends in online tools. A
database of bank accounts. financial crime specialist also needs a deep under-
standing of the industry or individual they are
Example 2: The wife of the subject of a financial researching to conduct productive searches.
crime investigation has just posted on Facebook
that she is very happy with the new penthouse
vacation home that her husband has purchased in INTERVIEWING TECHNIQUES
Few skills are as important to the success of a finan-
cial crime investigation as the command of inter-
viewing techniques. Understanding the different
types of these techniques and their pros and cons is
essential to the success of the interview, especially
in financial crime cases.
159
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
expecting simple and direct answers. The question- copies must be obtained. It is important to
ing is accusatory in nature. understand the motivation of third-party
witnesses, and one must ensure that facts are
In an interview, particularly a financial interview, the not selectively provided.
investigator attempts to develop a rapport with the • Interview of parties who are represented and
witness and looks for detailed answers. Financial not represented by lawyers. In planning to
interviewing involves systematically questioning interview witnesses, cooperating individuals
individuals with knowledge of the events, the people and subjects, it is important to understand
involved and the physical and intangible evidence: and respect the attorney-client relationship.
Represented parties should not be contacted
• Subject interview (custodial or non-custodial). directly, but only through their attorneys,
Custodial interviews by a government depending on the laws of the jurisdiction.
investigator often require the obligation to Failure to identify and acknowledge legal
provide warnings about the right to counsel. It representation can prove devastating to one’s
is critical to document the recitation of required investigation and the admissibility of evidence.
warnings in the country where the interview was
conducted and to remain aware of perceptions
regarding implied custody. The subject must AFFIDAVITS
also understand his ability to walk away, if
An affidavit is a written statement of the witness’
any. In conducting a non-custodial interview,
testimony, made under oath by the witness. It is an
it is important to consider and prepare for
effective tool for locking down testimony of poten-
the likelihood of obtaining incriminating
tially hostile or unreliable witnesses.
statements. Consider protections, perceptions
of custody and other factors in charting your
Keep in mind the following:
course of action.
• The affidavit must be voluntary.
• Interview of cooperating witness. Cooperating
persons can provide intimate details about the • Attester must give oath before a person having
actions, comments, records and assets of a authority to administer the oath.
subject. It is important to maintain transparency in • The affidavit is usually prepared by the
negotiations with a cooperating witness to prevent interviewer, but may be prepared by the
the perception of a quid pro quo arrangement witness, providing it addresses all of the
– i.e., “tell me what I want to hear and I’ll give necessary issues.
you what you want or need.” Informants are apt • It may be constructed contemporaneously at
to manipulate facts and circumstances to fit a the time of the interview or prepared later from
current need. All statements by cooperating the interview notes.
individuals must be corroborated.
• The person signing the affidavit must sign each
• Interview of non-cooperating witness. Other page and initial any changes or corrections.
third-party witnesses can provide information,
leads and documents. Properly document • The affidavit must be signed by the person
all witness contacts and statements. Any taking the oath and (preferably) a witness.
documents received must be authenticated
and the chain of custody established. Any lead
documents need to be followed up, and certified
160
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
161
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
now being tried; however, because of the way it learn what the rules are before undertaking evi-
was obtained, it is not admissible. In most circum- dence- gathering.
stances, any legally obtained information received
as a direct result of the illegal intercept often would Special investigative techniques. In government
not be admissible in court proceedings either, under cases, it is very important to know how evidence
the so-called exclusionary rule2. will be obtained in the requested country if “special
investigative techniques” will be involved. The juris-
Example 2: A news article reports that the alleged diction that is gathering the evidence may have a
ringleader of a fraud scheme has a shell corporation lower standard of probable cause to obtain autho-
in Panama. This is good intelligence, but is not con- rization for the use of invasive procedures, such as
sidered admissible as evidence unless introduced by wiretaps, search warrants and electronic surveil-
someone who has direct knowledge of the account. lance. This may cause the evidence to be ruled inad-
missible when it is introduced in court in the juris-
diction of the requesting country.
FINANCIAL CRIME INVESTIGATIONS
ACROSS INTERNATIONAL BORDERS Dual criminality. In a government financial crime
Instances of large-scale corruption, money launder- case, where the assistance of a foreign nation is
ing, fraud and asset recovery often require assis- requested, it is important to know if the requested
tance from other nations and jurisdictions, which nation requires that the offense being investigated
may have different laws on collection of evidence, qualify as an offense in both jurisdictions before
taking of testimony, investigative procedures and assistance will be rendered.
the level of cooperation afforded to other countries.
For example, most countries criminalize income
When seeking foreign assistance in a government or tax evasion, but Switzerland does not. If a mutual
public-sector case, or when a private sector financial legal assistance request is sent to Switzerland for
crime team seeks to obtain records in another coun- evidence to be gathered in support of a criminal
try, it is important to understand the procedures that income tax investigation, it will be denied.
must be followed to obtain the required evidence.
The following issues may affect the admissibility of One should keep the following considerations in
the evidence that is obtained in that fashion. mind when considering sending a request to a for-
eign nation for assistance:
Testimony of witnesses. If the goal is to use testi-
mony as evidence and the witness will not be avail- • What does one need to ensure that the
able to attend the proceedings in the home country, information gathered in the foreign country
it is important to ensure that correct procedures will be admissible as evidence when it is
are followed during the interview of the witness transmitted?
to preserve the evidence for later use in trial. It is • What are the legal and statutory requirements
necessary to understand the procedures that the of the foreign country? For example, if one is
court will require to admit the testimony of a wit- attempting civil asset forfeiture (non-conviction
ness questioned in a foreign jurisdiction. Some based) and wants assets frozen in a foreign
jurisdictions require that counsel for both sides be jurisdiction, does that country have laws that
present during the questioning. Others require the allow non-conviction-based seizures and
testimony to be taken before a judge. One should forfeitures?
162
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
• Is one legally compelled to inform the subject TAX AND SECRECY HAVENS
of the investigation of the assistance being
Although we covered these extensively in the Tax
requested in the foreign country? For example,
Evasion and Enforcement Chapter, we will briefly
obtaining testimony of witnesses that the
mention them here. Because of their obvious ben-
opposing side may not be able to interview
efits, tax and secrecy haven countries are favored
may result in the statements being deemed
locations of tax evaders, fraudsters and other finan-
inadmissible.
cial criminals to hide unreported income and crimi-
• Will the subject of the investigation be notified nally derived proceeds.
of the requested assistance by the foreign
authorities? Some countries require the holder Secrecy havens are nations, or jurisdictions
of a bank account to be notified prior to the within nations, that typically have the following
disclosure of records to the government. characteristics:
• What level of probable cause is required to
authorize certain enforcement actions or • Few or no taxes
investigative techniques, such as searches • Lack of effective exchange of tax information
and seizures? with foreign tax authorities
• Lack of transparency in the operation of
The best way to answer these questions is to con-
legislative, legal or administrative provisions
tact the proper authorities in the foreign country
prior to sending a formal request for assistance. • No requirement for a substantive local presence
Another source of helpful information may be the • Self-promotion as an offshore financial center
appropriate legal or other attachés in the embas-
sies of one’s country. Requestors should always In recent years, many regions or countries that his-
follow their agency’s internal rules and procedures torically had reputations as secrecy havens, such
in making contact with foreign authorities. Often, as the Cayman Islands and Switzerland, have taken
a phone call to the appropriate person in the for- steps to reform their financial systems and intro-
eign jurisdiction, or to one’s embassies overseas, duce greater transparency. But new havens have
will provide answers to these questions, save time opened their doors, and some in unexpected loca-
and ensure that the evidence is admissible at trial. tions, like the US states of Delaware and Nevada. It
is often very difficult to obtain useful information
One should always keep in mind the resources of on beneficial owners, accounts, legal entities or
one’s embassies throughout the world and the companies in these secrecy havens.
embassies of foreign nations in your country’s capi-
tal city. The US, for example, has embassies or mis- This difficulty may arise because the jurisdiction
sions in more than 150 countries, and, in Washing- restricts what information can be provided in investi-
ton, DC, more than 150 countries have embassies gations, or because accurate information on account
or missions in Washington, DC. All these embas- or business ownership is not collected in the first
sies have officers or attachés that are capable of place. Delaware, for example, does not require any
answering pertinent questions. In all US embassies, information on the true owners of a corporation to
for example, there are representatives of federal be provided at time of incorporation, leading investi-
investigative agencies, such as the Federal Bureau gators to dead ends when they pursue a source to a
of Investigation, whose representatives in foreign shell corporation formed in that state. More informa-
embassies are called Legal Attachés or “Legats.”
163
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
US SECRECY HAVENS
In recent years, national governments of many ficial owners at the time of company formation.
nations, as well as international bodies such as Likewise, no information on the true owners of
the FATF, have highlighted the need for corporate companies is available from Delaware’s corpo-
transparency to help combat money laundering rate registry. Delaware corporations that do not
and tax evasion. Although the US has partici- actually do business in the state of Delaware do
pated in these calls for transparency, critics have not need to file annual income tax reports or
justifiably highlighted the fact that the country company financial statements, allowing the com-
plays host to its own secrecy havens, in the form pany’s financial records to remain private. The
of states with very lax incorporation laws. state also allows for company formation agents
to conduct incorporation, and for the company
Four US states in particular, Delaware, Nevada, to be held in the name of nominee directors and
Oregon and Wyoming, have emerged as popu- shareholders.
lar locations to form shell companies because
of the almost complete anonymity in the com- Despite the increasing attention and public
pany formation process. Delaware is most nota- outcry over the role of US states like Delaware
ble because it offers very low taxes and minimal as secrecy havens, to date these states have
requirements for maintaining a company after resisted calls for increased transparency and
it is formed. stricter customer identification procedures. It
should be noted that the vast majority of com-
Most importantly, Delaware, along with several panies incorporated in Delaware and the other
other states, collects no information on bene- states highlighted are entirely legitimate.
tion on secrecy havens is provided in the Tax Evasion • Other related documents
and Enforcement chapter of this Manual. • Employee interviews
• Whistleblowers or anonymous tips
INFORMATION SOURCES FOR A • Physical property and assets search
FINANCIAL CRIME INVESTIGATION • Information on company structure, directors
Once a financial crime investigation begins, a finan- and ownership
cial crime specialist should start with the least
intrusive methods possible and conduct limited COOPERATING DEFENDANTS
initial interviews and discussions with people least Cooperating persons are usually prompted by simi-
close to the suspected financial crime. This will lar motivations as informants. They may be seeking
strengthen the information in hand before talking to avoid prosecution, or seeking a lenient sentence
to the person or persons directly implicated in the after conviction. They are looking to “cut a deal” or
financial crime. Information sources that are avail- gain favor in exchange for information or testimony.
able include the following: They can provide valuable information on financial
transactions and movements of targets and their
• Open-source intelligence accomplices. They may also identify co-conspira-
• Financial documents tors and lawyers, accountants and other “gatekeep-
164
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
ers” who assisted in purchasing, moving and hiding to provide helpful background information or
funds and other assets. They can also identify the potential leads.
origin and true ownership of assets derived from
financial crime. They may also be able to interpret A private company may have its own regulations
books and records. concerning employee cooperation in an internal
investigation, but it may not conflict with national or
FINANCIAL DOCUMENTS local law. Private company regulations may include
Financial documents are not limited to financial termination for not cooperating during a financial
statements but can include other financial records, crime investigation.
such as receipts, checks and checkbook ledger
and bank records. Financial documents provided EMPLOYER-PROVIDED MATERIALS
or made available by an entity normally require no If the cooperating entity in an investigation is an
court order. Many financial documents, such as an employer, it can usually provide employee e-mails,
employee’s personal bank statements, require a phone logs and computer usage without employee
court order if the employee is not willing to provide permission and knowledge. The e-mail server log
them voluntarily. A selection of some of the most can be useful to show outgoing attachments from
important and common financial documents will be an employee’s e-mail and their file sizes.
covered in detail later in the next chapter, Interpret-
ing Financial Documents. The materials that may be disclosed in investiga-
tions may depend on the laws and regulations of
RELATED DOCUMENTS the jurisdiction where the investigation takes place,
Important information about the culture of a busi- as well as the terms of the employment contract.
ness entity, including the financial condition and Investigators should consult legal counsel if there
direction or pressure from management, may be is a question whether it is legal and advisable to
learned from documents that are not necessarily of obtain and use employee records without consent.
a financial nature. A financial crime specialist should
ask to see an ethics statement for the company, as LEGAL CONSIDERATIONS
well as human resources policies and employee
contracts. If these documents do not exist, ask why. A financial crime specialist should know the legal
process and laws of his or her jurisdiction before and
Another useful document might be the internal bul- during the investigation. Even if the investigation is
letin that gives a sense of the management tone not part of a legal action, it must be documented
and style. If the company is publicly traded and has properly. Documentation should be preserved due
to file with the appropriate regulator, one should to the possibility of a legal proceeding.
review not only the financial documents that were
filed, but also the auditor’s report and other writ- An initial investigation may develop into a criminal
ten statements and footnotes associated with the investigation if it is discovered that criminal activity
financial filings and annual reports. has taken place or is in progress. Law enforcement
involvement may make it easier to obtain some evi-
EMPLOYEE INTERVIEWS dence, such as personal financial documents, for
review. These legal requests typically go through
When planning employee interviews, one should
the court. Evidence seized pursuant to a court order
start with the employees furthest removed from
must be obtained within the scope of the court
the potential financial crime but who are still able
order if it is to be used at trial.
165
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
Exhaustive open-source intelligence (OSINT) work Failure to follow the terms of the search warrant
and client cooperation can lay the foundation of an may render the evidence useless in trial.
investigation if criminal activity has not yet been
determined. Overt, open and non- intrusive evi- For a judge to approve a search warrant request, he
dence gathering will help determine if an investiga- or she must be shown probable cause that a suspect
tion needs to be escalated to a legal action. This will has participated in the criminal activity or com-
also strengthen the case made to a judge in request- mitted a crime.
ing a court order for more intrusive investigation.
SUBPOENA
COURT ORDERS The subpoena is the legal tool most commonly used
If a financial crime specialist has been retained by to obtain information. It is a legally enforceable
an employer to conduct an investigation, he or she command for a specified person or entity to produce
will probably have substantial access to files and records or things at a specified place at a specified
physical property, including the employee’s com- time, either with or without accompanying testi-
puter, electronic data and phone records. mony. A subpoena may be issued by a clerk of court
in connection with a legal proceeding; an attorney
A private sector financial crime specialist may also in connection with many national and state court
be engaged after a law enforcement agency has proceedings; and, in some cases, by law enforce-
begun an investigation. Evidence may have already ment officials and administrative agencies in con-
been seized and removed from the initial placement nection with their investigations and proceedings.
location before the private sector financial crime
specialist ever comes on the scene. During a criminal investigation in many countries,
a grand jury reviews the evidence and decides if
Regardless of the sequence of events, if an inves- the case will go to trial. Further evidence may be
tigator needs a court order to preserve, obtain, requested on behalf of the court through subpoenas.
search and protect information, he or she will likely
need the support of the court and law enforce- There is considerable variation in the subpoena pro-
ment agents to get it. Legal counsel should be con- cess from country to country and even within states
sulted once criminal activity in the matter has been and jurisdictions of certain countries. Generally, a
established. subpoena is a blank document issued by the court
clerk to be filled out by an attorney and then served
SEARCH WARRANT by law enforcement agents.
As an investigation grows, a financial crime special-
ist may need access to property and documents Individuals or entities that fail to comply with a sub-
to which a person has a reasonable expectation poena may be held in contempt of court, which may
of privacy and is not willing to grant permission to include monetary penalties or jail depending on the
access them. jurisdiction. Individuals or entities are subject to the
terms of the subpoena unless they can prove that
Law enforcement agents, usually through a pros- they do not have to comply with it.
ecutor, can request search warrants from a judge,
who may issue them with specific rules for seizing The subpoena process is not necessarily as fast as
and searching the evidence. A search warrant spec- that of the search warrant. A search warrant for
ifies the time, place and items that can be searched. public sector agencies may be preferable if infor-
mation must be seized immediately.
166
@2019 Association of Certified Financial Crime Specialists
CHAPTER 8 • FINANCIAL CRIME INVESTIGATIONS
167
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9
INTERPRETING
FINANCIAL
DOCUMENTS
168
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
169
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
3 It is generally known as an income statement in the US, or profit and loss account in the UK. It can also be referred to as a profit
and loss statement (P&L), revenue statement, statement of financial performance, earnings statement, operating statement, or
statement of operations. We will refer to it as a P&L Statement in this manual.
170
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
• Are there any sources of income that appear the expenses from the gross profit to determine
out of the ordinary, or inordinately high, for the the ‘Income from Operations.’
company or the industry? • And finally, at the bottom, usually after a
• Is the Cost of Goods Sold within industry section for other income and/or non-operating
standards? Are there items in Cost of Goods expenses (such as taxes), will be the ‘Net Profit
• Sold that don’t seem to be connected to the (or Loss).’ This is simply derived from the Income
production process? In the US, due to some from Operations and adding any other income
Tax Court decisions, questionable payments and subtracting and non- operating expenses.
are placed in Cost of Goods Sold rather than
deducted below as operating expenses. Formatting and line items will be different in every
P&L you see, but, in the end, it is simply a statement
• Is the gross profit too high a percentage for of revenue minus expenses to determine net profit
industry standards? or loss for the year.
• Are business expenses delineated, and, if so, are
there indications of where fraudulent expenses In the example, you should notice that a great deal
may be concealed? of the information on the statement is derived
• Are there unusual fluctuations in any from other data on the sheet. To clarify what data
of the revenue or expense categories is derived from other entries; rows that are used
between periods? in calculations are labeled with a letter label. For
example, Total Sales Revenue is labeled with a [J].
Profit and loss statements can be limited by items For derived results, the formula to determine that
omitted (examples are values such as brand recog- row’s value is included in the row. For example,
nition that have no established guidelines for mea- ‘Gross Profit’ is the result of [J] minus [K], and we
suring); by accounting methods used to produce will now refer to gross profit as [L]. In other words,
the numbers (companies in the same industry may gross profit is the total sales revenue minus the
use different depreciation methods); and by mea- total cost of sales.
surements that involve judgment (such as life of an
asset, or estimates of future bad debt write-offs). To further clarify the statement, you should notice
You should always be aware of industry norms when that all ‘cells’ that are calculated from other data
analyzing statements. and not manually entered are shaded grey. Any
changes to entered data in the non- shaded cells
In the following example of a P&L, you can see the should automatically change the results in the
primary elements of a typical statement. Every shaded cells.
company will have a slight variation of this as far
as specific line items—sometimes far more gran- In our example, there are additional columns for
ular, and sometimes less—but all will have three ‘Current Period as a % of Sales’ and ‘% Change from
basic sections: Prior Period.’ You will not always see these on a P&L,
but we include them here to demonstrate some
• The top section will show revenue and cost of of the conclusions you can draw from the data in
sales4, and the result of the revenue minus the our example.
cost of sales which is the ‘Gross Profit.’
• The next section will show all expenses and The first column of those two columns is simply the
derive a sum of expenses. It will then subtract entry in that row for the current period divided by
the total sales revenue for the current period, which
4 This is also known as the Cost of Goods Sold, or COGS.
171
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
Operating Expenses
Sales and Marketing
Advertising 18 22 5.5% 22.2%
Marketing 2 3 0.8% 50.0%
Total Sales and Marketing Expenses [M] 20 25 6.3% 25.0%
General and Administrative
Wages and salaries 22 23 5.8% 4.5%
Supplies 2 4 1.0% 100.0%
Rent 12 12 3.0% 0.0%
Utilities 4 6 1.5% 50.0%
Depreciation 9 9 2.3% 0.0%
Insurance 1 2 0.5% 100.0%
50 56 14.0% 12.0%
Total Operating Expenses [P=M+N+O] 70 81 20.3% 15.7%
172
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
in our example is $400,0005. We can clearly see in and thus will have not profit or loss. However, they
this column that software sales were 32.5% of total often do have reporting requirements, either to a
revenue in 2012. regulator, donors or a board of directors.
The final column simply shows the percentage Instead, they produce a similar statement that
change in that row from the prior period to the reflects funding sources compared against program
current period. This should highlight any signifi- expenses, administrative costs, and other operating
cant year over year changes. For example, the cost commitments. This statement is commonly referred
of supplies increased 100 percent in 2012, or dou- to as the statement of activities.
bled year over year. Granted, the numbers are small
in this example (only increasing from $2,000 to Although not depicted in our example, most P&L
$4,000), but should highlight the kind of year over statements from companies of any significant size
year changes that should catch your eye. include a Notes section at the end. As with any
financial statement, the Notes section is common
What can you determine from this statement? place to hide irregularities.
Usually, any issues will require making an analy-
sis of the results to determine what might be sus- Some questionable entries in the Notes section
picious depending on what you are investigating. might include the following:
On this statement, a financial crime specialist may • Write-downs of inventories
want to look into why the cost of sales for software
• Litigation settlements
increased by 50 percent from one year to the next,
but the revenue from software sales only increased • Discontinued operations
30 percent. There may be a simple and easily • Disposal of assets such as property, plants
explained reason for this, but it shows you the kind and equipment
of item that might warrant more investigation.
• Disposals of investments
Charitable organizations do not produce a P&L • Restructurings activities of an entity
statement. Charities, by definition, are not for profit, • Other reversals of provisions
5 Note that the actual entry in that row is 400, but at the top of the statement you should notice that all numbers are ‘stated in
000s.’ That simply means the statement is in thousands, and you should add three zeros to the end of all numbers on the statement
to get the actual number. This is a common practice to reduce the clutter on a P&L statement.
173
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
As we mentioned in the P&L section, an entity’s bal- • Transfers of assets to Special Purpose Entities
ance sheet shows information on assets and liabili- (SPEs: off-balance sheet entities)
ties for a single point in time. It is, in essence, a net • Personal assets of corporate officers carried on
worth statement for a company. the books of the organization
• Apparent manipulation of the organization’s
The balance sheet should reflect the balancing stock price to meet market analysts’ forecasts
equation: Assets = Liabilities + Owner’s Equity.
Alternatively, you can look at it as the difference The example balance sheet shows the three main
between assets and liabilities equals owner’s equity, sections clearly: assets, liabilities and owner’s
or Assets - Liabilities = Owner’s Equity. Please note equity (sometimes referred to as shareholder’s
that owner’s equity is not always a positive number; equity). Although a balance sheet represents a
a company that is in trouble may have more liabili- moment in time, there may be multiple moments in
ties than assets. time depicted on a balance sheet to show the change
over time. This is typical with a year-end statement.
Assets are usually listed in order of liquidity with In our example, the balance sheet shows the com-
the most liquid assets being listed first starting with pany status on three specific days: December 31 of
current assets. Similarly, liabilities are listed from 2012, 2011 and 2010. This allows us to compare the
short term to long term. Owner’s equity follows the same moment in the year between several years.
liability and loosely is listed in order of liquidity.
The assets section begins with current assets.
The financial crimes investigator can also use a These are defined as assets that will mature in less
company’s balance sheet to locate potential leads than a year or can be liquidated in less than a year.
to various financial criminal transactions. Like the Healthy companies typically have a strong current
profit and loss statement, fluctuations between asset position that can cover all of their short-term
periods will often be a key to uncovering these hid- liabilities, often with a surplus.
den transactions. Some of the things to look for
include the following: The current assets in our example:
• An influx of cash or other liquid assets from non- • Cash and Cash Equivalents – Basically the
revenue sources company’s cash position
• Accounts receivable on the books that don’t • Short Term Investments – Investments that will
correspond to sales and revenues mature in less than a year or that are intended
• Inventory valuations that don’t correspond to to be liquidated within a year. If a company
import or export valuations (a sign of trade- has a strong cash position, it will likely also
based money laundering) have significant short-term investments which
• A significant amount of “goodwill” (see next will yield a higher return than cash or cash
page) from acquisitions equivalents but are still reasonably liquid.
174
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
• Inventory – The value of inventory currently in • Other Assets. Once again, a catchall category
stock but not sold yet for assets not covered elsewhere.
• Other Current Assets – This is, basically, a
catchall section for any assets that have As with the asset section, the liability section begins
value and can be readily liquidated but are with current liabilities, or liabilities that will come
not covered elsewhere in this section. It is not due in less than a year.
uncommon for this to fluctuate over time, but
The current liabilities in our example include
massive changes should be looked into.
the following:
Below the current assets are the fixed assets of the • Accounts Payable. These are the bills owed by
company. These assets are considered less liquid: the company, typically to suppliers.
• Long Term Investments. These are investments • Short/Current Long-term Debt. Short-term debt
that the company intends to hold for more than is debt that will come due in less than a year,
a year and might never mature. Stock positions and current long-term debt is the payment due
in other companies and bonds might fall in on long-term debt with a year.
this category. • Other Current Liabilities. As in the asset section,
• Property, Plant and Equipment (PP&E). This these are liabilities that are not large enough
represents relatively illiquid assets a company to qualify as line items. It is a catchall for small,
might hold and, without reinvestment over time, miscellaneous liabilities.
will decrease due to depreciation. It may be a
very large item for some types of companies or As a general rule, in a healthy company, the current
a very small line item for others6. liabilities should not be greater than the current
assets. Below the current liabilities are the long-
• Goodwill. This is a line item typically found when
term liabilities the company carries. These are lia-
a company acquires another company. In order
bilities that will not mature in the next year.
to balance the books, this is added as an asset
to reflect any premium paid over the book value
As with the asset section, the liability section begins
of the company7. It is intended to reflect the
with current liabilities, or liabilities that will come
intangible assets that are considered part of
due in less than a year.
the purchase, such a brand value or reputation
of the acquired company. Although there was
The long-term liabilities in our example are as follows:
likely a clear reason the company paid over book
value for an acquisition, goodwill is generally not • Long Term Debt. This can represent financing
a good thing to have on the books. on PP&E, bond issues, or any other long-term
leasing or financing relationship.
• Intangible Assets. Assets that are not physical
in nature, such as patents and other intellectual • Negative Goodwill. Negative goodwill is actually
property. Intangible assets are typically very considered a good thing to have on a balance
hard to value and could be inflated on some sheet. This reflects an acquisition where less
balance sheets. than the book value was paid, or basically the
company paid less than the acquisition was
6 For example, a shipping company would likely have a very high PP&E since most of its assets would be in the fleet of ships it owns.
A consulting company would likely have a small number in this line item.
7 The book value of a company is basically the value of its assets minus its liabilities.
175
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
worth. This typically happens in distressed sales (P&L) shows non-cash items such as depreciation.
or a sale in which the assets of the company These are typically produced quarterly by most
being acquired are very illiquid. companies depending on the requirements of the
• Other Liabilities. This is another catchall jurisdiction’s regulator.
category that covers liabilities that are not
covered in another line item. A statement of cash flows is a critical piece of infor-
mation to review to truly determine the health of
Balance sheets in particular, are very industry-spe- the company and to note any irregularities. There
cific. While all will have the general line items found are many ways to manipulate an income statement
here, there will be industry variances. to appear very liquid or profitable, yet the compa-
ny’s cash position is extremely poor.
There are many ways a balance sheet can be manip-
ulated. One example is the early recognition of An example would be if a company wins a large
assets. Assets with long-term contingencies, or contract with a very big customer. On the income
that cannot be billed in the near future, can be rec- statement, it would be recognized as revenue, but
ognized early. These assets could be placed in the they might not get paid for the contract for quite
“accounts receivable” account in order to push up some time. A more accurate look into a company’s
revenue for a given period. liquidity should include a review of their Statement
of Cash Flows.
This is inaccurate because the sale of a long-term
asset beyond a year would be inappropriately clas-
OTHER TYPES OF
sified if put in the accounts receivable account.
Consequently, unusually large accounts receivable FINANCIAL RECORDS
on a balance sheet for a given period should rouse In addition to the usual statements that most com-
the interest of a financial crime investigator. panies are required to prepare, there are myriad
other documents retained that might lead to solv-
This is only one example. There are many others, ing or discovering a financial crime.
such as moving assets from PP&E to current assets
if they are intended to be sold within a year even TRANSACTION RECORDS
though the sale may never happen or the valuation Transaction records kept by financial institutions
may be inflated and not reflective of the likely sale can produce invaluable information. Transaction
price. You need to review balance sheets with a crit- records, such as those that follow, are just the
ical eye to discern discrepancies. beginning of what one can find in a commercial
bank or credit union, otherwise known as a deposi-
tory institution:
STATEMENT OF CASH FLOWS
• Deposit tickets
The statement of cash flows presents the use of
cash and cash generated in a defined period of time • Deposited items (checks and other monetary
(fiscal year ending, quarter ending, etc.). It will be instruments)
broken into three categories: operation activities, • Checks drawn
investing activities and financing activities.
• Debit memos
Although usually issued regularly like the income • Credit memos
statement, the statement of cash flows shows • Outgoing wire transfer orders
actual cash items only, while the income statement
176
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
177
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
Key transaction records that should be tracked are RECEIPTS AND RELATED EXPENSE
records of wire transfers. Wire transfers move funds DOCUMENTATION
from one bank to another within or between coun- Receipts can be helpful for verifying a journal entry,
tries. A wire transfer is initiated by a bank customer a reimbursed expense, or a department’s expenses.
or other person, called the sender, instructing the One red flag to be aware of with receipts is if cop-
bank to send funds by wire to an account or per- ies are allowed or accepted. Copies can be applied
son at another bank. The ultimate recipient is called to more than one account or conceal alterations to
the beneficiary. Sometimes, a wire transfer goes the original.
through or is processed by an intermediary bank.
