Presentation On

Money Laundering

And
Fraud Management in Banks
Dec30, 2006

RAJIV SINGH FCA CISA(USA) LIFA(USA)

rajivsinghfca@gmail.com

MONEY LAUNDERING FACT SHEET

Money laundering - a social menace affecting the globe Estimated cost of laundering - 2% to 5% of GDP between $ 500b to 1.5 million annually India included in High Risk group (alongwith Pakistan, Singapore, Brazil and Zimbabwe) for susceptibility to money laundering and Terrorism Finance (Source: PWC report) India has set up FIU (Financial Intelligence Unit) for tracking money laundering [Source: ET Nov 13, 2004]

rajivsinghfca@gmail.com

WHAT IS MONEY LAUNDERING?

Generates Substantial Profit
I L L E G A L

Placement

Layering

Integration

L E G A L

Criminal Activities

Illegal arm sale

Smuggling
Activities of Organized Crime Embezzlement Insider trading Bribery
rajivsinghfca@gmail.com

Individual /group of criminals

WHAT IS MONEY LAUNDERING ?

MONEY LAUNDERING TERRORIST FINANCING

Integration
Acquire legitimate assets or fund activity

Distribution
Distribute fund for terrorist activity

Layering
Fund moved to other location to obscure origin

Layering
Fund move to other location to obscure origin

Placement
Cash deposited or converted into financial instrument rajivsinghfca@gmail.com

Placement
Legitimate cash deposited into bank

MONEY LAUNDERING FLOWS THROUGH A DEVELOPING ECONOMY

Domestic

Returning

Inbound

Outbound

Flow throw

rajivsinghfca@gmail.com

IMPACT OF MONEY LAUNDERING ON THE ECONOMY

Money Launderin g

Financial System
Affect s Affect s Economy

Facilitates Capital Flight Loss of Productivity Loss of Tax Base Loss of Control Over Money Aggregate

Country Russia Nigeria

rajivsinghfca@gmail.com

Capital Flight More Than $100b $ 1.3 b

TRADITIONAL MLD (Money Laundering Deterrence )

Identify large cash transaction

C T R

Cash Transaction Report

KYC
+

Identify suspicious transaction

S T R

Suspicious Transaction Report

rajivsinghfca@gmail.com

MODERN MLD
Identify Large Cash Transactions Identify Suspicious Transactions

+
KYC +

T + T
R R

+ FIU

Profiling& Monitoring Customers

+
+

Query for Unusual Transaction

Investigation & Trend Review Report

Low Cash Volume but High Turnover rajivsinghfca@gmail.com

MONITORING SUSPICIOUS TRANSACTIONS

High

Artificial Intelligence and Neural Network

Rule Based Transaction Monitoring Middle Exception Reporting

Low

Alert to Unusual Transactions

rajivsinghfca@gmail.com

Introduction The Money Launderer

Whosoever directly or indirectly Attempts to indulge / deliberately assists or knowingly becomes a party Actually involved even unknowingly in any process / activity connected with the proceeds of crime

projecting the same as untainted property is guilty of the offence.

rajivsinghfca@gmail.com

Prevention of Money Laundering Act

Prevention of Money Laundering Act (PMLA) and the Rules notified thereunder impose obligation on banking companies financial institutions intermediaries of the securities market to appoint principal officer verify identity of clients maintain records furnish information

rajivsinghfca@gmail.com

REGULATORY Framework
Supervisory and Regulatory Agencies RBI SEBI

DCA IRDA

Supervisory and Regulatory Agencies RBI SEBI FIU-IND DCA IRDA

Reporting Entities Banking Company Financial Institutions Intermediaries Intelligence/Enforcement Agencies IB /RAW REIC CBDT-DGIT/CCIT CBEC-DGDRI/DGCEI ED/NCB

Intelligence/Enforcement Agencies IB /RAW REIC CBDT-DGIT/CCIT CBEC-DGDRI/DGCEI ED/NCB EOW of Police/CBI Others Foreign FIUs

EOW of Police/CBI
Others Foreign FIUs

(Government of India O.M. dated 18th Nov 2004)

rajivsinghfca@gmail.com

Operational Statistics as on 31st May 2006

Description 1. Suspicious Transaction Report 1.1. Number of STRs received 1.2. Number of Individuals reported in STRs 1.3. Number of Legal person/entities reported in STRs 1.4. Number of Accounts reported in STRs 1.5. Number of Cases disseminated 2. Cash Transaction Report 2.1. Number of CTRs received 3. References from Enforcement/Intelligence agencies 3.1. Number of References received 3.2. Number of References disseminated 4. Sharing with Foreign FIUs 4.1. Number of References received from Foreign FIUs 4.2. Number of References processed out of above 4.3. Number of References made to Foreign FIUs Manual Electronic Total 60 394 126 252 29 2,330 18 15 4 4 1 48,046 60 394 126 252 29 50,376 18 15 4 4 1

rajivsinghfca@gmail.com

Transactions of which record to be maintained

Cash transactions
more than rupees ten lakhs cash transactions integrally connected to each other

