COMBATING MONEY LAUNDERING IN FINANCIAL SERVICES
Pulling back the covers
Be careful – there is fraud and
corruption everywhere out there
CONTROLS FREAKS AND
THE DECEMBER 2008
MISSED THEIR INVITATION
TO THE AML BALL
Understand your obligations.
Baker & McKenzie’s experienced team can help you:
• Interpret and respond to the requirements
of the AML/CTF Act and Rules.
• Draft and review AML programs,
compliance plans, policies and procedures.
• Manage an AUSTRAC audit.
• Deal with AUSTRAC enforcement actions.
Our international team can also ensure compliance
+61 2 9225 0200
+61 3 9617 4200
Baker & McKenzie International is a Swiss Verein with member law firms around the world. In accordance with the common terminology used in professional service
organizations, reference to a “partner” means a person who is a partner, or equivalent, in such a law firm. Similarly, reference to an “office” means an office of any such
Pulling back the covers
on predicate crime
and controls freaks
Money laundering gets everyone’s attention. Why? People are
fascinated by the underlying crimes and the vision of millions
of dollars flowing seamlessly through bank accounts and off
to safe havens in exotic destinations. Everyone seems to have
a natural interest in crime, criminals and the whole universe
of ill-gotten gains.
O THE AML/CTF magazine is going
underground — into the dark side of
money laundering. We thought it was
time to bring predicate crimes to the forefront of the discussion of anti-money laundering/counter terrorism financing in
Australia. This issue focuses on intellectual
property rights (IPR) theft as the financial
and social dimensions of this predicate crime
are staggering. The OECD has put the annual
value of the international physical trade in
counterfeited consumer goods at US$200 billion, equivalent to 2 per cent of world trade
and higher than the gross domestic product
of 150 countries. Other sources, such as the
International Counterfeiting Commission,
have indicated that a figure of US$500 billion may not overstate the problem. It has
been estimated that nearly 7 per cent of the
goods in the global marketplace are counterfeit. From a social perspective, the risks that
flow to consumers range from minor to catastrophic — particularly when the US Federal
Aviation Administration has estimated that
2 per cent of the 26 million airline parts
installed each year are counterfeit.
IPR theft makes the global narcotics
trade, estimated at more than US$322 billion
annually, pale into insignificance. IPR theft
is a predicate crime to money laundering
and the Australian AML/CTF regime expects
that financial institutions will be looking at
risk indicators for IPR theft in the same
way that they will be looking for the risk
indicators of tax avoidance and drug
smuggling. In this issue Nick Kochan
explores what some of the risk indicators
of persons engaged in IPR theft might be
during the money-laundering phase.
My recent attendance at the 2008
Cambridge International Symposium on
Economic Crime also adds to the focus on
predicate crimes. It was a welcome relief to
By Joy Geary
ML/TF risk is definitely in the eye of the
beholder because that was not how these
entities perceived themselves.
Ever mindful that December 2008 is fast
approaching, it is timely to spend some time
in this issue on the upcoming obligations
from a business-process perspective, as well
as examine monitoring in the securities
industry. The availability of good quality
IPR THEFT MAKES THE GLOBAL NARCOTICS TRADE,
ESTIMATED AT MORE THAN US$322 BILLION ANNUALLY,
PALE INTO INSIGNIFICANCE
attend a conference which dealt with crime
— with hardly a mention of know your customer (KYC), monitoring, enhanced customer due diligence or record-keeping. The
original title of the symposium was ‘Banking
on Trouble’, which in hindsight was easily
recast to ‘Banking in Trouble’. This issue
publishes the first of a number of articles
arising from the symposium’s program. Of
particular interest throughout the symposium
was the role of in-service criminals (employees) in fraud and financial crime. Of equal
interest was hearing from a number of higher
risk jurisdictions and businesses about their
perception of the money-laundering risks
that they pose to others. It seems that higher
data about customers and their activities will
continue to be a major issue for most financial institutions as they contemplate what
Chapter 15 of the AML/CTF Rules might
oblige them to do. Ongoing customer due
diligence becomes a case of chicken and
egg, as the absence of appropriate data about
pre-commencement customers will hinder
monitoring and enhanced customer due
diligence controls from being implemented.
The alternatives to approaching customers
for this information in most cases will fall
short of the desired mark for many financial
institutions. The relief from conducting KYC
on pre-commencement customers is not
turning out to be all that was expected.
Please write to me about the subjects that you wish to have aired in the last issue for this year.
The magazine is the industry’s magazine and the readership is invited to drive its content through letters.
COUNTERFEITING – THE $650b CHALLENGE
SO YOU ARE A CONTROLS FREAK –
UNBUNDLING THE DECEMBER 2008 OBLIGATIONS
PROFILE OF A MODERN TERRORIST FINANCIER
BE CAREFUL OUT THERE – THERE’S FRAUD
AND CORRUPTION EVERYWHERE
NEW YORK, NEW YORK
PROSECUTORS TAKING A SWIPE AT PREPAID DEBIT CARDS
MONITORING IN SECURITIES TRADING FIRMS
CUSTOMER IDENTIFICATION: ITEM 54 REPORTING
ENTITIES AND PRODUCT PROVIDERS
SOME NEWS FOR ITEM 54 PROVIDERS
CHINA AND THE CRIMINAL PROCEEDS
OF ‘CINDERELLA’ CRIMES
AML SKILLS – IS THERE REALLY A DROUGHT?
THE INVESTIGATION AND DETECTION
OF CLIENT TAX EVASION
PRODUCTION AND DESIGN
Joy Geary [email protected]
Elly Walton Illustrations (UK)
AUSTRAC, Jun Claravell, Chris Hamblin (UK),
Nick Kochan (UK), Dr. Nick Ridley (UK)
Kenneth Rijock (USA), Marie Sullivan,
Mark Turkington, Stephen Watts, Brett Wolf
NATIONAL MANAGER, MARKETING:
Diana Zdrilic – Tel: + 61 2 9776 7923
ANTI-MONEY LAUNDERING MAGAZINE IS
PUBLISHED SIX TIMES A YEAR BY
AFMA – Level 3, 95 Pitt Street, Sydney NSW 2000.
GO Box 3655, Sydney NSW 2001
Tel: + 61 2 9776 4411 Fax: + 61 2 9776 4488
Disclaimer: This publication is designed to provide accurate and authoritative information in regard to the subjects covered. It is distributed with the understanding that the AFMA is not engaged
in rendering legal, accounting or other professional service. If legal advice or other expert assistance is required, the services of competent professional persons should be sought. AFMA Anti-money
laundering magazine presents the views of a range of commentators on AML issues for the benefit of readers and AFMA does not necessarily endorse these views.
This publication is copyright. Other than for the purposes of, and subject to the conditions prescribed under the Copyright Act 1968, no part of it may in any form or by any means (electronic,
mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system, or transmitted without prior permission. Enquiries should be addressed to AFMA.
AUSTRAC makes clear
its expectations regarding
from 12 December 2008
The following is an extract from material posted by AUSTRAC to its website on the
Ongoing Customer Due Diligence Rules. The bolding and underlining added below
has been added by the Editor for emphasis. Visit the AUSTRAC website for more details –
OR REPORTING ENTITIES who
find they will be non-compliant with
OCDD obligations when they commence on 12 December 2008, AUSTRAC’s
view on this matter is:
The OCDD-related AML/CTF Rules were
finalised and communicated to industry
in December 2007, providing reporting
entities with 12 months to develop and
implement their systems and controls.
The Policy (Civil Penalty Orders)
Principles 2006 (the Principles) and
associated guidance note do not alter the
commencement date of Part 2 of the
AML/CTF Act. Reporting entities are
obliged to comply with Part 2 irrespective
of the Principles.
To avoid the possibility of enforcement
action – including civil penalty orders –
in respect of Division 6 of Part 2 of the
AML/CTF Act, a reporting entity must:
by 12 March 2010, at the very latest, be
compliant with Division 6 of Part 2; and
have applied their transaction monitoring program from 12 December 2008.
This applies regardless of the date during
the 15-month period at which the reporting entity reached full compliance with
Notwithstanding the application of
the Principles and the guidance note,
AUSTRAC has a number of regulatory
powers available to it beyond the
application of civil penalty orders.
Where a reporting entity fails to implement any transaction monitoring program on
12 December 2008, AUSTRAC will require
those entities to apply their transaction
monitoring program, once implemented,
to those transactions that occurred between
12 December 2008 and when the entity
began complying with the transaction
monitoring requirements. This may require
the reporting entity to carry out additional
KYC and/or enhanced customer due
diligence measures. This must be completed
no later than 12 March 2010.
AUSTRAC expects reporting entities
who are implementing complex OCDD tools
including computerised transaction monitoring systems and will not be fully functional
on 12 December 2008, to utilise manual or
other existing technological tools during
the interim period.
If you have not already subscribed
to AUSTRAC e-news then visit
and subscribe. AUSTRAC e-news is a
monthly newsletter providing updates
on the anti-money laundering and
counter-terrorism financing environment
for Australian reporting entities.
Reach out to the market
Over 4,500 qualified industry practitioners, including
350 AML project managers from the retail, wholesale,
funds management and insurance sectors, read
Anti-money laundering magazine.
To reach the industry’s key decision makers,
contact our advertising team on 02 9776 7923
AUSTRAC report highlights
firms’ failure to register
October 17, 2008
HE AUSTRALIAN Transaction
Reports and Analysis Centre received
10,000 registrations from reporting
entities and 7500 anti-money laundering/
counter terrorism financing (AML/CTF)
compliance reports last financial year,
according to its latest annual report. Neil
Jensen, Chief Executive of AUSTRAC,
told Complinet earlier this year that the
regulator believed there were around 15,000
reporting entities in Australia. The figures in
the annual report indicate that at the end of
2007-08 there were still around 5000 entities
that had failed to register with AUSTRAC
and another 2500 that had registered but
failed to file compliance reports.
Jensen said in the report that one of
AUSTRAC’s main challenges was to identify
the entities that were subject to the AML/CTF
regime. It had contacted more than 19,000
potential reporting entities, delivered presentations to an estimated 6500 industry attendees
and launched AUSTRAC Online, which led
to around 10,000 enrolments. After liaising
with the industry, the estimated number of
reporting entities had fallen by 4000 to
15,000, he said. As a result, AUSTRAC still
believed that there were around 5000 firms
that had simply failed to report.
‘In 2007-08, there was a significant
expansion in AUSTRAC’s efforts to assess
entities’ compliance with the Financial
Transaction Reports Act and AML/CTF Act
obligations. To prepare for its expanded
supervisory role, AUSTRAC increased the
number of personnel in its compliance and
enforcement branches, and supported this
growth with a comprehensive training and
development program to build on the skills
and expertise of its supervisory personnel,’
AUSTRAC also developed new
supervision and compliance assessment tools
to support its on-site assessments. In the
2007-08 financial year it conducted 139
on-site assessments of regulated entities — a
121 per cent increase from the previous year.
The regulator also issued 798 orders for firms
to improve their AML/CTF programs.
‘An important priority for the agency is
getting to know and understand our expanded
regulated population. Under the FTR Act 1988,
AUSTRAC’s responsibilities were related to
specific industries and fewer than 4000 cash
dealers. Under the AML/CTF Act we deal with
a wide range of new entities which offer ‘designated services’,’ the AUSTRAC chief stated.
The report indicated that AUSTRAC’s
main regulatory focus was to encourage voluntary compliance from the industry, rather
than resorting to enforcement. Jensen added
that for the industry and AUSTRAC, the
risk-based regulatory framework was still a
relatively new concept. He said that the
challenge for AUSTRAC was to provide
reporting entities with the support that they
needed to comply. He did not feel that there
was a need at this stage to focus unnecessarily
on enforcement action to bolster compliance.
Jensen stated: ‘Throughout the year,
AUSTRAC employed a variety of means
to work with industry associations, groups and
individual entities to assist them to understand
and implement the AML/CTF reforms.
As part of our extensive outreach effort we
provided electronic learning products, an
expanded telephone helpline, a seminar
program, various education tools and advisory
visits to regulated entities.’
Crime institute warns of laundering risk
in stored-value cards
October 2, 2008
HE AUSTRALIAN Institute of
Criminology has issued a paper
highlighting the money laundering
risks posed by stored-value cards, which
have become more popular in recent years.
In its latest issue of Trends and Issues in
Crime and Criminal Justice, the AIC
said the stored-value cards offered new
opportunities for illicit financial transactions,
money laundering and bulk cash smuggling
by organised criminals.
The AIC publication highlighted some
of the ways that the stored-value cards could
be used to disguise criminal transactions.
According to the paper, each stage of the
money laundering process provided a
potential role for the use of such cards:
Placement – illegal funds are introduced
into the financial system, or converted
into monetary instruments (for example,
• Layering – the illegal origins of funds
are disguised (depending on the type of
stored-value card used during the placement stage, value can either be redeemed
for merchandise or sent overseas); and
• Integration – disguised funds are made
available for investment in legitimate or
illegitimate businesses (stored-value cards
can be used as a means of payment by
criminals. The chemicals used in the
production of illegal drugs could be
bought using stored-value cards).
‘There are various types of stored-value
cards, from limited value cards which can be
used at limited vendors, to cards with a large
amount of value attached to them, redeemable
at numerous merchants and service providers,’
said Judy Putt, general manager of research
at the AIC. ‘Each sort of card can be used in
money laundering operations.’