Another red flag in receipts and expenses investiga-
Many countries require financial institutions to keep tions is the absence of a division of duties in review
records of transactions above certain amounts. In of expenses, or possibly the absence of a review
the US, financial institutions, including broker-deal- system. A proper review system should include ver-
ers, must keep records of the parties involved in wire ifying the expense, checking that it was approved
or funds transfers in amounts of more than $3,000. before the expense occurred, and collection of orig-
These records may be subpoenaed in criminal and inal documentation to support the expense.
civil litigation. Money transmitters, which often
deal in smaller amounts, must also keep records of JOURNAL ENTRIES
their transfers.
Journal entries can be completely falsified, espe-
Once the records are obtained or gathered, the cially in a fraud, to inappropriately recognize assets
investigator should prepare summaries of the infor- or create fictitious assets. They may also be a good
mation in all the financial documents received from source of information on inappropriate revenues or
a financial institution, including the following: expenses. Look for ambiguous entries for “services”
or “consulting” that either the entity does not pro-
• A summary of deposits and withdrawals vide or need. There may also be a trend toward one
• A summary of checks written on the account vendor, employee or department.
• A summary of wire transfers into or out
of the account Another red flag with journal entries are descriptions
that include specifics on extensive payment contin-
• Increases and decreases in account balances gencies, which possibly indicates “channel stuff-
178
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
179
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
refers to a document used in international trade. It • Large price differences between the declared
typically will contain the information necessary for value of the goods and the WCO standard values
presentation of shipping declarations to a customs for similar goods
authority of a particular country. Although there is • Atypical financing for the goods
no standard format for a commercial invoice, the
World Customs Organization (WCO) sets standards • Illogical shipping routes and stops for the goods
for the information needed on the form in an effort on their way to their final destination
to create transparency of information between • Inconsistent size of the declared amount and/
countries. Some of the information contained in a or size of the declared trade goods with the
commercial invoice includes the following: shipping container or the weight
• The parties involved in the shipping transaction • Counterfeit, false documentation
• The goods being transported • False sets of books
• The country of manufacture, and codes
Some of the money laundering methodologies asso-
for those goods
ciated with commercial invoices and trade-based
A commercial invoice must also include a statement money laundering includes under and over invoic-
certifying that the invoice is true, and a signature. ing; misrepresentation of quantity, quality, product,
Due to the amount of information typically required or cost; recycling products; and non-existent or
by customs authorities, the commercial invoice can false products.
provide valuable information to the financial crime
Investigative strategies for commercial invoice
specialist. Caution should always be taken to notice
manipulation include the following:
not just the information that is on the form, but also
what information appears to be missing. • Bank account analysis for unusual deposit
activity associated with the payment
Although estimates vary widely, the consensus is for trade goods
that international trade is one of the biggest vehi- • Analysis of Financial Intelligence Unit (FIU)
cles used by transnational criminal and terrorist reporting of large currency transactions and
organizations for financing and laundering the suspicious activity
proceeds of their illicit activities. Therefore, when
• Analysis of shippers’ import and export
investigating these types of criminal activity, the
declarations against inventory amount and
commercial invoice is a vital piece of evidence
valuation data
needed for analyzing the financial activities of sub-
jects of the investigation. Commercial invoices are • Spot inspection of import or export trade goods
also critical evidence in customs duties, tax evasion for quality and quantity comparisons to the
and alternative remittance systems investigations. commercial invoice
Following are some of the red flags for the finan- Sources of information available to the financial
cial crime specialist in analyzing commercial crime specialist in investigations involving commer-
invoice data: cial invoicing include freight forwarders, insurance
companies, transport companies, customs services
• Discrepancies in the description of goods
and shipping companies.
shipped between the commercial invoice and
other documentation
RECONCILIATIONS ON
INTERCOMPANY ACCOUNTS
180
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
Intercompany transactions can be material, such as Cancelled checks have always provided one of the
a transfer of inventory or allocation of R&D costs most fruitful caches of leads for the financial crime
between units. However, if the company does not investigator because one document may provide
correctly reconcile these transactions with a pol- the complete picture of a financial transaction,
icy to investigate discrepancies, it could result in an including date to amount, the recipient of the funds,
overall company material misstatement. the payer of the funds, the method and location of
negotiation, and the final disposition of the funds.
This may be in error or intentional, but will start with This has changed to some extent in the US with
an investigation on how transfers of inventory are the advent of laws allowing digital copies of checks,
initiated, received and reconciled. which eliminates the need to retain the physical
copy. Other countries now have similar laws in place,
There are many ways to overstate income or assets: so the financial crime investigator should be well-
• Bill and hold transactions. These overstate versed in his or her country’s rules regarding can-
revenue when a company invoices the customer celled check retention.
and records the sale as recognized even though
the asset remains in the seller’s physical Copies of cancelled checks are still maintained by
possession until a later date. A sign of fraud banks in accordance with regulatory requirements of
would be the seller counting both the “inventory the countries in which they are located. Paper copies
not yet shipped” as “inventory on hand,” as well of cancelled checks may not be available to custom-
as recognizing the revenue from the sale. ers of the banks and, thus, not available for subpoena
or search warrant. However, the electronic age has
• Late recognition of returns. This could be brought new formats and record retention, which
another form of “earnings management” or when understood may provide better and quicker
a sign of theft and fraud. If returns are not access to the financial information associated with
recognized at all (for example the inventory the traditional cancelled check. Since all of the data
count does not change to the return), this could is now captured electronically, it can be searched
be a fraud at point of sale/point of return. This and retrieved with greater accuracy and quickness.
can be incredibly hard to detect, especially if
there is collusion. The following outline identifies some lines of inquiry
• Mark-to-market accounting. This is an the financial crime specialist should follow when
accounting practice that refers to recording dealing with cancelled checks:
assets or liabilities based on their current A. Business or personal check
market price, rather than their historical costs.
Although an entirely legitimate practice if done • May identify an unknown bank account
correctly, it can also be used to commit fraud, −− Who owns or opened the account?
particularly in situations where it is difficult to −− What is the source of funds going into
determine an accurate market price for assets. the account?
• Inappropriate inventory write-off. This is the −− What other account activity is connected
moving, spoiling or destroying of inventory to the subject or identified associates or
to change year-end reporting or to hide co-conspirators?
employee theft.
• May identify a nominee, front or shell company,
CANCELLED CHECKS or associate the subject is using to conceal
illicit proceeds
181
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
182
@2019 Association of Certified Financial Crime Specialists
CHAPTER 9 • INTERPRETING FINANCIAL DOCUMENTS
• Subpoena municipal and state tax authorities erally need a clear and thorough understanding of
for copies of tax returns filed by the subjects in how the data were obtained and who was involved
their jurisdiction in gathering, storing and transmitting it. For some
investigations, including those involving multiple
countries or jurisdictions, this can be challenging.
PROTECTING THE EVIDENCE
At the beginning of an investigation, one does not Professionals should determine if they need parties
have a clear picture of which financial documents with technical skills to ensure data are captured
will be relevant and which will not. Thus, all finan- correctly at the outset and preserved throughout
cial documents should be handled as if they will be the process of investigation. If the source, origin and
material evidence in a future legal proceeding or chain of custody of data are not clear, the ability to
action. A proper chain of custody must be followed. enter that data into evidence may be compromised.
Chain of custody procedures include a documented For example, let’s say an investigator involved in
chronology of the handling of the document or an anti-corruption probe has requested payment
physical evidence. Important chain of custody doc- records from an affiliate of a multinational corpora-
umentation may include the following: tion. The affiliate is in another country. The investi-
gator receives the records on a hard drive, but there
• Where the item was initially located
is no accompanying documentation explaining how
• Who collected it the data was originally obtained, which employees
• Where it was filed were involved in handling it, and the process they
followed. This lack of clarity will greatly reduce the
• Documentation of each person who handled it
chances that the payment records could be used in
Whenever possible, original documents should be a legal case.
obtained, or it should be noted why the originals
were unavailable. This makes it extremely import-
ant to protect and control the document. Detailed
and accurate chain of custody records will help if
evidence is ever altered or damaged – either acci-
dentally or intentionally.
183
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10
MONEY AND
COMMODITIES
FLOW
OVERVIEW
184
CHAPTER 10 • MONEY AND COMMODITIES FLOW
In the execution, cover-up, laundering and ultimate money movement popular in parts of the world like
use and enjoyment of financial crime proceeds, the the Middle East and Africa, which moves billions of
money or commodity that is involved typically must dollars in paperless form often without leaving trails.
be transferred through multiple accounts, vehicles
and entities. This “flow” of money or commodities
linked to financial crime is executed and directed FREQUENTLY USED VEHICLES
by the financial criminal and his collaborators and TO MOVE MONEY
co- conspirators. The collaborators and co-conspir- We first examine the tools that financial criminals
ators could include a banker or corporate official, use most often. Some methods to move money and
who knowingly or unknowingly is an accomplice in other assets include the following:
the criminal operation. The word “commodities,”
• Checks
as used here, refers to value or goods obtained
through illegal activity. • Wire transfers
• Electronic transfers
Without the successful movement or flow of the
• Correspondent banking
criminal proceeds and their ultimate use, the finan-
cial criminal cannot succeed. His goal is to take • Private banking
from, or deprive, someone or something, such as • Informal systems for the movement of assets
an institution or government agency, of money
• International trade, including trade finance
or other assets. The vital step in the process is to
move the proceeds of his crime for his own purpose • Currency
and enjoyment. • Securities and financial products and
instruments, such as futures, bonds, derivatives
This chapter will discuss some of the major methods and insurance policies.
that are employed in the movement of money and
other financial assets. This will include red flags that Two of the old but popular informal methods to
financial crime specialists should look for in their move funds include Hawala and the so-called Black
work of examining money flows. Market Peso Exchange, which are covered later in
this chapter.
The number of money movement mechanisms is
limited only by the creativity and ingenuity of the Among the emerging technologies that serve to
financial criminal. Wire and electronic funds transfer move money and create new challenges for finan-
facilities, currency, international trade, Hawala, and cial crime specialists are the following:
mobile money and other vehicles spawned by new
• Virtual currencies and online money exchanges
technologies are just a few of the avenues available
to move money and value at various phases of the • Pre-paid cards
financial crime process. • Mobile payments
As new routes are opened by technology, the old USE OF MULES AND OTHER
ones do not go away. They remain, leaving financial THIRD PARTIES
crime specialists with a constantly growing list of
Money mules are persons who move criminal pro-
routes through which money can move. Thus, the
ceeds for the purpose of disguising the identity of
new technological vehicles stand alongside ancient
the beneficiary or source. Sometimes they are will-
ones, such as Hawala, a centuries-old method of
ing participants who know they are moving crimi-
185
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
nal proceeds, and other times they are unwitting • Note any large checks or transfers that do not
participants who have been recruited through fit the normal pattern of the general use of
the Internet or e-mail scams. The typical scheme the account.
involves placing a large deposit into the account of • Canceled checks often have notes and numbers
the “mule,” who then moves the money to another written on the back by bank employees,
account or person, retaining a fee for his service. indicating such things as the purchase of a
cashier’s check or use of the funds for a wire
transfer. The financial crime specialist should
CHECKS AND BANK STATEMENTS
make notes of all these markings, including
Virtually everyone is familiar with a check, the paper the names of the bank employees, and start an
document that orders the payment of money from inventory of all accounts to which transfers are
the account of the writer, known as the drawer, at made, the names of any reference to individuals
a bank or other financial institution to the account and other information.
of the receiver. The use of paper checks and other
documents as the primary means of making pay-
ments in the financial system has fallen significantly CORRESPONDENT
in recent years. Also, most financial institutions no
BANK ACCOUNTS
longer have an obligation to return canceled checks,
thus reducing, or making more difficult, the amount A basic domestic bank typically only offers
of information that can be gathered unless the local services to customers, including depos-
information is subpoenaed in an electronic format. its and loans. If those customers travel outside
In addition to examining the paper or electronic of the bank’s operating region, accept inter-
version of a check, the examination of a bank state- national deposits or engage in other activities
ment, which may or may not include digital copies outside the bank’s coverage area, the bank
of checks, can be very useful in mapping the flow of either needs to open a new branch or make
money or other assets. arrangements with a correspondent bank.
Opening new branches may not always be fea-
When a financial crime specialist has the oppor- sible or desirable, so a correspondent bank
tunity to review checks and bank statements, it is account provides a convenient solution.
wise to be guided by these procedures:
A correspondent bank is a financial institution
• Make note of payees on a check, especially that acts as an agent for another bank, provid-
corporations, trusts, foreign entities and other ing services and products in an area the other
organizations. bank does not operate in, so its customers can
access things like wire transfers and interna-
• Compare the payees to the endorsers or the
tional deposits. This allows banks of all sizes
ultimate deposit accounts to determine their
to do business in other regions and countries
consistency, among other things.
without having to open new branches, keep-
• Pay attention to checks drawn to cash, which ing these services at an affordable price for
will often provide information about the customers. Banks of all sizes can act as corre-
recipient and his or her related organizations. spondent banks, and numerous international
• In reviewing a bank statement, make note of financial institutions have a correspondent
the volume of checks and the pattern of use of banking branch to provide services to smaller
the account. banks with less reach.
186
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
187
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
The Basel Committee on Banking Supervision Outgoing funds transfers requested by a non-cus-
issued a May 2009 paper on cross-border cover tomer or account holder. If the policies of a bank
payments called the BIS Cover Payments Paper. or other financial institution permit the purchase of
It encouraged financial institutions that conduct a wire transfer by a non-customer, especially one
international payments transactions to adhere to for a significant amount, the institution should be
the message standards developed by the Wolfsberg extremely careful about the identities of the parties
Group in 2007, and others. and the destination of the money, especially to an
offshore location.
RED FLAGS OF WIRE TRANSFERS
Laws and regulations have been enacted in many Wire transfers that do not make sense or appear
countries attempting to make it difficult to exploit to have no legitimate business reason. A customer
wire transfers to move criminal money. The follow- who engages in frequent wire transfer activity that
ing types of funds transfer activities should be scru- is not justified by his or her normal circumstances
tinized closely because they can serve to move illicit should receive extreme scrutiny by the financial
funds. This is not meant to be an exhaustive list, and institution, and, in appropriate circumstances,
their mere existence in a scenario does not equate become the subject of a suspicious activity report.
to criminal activity. However, mapping the flows and
A customer with low account balances who
objectively determining a valid reason for these
sends or receives frequent wire transfers. This
transactions is a very important step in financial
type of activity should prompt suspicions among
crime investigation, prevention or detection.
the employees of the affected financial institution
because it is not logical for a customer with low
Because of their thoroughness and completeness,
account balances to be serving as a conduit for
this listing borrows from some of the elements
incoming and outgoing funds transfers.
contained in the guidance published by the United
States Federal Financial Institutions Examination
A quick succession of incoming and outgoing wire
Council (US FFIEC), an umbrella organization that
transfers in similar or exact monetary amounts.
serves as a forum for the collaboration of various
Often, this pattern of wire transfers of like amounts
US financial institutions and regulatory agencies.
in and out of an account or related accounts close in
time should raise deep suspicions. A customer may
Funds transfers to tax and secrecy havens. There
also receive several small incoming wires, and then
are more than 60 such havens around the world.
send a large transfer to another city or country.
What jurisdictions can be considered secrecy
havens is a much-debated issue. Some commonly
Customers with cash-intensive businesses that
cited examples include Switzerland, Lichtenstein,
send large funds transfers. This situation could
Panama, the Cayman Islands, the Cook Islands, the
reflect several illegal financial activities, including
US states of Delaware and Nevada, and others.
tax evasion, laundering of the proceeds of other
crimes, and the payment or transmittal of funds
Funds transfers that are subject to instructions to
destined for corrupt payments. In general, busi-
“pay upon proper identification.” The “PUPI instruc-
nesses that are cash-intensive should receive scru-
tions” are made to the receiving bank. Financial
tiny, and when they involve frequent wire transfers,
crime investigators should be alert to the amount
special scrutiny is recommended.
that is transferred for signs that it may be just under
the amount that triggers a currency transaction
report to the authorities in the receiver’s country.
188
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
Unusual funds transfer transactions by correspon- This method, which is now known by the popu-
dent banks or other financial institutions. Trans- lar name Trade-Based Money Laundering (TBML),
actions with one’s own institution by foreign corre- was recognized by the Financial Action Task force
spondent banks always deserve scrutiny because in 2006 as one of the three principal avenues for
of the history that correspondent accounts have moving money to disguise or integrate criminal
of being involved in a multitude of financial crimes proceeds into the legitimate economy or to move
and money laundering. Suspicious activity by these money needed to finance other crimes, including
institutions may include a volume of wire transfers terrorism. The FATF defines TBML as ‘the process of
that is inordinately large in relation to the size of the disguising the proceeds of crime and moving value
bank, the large volume of funds transfer activities through the use of trade transactions in an attempt
that are inconsistent with the size and policies of to legitimize their illicit origin.’ In 2008, the defini-
the institution, and a high volume of funds transfers tion was revised in the FATF Best Practices Paper to
of similar amounts on one or consecutive days. expand the definition:
Out-of-country funds transfers that are incon- “…the process of disguising the proceeds of crime
sistent with the customer’s profile or business. A and moving value through the use of trade trans-
domestic customer who engages in international actions in an attempt to legitimize their illicit ori-
funds transfers in amounts or frequency that are gins or finance their activities.” (Emphasis added).
inconsistent with the nature of the customer’s legit-
imate business may indicate involvement in a finan- TBML may be accomplished by using combinations
cial crime, including money laundering. of over-valued or under-valued imports and exports
to achieve a transfer of money from one coun-
Payment for international funds transfers with try to another.
several monetary instruments. A customer who
pays for outgoing international wire transfers with
189
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
190
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
191
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
IVTS businesses pre-date traditional banks. Initially, a system by which illicit proceeds are laundered
they offered barter systems to resolve accounts through a combination of exchange of currencies
and to foster trade. But the systems have survived and international trade in goods.
and today are used to send money worldwide. Com-
mon types of IVTS include Hawala networks and the A BMPE, despite the name, does not have to involve
Black Market Peso Exchange. pesos, although the scheme originated in Colom-
bia and is still prevalent there. Traditionally, laun-
BLACK MARKET PESO EXCHANGE dering through BMPE begins with the proceeds of
The Black Market Peso Exchange (BMPE) method narcotics sold in the US. These funds are in US dol-
is an elaborate means of moving money and laun- lars. Narcotics traffickers then contract with money
dering criminal proceeds. In broad terms, BMPE is exchangers, referred to as “cambistas” or peso bro-
kers, to purchase the dollars at a reduced rate. The
An Illustration of a Colombian Black Market Peso Exchange Ring, Broken Up in 2005 by US Law Enforcement as Part of an Initiative
Called Operation Mallorca. Source: US Drug Enforcement Administration
192
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
cambista holds accounts in financial institutions in A basic example of a Hawala transaction would be
both the US and Colombia. a customer from country X seeking to send money
or satisfy an obligation to another from country
The cambista then swaps the US dollars for pesos Y. A hawaladar from country X would then receive
with import/export businesses in Colombia and funds from country X and provide the customer
other Latin American countries. These businesses from country X with an authentication code. A cor-
need US dollars to purchase and import goods responding hawaladar from country Y would be
from the US, which range from tobacco products to instructed to deliver funds in the currency of coun-
home appliances. Many businesses involved in the try Y to a specified beneficiary, who needs to dis-
BMPE are completely legitimate, while others ille- close the authentication code to receive funds.
gally smuggle goods from the US to avoid customs
duties. In either case, businesses typically receive Another example of how Hawala works is found in a
US dollars at a significantly lower rate than the offi- report titled, The Hawala Alternative Remittance Sys-
cial exchange rate. tem and Its Role in Money Laundering, by the Finan-
cial Crimes Enforcement Network, FinCEN, a bureau
Cambistas then pay off narcotics rings in Colombia of the US Department of the Treasury and Interpol.
with the pesos they receive from these businesses,
completing the BMPE cycle. As cambistas receive Note the trust that is inherent in the example that
substantial commissions and fees from the exchanges, follows. Tariq gave his money to Yasmeen and
and businesses receive a favorable exchange rate, the received no receipt. He trusts that the Rs 180,000
BMPE can be quite profitable for all parties involved. will reach his brother, Waleed. Yasmeen keeps track
That is one of the reasons the scheme has been so of how much money she owes Ghulam and Ghulam,
successful in past years. Greater awareness of BMPE of course, will keep track of what Yasmeen owes
has led many US financial institutions to restrict or cut him. The relationship between Yasmeen and Ghu-
off business with suspect Colombian and other South lam could be one of several types:
American peso brokers, lessening the impact of BMPE 1. They could be business partners or individuals
in recent years. Nevertheless, the financial crime spe- who do business together on a regular basis.
cialist should remain aware of it, especially if they are It could be in addition to other business they
pursuing a case or assignment in a jurisdiction where engage in, such as CD or video import or
use of BMPE is common. a tour agency
2. Ghulam could owe Yasmeen a debt, and this is a
HAWALA
way to repay the debt,
Hawala is a type of IVTS that began in India but is 3. Yasmeen may have a surplus of rupees, and this
now used around the world, particularly in Asia and is a way to liquidate the surplus.
the Middle East. It has been referred to as an under-
ground banking system. This is not entirely correct In the above example, neither number 2 or 3
because many hawaladars, as they are called, con- require Ghulam to recover any money. But in the
duct business in the open, legitimately, with adver- first example, further interaction is needed to bal-
tising and competition. ance the books.
Hawala is based on trust and there is little paper The lack of formal structure in Hawala leads to a
trail, such as checks or other instruments. Hawala less bureaucratic approach than formal financial
relies on strong personal and family connections institutions and, to those who use it, is thought to be
and other affiliations. more reliable and convenient. As there is no paper
193
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
• The bank will charge $25 to issue Tariq calls the number and speaks with Yasmeen.
a bank draft. She offers him the following deal:
This will allow Tariq to send Waleed Rs154,225. • A fee of 1 rupee for each dollar transferred
Delivery would be extra—an overnight courier • 37 rupees for a dollar
service because surface mail is not always reli- • Delivery is included
able, especially if it contains something valuable,
and can cost as much as $40 to Pakistan—and Under these terms, Tariq can send Waleed
take up to a week to arrive. Tariq believes he Rs180,000. He decides to do business
can get a better deal through Hawala, and talks with Yasmeen.
to Iqbal, a fellow taxi driver who is also a part-
time hawaladar. The Hawala transaction proceeds as follows:
• Tariq gives the $5,000 to Yasmeen.
Iqbal offers Tariq the following terms:
• Yasmeen contacts Ghulam in Karachi and
• A 5% “commission” for handling
gives him the details.
the transaction
• Ghulam arranges to have Rs180,000
• 35 instead of 31 rupees for a dollar
delivered to Waleed.
• Delivery is included
194
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
trail or actual transfer of funds between institutions, USING SECURITIES, FUTURES AND
cultural factors such as kinship and ethnicity play a DERIVATIVES TO MOVE MONEY
vital role in the facilitation of the transactions. Trade in securities represents a multi-trillion dollar
sector of the global economy, with millions of stocks,
REASONS FOR USING HAWALA bonds, derivatives, futures, credit swaps and other
Hawala may seem like a lot of trouble in today’s financial instruments being sold and purchased on
world, when money can be moved rapidly through dozens of exchanges worldwide. The actors involved
the traditional banking system or through elec- in securities trading include most of the world’s
tronic means. However, Hawala offers many advan- largest banks, major international investment firms
tages, according to these points gleaned from the and government entities such as sovereign wealth
above-mentioned study by FinCEN and Interpol: funds. They also include an array of smaller broker-
• Cost effectiveness age firms, sole proprietorship broker-dealers and
individual traders. Together with banking, the secu-
• Efficiency
rities industry is one of the key ways that persons
• Reliability worldwide access the global financial system.
• Lack of bureaucracy
Monitoring securities trading presents a distinct
• No paper trail
challenge, as it can not only be used to launder and
• Allows evasion of taxes move the proceeds of criminal activity, but also
COMMODITIES TRADING
TO MOVE MONEY COMMON INDICATORS OF
One emerging method of moving funds is commod- SUSPICIOUS ACTIVITY
ities purchases and trades. In these situations, a Some of the most common indicators of sus-
financial criminal will purchase a type of commod- picious activity in the securities industry are:
ity and export it to a “beneficiary.” Purchase orders,
• Changing share ownership when making
invoices and other records lend an air of legitimacy
a transfer across borders
to the transaction.
• Liquidating what would usually be a long-
Once the commodity is received in the destination term investment within a short period
country, it is sold locally, which accomplishes the • Using a brokerage account similar to a
task of exchanging one currency for another. Some- depository account
times, a third country is utilized to further obscure
• Opening multiple accounts or
the transaction.
nominee accounts
• Engaging in transactions involving
nominees or third parties
195
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
be manipulated to earn illicit proceeds. As insider A similar type of security is a “bill of exchange” in a
trading and other forms of securities fraud are jurisdiction where it is redeemable upon presenta-
addressed in the Understanding and Preventing tion. Similar to the bearer bond, a bill of exchange
Fraud chapter, this chapter focuses on using secu- may be viewed as having a high level of risk of being
rities as a mechanism for transferring dirty money. used in a financial crime scenario or to launder
The financial crime specialist should note that secu- criminal proceeds.
rities fraud and laundering through securities are
often closely interconnected. SECURITIES TRADING AS LAYERING
Purchasing most securities on exchanges or mar-
The laws governing securities trading vary consider- kets almost always requires an account of some
ably from jurisdiction to jurisdiction, as do the reg- kind held with a securities broker, which is typically
ulatory and enforcement frameworks around secu- funded by another account at a financial institution.
rities markets. Many of the larger global exchanges, As a result, securities trading is not often the first
such as the London or New York Stock Exchanges, stage in laundering dirty money. However, because
are closely watched by a number of market reg- securities trades can be executed in high values
ulators and oversight bodies. Other exchanges and large volumes, they do represent a potential
receive considerably less scrutiny. In a 2010 typol- avenue for layering illicit proceeds, by quickly cre-
ogy report, the FATF found that, generally, suspi- ating a chain of transactions to obscure the source
cious activity reporting by the securities industry of the funds.
worldwide remained low, potentially due to a lack of
awareness of AML and terrorist financing issues in One example of this is wash trading of stocks, or
the securities field. simultaneously buying and selling shares of stock
in the same company through two different brokers.
The term “securities” refers to different types of Although this is usually done as a form of market
financial instruments issued by companies and gov- manipulation in order to make it appear as if there
ernment entities. A complete explanation of the is a high level of trading activity around a certain
instruments that qualify as securities is beyond the stock, it can also be done simply to pile up transac-
scope of this manual, especially as types of securi- tions and layer funds.
ties continuously grow and evolve. Further reading
is advised for the financial crime specialist involved Another sign that securities trading may be lay-
in cases involving securities. ering is if a broker is directed to make many rapid
purchases of a security with no discernible pattern,
BEARER SECURITIES purpose or underlying market rationale, and then
Although most securities are not now maintained sell these securities after holding them only briefly.
in paper form, “bearer” securities, including bearer
bonds, still exist in certain jurisdictions. These DERIVATIVES
instruments are owned by the person who “bears,” Derivatives come in three forms: futures, options
or possesses them. Once a bearer instrument has and swaps. Using derivatives to move money
been issued, the holder can transfer it to another derived from financial crime requires at least a cur-
recipient without the need to record the transaction. sory understanding of how derivatives work.
Bearer securities can be deposited into a brokerage
account and then be used to make other trades or Derivatives are essentially a bet on which direction
to withdraw or wire the entire funds. the price will move for some underlying value, which
196
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
WASH TRADING
Futures: A financial contract obligating The most common technique used in derivatives
the buyer to purchase an asset (or the trading to obscure illicit funds is known as wash trad-
seller to sell an asset), such as a physical ing. The financial criminal establishes two accounts.
commodity or a financial instrument, at a One account, the “dirty money” account, is held by
predetermined future date and price. a seemingly unrelated party. The second account is
held by the party that should “receive” the payment,
Options: Financial derivative that repre- such as a politician who may be receiving a bribe.
sents a contract sold by one party (option This scheme, of course, requires the assistance of a
writer) to another party (option holder). complicit broker.
The contract offers the buyer the right, but
not the obligation, to buy (call) or sell (put) The financial criminal and the broker agree to set
a security or other financial asset at an up two positions that offset each other. When the
agreed-upon price (the strike price) dur- positions come due, the loss is assigned to the dirty
ing a certain period of time or on a specific money account and the gain to the clean money
date (exercise date). account. The difference in the two is the cost of
laundering the money.
Swaps: Traditionally, the exchange of one
security for another to change the matu- OTHER DERIVATIVE TRADING RISKS
rity (bonds), quality of issues (stocks or
Derivatives can be used in a multitude of other com-
bonds) or because investment objec-
binations to create the illusion of legitimacy while,
tives have changed. Recently, swaps have
at the same time, moving money across borders to
grown to include currency swaps and
further a financial crime, launder criminal proceeds
interest rate swaps.
or finance terrorism. Taking offsetting positions
that result in double commissions for the complicit
broker, options trading with offshore companies,
can be a commodity, a share of stock, a financial client- originated insider trading, swaps in the com-
asset, foreign exchange or an index of these. The modities market and auto-trading are some of the
party betting that the price will go down is said to schemes or factors that have been noted in recent
be “short” on the contract. The party betting that years as vehicles for moving money.
the price of the underlying value will go up is said to
be “long” on the contract. If the price of the under- The real complexity of a derivative lies in the under-
lying value moves, there will be a winner and a loser lying contract, which is also often complex. The
in connection with the contract. If the price goes FATF has said in a report: “The way in which deriva-
up, the long side wins. If the price goes down, the tives are traded and the number of operators in the
short side wins. market ensure that there is the potential to obscur-
ing the connection between each new participant
The key to money laundering with derivatives is to and the original trade.”
manipulate the two sides of the contract in such a
way that the losing side is associated with the dirty
money, and to ensure that both sides are partic-
ipants in the money laundering scheme. Thus, the
winning side gets clean money from successful con-
tracts, a legitimate source of income.