Counterfeit currency transactions Suspicious transactions whether or not made in cash

Rule 3
rajivsinghfca@gmail.com

Integrally connected cash transactions

Maintenance of records of transactions

valued below rupees ten lakh or its equivalent in foreign currency where such series of transactions have taken place within a month and the aggregate value of such transactions exceeds rupees ten lakh;

Furnishing of CTR
individual transactions below rupees fifty thousand may not be included;
rajivsinghfca@gmail.com

Maintenance of records of transactions Contain information about:

Nature of the transactions Amount of the transaction Currency in which it was denominated Date on which the transaction was conducted Parties to the transaction

Records to be maintained as per procedure prescribed by the regulators. Maintain records for a period of ten years from the date of cessation of the transactions with the client.
Rule 4,5,6

rajivsinghfca@gmail.com

Suspicious Transactions

Suspicious transaction means a transaction whether or not made in cash which, to a person acting in good faith
gives rise to a reasonable ground of suspicion that it may involve the proceeds of crime; or appears to be made in circumstances of unusual or unjustified complexity; or appears to have no economic rationale or bonafide purpose;
Rule 2(g)

rajivsinghfca@gmail.com

Reasons for Suspicion

Identity of client False identification documents Identification documents which could not be verified within reasonable time Accounts opened with names very close to other established business entities Background of client Suspicious background or links with known criminals Multiple accounts Large number of accounts having a common account holder, introducer or authorized signatory with no rationale Unexplained transfers between multiple accounts with no rationale Activity in accounts Unusual activity compared with past transactions Sudden activity in dormant accounts Activity inconsistent with what would be expected from declared business Nature of transactions Unusual or unjustified complexity No economic rationale or bonafide purpose Frequent purchases of drafts or other negotiable instruments with cash Nature of transactions inconsistent with what would be expected from declared business Value of transactions Value just under the reporting threshold amount in an apparent attempt to avoid reporting Value inconsistent with the clients apparent financial standing

rajivsinghfca@gmail.com

Typologies/ Techniques employed

Deposit structuring or smurfing Connected Accounts Payable Through Accounts Loan back arrangements Forex Money Changers Credit/ Debit cards Investment Banking and the Securities Sector Insurance and Personal Investment Products Companies Trading and Business Activity Correspondent Banking Lawyers, Accountants & other Intermediaries Misuse of Non-Profit Organisations

rajivsinghfca@gmail.com

Hurdles in AML Implementation

KYC & Documentation Genuiness of Documents Absence of a single effective identification of individuals Skill Sets - Not readily available Level of Automation & CBS Manual Branches co-exist with fully / partially computerized branches Decentralised Customer Delivery & Centralised Processing Complex Relationships control mechanism for

Customer Identification, Monitoring of Transactions

Due

Diligence,

Acceptance

&

Need to set up Robust Information Frameworks followed by Continuous Analysis of Data

rajivsinghfca@gmail.com

Hurdles in AML Implementation

Detection of suspicious account conduct through account behavioural analysis Protecting legitimate and innocent customers even while some of their transactions may raise suspicion Dependence only on pre-defined rules tend to be an ineffective tool Detection of odd suspicious behaviour Needle in a haystack Unwieldy number of false positive alerts Technology alone is not sufficient. Any amount of investment in software alone may not be sufficient to prevent losses.

Acquiring full knowledge of different, new and emerging techniques of money laundering is important.

rajivsinghfca@gmail.com

Combating financing of terrorism

(i) State Sponsored (ii) Other Activities- legal or non-legal Legal Sources of terrorist financing Collection of membership dues Sale of publications Cultural of social events Door to door solicitation within community Appeal to wealthy members of the community Donation of a portion of personal savings

rajivsinghfca@gmail.com

Combating financing of terrorism

Illegal Sources Kidnap and extortion; Smuggling; Fraud including credit card fraud; Misuse of non-profit organisations and charities fraud; Thefts and robbery; and Drug trafficking

rajivsinghfca@gmail.com

Money Laundering Risks

What are the risks to banks? (i) Reputational risk (ii) Legal risk (iii) Operational risk (failed internal processes, people and systems & technology) (iv) Concentration risk (either side of balance sheet) All risks are inter-related and together have the potential of causing serious threat to the survival of the bank

rajivsinghfca@gmail.com

Penalties imposed on banks

Jan. 2006 ABM AMRO Aug. 2005 Arab Bank Jan. 2005 Riggs Bank US$ 80 mio US$ 24 mio US$ 41 mio US$ 50 mio US$ 25 mio

Feb. 2005 City National Bank US$750,000

Oct. 2004 AmSouth Bank May. 2004 Riggs Bank

Sep. 2004 City Bank Japan License cancelled

rajivsinghfca@gmail.com

What KYC means?