‘In the same way that legitimate
businesses look at market forces and new
opportunities for stored-value cards, criminals
will also explore new areas that can be
exploited to maximise profits, and evade the
scrutiny of law enforcement agencies and
regulators,’ Putt said. ‘The widespread availability of stored-value cards, particularly at
non-financial outlets, the high credit limits of
some types of cards, and the fact that in many
cases customers need not prove their identity
to obtain stored-value cards, can all be abused
by organised criminals for illicit financial
transactions and to disguise their activities.’ ■
New Zealand pushes ahead
with plans for AML reform
October 13, 2008
HE CONSULTATION PERIOD on
New Zealand’s proposed anti-money
laundering laws has closed, which
leaves the government with a five-month
window to introduce legislation into
parliament prior to the Financial Action Task
Force’s ‘mutual evaluation’ exercise. Gary
Hughes, principal of law firm Chapman Tripp,
said that the government needed to ensure
that the Bill was in parliament prior to the
FATF’s visit in April 2009 or risk becoming
a ‘pariah’ in international terms.
The government had originally committed
to passing the legislation prior to the FATF
visit but set back its timetable to allow a costbenefit analysis to take place. Earlier this year
it commissioned Deloitte to produce a report
on the likely cost of the AML regime. The
consulting firm estimated that the compliance
costs would stand at around NZ$111.8 million
up-front and around NZ$42.7 million
per annum in ongoing spending.
The government said that it would take
into account Deloitte’s costing estimates when
it finalised the Anti-Money Laundering and
Countering Financing of Terrorism Bill 2008.
Cabinet expects to make a final policy decision on the AML/CFT Bill in February 2009.
It will then introduce the bill to parliament in
April 2009, with the aim of passing legislation
before the end of next year.
In the next few months, the government
will issue further information releases and
drafts of the detailed regulations that will
address the technical matters covered in
broad-brush by the statutory obligations,
according to Tripp. He noted that the Bill
had broad bipartisan political support and
was driven by offshore pressure rather than
domestic politics. As such, he said that it
was unlikely that the Bill’s progress would
be affected by the result of the upcoming
New Zealand election.
The government’s one-month window
for consultations on the draft AML/CFT Bill
was described within the industry as too tight,
considering the scope and complexity of the
reforms. There was some concern among
industry figures that the consultation period
was being treated as a formality, rather than
a genuine two-way discussion.
Tripp explained: ‘A view has already
been expressed to the ministry that this is a
very short timeframe for a bill of 131 clauses
and over 80 pages in length. But the ministry
is adamant that it is on a very tight timeline.
Let us hope the degree of consultation is to
be more than token.’
Need for reform
Tripp also said that the AML/CFT Bill would
involve major changes for regulated firms.
He said that they would have to ‘pour considerable energy and resource into getting their
business systems sorted out to comply with
the rigours of the new law’.
He added that some firms, and possibly
the new regulators themselves, would be
‘scrambling’ to deal with the scale of change.
He noted that when Australia introduced its
AML laws the major banks had between 40
and 60 staff working on AML implementation
for around 12 months.
Despite the costs, Tripp said that the new
laws were necessary to keep New Zealand in
line with other FATF members.
He explained: ‘Make no mistake; this
new regulation is driven from offshore.
Multilateral co-ordination of efforts to
eradicate money-laundering – and to ostracise
countries who are complacent about it –
is led through the FATF.
‘In 2003 the FATF reviewed New
Zealand’s compliance with international
obligations to combat money laundering
and terrorist financing. It found our law,
principally the Financial Transactions
Reporting Act 1996, wanting.’
He said that the FATF’s next mutual
evaluation visit would be a testing time for
the jurisdiction. ‘The best practice espoused
by FATF’s 40+9 recommendations has
got more stringent since our last review.
This is the sharp end of the international
peer pressure to conform with global
9 APG to assess Vietnam and
South Korea’s AML systems
September 18, 2008
HE ASIA-PACIFIC Group on
Money Laundering has announced
that it will conduct on-site visits
to Vietnam and South Korea in November
this year. The visits are to be conducted
in co-operation with the Financial Action
Task Force and will evaluate the two
jurisdictions for compliance with the
global anti-money laundering and countering
the financing of terrorism standards set down
by the FATF.
The AML/CTF assessment of a country
by APG is conducted by experts experienced
in the legal, financial and law enforcement
sectors. These evaluations are based on the
FATF’s 40+9 recommendations.
The evaluation of a country consists
of two major components: the on-site visit
involves meetings with key governmental
and private sector agencies – including
banks, other financial institutions and the
real estate, legal and accountancy professions.
Later, the report is examined by the full
To qualify as an expert, assessors must
undertake an intensive training course
offered by the APG or the FATF in the FATF
toughen stance on AML
September 09, 2008
EGULATORS in many offshore
jurisdictions have stepped up their
pressure on monitoring anti-money
laundering compliance in an effort to shed the
traditional image of offshore tax havens as
hideaways for dirty money. It has become very
difficult to open an offshore account, said
Duncan Smith, partner at law firm Ogier in
Hong Kong, with regulators in places such as
the Cayman Islands and the British Virgin
Islands now applying very stringent know
your customer (KYC) measures. With a majority of Hong Kong-listed firms registered in
either of the two Caribbean jurisdictions, this
was an important point to consider, he said.
conference in Hong Kong, Smith said that offshore jurisdictions had come a long way from
the early years of this decade, when several
Caribbean jurisdictions were placed on the
Financial Action Task Force on Money
Laundering’s list of non-cooperative countries.
Smith said this was quite impressive,
given that offshore regulators had little choice
but to be light-touch regulators to not turn
away business from their jurisdictions. ‘Given
that normally, neither the money nor the
investors are physically present in the country,’ offshore regulators have little choice but
to be light touch, and rely on onshore regulators to be more heavy handed, he said.
Of the two Caribbean jurisdictions, the
Cayman Islands were perceived to have a
“ANYONE CAN WRITE RULES. IT’S THE APPLICATION
OF REGULATIONS THAT IS MOST IMPORTANT.”
Caymans compared to nearly 900,000 in the
British Virgin Islands, Smith said. A former
favourite jurisdiction for hedge funds, Bermuda,
had nearly ‘regulated itself out of existence’,
Regulation in both jurisdictions was
‘pretty good’ for hedge funds, he said.
The key to running an effective regulatory
regime, however, was in the way that the
regulator applied regulations. ‘Anyone can
write rules. It’s the application of regulations
that is most important.’
Turning to Asia, he said that Singapore
and Hong Kong had thrived on a light-touch
regime but had become tighter on regulations
since the Asian financial crisis of 1997.
He noted that regulations in Hong Kong
were ‘a bit behind on KYC’, but also called
into doubt the general usefulness of stringent
KYC rules. ‘At the end of the day it only
proves that I am who I say I am,’ he said, noting that the best a firm could do was to ‘check
the boxes’ and run potential clients through a
screening service to see if they score against
any sanctions lists. It could often be difficult
for firms, however, to verify where a client’s
money was derived from, he said.
‘These days, if you are thinking of embezzlement you’d be better off hiding the money
in Miami, New York or London,’ Smith said.
Speaking at the Hedge Funds World Asia
higher level of regulation than the British
Virgin Islands, he noted. This could be seen in
the number of corporate vehicles domiciled in
the two territories, with only 65,000 in the
8 – NEW ZEALAND ...
Indian banks move towards
automated AML systems
best practice – largely, US best practice
– to combat money laundering and
The government acknowledges
that New Zealand will still not pass the
‘compliance’ aspect of the FATF review
because the new Bill will not be in force
by April, but draft laws may at least
earn us a tick in the ‘commitment and
willingness to implement’ box.’
Tripp concluded that it would be a
‘political disaster’ if the new AML/CFT
Bill was not at least introduced to parliament by the time of the FATF review.
‘Overall, it will not pay to be too
complacent about implementing AML
reforms in the longer term. Any developed
nation that does so runs the risk of
garnering financial pariah status, losing
international confidence and credibility
in its markets and ratings, and perhaps
facing higher fund-raising costs.’
October 08, 2008
HE INDIAN BANKS Association
and 10 of the country’s largest
financial institutions have joined
forces to develop an industry standard to
encourage the use of customer identification
and transaction monitoring software solutions.
The IBA established a working committee to
revise the anti-money laundering guidance
notes to encourage greater use of automation
and software tools to identify potential
The new standards will focus on
encouraging the use of automated KYC and
transaction monitoring tools and moving away
from manual filtering. The move to develop
the new standards was a recognition that
software platforms were essential to deal with
the volumes of transactions and customers
that Indian banks managed, the IBA said.
The new standards will complement
the Reserve Bank of India’s recent guidelines
on wire transfers, transaction monitoring
and usage of AML monitoring software.
Participants in the committee include
representatives from major banks such as
the State Bank of India, ICICI bank,
Standard Chartered and HSBC.
The Indian government, meanwhile,
is making a visible effort to comply with
the Financial Action Task Force’s 40+9
recommendations on AML and CTF.
The country hopes to join the FATF
this year, according to reports. India
currently has FATF observer status.
the $650b challenge
By Nicolas Kochan
Counterfeiting: a money
laundering challenge that
goes beyond banks
OUNTERFEITING is a crime
that thrives in recessionary times.
Counterfeiters will find a growing
consumer willingness to risk buying and
owning an illegal copy or product rather
than make do with an own-brand product
or without the product altogether. At the
same time, the ranks of the counterfeiters
are likely to swell with people who have
lost their livelihoods as a result of factory
closures and who see counterfeiting as a
comparatively easy and risk-free way of
earning a living. Those who have formerly
worked in factories making brands (and
whose factories have been closed down)
will be lured by organised criminals to
set up illegal production facilities. For
these reasons, the counterfeiting threat has
never been greater.
This threat takes three broad forms: the
scale of financial damage that counterfeiters
wreak is considerable; the threat to the good
reputation of free trade is massive; and
counterfeiters create a range of physical
and other dangers to consumers who buy
counterfeit goods. The criminality involved
in counterfeiting is coupled with the danger
caused by organised criminals laundering
counterfeiting proceeds through banks and
other financial institutions.
The OECD has put the annual value of
international physical trade in counterfeited
consumer goods at US$200 billion, equivalent
to 2 per cent of world trade and higher than the
GDP of 150 countries. Other sources, such as
the International Counterfeiting Commission,
have indicated a figure of US$500 billion may
not overstate the problem. According to an
Interpol report, the global narcotic trade, estimated at more than US$322 billion annually,
has been surpassed by the combined global
piracy and counterfeit trade, which clears more
than US$650 billion. It has been estimated that
nearly 7 per cent of the goods in the global
marketplace are counterfeit.
Counterfeiting has a further dimension,
which makes the task of the financial and
commercial community in tackling counterfeiting that much more pressing. Terrorist
groups have long used counterfeiting as a
cash cow for sourcing funds. The quantity of
money that can be made quickly and with
relatively low technology attracts criminal
and terrorist groups with international links.
Counterfeiters typically manufacture their
goods in countries with plentiful cheap labour,
says Steve Rucker, an investigator at Kroll.
‘These goods are shipped to prosperous
countries. Mingled with the counterfeit goods
may be other criminal goods such as drugs and
even weapons. This is a highly international
and dangerous activity.’ Terrorist groups with
known counterfeiting expertise include the
Tamil Tigers of Sri Lanka, the IRA and
In terms of regions harbouring strong
commercial counterfeiting industries, China
tops the list. The International Chamber of
Commerce estimates that more than 60 per cent
of the counterfeit products seized by US authorities in 2005 were produced in China.
The counterfeiting industry is also well
established in Eastern and Central Europe,
where many former state factories have
been turned over to counterfeiting components
as sensitive as aircraft parts and armaments.
Law enforcement in these emerging markets
regards counterfeiting as a low priority.
The range of legitimate industries
hit by counterfeit goods is as disturbing
as the scale of the problem. The US Federal
Trade Commission and the Motor and
Equipment Manufacturers Association
estimate that counterfeiting costs the
global automotive spare parts industry
US$12 billion annually, of which US$3 billion is in the US. The US Federal Aviation
Administration estimates that 2 per cent
of the 26 million airline parts installed each
year are counterfeit, which has major safety
repercussions. The Gieschen Consultancy
has reported that US$8.5 million of counterfeited food and alcohol products were seized
worldwide during the first half of 2005,
while the International Chamber of Commerce
has said that the apparel and footwear
industries lose US$12 billion in revenue
each year from counterfeiting.
The speed with which counterfeiting has
risen up the ladder of commercial threat is
extraordinary. Twenty years ago, counterfeiting was regarded as a problem chiefly for the
makers of luxury goods, and 70 per cent of
firms affected by counterfeiting were in this
sector. But by 2006, not only was the scale of
counterfeit luxury goods multiplying, but far
more sensitive counterfeit goods were being
intercepted at national borders. For example,
members of the European Union reported that
its customs officials had intercepted fake airplane parts, electrical appliances and toys.
More than 2.7 million items of counterfeit
medicine were intercepted at EU borders in
2006. This was reckoned to account for
almost 10 per cent of world trade in medicines. Most of these fake drugs are headed for
the world’s poorest countries.
Each year intellectual property rights
(IPR) theft erodes the market and available
returns for genuine goods and services. Local
companies, multinational corporations and
governments lose billions of dollars and innovation suffers. Similarly, there is a cultural
loss from the impact of piracy on the viability
of the entertainment and arts industry.
Serious health and safety risks are posed
by counterfeit pharmaceuticals, auto parts and
aviation parts. Historically, IPR theft has been
treated as a commercial issue for trade negotiators to haggle over, although it increasingly
poses a security threat to countries. Much of
the production and distribution is under the
control of organised crime groups with profits
rivalling, and in some cases surpassing, that
of narcotics. The penalties are low when
compared to drug trafficking and the
high-profit, low-risk appeal of IPR theft
attracts terrorist organisations.