197
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
198
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
199
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
restricting or not allowing the card to be reloaded, EMERGING PAYMENT METHODS AND
limits the ability to store and move large amounts THEIR FINANCIAL CRIME RISKS
of value. Again, these thresholds and load moni- In Kenya, a trader in precious metals buys and sells
toring systems should be tailored to the intended gold using funds stored on his cell phone. In Ger-
use of the card and the type of customer. If reloads many, a customer buys electronic goods over the
are allowed, prepaid issuers typically should limit internet with Bitcoins. In the US, a user of Second
the amount that can be loaded onto the card in a Life uploads funds into an in-game account in order
given timeframe. to purchase virtual items.
Be able to identify the source and location of
All of these scenarios are examples of emerging
loads and reloads. Prepaid providers should mon- technologies to move and transmit funds called
itor the geographic location and flag or potentially “new payment methods” by the Financial Action
block cards loaded or reloaded from unexpected Task Force. Online communication tools, social and
and high-risk jurisdictions. They should also have gaming networks, and mobile devices such as smart
mechanisms in place to know the source of reloads, phones and tablets, are opening up more avenues
whether that is cash, credit card, wire transfer or for storing and transferring value than ever before.
money order. Many of these payment methods are either so
new as to be entirely unregulated, or intentionally
Monitor the number and type of cards issued to
designed in such a way that they can be used anon-
any given customer. A customer holding dozens or
ymously. As such, the attraction for financial crimi-
hundreds of prepaid cards without any compelling
nals is obvious, especially as the web-based nature
business reason would obviously raise major red
of many of these tools makes it possible to move
flags. Issuers should track the cards it issues to cus-
funds internationally with only a computer and a lit-
tomers and place limits as appropriate.
tle creativity.
Conduct due diligence to understand all parties
It is difficult to judge the financial crime risks of
involved in the issuance of cards in a prepaid pro-
these new payment methods, as most have only
gram. Prepaid cards are typically issued by banks,
been in existence a handful of years. Despite the
many of which are smaller regional institutions.
attention they have received from some compliance
These banks often outsource the actual operations
professionals and law enforcement agencies, there
and maintenance of their card programs to third
are very few well-documented cases of the pro-
parties, including the compliance function. Whether
ceeds of financial crime moving through venues like
the financial crime specialist is advising a prepaid
mobile payments and virtual currencies. With that
issuer or investigating a case involving prepaid
said, it is still important for the financial crime spe-
cards, they should understand who ultimately con-
cialist to understand these methods and recognize
trols cardholder information, and who is responsible
their potential vulnerabilities. As they continue to
for supervising compliance.
grow in use and amount of value being transferred,
it is almost inevitable that they will be exploited by
Prepaid card issuers must also be alert to the
financial criminals in some capacity.
responsibility of suspicious activity reporting
requirements. Some jurisdictions require suspi-
MOBILE PAYMENTS
cious activity reports to be filed with the perti-
nent authorities on prepaid activity, similar to the It is estimated that in 2012, roughly 1.5 billion peo-
requirements on other financial transactions. ple had direct access to a financial institution, yet
there were more than five billion cell phones. With
200
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
phones and other mobile technology proliferat- One risk of such a system is “digital value smurfing,”
ing, the potential to transfer, send or receive funds which simply means using multiple money mules or
through mobile devices, or “mobile payments,” rep- “smurfs” to make small cash deposits of financial
resents a rapidly growing new financial service. crime proceeds into their mobile accounts. Once the
money is in the mobile payment system, the smurfs
Currently, mobile payment systems are most com- can then transfer the virtual value into an account
mon in developing countries like the Philippines, controlled by a launderer or other financial criminal.
Ghana and especially Kenya, where access to banks
or other traditional financial services is often lim- Such a scheme has none of the typical difficulties
ited. Depending on the size and sophistication of associated with bulk cash smuggling. Because many
the system, mobile payments can be used to deposit mobile payment networks are relatively unregu-
and withdraw funds from accounts, transfer funds lated, it could also evade currency and transaction
between phones, and buy goods and services. Some reporting requirements placed on more traditional
employers will even pay their employees directly to financial institutions.
their phones. Mobile payments have also become
a popular means for emigrants to remit payments In addition, mobile payment systems may make it
back to their home countries. easier for launderers and other financial criminals
to erase their tracks, as they usually leave behind
Perhaps the best example of a mobile payment sys- fewer records than more established financial
tem in action is Kenya’s M-PESA. Launched in 2007, transactions. Law enforcement would be left with
M-PESA relies on a network of more than 100,000 little physical evidence that a financial crime took
small businesses, who register as agents with the place, and if the mobile payments are transferred
mobile payment system. An M-PESA user can then across borders, they may lack jurisdiction to pursue
bring cash to these agents, who will then exchange the financial criminal.
it for virtual value credited to a user’s M-PESA
account. Users can then exchange this value with VALUE TRANSFER THROUGH
other M-PESA users, buy items at some stores VIRTUAL WORLDS
and restaurants, or withdraw the value as cash at As online role-playing games became increasingly
another agent. As of late 2012, more than $1 billion popular worldwide, some began incorporating the
was transferred through M-PESA each month. ability to convert real-world currency into virtual
value that could be used to purchase items in the
game. As these games continued to develop, some
of the larger and more sophisticated ones spawned
virtual economies where items, services and even
virtual real estate could be bought and sold. Criti-
cally, some even developed means to convert vir-
tual value back into real-world funds or other assets.
201
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
transfer that value to an organized crime group by Less than two years later, Nakamoto ceased pub-
purchasing items in the game world. Additionally, lic communications and effectively disappeared.
some virtual worlds require little information from Whether he is a real person, a pseudonym used by
users to open accounts, allowing financial crimi- someone else, or a group of individuals is still not
nals to enter these online communities and conduct clear. But in the years since, the Bitcoin system has
transactions with relative anonymity. grown dramatically, launching a new era of digi-
tal currencies.
One of the oldest and most robust virtual worlds for
the exchange of real and virtual value is Second Life. Digital currencies existed prior to Bitcoin, some
An online community of roughly one million users dating back to the 1990s, and the name can refer to
worldwide, it allows users to create characters, a wide variety of electronic money and value trans-
design virtual items and create in-game buildings fer systems. Some of the earliest digital currencies
and structures. All these items and this real estate were systems that allowed users to open and fund
can be bought and sold, using an in-game currency accounts tied to the price of gold or other precious
called “Linden Dollars,” named after the company metals, and conduct transactions with other users.
that created Second Life. Linden Dollars can be pur- More recently, “decentralized” digital currencies
chased with real-world currency, and traded back based on mathematical systems, like Bitcoin, have
into real-world currency through the company’s risen to prominence.
currency exchange. In 2012, roughly $119 million
was traded on Linden’s currency exchange.
Virtual Since their beginning, digital currencies have
worlds have almost no oversight from any regula- attracted vocal supporters who claim they are the
tory body. As a 2012 report on currency trading future of money and payments, and equally vocal
in virtual worlds from the European Central Bank critics who argue they mostly exist for illicit trans-
stated: “Every criminal act which takes place in the actions. To date, both sides seem partially right.
real world might also be reproduced and adapted to Some digital currencies are innovative and have
Second Life and probably also to other virtual com- potentially far-reaching applications. But like any
munities. But the likelihood is even stronger as a system that can be used to store and transfer value,
result of the lack of proper regulation and oversight they are also vulnerable to use by money launder-
and owing to the high degree of anonymity that ers, cybercriminals and terrorist financiers.
exists in these online worlds.”
The FATF uses the terms “virtual currency” and
“digital currency” interchangeably. It defines these
DIGITAL CURRENCIES currencies as “a digital representation of value that
In October 2008, someone going by the name of can be digitally traded and functions as a medium of
Satoshi Nakamoto published a paper, which detailed exchange, a unit of account, and/or a store of value.
the development of a peer-to-peer electronic cash
system, to a mailing list for programmers and cryp- The FATF notes that digital currencies are not issued
tography researchers. or backed by any country or jurisdiction – they hold
value only due to their acceptance by a user com-
A few months later, Nakamoto released the source munity. Digital currencies are separate and distinct
code for the project outlined in the paper, and from “fiat” currencies, the real-world money issued
became the first person to hold currency generated by national governments. Some digital curren-
by this new system: Bitcoin. cies, in fact, were originally intended by their cre-
ators as replacements for fiat currencies. In broad
202
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
terms, digital currencies can be divided into two By their nature, centralized systems are more eas-
types of systems. ily subjected to regulatory oversight or enforce-
ment. One person or entity administers them, in
CENTRALIZED CURRENCIES some cases running the platform off of a handful of
Centralized currencies exist on their own propri- servers. If the person behind the system is arrested,
etary platform and are operated by a single com- or the servers seized, a centralized currency can
pany or person, usually referred to as the admin- essentially disappear overnight.
istrator. While users hold accounts and can initiate
transactions, the administrator sets the rules of Closed-loop currencies are less at risk for money
the system and acts as an intermediary to process laundering than open-loop or convertible ones, and
transactions and maintain a payment ledger. their use in financial crime schemes is generally lim-
ited to smaller transactions by lower-level criminals.
Most centralized currencies are “closed-loop” or
non-convertible, meaning they can only be used However, savvy financial criminals have figured
for transactions on a specific platform. Some are out ways to exploit even seemingly obscure value
“open-loop” or convertible, meaning they can be transfer systems for their own benefit, and closed-
exchanged for fiat currencies. Common examples of loop digital currencies are no exception. Secondary
closed-loop systems are the currencies used to buy markets or unauthorized exchanges have devel-
and sell items in online games and virtual worlds. oped around some non-convertible currencies,
allowing users to convert virtual funds back into
Users can transfer real-world money onto accounts fiat currency.
in these closed-loop systems and conduct trans-
actions between users of the system, but typically DECENTRALIZED CURRENCIES
cannot spend or convert the currency outside of Decentralized currencies do not have an adminis-
the platform. trator, and there is no single entity that controls
them. Instead, they operate on a peer-to-peer
model. The platform that maintains and adminis-
ters the currency is distributed between the users,
and its rules and operations are established by its
programming.
203
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
while they may sound complex, most cryptocurren- into circulation. Through its programming, Bitcoin
cies are fairly simple to obtain and use. has a cap on the total number of Bitcoins that will
be brought into circulation, at 21 million.
Bitcoin has become the de facto standard for cryp-
tocurrencies, although there are many others Resolving the mathematical puzzles required for
inspired by Bitcoin that have tried to present them- mining takes substantial computational power. To
selves as modified or improved versions. As of early incentivize mining, the system rewards miners with
2018, some of the more popular cryptocurrencies a small transaction fee. When a new Bitcoin is peri-
after Bitcoin were Ethereum, Litecoin, Zcash, Dash, odically released into circulation, the miner who
Ripple and Monero. unlocks that Bitcoin also receives it as a reward.
Mining has become significantly more difficult
The most common way that users obtain Bitcoins, over time, due to the programming constraints of
or other cryptocurrencies, is through an exchange. Bitcoin. Some other cryptocurrencies also rely on
These exchanges operate similarly to securities mining as part of their operations, while others use
trading accounts, with the prices of currencies con- different models.
stantly changing. Exchanges generally will require
a users’ real name and contact information, and Because setting up accounts on digital currency
conduct customer due diligence before open- platforms is often a quick and easy process that can
ing an account. be done online, these systems lend themselves to
“micro-laundering.” A launderer may open multiple
Customers can then purchase digital currencies different accounts under his control on a currency
through bank accounts or credit or debit cards. platform, and use them to send many different
Some exchanges also provide wallets or electronic small-value payments to other recipients.
storage for a user’s Bitcoins. Users can also cre-
ate their own wallet online. A wallet comes with a This technique takes advantage of the ability to con-
unique address that allows users to receive Bitcoins. duct rapid or instantaneous payments using digital
currencies. W the amounts transmitted in each pay-
Once they have obtained and stored Bitcoins, users ment may be very small, a criminal can move large
can transfer payments using the recipient’s public sums quickly by conducting hundreds or even thou-
address, purchase items from retailers who accept sands of low-level transactions.
Bitcoin, buy gift cards, or even exchange Bitcoins for
other digital currencies. There were nearly 100,000 CRYPTOCURRENCY AND MONEY
retailers that accepted Bitcoin as of mid-2017. LAUNDERING RISKS
Why would a money launderer, fraudster or other
There are several other ways to obtain Bitcoins and financial criminal decide to use a cryptocurrency?
other digital currencies besides purchasing them After all, there are established money laundering
from an exchange, including through “mining.” In channels that are proven to be effective, and pay-
simple terms, mining involves using computing ment systems like money remitters have transac-
power to solve complex mathematical formulas, tion fees that are comparable or lower than many
and is an integral part of how Bitcoin and some cryptocurrency exchanges.
other cryptocurrencies operate.
Furthermore, cryptocurrencies are a tradable asset.
Mining helps process transactions in Bitcoin, and Speculation on cryptocurrency markets can lead
maintains the currency’s open payment ledger, or to large fluctuations in their price, and their value
“blockchain.” It is also how new Bitcoins are released tends to be less stable than many real-world cur-
204
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
rencies and investments like real estate. Although use of financial institutions and the regulatory over-
their acceptance by retailers and even some finan- sight that comes with them, is another reason why
cial institutions is growing, the ability to convert financial criminals might exploit cryptocurrencies.
cryptocurrencies into cash, or use them to buy
goods and services, is still more limited than real- It is worth noting that there is a major caveat in Bit-
world currencies. coin’s perceived anonymity. All transactions in Bit-
coin are stored on its public ledger, or blockchain.
However, there are key features of cryptocurren- If someone – for example, a law enforcement agent
cies that may make them attractive to the crim- – knows the addresses of the sender or recipient,
inal element: they can theoretically trace the transaction through
the blockchain.
ANONYMITY
Much of the concern from law enforcement and In 2015, agents with the FBI and IRS Criminal Inves-
regulators has focused on the potential for largely tigations Division were able to trace nearly 4,000
anonymous transactions using cryptocurrencies. Bitcoin transactions to Silk Road, a notorious online
drug bazaar. This tracing was possible after agents
Many exchanges will conduct customer due dili- seized a laptop containing the personal addresses of
gence, monitoring and reporting on the funds com- Ross Ulbricht, Silk Road’s owner and operator, and
ing into customer accounts. Once funds move from analyzed these addresses against the blockchain.
real-world currencies into cryptocurrencies, how-
ever, they become much more difficult to trace back For this reason, Bitcoin is often referred to as pseu-
to a real person. Once a customer has transferred do-anonymous. Even if a transaction is traced, it
Bitcoins purchased on an exchange into his wallet, can be challenging to tie an address back to its true
the transaction trail is obscured from the eyes of owner, and requires extensive investigation.
law enforcement and regulators.
SPEED AND IRREVOCABILITY
At this point, cryptocurrency transactions act simi- An individual who orders a wire transfer for payment
larly to transactions in cash. Users can transfer cur- to a recipient overseas may have to wait several
rency to other users, buy goods or services or store days for the transaction to clear. During that time,
currency in an online or offline wallet with little to the bank will conduct due diligence checks on the
no reporting or audit trail. customer and recipient, and the transaction could
be cancelled or reversed if it is found to be fraudu-
Although exchanges require a user to provide his lent or in violation of sanctions.
real identity, wallets typically do not – many can
be opened using only an email address and alias Cryptocurrency transactions have no such limita-
or fake name. Wallets can be held on a user’s own tions. Once initiated, the currency leaves one user’s
device, such as a computer, phone or even USB wallet, is processed through the ledger, and enters
drive. Addresses tied to these wallets, and used to the recipient’s wallet in a matter of minutes or less.
transact in Bitcoin and other cryptocurrencies, can Transactions are usually irrevocable. Like a cash
be hard to link back to an individual or entity. payment, there is no built-in mechanism to reverse
a cryptocurrency payment unless the recipient sim-
Unlike cash, digital currency users do not need to ply agrees to return it.
physically move large volumes of currency or be in
the same area to conduct transactions. This ability Many exchanges and service providers will respond
to conduct cross-border transactions, without the to user complaints, and may shut down accounts
205
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
suspected of illicit activity. But the decentralized ers have little ability to recover them. The same
nature of cryptocurrencies means there is no sin- is true for cybercriminals offering hacking skills
gle administrator to police transactions or field or malware, or sellers of narcotics or illegal goods,
appeals from users. who want to ensure they will be paid without hav-
ing to reveal any personally identifying informa-
From the perspective of a criminal conducting an tion to buyers.
online fraud scheme, this makes cryptocurren-
cies an appealing option. Online Ponzi and pyra- INCONSISTENT REGULATION AND
mid schemes will often ask for payment in Bitcoin ENFORCEMENT OF DIGITAL CURRENCIES
or other cryptocurrencies, ensuring the fraudster In the early days of digital currencies, lawmakers
receives his funds quickly and defrauded custom- and regulators in many jurisdictions seemed baffled
A Notice Posted on the Dark Markets Alphabay and Hansa After Both Were Seized by Dutch Police in 2017. In Recent Years, Law
Enforcement has Become More Adept at Dark Web and Cryptocurrency-related Investigations.
206
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
by what to make of this strange new phenomenon. Digital currencies are widely used in markets for
Cryptocurrencies seemed especially confusing. illegal goods and services online, however. Digital
currencies have become the preferred payment
Some countries ignored them, some outlawed their method for illicit online transactions, especially on
use entirely, and still others debated whether they the dark web. The “dark web” describes an Internet
were even a financial asset that should be subject network that exists outside of the “surface web,” or
to regulation. That debate continues, but some the online world that most people typically inter-
nations have adopted a framework for regulating act with through their browser. The dark web can
parts of the digital currency world. The most com- only be accessed through specialized software and
mon approach has been to focus on regulation of is not discoverable through search engines or web
digital currency administrators and exchanges. indexing tools.
In the US, Canada and European Union, for example, The largest and perhaps most well-known dark web
administrators and exchanges are considered to a is accessible through The Onion Router (Tor), an
form of money services business, and subject to the online anonymity tool. Tor is free software that any-
same AML regulation as other MSBs. This includes one can download. It was initially developed to help
customer due diligence, transaction monitoring, persons in repressive countries access the Internet
reporting and record-keeping requirements. Glob- and avoid government censorship.
ally, the regulatory framework for digital currencies
remains inconsistent and varied. Some countries It directs an individual’s online activity through a
still do not regulate digital currency exchanges; oth- network of more than 7,000 relays, disguising a
ers have regulations on the books but do not seem user’s true location and making it difficult to con-
to enforce them. Whether and how individuals have duct online surveillance on a user. Web sites can
to report their digital currencies for tax purposes is be configured so that they are accessible only to
also unresolved in many countries. computers running Tor software. This has created a
hidden online environment shielded from the public
CRIMINAL USE OF DIGITAL CURRENCIES view of the surface web.
AND THE DARK WEB
If digital currencies are vulnerable to use by finan- Much of its dark web is innocuous. There are per-
cial criminals, there is an obvious question: What sonal websites, blogs and even social media sites
are criminals using them to do? similar to Facebook, but, inevitably, criminals have
also been drawn to the dark web. There are forums
Much concern about digital currencies has focused where credit card fraudsters trade tips and share
on their potential for money laundering by transna- skills, and others where cybercriminals discuss new
tional organized crime groups and terrorist finan- malware and attack techniques and offer sugges-
ciers. As of mid-2017, researchers and law enforce- tions on easy targets. Criminal actors have also set
ment have found infrequent though growing use by up dark web marketplaces, where a vast array of
organized crime rings, and limited cases involving illegal goods and services can be purchased using
terrorist financing. cryptocurrencies.
In July 2017, a report by the European Commission Many well-trafficked illicit bazaars in the Tor dark
noted that use by organized crime was “quite rare” web, such as Silk Road, Silk Road 2.0 and AlphaBay,
at that time, and suggested that digital currencies have been closed by law enforcement or shut down
presented a higher bar for entry and were less con- by their own creators. Yet each time, others open up
venient than other money laundering methods. to take their place.
207
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
These marketplaces act as a middleman, provid- At the same time, institutions should recognize that
ing the online platform to connect sellers and buy- there is nothing inherently suspicious about pur-
ers. Many will mimic the functionality and even the chasing or transacting in digital currencies. Most
appearance of legitimate surface-web retail sites, customers are likely to be moving funds to a digital
such as eBay or Amazon. Markets may specialize currency exchange for a legitimate purpose.
in one type of good or service, but larger ones will
usually have a variety of offerings. Specific digital currencies rise and fall in promi-
nence, and some have disappeared completely.
Cryptocurrencies have enabled these dark markets
to thrive. The ability to conduct rapid cross-bor- However, the concepts underlying digital currencies,
der payments that do not require trust between especially the decentralized public ledger or block-
buyer and seller makes cryptocurrencies ideal for chain, are here to stay. As innovation continues and
illicit online transactions. Most marketplaces only mainstream use increases, blockchain applications
use Bitcoin or other cryptocurrency as their pay- are poised to expand into the new fields, and digital
ment mechanism. currencies seem likely to become a widely accepted
part of the global financial system.
DIGITAL CURRENCY COMPLIANCE
CONSIDERATIONS
HUMAN TRAFFICKING AND
Along with overtly criminal marketplaces, there are
thousands of legitimate merchants who accept dig-
FINANCIAL FLOWS
ital currencies, on both the dark web and surface A lucrative and rapidly growing criminal activity,
web. They range from global corporations such human trafficking is by most estimates second only
as Microsoft and Dell and online retailers such as to drug trafficking in its global scale and profitability.
Overstock to travel sites such as Expedia, along
with many smaller sites and stores. Some bars and On the positive side, awareness of the issue has
restaurants have adopted Bitcoin payments. Even greatly increased in recent years, as have resources
some political parties and non-profits have begun to train financial crime professionals to spot illicit
taking donations via cryptocurrency. financial flows tied to human trafficking. Some
countries have also seen positive results combat-
As digital currencies become more mainstream and ting human trafficking with initiatives to increase
more merchants start accepting them, criminals cooperation and information-sharing between law
who transact in cryptocurrencies have more outlets enforcement and the financial sector, such as Proj-
to use their illicit proceeds. Even so, criminal actors ect Protect in Canada.
may still want, or need, to convert digital currencies
back into real-world funds to bankroll ongoing oper- Despite these advances, the statistics behind
ations or enjoy their ill-gotten gains. This creates an human trafficking remain staggering. In 2017, the
interface with financial institutions and raises com- International Labor Organization estimated that
pliance concerns for AML professionals. forced labor generated more than $150 billion per
year from nearly 25 million people in involuntary
Banks and other financial institutions should con- servitude. Of those people, the largest portion – 16
sider monitoring their customer accounts for sig- million - were in forced labor in private sector work
nificantly large or frequent funds transfers to and like agriculture, construction and domestic ser-
from digital currency exchanges. These transac- vice. An additional 4.8 million were in forced sexual
tion patterns could indicate potential illicit activity exploitation, while the remaining 4.1 million were in
involving digital currency. forced labor from government authorities.
208
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
A 2016 report by the United Nations Office on Drugs A thorough assessment can help respond to these
and Crime, Global Trafficking in Persons, found that questions. Some factors to consider can include:
71% of victims were female, though the proportion of • Geographic region – Is the institution
male victims had grown rapidly in recent years. The providing services in a jurisdiction with high
report also found that 28% of victims were children. prevalence of trafficked individuals, or in a
human trafficking corridor? Reports from the
A growing body of research and intelligence on UN Office on Drugs and Crime, FATF, the US
human trafficking has led to a more nuanced under- State Department and others can help identify
standing of its financial footprint, which can vary higher-risk regions.
widely based on the type of trafficking and exploita-
tion that is taking place. Human trafficking schemes • Customer type – Business types at higher risk
are diverse, and how they register as incoming for use in sexual exploitation have historically
and outgoing financial flows can be very different included massage parlors, online and print
depending on the details of the scheme, including classified ad providers, bars and nightclubs,
factors like: and hotels/hospitality industry providers,
among others.
• The recruitment and transportation mechanisms
used for trafficked individuals, ranging Business types at risk for forced labor
from forcible abduction to false promises of commonly include agriculture, low-skills
employment, immigration or even marriage. manufacturing, construction services,
transportation service providers, and labor
• Whether the perpetrators are operating brokers or recruiters, especially those focused
domestically or internationally on seasonal or transient work.
• How the perpetrators benefit from trafficking • Products and services – Like any financial
and exploitation – For example, whether funds criminal, human traffickers are versatile
are taken from victims of forced labor in cash, or opportunists, and will rely on nearly any
whether wages are stolen after being deposited financial service that is accessible and
in a bank account, or by other methods. convenient. Historically, schemes have
operated with prepaid cards, cash and money
As such, there’s no “one-size-fits-all” approach to orders to take funds from victims and finance
detecting and preventing human trafficking within operations, though the use of personal bank
the context of a financial crime compliance pro- accounts is also common.
gram, nor one comprehensive list of red flags.
More recently, law enforcement agencies in
For this reason, it’s important for financial insti- some countries have an increase in the use of
tutions and other organizations to consider their digital currencies and email money transfers,
exposure to human trafficking as part of risk assess- such as those offered by Paypal, in sexual
ment, and to drill down on the specific types of traf- exploitation cases. In one case in Canada,
ficking they may be dealing with. Should an institu- victims of sexual exploitation were being paid
tion on focus personal accounts that may be held in bitcoin and email money transfers, which
by victims of sex trafficking, or business accounts once received were immediately sent to
being utilized by companies abusing forced labor? another account.
For non-financial companies, are there human traf-
ficking risks within the supply chain?
209
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
210
@2019 Association of Certified Financial Crime Specialists
CHAPTER 10 • MONEY AND COMMODITIES FLOW
Q 10-2. A young woman, who is a national of Country A, works as a caregiver for a family in
the US. She sends much of her earnings to support her family back in Country A by giving the
amount in cash to a local grocer, whose family is also in Country A. Once the grocer receives
the cash, he calls his partner who runs a market in one of the larger cities in Country A. From
there, the young woman’s family can pick up the money sent.
What is the name commonly used to describe this form of remittance transaction?
A. Cash transfer
B. Hawala
C. Referral Banking
D. Black Market Peso Exchange (BMPE)
211
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11
COMPLIANCE
PROGRAMS
AND CONTROLS
OVERVIEW
212
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
These compliance programs have compelled var- tinct financial crime units into an overall unit that
ious business organizations to create new depart- may be called “The Financial Crimes Risk Manage-
ments to ensure obedience with the legal require- ment Program,” or something similar.
ments. Over time, these compliance departments
have grown dramatically in terms of the number How does one create such a program and the
of people involved, the diverse occupational fields accompanying structure?
that these people represent, and their cost to the
organization. In fact, regulatory agencies not only A compliance structure for a financial crimes risk
review the operations of the business organization management program involves multiple coordinated
to ensure that it is not conducting or facilitating the functions. As with any compliance program, its suc-
particular financial crime activity that is the agen- cess requires development, implementation and
cy’s jurisdiction, but they also examine the com- ongoing operation, effective corporate oversight and
pliance department to enure that it is sufficient to the interaction of executive leadership, key group
guard the organization against the pertinent finan- and line of business leaders, compliance, product
cial crime problem. managers, the legal department, an auditing process
and other employees across the organization.
CONVERGENCE OF FINANCIAL
CRIME FUNCTIONS One essential element, if the organization is large
enough, is a governance function. This element of
As compliance programs have grown, so have their
the overall financial crime compliance program
structures and focus. One of the significant devel-
should set policies and have an effective and effi-
opments in compliance program management and
cient method of implementing them across the
organization in recent years is the concept of “con-
entire organization, including ways to handle
vergence.” Just as the term “financial crime” con-
requests for exceptions and exemptions.
notes an embrace of distinct components of that
term, including corruption, money laundering, fraud,
sanctions and related crimes, convergence signifies ORGANIZATIONAL OVERVIEW OF
the enveloping of distinct financial crime-control
FINANCIAL CRIME CONTROLS
functions to improve effectiveness, efficiency and
economy in compliance by business organizations, A company’s size, structure, complexity and risks
including financial institutions. are the basis of internal controls designed to limit
213
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
and control risks and achieve compliance with the • Monitoring the activity of both employees
appropriate laws. Internal controls are typically and third parties when they act on behalf
divided into “preventive” and “detective,” although of the company
they are not strictly linear. In whatever names the • Screening, blocking and rejecting transactions
controls are labeled, a program should be designed and customers appropriately
to promote a strong compliance culture that pro-
vides oversight and permits members of the group • Reporting these matters (and other regulatory
to challenge persons in the business units and the reporting requirements, including CTRs)
examiners, as appropriate. • Exiting customer relationships
• Compliance testing
Preventive controls include the following and others:
• Maintaining corporate financial crimes Prevention and detection depend on the following:
policy program • Employees who design, build and implement the
• Maintaining a customer identification and policies and controls
due diligence program that identifies and • Processes and procedures that implement and
prevents inappropriate people and entities from integrate those controls in the line of businesses
becoming customers or a representative in a and operational groups
foreign country, and has a process to exit risky
• Technology that leverages these employees
relationships after being discovered
and processes
• Providing appropriate training
• Training to ensure employees understand the
• Performing appropriate risk assessments and risks and controls
gap analysis
• Providing line of business reporting, issue POLICY PROGRAM
remediation and root cause analysis Effectively implemented and sustainable policies
• Preparing useful senior management and are one of the cornerstones of a strong risk man-
board reporting agement program. One way of accomplishing this
is to require central policies that lines of business
• Maintaining functions that promote liaison with
implement by developing procedures to meet them.
the audit unit and coordination of examinations
This allows roles and responsibilities to be clear.