Making reasonable efforts to determine the true identity and beneficial ownership of accounts; Sources of funds Nature of customers business What constitutes reasonable account activity? Who your customers customer are?

rajivsinghfca@gmail.com

Core elements of KYC

Customer Acceptance Policy Customer Identification Procedure- Customer Profile

Risk classification of accounts- risk based approach

Risk Management Ongoing monitoring of account activity Reporting of cash and suspicious transactions

rajivsinghfca@gmail.com

Risk based approach

The potential risk that a customer carries depends on: (a)Identity of the customer including beneficial ownership (b)The nature of customers business and his product profile-jewels, precious metals, arms, antiques (c)Location of business

(d) Products and services offered

(e) Customers customer or clients; their location & business

rajivsinghfca@gmail.com

High risk customers

Non-bank financial institutions ( money transmitters, full fledged money changers, sellers of stored value cards, security brokers & dealers etc. )

Travel agencies / Property dealers/ builders

Professional and consulting firms Exporters or importers of goods and services Cash intensive business e.g. retail stores, restaurants, gambling casinos, second hand car dealerships etc. Off-shore corporations, banks in secrecy heavens Non-profit organisations e.g charities
rajivsinghfca@gmail.com

High risk products & services

Wire transfers Electronic banking services which includes services offered through internet, credit cards, stored value cards Private banking relationships Correspondent banking relationships

rajivsinghfca@gmail.com

Cross border accounts-deposits

All KYC procedures to be observed Third party verification of documents through Correspondent bank which is committed to KYC regime and is willing to share KYC information on demand

Verification of document during visit to India

Remittance through banking channels

rajivsinghfca@gmail.com

Payment gateways/ wire transfers

Both domestic and cross border wire transfers carry potential risk of money laundering Payment gateways facilitate wire transfers for customers of banks located anywhere in the world Whether AML/ KYC compliance level Ascertain whether it is regulated at the place of incorporation Insist on complete originator information with wire Make payment to beneficiary through account or DD Keep record of transactions
rajivsinghfca@gmail.com

Financial crime is more than AML

money laundering
criminals using FIs to make dirty money clean by placement, layering and integration

fraud
identity theft, ATM fraud, counterfeit cards, cheque kiting, credit-card fraud, skimming

market abuse
late trading, market timing, front running parking investments,

employee fraud
theft of cheques, misappropriation of funds, removing money from customer accounts

financial crime
Take a Proactive Holistic Approach to fight the Growing Threat of Financial Crime
rajivsinghfca@gmail.com

Frauds Frauds in India mainly emanate from

Account use Counterfeiting Stolen / lost cards Multiple imprints Fraud application Interception of cards sent by post / courier, cross-border use

Card frauds as a percentage of transactions varies approx. 0.1% to 0.3% in India (source RBI)

rajivsinghfca@gmail.com

Defining Credit Card Fraud Fraud is: 3rd party unauthorized card use.
Obtaining services, credit or funds by misrepresentation of identity or information.

Fraud is not:
Misuse & Abuse, Disputed transactions, Charge error, Inability to pay
rajivsinghfca@gmail.com

The Fraudster

Male: Female Fraudsters 6:1.

Women Steal for need, Men for Greed!

Likely to be under 25, or over 40. Senior Staff 14x More Likely to Offend Than Junior Staff. Length of Service Not a Factor. High Risk Functions Include Purchasing and Finance.

rajivsinghfca@gmail.com

Motivation Greed. Need.

Revenge.
The Challenge.

Anomie: Aspirations=Opportunities.
Opportunity.

rajivsinghfca@gmail.com

Why Fraud management is critical.

The Cost of Fraud.

Greater than realised. Cost of investigations. Cost of loss of confidence. Re-structuring costs. Including new control systems. Learning curve costs.

Additional training costs.

rajivsinghfca@gmail.com

How Can Fraud Take Place? Because of Mutual Trust and Respect. Because of Poor Internal Controls. Because of Opportunity. Because of Stupidity and Bad Management. Because of Pressures of Work. Because of Priorities. Because It Is Not Recognised As Fraud.

rajivsinghfca@gmail.com

Current Fraud Trends

Organized Crime drives Skimming - A copy is made of the magnetic stripe on a card using a track reading and capturing device. Phishing - A false email solicitation representing a legitimate business requesting personal consumer data or account information. Cybercrime - A variety of methods of illegally procuring and using card information facilitated by the Internet Identity Theft - Personal information not belonging to the crook is used to receive financial services.

rajivsinghfca@gmail.com

Attack on ICICI Bank

8 June, 04: Some customers receive mail from support@icici.com,

their account had been randomly chosen for verification Provide User ID, login password and transaction password Link provided, http://infinity.icicibank.co.in/verfiy.jsp Opens a page similar to the ICICI Bank site, with subtle differences
rajivsinghfca@gmail.com

Trojan Attacks

rajivsinghfca@gmail.com

How do cards get skimmed?