According to an article entitled, ‘A New
Front – IPR Theft, Money Laundering and
Terrorist Financing’ published by ICPVTR,
IDSS Singapore in September/October 2005
(360 per cent) and cocaine (1000 per cent).
Asian governments have woken up to this and
taken action; in 2004, 74 per cent of worldwide DVD seizures were executed in Asia.
Commonplace DVD/VCD pirate retail
outlets are only the tip of the iceberg and
larger piracy enterprises are similar to the
Fortune 500 companies they steal from. These
syndicates are also best placed to endure the
costs of seizure and confiscation, and finding
new ways to evade customs and police.
THE INTERNATIONAL CHAMBER OF COMMERCE
HAS SAID THAT THE APPAREL AND FOOTWEAR
INDUSTRIES LOSE US$12 BILLION IN REVENUE
EACH YEAR FROM COUNTERFEITING
and co-authored by Rohan Bedi, ‘In China,
Indonesia and Pakistan alone, more than
90 per cent of the music and movies sold
are pirated. Counterfeiting is very diverse,
ranging from backstreet sweatshops to
full-scale factories. Counterfeiters steal
company secrets with the help of corrupt
employees or licensed suppliers and
manufacturers who overrun production lines
and sell the extra goods on the sly.’
The article also says that distribution
networks can be ‘as simple as a stall in the
street, or a shop on the other side of the
world. The internet has helped with details
on which goods to copy, and links to
consumers and suppliers with ease and
relative anonymity. The complex distribution
network required by the larger counterfeiters
has attracted organised crime.’
Optical disc piracy (ODP) is one of the
newer forms of IPR theft that, in recent years,
has flooded Asian and worldwide markets.
The trade has become so lucrative that the
mark-up on a pirated DVD (1150 per cent)
outpaces the differential profits of heroin
Counterfeiting is regarded as a key
part of the portfolio of organised criminal
groups. Hong Kong police have picked up
triad members implicated in local and export
piracy operations that now contribute a
major source of their income. Elsewhere,
ODP has become a key source of funding for
the Malay and Taiwanese triads, the Japanese
Yakuza, the Italian La Cosa Nostra, and the
Russian Red Mafiya.
While there can be little doubt of the
financial damage done by those who steal
the intellectual property rights in goods to
both corporations and members of the public,
the perception remains in some quarters that
IPR theft is a victimless crime.
The US has a Special 301 Watch List.
Special 301 is a law designed to monitor, and
in extreme cases sanction, countries that fail
to adequately protect intellectual property.
Names on the priority watch list in Asia
include China, India, Indonesia, Pakistan,
the Philippines; the watch list includes Korea,
Malaysia, Taiwan, Thailand and Vietnam.
Organisations hitting counterfeiting:
The International Anti-Counterfeiting
The International Anti-Counterfeiting
Coalition (IACC) is the largest international
organisation devoted solely to combating
product counterfeiting and piracy. The
IACC develops and conducts training
for domestic and foreign law enforcement
officials, submits comments on intellectual
property enforcement laws and regulations
in the United States and abroad, and
participates in regional and international
programs aimed at improving intellectual
property enforcement standards.
US Special 301 Watch List
This highlights countries that
fail to adequately protect IPR.
International Chamber of Commerce
This has an extensive anti-counterfeiting/antipiracy database that holds
names of individuals and firms that
have been investigated for possible
US IPR search
This is a web-accessible database
that houses contact information
for the owners of 30,000 of the
world’s largest trademarks.
Organisations such as the MPA may
be willing to share their high-risk
lists with banks through secure
Specific to ODP the list of countries
leading the export of pirated goods in
Asia include Malaysia, Pakistan, China,
Indonesia, and the Philippines. The two
trans-shipment hubs of Asia, Singapore
and Hong Kong, may be exploited for
shipping such pirated goods and customs
have to be vigilant.
In some countries on the US’s Special
301 Watch List (and others not on this list),
members of the judiciary/law enforcement
agencies believe IPR theft is unworthy of
prosecution or sentencing, and adequate
resources are not invested in investigations.
The perception of IPR theft as a victimless
crime also makes it susceptible to easier
influence from corrupt public figures who
interfere with the enforcement process.
The importance of the policeman role
of the financial community has been stressed
by the Financial Action Task Force since
2003, when the FATF listed ‘counterfeiting
and piracy of products’ in its revised 40
principles for money laundering as one of
Hong Kong, which amended its AML
law in 2000, has successfully prosecuted
several high-profile optical piracy cases
with money laundering charges. In August
2004, Hong Kong Customs and Excise
(HKC&E) neutralised a money laundering
scheme that turned over HK$4 million in
an 18-month period from the proceeds of
Those who have responsibilities under
AML laws to monitor suspicious activity
need to understand the size, scale and
financial needs of the counterfeiting and
piracy industry. Using effective know your
customer (KYC) databases is a key aspect
of this monitoring role.
The money laundering risks from
ODP are derived from the business practices
of the ODP piracy syndicates. There are
three broad groupings of piracy operations
(large, medium and small), with each
engaging financial services with different
needs. The large and medium-sized piracy
enterprises have transnational businesses
covering both manufacturing and distribution;
they frequently use e-commerce to facilitate
IN AUGUST 2004, HONG KONG CUSTOMS AND EXCISE
NEUTRALISED A MONEY LAUNDERING SCHEME THAT
TURNED OVER HK$4 MILLION IN AN 18-MONTH PERIOD
FROM THE PROCEEDS OF PIRATED FILMS.
the 20 minimum predicate crimes for money
laundering. This category covers a range
of businesses impacted by IPR theft from
tobacco, apparel, pharmaceuticals, and
software industries and presents a new
dimension of AML compliance for financial
institutions (FIs). A spokesman for the FATF
said that ‘Those who break the law do not
simply use ordinary banks to deposit their
ill-gotten gains. They launder their money,
depriving countries and IPR holders of
their legitimate benefits. The FATF 40 + 9
Recommendations impose obligations on all
of us to stop such behaviour.’ So the pressure
on banks and financial institutions to play
their part in excluding the proceeds from the
sale of these dangerous goods, and to seek to
spot those who seek to pass off the proceeds
of these sales has now intensified.
Six out of 13 major Asian markets
have amended their anti-money laundering
(AML) laws to specifically include IPR theft.
Some of the other countries are on their
way to do this. Others cover IPR theft under
separate laws, albeit with different scopes
and enforcement capacities.
transactions. Large enterprises have turnovers
of more than US$10 million a year, mediumsized enterprises have turnovers of between
US$5 million and US$10 million and small
enterprises have less than US$5 million.
Counterfeiters and pirates are also difficult
to spot as many of their businesses are
quasi-legitimate and produce both genuine
and counterfeit goods. Organisations
perpetrating piracy and counterfeiting make
use of different techniques, according to
their size and competence.
The financial services used by large and
medium-size piracy enterprises include:
• Letters of credit for container shipments;
• Insurance on shipping, building/facilities
and manufacturing equipment;
• Loans for purchasing new equipment,
• Corporate accounts to execute payroll
and manage overhead costs; and
• Money transfer facilities to remit funds
to beneficiaries in multiple countries.
In addition to AML regulatory risk,
some of the risks to financial institutions
servicing large enterprises engaged in
• Large piracy enterprises are sophisticated/
organised and undertake many placement
and layering strategies to launder their
proceeds, including the use of numerous
front businesses and the full suite of
financial services, exposing FIs to serious
reputation and financial risks;
• Convicted pirates can default on loans
when served with asset forfeiture and
confiscation orders; and
• Insurance services are ripe for fraudulent
claims to offset losses from enforcement
seizures elsewhere in the world.
In addition to AML regulatory risk,
some of the risks to financial institutions
servicing medium-sized enterprises engaged
in counterfeiting are:
• Medium-sized piracy enterprises will
share many of the same transnational
money laundering strategies employed
by their larger counterparts, but on a
smaller scale as they do not have as many
front businesses to facilitate placement
• The risk of delinquency and fraud on
financial products is greater as they
cannot afford to wait out periods of
heightened IPR enforcement.
Financial institutions servicing small
enterprises engaged in counterfeiting face
heightened AML regulatory risk as follows:
• Small piracy enterprises reflect the risks
associated with typical cash-intensive
businesses and cash deposits/money
transfers are the key facilities to watch;
• These enterprises may use informal
money transfer systems and money
services businesses to move money.
AML risk models
The earlier article published in 2005 by
ICPVTR, IDSS Singapore, stresses the importance for FIs of taking a ‘holistic risk-based
approach in designing their AML program’.
Its authors say that one of the keys for financial institutions is ‘to build layers of IPR theft,
including ODP, linked intelligence into their
existing AML risk models.’
Cigarettes have proved a favourite target for counterfeiters
all across the world.
ACCORDING TO the World Customs
Organisation, ‘in China, 190 billion counterfeit cigarettes are produced each year,
making it a major source country for
It has been argued that ‘the production
of fake cigarettes with world-famous brand
names such as ‘Mild Seven™’ and
‘Marlboro™’ has been rampant since
2000’. Published news reports state that in
the first six months of 2002 alone the
Chinese authorities dealt with 159,000
cases involving the production and sale of
counterfeit cigarettes and that government
authorities in China have spent over
US$190 million fighting counterfeit in
recent years, seizing more than 5000 cigarette-making machines, but that their
efforts are still failing.
Counterfeiting factories have been discovered in various countries throughout
Europe, Asia and Latin America. Customs
authorities across the EU seize several million packs of counterfeit cigarettes every
year. In November 2003, the European
Commission noted what appears to be
a significant increase in the volume of
counterfeit cigarettes seized at the EU’s
external border in 2002.
Some recent statistics reflect that
the total number of counterfeit cigarettes
produced annually is larger than the
genuine production of all but the largest
tobacco companies. The people who
suffer from this criminal trade are legion.
• Governments: counterfeit products
almost always escape taxation
because goods are either smuggled
into Europe or come in with forged
or invalid documents;
• Workers: they suffer because
counterfeit products result in fewer
jobs in the legitimate manufacturing
and retailing sectors;
• Consumers: they suffer because
they are duped into buying an
inferior copy of the legitimate
product, which may present serious
and unforeseen health risks; and
• Societies: affected societies suffer
because counterfeiting supports
other activities of organised crime,
Geography and country risk
The Special 301 Watch List should be used in
the same way as Transparency International,
Freedom House, OECD indicators, membership
of FATF and INCSR data is already used in
country risk models to assess money laundering
risk of countries. Customers, people who
control corporations and trusts and transactions
can involve countries on the 301 Watch List.
Business and entity risk
The following steps may be useful for KYC
purposes to improve the chances of detecting
circumstances where a customer has made
• Seeking proof of manufacturing licence
• Validating manufacturing licence from
relevant authority issuing the licence;
• Requesting written evidence of licences
from copyright holder to sell or reproduce
the copyright goods;
• Contacting relevant industry body (eg, the
Motion Picture Association and the
International Federation of the
Phonographic Industry) to verify status of
the licence from their member;
• Searching public records for prior conviction records of the associated individuals,
company or other regulatory actions;
• Checking for listings on high-risk databases
such as that of the ICC and other online
databases such as that of Interpol (searches
possible on ‘counterfeiting’); and
• Media searches.
Such information will be difficult to obtain
unless the customer is seeking a relationship
with the financial institution that allows for this
kind of information, such as a credit relationship. However, if the business is a semi-legitimate one and records its legitimate business to
establish its relationship with the financial institution, then traditional AML controls have to be
used to spot suspicious activity like payments
that are not in line with the financial institution’s understanding of the client’s operations,
(geographies, parties, amounts), cash deposits
for a business that declares its markets as being
located primarily overseas etc.
Other IPR risk indicators:
Large piracy enterprises often operate
through nominees, including lawyers
and company incorporation agents,
and use offshore banking and private
banking services; and
Other services used including remittances
that involve unrelated third parties to
Responses to the
Manufacturers – product manufacturers have
responded in many different ways, including
setting up specialised brand or product integrity departments within their organisations,
building special websites to educate and warn
the public about counterfeits, instituting legal
actions against those responsible, and lobbying governments to force authorities in source
countries to adopt and enforce stricter laws.
Governments – in addition to the adoption and enforcement of strict anti-counterfeiting laws, some governments have recognised
the need to improve existing systems to prevent the movement of counterfeit goods.
Some customs authorities are using new technologies to achieve that goal. Modern X-ray
container-scanning equipment is an example
of new technology being used to thwart the
transport of illegal goods. These machines can
be installed in ports to allow non-intrusive
inspections of a container’s contents. While
the initial investment cost is high, it has been
found that even the most expensive container
scanners quickly become self-financing.
Examples of tools used to track down
counterfeit cigarettes included:
• A €12.5 million container scanner in the
port of Hamburg between September 1996
and 2002 which led to the discovery and
seizure of illegal drugs with a selling value
of over €257 million and excise goods
(cigarettes and alcohol) representing a total
duty loss of over €66 million; and
• a €14 million container scanner in
Rotterdam led to the recovery of more
than €20 million in lost revenue in the
first six months of use.
These are encouraging results. However,
the International Counterfeiting Commission
has recognised that ‘the successful use of
container scanners at some European ports
has led to the diversion of container traffic
to other ports/airports/border posts’. The
European Parliament has therefore urged
that modern scanning equipment ‘be made
as widely available as possible’.