Detective controls include the following duties An effective policy program should also include
and attributes: the following:
214
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
PRODUCT RISK
RISK ASSESSMENTS
Having a product or service risk policy for new and
Risk assessments should be based on the govern- modified offerings allows an organization to have
mental requirements and designed so that they are a more comprehensive view of its overall financial
conducted at a business unit level that then can be crime risks.
aggregated for other units, including at the cor-
porate level.
SANCTIONS COMPLIANCE
For financial crimes, a risk assessment should fol- The laws of certain countries impose sanctions, or
low a documented process. It is useful to apply the authorize regulations imposing sanctions, against
following categories to a risk assessment process: specific foreign governments, organizations and per-
• Types of distribution channels used by the sons. Sanctions generally prohibit transactions with
business unit countries, individuals and organizations and require
• Complexity of the business unit’s that transactions involving them be blocked. The
business model laws that authorize sanctions also usually impose
penalties on individuals, financial institutions, or
• Degree of change in the business other businesses and organizations that conduct
• Amount and type of growth in the business transactions or engage in commerce with the sanc-
tioned nations, individuals and organizations.
215
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
216
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
must be blocked. OFAC’s website, at www.ustreas. sanctioned entities or regimes. Sanctions lists, such
gov/offices/enforcement/ofac, provides information as those of OFAC, consist of SDNs and countries, as
on US sanctions policy and sanctioned nations, per- well as economic sanctions against specific coun-
sons and organizations. tries or regimes as part of specific laws.
The sanctions program of a financial institution or The US has comprehensive sanctions in place
other business must not only employ and continu- against a number of countries, which as of May
ally train employees on sanctions policies, enforce- 2017 included Cuba, Myanmar, Iran, North Korea,
ment and compliance, but it should also ensure its Sudan and Syria. These prohibit most forms of
procedures provide current information on sanc- trade and financial transactions to these countries.
tions developments worldwide, including new and There are also targeted sanctions in place against
modified sanctions. Close monitoring of transac- over 5,000 individuals, businesses, nonprofits and
tions to ensure they do not involve a sanctioned entities, including terrorist organizations, drug
nation, individual or organization and prompt block- traffickers and organized crime figures located
ing of those that do, coupled with effective internal anywhere in the world.
reporting and training, are essential elements of a
good sanctions compliance program. Entities that are owned by these specially desig-
nated nationals, or in which SDNs have a more than
50 percent stake, must be treated as SDNs. All
SANCTIONS
US citizens, corporations and legal entities must
COMPLIANCE PROGRAMS comply with US sanctions. In addition, any person
Sanctions programs of various nations, such as or entity physically located in the US must comply
those managed by the US Treasury Department’s with US sanctions, including branches of non-US
Office of Foreign Assets Control (OFAC) or the financial institutions located in the US.
UK Treasury, are designed to block or prevent the
transfer or use of funds through the global financial The procedures that institutions use to enforce US
system by certain designated entities or countries. sanctions on financial transactions will vary some-
Usually, sanctions compliance is an important com- what depending on the terms of the specific law
ponent in the organization’s overall AML program. imposing that sanction. In general, however, institu-
Sanctions carry heavy civil and criminal penalties, tions will follow these steps:
ranging from large fines to criminal prosecutions, • The originator and recipient of a transaction
as well as significant reputational damage. are screened against lists of sanctioned
countries and SDNs.
Sanctions program laws and regulations in vari-
ous countries include a number of obligations and • Transactions that match an entry on the
expectations. Principal among these are the block- sanctions list must be “blocked,” or prevented,
ing of funds and rejecting of transactions involving from being processed. The funds must be placed
217
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
in a separate, interest-bearing account at the Even non-US institutions with very limited US oper-
institution. ations, or only one branch in the US to conduct dol-
• Based on OFAC recommendations, institutions lar-clearing transactions, must still comply with US
should conduct a thorough review against a sanctions. Failure to comply with OFAC sanctions
variety of information sources and databases, can incur very high monetary and criminal penalties,
or contact OFAC directly, before blocking a including up to 20 years in prison for individuals.
transaction. Institutions should only block
transactions if there is an exact match with an This fact has been vividly demonstrated by
entity or individual on a sanctions list. Partial or enforcement actions recent years, including in a
inconclusive matches are not sufficient grounds major sanctions case against British bank Stan-
to block a transaction. dard Chartered that ended in nearly $800 mil-
lion paid to US state and national enforcement
• The institution must submit a blocking reporting agencies. Standard Chartered was based almost
with OFAC within 10 days of blocking the entirely outside the US, but had one office in New
transaction. York that it used only for clearing transactions in
• The institution cannot notify the person, US dollars. The fact that it routed transactions that
company or organization that the transaction violated US sanctions through this office was suffi-
has been blocked. cient to trigger liability.
218
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
Generally, EU sanctions tend to be more targeted −− Adequate controls to identify and terminate
against certain persons and entities, and are typ- correspondent and other relationships with
ically not blanket measures on a country-wide banks, vendors, partners and other entities
level. OFAC sanctions, on the other hand, tend to whose owners have links to, or present a high
be more comprehensive, banning all business or risk of involvement with, terrorist financing
financial transactions with sanctioned individuals or corruption
and entities. • Becoming knowledgeable about the different
sanctions lists and executive orders the
EU sanctions apply to any persons or entities either institution or organization is subject to. Lists
physically located or incorporated in the EU. They typically used globally by several of countries,
also apply to any business conducted “whole or in include OFAC SDN lists of the US, Canadian
part” within the EU by any person or entity, regard- sanctions lists (OSFI), the UK Her Majesty’s
less of their nationality. Like OFAC sanctions, they Treasury list, and the UN global sanctions
also apply to foreign subsidiaries of EU-based com- lists. In addition, each list has its own nuances
panies or entities. and some laws and executive orders of
different nations apply to every individual and
In regard to financial accounts, some EU sanc- organization associated with certain countries.
tions will require financial institutions to freeze the
• Establishing a sanctions risk assessment to
accounts or assets they hold for a customer if the
determine which areas of the organization
institution discovers that customer is a match with
are more vulnerable. Risk mitigation controls
a person or entity on the EU sanctions list.
can help reduce exposure to sanctions
violations and better focus the overall sanctions
ESSENTIAL ELEMENTS OF A SANCTIONS
compliance program, resulting in proper
COMPLIANCE PROGRAM
attention, coverage and allocation of resources.
In recent years, sanctions around the world have
• Leveraging the combination of technology
been one of the most active areas in compliance.
and procedures to help prevent or detect
Many new names have been added to sanctions
manipulation of payments information, such as
lists, including individuals and firms linked to terror-
wire-stripping, where key details are removed
ist organizations, drug dealers and cartels, and spe-
from a wire or message to avoid sanctions
cific sanctioned countries. Sanctions compliance
requirements and accommodate payments to or
programs, coupled with active enforcement by per-
from sanctioned parties.
tinent government agencies, are an effective tool
in reducing the money that reaches these types of • Development and delivery of training
individuals and organizations. programs to all pertinent employees and
key operational areas. This includes the wire
A sound sanctions compliance program should transfer departments in a financial institution,
include the following components, according to to ensure that the employees understand
widely accepted best practices: sanctions compliance requirements. This
can help them determine if a transaction is
• Development and implementation of
permitted by law, and to identify potential red
policies, procedures and processes to
flags and know the mechanism for reporting
ensure full compliance with all sanctions
suspicious or unusual activity.
prohibitions, including:
• Implementation of a regular program
−− The freezing, rejecting and reporting of
of testing and annual updates of the
appropriate transactions
risk assessment.
219
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
220
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
221
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
Every financial institution, non-bank financial ser- • An assessment of the risk associated with each
vices entity or other business provider faces great line of business
AML compliance challenges. These challenges • An enterprise-wide assessment to identify
include increased costs and protection of the orga- systemic risk that is not apparent in a line of
nization from abuse, including protecting the integ- business or unit-focused risk assessment, such
rity of the financial system and the economies of as in the case of financial institutions and the
the countries in which they operate. risk associated with foreign correspondent
banking, remote deposit capture, private
They must achieve compliance while operating banking, mobile banking and other high-risk
in a competitive environment and trying to meet products, services and customers
their targets for revenue, operating margins and
return on assets. Thus, organizations are pushed Risk scoring models generally use a weighted
to “do more with less” to endeavor to keep compli- numerical ranking of risk and look primarily at the
ance costs as low as possible, while ensuring that “triad” of customer, product/service and geography.
compliance needs are met. Unfortunately, in some Risk models should also take into account the line of
organizations, the commercial business side of the business because certain lines, such as private ban-
staff often prevails over the compliance side and king or correspondent banking and financial institu-
engages in business or transactions that are either tions, for example, are considered more vulnerable
non-compliant or illegal. This can result in signifi- to financial crime, including money laundering.
cant adverse consequences, publicity, fines, forfei-
ture and prosecutions.
222
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
• Foreign corporations and domestic business • Trust and asset management services
entities, particularly offshore corporations, • Monetary instruments
such as domestic shell companies, Private • Foreign correspondent accounts, such as bulk
Investment Companies (PICs) and international shipments of currency, pouch activity and
business corporations (IBCs), located in higher- payable through accounts (PTA)
risk geographic locations
• Trade finance
• Deposit brokers, particularly those based in
• Services provided to third party payment
other countries
processors or senders
• Cash-intensive businesses, such as convenience
• Foreign exchange
stores, restaurants, retail stores, liquor stores,
cigarette distributors, privately owned ATMs, • Special use or concentration accounts
vending machine operators and parking garages • Lending activities, particularly loans secured by
• Foreign and domestic nongovernmental cash collateral and marketable securities
organizations and charities • Non-deposit account services, such as non-
deposit investment products and insurance
223
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
HIGH-RISK JURISDICTIONS AND • The risk model may take into account whether
GEOGRAPHIC AREAS a country is a member of FATF or of a FATF-
Identifying geographic locations that may pose a style regional body, and has implemented
higher risk is essential to the compliance program practices commensurate with international
of an organization, especially to control corruption, standards promulgated by the FATF and other
money laundering and sanctions violations. Finan- international organizations.
cial institutions should understand and evaluate • The risk model should also take into account
the specific risks associated with doing business in, regional risk inside a particular country, such
opening accounts for customers from, or facilitating as the cross-border areas between nations, or
transactions involving certain geographic locations. designated areas of high intensity financial
crime or drug trafficking, such as the US High
Certain countries, jurisdictions and regions pose a Intensity Financial Crime Areas (HIFCA) or High
greater threat of money laundering, terrorist financ- Intensity Drug Trafficking Areas (HIDTA).
ing, bribery and corruption, and fraud. The organi-
zation should establish a documented geography EVOLVING RISK ASSESSMENT
risk rating methodology that leverages internal and EXPECTATIONS
external information sources, including these: The overall AML and sanctions risk assessment can
• Sanctions and terrorist financing lists published serve as an effective tool and solid basis for overall
by governments and international organizations financial crime compliance program design. How-
can be helpful in assessing financial crime ever, some challenges or potential risks do not fit
and money laundering risks. These include neatly into a product, customer or geography cat-
lists published by the US Office of Foreign egory but should be considered in the design of
Assets Control (OFAC), the UK Financial controls and evaluation across multiple risk areas.
Services Authority, the United Nations Security There should be a clear link between the organiza-
Council Committee, the US Financial Crimes tion’s risk assessment and program design.
Enforcement Network (FinCEN) and the
European Union. These days, regulatory examiners place more
• The overall reputation of a country should emphasis on assessing the adequacy of a financial
be factored into the risk model. For example, institution’s efforts to ensure ongoing effective-
certain countries or jurisdictions have high ness and integrity of their compliance programs.
levels of corruption or unstable governments. For example, in the US, the Office of the Comptroller
Some are known as bank secrecy and money of the Currency (OCC), the key regulator of national
laundering havens or suffer from high levels banks and thrifts, has been prompting institutions
of drug production and shipping and cartel to include their AML compliance programs and con-
activities. Information sources to help identify trols into their overall risk model validation. Part of
reputational risk include Transparency this validation includes assessing the systems, pro-
International’s “Corruption Perceptions cesses and procedures used within business lines,
Index” and the US State Department’s annual as well as for compliance.
International Narcotics Control Strategy Report
Financial institutions, corporations and organi-
(INCSR), which rates countries based on their
zations must look to their service technology and
money laundering controls and corruption. Most
identify the account or service technologies that
of these are available on the websites of the
are right for their business model and how financial
appropriate organization.
crime, money laundering or terrorist financing risks
224
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
might vary by this technology. They must define tively addressing areas of internal, statutory or reg-
and identify vulnerabilities and develop a clear ulatory focus. This helps them stay in compliance,
roadmap on how those vulnerabilities are assessed facilitates the examination process, contributes to
and addressed. This should be a cross-institutional operational efficiencies and ensures the reputa-
effort undertaken with support across business tional integrity of the organization.
lines throughout the organization.
CUSTOMER ONBOARDING
When attempting to address vulnerabilities, the AND MONITORING
organization should focus on the following: Customer onboarding is the process of opening a
• Vulnerability assessments that identify new account or accounts, providing certain prod-
weaknesses in systems or controls and the ucts and services, and beginning to build a rela-
features of unique financial products or services tionship with the customer. In the context of AML
which may make them open to abuse or compliance, customer onboarding involves due
exploitation for money laundering or terrorist diligence on new customers. Monitoring of the cus-
financing. Vulnerability assessments primarily tomer means regular reassessment of the risk or
focus on weaknesses that could allow for potential risk, presented by the customer based on
financial crime, including money laundering or the customer’s activities at the institution or organi-
terrorist financing. zation. Establishing and following proper onboard-
• Potential threat recognition identifies ing and monitoring policies and procedures are key
potential threats presented by the nature of parts of developing the customer relationship, and
the organization’s business, customers, and help protect the institution against financial crime,
the geographies in which it operates. The including corruption, money laundering, terrorist
combination of an external threat coupled financing and fraud.
with internal vulnerability often results in
occurrences of financial crime, including KEY ELEMENTS OF A “KNOW YOUR
corruption, fraud, money laundering or CUSTOMER” PROGRAM
terrorist financing. A sound Know Your Customer and Customer Due
Diligence (KYC/CDD) program includes robust cus-
As the organization conducts its assessment, it tomer identification and account-opening customer
should determine whether the assessment mea- initiation procedures that allow the institution or
sures are retrospective or prospective in nature. organization to determine the true identity of each
Retrospective analysis will provide learning and customer and assess the risk or potential risk pre-
insights by drawing on data from past events in sented by the customer. The major components of
order to fine-tune any present vulnerability. Con- KYC include account opening, the customer identi-
ducting prospective analysis is equally important. fication program (CIP) and ongoing monitoring. KYC
A prospective analysis is a process of attempting can also include “Enhanced Due Diligence” (EDD)
to look into the future with the benefit of historical for customers that pose a higher risk based on attri-
data to help better identify emerging vulnerabili- butes determined at the opening of the account or
ties or threats. the customer activities after the account is opened.
225
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
Common account opening procedures and best be collected at the time the customer seeks to open
practices include: an account and must be verified within a reasonable
• Gathering and verifying customer identification time after the account is established.
materials through paper documents and/or
electronic identity verification In addition, financial institutions must verify the
identity of customers prior to undertaking large
• Clarifying and stating the services that are currency transactions, purchasing certain finan-
available to the customer cial instruments or ordering wire transfers. This
• Having all forms available and understanding includes vetting the customers against relevant
them sufficiently well to explain them sanctions or other watch lists.
professionally to the customer
• Verifying and authenticating the Under current rules and regulations in many coun-
customer’s identity tries, CIP regulations do not require a financial insti-
tution or other organization to authenticate the iden-
• Screening the customer against sanctions tity of the beneficial owners of proposed accounts in
lists, watch lists and politically exposed all cases. However, an organization is obliged to look
persons (PEP) lists through a non- individual customer particularly busi-
• Documenting the normal and expected activity ness organizations to attempt to identify the individ-
of each customer, including occupation and uals with authority or control over the account. This
business operations is crucial when the institution or other organization
• Documenting the customer’s relationship with cannot verify the customer’s true identity after using
the institution or organization, including all standard verification methods.
lines of business within the organization and its
subsidiaries that the customer will utilize Typically, the institution does not have to complete
unanimous verification of all identifying information.
CUSTOMER IDENTIFICATION But it must achieve a level of confidence through a
PROGRAM (CIP) plurality of defined metrics or indicators, assumed
to be sufficient, to establish and verify the custom-
Regulated entities in the banking and securities er’s information.
industries in many countries are required to imple-
ment a “customer identification program,” or CIP, CUSTOMER MONITORING
as it is called in the US. A CIP must include risk-
based procedures for the verification of the iden- Financial institutions are often required by regu-
tity of each customer to the extent reasonable and lation to apply ongoing monitoring to certain cor-
practical. Essential identification information must respondent and private banking accounts, as well
The chart below provides a simple example of a risk rating summary and levels of due diligence required:
Risk score 41 - 50 31 – 40 21 – 30 11 – 20 1 – 10
Risk level Highest High Intermediate Low Intermediate Lowest
Due diligence applied Enhanced Standard Simplified
due diligence due diligence due diligence
Approval required from: Senior man- AML officer AML Rela-
agement staff member tionship manager
of institution
226
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
as to the accounts of customers who pose higher traded companies and pension funds are common
risk or potentially higher risk. This is determined examples of low-risk customer types.
by information collected at the time of onboarding,
specific customer activity, and other material fac- Customers at higher risk tiers will require further
tors that may have changed since onboarding. measures, or enhanced due diligence, to manage
their financial crime risk. Some common EDD tech-
The institution should collect customer due dili- niques include:
gence information in a database or system that is • Additional investigation into a customer’s
accessible to relationship managers and compli- source of funds or wealth. Institutions could
ance personnel. Designated personnel should peri- request additional records and information from
odically update these customer records to reflect customers, such as financial documents for a
changes in behavior, activity profile, or other fac- company or copies of tax returns for individuals,
tors that impact the AML and other financial crime or conduct their own research
risk posed by the customer. This new information
should be factored into a re-assessment of cus- • Identifying and verifying beneficial owners down
tomer risk along with supporting factors, such as to a lower ownership threshold
transactional activity, geographic exposure and • Additional verification of customer-supplied
suspicious activity history. information, using multiple sources
• Thresholds on the size or frequency of
ENHANCED DUE DILIGENCE (EDD) FOR transactions a customer can conduct
HIGH-RISK SERVICES, CUSTOMERS, AND
JURISDICTIONS • Approval by progressively higher levels of
management based on the risk of the customer
Customer due diligence requirements have
increased in recent years in keeping with evolving In some cases, institutions may determine that a
regulatory expectations for a more effective and customer poses an undue risk, and decline the rela-
ongoing monitoring of existing customers. Cus- tionship or transaction. Institutions should have
tomer and third party due diligence is the corner- policies in place for when and how to manage the
stone of a strong compliance program and requires termination of a customer relationship, including
that institutions and other organizations conduct what records to keep and when to file suspicious
and record specialized or enhanced due diligence transaction reports.
(EDD) for high-risk customers.
Management should establish periodic reviews of
The information gathered in CIP, customer ques- higher risk customers to determine if their activ-
tionnaires, and results of screening will provide the ity is reasonable, that customer due diligence
raw material for risk assessment and rating. and enhanced due diligence procedures are com-
pleted, and the customer risk rating is accurate
The risk score will guide the level of additional due and up-to-date.
diligence required, if any. For customers at the low-
est risk of involvement in financial crime, institutions
may choose to conduct simplified due diligence, or EMPLOYEE ONBOARDING
the minimum level required under the jurisdiction’s AND MONITORING
AML regulations. Institutions may allow relationship
Similar to customer onboarding and monitoring,
managers or lower levels of staff to approve cus-
employee onboarding and monitoring plays a critical
tomers subject to simplified due diligence. Publicly
role in financial crime prevention at all business orga-
227
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
A Graphic Displaying the Cyclical Process of Customer Risk Assessment, Onboarding, Monitoring and Audit in a Financial Crime
Compliance Program.
nizations, including financial institutions. An insider a proper introduction to the company culture and
can pose the same money laundering threat as a cus- the expectations the employee is supposed to meet
tomer. Establishing and following proper employee in that culture. This orientation should include rules,
onboarding policies and procedures help protect regulations, responsibilities and the organization’s
the organization against potential employee involve- code of ethics. Senior management must set the
ment or collusion in all financial crime and protects tone or culture at and from the top, consistently and
the integrity and sanctity of internal processes and regularly communicate the organization’s ethical
information from filtration to outside elements. policies and code of conduct as well as emphasize
the important role each employee plays in ensuring
KEY ELEMENTS OF “KNOW YOUR that these policies are adhered to and honored.
EMPLOYEE” PROGRAMS
A Know Your Employee (KYE) program allows the Best practices that have evolved for effective
organization to understand an employee’s back- employee onboarding include the following:
ground, associations, conflicts of interest and sus- • Onboarding and assessment, which begins
ceptibility to corruption, money laundering, tax eva- during the interview process. The vetting should
sion or fraudulent activities. When an employee is include background screening, especially for
hired, part of the orientation process should include criminal history. It is important to conduct a
228
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
complete review of the employee before hiring, of automated monitoring software, so-called
including checking references and relevant exception reports, log files, and the like.
background checks. • Regular reviews and updates on the company’s
• Gathering and verifying employee identification ethics policies and ethical compliance culture
materials through paper documents and • Regular communication that enforces the
electronic identity verification organization’s policies, including full disclosure
• Screening the employee against sanctions if financial crime has occurred and the actions
lists, watch lists and politically exposed that were taken
persons (PEP) lists • Ongoing employee training in recognizing
• Providing new employees with a copy of red flags for corruption, tax evasion, money
the organization’s written ethics policy and laundering, fraud and other financial crime, as
code of conduct well as clear guidelines on how to follow up and
• Providing appropriate training for the position report on financial crime suspicions
the employee is hired for, including written
regulations and web-based or classroom When an employee is supported by an ethical com-
training on financial crime addressing pany culture, he or she is constantly reminded to
corruption, money laundering, fraud and perform the required customer due diligence and
sanctions with scenarios that are appropriate to pay attention to how customers and third parties
to the business and the clientele with which the establish relationships with employees. One exam-
employee will be working ple is where a customer is grooming an employee
for a future financial crime or money laundering
• The institution of a “hotline” that employees transaction, or collusion in a related scheme where
may use to anonymously report financial crime the employee does not merely rubber- stamp ques-
tips covering a range of financial crimes on tionable transactions, and does not accept corrupt
which they should be trained or improper compensation.
229
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
of employee activity and lifestyle factors when they unusual levels of activity, such as internal
are available to help detect and prevent financial transfers into the accounts followed by wires or
crime by the “enemy within.” other transactions out of the accounts
• Employee never takes a vacation, or takes much
Although not an exhaustive list, the following are red less than the minimum vacation period that is
flags or indicators of potential employee involve- mandated by the organization
ment in financial crime of a wide variety:
• Employee resists an internal transfer to another
• Employee approves or is involved in an unit or element of the organization
inordinate number of exceptions to policies,
procedures, account limits and other rules of • Employee enjoys a lavish lifestyle, including
the organization high-end cars, real estate and lavish trips, for
example, which cannot be supported by his or
• Employee frequently overrides or circumvents her normal compensation
internal controls, approval authority or
established policies, including accessing
accounts and records for which the employee INVESTIGATING AND IDENTIFYING
has no legitimate business purpose to access BENEFICIAL OWNERS
• Employee misrepresents the identity, As previously mentioned in the Money Launder-
background, associations or financial resources ing chapter, the term “beneficial ownership,” when
of a customer at the time of onboarding, used to refer to beneficial ownership of a financial
updating customer documentation or account, is conventionally understood to refer to
due diligence the person who maintains ultimate control over
• Employee is involved in completing or funds in an account through ownership or other
expediting financial or business transactions means. “Control” in this sense is distinguished from
where the identity of the counter party or mere signature authority or legal title. The specific
ultimate beneficiary is not identified definition of a beneficial owner of a legal entity
Employee accounts or other accounts linked includes an individual who owns or controls, directly
to the employee, such as those opened in the or indirectly, greater than a certain percentage of
names of family members and associates, show the legal entity.
230
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
Determining beneficial ownership has become There are no firm rules on what constitutes suspi-
increasingly important from a regulatory stand- cious activity. However, there are known typolo-
point internationally and in many nations. The gies of transactions and other activities that serve
Financial Action Task Force now emphasizes it in its as common indicators of financial crime, including
recommendations and interpretive notes. Benefi- money laundering. In addition, activity that is not
cial ownership involves establishing mechanisms to consistent with a customer’s known style of living,
record basic information about the organization or source of income or wealth, type of business, or type
individual to enable financial institutions, the perti- of accounts or services used should be scrutinized.
nent authorities and others to determine the true
ownership. This is needed to conduct appropriate Because most organizations must monitor and
due diligence on the real customer. attempt to flag thousands and maybe millions of
transactions each day, they should employ a risk-
Many countries and the FATF have progressively based approach determined by elements such as
raised expectations regarding beneficial owner- their business profile, location, types of products
ship rules. For example, the US Financial Crimes and services offered, third-party relationships and
Enforcement Network, which is that nation’s Finan- geography. When suspicious or unusual activity is
cial Intelligence Unit, has officially announced that detected, organizations must investigate to deter-
it may require the institutions it regulates to deter- mine if there is a reasonable explanation for the
mine the names of individuals who directly or indi- activity, or if there is a likelihood of financial crime
rectly own more than 25 percent of a legal entity in the broad sense.
that has a relationship with the financial institution.
If financial crime, including money laundering, is
Beneficial ownership has also been a central focus suspected, or if the activity cannot be reasonably
of the FATF’s mutual evaluation process as to the explained, the organization is likely obliged to report
adequacy of controls that exist in various nations. the activity through a suspicious activity report
This focus is part of a larger strategy to improve the or suspicious transaction report. This depends on
availability of beneficial ownership information for the requirements of the country in which it oper-
legal entities that open accounts or conduct trans- ates. Each country’s laws and regulations dictate
actions through financial institutions and to facili- the length of time the organization has to report
tate the implementation of global standards for the suspicious activity, the frequency of additional
obtaining beneficial ownership information by finan- reporting if the activity continues, and the length of
cial institutions and other business organizations. time it must maintain these records.
231
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
with FINTRAC, that nation’s governmental financial Along with training, other general best practices for
intelligence unit, or FIU. In the US, the forms are a reporting program include:
called “Suspicious Activity Reports (SARs)” and are • Processes to identify suspicious activity
filed with the Financial Crimes Enforcement Net- through multiple channels, including alerts
work. In most jurisdictions, reports are filed with produced by transaction monitoring systems,
the governmental FIU, which then has the respon- referrals or notifications from employees, and
sibility of analyzing and disseminating them to law requests or queries from law enforcement
enforcement. and regulators.
Most jurisdictions have clearly prescribed pro- • Investigation and review processes for each
cedures for filing suspicious transaction reports, suspicious activity identified.
along with standard forms or electronic filing sys- • Decision-making procedures for when to
tems that institutions use. These forms typically file a report, when to escalate the decision
contain several sections: and when to decline, supported by thorough
• Contact information for the filing institution documentation.
232
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
The information provided in suspicious activity • Rules-based scenarios that identify specific
reports to governmental FIUs is a key resource for patterns of behavior related to known financial
law enforcement investigations in many jurisdic- crime and money laundering typologies
tions. Information from suspicious activity reports or red flags
can help enforcement agencies find information on • Statistical profiling scenarios that identify
individual accounts or persons they are investigat- unusual activity by modeling typical or expected
ing, or alert them to new potential criminal activity activity profiles for a specific customer or type
in progress. of customer and identifying outliers
Suspicious activity reporting can also be used by Some software leverages both approaches to help
institutions or law enforcement to get a high-level ensure the best possible detection capabilities. In
view of financial crime in a given area or jurisdic- addition, most transaction monitoring systems also
tion. Governmental FIUs can analyze all reports provide alert and investigations management sys-
involving mortgage fraud, for example, and place tems to facilitate and document the analysis and
that information on a map to gain a better under- investigation of alerts and cases.
standing of where such fraud is happening most fre-
quently. Internal FIUs can conduct similar analytics. Cases are reviewed by financial crime analysts,
This ability to capture large-scale financial crime including those devoted to AML, who investigate
trends can help institutions and governments allo- the activity along with supporting data and infor-
cate resources more effectively. mation. The analyst then determines whether to
clear the case or escalate it for further review and
action, including suspicious activity reporting in the
OVERVIEW OF AML COMPLIANCE
appropriate jurisdiction.
MONITORING SYSTEMS
Because of evolving regulatory expectations, as Like any other element of the compliance program,
well as the volume of customers, transactions and transaction monitoring solutions require ongoing
data involved in monitoring and surveillance, many quality assurance and review to function effectively.
organizations leverage specialized technology to This includes refining monitoring rules, statistical
help meet their detection and reporting require- models, and the data feeding into monitoring sys-
ments. The major types of information technology tems to address two types of problematic issues:
systems or solutions used in financial crime in gen- False positives and false negatives.
eral, particularly AML and sanctions compliance,
include the following: • False positives are transactions or patterns
that are not actually suspicious, but incorrectly
Transaction monitoring systems. An automated flagged as suspicious by monitoring system
system, either a proprietary application or ven- • False negatives are transactions or patterns
dor-provided solution, for ongoing scanning of that are actually suspicious or indicative
transaction, customer and entity data. The solution of financial crime that are NOT flagged by
filters, compiles and summarizes transaction data transaction monitoring system
and flags or alerts on instances of potentially suspi-
cious behavior. Detection is typically accomplished False positives tend to receive the most attention
through implementation of AML scenarios that fall from compliance staff, for understandable reasons.
into two broad categories: A false positive is visible and apparent to analysts,
and dealing with large numbers of them can waste
233
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
234
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
Automation can play a key role in financial crime monitoring systems to assess the integrity of data
control programs and should be part of an organi- inputs, the accuracy of algorithms, the appropriate-
zation’s strategic planning process in information ness of thresholds and scenarios, and the structure
technology. Ongoing maintenance and evolution of case management, investigation and reporting.
of these systems may be factored into the financial
crime compliance program as a component. Financial institutions must put in place a program to
consistently and regularly assess their compliance
This should include periodic validation of the sys- systems’ performance and apply corrective action
tem through internal audit, regulatory examination, to address deficiencies. Two key areas of evaluation
or third party independent evaluation optimizing should be included:
the system through scenario and threshold tuning, • Effectiveness: the system’s ability to properly
and improvements to data quality and availability. It identify and report suspicious activity and help
should also include changes made to enable prompt ensure compliance with regulations, as well as
response in evolving regulatory requirements or reputational and legal integrity
new financial crime typologies, including those for
money laundering and terrorist financing. • Efficiency: the system’s ability to reduce the
number of false positive alerts or exceptions
while minimizing the risk of “missing something.”