There are no residual effects of a credit card skimmer, so cardholders are not aware that a compromise has occurred. Skimmers can be hand held (often used by waiters or parking lot attendants) or parasitic (installed at a POS or ATM).

Parasitic Skimmer

Hand-held Skimmer

rajivsinghfca@gmail.com

How can we defend? Common Sense Approach Skimming Dont put your card in an ATM that looks suspicious. Keep an eye on your card whenever possible.

Phishing Dont click on links or download attachments from emails from unknown senders. Never enter personal or financial account information into a form or link from an email solicitation, regardless of sender.

rajivsinghfca@gmail.com

Cybercrime
The Internet has presented a number of challenges for credit card issuers and cardholders
Account Number Generation Programs Mass Compromises of Hacked Data with or without Magnetic Stripe PC spyware travels in emails or attaches itself when infected websites are surfed Illegal web sites disseminate how to kits for perpetrating fraud

rajivsinghfca@gmail.com

Hacking
An attacker takes advantage of a flaw in an Internet-connected system that: processes, transmits, or stores cardholder data to gain access to: card numbers, expiration dates, magnetic stripe data. Processor

Internet

Attacker
rajivsinghfca@gmail.com

Acquirer

Identity Theft- What is it really? Identity Theft occurs when a criminal has enough of your personal information to impersonate you and pose as you to use your existing financial accounts or to open & use new accounts in your name. Some Credit Card Fraud is ID Theft Fraud Applications, Account Takeover Most ID Theft does not involve Credit Cards

rajivsinghfca@gmail.com

And Theyre Coming After You!

Are You Scared Yet?

ID Theft Rapidly Growing

10M Adults victimized $15B in total losses 50 Million accounts compromised 25% Year to year Growth
rajivsinghfca@gmail.com

What ID Thieves Do
28% Credit Card Fraud 19% Phone or Utilities Fraud (Cell phone accounts) 18% Other Bank Fraud (Electronic Funds transfers)

What you can do to keep from becoming a victim

Be vigilant in ensuring that your financial records bank, investment & credit card statements arrive regularly Shred unneeded financial documents, including card preapprovals Never use DOB, or consecutive numbers as your password Never respond to an email solicitation by clicking on a website link Do not open email attachments from people that you do not know Install firewalls and up-to-date virus protection software on your PC

rajivsinghfca@gmail.com

Salient features of IPO scam

Modus operandi Current account opened in the name of multiple companies on the same date in the same branch of a bank Sole person authorised to operate all these accounts who was also a Director in all the companies

Identity disguised by using different spelling for the same name in different companies
Multiple accounts opened in different banks by the same group of joint account holders

rajivsinghfca@gmail.com

Salient features of IPO scam

Huge funds transferred from companies accounts to the individuals account which was invested in IPOs Loans/ overdrafts got sanctioned in multiple names to bypass limit imposed by RBI Loans sanctioned to brokers violating guidelines Multiple DP accounts opened to facilitate investment in IPO Large number of cheques for the same value issued from a single account on the same day
rajivsinghfca@gmail.com

Salient features of IPO scam

Multiple large value credits received by way of transfer from other banks Several accounts opened for funding the IPO on the request of brokers, some were in fictitious names Refunds received got credited in brokers a/cs Margin money provided by brokers through single cheque Nexus between merchant banker, brokers and banks suspected

rajivsinghfca@gmail.com

Salient features of IPO scam

Operational deficiencies
Factors that facilitated the scam Photographs not obtained Proper introductions not obtained Signatures not taken in the presence of bank official Failure to independently verify the identity and address of all joint account holders Directors identity/ address not verified Customer Due Diligence done by a subsidiary

rajivsinghfca@gmail.com

Salient features of IPO scam

Operational Deficiencies
Objective of large number of jt. account holders opening account not ascertained Purpose of relationship not clearly established Customer profiling based on risk classification not done Poor monitoring and reporting system due to inadequate appreciation of ML issues Absence of investigation about use and sources of funds
rajivsinghfca@gmail.com

Salient features of IPO scam

Operational Deficiencies
Unsatisfactory training of personnel No system of fixing accountability of bank officials responsible for opening of accounts and complying with KYC procedures

Ineffective monitoring and control

rajivsinghfca@gmail.com

Cyber Security - Final Message

In security matters Past is no guarantee; Present is imperfect and Future is uncertain Failure is not when we fall down, but when we fail to get up

rajivsinghfca@gmail.com