Future initiatives which can help financial
institutions manages the money laundering
risks associated with IPR theft:
• Online KYC database vendors like
World-Check, IntegraScreen Online,
Factiva, and Complinet, whose KYC
products are subscribed to by thousands
of FIs around the world, could expand
their focus to include IPR theft in a more
direct and proactive manner. KYC database vendors need to work with leading
industry organisations concerned with
IPR theft to make sure their databases
highlight key players and their links; and
• The Anti-Counterfeiting Trade Agreement
(ACTA) is a proposed agreement that
would impose strict enforcement of IP
rights related to internet activity and trade
in information-based goods. The agreement is being negotiated by the governments of the US, Japan, Switzerland,
Australia, New Zealand, Canada, Mexico
and the European Commission.
If adopted, the treaty would establish
an international coalition against copyright
infringement, imposing strong, top-down
enforcement of copyright laws in developed
nations. The proposed agreement would
allow border officials to search laptops,
MP3 players and mobile phones for
copyright-infringing content. It would also
impose new co-operation requirements upon
internet service providers (including perfunctory disclosure of customer information)
and restrict the use of online privacy tools.
ACTA is part of a broader ‘forum
shifting’ strategy employed by the trade
representatives of the US, EC, Japan,
and other supporters of rigid intellectual
property enforcement: similar terms and
provisions currently appear in the World
Customs Organisation draft SECURE Treaty.
The counterfeit problem has reached such
epidemic and global proportions that no single
body or entity can tackle it. Instead, a multifaceted approach including co-operation
between manufacturers and governments is
required. The global AML regimes in place
are moving to risk-based models which
depend on extensive information about predicate crime indicators, as well as indicators
about how counterfeiters and pirates launder
their funds through the financial system. ■
The author acknowledges that this article
extensively references and builds on an
earlier paper authored by Rohan Bedi entitled
“A New Front – IPR Theft, Money Laundering
and Terrorist Financing”, Sept/Oct 2005
published by ICPVTR, IDSS Singapore.
So you are a controls
freak – unbundling the
December 2008 obligations
HE DECEMBER 2008 Anti-Money
(AML/CTF) Obligations require reporting entities to establish controls in response to
risks identified through diagnostic and assessment
processes. These controls are partly prescriptive
in that the regulator expects that a reasonable
risk assessment will lead to actions which may
include (but not be limited to) monitoring,
enhanced customer due diligence and additional
know your customer (KYC) requirements. It is
through these actions that a reporting entity (RE)
controls ML/TF risk within their business.
By Mark Turkington
What does this mean in practice?
The danger with risk controls however, is that
they can be illusory. Establishment of a control
can be mistaken for action when in fact,
through poor design, it is both inappropriate
and ineffective. An effective AML/CTF control
is directly linked to risks identified by the RE.
For instance, KYC, is a control process. The
generic steps in identifying KYC risk are:
1. Determine a threshold for customer profiles
based on acceptable risk to the RE;
2. Assess customers based on where they
fit against the profile;
3. Provide each customer with a risk rating; and
4. Develop processes for managing customers
with different risk ratings that minimise
risk to the RE.
In this approach, outcomes from the first
step assume a reason why one customer attribute
poses a greater risk than others. As the RE
moves through to Step 4, it must demonstrate
how processes for managing higher risk ratings
directly address reasons for the risk rating in
the first place.
A reporting entity determines that customers
who trade in cash are a higher risk than those
who only trade electronically. Why? Customers
who trade in significant cash transactions present
an increased risk that they may be conducting
placement and/or integration activities associated
with ML/TF processing.
Once the RE makes this determination, it rates
customers against assessment criteria to determine
if they are dealing in significant cash transactions.
What happens next will determine the effectiveness
(or otherwise) of the AML/CTF program. The RE
must establish appropriate controls for mitigating
or managing risk attributes assigned to the
customer. In our example, it is not enough to rate
customers and then identify when they transact.
Possible actions the RE can adopt in
this example will vary according to the nature
of its business. Whichever approach they
choose though, they must be in a position to
understand who the customer is and what
legitimate business reason requires them to deal
in significant cash transactions.
15.7 The transaction monitoring program
should have regard to complex, unusual
large transactions and unusual patterns
of transactions, which have no apparent economic or visible lawful purpose.
What does this mean
for December 2008?
AUSTRAC has provided some direction
for December 2008 by outlining components
of ongoing customer due diligence. These
components are categorised as KYC, monitoring and enhanced customer due diligence; and
are actually high-level control processes that
REs must address through implementation of
their AML/CTF program.
Additional KYC controls
What do the AML/CTF Rules say?
15.2 An RE must put in place appropriate
risk-based systems and controls to determine whether any further KYC information should be collected in respect
of customers for ongoing customer due
15.3 An RE must put in place appropriate
risk-based systems and controls to determine whether, and in what circumstances,
KYC information should be updated or
verified in respect of its customers for
ongoing customer due diligence purposes.
What does this mean for the RE?
Although these rules are similar, they may
have a different meaning for a RE depending
on the customer. Essentially, the RE must
complete risk profiling on all customers to
assign a ML/TF risk rating and assess if the
available KYC information is appropriate.
There will generally be two outcomes from
1. Customer KYC information held by the
RE is deemed appropriate for the level of
risk within a client profile. No further
KYC action is required; or
2. The customer profile requires a higher
level of KYC information than the
RE holds. In this situation, the RE
must source additional information to
bring it into line with requirements for
the customer risk profile. The RE must
also verify this new information using
due diligence processes as applicable
for new customers.
In addition, the RE must have in place
processes for identifying and managing
changes to a customer risk profile. Where
a customer changes circumstance, an assessment must be conducted to determine whether
this constitutes an increase or decrease in
ML/TF risk. Failure to adequately manage
changes in customer risk may result in
creating ineffective control measures. It may
also mean that customers who have reduced
their risk (through moving to a lower risk
jurisdiction for instance) are subject to
What is the business impact of this?
Perhaps the greatest impact to a reporting
entity is that it must have in place appropriate
systems and processes for assessing all customers, including those that had a pre-existing
relationship prior to December 2007 obligations. This assessment is truly risk based and
does not allow for time-based exemptions.
To enable this assessment and generate
appropriate risk profiles, the RE must have
access to data on ‘grandfathered’ customers.
This is a challenge for many REs, as data
quality (and in some cases quantity) for
pre-December 2007 customers is often less
than adequate to complete effective profiling.
In this case, the RE may decide to base
its assessment on an aggregated view of
customers by assessing product, channel and
jurisdiction to form a total view of risk exposure. It may also decide to group customers
into common profiles and define risk ratings
based on common behaviour patterns.
Whatever approach is adopted, the RE must
be able to demonstrate a link between controls
established and the risk of ML/TF activity.
Once an RE has established a starting position
for customers, it must still ensure it has
effective processes and systems in place
for assessing changes to customer status
and reprofiling based on these changes.
What do the AML/CTF Rules say?
15.4 A reporting entity must include a
transaction monitoring program in
Part A of its AML/CTF program.
15.5 The transaction monitoring program
must include appropriate risk-based
systems and controls to monitor the
transactions of customers.
15.6 The transaction monitoring program
must have the purpose of identifying,
having regard to ML/TF risk, any
transaction that appears to be suspicious
within the terms of Section 41 of the
What does this mean for the RE?
KYC controls focus on knowing who the
customer is; ML/TF activity however, cannot
occur until a customer interacts with a designated service. This means that the RE must
also know what the customer does. This is
defined as customer behaviour. To track
customer behaviour, AUSTRAC has focused
on the use of transaction monitoring as a
control process. Section 36 of the Act speaks
of monitoring customers, and the above rules
have narrowed this requirement to monitoring
transactions. This appears to be a lesser scope
than monitoring customer behaviour, but an
RE should remember that a transaction is
deemed to be where a customer interacts with
a designated service. This definition therefore
incorporates almost all activity a customer
will be involved in, and when included with
effective KYC controls covers many aspects
of ML/TF risk.
To comply with these control requirements, REs must establish processes and
systems to monitor for suspicious transactions
with ‘regard to complex, unusual large transactions or unusual patterns of transactions,
which have no apparent economic or visible
lawful purpose’. To do this, the RE must first
have a clear definition of usual behaviour
across customer profiles and designated
services. Having defined usual behaviour,
the RE is then in a position to assess patterns
outside this definition and categorise based
on an assessment of ML/TF risk. This is the
foundation of the risk-based approach.
An effective assessment is likely to
include a two-stage process, where the
behaviour is firstly deemed to be unusual and
secondly, the behaviour appears to have no
‘economic or lawful purpose’. It should be
noted however that AUSTRAC has suggested
in the Regulatory Guide that monitoring is
required for all transactions. This is not what
AML/CTF Rule 15.5 says, so the RE should
look to the application of its risk-based assessment to determine an appropriate response to
manage and/or mitigate identified risk.
What is the business impact of this?
The definition of monitoring is somewhat
vague as each RE will have defined its own
requirements based on an internal assessment
of risk. Monitoring must therefore be seen as
an appropriate response to the ML/TF risk
identified. It is this linking of risk to a specific
monitoring control that forms the difficult task
for a reporting entity.
For example, an RE identifies that one of
its designated services involves high liquidity
and is offered mostly to customers with complex structures where beneficial ownership is
difficult to verify. Internal assessment assigns
this service a high level of ML/TF risk. The
RE establishes a monitoring program to define
transaction patterns and generates a ‘normal’
behaviour profile. The monitoring program is
also able to report on variations to these patterns. For this program to be effective, the RE
must demonstrate why a normal behaviour
pattern is an acceptable ML/TF risk and why
variations may increase this risk beyond
defined tolerance levels. Once it has successfully demonstrated that ‘normal v unusual’
patterns are appropriate, the RE must then
show how monitoring controls are correctly
adjusted to spot variations and initiate additional control or due diligence responses.
This scenario can become complicated
where a customer has multiple dealings with
an RE. The regulator is interested in all customer activities, not simply those related to a
specific designated service. This requires
some form of aggregated view of customer
activity across the RE and extends the monitoring question from ‘what is the customer
doing?’ to ‘what else is the customer doing?’.
It is difficult to see how any RE with
complex business structures and relationships
can manage this view of customer activity
without some form of electronic monitoring.
The information necessary to understand
these relationships is generally only available
through the study and assessment of
aggregated data across customers and
designated services from all areas of the
RE’s business. Many REs will not have this
aggregated or composite view of customers
and must therefore determine how to ensure
they are capturing all customer activity
within their business.
In addition, AUSTRAC has been clear
that it requires the RE to monitor transactions
which occur after 12 December 2008. For
an RE that is not compliant by 12 December
2008 the regulator expects that retrospective
monitoring of transactions will be included in
the monitoring program. Non-compliant REs
are then expected to approach the regulator
prior to 12 December with a proposal covering the reasons for non-compliance and the
impact of this across their business (i.e. what
AML/CTF risk this will create). This proposal
must also include the steps being taken to
reach a compliant state within the 15-month
‘assisted implementation’ period.
This expectation of retrospective assessment is most likely based on the premise that
an RE will establish monitoring controls with
a historic view of customer activity (to assist
in establishing patterns of behaviour). The
ability for the RE to monitor against all
transactions from December 2008 should
What does this mean for the RE?
Where KYC controls focus on who the customer is, and monitoring controls track what
the customer does, enhanced customer due
diligence draws these together to understand
‘what can we find out about this customer?’.
Enhanced customer due diligence is required
FOR A REPORTING ENTITY THAT IS NOT
COMPLIANT BY 12 DECEMBER 2008 THE
REGULATOR EXPECTS THAT RETROSPECTIVE
MONITORING OF TRANSACTIONS WILL BE
INCLUDED IN THE MONITORING PROGRAM.
therefore be built into the design and implementation of the monitoring program. This
will be difficult for a RE to do without first
pooling customer and transaction data (dating
from at least December 2008) and making it
available for pattern analysis.
Finally, the RE must demonstrate that it
has a review process in place to ensure the
level of monitoring is appropriate at any
given time relative to identified ML/TF risk.
New products, new customers and changing
behaviour patterns will all require the RE
to recalibrate ‘usual’ behaviour so that
monitoring is always aligned with changing
definitions of risk.
What do the AML/CTF Rules say?
15.8: A reporting entity must include an
enhanced customer due diligence program in Part A of its AML/CTF program.
15.9: The reporting entity must apply the
enhanced customer due diligence
(1) it determines under its risk-based
systems and controls that the ML/TF
risk is high; or
(2) a suspicion has arisen for the purposes
of section 41 of the AML/CTF Act.
15.10: The enhanced customer due diligence
program must include appropriate riskbased systems and controls so that, in
cases where enhanced customer due
diligence is applied, a reporting entity
gives consideration to a series of
possible actions set out in the rule.
where risk assessments and other control
processes have established that ML/TF risk is
higher than the tolerance level.
The important aspect of an enhanced customer due diligence program is that it creates
an obligation to identify when risk thresholds
are exceeded and then to consider taking certain steps. AUSTRAC guidelines suggest that
higher ML/TF risk exists in situations where:
• ‘the customer is engaged in business that
involves a significant number of cash
transactions or amounts of cash;
• the customer uses a complex business
ownership structure for no apparent
commercial or other legitimate reason,
especially if the beneficial owners of
the legal entity cannot be determined;
• the customer is based in, or conducts
business through or in a high-risk
• the customer’s source of funds cannot
be verified or is difficult to verify;
• the customer requests an undue level
of secrecy in relation to a designated
• the customer is a politically exposed
This guideline means that the regulator
reasonably expects an RE to establish processes and systems that detect the existence of
higher ML/TF risk. Once this trigger capability is in place, the RE must initiate appropriate
actions in accordance with the level of risk.
The guidelines suggest that these actions
should include seeking further information
on the customer, verify or reverify customer
KYC information and access additional
information from other sources.