ONGOING TESTING AND DUE Efficiency helps reduce costs without increasing
DILIGENCE OF MONITORING AND the risk of non-compliance.
REPORTING PROCESSES
Implementing a continuous system and perfor-
In virtually every country, examiners conduct peri- mance assessment program facilitates the exam-
odic examinations of AML and financial crime com- ination process, proactively addresses areas of
pliance programs. When reviewing compliance regulatory focus, and contributes to operational
monitoring and reporting systems, they usually efficiencies. A well-structured and rigorous compli-
focus on the adequacy of the system and evaluate ance program of periodic assessment coupled with
the reasonableness of the scenarios and param- independent testing can provide compliance offi-
eters applied, as well as changes to the systems cers, senior management and the board of directors
and policies. with the information needed to keep financial crime
compliance program effective and responsive.
Recently, they have begun to place more emphasis
on assessing the adequacy of the efforts of finan-
cial institutions and other organizations to ensure
ongoing effectiveness and integrity. In many coun-
tries, regulators have been signaling increased
scrutiny of automated systems supporting financial
crime, AML and sanctions compliance programs.
Their recommendations often focus on validation of
235
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
Q 11-1. As the compliance officer in a national financial institution, you have recently received
an alert from your regulator warning of suspected bulk cash smuggling into your jurisdiction.
Which recent activity might be indicative of bulk cash smuggling?
A. An increase in domestic wire transfers between another bank within your jurisdiction and
your financial institution
B. A significant number of cash withdrawals, all under $10,000, from your
financial institution
C. Large amounts of small denomination currency being sent from a Foreign Financial
Institution (FFI) to an account at your bank
D. A dramatic increase in domestic ACH transactions at your bank
Q 11-2. A US bank receives a letter of credit from an issuing bank in connection with the pur-
chase of wheat from a bank customer. The buyer/applicant is located in Belarus, a country in
which certain senior government officials are on the US Specially Designated National (SDN)
List. The country is not, however, subject to comprehensive US sanctions.
The buyer is determined to be a joint venture in which a Belarus SDN has a 50 percent interest
through two separate companies wholly owned by the SDN. Each has a 25 percent interest in
the joint venture. No funds have yet been received by the bank. Which statement is true about
this situation?
A. The letter of credit can be processed and the funds paid because the customer is not on
the SDN List, and the SDN does not have a majority or controlling interest.
B. The letter of credit can be processed and the funds paid because the US Office of Foreign
Assets Control (OFAC) has issued general licenses exempting food from US sanctions.
C. The letter of credit must be blocked by the US bank and reported to OFAC even though no
funds have yet been received.
D. The letter of credit cannot be accepted or acted on so it must be returned to the advising
bank with notice that any funds received will be blocked.
236
@2019 Association of Certified Financial Crime Specialists
CHAPTER 11 • COMPLIANCE PROGRAMS AND CONTROLS
Q 11-3. A small regional bank has recently started using a new transaction monitoring tool
that utilizes several custom scenarios to identify specific activity which was defined by the
Financial Crimes Compliance team. There are five scenarios that are live in production. The
Analytics team within Financial Crimes Compliance has performed some research on the sce-
narios and is ready to make recommendation to management regarding possible changes to
the scenarios.
Which scenario(s) should the Analytics team recommend making changes to first?
A. Scenario A that has generated 100 alerts in the past three months and 50 percent of
those have been deemed suspicious and a suspicious transaction report was filed.
B. Scenario B that has generated 180 alerts with a 95 percent false positive rate.
C. Scenario C that has generated no alerts and there appears to be a problem with the
mapping of data.
D. Scenarios D and E that were put into production in the last 30 days to address a matter
requiring attention from a regulator.
237
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12
CYBERSECURITY
OVERVIEW
238
CHAPTER 12 • CYBERSECURITY
Financial criminals have followed closely behind, financial crimes in and of themselves, designed to
quickly adopting and exploiting online and elec- directly steal assets from financial accounts. Other
tronic tools to their own illicit ends. Fraudsters cybercrimes, such as online identity theft and data
use social networks to make connections and lend breaches, are often one element in a wider finan-
legitimacy to their false investments or nonexistent cial crime scheme. Personal data stolen online, for
business enterprises. Organized crime rings use example, may later be used to create a false identity
elaborate schemes to implant malware on the com- to apply for government benefits as part of a fraud
puters of businesses worldwide, obtain passwords scheme. Systems and networks can also be tam-
and login information, and drain millions from busi- pered with to disguise illicit transactions or destroy
ness accounts. Hackers, acting alone or in teams, evidence of a financial crime.
breach the data systems of major corporations and
government agencies to steal and resell customer Globally, incidents of cyber financial crime have
data, from bank account access codes to credit exploded in recent years. A report by cyber secu-
card and tax identification numbers. rity firm Symantec estimated that in 2011 more than
232 million customer records were stolen from pri-
It is no exaggeration to say that financial crime has vate corporations across the globe. Worldwide, 40
moved into a new digital era, and protecting net- percent of all cyberattacks targeted financial insti-
works and data is essential to detecting and pre- tutions, according to the 2012 Data Breach Investi-
venting a wide range of financial crimes. Conse- gations Report by Verizon.
quently, a working knowledge of cybersecurity is
rapidly becoming a necessity for all financial crime The type of entities orchestrating cybercrimes has
professionals. also changed considerably over the past decade.
Increasingly sophisticated organized crime, terror-
For the purposes of this Manual, the term cyber- ist and activist groups have moved into the cyber-
security is used in a broad sense. It encompasses crime field, either for profit or to further a political
methods to recognize, prevent and detect cyber- or ideological agenda. State- sponsored group and
crimes, as well as the understanding of the recom- military organizations also have a growing online
mended controls to prevent unauthorized access presence, engaging in covert cyber warfare opera-
from external actors. Recognizing that employees tions that strike not only government agencies but
and other internal sources are a significant finan- unwitting targets in the private sector.
cial crime risk as well, the concept of cybersecurity
also includes policies and procedures to safeguard Financial institutions of all types and sizes are par-
against unauthorized internal access. ticularly at risk. Their online banking and transac-
tion services and wealth of potentially valuable
Additionally, data management and data privacy customer data make them rich pickings for tradi-
also form another key component of cybersecurity, tional cybercriminals seeking money and assets. At
and this chapter will provide guidance on standards the same time, their strategic importance makes
for retaining and destroying sensitive data, sharing institutions attractive targets to state-sponsored
data with law enforcement and transmitting data groups looking to disrupt a country’s economy, or
across international borders. “hacktivists” trying to send a message.
Cybercrimes, or criminal activities conducted All these factors make cybersecurity a critical front
using online and electronic tools, can intersect in the battle against financial crime. It is important
with financial crimes in a variety of ways. Some, to note that cybersecurity is a fast-evolving field,
like account takeovers previously mentioned, are with rapidly developing technologies. The mate-
239
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
240
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
Social engineering schemes can and often do occur past several years, phishers have expanded their
through multiple channels. Some social engineering targets, attacking government agencies such as the
schemes may use phone calls impersonating a bank US Internal Revenue Service, and social networking
employee, auditor or law enforcement agent to websites in an attempt to steal personal identifying
deceive a target into turning over confidential infor- information also used in the commission of various
mation. Others may use social networks to contact identity theft and account take over schemes.
targets, build credibility by conducting background
research on targets, or create fake profiles to imper- There are several variations to phishing attempts:
sonate a target’s real friends or business associates. Email Phishing. The most common form of phishing
is via email. Phishers ‘spam,’ or send the same phish-
Criminals leveraging social engineering schemes ing email to millions of individual e-mail addresses,
have even appeared in-person at financial insti- requesting the recipient to divulge personal infor-
tutions and other companies posing as “security mation under false pretenses. They typically send
consultants” or law enforcement agents, in order the victims to a fake website that looks almost iden-
to steal data from internal networks or install mal- tical to the actual site the victims thought they were
ware on company computers. However, by far the going to. These pieces of information are then used
most common type of social engineering is phish- by phishers for various illegal activities, but, most
ing through electronic communications, which is commonly, to facilitate an identity theft scheme.
explained in more detail below. Most phishing email messages have an urgent
subject line which requests the user to enter their
Consequently, there is no one-size-fits-all strategy credentials to update account information, change
for guarding against social engineering at organi- passwords or verify account details.
zations, whether banks, businesses or government
agencies. One low-tech, but effective, solution is These types of attack have a relatively low success
employee training. rate now that people are more skilled at recognizing
these types of email. But even a tiny success rate on
PHISHING the millions of phishing emails sent per day means
Phishing refers to the act of sending an email or that many still fall victim to this type of attack.
other electronic message falsely claiming to be a
legitimate communication in order to manipulate Man-in-the-Middle Attack. Man-in-the-Middle
the recipient into providing confidential informa- Attacks are one of the more sophisticated phish-
tion. Typically, a phishing message will direct the ing techniques in which the phisher is virtually
recipient to a sham website with the same look and located in between the legitimate website and the
feel as the legitimate website of a business, govern- user terminal. The phisher intercepts details during
ment agency or other organization, and instruct the a transaction between the legitimate website and
unsuspecting user to divulge sensitive information the user. As the users enter their personal informa-
such as passwords, credit card numbers and bank tion, it is then captured by the phishers without the
account information. The website, however, is not user’s knowledge.
genuine and solely created in an attempt to steal
the user’s information. Man-in-the-Middle attacks require far more sophis-
tication that standard phishing attacks, but are far
Traditionally, phishing has been a technique more successful. Since victims are going to the real
intended to facilitate identity theft schemes tar- website of the organization in the link provided, and
geting customers of financial institutions. Over the the safeguards users might have installed to rec-
241
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
ognize phishing sites, like antivirus or browser con- Voice Phishing. Also known as Vishing, this is a very
trols, will not detect this. straight forward type of social engineering in which
a scammer simply calls an organization and pre-
Instant Messaging Phishing. Similar to email phish- tends to be someone in authority to convince the
ing, instant message phishing is the method by person they called to reveal passwords and other
which the user receives a message via an instant confidential information. Skilled con men can be
messaging software program with a link directing surprisingly successful at eliciting information from
them to a phishing website which has the same look a victim over a phone.
and feel as the legitimate website. The user is then
prompted to enter their personal information. Spear-Phishing. A more refined phishing technique,
spear-phishing involves sending targeted messages
SMS Phishing. Similar to IM Phishing, SMS Phishing with information or content tailored to a specific
(also known as Smishing), is sending SMS messages recipient, thereby increasing the likelihood they will
to people’s phones with links to site that will cap- believe it is a genuine message. What distinguishes
ture their information. spear-phishing from traditional phishing schemes
A Graphic Displaying the Process Organized Cybercrime Rings will Sometimes Use in
Business Email Compromise Attacks. Source: U.S. Federal Bureau of Investigations.
242
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
that typically rely on template messages sent out to Of course, no such vendor exists. The message
large numbers of recipients, is the inclusion of some includes payment instructions to an account con-
personal information about the recipient. trolled by the cyberfraudster, typically in another
country. Once transferred, the funds will be
Spear-phishing messages can be quite sophisticated, laundered through further accounts and effec-
and may include the subject’s name and personal tively disappear.
identifying information. They may also mimic mes-
sages from a recipient’s friends, relations or business Attackers will either spoof the sender’s email
associates. Spear-phishers must have some level of address or create a new address that looks nearly
information on their recipient in order to make their identical. In other cases, attackers obtain a target’s
message seem plausible, and as a result, spear-phish- email account credentials and take control of it to
ing is often used in combination with data breaches send messages.
or theft. For example, a phisher may gather some
personal details on a subject by stealing them from a In a variation, messages are sent directly to a finan-
company database, and then use that information to cial institution, purportedly from a business execu-
follow up with a directed phishing message to obtain tive controlling the account, directing that funds be
login credentials for a bank account. transferred to another party immediately.
Victims are far more likely to be susceptible to Another tactic is for cybercriminals to impersonate
a spear phishing attempt that a simple tem- a supplier or vendor, and contact a company with
plate-based phishing attempt. Many people by updated account information for monthly payments.
second nature recognize the standard phishing In one case in 2016, a Lithuanian man was able to
attempts that fill our email boxes and delete them steal $100 million from tech giants Google and Face-
by reflex. The inclusion of some individuality to the book in a matter of months using this technique.
attempt makes it appear far more authentic and is
much more likely to be successful. Attackers will either spoof the sender’s email
address, or create a new address that looks nearly
BUSINESS EMAIL COMPROMISE identical. In other cases, attackers obtain a tar-
Business email compromise (BEC) is a variant of social get’s email account credentials, and take control
engineering that has been lucrative for cybercriminals. of it to send messages. Overall, the FBI estimated
In simple terms, a fraudster impersonates someone that BEC was responsible for $3.1 billion in losses
else via email to deceive a target into making a wire in 2016 alone.
transfer, processing a payment or otherwise taking
actions that will transmit funds to the attackers. PROTECTING AGAINST BEC ATTACKS
Fortunately, there are some relatively low-tech pol-
In one common example, cybercriminals send a icies and procedures that you can use to protect
message to a company employee in accounts pay- against BEC and other social engineering attacks.
able or the finance department that appears to be
sent from the company CEO, CFO or other execu- One is requiring more than one employee in a com-
tive. The message will request immediate payment pany to authorize a wire transfer, vendor account
to a vendor or other party, indicating it’s a very update or transmittal of sensitive data. Depending
urgent matter – the payment must be completed on the size and sensitivity, you may require multiple
before the close of business. individuals to sign off.
243
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
Another is verifying with the person who suppos- • Remain cautious about opening electronic
edly sent the email. This confirmation should always communication attachments and
be done through an outside channel, such as known or downloading files from electronic
phone numbers or company web sites - not by communication. If the message is suspect or not
replying to the email, text or voice message, or call- from a known source, at a minimum, files should
ing any numbers provided in the message, as these be scanned by antivirus program.
are likely to be controlled by the fraudster. • Never send personal or financial information
via electronic communication, and only provide
Ongoing training and awareness on the part of all personal or financial information through
employees is perhaps the best defense. Like other an organization’s website once it has been
forms of fraud, social engineering often preys on reviewed to ensure its legitimacy
the shared human desire to be helpful, and the ten-
dency to take things at face value.
ACCOUNT TAKEOVER
Every individual should maintain a level of profes-
Account takeover is one of the more common forms
sional skepticism when dealing with email, text and
of identity theft, occurring when a fraudster obtains
phone communications, especially those that are
unauthorized access to an individual or organiza-
out of the ordinary. Simple steps like reviewing an
tion’s financial accounts. The nature of the takeover
email header, checking hyperlinks in a text a mes-
and the level of sophistication can vary. In the sim-
sage before clicking, or scanning email attachments
plest form, an attacker could use malware, phish-
before opening can head off a social engineering
ing or other techniques to obtain a person’s online
attack before it starts. A company’s networks are
banking credentials, then access the account and
only as secure as their weakest point.
initiate transfers.
PREVENTION & DETECTION OF SOCIAL
More elaborate attacks might gain account creden-
ENGINEERING ATTACKS
tials and some personally identifying information
The most effective method in the detection of poten- (such as the victim’s tax identification number or
tial cyber fraud is to stay educated and up-to-date answers to online security questions) and use this
on phishing techniques and identity theft schemes, to change the official mailing address or online
as well as become familiar with the channels that banking credentials with that individual’s financial
legitimate organizations use to communicate with institution. Once accomplished, the fraudster can
their customers. Legitimate companies and govern- perform unauthorized transactions using the vic-
ment agencies will almost never request personal tims account without the victim’s knowledge ( cash
identifying information via electronic communica- withdrawals, check orders, wire transfers, online
tion. Any electronic communication requesting such banking transactions, etc.).
information should be treated as highly suspicious.
Account take over (ATO) schemes are often the
Other prevention steps include the following: end result of a combination of many identity theft
• Verify the hyperlinks within electronic tactics used to obtain personal information. ATO
communication. This can usually be done by schemes can impact nearly any financial product or
hovering a mouse cursor over links to view account type across all customer segments within a
the true URL, although this is not a sure-fire financial institution, including individual customers,
solution, as links can be masked. small-business customers, private banking custom-
ers and large commercial and corporate custom-
244
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
ers. Small businesses and non-profit organizations • Using complex passwords that are changed
are an especially common target of ATO attacks, regularly. This can make it more difficult for
as they typically hold more funds in their accounts financial criminals behind ATOs to capture
than individuals, but tend to have less robust cyber- a password, or guess it if they have already
security programs than larger organizations. gathered other personal data.
• Multifactor or strong authentication. These are
Although it is difficult to produce hard numbers on systems that require multiple pieces of evidence
losses, some security analysts estimate that $2 to to verify a user before they are allowed access
$3 billion per year is stolen solely from US accounts to an account. Traditionally, a multifactor
in account takeover attacks. In a 2011 survey of system requires 2 of 3 “factors” to allow
more than 500 US small businesses conducted by access, which are:
a cybersecurity firm, 56 percent of the respondents
said they had been targets of fraud involving elec- −− Something a user knows (password or
tronic payments in the past year. About 75 percent personal information)
of those said they were the subject of an attempted −− Something the user has (typically a
or successful account takeover. card or token)
−− Something the user is (fingerprints, voice ID or
As previously mentioned, account takeovers are other biometric identification)
often the end result of identity theft schemes. Social
engineering and phishing are common methods to • Multi-channel authentication. Although a
obtain the data needed to take control of a financial robust system for verifying users, multifactor
account, as are malware such as trojans and key- authentication is not always practical online. In
stroke loggers, which will be discussed later in this its place, some organizations use multichannel
chapter. In addition, illicit actions in the real world, authentication to verify a user or confirm
such as mail theft or the theft of personal items or a transaction, especially if it is suspicious
documents, dumpster diving and even “shoulder or above a certain threshold. One simple
surfing” (surreptitiously watching a person as they example of multichannel authentication would
log in to accounts) can be used to support ATOs. be an institution that asks users to log in to
their account with a standard password and
The adaptability, breadth and combination of such username, and then has an employee call or
schemes make them increasingly difficult to detect text the user to confirm before executing the
and prevent, as it is often very difficult to determine transaction.
the root causes and how an account take over scam • Understanding responsibilities and liabilities.
was perpetrated. Other methods to prevent ATO Many account agreements with a bank or
schemes, as well as mitigate the damage should financial institution detail what reasonable
they occur, include the following: security measures are required to protect
• Protecting the cyber environment. A cyber accounts. In some cases, these may direct an
environment should be guarded just as would accountholder to implement measures. It is
cash or assets in a physical location. Do not use critical that users understand and implement
unprotected Internet connections. Sensitive the security safeguards in the agreement. If
data should be encrypted, and virus protections they do not, they could be liable for losses
should be updated regularly. resulting from a takeover.
245
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
The company had been warned by ReturnPath, The attack began with basic phishing attacks
a cyber-security firm, in 2010 to prepare for against Epsilon employees. This basic phishing
an increase in phishing and hacking attempts attack sent a few employees to a fake website
against email distributors. Epsilon heeded the that installed malware on their computers. This
warning and installed additional protection that malware allowed remote hackers to log into their
was designed to monitor traffic and to alert machine via the internet and access the data
administrators of unusual activity or download Epsilon had through their own internal comput-
patterns. Even so, these countermeasures were ers. As mentioned earlier, this will likely result in
not sufficient to detect and prevent the data spear-phishing attacks against the final targets,
breach, in which unknown attackers gained the accounts at Epsilon. Spear phishing attacks
access to servers containing tens of millions of are usually geared toward account takeovers for
names and e-mail addresses. the ultimate financial goal.
Epsilon notified its corporate customers almost This is an example of how multiple types of
immediately of the security breach, and these attacks can be cascaded to achieve account take-
companies began to contact the individuals overs. Cyber criminals will continue to get more
whose email addresses had been compromised. creative to accomplish their goals. The eventual
Epsilon also notified enforcement and partic- account takeovers that might result from this
ipated in an extensive investigation with the attack will have required six or seven steps. The
cost of this attack on Epsilon’s reputation, and
ultimately its bottom line, will be staggering.
It is very important to note that all steps to prevent rity or authentication processes. User activity and
account takeovers, as well as cybercrimes in gen- transactions must be assessed to determine what
eral, should be proportionate to the risks of the user is normal, and actions that deviate from that base-
and transaction. line should receive greater scrutiny. Transactions
above a certain threshold, in unusual amounts or at
Consequently, not every user, every log in by a odd dates or times, or an account being accessed
user, or every online transaction a user attempts from an unknown IP address or location, should all
to conduct should be subject to the same secu- be subject to stronger authentication and monitor-
246
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
ing than routine transactions or logins that fit the • A small funds transfer to a previously
user’s typical patterns. unknown recipient, followed by one or more
larger transfers to the recipient in a short
In some cases, an institution implementing what it period of time
believes to be a rigorous approach can actually be • A series of funds transfers to a recipient located
harmful if it is not tailored to specific risks and situ- in another country or jurisdiction that are
ations. In one notable recent example, a small bank uncharacteristic for the customer
was sued by a corporation whose business account
was taken over by an Eastern European hacking • Disabling or changing transaction alerts
gang. The judge ultimately ruled in favor of the cor- and/or notifications in a customer’s online
poration due to the bank’s insufficient data security banking accounts
policies and protections. One shortcoming cited • Logins to a customer’s account from different or
was the bank’s requiring users to answer security unusual IP addresses
questions before conducting any transaction above
$1, which gave hackers many opportunities to inter- USE OF MALWARE
cept the needed data for the account takeover. Malware is a class of malicious or intrusive com-
puter code (or software application) that includes
Although the bank considered this to be a robust viruses, trojan horses and computer worms used by
security measure, it really only served to give attackers to obtain personal/non-public user infor-
cybercriminals more chances to obtain information mation. They can also be used to gain access to or
that would help them access the account. Like com- control over private computer systems and data-
pliance in other financial crime fields, data security bases, or interrupt a computer’s functionality and
programs and controls should be risk-based, not availability to its users. Malware’s objective is typi-
one-size-fits-all. cally to remain undetected, either by actively hiding
within a computer system or by simply not making
its presence on a system known to the user.
ACCOUNT TAKEOVER RED FLAGS
• Computer Virus- a computer program that can
Red flags of account takeover can be similar to
replicate itself and extend from one computer
those for other forms of fraud, which is to say, activ-
to another through actions undertaken by the
ity that does not have a clear rationale or match
user intervention to proliferate.
the expected behavior of the customer. Red flags
can also include actions taken in an online banking • Trojan horse or Trojan- a non-self-replicating
account that could potentially conceal the attack- type of malware which appears to perform
er’s intrusion from detection. Some examples a desirable function of a legitimate software
include the following: application but instead facilitates unauthorized
access to the user’s computer system.
• Logins to customer accounts and/or funds
transfers at unusual times of day or outside of a • Computer Worm - a standalone malware
customer’s normal hours computer program that replicates for the
purposes of spreading to other computers
• New accounts or payees linked to an online
automatically.
account, followed by one or multiple funds
transfers initiated to these new accounts
One common type of malware used in financial
shortly afterwards
crime schemes, which can be deployed as a Trojan
247
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
or worm, is a keystroke logger. This piece of soft- Enterprising cybercriminals have even found ways
ware runs surreptitiously on the background of a to program malware onto the “firmware” of devices
user’s computer, capturing everything typed on a like wireless routers and USBs. Firmware is the
computer’s keyboard and periodically transmitting permanent software that comes embedded into a
that information to another computer or external device’s memory.
network. Eventually, those keystrokes are parsed
and analyzed by a financial criminal to find pass- Advanced cybercriminals will write their own mal-
words, logins and other sensitive personal infor- ware programs, but more common is purchasing or
mation. There are a number of variations on key- modifying an existing one. Thousands of malware
stroke loggers, such as malware, that secretly takes applications are available for sale or even free down-
screenshots of a user’s computer. load on web forums and dark web marketplaces.
A Screenshot of a Computer Infected with the Petya Ransomware, a Variant that Appeared in 2016 and Spread Quickly in the
Ukraine and Europe.
248
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
which attempt to frighten a victim into paying by erwise been exposed to malware. Similar to phish-
threatening to permanently lock or delete files, ing, malware presents significant risks to nearly any
even though the program doesn’t have that ability. computer user as a result of the malicious code’s
ability to infect users either in an undetectable
More advanced ransomware will actually encrypt environment or embedded within legitimate soft-
files. Cybercriminals will then only provide the key ware applications. Below are some industry best
to unlock them upon receipt of payment – if they practices around avoiding malware attacks.
provide it at all. • Use reputable antivirus software program on
computers, and keep the computer’s operating
Ransomware is available in a “malware as a service” system and anti-virus software up to date.
model, which accounted in part for its rapid rise
in popularity in the mid 2010s. On the dark web, a • Remain cautious about opening electronic
cybercriminal can purchase a package that includes communication attachments and or
a ransomware program and everything needed to downloading files online, especially if the site or
get it up and running, spamming services to distrib- source is unknown or unverified.
ute it, cryptocurrency wallets to receive payment, • Browse the Internet responsibly by only visiting
and even ongoing technical support. reputable web sites.
• Do not click on pop-up advertisements,
It’s not just individuals that have been targeted by especially advertisements pertaining to anti-
ransomware. Entire companies and government virus or anti-spyware software.
agencies have had operations disrupted and net-
works shut down. Ransomware has had serious Outside of programs designed explicitly to disrupt
impacts on critical infrastructure, such as health- or destroy computer networks, malware is rarely
care providers, energy companies and transporta- used in isolation and is usually a means of facilitat-
tion services. In 2016, a global ransomware attack ing another crime. Although the steps to prevent it
dubbed WannaCry led several hospitals in the are relatively straightforward, they should be used
UK’s National Health Service to redirect patients in conjunction with other security controls and pro-
and cancel surgeries after their networks were hit tocols. The following section of this chapter will
with encryption. Overall, the WannaCry program detail some industry best practices and standards
struck an estimated 200,000 computers across for network security and the detection and preven-
150 countries. tion of unauthorized access.
249
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
to compromise the security. An operator could load Reserve Bank of New York (FRBNY). This
unauthorized programs or data, reset passwords, software, which handles all kinds of US
rename various resources, reset the system’s time government financial transactions, cost more
and date and bypass the security checks. than $9 million to develop.
• A 31-year-old Russian national living in New
Traffic analysis. An intruder analyzes data charac- York, was charged with hacking into accounts
teristics (message length, message frequency and at Fidelity, Scottrade, E*Trade and Schwab
so forth) and the patterns of transmissions (rather in a complex scheme that involved making
than any knowledge of the actual information trans- unauthorized trades that profited the gang he
mitted) to infer information that might be useful to recruited to open bank accounts to receive the
an intruder. illegal proceeds. The brokerage firms said they
lost $1 million because of his fraud.
Data scavenging attacks. This is the technique
of piecing together information from found bits of • Yahoo accidentally leaked the private key that
data on a network, and using that data to expose was used to digitally sign its new Axis extension
weaknesses or launch a cyberattack. for Google Chrome. Axis is a new search and
browsing tool from Yahoo. A security blogger
Network address hijacking. It may be possible for discovered the package including the private
an intruder to reroute data traffic from a server or crypto key, noting it offered a malicious attacker
network device to a personal machine, either by the ability “to create a forged extension that
device address modification or by network address Chrome will authenticate as being from Yahoo.”
“hijacking.” This diversion enables the intruder to Yahoo was forced to release a new version of its
capture traffic to and from the devices for data Axis extension for Google Chrome.
analysis or modification or to steal the password file
from the server and gain access to user accounts
PLANNING A
Representative Examples – Unauthorized CYBERSECURITY PROGRAM
Network Access Considering the amount of sensitive data within
• The FBI arrested a computer programmer their custody, such as personal identifying informa-
in New York and charged him with stealing tion, financial records and other forms of nonpublic
proprietary software code from the Federal information, cybersecurity is a critical element for
most companies and organizations. Organizations
should constantly be taking proactive measures to
protect themselves against internal misuse or theft
of data, external theft of data and the threat of mal-
ware intrusions on their networks.
250
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
One of these is assessing risks and building controls assessment of systems and information
and protections accordingly. A cyber security plan requiring protect to determine the areas of
starts with a risk assessment. highest priority.
• Establish a methodology to assess the adequacy
The following are introductory steps an organi- of existing cybersecurity controls against the
zation should consider when first deciding on its perceived level of risk.
cybersecurity approach:
• Create cybersecurity policies, including
• Assess what networks and data are being measures to assess whether policies are being
protected, which may include data from clients, followed, and plans for periodic reassessment.
such as personally identifying information A good security plan should be flexible to
of customers, an organization’s own internal technology and staff changes, scalable,
data, and the networks required to run the informative and user friendly, considering
organization’s operations. security is a daily issue.
• Assess risks and cyber threats facing the
organization, and compare this against an
251
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
• Consider the human aspects of cybersecurity. A used by its employees and approved contractors
2014 study of cyber incidents by IBM found that to access specific nonpublic company information
90 percent had a human component to them, such as corporate policies, announcements, corpo-
meaning that the actions of an employee helped rate financial information, employee forums, inter-
further the cyber attack rather than a purely nal job postings and event calendars.
technical failure. An organization’s internal
security practices and training are as important An extranet is a computer network that facilitates
as its controls around network access from controlled access from the outside, for specific busi-
the outside. ness or informative purposes. Access is restricted
• Recognize that cybersecurity also has a physical to particular outside users and specific information
component. Attackers will use any weak within the network. Information can be shared from
point to launch an attack, including physical various areas of the business, and can be used to
vulnerabilities. In past cases, cyberfraudsters communicate sales and customer services, product
have posed as consultants for a financial development and marketing and personnel recruit-
institution, using forged security badges to ment, among other things.
enter the server room and steal data directly off
For example, a company may choose to share prod-
the institution’s network. In another instance,
uct information with its business partners, or it may
criminals simply stole the entire server racks.
use electronic document interchange (EDI) to allow
• Consider the potential repercussions for customers to place orders, deliver goods and pro-
cybersecurity incidents. Thinking through the cess payments electronically.
possible fallout that can result from a data
breach, malware disruption or other attack To detect and prevent unauthorized access to or
can help an organization decide how robust its use of an organization’s computers and networks,
data security program should be. For example, it is necessary to develop an effective frontline of
a software company may lose millions if their security mechanisms, as well as data breach detec-
application source code is discovered and made tion systems to discover intrusions and thefts if
available to public. they do occur.
STRUCTURE AND SAFEGUARDS Cybersecurity does not take place solely in the
IN A NETWORK virtual world. Network, system and physical secu-
In the simplest terms, a network can be described rity as well as controls for dealing with people are
as a collection of computers and other hardware required. The intangible aspects of data security
that are used to store information and carry out the also need to be considered, such as the effects of
functions of an organization. With the expansion of tight security controls on business operations and
the Internet, big data and mobile access, there is a company morale.
greater demand placed on companies to safeguard
their intranet and extranets. THE BASICS OF CYBERSECURITY
Best practices for securing an organization’s sys-
The Internet is defined as a global network that links tems and data can be grouped into two broad cate-
computers worldwide and uses data transfer proto- gories: those focused on organizational policies and
cols, such as FTP and HTTP, to transfer information controls, and those focused on the training and pro-
and data across locations. An intranet is a private cedures of individual employees. We’ll look at the
or closed network that uses internet technology. latter first.
For example, a company’s intranet site can only be
252
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
Training and Awareness. Human-centric best prac- Accessing WiFi and Storage Devices. Employees
tices start with training and awareness on the part should exercise caution when accessing wireless
of all employees. Training should focus on help- networks and avoid connecting to any unsecured
ing employees to modify their behavior to reduce networks. Cybercriminals can use these to target
cyber risk. Employees should be aware of the cyber others on the network, or may set up their own net-
threats they face, and understand how their day-to- work to lure unaware victims. Likewise, individuals
day actions on the job – opening email attachments, should not connect to unknown devices – a USB
for example – can increase or decrease their vulner- stick found in a company’s break room, for example
ability for attack. – as these could be vectors for malware.
253
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
Restrict administrative connections to specific Partitioning. This means that systems and net-
internal sources, and do not allow external admin- works should share hardware and resources only
istrative access. Administrative access typically with other systems that have similar security
allows a user full control to install or delete pro- requirements. Systems which share similar security
grams, extract data or make changes to the code requirements should have user communities of sim-
in a computer or network. It can be very dangerous ilar size and character, similar firewall profiles, and
if a financial criminal gains administrative access to similar technical requirements.
a system, and, as such, organizations should main-
tain restrictions on what employees and functions
are granted administrative access. In most circum- OTHER NETWORK SECURITY
stances, external administrative access should STANDARDS AND INDUSTRY
not be allowed. BEST PRACTICES
In most circumstances, a financial crime profes-
Implement a firewall and access control list. This
sional will not be required to have a specialized
is a basic but vital step for protecting an organi-
knowledge of network security. However, some
zation’s servers that can be accessed externally
fluency in the more technical aspects of cyberse-
-- firewalls are software or hardware devices (or a
curity can be useful in compliance, investigations
combination of both) that monitor and limit access
and enforcement matters. Below are some slightly
to traffic flowing into and out of the network based
more advanced techniques and tools for safeguard-
on predetermined protocols. An access control list
ing networks:
(ACL) specifies what systems or users have permis-
sion to access a server or system. • Avoid using point-of-sale systems to connect
to the web directly, and ensure your point-of-
Change default credentials of internet facing sale system is compliant with the requirements
devices. The default or out-of-the-box passwords designed by the Payment Card Industry Data
or login information should always be changed for Security Standard (PCI DSS) to ensure that all
any device with an external connection. A surpris- companies that process, store or transmit credit
ing number of companies will connect devices that card information maintain a secure environment.
can be accessed externally without changing ven- • Use encryption and decryption methods to
dor-supplied usernames and passwords. Financial convert information into a version that is
criminals will take advantage of this fact to easily meaningful only when the intended recipient
exploit holes in the data security system. Almost all uses a key or code when transferring files.
password cracking tools start with the list of default Strong encryption methodologies, such as
passwords from every manufacturer. Advanced Encryption Standard (AES), which
uses the same key to encrypt and decrypt
Systems must be configured to automatically data, can be used for particularly sensitive
update any software. Operating system software, information such as credit card numbers, bank
server applications (webserver, mail server, data- account information and payment details.
base server, etc.), client software (web browsers,
• Adopt inspection firewalls on network
mail clients, office suites, etc.), and malware protec-
connections, which are the most common
tion software (antivirus, anti-spyware, etc.) should
firewalls in use today. These firewalls track the
all be updated automatically to protect against con-
state of a network connection to determine if a
stantly-shifting threats. A plan to manually apply
packet of data being transmitted to or from the
new updates within a documented time period is an
network should be filtered. Proxy firewalls allow
acceptable alternative.
254
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
deeper packet inspection for more granular development department, who have no reason
control and authentication. to view customer files.
• Require password changes upon suspicion • Controlling access to sensitive information by
of theft or data breach for all users. In some requiring employees to use “strong” passwords
cases, this may include notifying customers and that must be changed on a regular basis.
requiring them to change passwords as well. For (Tough-to-crack passwords require the use of
very secure data or transactions, organizations at least six characters, upper- and lower-case
could also consider using one-time or limited- letters, and a combination of letters, numbers,
use passwords. and symbols).
• Consider blocking large address blocks/regions • Using password-activated screen savers to lock
if they have no legitimate business purpose, employee computers after a period of inactivity.
also known as IP blacklisting. Similarly, an • Developing policies for the use and protection
organization could use a web content filter of mobile devices, including laptops, PDAs
to check every URL request originating and cell phones. For example, implement a
from its network against a blacklist of policy of encrypting any user data that is
undesirable websites. kept or transferred on to a mobile device, and
provide training to employees using such
PROTECTING AGAINST UNAUTHORIZED devices on properly storing and using them in
INTERNAL ACCESS secure locations.
A significant percentage of data breaches and thefts • Providing training to employees on the steps
involve the participation of insiders, and organiza- they should take to maintain the security,
tions should not underestimate the threat of unau- confidentiality and integrity of customer
thorized internal access. Depending on the nature information.
of their business operations, firms should consider
implementing the following practices: MONITORING AND TESTING FOR
• Thoroughly checking references or conducting CYBERSECURITY
background checks before hiring employees Cybersecurity testing and network intrusion mon-
who will have access to customer information. itoring is an ongoing and evolving effort to ensure
• Requiring new employees to sign an agreement protection against new and dynamic threats to net-
committing them to following your company’s works. A critical aspect of any security program is
confidentiality and security standards for proactive testing and monitoring procedures that
handling customer information at the time of remains flexible and dynamic.
hiring. If this has not previously been done, all
current employees should also be required to Vulnerability assessments and penetration testing
sign such an agreement. should occur when a cybersecurity program is first
• Limiting access to customer information to put into place, as well as periodically on an ongoing
employees who have a business reason to see basis. In simple terms, penetration testing involves
it. For example, give employees who respond to conducting an authorized attack on a network or
customer inquiries access to customer files, but system, in order to assess the strength of security
only to the extent they need it to do their jobs, measures and identify weak points.
and do not grant the same access privileges to
employees in the organization’s research and
255
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
An intrusion detection system (IDS) is a device logins, to prevent malware from running
or software application that monitors network or multiple rapid password guesses)
system activities for malicious activities or policy • Password cracking tests
violations and produces reports to a management
station. Some systems may attempt to stop an When creating and implementing cybersecurity pro-
intrusion attempt but this is neither required nor grams, understanding legal and regulatory duties
expected of a monitoring system. is essential. Many jurisdictions have laws or regu-
lations that lay out the requirements for cyberse-
Intrusion detection and prevention systems (IDPS) curity programs, including when and how to report
are primarily focused on identifying possible inci- cyber incidents.
dents, logging information about them, and report-
ing attempts. In addition, organizations use IDPSs One example is the Directive on Network and
for other purposes, such as identifying problems Information Security, which establishes cyberse-
with security policies, documenting existing threats curity standards for organizations in European
and deterring individuals from violating security Union member states. In the US, the state of New
policies. IDPSs have become a necessary addi- York implemented Rule 500 in 2017, which lays out
tion to the security infrastructure of nearly every detailed cybersecurity program requirements for
organization. financial institutions.
256
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
257
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
there may be disagreements over the proper course and remediate. This often requires cyber
of action. It could be crippling if it’s not clear who forensic expertise.
is in charge. • Identify whether data can be recovered or the
damage done by the attack can be repaired. In
Your plan should include consideration of legal many incidents, the answer will be a resounding
reporting requirements and voluntary reporting “no.” In certain situations – files locked by
responsibilities. In many jurisdictions, a cyberattack ransomware, for example, or fraudulent
will require institutions covered by AML regulations transactions initiated due to business email
to file a suspicious transaction or activity report compromise – it may be possible to fully or
with their national financial intelligence unit. partially reverse damages.
Beyond this, there may be mandates to report to
other government agencies. • Establish a complete list of subjects affected
and their contact details. This can include
Companies may also be part of public-private customers, employees and other stakeholders.
information-sharing groups that encourage • Notify members of the crisis management
voluntary reporting, to help other businesses stay team (including, but not limited to, information
aware of cyber incidents. security officer, CEO, corporate counsel and HR).
• If needed, start drafting communications for
When cybersecurity staff are faced with reporting a both public and private notifications to subjects
security breach, especially with regard to notifying and the appropriate government authorities.
an Information Commissioner's Office (ICO) or
similar governing body specific to that territory, • Prepare a public relations strategy in the event
it will be in the best interests of the company the loss is made public.
to examine the legal and regulatory disclosure • Consult legal advisors and determine if the loss
requirements. will be investigated internally or undertaken by
external consultants.
The first step in responding to a cyber incident • Establish if policies and procedures have
is to stop the bleeding. Identify the gaps and been broken and what disciplinary action
vulnerabilities that led to the attack, and close them will be taken.
immediately.
258
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
• Review the incident against internal policies and Like all elements of cybersecurity, data privacy
procedures to identify any weakness in security programs must be tailored to the specific types of
and enhance the policies to avoid future losses. information collected and the services and prod-
ucts a company provides. One first step in safe-
It can often be tempting for companies to simply guarding data privacy is to develop a written plan
sweep a data breach under the rug and look for that describes their program to protect customer
quick fixes, as acknowledging a breach can lead to information. The plan must be appropriate to the
loss of customers, negative publicity, and even lia- company’s size and complexity, the nature and
bility in extreme circumstances. Though it may be scope of its activities, and the sensitivity of the cus-
more painful in the short term, a robust and thor- tomer information it handles.
ough response to cyber incidents is always the best
in the long run, as it will help correct deficient poli- As part of its plan, each company should do
cies and ultimately lead to a more secure cyberse- the following:
curity program. • Designate one or more employees to coordinate
its privacy program.
ESSENTIALS OF A DATA • Identify and assess the risks to customer
PRIVACY PROGRAM information in each relevant area of the
company’s operation, and evaluate the
STORING AND RETAINING
effectiveness of the current safeguards for
CUSTOMER INFORMATION
controlling these risks.
Many companies collect personal information
• Design and implement a privacy program, and
from their customers, including names, addresses
regularly monitor and test it.
and phone numbers; bank and credit card account
numbers; income and credit histories; and Social • Select service providers that can maintain
Security numbers. As custodians of this sensitive appropriate safeguards, make sure your
personal information, organizations must have poli- contract requires them to maintain safeguards,
cies and procedures to protect data privacy and use and oversee their handling of customer
data ethically. information.
• Evaluate and adjust the program in light of
These are similar to cybersecurity programs, but relevant circumstances, including changes in
have slightly different goals. Cybersecurity focuses the firm’s business or operations, or the results
on preventing unauthorized access to networks or of security testing and monitoring.
information, whereas data privacy is focused on
managing, using and sharing data in a way that con- Organizations should implement safeguards appro-
forms to privacy regulations and customer expecta- priate to their own circumstances. A company may
tions. This can include how data are handled inter- decide to designate a single employee to coordinate
nally, shared with affiliates or other third parties, or safeguards or may assign this responsibility to sev-
transmitted to law enforcement and regulators. eral employees who will work together. In addition,
companies must consider and address any unique
Internationally, there is a patchwork of laws and reg- risks raised by their business operations, such as
ulations that governs how sensitive personal infor- the risks raised when employees access customer
mation should be stored and retained, and when data from their homes or other off-site locations, or
and how it can be shared. Collectively, these prin- when customer data are transmitted electronically
ciples provide guidance on data privacy programs. outside the company network.
259
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
260
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
taining information about an EU citizen, and it gov- affected persons that their personal information
erns not just the production of this information, but will be processed, and possibly disclosed, and offer
also how, where and under what circumstances the such persons the right to object.
information can be processed and stored.
Necessary for compliance with a legal obligation.
Under EU data privacy laws, “personal information” Processing is permitted where a member state has
has a much broader definition than is understood in authorized it for the purposes of meeting a legal
the US. In Europe and elsewhere, personal informa- obligation to comply with a court order of another
tion is virtually any information about an individual, jurisdiction regarding pre-trial discovery.
including name, physical and email address, family
members and similar facts that can be used to iden- Necessary for meeting a legitimate interest. Pro-
tify someone, even if the information is created and cessing and transferring personal information data
maintained in a business environment. EU data pro- may be authorized to meet the demands of litigation
tection laws control the processing and transfer of if accomplished in a measured, proportionate and
data containing any personal information. secure manner. Processing for litigation requires
balancing the rights of the individuals whose per-
The General Data Protection Directive (GDPR) does sonal data are processed against the rights and
not completely prohibit processing and transferring. interests of litigating parties.
The directive has, however, been interpreted to seek
compliance with certain data protection require- PROTECTING THE DATA UNDER THE EU
ments. For example, in February 2009, a Working DATA PROTECTION REGULATION
Group established under the Directive published A party seeking to process personal data for litiga-
“Working Document 1/2009 on Pre-Trial Discovery tion must take numerous steps to protect personal
for Cross Border Civil Litigation,” which provides information. As much processing as possible should
guidance in managing the tension between US liti- be accomplished within the European Union. The
gation discovery obligations and the EU’s data pro- data must be anonymized or at least pseudonymized,
tection requirements. and must be culled of irrelevant personal informa-
tion. Truly sensitive information, such as official
The Working Group’s recommendations, which are ID numbers, health and tax information should be
not binding on the privacy authorities of the various purged from the data. If the data to be transferred
EU countries, include the following: contains personal information, the request to trans-
fer it must be proportionate to the legitimate needs
Consent. Individuals may consent to the process- of the case, and reasonable provisions should be
ing of their personal information. Obtaining con- made to secure the data and to prevent its use and
sent, however, is no simple matter. To be effective, transfer beyond the matter at hand. Personal infor-
consent must be given freely—it cannot be coerced, mation must not be indefinitely retained.
even mildly, by an employer—voluntarily, and know-
ingly. Evidence of consent must be clear and con- Penalties for violating privacy laws can be severe.
sent, once given, may be revoked. Broad advance Private parties seeking data that contains personal
waivers as a condition of employment are not effec- information must be very familiar with the laws of
tive; consent must be provided affirmatively and the jurisdiction hosting the data. Even data created
with reference to the specific documents the pro- in the work environment generally falls within the
duction of which has been requested. Where obtain- scope of the Data Protection Regulation. For exam-
ing consent is not feasible, the party from whom ple, unlike what typically is held to be the case in
documents are requested must at least disclose to
261
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
the US, email created in the work environment that • Public declaration of commitment to the Privacy
identifies a natural person by name, address or con- Shield Framework
text is considered protected personal information • Informing individuals of their rights to access
under the directive. Reports from committees that their data, and informing individuals what
identify committee members may also be consid- regulatory bodies have authority over the
ered personal information. organization’s compliance with the Framework
262
@2019 Association of Certified Financial Crime Specialists
CHAPTER 12 • CYBERSECURITY
Q 12-1. Your financial institution has been subject to several hacking attempts over the last
few weeks. While none have been successful, you worry that it might be a matter of time. To
keep your network secure, you have decided to update your network security policies.
What is an important step to include in your network security policy?
A. Educate your online customers to detect phishing attempts and other fraudulent
email scams.
B. Disable auto deletion of old data, including access logs, and move them to an
archive server.
C. Only permit administrative connections via the Internet through HTTPS or SSH
connections.
D. Require confirmation from network engineering before resetting any lost passwords.
Q 12-2. Your organization has a large online presence, providing all key services online. You
have recently found out that a hacker has gained access to your secure network, stealing
millions of customer usernames and passwords. You think the access was gained via social
engineering.
Your company’s success depends on your keeping this data secure, so your organization wants
to put procedures in place to ensure it can prevent any such further attacks. As an initial step
you have terminated Internet access for engineering and IT.
What would be the MOST effective further action for your firm to immediately take to prevent
this specific type of attack from happening again?
A. Restrict external access on all routers and servers allowing administrative access only
from workstations in the engineering and IT departments.
B. Staff should not be allowed to download any materials from the Internet or private disks
to the organization’s local drives.
C. Require all customers to change their passwords on a regular basis to access their
accounts and require strong passwords.
D. Upgrade all network firewalls and ensure they are running current software.
263
@2019 Association of Certified Financial Crime Specialists
CHAPTER 13
ETHICAL
RESPONSIBILITIES
AND BEST
PRACTICES
OVERVIEW
264
CHAPTER 13 • ETHICAL RESPONSIBILITIES AND BEST PRACTICES
These tests may arise from the following represen- cial crime specialists in the public and private sectors
tative examples: have been lured into wrongdoing when they confront
• A private banking client who applies pressure the chance to earn many times their salaries by con-
to not file a required government report on ducting a single transaction.
a transaction
Financial criminals usually go to great effort and
• A public official who asks that a suspicious expense to obtain and conceal the proceeds of their
transaction be overlooked or obfuscated crimes. Often, they attempt to manipulate or cor-
• A judge or regulator who insinuates that an rupt employees of financial institutions and their
unlawful payment to him or her would achieve pursuers, including law enforcement agents, reg-
the result you want ulators, compliance officers, risk officers, lawyers,
• A customer who asks you to misstate the facts financial institution executives and others. Their
about him so that he may be accepted as a goal is to frustrate the control and compliance
customer by your financial institution systems that have been built to combat them. It is
important that a financial crime specialist remain
• A superior who asks you to ignore an internal on guard against ethical temptations and violations.
policy to facilitate an unlawful transaction he This can mean the difference between a successful
is advocating career and a situation that results in losing your job
• The temptation to sell or trade on confidential and your freedom.
information that comes to you on the job
• An employee who approaches you with possible Financial crime professionals work in many dis-
evidence of a financial crime implicating a senior ciplines. Many of them, such as attorneys and
manager and asks you to suppress it accountants, must adhere to codes of ethics pro-
mulgated by their professional associations. These
• A request to ignore an item in a profit and loss professionals must always be sensitive to these
statement that might show wrongdoing standards and the laws and regulations that govern
their conduct. The work of financial crime special-
Examples of situations that test the ethical bear- ists is closely tied to the law, but for them, operating
ings of diverse players in the financial crime arena in a legal manner is not enough.
worldwide could fill up pages of this Manual.
Ethics go beyond obeying the law. It entails adher-
If one starts with the conclusion that nothing is worth ence to a standard of conduct higher than the
risking one’s career and the well-being of one’s family, minimum required by law. To become a Certified
and that it is important to always act with the highest Financial Crime Specialist (CFCS), financial crime
integrity, ethical lapses will not occur. Because finan- professionals must demonstrate knowledge of the
cial crime invariably involves illicit proceeds, there ethical standards that govern them and a commit-
are many opportunities for temptation. Many finan- ment to maintain them. The work of financial crime
professionals should meet the highest legal, ethical
and professional standards.
265
@2019 Association of Certified Financial Crime Specialists
CHAPTER 13 • ETHICAL RESPONSIBILITIES AND BEST PRACTICES
and employees of financial institutions, corpora- deciding where to focus an investigation and other
tions and other business entities. similar situations.
266
@2019 Association of Certified Financial Crime Specialists
CHAPTER 13 • ETHICAL RESPONSIBILITIES AND BEST PRACTICES
ical dilemma, and to understand how one’s actions When instituting conflict of interest rules for an
affect others. We must weigh the expectations of organization, do the following:
others about our conduct and how they may affect • Develop a systematic and objective approach
us. It is difficult to act ethically if we don’t recognize for screening new clients or selecting cases
issues as they arise. to pursue or embarking on any task where
objectivity and ethical standards may be tested.
Get the facts — Obtain as much information as pos-
sible to illuminate the situation and obtain specific, • If possible, select a colleague who is not
objective information. One must take a broad view affiliated with the matter to screen the relevant
even when only partial information is available. One facts and the persons in a particular situation.
must consider how to find other pertinent informa- • Designate a conflict of interest officer for your
tion. Consider the motivation some persons may organization or unit.
have in supplying partial or incorrect information.
267
@2019 Association of Certified Financial Crime Specialists
CHAPTER 13 • ETHICAL RESPONSIBILITIES AND BEST PRACTICES
268
@2019 Association of Certified Financial Crime Specialists
CHAPTER 13 • ETHICAL RESPONSIBILITIES AND BEST PRACTICES
that generates fees should not be prolonged in intentionally or unintentionally, to some customers
order to continue the payment of fees. Clients over others.
should be informed promptly at significant points
where a more economical approach is possible and Conflicts of interest may arise in transactions or
not harmful. dealings involving insider or privileged information.
Similar situations exist in the public sector where a Financial institution and corporate regulators often
government operation may be prolonged for improper have rules or guidelines that govern how the regu-
motives. Financial crime specialists at government lated entities should manage and prevent conflicts
agencies must always remember that their resources, of interests. Most countries prohibit conduct that
including their salaries, are paid by the taxpayers, who arises from conflicts of interest, such as insider trad-
are owed the same honest dealings and conduct as ing or self-dealing. Conflicts of interest can easily
are clients of private sector specialists. elevate from an ethical violation to a financial crime.
Some conflicts of interest are so significant they In other situations, a situation that begins as a fail-
compel a decision to decline to undertake a matter ure of internal controls and insensitivity to ethical
or to withdraw from an existing one. In other situa- obligations can become a financial crime which
tions, conflicts may be managed by adopting pro- brings severe financial consequences to innocent
tective measures, such as obtaining written waivers individuals and organizations, including reputa-
from one’s superiors or clients, disclosing potential tional harm, governmental penalties or prosecution
conflicts to superiors or clients or blocking access and lawsuits by the victims.
to documents and other things to prevent people
and information from a different case from contam- INFORMATION BARRIERS
inating or affecting a current matter. Information barriers or “firewalls” can provide
strong protection against conflicts of interest at pri-
UNDERSTANDING & RESOLVING vate- and public-sector entities. These barriers are
CONFLICTS AT DISTINCT PRIVATE AND intended to limit the flow of information between
PUBLIC ENTITIES internal units and persons. They are designed to
Everyone who works in the financial crime field allow employees of an organization to advance their
has the obligation to place the interests of their legitimate activities without exposure to informa-
organization, customers, constituents and other tion that may produce a conflict of interest.
stakeholders above their own. Employees of finan-
cial institutions in the broad sense of the term, in
Information barriers at private- and public-sec-
particular, must recognize the purposes for which tor organizations may take various forms based
accounts, relationships or trusts they manage on the size and services the organization provides.
and oversee were created, and administer them They can be physical barriers, such as the physical
accordingly. separation of units of employees in the blocking of
access to certain information by electronic means.
Institutions and commercial corporations must
also ensure that their customers are treated hon- Information barriers should also include policies
estly, fairly and equitably, and that their employees and procedures that explain problems that may be
are not extending undue privileges and benefits, encountered, how to resolve them and how to apply
the organization’s policies. Some common controls
269
@2019 Association of Certified Financial Crime Specialists
CHAPTER 13 • ETHICAL RESPONSIBILITIES AND BEST PRACTICES
on conflicts of interest at private- and public-sector because of a personal bias against the customer or
organizations may include the following: a “feeling” without supporting evidence.
• Assessing the services, activities, functions and
distinct types of employees to identify where Similarly, decisions to not follow certain onboarding
conflicts of interest may arise or monitoring procedures should, of course, not be
based on an expectation of financial gain offered
• Restricting employee access to information by the customer, or bonuses or other benefits
through a system of multi-tiered access rights from the organization for onboarding or monitor-
or similar limitations ing a customer.
• Written conflict of interest policies that clearly
outline prohibited behavior and provide Financial crime specialists, including compliance
guidance, instructions and examples on avoiding and risk management specialists, frequently have
conflicts of interest access to a customer’s personal information. A spe-
• Training programs that teach awareness of cialist must securely store and manage customer
and sensitivity to conflicts of interest and their information and access and retain if it is necessary
ethical resolution for onboarding and monitoring and as required by
law or regulations. The Data Security and Privacy
• Secure methods to record and preserve relevant chapter of this manual cover other considerations
information at the start of an operation or a in the handling of customer and other sensitive
customer and business relationship to identify information.
and manage conflicts of interest
• Clear policies and instructions that govern BUILDING CONFLICT OF
disclosure to the appropriate government INTEREST POLICIES
authorities of internal lapses in honest and When not properly managed, conflicts of interest
proper conduct by the organization and can be a source of serious repercussions and conse-
its employees quences. To manage conflicts effectively, business
and government organizations must have thought-
ETHICAL ISSUES IN ONBOARDING AND ful and sound written policies and procedures.
MONITORING CUSTOMERS
Financial crime specialists who work in compliance The key part of a sound process is the ability to
and risk management sometimes have latitude in identify all the parties involved in any case, an
the onboarding and monitoring of customers and account, business transaction or matter. By know-
customer activity. The ethical considerations for ing who is involved, potential conflicts are more
persons who onboard and monitor customers are readily identified.
similar to those that can be used to resolve conflicts
of interest. At larger organizations, identifying conflicts can be
complicated. All relationships and conflicts may not
When deciding whether to onboard a customer be readily apparent. Poor internal communications
and monitor customer activity, a financial crime can allow conflicts to go undetected. Staff turnover
specialist must follow the policies and proce- also increases risk levels by increasing the loss of
dures of the organization. Compliance officers and institutional knowledge.
other employees should not subject a customer to
enhanced due diligence procedures, for example, In conflict management, the staff and their rela-
tives and business and personal connections are an
270
@2019 Association of Certified Financial Crime Specialists
CHAPTER 13 • ETHICAL RESPONSIBILITIES AND BEST PRACTICES
important consideration. A conflict of interest pol- All employees at all levels should be required to
icy should alert pertinent units of an organization to know and receive proper training on internal con-
possible conflicts in distinct types of relationships. flict of interest and ethics policies and the organiza-
Developing and implementing a system to capture tion’s expectations and procedures.
and retrieve employee and client information is
essential to identify potential conflicts of interest.
PRIVACY CONSIDERATIONS
Employee privacy and an organization’s needs require Investigations in the public and private sectors often
a delicate balance. Confidential information about present financial crime specialists with difficult eth-
an organization’s employees must be safeguarded ical decisions. For example, one of the more diffi-
and kept private. The reasons for determining that a cult issues that investigators confront are the pri-
conflict of interest existed should not be shared with vacy rights of investigative subjects, including their
other staff members, customers or clients, unless it is inclusion in databases that are accessible by many
compelling or there is an official reason to do so. persons, sometimes even outside the organization.
Some organizations require a committee to review With the pervasive use of technology, violating the
confidential information to decide what should be privacy rights of a subject, customer or colleague is
placed in a conflict of interest database. Having a easy. It may be tempting to surreptitiously access
well-defined protocol for this process is import- a person’s computer, place cameras to monitor a
ant to ensure uniformity and fairness. Information subject, enter a subject’s property to place tracking
concerning employees, their relatives and private devices on their vehicles, or tap a telephone without
dealings should be deleted or stored separately and court authorization. These are steps that can ruin
securely when an employment relationship ends. the careers of a financial crime specialist.