In addition, the RE should undertake
more detailed customer analysis including:
• What other business the customer does
with the RE?
• What other relationships the customer
has within the RE (other clients, third
• What past and future activity is associated
with the customer? and
• What likely controls will be appropriate
to manage/mitigate ML/TF risk?
What is the business impact of this?
Through KYC or monitoring controls, the
RE will become aware of an ML/TF risk
that exceeds a risk-tolerance threshold.
The RE will then commence enhanced
customer due diligence to access more
detailed information. A valid ECDD program
will therefore need to have:
• processes for identifying when risk
threshold is exceeded;
• processes in place to source additional
• access to an aggregated view of customers within the RE (where they came
from, who else they do business with,
what else they do within the RE);
• processes for managing the flow of information with approvals and ‘gating’ (case
• processes for managing the records for
each ECDD so that a customer history is
As with other controls, this program
needs to be linked to the risk being addressed.
For example, if ECDD processes are initiated
because a customer has a complex business
ownership making transparency of beneficial
ownership difficult, then the ECDD process
must directly address this issue.
Finally, the availability of adequate
information on pre-existing customers is
likely to cause concern for reporting entities
as they increase their level of scrutiny. An
effective ECDD process may first require
the collection and verification of additional
KYC details (as discussed above) prior to the
conduct of further analysis and investigation.
The overall process may therefore include
a quality check on available information
before other activities can be commenced.
Controlling business as usual
The final stage of a business as usual
life-cycle for AML/CTF controls must link
the operation of the control to the reporting
requirement of the regulator. Once risk
controls have identified increased ML/TF
risk, a process is needed to determine if this
unusual activity is in fact a suspect matter.
If the customer or their behaviour is deemed
to be a ‘suspect matter’ (as defined under
Section 41 of the Act) then the RE must lodge
the SMR with appropriate information and
within the required time.
It should be noted that there is a
difference between identifying unusual
activity and lodging an SMR. Many
organisations will have unusual circumstances
surrounding their customers. Some of these
will satisfactorily pass additional scrutiny
under the ECDD program and some will not.
It is not until the RE has tried to resolve the
unusual nature of the customer or activity that
matters can be deemed to be ‘suspicious’ and
must be reported.
The December 2008 Obligations also include
IFTI and threshold reporting requirements.
In simple terms, these are industry controls
that the regulator has passed on to reporting
entities. In many ways this is a monitoring
program conducted by the regulator at the
higher end of the industry spectrum. It also
represents data generation used for analytical
purposes and to assess potential risk across
Threshold transaction reporting
What does the AML/CTF Act say?
All transactions which involve $10,000
or more in cash must be reported within
10 business days of the transaction
What does this mean for the RE?
A reporting entity that handles cash must
have a process to detect transactions of
$10,000 or more in cash, and complete and
lodge the required reports. Reporting entities
should also consider having processes that
look for customers trying to structure cash
transactions to avoid being reported.
Where an anti-structuring control is established, the RE may also vary the threshold
search parameters according to observed
behaviour patterns within its customer base.
However, if the cash goes into the RE’s bank
account (it not being a bank) then the bank
reports this, not the RE. The problem for an
RE is that if it is consistently being reported
as receiving above-threshold transactions, but
the RE is not monitoring these for suspicion,
then its monitoring program might be seen as
ineffective. AUSTRAC monitors across all
threshold transactions and so is aware of
which customers are dealing in cash.
What does the AML/CTF Act say?
All inbound and outbound international
transactions undertaken by banks, ADIs,
credit unions and building societies
irrespective of value must be reported
within 10 business days of the transaction
What does this mean for the RE?
This responsibility continues obligations
under the FTRA. To make this regulatory
control effective, reporting entities should
consider having processes that look for
customers sending transactions overseas
or receiving funds from overseas. Where
a RE instructs a bank to send/receive
money to/from overseas, the IFTI report is
lodged by the bank. These transactions
however should still be scrutinised by the
RE to determine if they are unusual or
suspicious in some way. Failure to do this
may mean that their monitoring program
is deemed ineffective.
The final word
The purpose of AML/CTF controls is to
identify, mitigate and/or manage the risk of
ML/TF activity though the provision of a
designated service. To demonstrate control
effectiveness a reporting entity must establish
a link between risks identified and actions
taken to control risk. These actions must
be both appropriate and effective to the
specifics of the risk.
Reporting entities must also recognise
that control-based obligations for December
2008 include ‘precommencement’ customers.
The requirement to rate these customers for
ML/TF risk and assign appropriate controls
means that the RE must have access to
appropriate information to make the
assessment. This can create a problem for
many reporting entities where they may
need to engage with the customer to source
additional information. This problem should
not be underestimated, as the administrative
costs and potential relationship impact will
require careful consideration.
Lastly, a RE must deliver effective
ongoing customer due diligence controls,
including monitoring of customer behavior,
from 12 December 2008. Where a RE is
non-compliant with this obligation, they
must design their program to retrospectively
implement these controls and submit a
proposal to AUSTRAC outlining their status,
the reasons and impact for this, and details
of their program to achieve full compliance
within the assisted implementation period
(i.e. by March 2010).
elf and your ass
TransWatch™ is a rule-based ﬁnancial crime solution for detecting,
investigating and resolving suspicious activities as part of a ﬁrm’s
Key Beneﬁts include:
Profile of a modern
By Chris Hamblin
HE AGE OF NAIVETY among terrorist financiers in the Western world
is drawing to a close, as evidenced
by the meteoric career of one UK-based
online fraudster. The case points towards the
types of terrorist financing cases that we will
inevitably see more of — in the UK, US,
Australia and beyond. Most money laundering
reporting officers are already aware that
terrorists are becoming dab-hands at mortgage
fraud and even VAT ‘carousel’ frauds; this
case offers proof that a new generation of
terrorist financiers is learning to earn and
disguise its blood money online.
A band of brothers
Mirsad Bektasevic, a 19-year-old Swede of
Bosnian origin, and Abdul Cesur, a 21-yearold Dane of Turkish heritage, were a pair of
untrained conspirators who wanted to do their
bit for the Jihad in Scandinavia. They came
to the attention of British authorities purely
because they established contact with people
who the authorities were already watching.
As far as is known, Bektasevic and Cesur had
no direct command structure or superiors or
even affiliations with organised terrorists —
they merely wanted to ‘set up Al Qaeda in
Europe’. Bektasevic’s mother told the press
how her son had been radicalised at the
local mosque: ‘He was not religious before.
Some people frightened him and talked to
him about Hell, and told him he would be
tortured in Hell if he did not believe.’
They set up a cell in Scandinavia,
which raised funds, but they were short of
explosives. Somebody suggested that they
should go abroad and buy them. The pair
duly arrived in Bosnia, which straddles a
gun-running route, three weeks before their
arrest on October 23, 2005. When arrested,
they were living in a suburb of Sarajevo
and in possession of suicide vests, about
65lb of high explosive, a training video
showing them how to use ball-bearings,
exploding bullets and a machine pistol.
The radicalised fraudster
This story is unusual because of Tariq Al
Daour. Bektasevic, using the pseudonym of
Maximus, was linked to three men in the
London area and Al Daour was one of them.
This 21-year-old biochemistry student eventually pleaded guilty to a charge of using the
internet to incite murder, which is now illegal
even if the perpetrator mentions no targets by
name. More importantly, he ended up being
convicted of receiving money and assets while
knowing that they may be used for terrorism.
At Al Daour’s house the police found a
pile of computer material. He was a loner,
meeting people, including Bektasevic and
Cesur, online. Indeed, Al Daour never actually
met his partners in crime. They came together
online and communicated by internet telephony.
Al Daour encoded their correspondence with
Pretty Good Privacy encryption software.
Al Daour was downloading extremist
material, but was also perpetrating large
amounts of fraud in sophisticated ways. He
was the first British example of a criminal
who had been radicalised by Islamic ideology.
He was a member of Shadow Crew, a forum
for fraudsters. Entrants had to prove their
fraudulent credentials before they could join.
Al Daour took fraud master-classes in various
chatrooms and paid £75 for batches of compromised British card details. In the end, he
had the details of 37,000 compromised cards.
How he earned money
Al Daour earnt about £1.6 million in fraudulent trades without leaving home. There are
74 known Jihadist websites and on these he
met terrorists in need of funding, both for
atrocities and for training camp equipment.
He bought 262 mobile telephone payments
and 194 flight tickets. He routed money
through 21 countries — a process that
typically took him 24 hours whenever he
did it. He used e-gold (virtual bullion which
comes out the other end in cash).
A policeman told Complinet: ‘He used
online gaming. Trying to trace that money
through all those jurisdictions is virtually
impossible. He used online websites not just
as a revenue stream but to launder the money.
He did take a 50-50 chance on bets. Actually
he won more than most people. He used compromised card details to join all the players
around the poker table. He couldn’t lose!
‘Now he’s spending 19 years in Belmarsh
[Prison] with about 72 terrorists telling them
all how he did it. This is high yield, it is low
risk. He was using all sorts of electronic
devices. We traced him through Bektasevic,
luckily. The big problem is websites in
different countries. We currently have about
50 operations running and we really could do
with greater international co-operation.
‘The Financial Action Task Force talk
about terrorist finance in very generic terms.
They’re preparing a set of case studies.
Their publications are fairly bland and
anodyne and they don’t have anyone trying
to model what the risk is.’
British authorities are good at the traditional methods of waylaying terrorists — using
surveillance and debriefing arrested suspects.
Al Daour gave them their first experience with
online crime as a means of terrorist finance.
The UK’s anti-terrorist police look at only
90 or 100 suspicious transaction reports a year
and do not have the resources to winnow
through the whole galaxy of STRs. It must
always be true, however, that well-researched
and well-aimed STRs can make a real
difference to at least some of their efforts. ■
Be careful out there –
there’s fraud and corruption
The Cambridge International
Symposium on Economic Crime
is held at Jesus College in
Cambridge (UK) and is in its
26th year. It is a vehicle for
promoting, at an international
level, the real and practical
issues involved in preventing
and controlling economic crime,
corruption and abuse. Economic
crime and corruption are of
course predicate crimes to
money laundering. The
Symposium seeks to involve
speakers and panellists with
practical knowledge and
experience from around the
world to share their expertise
and act as catalysts to promote
awareness and discussion
at all levels.
The theme of the 2008
Symposium was ‘Banking on
Trouble’ and at the time of
writing, the more appropriate
title might have been, in
hindsight, ‘ Banking in Trouble’.
AFMA Anti Money Laundering
Magazine’s editor, Joy Geary,
was invited to speak at this
year’s Symposium which was
held between 31 August and
7 September. This article is
the first of two parts focusing
on developments in the
You can obtain more information
about the Symposium, which
is held annually, by visiting
Developments in the
HE SYMPOSIUM focuses on economic crime. This year the attendees
were predominantly law enforcement,
regulators (financial intelligence units and
central banks), academics
and government. Surprisingly few financial
institutions were represented, a sign of the
times for the finance sector even at the end
of August 2008, before the extraordinary
events of October 2008.
The most substantive development in
the anti-money laundering/counter terrorism
financing (AML/CTF) risk-based approach
is always going to be in the area of the risk
itself – emerging crimes, old crimes dressing
themselves up in new clothing, forgotten
crimes and the trends towards globalisation
of crime. Indeed it was refreshing to hear
very little about the regulatory side of the
risk-based approach, such as know your
customer, ongoing customer due diligence
or monitoring in the six days of the
Each day comprised of an introductory
session (two to three speakers) then three
or four panels each sitting for two hours
with eight or so speakers each speaking for
15 minutes. Workshops were held on two of
the six days late in the afternoons in place of
panel sessions. Several sessions were run
simultaneously but most of the time, all
attendees were present in the main marquee,
often to the tune of torrential rain.
■ 7.3 per cent of the UK population has experienced fraud. Individuals have
experienced fraud to the estimated value of £2.75 billion per annum. Businesses
and organisations have experienced fraud to the estimated value of £1 billion per
annum. The UK Government spends £13.9 billion on dealing with fraud annually.
One of the top three areas for concern for the Serious and Organised Crime
Agency in the UK is fraud perpetrated on financial institutions.
In this article on developments in the
risk-based approach we look at what speakers
• Corruption, fraud and money laundering
• Politically exposed persons
and money laundering
The underlying theme of the conference
emerged as one of fraud and corruption. On a
broad view of corruption, it is either just a
version of fraud, or it is inextricably linked to
the commission of fraud and money laundering.1 Interestingly, corruption was used by
speakers to characterise the behaviour of
There was some discussion around the
accountability of those that do the corrupting
as well as those who are corrupted. It has not
always been the case that both sides to an act
of corruption have been held equally accountable. Many references were made to the
Government inquiry into the BAE/Saudi
Arabian corruption case which was shut down
by the Blair Government in December 2006.
A court challenge ensued which led to a
House of Lords decision upholding the decision to suspend the enquiry because of the
threat to public safety in the UK were the
Saudis to follow through with a threat to withdraw cooperation in vital anti-terrorism intelligence processes. Other examples were provided of cases where pursuit of alleged corruption failed in the face of greater political
and social pressures.
And finally, there was a certain cynicism
about asset recovery actions that returned
corrupt funds to a corrupt government.
Some markets such as tobacco or
gambling were described as “criminal-geneic”
– i.e. their nature invited the involvement
of organised crime and corruption.
Argentina described a version of corruption that it has with insurance fraud. Groups
of lawyers, doctors and organised criminals
collude to injure people, treat them, advise
them, recover from the insurance company
and share the proceeds, presumably also
with the injured person. This phenomenon
is called “bone breaking” and accounts for
perhaps 20 per cent of insurance claims
for personal injury in Argentina.