Other guidance that should be included in an It is ethically questionable or even illegal for a finan-
organization’s conflict of interest policies include cial crime specialist or others to misrepresent them-
the following: selves in order to obtain personal or financial infor-
• The relationships of directors, officers and other mation about a subject, customer, client, opponent
officials with outside organizations in a legal matter, or others. Posing as an employer
to obtain a credit report, for example, is a crime in
• The extension to employees of free or
some jurisdictions.
discounted services from the organization as
fringe benefits
Whether an action is an unlawful invasion of privacy
• The names of all employees who receive gifts or or is a legitimate investigative step depends on the
entertainment benefits from outside persons, laws where the action occurs. Financial crime spe-
businesses, customers or vendors cialists should know the applicable laws and regula-
tions in jurisdictions where they work or where they
This data from new engagements or relationships seek information. They should remember that what
should be added to the conflict system or database is legal in one jurisdiction may not be legal in another.
as soon as they commence or are identified. Failure
to manage and update these systems in a timely Bending the rules in a due diligence procedure per-
manner may result in loss of business, harm to rep- formed at a financial institution or other business
utation and potential legal liability. may do significant harm, in addition to constituting
an ethical violation. It may also jeopardize a case or
271
@2019 Association of Certified Financial Crime Specialists
CHAPTER 13 • ETHICAL RESPONSIBILITIES AND BEST PRACTICES
272
@2019 Association of Certified Financial Crime Specialists
CHAPTER 13 • ETHICAL RESPONSIBILITIES AND BEST PRACTICES
The third step is to establish procedures that assure CONFLICTS BETWEEN THE CLIENT AND
that an overlap in names does not prejudice past THE FINANCIAL CRIME SPECIALIST
or prospective clients. The greater the overlap, Many conflicts may arise between a financial crime
the greater the actions a financial crime specialist specialist and his or her colleagues or clients. Some
should take to prevent harm to the organization, are inherent in work performed for a fee. Proce-
matter or present or past clients. dures should exist that ensure that all work billed to
a client is honestly and fairly performed. A financial
The following actions may be taken to prevent harm crime specialist has a responsibility to the organi-
when potential conflicts of interest arise: zation, colleagues and clients to assure that work
• Promptly disclosing to past or present performed is authorized and reasonably crafted to
colleagues, clients or organizations the nature accomplish the ultimate goal set by the organization.
of a potential conflict of interest
• Asking these persons and organizations to Some conflicts arise from disagreements over fees
waive conflicts of interest that may exist, if it or difficulties of an organization or client to find an
is appropriate operation. An example is when a financial crime
asset recovery specialist has agreed to provide
• Creating a wall or other safeguards to ensure services on a contingent basis with the fees to be
that persons who were involved with a prior paid from a client’s winnings. If the client becomes
matter will not see or have access to files of the unable to continue funding the case, the specialist
new matter and will not participate in it faces the prospect of losing an opportunity to col-
• Declining to accept the prospective lect a good contingency fee and may be tempted to
matter or case propose improper funding of the case. These con-
flicts should be addressed quickly and discussed in
Sometimes a conflict of interest cannot be avoided the initial engagement agreement.
in advance because its existence is not known until
a later stage. When conflicts are discovered later, a Conflicts may arise for non-financial reasons, such
complete, prompt disclosure to all affected parties as when a superior or client imposes limitations that
must be made. In most cases, skilled financial crime the financial crime specialist believes are unreason-
specialists can work with the affected persons to able. A client may insist that the financial crime spe-
reach an acceptable resolution. cialist focus on a target that the specialist believes
has little value to the case, for example. Or, when
If a resolution cannot be found, the specialist should a superior or a client may ask the financial crime
not continue to work in a situation where one client specialist to engage in illegal or unethical conduct.
may be favored over another. These problems must be confronted directly and
discussed with appropriate persons in the organiza-
In government matters, similar conflicts to those in tion. The financial crime specialist should document
the private sector may arise. A government financial all pertinent actions discussed and taken.
crime specialist should never compromise a proper
action in order to obtain an advantage in a present PROTECTING THE INTERESTS OF THE
matter, unless a well-considered decision favoring a ORGANIZATION OR CLIENT
concession is justified. A plea bargain, coupled with
A financial crime specialist should assure that he
other inducements that government agents may
or she is not engaging in conduct that may harm
offer to a target or informants in a financial crime
his organization or client. It is a good idea to follow
matter, is an example of such a compromise.
the medical field’s Hippocratic Oath, “First, do no
273
@2019 Association of Certified Financial Crime Specialists
CHAPTER 13 • ETHICAL RESPONSIBILITIES AND BEST PRACTICES
harm.” Financial crime specialists perform a valu- This was illustrated in the mid-2000s when a For-
able service when they advise their organizations, tune 500 company hired private investigators to
colleagues or clients that the actions they are sug- identify the source of leaks of confidential board of
gesting may be unproductive, counterproductive, director information to the media. The investigators
harmful, improper or unethical. Examples include used deceptive telephone calls to obtain banking
the following: and phone records of suspected persons. When the
• Pursuing a civil action where the costs are scheme was discovered, the company and several
expected to exceed the value of the successful officers became the subjects of criminal investi-
outcome or recovery gations. The company paid a large fine and several
officers were fired.
• Engaging in conduct likely to be offensive to a
court and result in sanctions or other negative By its very nature, financial crime is full of circum-
consequences to the client and the financial stances that may harm or destroy the reputations of
crime specialist persons. Being mindful and respectful of the ethical
• Undertaking actions that will likely obligations that a specialist carries as part of the
cause embarrassment or harm to an job is an essential part of all financial crime posi-
organization or client tions and a crucial element of the Certified Financial
Crime Specialist (CFCS) certification.
274
@2019 Association of Certified Financial Crime Specialists
CHAPTER 13 • ETHICAL RESPONSIBILITIES AND BEST PRACTICES
Q 13-1. Sallie Jones holds a significant administrative position in the Defense Department of
her home country, overseeing various information technology projects. Sallie’s husband, Joe,
was recently hired in sales by a software company, Company A. The CEO of Company A is a
personal friend of Sallie’s, and ultimately hired Joe.
Shortly after Joe was hired, the Defense Department and Company A entered into a contract
for the purchase of software. Joe was assigned to the account. Sallie was not involved in the
initial contract negotiations and did not know they were taking place. After the contract was
signed, Sallie was involved in the decisions to use the company on subsequent projects.
Q 13-2. The CEO of Company X, a publicly traded corporation, caused Company X to enter
into a transaction with Company Y in which the CEO is a shareholder. The CEO failed to inform
the shareholders of Company X of his interest in Company Y. However, the transaction will
greatly benefit Company X as well as Company Y.
Which statement is true about this situation?
A. The CEO has participated in insider trading.
B. The CEO has committed self-dealing.
C. The CEO has been involved with selling away.
D. The CEO has not committed an ethical violation.
275
@2019 Association of Certified Financial Crime Specialists
CHAPTER 14
INTERNATIONAL
AGREEMENTS
AND STANDARDS
OVERVIEW
From the local to the global, efforts to detect and prevent finan-
cial crime occur on many levels. As discussed in previous chap-
ters of this Manual, financial crime is a global plague that takes
place across borders and throughout the national and interna-
tional financial systems. That is why financial crime must also be
addressed on the international level.
276
CHAPTER 14 • INTERNATIONAL AGREEMENTS AND STANDARDS
This has long been recognized by governments these norms are not self-executing and require the
and their enforcement and regulatory agencies. political will and commitment to implement them by
Through treaties, interagency arrangements and laws, regulations and enforcement.
international organizations, governments world-
wide have sought for decades to build cooperation This chapter will highlight the noteworthy interna-
concerning standards and procedures for policy, tional standards and the organizations behind them.
regulation and enforcement concerning financial In many cases, the standards and agreements are only
crime. These efforts were spearheaded by North summarized briefly. When documents or recommen-
American and European nations in the past, but, in dations are referenced by name, the financial crime
recent years, many developing nations have played professional should consult these sources. Links are
a significant role. provided throughout the chapter and in the Appendix.
277
@2019 Association of Certified Financial Crime Specialists
CHAPTER 14 • INTERNATIONAL AGREEMENTS AND STANDARDS
criminal proceeds. Signatories to the convention The FATF’s stated purpose is to develop policies to
are monitored for compliance with the treaty’s pro- control and prevent money laundering and terrorist
visions by panels of UN-appointed experts under financing. Over the years, the FATF 40 Recommen-
the direction of the UN Office on Drugs and Crime. dations have been revised to reflect the changing
financial crime landscape. Before the most recent
The United Nations also issues sanctions against amendments in 2012, the FATF 40 Recommenda-
countries that are deemed to be violating interna- tions were revised in 1996, 2001 and 2003. After
tional principles. The sanctions impose prohibitions the terrorist attacks of September 11, 2001, (9/11)
on commerce and financial transactions with the the FATF issued nine special recommendations
sanctioned countries. aimed at the financing of terrorism.
UN sanctions originate with the UN Security Coun- In early 2012, the FATF took its biggest step away
cil and commit UN member states that adopt them from a strict focus on money laundering. It began to
to comply with the limitations on trade and transac- emphasize the importance of targeting corruption
tions. These sanctions are similar to those imposed and tax evasion, which are intertwined with money
by the US Treasury Department’s Office of Foreign laundering. Thus, the FATF’s recommendations
Assets Control (OFAC) and other nations. They typ- seem to be taking the same route toward financial
ically include a list of sanctioned entities, agen- crime “convergence” that financial institutions and
cies or individuals. In the case of sanctions limit- government agencies around the world are pursu-
ing financial transactions, they usually require the ing. (See Appendix for the FATF 40 Recommenda-
blocking of transactions to or from the sanctioned tions of 2012.)
entity and the placing of the funds in an inter-
est-bearing account. They do not require countries As of early 2018, The FATF had 37 members, con-
to detain or arrest persons or entities that are listed sisting of 35 jurisdictions and two regional organi-
in sanctions lists. zations (the Gulf Cooperation Council and the Euro-
pean Commission).
UN sanctions are sometimes used to deter coun-
tries from taking aggressive military action against The FATF also has a global network of so-called
other countries, or to punish countries that do so. FATF-Style Regional Bodies (FSRBs) that follow
their own, albeit compatible, programs and policies.
These bodies promote implementation of the FATF
FINANCIAL ACTION TASK FORCE 40 Recommendations by their members and advise
The Financial Action Task Force, or FATF, was formed FATF on regional issues and conditions. There are
in 1989 by the G-7 nations, which then were Can- eight regional FSRBs.
ada, France, Germany, Italy, Japan, United Kingdom
and the US. Since then, the FATF has evolved into The FATF is strictly a policy-making body without
the principal standard-setter of global anti-money enforcement authority. To drive implementation of
laundering controls and policies for nations, finan- its policies and recommendations, the FATF orga-
cial institutions and other private sector organiza- nizes programs of mutual assessments of nations.
tions. The first formal action of the FATF in April In an FATF mutual assessment, a nation submits to
1990 was to promulgate the “40 Recommenda- a review by teams of experts from other countries,
tions,” which recommend conduct by government who gauge the nation’s progress toward full imple-
agencies, financial institutions and other organiza- mentation of the 40 Recommendations.
tions to combat money laundering.
278
@2019 Association of Certified Financial Crime Specialists
CHAPTER 14 • INTERNATIONAL AGREEMENTS AND STANDARDS
This assessment may lead to public exposure of To show their scope and the topics they cover, a list-
deficiencies in money laundering and financial ing of the recommendations follows:
crime policies and enforcement. This exposure and • Anti-money laundering and terrorist financing
the potential political embarrassment and public
1. Assessing risks and applying a risk-
outcry that may follow exerts pressure on nations
based approach
to comply with the FATF’s Recommendations.
2. National cooperation and coordination
Additionally, since 2000, the FATF has published a • Money Laundering and the confiscation of
so-called “blacklist” of nations that refuse to fol- associated proceeds and instrumentalities
low the FATF Recommendations or to comply with
3. Money laundering offense
its international standards on money laundering
and financial crime enforcement. The blacklist 4. Confiscation and provisional measures
proved to be so effective that all countries were • Terrorist financing and the financing of
removed by 2008, although the FATF still publishes proliferation
a semi-annual list of “high- risk and non-coopera- 5. SR-II [Special Recommendation on
tive” countries. terrorist financing II] related to the terrorist
financing offense
40 RECOMMENDATIONS OF THE
FINANCIAL ACTION TASK FORCE 6. SR-III [Special Recommendation on
terrorist financing III] addressing targeted
The 40 Recommendations can be found at the FATF financial sanctions related to terrorism and
website, www.fatf-gafi.org. They are listed in seven terrorist financing
broad categories and focus on policy measures for
7. Proliferation and related targeted
nations and best practices for financial crime con-
financial sanctions
trols at financial institutions and corporations.
8. Non-profit organizations
Although primarily focused on money laundering • Preventive measures
and terrorist financing, the FATF Recommenda- 9. Secrecy laws of financial institutions
tions have increasingly branched out to cover finan-
cial crime as a whole. The 2012 version of the rec- 10. Customer due diligence standards
ommendations, for example, included provisions 11. Record keeping requirements
directing countries to make tax crimes predicate 12. Politically exposed persons (PEP)
offenses for money laundering cases and calling for
13. Correspondent banking
enhanced scrutiny of politically-exposed persons
(PEPs) to combat corruption. 14. Money or value transfer services
15. Emerging or new technologies
The 40 Recommendations apply directly to compli-
16. Wire transfers
ance professionals. Many of the Recommendations
have been widely implemented as key elements of 17. Third parties and reliance on their data
compliance programs at financial institutions world- and reporting
wide. Because of their importance and broad accep- 18. Internal controls, foreign branches and
tance as a global anti-money laundering baseline, subsidiaries
financial crime specialists should read the full text 19. High risk jurisdictions
of the 40 Recommendations, available at http://
20. Suspicious transaction reporting
www.fatf-gafi.org/topics/fatfrecommendations.
21. Confidentiality and non-disclosure
279
@2019 Association of Certified Financial Crime Specialists
CHAPTER 14 • INTERNATIONAL AGREEMENTS AND STANDARDS
22. Designated non-financial businesses and Cooperation and Development (OECD), has the
professions (DNFBPs) mission to promote policies that improve economic
23. Other measures related to DNFBPs and social conditions worldwide. The OECD was
created in September 1961 and presently has 34
• Transparency and beneficial ownership of legal
member nations.
persons and arrangements
24. Transparency and beneficial ownership of The OECD concentrates its efforts in four main areas:
legal persons
1. The restoration of confidence in markets and
25. Transparency and beneficial ownership of the institutions and companies that make
legal arrangements them function, including improved regulation
• Powers and responsibilities of competent and more effective governance at all levels of
authorities and other institutional measures political and business life
26. Regulation and supervision of financial 2. The restoration of public finance as a basis for
institutions future economic growth
27. Supervisory powers and authority 3. Support for new sources of growth through
innovation, environmentally friendly ‘green
28. DNFBP regulation and supervision growth’ strategies and development of
29. Financial Intelligence Units (FIU) emerging economies
30. Investigative authorities and law 4. To foster innovation and growth, ensuring
enforcement and their responsibilities that people of all ages develop the skills to
31. The powers of investigative authorities and work productively and satisfactorily in the
law enforcement jobs of tomorrow
32. Cash couriers The OECD has three components: Council, Commit-
tees and Secretariat. The Council is the overall deci-
33. Statistic gathering and reporting
sion maker and has at least one representative per
34. Guidance and feedback protocols member country and a representative of the Euro-
35. Sanctions pean Commission. The permanent representatives
of the Council meet frequently and decide by con-
• International cooperation
sensus. There are approximately 250 committees,
36. International instruments working groups and expert groups that discuss pro-
37. Mutual legal assistance grams and review progress on issues. The Secretar-
38. Freezing and confiscation pursuant to iat is located in Paris and consists of about 2,500
mutual legal assistance staff members, including financial specialists, law-
yers, scientists and other professionals. The Sec-
39. Extradition
retariat supports committees and completes tasks
40. Other forms of international cooperation based on priorities set by the OECD Council. The
OECD is funded by members countries based on
ORGANIZATION FOR a formula that takes into account the size of each
ECONOMIC COOPERATION AND member’s economy.
DEVELOPMENT (OECD)
The OECD may develop standards and models, rec-
One of the older and more influential intergov-
ommendations or guidelines. OECD publications
ernmental bodies, the Organization for Economic
play an important role in disseminating the OECD’s
280
@2019 Association of Certified Financial Crime Specialists
CHAPTER 14 • INTERNATIONAL AGREEMENTS AND STANDARDS
281
@2019 Association of Certified Financial Crime Specialists
CHAPTER 14 • INTERNATIONAL AGREEMENTS AND STANDARDS
In addition to financial institutions, the committee The EU’s governing bodies also agreed to a package
says customer due diligence principles should be of amendments and enhancements, known as the
developed for non-bank financial institutions and 5th Directive, that expanded corporate transpar-
mediators of financial services, such as account- ency through publicly accessible national registries.
ants and lawyers.
The Directives apply not only to the financial sec-
CONSOLIDATED KNOW YOUR CUSTOMER tor but also to lawyers and accountants, casinos,
(KYC) RISK MANAGEMENT estate agents, trust and company service providers
The Committee published the Consolidated KYC and high value dealers. All persons subject to the
Risk Management in October 2004, which includes Directive must be supervised for AML controls by a
guidelines for policies and procedures governing competent authority.
“know your customer” operations at banks. In a brief
nine pages, it provides a good high-level overview These are some of the other highlights of
of KYC processes and best practices. the Directives:
• Cover terrorist financing as well as
It also covers management and oversight of KYC money laundering.
programs, policies for customer identification and • Contain detailed customer due diligence
acceptance, and recommendations for transaction standards. In particular, it states that:
and account monitoring. In addition, it addresses
how institutions should have a global process for −− CDD is defined as including not just customer
KYC, shared among all branches and businesses identification and verification, but also
lines, as well as information-sharing across the establishment of the purpose and intended
entire business subject to privacy laws. nature of the business relationship and
ongoing monitoring
−− CDD applies to new and existing customers
EUROPEAN UNION DIRECTIVES ON
−− It requires identification of beneficial
MONEY LAUNDERING owners and verification of the beneficial
European Union Directives on Money Laundering owner’s identity.
are the key AML policy for EU member countries. −− It contains guidelines for simplified due
Directives specify the legal and regulatory frame- diligence for certain low risk situations, and
work that EU nations are required to implement requires enhanced due diligence in situations
concerning money laundering controls. Directives that present a higher money laundering or
imposes major compliance requirements on banks, terrorist financing risk – including non-face-
other financial institutions and gatekeepers that to-face business, ‘politically exposed persons’
operate in or do business in EU nations. and international correspondent banking
relationships.
In many respects, Directives mirror the FATF Rec-
ommendations. EU member states are allowed to • Recognize and reinforce the concept of a risk-
independently enact more stringent AML and finan- based approach to anti-money laundering.
cial crime policies than those specified in the Direc- Under the 4th Directive, the EU Commission and
tives. As of early 2018, EU authorities had imple- European supervisory authorities (ESAs) will
mented the 4th AML Directive, which aligned the conduct assessments of financial crime risks
EU’s AML regime with the revised 40 Recommen- and make them available to member states.
dations of the FATF released in 2012.
282
@2019 Association of Certified Financial Crime Specialists
CHAPTER 14 • INTERNATIONAL AGREEMENTS AND STANDARDS
• Implement a system of corporate registries to The Group consists of Banco Santander, Bank of
capture the beneficial ownership information Tokyo-Mitsubishi UFJ, Barclays, Citigroup, Credit
of companies and other entities. Each EU state Suisse, Deutsche Bank, Goldman Sachs, HSBC, J.P.
is required to create or enhance a corporate Morgan Chase, Société Générale and UBS. It was
registry that includes the beneficial owners formed in 2000.
of companies and trusts. Beneficial owners of
corporations will be publicly available, while The Group publishes numerous documents called the
owners of trusts will be available to government Wolfsberg Standards that deal with various aspects
authorities, financial institutions and civil of banking. The Wolfsberg Standards cover a wide
society groups. array of topics from general subjects, such as AML
Apply a licensing-registration system for and terrorist financing, to more industry-specific
‘currency exchange offices’ as well as trust and guidance on prepaid cards, trade finance and corre-
company formation and other service providers spondent banking. They are a valuable resource for
that involve a “fit and proper test” for those who compliance professionals. The Wolfsberg Standards
direct or beneficially own these businesses. are available at https://www.wolfsberg-principles.
• As of the 5th Directive, include digital com/publications/wolfsberg-standards.
currency administrators and exchanges under
The Wolfsberg Anti-Money Laundering Principles for
institutions that are subject to AML regulations
Private Banking, along with its accompanying doc-
and reporting
uments on intermediaries and beneficial ownership,
• As of the 5th Directive, reduce the thresholds on are key guidance for financial institutions. The Prin-
anonymous pre-paid card transactions so that ciples were released in October 2000 and revised in
they can only be used for small transactions May 2002 and May 2012 (see Appendix).
• Require the EU Commission to issue a list of
jurisdictions with AML deficiencies, including Principles for Private Banking takes into account
jurisdictions with weak frameworks on certain recognized risks associated with private
beneficial ownership banking to prevent the use of a bank’s international
Require financial firms to apply customer operations for criminal purposes and to protect
due diligence and record-keeping standards the organization’s reputation. The Principles lay
to overseas branches and majority-owned out guidance on customer identity and verifica-
subsidiaries (unless it is not permitted tion of beneficial ownership, as well as how to treat
by local law) customers that arrive through intermediaries. For
example, the Principles state that in certain circum-
• Requires art dealers and professionals who
stances banks may rely on the intermediary to col-
provide “similar services” to accountants,
lect information and documents required for cus-
tax advisors or auditors to comply with
tomer due diligence.
AML regulations
283
@2019 Association of Certified Financial Crime Specialists
CHAPTER 14 • INTERNATIONAL AGREEMENTS AND STANDARDS
284
@2019 Association of Certified Financial Crime Specialists
REFERENCES AND RESOURCES
CHAPTER 3: MONEY LAUNDERING Laundering the Proceeds of Corruption
http://www.fatf- gafi.org/media/fatf/documents/
AML CFT Measures and Financial Institutions
reports/Laundering%20the%20Proceeds%20of%20
http://www.fatf-gafi.org
Corruption. pdf
FATF provides support to countries and their financial Created to better understand corruption, its mecha-
institutions in designing AML/CFT measures that meet nisms and vulnerabilities, through an AML/CFT lens.
the national goal of financial inclusion, without com-
promising the measures that exist for the purpose of Money Laundering Risks Arising from Trafficking in
combating crime. Human Beings and Smuggling of Migrants
http://www.fatf- gafi.org/topics/methodsandtrends/
Deterring and Detecting Money Laundering and Ter- documents/moneylaunderingrisksarisingfromtraffick-
rorist Financing ingofhu manbeingsandsmugglingofmigrants.html
http://www.osfi-bsif.gc.ca Examines the nature of criminals turning to traffick-
OSFI intends this guidance to help reduce the suscepti- ing in human beings and the smuggling of migrants
bility of financial institutions to being used by individu- to a greater extent, as these crimes are seen as
als or organizations to launder funds and fight terrorist highly profitable.
financing, thereby reducing their exposure to damage
to their reputation, a key asset in the financial ser- Money Laundering Awareness Handbook for Tax
vices industry. Examiners and Tax Auditors
http://www.oecd.org/corruption/crime
FATF Typologies Raises the awareness level of tax examiners and audi-
http://www.fatf-gafi.org tors about money laundering. It provides guidance in
Search the FATF website for specific typologies. identifying money laundering during the conduct of
normal tax audits.
FFIEC Examination Material (2010 or most recent)
http://www.ffiec.gov/bsa_aml_infobase/pages_man- Money Laundering Cycle
ual/manual_print.htm http://www.unodc.org/unodc/en/money-laundering/
laundrycycle.html
The current examination manual used by US regulators
to determine if US institutions are compliant with AML, UNODC describes the money laundering cycle.
CTF and other financial crime compliance laws.
Money Laundering Control and Suppression of
Initiatives by the BCBS, IAIS and IOSCO to Combat Financing of Terrorism
Money Laundering and the Financing of Terrorism http://www.ecosocdoc.be/static/module/bibliography-
http://www.bis.org/publ/joint11.htm Document/document/001/405.pdf
Focuses on recent guidance for addressing the vulner- Some thoughts on the impact of customer due diligence
abilities identified in the earlier report and ongoing and measures on financial exclusion.
future work.
285
@2019 Association of Certified Financial Crime Specialists
APPENDIX A • REFERENCES AND RESOURCES
Money Laundering Using Trust and Company Ser- Fraud Prevention Best Practices
vice Providers http://www.freddiemac.com/singlefamily/pdf/fraud-
http://www.fatf-gafi.org prevention_practices.pdf
Evaluates the effectiveness of the practical implemen- Detailed explanation of best practices for fraud preven-
tation of the Financial Action Task Force Forty Recom- tion by Freddie Mac, a US federal housing agency.
mendations and Nine Special Recommendations (the
FATF 40 + 9 Recommendations) as they relate to Trust Fraudulent Transfer Claims and Defenses In
and Company Service Providers. Ponzi Schemes
http://www.dgdk.com/tasks/sites/dgdk/assets/image/
Operational Issues Financial Investigations Guidance AIRAFraudulentTransferFinal2.pdf
http://www.fatf-gafi.org/media/fatf/documents/ These materials outline issues arising from fraudulent
reports/Operational%20Issues_Financial%20investi- transfer claims brought by trustees against inves-
gations%20 Guidance.pdf tors and salespeople and the defenses which can be
Guidance created by FATF. In this revision, empha- asserted to those claims.
sis was given to the operational anti-money laun-
dering/countering the financing of terrorism (AML/ Identity Theft Red Flags
CFT) framework. http://www.ftc.gov/os/2009/06/090611redflagsfaq.pdf
Frequently asked questions about the Identity Theft
Specific Risk Factors in Laundering the Proceeds Red Flags rules.
of Corruption
http://www.fatf- gafi.org/media/fatf/documents/
Audit Standard #5
reports/Specific%20Risk%20Factors%20in%20
http://pcaobus.org/standards/auditing/pages/audit-
the%20Launderin g%20of%20Proceeds%20of%20
ing_standard_5.aspx#testingcontrol
Corruption.pdf
Lists how an auditor should test for effective controls in
Discusses the interrelationship between corruption and
an institution.
money laundering, discovers the most common meth-
ods used to launder the proceeds of corruption, and
Statements on Auditing Standards #99 Consideration
highlights the vulnerabilities leading to an increased
of Fraud in a Financial Statement Audit
risk of corruption-related money laundering.
http://www.aicpa.org/Research/Standards/AuditAt-
test/DownloadableDocuments/AU- 00316.pdf
CHAPTER 4: UNDERSTANDING AND
Explains the elements of an effective auditing process
PREVENTING FRAUD
and focuses on detection of fraud.
FBI Annual Reports on Mortgage Fraud
http://www.fbi.gov/about-us/investigate/white_ The President’s Identity Theft Task Force: Combating
collar/mortgage-fraud/mortgage_fraud Identity Theft a Strategic Plan, 2007
http://www.identitytheft.gov/reports/Stra-
Reports that provide statistics on mortgage fraud. tegicPlan.pdf
Task force report that reveals the three stages in Iden-
FBI warns of various fraud types tity Theft and discusses how to prevent crimes of fraud
http://www.fbi.gov/scams-safety/fraud by identity theft with each stage.
This website defines several types of fraud of which
private citizens should be aware.
286
@2019 Association of Certified Financial Crime Specialists
APPENDIX A • REFERENCES AND RESOURCES
287
@2019 Association of Certified Financial Crime Specialists
APPENDIX A • REFERENCES AND RESOURCES
FATCA Model 1B
Recommendation of the Council for Further Combat-
http://www.treasury.gov/resource-center/tax-policy/
ing Bribery of Foreign Public Officials in International
treaties/Documents/FATCA-Nonreciprocal-Mod-
Business Transactions
el-1B-Agreement-Preexisting-TIEA-or-DTC-11-4-13.pdf
http://www.oecd.org/daf/anti-bribery/oecdantibribery-
convention.htm Template of FATCA Model 1B Agreement.
The Recommendation was adopted by the OECD in
order to enhance the ability of the 39 States Parties FATCA Model 2
to the Anti-Bribery Convention to prevent, detect and http://www.treasury.gov/resource-center/tax-policy/
investigate allegations of foreign bribery and includes treaties/Documents/FATCA-Model-2-Agreement-Pre-
the Good Practice Guidance on Internal Controls, Ethics existing-TIEA-or-DTC-11-4-13.pdf
and Compliance. Template of FATCA Model 2 Agreement.
288
@2019 Association of Certified Financial Crime Specialists
APPENDIX A • REFERENCES AND RESOURCES
CHAPTER 7: ASSET RECOVERY FATF Guidance for Financial Institutions for Detecting
Terrorist Financing
Asset Recovery Handbook
http://www.fatf- gafi.org/media/fatf/documents/Guid-
https://star.worldbank.org/star/sites/star/files/asset_
ance%20for%20financial%20institutions%20in%20
recovery_handbook_0.pdf
detectin g%20terrorist%20financing.pdf
Describes approaches to recovering proceeds of cor-
Detailed report on how to detect terrorist financing.
ruption located in foreign jurisdictions; identifies the
difficulties that practitioners are likely to encounter;
suggests strategic and tactical options to address the Tracing Stolen Assets
challenges; and introduces good practices. http://www.baselgovernance.org/fileadmin/docs/pub-
lications/books/asset-tracing_web- version.pdf
Barriers to Asset Recovery A guide published by the Basel Institute on Governance
https://star.worldbank.org/star/sites/star/files/Barri- that explains how to trace stolen assets.
ers%20to%20Asset%20Recovery.pdf
Recommends the implementation of new policies and Investigative Dashboard
operational procedures to foster trust and mentor other http://www.datatracker.org/category/wwd/elastic-list
jurisdictions; legislative reforms to facilitate freezing Investigative Dashboard includes several databases
and confiscation of stolen assets; and better application that allow collaboration and data-sharing between
of existing anti-money laundering measures. investigative reporters across the world.
289
@2019 Association of Certified Financial Crime Specialists
APPENDIX A • REFERENCES AND RESOURCES
Provides guidance on the International Financial Provides an overview and lists of OFAC sanctions
Reporting Standards, a global system of accounting and related to individual terrorists, designated terrorist
bookkeeping principles that is gradually gaining wider organizations, and affiliated businesses, nonprofits and
international acceptance. legal entities.