In India, 30 per cent of families have to
pay bribes to get water connected and to keep
it connected. These numbers supported the
view stated by one speaker that corruption
causes and institutionalises poverty.
Politically exposed persons
IN INDIA, 30 PER CENT OF FAMILIES HAVE TO PAY BRIBES
TO GET WATER CONNECTED AND TO KEEP IT CONNECTED.
insiders (‘in-service criminals’) who facilitated the perpetration of fraud or money laundering. Such persons might be bank employees,
they might be those who issue passports, provide authentication or identification services,
are involved in procurement processes for
government departments or large companies
or who provide information technology services. There is no limit to the range of possibilities of insiders who are in a position to be
corrupted and facilitate the commission of
fraud or money laundering.
Thus a client relationship manager that
colludes with a client to submit a completed
client acceptance procedure despite the fact
that the client cannot meet the requirements of
the procedure could be regarded, among other
things, as corrupt.
The example of the current charges
against former South African Deputy
President Jacob Zuma in South Africa threw
up the real pressures that a small FIU might
face when in possession of suspicious matter
reports about an act of corruption by a
political leader in a heavily charged
It was observed that, in the commercial
world, the cost of the penalty if corruption is
detected is often less than the profit made
from the opportunity and usually less than
the loss sustained if the opportunity is not
secured. Corruption is often factored into
the price which multiplies the crime being
perpetrated. Scandals were seen as having
short life spans for corporations, thus they
think they can afford the reputational risk.
One thing was universally clear amongst
attendees – it was not regarded as reasonable
to rely on a client’s assertion as to their politically exposed persons (PEP) status without
making other checks. This view was generally shared by most speakers who dealt with
PEPs as their topic and is relevant to the PEP
identification practices developing in the
Australian AML/CTF arena.
As would be expected, there was much
discussion around the vexed question of the
definition of a PEP. A strong, and perhaps
controversial view, was put forward by Hans
Peter Bauer, from Switzerland (former head of
regulatory relations at UBS) who opened his
presentation by suggesting that PEP risk
should be looked at from a perspective of
materiality. By this he meant that financial
institutions should be concentrating on those
who are in a position to defraud significant
amounts of money such as Marcos, Suharto
and Abacha. Dr Bauer presented a simple
table based on 200 countries with two leaders,
20 cabinet members, 200 members of parliament and 200 family members and associates
per PEP producing 444,400 names. He used
this table to support his view that the fight
against corrupt PEPs was being diluted by the
breadth of what is being treated as a PEP. He
appeared to be suggesting that the definition
1 Wikipedia defines ‘corruption’ as a general concept describing any organised, interdependent system in which part of the system is either not performing duties it was originally intended to, or performing them in an improper way, to the detriment of the system’s original purpose. The Corruptions
Perceptions Index defines corruption for the purposes of the Index as ‘as the abuse of public office for private gain’.
2 Wikipedia defines the yellow press as ‘journalism that downplays legitimate news in favor of eye-catching headlines that sell more newspapers. It may
feature exaggerations of news events, scandal-mongering, sensationalism, or unprofessional practices by news media organisations or journalists’.
should not include associates and family
members, although a risk-based approach
would potentially lead a financial institution
to want to do background checks to look
for associations between names in client
databases and PEPs.
One controversial part of his discussion
was a suggestion that a critical characteristic
of a PEP was the ability to move money.
However, many PEPs have no direct access
to money but are able to influence decisions
that deliver favour to those who are
There was no common agreement on
the principle ‘Once a PEP, always a PEP’
although there was general consensus that
domestic PEPs are as important to identify
and manage as overseas PEPs. Dr Bauer proposed that management of PEP risk requires:
• A single global definition of what a
• This definition should include domestic
and overseas PEPs;
• Each country should be required to
provide a current list of their PEPs so
that all countries could incorporate these
lists into their risk-based approach.
Thomas Spies, formerly Global Head of
AML/CTF at Deustche Bank and now with
KPMG, stressed the importance of monitoring
the yellow press 2 for references to clients,
including those who are PEPs. Negative
media screening is a common tool in private
and investment banking, and is clearly
relevant to those with clients who are PEPs
or controllers of listed corporations.
The World Bank suggested similar steps
to manage corruption in the context of PEPs:
• A self-disclosure requirement to be
imposed on PEPs by law;
• PEP information to be made publicly
available by governments.
Employees and third parties
Consistent with the focus on the link between
corruption, the commission of economic crimes
and money laundering, employee risk was the
subject of many presentations. Internal agents
were seen as in-service criminals (employees)
and data was quoted that 20 per cent of
employees involved in fraud or other corrupt
behaviour were re-employed in the same
industry. It is estimated that 35 per cent of all
fraud is committed by in-service criminals.
In-service criminals were not seen as
having a particular profile – they could be
any age, either gender and have one or more
of many motives. Sometimes they were
the subject of threats by others, internal or
external to the organisation. Those making
threats were often immediate managers and
supervisors. In-service criminals may be
simply providing data for use in ID frauds,
or assisting with account takeovers (by
changing names, addresses and telephone
numbers of existing accounts) or involved
at a more complex level (property valuation
fraud for mortgages).
The key weaknesses in management of
employee risk were threefold:
• High turnover of staff (25 per cent
plus per annum in the UK financial
Reduce the motive
CIFAS is a not for profit organisation
that services five sectors (asset financing,
banks, mortgage providers, card
merchants and telecommunications).
It is the world’s largest data sharing
scheme and it shares data about
employees who have been engaged in
lying on applications, false disclosure
regarding previous positions, frauds,
falsifying records, disclosure of
commercial data and theft or deception.
Data is only recorded about a person if it
is factual, accurate, shows clear evidence
of wrongdoing and the CIFAS member
making the report must be willing to go to
the police. Similar schemes have been
set up in South Africa and Germany. For
further information visit www.cifas.org.uk
Poor recruitment and vetting procedures
(because of the recurring cost through
high staff turnover);
• Poor supervision of controls over
Frequent use of a four-eyes procedure for
key tasks was cited as a good example of a
strong supervisory control against the risk of
in-service criminals. Rotating the second pair
of eyes is a key element of a strong control
because of the tendency for lower level
employees to be subject to threats from
managers and supervisors.
Law enforcement recommended the
following approach to management of
employee risk: (see below)
Create a strong positive culture which makes your business a
preferred place to work to reduce the chance that employees
want to defraud the business. This might address a range of
benefits going beyond salary and bonuses.
Vet and revet staff regularly against available databases associated
with criminal events and employees of financial institutions.
Conduct regular credit checks against employees to match
credit obligations against salary. This may give rise to privacy
consent requirements and does not cover credit obligations of
Reduce the opportunity
Reduce the opportunity for employee fraud by strong supervision
(e.g. four-eyes procedures) and effective authority levels for
expenditure and approvals.
Use strong reporting systems to monitor completion of procedures
using peer profiling.
Reduce the rationale
Provide good education to staff about the costs of employee fraud
and the reasons for controls.
Provide clear and unambiguous rules about consequences.
Establish an effective whistleblower process which employees
feel safe to use.
The chief executive of CIFAS
(Ann Sheady) recounted a story of a
woman who ran a reference service for
anyone who care to choose to pay her,
operating a bank of telephone numbers,
ready and willing to provide cover for
people alleging they were employed by
XYZ company in the financial services
sector. Interestingly enough, despite the
extensive use of her service over a number
of years, she was never called by a
The mortgage fraud stories from the
US presenters recorded widespread trends of
lenders failing to perform any due diligence
on those providing them with services,
for example, mortgage brokers. A telling
photograph was the valuation report
provided for a property containing a photo
of a house taken from the street. Subsequent
investigation on default showed that the
entire back of the house was missing and
all that had existed at the time finance
was provided was the front wall (as shown
in the photograph supplied with the
substandard valuation provided through
Stories from the New York prosecutors
present about scanning devices attached to
computers brought to mind the necessity
to consider vetting cleaning contractors
and their staff. It is easy for cleaners and
other subcontracted staff with out of hours
access to business premises to attach devices
to seldom moved computer equipment at the
request of others who may be threatening
them or rewarding them.
An example of poor due diligence was a
power of attorney provided in Spanish which,
on translation by law enforcement well after
the fraud had been perpetrated, proved to be
nothing more than a shopping list.
Employees in the mass media, printing
firms, accounting firms and investment
banks were seen as high risk for insider
trading crimes. On several occasions during
the Symposium the UK FSA made very
clear that insider trading and market abuse
will no longer be tolerated in London.
These crimes have been made the current
priority of the FSA and London financial
institutions can expect to see the full force
of criminal, civil and regulatory powers in
play over the coming months.
And on a twist to employee risk, bonus
schemes came under broad attack. The
manner of calculation of bonuses was
regarded as encouraging senior management
to engage in fraud through various reporting
devices which massaged results and thus
ONE EMINENT SPEAKER SUGGESTED THAT DESPITE WHAT HE
REGARDED AS THE FALLING ETHICAL STANDARDS OF THOSE
THAT MANAGE GLOBAL FINANCIAL INSTITUTIONS, REGULATORS
HAVE LITTLE CHOICE BUT TO HELP THESE “BEHEMOTHS”
BECOME MORE PRUDENT.
their bonuses. It was asserted that the
mispricing of certain products by one
global financial institution which lead to
a £5.6 million fine from the FSA occurred
primarily to protect bonuses of certain
senior employees. Rogue traders in its
investment banking division deliberately
mispriced the asset-backed securities.
The consensus from a number of speakers
was around the need for correction of
weaknesses in compensation schemes to
make them more aligned with the long
term interests of shareholders and the
profitability of the enterprise and to reduce
the opportunity for fraud.
One eminent speaker suggested that
despite what he regarded as the falling
ethical standards of those that manage
global financial institutions, regulators have
little choice but to help these “behemoths”
become more prudent. He went on to
suggest that these types of organisations
should behave in a way that makes them
too good to fail since the consequences
to the economies they operate in are massive
when they do fail. There was little dissent
to this proposition among Symposium
attendees. The government support
provided across the globe to major financial
institutions in the first half of October and
the merger of a number of global
organisations brings to life these issues.
Fraud on financial institutions is the focus
overseas in the UK, Europe, Asia and the US.
It is a predicate crime for money laundering in
Australia. Financial institutions may be one
of or both innocent and active participants in
the chain of activity that completes the fraud
and then the subsequent money laundering.
In-service criminals are a key risk either as
the perpetrator of the fraud or as a corrupted
party facilitating the path for the fraudster.
Reasonable controls for employee risk have
to go well beyond screening new employees
at the time of hire. These days they include
bonus schemes that do not encourage
manipulation of results for private gain.
Financial institutions can mitigate employee
risk through strengthening a range of
controls, including AML/CTF controls.
Part II of developments in
the risk-based approach
Part II of this article will appear in the
December issue of the magazine and will
look at what speakers said about:
• Offshore financial centres and the
UAE Free Zones
• Informal payment systems and money
• The bank as a victim of economic
NEW YORK NEW YORK
a swipe at prepaid
In recent weeks there has been a surge in the number of
federal court cases involving defendants who relied on
network-branded prepaid debit cards to execute credit card
fraud schemes and launder the proceeds.
HESE CASES CHALLENGE the
prevailing notion that drug-money
laundrymen pose the greatest threat to
prepaid card systems. They also indicate that
transactions involving the use of credit cards
to fund and recharge prepaid cards might
help money launderers and terrorist financiers
to an even greater extent than recharge
transactions involving cash.
To take a recent example, Rhoan
McCalla, 25, of Maryland in the US, pleaded
guilty to ‘conspiracy to commit access fraud’.
He started off using cash to buy people’s
social security numbers and other personal
data from an employee of a medical clinic,
according to his federal plea agreement.
Taking a brand name in vain
McCalla passed the data to accomplices who
used it to obtain credit cards fraudulently in
the names of the people whose identifying
details had been stolen, according to a
superseding indictment. McCalla and his
partners in crime then used the credit cards to
buy MasterCard-branded prepaid debit cards
from a local convenience store.
How the money flowed
Other conspirators registered and activated
the prepaid debit cards using stolen identities
and used the fraudulently obtained credit
cards to fund them. Once the conspirators
had transferred thousands of dollars in illicit
credit card funds to the prepaid cards, they
took them to ATMs and withdrew the funds
as cash. As the scheme wore on, McCalla
even gave the medical clinic employee a
prepaid card to facilitate his payment of bribes
for additional data. All told, losses totalled
more than $US580,000.
In another recent case, an Oregon man
was sentenced to more than three years in
prison after pleading guilty to social security
fraud and money laundering charges. Behcet
Alkis, 45, used six false identities to obtain
183 credit cards and bilk issuers out of more
By Brett Wolf
prepaid cards as useful tools with which
to ply their trade and launder the proceeds.
When one considers that terrorists are
known to rely on credit card fraud schemes to
fund their operations, the dire nature of this
global threat becomes even more apparent.
Anti-money laundering personnel at banks
that have issued, or plan to issue, networkbranded prepaid debit cards would be wise
to keep this in mind.