International Organization of Securities Commissions Provides general information about the three distinct
http://www.iosco.org sanctions programs designed to combat the prolifera-
tion of weapons of mass destruction.
Reports on money laundering, risk assessment, finan-
cial crime, due diligence or ethical standards.
Transnational Criminal Organizations
http://www.treasury.gov/resource-center/sanctions/
Report on Funds of Hedge Funds programs/pages/tco.aspx
http://www.iosco.org/library/pubdocs/pdf/
IOSCOPD276.pdf Overview of the sanctions against Transnational Crimi-
nal Organizations.
Examines the existing regulations of funds of hedge
funds in various TC Standing Committee on Investment
FFIEC Examination Material (2010 or most recent)
Management member jurisdictions, and identifies with
http://www.ffiec.gov/bsa_aml_infobase/pages_man-
the help of industry representatives, present issues of
ual/manual_print.htm
concern to regulators in this area.
The examination manual of the US FFIEC, a inter-agency
Virtual Currency Schemes group of banking and financial regulators. Outlines
http://www.ecb.int/pub/pdf/other/virtualcurrency- regulatory expectations on financial crime compliance
schemes201210en.pdf programs at US institutions.
290
@2019 Association of Certified Financial Crime Specialists
APPENDIX A • REFERENCES AND RESOURCES
291
@2019 Association of Certified Financial Crime Specialists
APPENDIX A • REFERENCES AND RESOURCES
United Nations Convention Against Corruption Reading material on the Basel III Accords. Presents the
http://www.unodc.org/unodc/en/treaties/CAC Basel Committee’s reforms to strengthen global capital
and liquidity regulations with the goal of promoting a
The full text and related materials on the UN Conven- more resilient banking sector.
tion Against Corruption, an international anti-corrup-
tion treaty adopted by more than 140 jurisdictions.
Basel Committee Customer Due Diligence for Banks
http://www.bis.org/publ/bcbs85.htm
FATF 40 Recommendations
http://www.fatf-gafi.org/topics/fatfrecommendations Provides the Basel Committee’s recommendations for
developing and implementing a customer due diligence
Lays out best practices and policy recommendations for program at banks.
governments, as well as financial institutions and other
private-sector entities, on developing and implement-
Basel Committee Consolidated KYC Risk Management
ing anti-money laundering legal structures, procedures
http://www.bis.org/publ/bcbs101.htm
and processes. Recognized as a global benchmark for
AML and CTF practices. Provides the Basel Committee’s recommendations for
KYC procedures and best practices, including assessing
FATF High Risk and Non-Cooperative Jurisdictions the risk of customers.
http://www.fatf-gafi.org/topics/high-riskandnon-coop-
erativejurisdictions Basel Institute for Governance AML Index
http://www.baselgovernance.org/gov/aml/project-de-
Discusses high risk and non-cooperative jurisdictions
tails/article/the-basel-aml- index/?tx_ttnews%5B-
and the way FATF deals with said jurisdictions.
backPid%5D=335&cHash=df11b5a634
Wolfsberg Standards AML Risk Index that assesses countries’ risk levels
http://www.wolfsberg-principles.com/standards.html regarding money laundering/terrorist financing.
292
@2019 Association of Certified Financial Crime Specialists
ANSWERS TO PRACTICE QUESTIONS
CHAPTER 3 – MONEY LAUNDERING:
Q 3-1. Chuck Smith conducted a Ponzi scheme by luring innocent domestic investors to invest. He claimed they
would get a steady stream of payments over time and would receive a handsome return on their investments.
The transaction worked as follows:
• All investors reside in Smith’s country and wired money to Smith in order to make an investment in reliance on his
representations, which later turned out to be false.
• Smith then transferred some of the funds from new investors to previous investors claiming it was money generated
by their investment.
• Smith used the remaining funds to purchase cars and other luxury gifts to create the appearance that he
was successful.
The underlying criminal activity in this case was wire fraud. At which point did money laundering FIRST take place?
A. When the investor wired money to Smith in reliance on his false representations
B. When Smith transferred some of the funds from new investors to previous investors claiming it was money gener-
ated by their investment
C. When Smith used the remaining funds to purchase cars and other luxury gifts to create the appearance that he
was successful
Answer A is incorrect because the investors’ funds could not be considered proceeds of illegal activity until
they were in the possession of the Ponzi schemer. The transaction was therefore not an act of money laundering,
although it could be considered a “specified unlawful activity.”
Answer B is incorrect because the question asks for the first instance money laundering took place. Although
this could be considered money laundering, it is not the first occurrence.
Answer C is incorrect for the same reason as Answer B.
Answer D is correct because this is the first instance where Smith had obtained the proceeds of a criminal activ-
ity and was conducting a transaction with them. It is the most appropriate first instance of money laundering in
this scenario.
293
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
Q 3-2. A compliance officer at a major insurance company has recently noticed a pattern of potentially suspi-
cious transactions from a long-time customer. The customer is employed in a consulting position that requires
her to travel internationally on an unpredictable schedule and she often resides overseas for extended peri-
ods. The customer has several properties insured with the company for large amounts. In the past three years,
she has overpaid her premiums numerous times and then requested a refund be issued. Concerned that the
customer may be laundering funds through the overpayment of premiums, the officer is investigating the
transactions.
Which fact would BEST indicate money laundering may be taking place?
A. The customer often requests that refunds be made by wire transfer to banks outside of the country.
B. The customer makes the overpayments at different times of the year and in varying amounts.
C. The customer has recently taken out a sizeable new insurance policy on a commercial property with your company.
D. The customer has requested that refunds on excess premiums be made to an attorney.Q 3-3. A financial institution
holds an account for a charitable organization whose stated mission is to promote literacy in the local community. The
charity derives most of its financial backing from periodic fundraising drives that take in hundreds of small donations
from individual donors.
Answer A is incorrect because it cannot be considered unusual activity due to her customer profile. In the sce-
nario, we state “The customer is employed in a consulting position that requires her to travel internationally on an
unpredictable schedule and she often resides overseas for extended periods.” As such, requesting wire transfers
to banks outside her country would not be out of the ordinary for this customer.
Answer B is incorrect because the nature of the overpayments actually matches the customer profile. The fact
that she travels on an “unpredictable schedule” supports the fact that the activity is happening at different times
of the year. Also, the fact that she “has several properties insured with the company for large amounts” contribu-
tes to the fact that the overpayments are in different amounts.
Answer C is incorrect because it is largely irrelevant to the scenario, and the fact that she already has several
large policies with the company makes it consistent with her profile.
Answer D is correct because it incorporates a classic red flag of money laundering, in that the refunds of the
overpayment of premiums are being sent to a third party.
294
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
Q 3-3. A financial institution holds an account for a charitable organization whose stated mission is to pro-
mote literacy in the local community. The charity derives most of its financial backing from periodic fundraising
drives that take in hundreds of small donations from individual donors.
Recently, the institution conducted a due diligence investigation and noticed anomalous activity in the charity’s account.
A. The charity recently purchased a large insurance policy which does not have a surrender clause and cannot be used
as collateral.
B. The charity has no long-term leasing agreement on a physical property in a nearby town.
C. The transaction history indicates a pattern of wire transfers to countries with no previous connection to the cha-
rity’s activities.
D. The transaction history for the charity shows a large number of small cash deposits.
Answer A is incorrect. It would not be uncommon for an insurance policy to lack a surrender clause and colla-
teral. Those features actually increase the risk that an insurance policy could be used in a financial crime scheme.
Answer B is incorrect. A lack of long-term lease is not generally indicative of terrorist financing or other finan-
cial crime, is not the best choice of the options given here.
Answer C is correct. Wire transfers to other countries outside of an entity’s operation are an indicator of poten-
tial terrorist financing, especially in the case of non-profits and charities.
Answer D is incorrect. As the scenario states, the charity obtains its funding from drives that take in hundreds
of small donations. This would be consistent with the deposit activity indicated here.
295
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
Q 3-4. You are the chief anti-money laundering officer of a full-service bank, and you are designing a risk-
based customer acceptance program to determine the Terrorist Financing risks specific to not-for-profit (NFP)
organizations.
Which enhanced due diligence activity is most essential for these types of client relationships due to the elevated risk
that NFPs pose?
A. Monitor the financial activity in relation to the stated purpose and objectives of the entity.
C. Establish who controls the organization and its financial activities down to a low threshold
D. For NFPs, customer acceptance requirements are the same as for any other customer
Answer A is incorrect. Conducting monitoring of transactions based on the expected activity and purpose of
account is a minimum requirement for any customer, and would not be considered enhanced due diligence in
response to higher risk.
Answer B is incorrect. Obtaining a charter or other formation documents would be a typical part of the custo-
mer onboarding process, and would not generally be considered enhanced due diligence.
Answer C is correct. Capturing ownership of NFPs, and going beyond the typical threshold to gain more tho-
rough understanding of the control structure and risks posed by an entity, is a key step for enhanced due diligence
Answer D is incorrect. According to best practices from the FATF and others, NFPs should generally be conside-
red as elevated above the standard risk, and require additional measures for customer due diligence.
296
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
He then mentions the earnings report to his wife, and she buys 1,000 shares of stock in her personal trading account. Her
broker, who knows that she is married to the CFO of this company, feels that she must know something, so he recom-
mends it to many of his clients who buy some very large blocks.
The quarterly numbers are released, and the stock makes a big move as expected. Which individual in this scenario has
committed insider trading?
A. The CFO
Answer A is incorrect due to the fact that while the CFO clearly had insider information, he did not execute
any trades or participate in any actions that personally benefitted him. The large stock repurchases would likely
indirectly benefit him since they reduce the liquidity in the marketplace and increase the intrinsic value of the
remaining outstanding stock, of which he owns a great deal. Therefore, any subsequent good news (like beating
analyst projections) would have a greater positive impact on the stock price. However, since this action benefits
ALL shareholders it cannot be considered insider trading.
Answer B is correct because the wife had insider knowledge and executed a trade that personally benefitted
her. While she did not hold an insider position, she still had the requisite insider knowledge to commit insider tra-
ding. Nowhere in the scenario does it say that the husband had knowledge of this action. If he did, he might be
considered in violation of insider trading rules as well. In real life, the CFO might be hard pressed to prove he had
no knowledge of this trade. In this scenario, choosing between answer A and B is clear due the fact the CFO’s wife
actually executed the trade, and there is no mention of the CFO having knowledge.
Answer C is incorrect due to the fact that the stockbroker did not have any insider knowledge. Since corporate
officers are required to report on their trades, following the actions of known insiders is common in the market-
place and not illegal.
Answer D is not correct because the clients are even further removed from insider knowledge.
297
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
A. Providing investment and banking services in Norway poses the highest risk for corruption due to a history of brib-
ery by Norwegian state-owned oil companies.
B. Providing services in India poses the highest risk for corruption due to the prevalence of state-owned entities and
Politically-Exposed Persons (PEPs).
C. Providing investment and banking services in Botswana poses the highest risk for corruption due to widespread
graft in government contracts.
D. Providing services in Chile poses the highest risk due to connections between the Chilean government and interna-
tional organized crime rings.
Answer A is incorrect, as while there have been some FCPA cases involving Norwegian state-owned oil com-
panies, Norway is still considered to be a highly transparent and compliant jurisdiction by international organi-
zations. This question relies on some knowledge of commonly-used standards and resources used to rate cor-
ruption and financial crime risks internationally, such as the Transparency International Corruption Perceptions
Index, Basel Committee AML Index, and FATF lists of high-risk and non-cooperative jurisdictions.
Answer B is correct as state-owned entities and public-private partnerships are very prevalent in India, and the
country has a history of corruption among public officials. India is generally considered a higher risk for corrup-
tion than the other nations listed here.
Answer C is incorrect, as while Africa is generally considered to be high-risk for corruption, Botswana is widely
recognized as a clean nation that has taken considerable efforts in recent years to combat corruption and ensure
transparent governance.
Answer D is incorrect and simply intended to distract the test-taker. While organized crime groups operate in
Chile like any other country, there is little to suggest they have close ties to government agencies within Chile.
298
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
Q 5-2. A pharmaceutical sales representative from Company X visits a hospital in the country of Rachmani-
stan in order to discuss the benefit of his company’s latest drug. The hospital’s chief of internal medicine, Dr. Y,
agrees to meet with him to learn more about the drug and suggests meeting over dinner at a local bistro. The
week after the dinner takes place, the sales rep sends Dr. Y a gift basket as a token of gratitude for taking the
time to speak with him. Company X is publicly traded in the United States and the healthcare industry in Rach-
manistan is entirely government-owned.
A. Paying for Dr. Y’s dinner is permissible under the United States’ Foreign Corrupt Practices Act.
B. Dr. Y is a medical professional and thus exempt from the United States Foreign Corrupt Practices Act.
C. Dr. Y can be considered a foreign public official under the United States Foreign Corrupt Practices Act because he
is a high-level employee at a government-owned entity.
D. Sending Dr. Y a gift basket is permissible under the United States Foreign Corrupt Practices Act.
Answer A is incorrect because taking someone to dinner, as long as it is not excessively extravagant, is permis-
sible. This is reinforced by the section of the scenario that says that they “had dinner at a local bistro,” rather than
a fancy restaurant.
Answer B is correct because Dr. Y is not exempt due to the fact that he is a medical professional. Medical pro-
fessionals can still be considered public officials under the FCPA, and there are no exemptions for product type
or profession.
Answer C is incorrect because he can, in fact, be considered a public official because he is a high-ranking
employee of a state-owned enterprise. The definition of public official is intentionally broad in this law to prevent
state owned business employees from leveraging their position to affect bribes.
Answer D is incorrect because sending a gift basket can be considered a ‘token gift’ under the FCPA. Token gifts
are an intentionally vague definition, but a simple gift basket would qualify. There is no indication that there were
any high value items, such as champagne or caviar, as a component of this gift basket.
299
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
What would MOST likely trigger further investigation by the compliance department in the bank?
A. Numerous deposits of tax refund checks in the names of different individuals but with common addresses
B. Multiple deposits of checks in the same amount written by different tax service customers
D. A request by the customer to have payments made to the Tax Office through a certified check process
Answer A is the correct answer due to the fact that this is a classic red flag for tax fraud. Multiple tax refund
checks for different individuals going to the same address should set off warning alarms in nearly every jurisdiction.
Answer B is incorrect because this perfectly fits the customer’s profile. The deposit of checks from different tax
service customers is what you would expect as each customer paid their bill for the service. You would also expect
many of them to be in the same amount for a typical tax preparation service since the fee for tax preparation
would be the same for many customers.
Answer C is incorrect because, once again, this fits the customer profile. You would expect variances depending
on the calendar cycle as this is largely a seasonal business based on tax reporting deadlines.
Answer D is incorrect because there is no indication of tax fraud in this response. The customer is making pay-
ments to his jurisdiction’s tax authorities using a certified check, which is simply a check for which a bank has
confirmed sufficient funds exist to cover the amount of the check. This is not a viable means to commit tax fraud,
and would more likely indicate no fraud is taking place.
300
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
Q 6-2. A regional bank operates within a country that has a Model 1 agreement in place with the United States
to implement the Foreign Account Tax Compliance Act (FATCA). The institution already has a FATCA compli-
ance program in place, but recently, there have been media reports suggesting US tax evaders are using the
bank’s country as a haven for undisclosed assets.
The bank has some US accountholders, and is reviewing its FATCA compliance program in response to the news reports.
A. The bank must register and report US accountholders directly with the US Internal Revenue Service (IRS)
B. The bank must institute a 30% withholding on the accounts of its US customers
C. The bank must confirm that U.S. customers filed a Form 8938 with the IRS to disclose their accounts
D. The bank is required to report certain details about US accountholders to its country’s tax authorities
Answer A is incorrect. As the scenario states, the bank is located in a country with a Model 1 agreement in place
to implement FATCA. Under the terms of a Model 1 agreement, institutions do not have to report information
directly to the IRS, they report to their country’s own tax authorities instead.
Answer B is incorrect. FATCA does not require institutions to impose the 30% withholding on US accounthold-
ers by default. The withholding is a penalty intended for accounts or institutions who refuse to cooperate with
FATCA requirements.
Answer C is incorrect. US persons with accounts in other countries are required to file Form 8938 with the IRS,
but this is an obligation of the taxpayer. Financial institutions are not required to ensure that taxpayers have filed
the required form.
Answer D is correct. Under FATCA and a Model 1 agreement, a bank would be required to report information on
US persons to its own tax authorities, who are then responsible for transmitting it to the IRS.
301
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
To ensure these documents are properly received in evidence in the US, which two are acceptable methods of requesting
such evidence?
A. Letters Rogatory through the authority designed by Venezuela or other authority allowed by such law
C. Transmission through a private party, such as an attorney, in Venezuela, if private law so provides
D. Issuance of subpoena duces tecum and scheduling of place and time for the party to make itself available
for examination
Answer A is correct because Letters Rogatory are a viable means to request information in a legal matter across
borders in a way that maximizes the likelihood that it can be used as evidence. From the study manual: “A Letter
Rogatory is a request from one judge to another judge in another country seeking assistance in obtaining infor-
mation, documents or testimony in a particular legal matter.”
Answer B is incorrect because directly asking the target of the discovery request for the documents holds no
legal weight. It is extremely unlikely that this will be successful in an adversarial case, particularly in a fraud case.
Answer C is correct because this is a viable method of requesting cross border documents under The
Hague Convention.
Answer D is incorrect because a subpoena duces tecum is not an internationally used legal order. Even if it was,
making a party available for examination does nothing to advance the effort of getting the documents produced,
which is the focus in this scenario.
302
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
1. The corporation’s sources of funds for the purchase of the items are large check deposits from a small
number of other Florida export companies.
2. Each of the customer business accounts is funded by small checks from numerous personal accounts
that are domiciled in banks in New York or South Florida. Each deposit is for less than $3,000 and for an
amount in even $100 dollar increments. increments.
What is this money laundering scheme known as?
D. Carousel Fraud
Answer A is incorrect because the fact pattern described bears no resemblance to transfer pricing. Transfer
pricing schemes are a method of allocating profits between different branches or subsidiaries of a legal entity in
order to reduce the entity’s overall tax burden.
Answer B is correct because the pattern of transactions is indicative of BMPE. There is unusual deposit activ-
ity that is indicative of structuring, followed by lump-sum payments to US appliance exporters. Another indi-
cator is the parties and locations involved. An exporter in the US sending appliances to Colombia is a classic
example of BMPE.
Answer C is incorrect because there is no cross-border movement of large volumes of cash in described in
this scenario, and no other red flags or suspicious activity that would indicate the exporter is involved in bulk
cash smuggling
Answer D is incorrect in part because carousel fraud is a tax fraud scheme, not a money laundering scheme. It
hinges on abusing the value-added tax (VAT) system, which is common in Europe but not present in the US, where
this investigation is taking place.
303
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
Q 10-2. A young woman, who is a national of Country A, works as a caregiver for a family in the US. She sends
much of her earnings to support her family back in Country A by giving the amount in cash to a local grocer,
whose family heritage is also in Country A. Once the grocer receives the cash, he calls his partner who runs a
market in one of the larger cities in Country A. From there, the young woman’s family can pick up the money sent.
What is the name commonly used to describe this form of remittance transaction?
A. Cash transfer
B. Hawala
C. Referral Banking
Answer A is incorrect because Cash Transfer is not a real type of funds transmission. It is the colloquial term
used for Money Transmitter Business (MSBs) services; but there is no actual transfer taking place here.
Answer C is incorrect as this has nothing to do with referral banking. This response is simply a distraction.
Answer D is incorrect because the fact pattern described here bears little relation to Black Market Peso
Exchange, which typically involves the movement of both currency and goods across borders and the presence of
currency brokers, and is not a trust-based informal value transfer system as described here.
304
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
A. An increase in domestic wire transfers between another bank within your jurisdiction and your financial institution
B. A significant number of cash withdrawals, all under $10,000, from your financial institution
C. Large amounts of small denomination currency being sent from a Foreign Financial Institution (FFI) to their account
at your bank
Answer A in incorrect because the alert received was for bulk cash smuggling into your jurisdiction. The fact
that the transfers are all taking place within your jurisdiction eliminates this answer.
Answer B is incorrect as bulk cash smuggling would result in large cash deposits into your institution; not with-
drawals. The amounts being under $10,000 is a red herring because it is close to many jurisdiction’s report-
ing threshold.
Answer C is correct as this is a classic red flag of bulk cash smuggling. When physically smuggling large amounts
of cash across a border most criminals would want to reduce the physical bulk of the cash by converting as much
as they could into larger denomination bills. This would result in significant amount s of small denomination cur-
rency being sent by foreign banks into your jurisdiction.
Answer D is incorrect as ACH transactions usually have no connection to bulk cash smuggling. Also, these
are domestic transactions, which would indicate they are not connected to any cross-border cash-smug-
gling operation.
305
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
Q 11-2. A US bank receives a letter of credit from an issuing bank in connection with the purchase of wheat
from a bank customer. The buyer/applicant is located in Belarus, a country in which certain senior government
officials are on the US Specially Designated National (SDN) List. The country is not, however, subject to com-
prehensive US sanctions.
The buyer is determined to be a joint venture in which a Belarus SDN has a 50% interest through two separate companies
wholly owned by the SDN. Each has a 25% interest in the joint venture. No funds have yet been received by the bank.
A. The letter of credit can be processed and the funds paid because the customer is not on the SDN List and the SDN
does not have a majority or controlling interest.
B. The letter of credit can be processed and the funds paid because the US Office of Foreign Assets Control (OFAC) has
issued general licenses exempting food from US sanctions.
C. The letter of credit must be blocked by the US bank and reported to OFAC even though no funds have yet
been received.
D. The letter of credit cannot be accepted or acted on so it must be returned to the advising bank with notice that any
funds received will be blocked.
Answer A is incorrect because one of the customers involved in the transaction is in fact an SDN. The buyer
mentioned in the scenario is said to be a joint venture that is 50% owned by two persons on the SDN list. Under US
sanctions regimes, if a person or entity on an SDN list has a 50% or more ownership stake in an entity or company,
that entity or company is subject to the same restrictions as an SDN, including blocking of transactions.
Answer B is incorrect because US sanctions regimes are country, person or entity-specific. OFAC does not issue
blanket licenses exempting an entire class of good or transaction from sanctions. While under some sanctions
laws food and agricultural goods are exempt from sanctions, in other cases they are not.
Answer C is correct because it accurately describes the steps the bank must take in order to remain compliant
with OFAC sanctions laws. The buyer was found to be an SDN, which requires the bank to block the transaction.
Answer D is incorrect because notifying the parties to a sanctioned transaction that it would be blocked is
explicitly prohibited by US sanctions laws. Funds or financial instruments involved in sanctioned transactions are
typically required to be blocked, and are not returned to any of the parties in a transaction.
306
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
Q 11-3. A small regional bank has recently started using a new transaction monitoring tool that utilizes sev-
eral custom scenarios to identify specific activity which was defined by the Financial Crimes Compliance team.
There are five scenarios that are live in production. The Analytics team within Financial Crimes Compliance has
performed some research on the scenarios and is ready to make recommendation to management regarding
possible changes to the scenarios.
Which scenario(s) should the Analytics team recommend making changes to first?
A. Scenario A that has generated 100 alerts in the past three months and 50% of those have been deemed suspicious
and a suspicious transaction report was filed.
B. Scenario B that has generated 180 alerts with a 95% false positive rate.
C. Scenario C that has generated no alerts and there appears to be a problem with the mapping of data.
D. Scenarios D and E that were put into production in the last 30 days to address a matter requiring attention from
a regulator.
Answer A in incorrect as this appears to be a well performing scenario. It is generating alerts, and the percent-
age of those that were actually deemed suspicious is reasonable.
Answer B is incorrect because while the false positive rate is far too high, it is at least generating alerts and
some are still deemed suspicious. The false positive rate is clearly an issue that will have to be addressed, but
this scenario would not be the one that would need to be addressed first. There will often be scenarios on the live
exam that require you to pick the best answer. In this case, this is not the best answer.
Answer C is correct as this clearly is a broken scenario since not one alert has been generated. The fact that
there appears to be a problem with the mapping of the data only reinforces the conclusion that this scenario must
be addressed first.
Answer D is incorrect as there is no evidence that the scenarios are not performing as expected.
307
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
CHAPTER 12 – CYBERSECURITY
Q 12-1. Your financial institution has been subject to several hacking attempts over the last few weeks. While
none have been successful, you worry that it might be a matter of time. To keep your network secure, you have
decided to update your network security policies.
A. Educate your online customers to detect phishing attempts and other fraudulent email scams.
B. Disable auto deletion of old data, including access logs, and move them to an archive server.
C. Only permit administrative connections via the Internet through HTTPS or SSH connections.
D. Require confirmation from network engineering before resetting any lost passwords.
Answer A is correct as this is a recommended step in all network security policies. While not high tech or glam-
orous, educating your staff and your customers to recognize phishing and fraudulent emails is a fundamental and
highly successful way to prevent fraud.
Answer B is incorrect as this is the opposite of a good data retention policy, and has nothing to do with a network
security policy.
Answer C is incorrect as a good security policy will not allow any administrative connections through the inter-
net, even via secure connections like HTTPS or SSH. Administrative connections are those that allow you to log
into internal devices and make changes to how they function. This task should only be allowed from internal
connections.
Answer D is incorrect as it is not very scalable and network engineering is the wrong group to manage this
anyway. There are hundreds of password resets that are performed every day by most large financial institutions.
There is no way that the network engineering staff would be able to keep up with the requests. They would also
have no way to determine if the requests should be approved or denied.
308
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
Q 12-2. Your organization has a large online presence, providing all key services online. You have recently found
out that a hacker has gained access to your secure network, stealing millions of customer usernames and pass-
words. You think the access was gained via social engineering.
Your company’s success depends on your keeping this data secure, so your organization wants to put procedures in
place to ensure it can prevent any such further attacks. As an initial step you have terminated internet access for engi-
neering and IT.
What would be the MOST effective further action for your firm to immediately take to prevent this specific type of attack
from happening again?
A. Restrict external access on all routers and servers allowing administrative access only from workstations in the
engineering and IT departments.
B. Staff should not be allowed to download any materials from the internet or private disks to the organization’s
local drives.
C. Require all customers to change their passwords on a regular basis to access their accounts and require
strong passwords.
D. Upgrade all network firewalls and ensure they are running current software.
Answer A is correct as this is a viable and recommended security strategy. Not only should administrative
access be restricted to only internal computers (no outside internet connections), it should be restricted to only
those groups that have a viable business purpose for logging into those devices, such as engineering and IT. If
someone manages to acquire information to access the network, via social engineering or otherwise, there is not
much they would be able to do with that information if they had to be sitting at a desk in your engineering depart-
ment to actually use it.
Answer B is incorrect. While this is a viable, if extreme, security measure, it does not prevent this specific type
of attack from happening again. Though a common security measure in some very secure government and pri-
vate-sector facilities, it does nothing to prevent social engineering attacks. The question specifically asks for
ways to prevent that type of attack.
Answer C is incorrect. While this too is a viable customer security policy, it would not be a component of a net-
work security policy. It also would do nothing to prevent social engineering attacks.
Answer D is incorrect. Once again, upgrading firewalls and ensuring they are running current software is a good
network security policy, but does not prevent “this specific type of attack from happening again.”
309
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
Shortly after Joe was hired, the Defense Department and Company A entered into a contract for the purchase of software.
Joe was assigned to the account. Sallie was not involved in the initial contract negotiations and did not know they were tak-
ing place. After the contract was signed, Sallie was involved in the decisions to use the company on subsequent projects.
A. When the CEO of Company A paid for a dinner with Sallie and her husband during the hiring process for her husband
B. When she continued to maintain a close friendship with the CEO of a vendor of the Defense Department
C. When she was part of the subsequent decision process knowing that her spouse had a financial interest in the matter
D. When she did not disclose her conflict of interest during the initial contract negotiations
Answer A is incorrect as paying for the dinner in itself is not an ethical violation, and this dinner pre-dates any
other interaction with Company A and the Defense department.
Answer B is incorrect as maintaining a close friendship with someone, regardless of the business relationship,
is not an ethical violation. Only if you allow that relationship to influence your decisions does it cross the line into
an ethical issue.
Answer C is correct because there is a clear conflict of interest in this case. Sallie should have recused herself
from the decision-making process once her family had a financial interest in the selection of the vendor.
Answer D is incorrect because she had no reason to disclose a conflict of interest because she was not part of
the decision-making process to select the vendor.
310
@2019 Association of Certified Financial Crime Specialists
APPENDIX B • ANSWERS TO PRACTICE QUESTIONS
Q 13-2. The CEO of Company X, a publicly traded corporation, caused Company X to enter into a transaction
with Company Y in which the CEO is a shareholder. The CEO failed to inform the shareholders of Company X of
his interest in Company Y. However, the transaction will greatly benefit Company X as well as Company Y.
Answer A is incorrect as insider trading involves using insider knowledge to make open market trades to a per-
son’s personal benefit.
Answer B is correct. A person with a fiduciary responsibility to others (like other shareholders) entering a trans-
action with another company in which he has a financial interest is self-dealing. Even though the transaction
benefited both companies, the CEO would have been required to disclose the relationship beforehand, which he
did not. There could have been another, more beneficial, transaction that might have been considered if all of the
facts were known. In many jurisdictions, this is not only an ethical violation, but a legal one as well.
Answer C is incorrect as selling away is when a broker solicits you to purchase securities not held or offered
by the brokerage firm. As a general rule, such activities are a violation of securities regulations, but that did
not occur here.
Answer D is incorrect as there is clearly an ethical violation here. The self-dealing would not have been consid-
ered an ethical violation if he disclosed the relationship first though.
311
@2019 Association of Certified Financial Crime Specialists