That said, prepaid card anti-money
laundering systems are designed to detect
efforts to launder money from illicit drug
sales and other dirty cash. Unfortunately,
prepaid card experts have said that nobody
has yet produced a reliable list of ‘red flags’
to help financial institutions detect transactions aimed at layering the electronic proceeds
of credit card fraud. The Financial Crimes
Enforcement Network — which has not
issued a single advisory to expose the ways
UNFORTUNATELY, PREPAID CARD EXPERTS HAVE SAID THAT NOBODY
HAS YET PRODUCED A RELIABLE LIST OF ‘RED FLAGS’ TO HELP
FINANCIAL INSTITUTIONS DETECT TRANSACTIONS AIMED AT LAYERING
THE ELECTRONIC PROCEEDS OF CREDIT CARD FRAUD.
than $US800,000. He also transferred the
credit card funds to network-branded prepaid
debit cards in order to launder and cash-out
his ill-gotten gains. Ultimately, he deposited
the money into bank accounts — that he used
stolen identities to open — and wired it to his
relatives in Turkey.
A troubling trend
These cases clearly demonstrate that credit
card fraudsters, who bilk financial institutions
out of billions of dollars each year, view
laundrymen are abusing prepaid cards —
must assume a leadership role if this insidious
threat is to be contained.
FinCEN might start by unpacking and
analysing the prepaid card-related suspicious
activity reports made by issuing banks and
prepaid processors. Of late, the latter have
improved the quantity and quality of the
SARs they produce, according to sources.
FinCEN ought to dedicate itself to this kind
of vital analytical work rather than focusing
its limited resources on the rote regurgitation
of Bank Secrecy Act data.
Monitoring in securities
trading firms made easier
By Jun Claravell
Please note that the opinions expressed in
this article are those of the author and do
not necessarily reflect those of the author’s
previous or current employers.
N THIS ARTICLE, I would like to share
some techniques, methodologies and
strategies in anti-money laundering
(AML) monitoring which may help provide
reporting entities in the securities trading business with some ideas to consider as part of
their preparation for the December 2008 Rules
on ongoing customer due diligence.
The central theme of this article revolves
around three key points.
1. AML monitoring is an integral part of
a strong AML compliance chain. All
securities trading businesses need to
2. AML monitoring is more than just
transaction monitoring. Some of the
most effective monitoring procedures
have nothing to do with looking at a
client’s transaction activity.
3. Transaction monitoring does have its
place, and securities trading businesses,
or any other business that involves the
movement of cash, securities and other
financial assets in large volumes, have to
take a risk-based approach to this process.
Why is AML monitoring important?
• AML monitoring addresses regulatory
requirements and expectations. This is
probably one of the main reasons why
some reporting entities feel compelled to
have one in the first place, but it is not
necessarily the best reason.
AML monitoring serves as an early warning mechanism to spot money laundering
red flags. It is more preferable that you spot
an issue first and file a suspicious matter
report to AUSTRAC rather than AUSTRAC informing you that there is a money
laundering or terrorist financing issue
with your client. The latter will lead to
regulatory pressures and perhaps unwanted
publicity causing reputational damage.
What is end-to-end AML monitoring?
End-to-end AML monitoring is the process of
identifying and implementing the appropriate
level of AML monitoring of client activity
(not just transactions) in each of the three
stages of a client life cycle (client take-on,
ongoing relationship, client off-boarding)
with the aim of reducing money laundering
risk to an acceptable level.
Stage 1 – Client take-on
It’s at this point that financial institutions try
to make it difficult for undesirables to get
their foot in the door. Experienced AML professionals will agree that it is far preferable
and relatively easier and less painful to apply
the controls at this stage than to try and look
for the undesirables once they’re inside and
then have to weed them out.
It is at stage 1 where financial institutions, from a business point of view, prospect
and hopefully sell products and services to
clients. AML monitoring starts at this stage.
Remember, one of the objectives of AML
monitoring is to spot ML red flags which
act as early warning mechanisms during
client acceptance. Examples of red flags at
client acceptance are:
material negative information about
behavioural red flags such as a client’s
reluctance to co-operate in the know
your customer (KYC) process;
a client asking probing questions
around record keeping and regulatory
requirements, perhaps with the intent
to avoid them;
inconsistencies between what the
customer says and what their
the appearance of a client’s name on
a sanctions list (such as DFAT, OFAC,
or UNSC); or
a client cannot or does not want to provide evidence of its source(s) of wealth.
The key AML controls that can be
applied at this stage include client identification and verification procedures, suspension
of the account-opening process, tagging
clients for targeted transaction surveillance,
special KYC reviews, additional background
checks on the client, and other enhanced due
Giving training to staff involved in customer acceptance is key to successful detection of these red flags. Staff in these roles are
the gatekeepers at the door of the business.
They need to be trained on what to look out
for in this first stage of the client life cycle.
Stage 2 – ongoing
The client relationship begins on client
acceptance with the first trade/transaction/
investment and, depending on the nature of
the product or service, is usually followed by
ongoing trading or transaction activity.
In this stage the source of funds that is
funding the client’s activity is one of the
cornerstones of AML monitoring. Where are
the funds coming from, who is paying those
funds into the account, which banks are being
used to transmit and receive funds from the
account, from which jurisdictions are the
payments moving to and from, are there third
parties involved in sending or receiving
money to the client’s account? This information is readily available in payment messages
and should be analysed against the client
information and activity.
Material negative information is likely
to be important to monitoring of clients.
‘Material’ means information which is
relevant to its financial dealings or circumstances such as allegations of fraud, money
laundering, corruption, etc. Material negative
information is available through a number
of third-party databases, or even simple
Google searches may help you perform
this monitoring activity. The most efficient
mechanism is to set up automated searches
conducted on a periodic basis against
If the client has a trading relationship,
look for unusual activity such as trading that
consistently deviates from expected/logical
trends or trading activity that simulates known
layering techniques such as wash trades, cancels and corrections, and money-losing trades.
Training again is important. Sales traders,
for example, are in a better position to spot
whether trading activity looks suspicious or
not because (1) they own the relationship and
therefore must presumably know their client
and the client’s trading history better than
anyone else in the business and (2) they know
the market and what drives trading activity
better than an AML compliance officer could.
In training, people in these types of roles must
be reminded that they have an obligation to
report anything that they find unusual or
suspicious and that there are serious consequences if they do not meet these obligations.
In some countries those obligations involve
criminal offences if not met.
It is vital to have clear policies and
procedures around third party payments.
Depending on the nature of the product or
service provided, staff must understand that in
businesses like securities trading for example,
third party payments should not be allowed
except in limited and controlled circumstances. Substantial AML risk is assumed
when money is paid to a person or entity that
is not the client and that has not been subject
to KYC checks. At the very minimum when
permitting third party payments, consider
performing background checks and sanctions
checks on that third party.
Another control is ongoing KYC reviews,
or KYC reprofiling. The objective is to ensure
that the information held about clients is up to
date, valid and complete. Particular focus
should be on changes that may have occurred
in beneficial ownership and control of the
client. The frequency of KYC reviews should
be aligned to the risk rating assigned to a
client (for example, yearly reviews for high
risk, three-year reviews for medium, five-year
reviews for low).
Finally there’s transaction monitoring,
which is usually automated in businesses that
are involved in reasonable volumes of transactions and trades. Transaction monitoring must
be driven primarily by overall money laundering risk and targeted only at certain client
types and transaction types. This is important,
and the illustration below helps explain this
by showing the relationship between trading
volume and AML risk. (See figure 1).
The overused term ‘risk-based approach’
actually makes sense in the context of AML
transaction monitoring. The illustration helps
prove this point.
In my estimation, and based on my
experience, 95 per cent or more of the trades
that are monitored come from low and
medium-risk clients while only 5 per cent
or less come from those of concern (the
high-risk clients). This ratio means that
all of the time and resources available to do
transaction surveillance can first be focused
on that high-risk 5 per cent.
FIGURE 1 – Stage 2 : Ongoing client relationship
Prioritising or weighting alerts means
that more attention should first be paid to the
50 alerts that come from trades of a client
who is senior government official from an
overseas country known for corruption, and
less attention should be paid to 950 AML
alerts coming from a highly regulated client.
This next illustration focuses on the
transactions themselves in a securities trading
context. What transactions must be fed
into the surveillance system, which areas
should AML transaction surveillance efforts
be focused on and, lastly, what sort of
unusual activities must be monitored for?
(See figure 2).
First of all, for investment banks,
transaction monitoring only makes sense
for trading businesses such as equities and
fixed income. There is no ongoing transaction
activity to monitor in the context of other
investment banking services such as financial
Certain types of trades must be excluded
in order to reduce the noise level in reports.
Proprietary trading is a good example.
Monitoring proprietary trading activity from
a straight market’s compliance standpoint
makes sense (i.e. when you are trying to
look for possible front running, insider trading
and the like) but does not make sense from
an AML standpoint. This is because it’s
INFORMATION IS LIKELY
TO BE IMPORTANT TO
MONITORING OF CLIENTS.
the firm’s own capital that is being used
to fund the trades hence there should not
be any AML issues, unless of course the
firm derives its funding from predicate
crimes, in which case there is a much
bigger problem to be managed.
Hedging trades is another good example
of what to exclude from monitoring. If you
are able to identify particular trading desks or
traders in your firm who do purely hedging
trades, then you should consider excluding
their trades from the population of trades to
be monitored. Hedging trades are essentially
offsetting trades in a related security, such
as an option. The transaction that created
the original position, not the hedge, is the
one that is client driven and therefore should
Trades by low risk, highly regulated
entities can also be excluded. In my experience this was more than 95% of the total
population. If you are not comfortable
excluding them entirely from the surveillance
population, then leave them there, but find
a way to somehow get them tagged in the
system as low risk, so that they can be
prioritised accordingly and higher risk alerts
reviewed in more detail.
FIGURE 2 – Stage 2 : Ongoing client relationship
After these exclusions, the remaining
trades and alerts should be those that come
from medium and high-risk clients, and those
clients who have been targeted for special
monitoring. Focus all your time and resources
looking at high-risk alerts first. Do not look
at medium risk alerts until there has been a
thorough investigation of all the high-risk
ones. The fact is, there will never have
enough time to look at every alert so make
sure that you look at the most important
alerts in the most detail.
What types of unusual activities should
be looked for in a securities trading context?
Here are three suggestions:
1. Wash trading – look for sell trades with
corresponding buy trades executed in the
same account for the same instrument
within a three-day period, usually at the
same or a higher price. Your focus is on
non-economic activity (meaning, shortterm trading profitability does not appear
to be an issue for the client);
2. Cancels and corrects – look for specific
patterns of cancellations and corrections
of key attributes of a transaction (such as
price, volume, trading conditions and settlement instructions). Typical patterns that
should be detected include a large number
of cancellations and corrections for one
client, one account or one trader and last
minute changes to standard settlement
instructions (particularly if it results in a
third party payment); and
3. Money losing trades – monitor the top 10
clients (or whatever number you think is
appropriate), who consistently have the
greatest realised loss based on monthly
transactions. Remember money launderers are generally more interested in
cleaning the money than they are in
making a profit while in the process of
cleaning the money (although this is
starting to change according to some
studies). But assuming this is still the
case; a money launderer generally will
not care much about losing say up to
40 per cent of the criminal proceeds if it
means that the remaining 60 per cent is
guaranteed to be successfully washed.
Here are some practical tips on how
to keep on top of your AML transaction
1. Review the coverage of the monitoring
program – make sure it is comprehensive
(are you capturing all the relevant transactions that need to be monitored?);
2. Review the methodology and approach –
make sure they are adjusted to the
changing risk profiles of the clients and
the markets. For example, if the high-risk
client population is getting bigger and
bigger and you can’t get additional
resources to manage them, then check
your criteria for risk as well as the option
of creating another risk category (called
higher risk clients) and focus monitoring
efforts on them first;
Review the monitoring technology –
make sure you are on top of the
technology issues and don’t forget to
The controls are similar to stage 1, and
depend on training, the review and approval
of third party payments. Consider continuing
with sanctions and background checking for a
certain period of time after account closure
(say six months).
Just prior to closing the account, particularly if unusual circumstances or red flags are
present, do a quick look-back on all recent
transactions of the soon to be ex-client so that
you are satisfied that there was nothing unusual that should be reported to AUSTRAC or
keep developing the technology, look
at creating new reports, tweak existing
filter parameters and algorithms; and
Review ML trends – make sure you
are aware of the hot topics in ML that
AUSTRAC is focused on. Studying ML
enforcement cases is an excellent way of
doing this and so is reading ML typologies. You also need to continually gather
intelligence from internal and external
sources. It is extremely difficult to
spot money laundering from just AML
monitoring alone, so obtaining leads or
clues from employees, peer businesses,
regulators, law enforcement and the
media is extremely important.
that you need further information from the
client before you end the relationship.
It is important to secure your key stakeholders’ agreement to the monitoring strategy
and be transparent, especially with the regulators, in terms of what the monitoring strategy
can and cannot do. Aim to be able to demonstrate that a thorough risk assessment has been
completed, that monitoring controls are
deployed in a reasonable manner, and
document all that you do.
There will always be a risk that a suspicious transaction will pass undetected, even if
you look at 100 per cent of the alerts. Why?
Because the people looking at the alerts are
just that, people, and therefore prone to error.
Consider assurance processes such as random
samplings of alerts and investigation files to
underwrite the robustness of the alert management process.
Furthermore, money launderers are
getting better and better at applying layering
techniques which are able to imitate the
characteristics of legitimate transactions.
What we as AML professionals can do is
to continue to share our knowledge and
experiences with each other, share what
works and what doesn’t.
Stage 3 – client off-boarding:
If and when the time comes that you have
to off-board a client, there are still a few
things that should be watched for. Most
of which are very similar to the risks and
controls talked about during stage 1 – client
take on, such as:
• The client asks questions around record
keeping and reporting requirements;
• The client instructs you to settle proceeds
with a third party;
• There is an issue found with the destination of funds (for example, a request to
wire proceeds to sanctioned countries);
• Be alert to any unusual circumstances
surrounding the closure of the account.
The business person who used to own the
relationship is the key person to detect
unusual things during this process.
Jun Claravall is a Certified Anti-Money
Laundering Specialist (CAMS) and is currently
the AML Compliance Director for Australia and
New Zealand for a major European global
investment bank where he also has, among
other things, responsibility for regional transaction surveillance. Previous to this role, he headed up the Asia-Pacific regional monitoring team
for one of the largest US investment banks
globally. He can be contacted at
Customer identification: Item 54
reporting entities and product providers
NDER THE Anti-Money
Laundering and Counter-Terrorism
Financing Act 2006 (AML/CTF
Act) reporting entities must adopt, maintain
and comply with an AML/CTF program if
they provide one or more designated services.
AML/CTF programs are made up of two
parts, Part A (general) and Part B (customer
identification). Reporting entities which hold
an Australian financial services licence
(AFSL) and only arrange for people to receive
other designated services (item 54, table 1,
section 6 of the AML/CTF Act) are entitled to
adopt a special AML/CTF program (consisting of Part B only).
A key component of the Anti-Money
Laundering and Counter-Terrorism Financing
Act 2006 (AML/CTF Act) is the requirement
for reporting entities to carry out applicable
risk-based customer identification and
verification procedures before providing a
designated service to a customer. This
requirement applies both to product providers
and reporting entities that provide item 54
designated services (for simplicity we will
refer to the latter as ‘arrangers’).
Requirement for arrangers to
conduct a risk assessment[A1]
The primary purpose of a special AML/CTF
program is to set out a reporting entity’s
applicable customer identification procedures
as required by Chapter 4 of the Anti-Money
Laundering and Counter-Terrorism
Financing Rules Instrument 2007 (No.1)
Some arrangers have formed the view
that a special AML/CTF program only
involves identifying and verifying the identity
of a customer, without considering the
money-laundering or terrorism-financing
(ML/TF) risk posed by the customer
relationship or the services provided.
This view is inconsistent with the
requirements of Chapter 4 of the AML/CTF
Rules. An applicable customer identification
procedure involves more than the mere
identification and verification of a customer.
All reporting entities, even those which
have adopted a special AML/CTF program,
must have in place appropriate risk-based
systems and controls to determine whether
additional initial ‘know your customer’
(KYC) information should be collected
from the customer and/or verified given
the ML/TF risk posed by the customer.
Public Legal Interpretation No. 2,
found on the AUSTRAC website
(www.austrac.gov.au) sets out AUSTRAC’s
view that when developing its AML/CTF program (whether it be a standard, joint or special
AML/CTF program), a reporting entity should
consider factors including the type of ML/TF
risk it may reasonably face. In identifying
ML/TF risk, the reporting entity must consider
its customer types, the types of services it
offers, delivery methods and any dealings
it may have with foreign jurisdictions.
Therefore, risk-based systems and
controls in an arranger’s special AML/CTF
program should be sufficient for the entity
to determine to what extent beyond the
minimum requirements, the identity details
relating to a customer should be verified
considering the relevant level of ML/TF risk
the entity may reasonably face.
Responsibilities of product
providers using arrangers to
conduct the applicable customer
Many product providers rely on arrangers
(both internal and external third-party distribution networks), to distribute their products
to customers. The questions then arise, when
using these distribution networks as to:
• what responsibility product providers
have where their products are sold
via distribution networks, in particular
external networks; and
• who bears the responsibility to carry out
the applicable customer identification
Under section 37 of the AML/CTF Act,
where an agency agreement exists between
the product provider and the arranger, it may
be specified in the agreement that the arranger
is responsible for carrying out the applicable
customer identification procedure on behalf
of the product provider.
Such arrangements do not remove the
responsibility of the product provider to
ensure that appropriate customer identification
has been carried out prior to the provision of a
Similarly, it is also the product provider’s
responsibility to ensure the applicable customer identification procedure carried out by
the arranger can be relied on for compliance
with the AML/CTF Act and AML/CTF Rules.
This procedure must address any ML/TF risk
associated with the product provider’s own
product, customer, jurisdiction and channel.
Additionally, the deeming provisions
in section 38 of the AML/CTF Act and
Chapter 7 of the AML/CTF Rules also allow
a product provider to rely on the customer
identification carried out by the arranger on
a number of conditions. When doing so the
product provider must:
(a) either be provided with a copy of the
arranger’s records or have the ability to
access the arranger’s records under a
contractual arrangement; and
(b) have determined that it is appropriate for
it to rely upon the applicable customer
identification procedures carried out by
the arranger, taking into consideration the
ML/TF risk faced by the product provider
in the provision of the designated service
to the customer.
Where (amongst other things) (a) or (b)
are not satisfied, the product provider is
required to perform the applicable customer
identification procedure itself, before providing a designated service to the customer.
This requirement also applies in the event that
the arranger has not conducted the applicable
customer identification procedure.
Ultimately, the product provider, as a
reporting entity, is responsible for ensuring
that identification is carried out prior to the
provision of a designated service. This
responsibility cannot be outsourced or
delegated to another reporting entity or third
party, whether internal or external.
AUSTRAC has developed a number of resources
to assist reporting entities, in fulfilling their
AML/CTF program obligations. For more
information visit the AUSTRAC website or
contact the AUSTRAC Help Desk.
Website: www.austrac.gov.au Telephone:
1300 021 037 Email: [email protected]
Some news for
item 54 providers
Under the provisions of the
Anti-Money Laundering and
Counter-Terrorism Act 2006
and Rules (AML/CTF Act and
Rules), reporting entities that
provide Item 54 of table 1 of
Section 6 designated services
have a number of obligations.
By Stephen Watts
By Marie Sullivan
BAKER AND MCKENZIE
TEM 54 PROVIDERS are typically
financial planners, although not always.
As an Item 54 in Table 1 designated
service provider, as the holder of an
Australian Financial Services Licence
(AFSL), you make arrangements for a
person to receive a designated service.
AUSTRAC has pronounced in its
Public Legal Interpretation (PLI) No. 2 –
which can be found at
that the wording of Item 54 means that if you
are the holder of an AFSL and you provide
advice, in the capacity of the holder of an
AFSL, to a person, and then arrange for a
person to receive a designated service that is a
‘financial product’ under the Corporations Act
2001 (Corporations Act), then Item 54 will
apply to you. Item 54 designated service
providers will be familiar with Chapter 7 in
Part 7.1 of Division 3 of the Corporations Act
which explains what constitutes a financial
product. By way of further explanation,
AUSTRAC reiterates that section 911A of
the Corporations Act provides that a person
who carries on a financial services business
must hold anAFSL. Section 761A of the
Corporations Act defines financial services
business as the business of providing financial
services. Section 766A of the Corporations
Act sets out when a person provides a
financial service they would have to be:
• providing financial product advice
(Section 766B); or
• dealing in a financial product (Section
• making a market for a financial product
(section 766D); or
• operating a registered scheme; or
• providing a custodial or depository
service (Section 766E); or
• engaging in conduct of a kind prescribed
by the regulations made for the purposes
of this paragraph (Paragraph 766A(1)(f)).
Conversely, and to cite an example given
by AUSTRAC in its PLI No. 2, if you are the
holder of an AFSL and you provide advice in
the capacity of the holder of an AFSL, to a
person, and arrange for a person to receive a
designated service that is not a financial service under the Corporations Act, such as a loan,
then Item 54 will not apply.
Reporting entities providing only Item 54
services may adopt the less onerous Part B
AML/CTF program. This means that from 12
December 2007 Item 54 designated service
providers are required to have a special
AML/CTF program. A ‘special’ AML/CTF
program sets out the entity’s applicable customer identification procedures (Part B) but
not the general requirements (Part A) of a
standard or joint AML/CTF program.
If you are an Item 54 reporting entity, an
AML/CTF special program documents the
compliance systems you must have in place to
meet your AML/CTF obligations.
Notably, chapters 4 and 5 of the
AML/CTF Rules in Anti-Money Laundering
and Counter-Terrorism Financing Rules
Instrument 2007 (No.1) are also relevant to
providers of Item 54 designated services.
Chapter 5 of the AML/CTF Rules requires
a reporting entity to implement appropriate
risk-based systems and controls as part of
its special AML/CTF program. Chapter 5
requires certain aspects of Chapter 4 of the
AML/CTF Rules to be incorporated into a
special AML/CTF program: Chapter 4 of
Schedule 2 of the AML/CTF Rules sets out
the specific requirements that are relevant
to Part B.
In Part B you must set out what procedures you have for checking the identification
of your customers. These will include:
(a) establishing methods for identifying
customers based upon assessments of the
ML/TF risk posed by the customer; and
(b) reidentification of certain pre-commencement customers where you believe it is
In Part B you can have different
procedures based on the type of customer,
the designated service being provided and
the circumstances in which the service is
provided (Section 88).
The customer identification procedure
you must use will depend on what type of
entity the customer is (e.g. individual,
company, trustee or partnership). A helpful
table and other supporting material can be
obtained from us.
Your special AML/CTF program will
necessarily set out what information you
need to collect and the acceptable verification
documentation for different types of
customers. Financial planners will by now
be familiar with the AML content typically
found in AML compliant product disclosure
statement application forms and will be
aware that these forms were workshopped
extensively and agreed between IFSA
and the FPA in the lead up to the commencement of the AML/CTF Act and Rules know
your customer (KYC) requirements last
December. They may not, however, be
familiar with the need to conduct a risk
assessment of ML/TF exposures nor of
the need to document any risk assessment
undertaken. Among others, risk factors
which should be considered include:
• governance risks, e.g. inadequate oversight by the board or senior management;
• operational risks, e.g. inadequate
• regulatory risk, e.g. inadequate risk
assessment and inadequacies in
the AML/CTF compliance plan
• reputational risk, e.g. inadequacies in
the AML/CTF program implementation
leading to regulator intervention and
Important things you should note about
the AML/CTF Rules governing Part B are:
(a) there are simplified (i.e. less stringent)
verification procedures for certain
companies (domestic listed companies,
subsidiaries of domestic listed companies
and companies that are licensed and
subject to regulatory oversight in their
business activities) and trustees
(registered managed investment schemes,
unregistered managed investment
schemes offered only to wholesale
clients that do not make small-scale
offerings, trusts that are subject to
regulatory oversight and government
superannuation funds established
under legislation); and
(b) where there is an agent authorised to act
for a customer, you must collect certain
information from your customer about the
agent and take certain steps to verify the
identity of the agent.
When you deal with a customer through
their agent, the agent must also be subjected
to customer identification procedures (Section
89). When your customer is a company or a
trust, your customer identification procedures
must involve persons associated with that
company or trust (Section 90).
AUSTRAC’s Risk Management and
AML/CTF Programs Guidance Note is
also very helpful: at Section 9 it details what
AUSTRAC expects to see in place with
respect to implementing a Part B Program:
Importantly, as stated, AUSTRAC will
expect to see a compliance plan that not
only sets out all identified risks, but which
also sets out the controls in place to mitigate
risk. AUSTRAC has indicated that this can
form part of other compliance plans – for
example, the compliance plan you have in
place for the purposes of complying with
your AFSL obligations.
In general, and where applicable to your
business, your individual risk assessment
(which should be undertaken by an experienced risk assessor and documented), your
obligations may include, among other things,
the requirement to carry out applicable
KYC identification procedures.
A special AML/CTF program must be
formally approved by the board or senior
management: this means it will be necessary
for the board or senior management of the
reporting entity to resolve to adopt the special
program (see Note 1, Section 86 (1) of the
What other requirements flow from your
obligations to have robust KYC procedures
Customer identification procedures,
A person who undertakes a customer identification procedure must make and retain a
record of the procedure and the information
that is obtained in the course of that procedure.
Keeping a copy of a document produced
as part of the process would suffice. These
records must be kept for seven years
(Section 113 of the AML/CTF Act).
Where another reporting entity, such as
an Item 54 AFSL holder or financial planner,
conducted the relevant customer identification
procedure on a current or prospective client
and a reporting entity is not required to carry
out the procedure on that customer itself, then
the reporting entity must be satisfied as to the
suitability of the Item 54/other reporting entity’s AML/CTF compliance procedures, be
able to access the record upon request and
have a written agreement detailing the terms
of the arrangements between it and the other
When the reporting entity receives a copy
of a record, it must keep this record for seven
years after the first time at which it is not
providing designated services to the customer
(Section 114 of the AML/CTF Act).
Reports of suspicious matters
Section 41, reports of suspicious matters,
applies to a designated service covered by
Item 54 of Table 1 in Section 6. Effective
12 December 2008, where a suspicious
matter reporting obligation arises, all
reporting entities are required to give a
report to AUSTRAC under the AML/CTF
Act about the matter within three business
days or within 24 hours if it is suspected
that the suspicion relates to the financing
of terrorism. AUSTRAC has published
samples of the new reporting forms and
their explanatory guides are available
through AUSTRAC Online:
AUSTRAC may exercise its regulatory
powers, including the making of civil
penalty orders against those reporting
entities that are not compliant and are
not taking reasonable steps to reach
compliance with their AML/CTF Act
Exemptions that apply to Item 54
Reporting entities providing designated
services that fall within Item 54 have some
reduced obligations under the AML/CTF Act
regarding customer identification and
Ongoing customer due diligence –
exemption for Item 54 reporting entities
Under Subsection 36(3) Item 54 reporting
entities are exempt from the ongoing customer
due diligence requirements prescribed by
Reports of threshold transactions
Section 44, reports of threshold transactions,
does not apply to a designated service covered
by Item 54 of Table 1 in Section 6.
Lodgment of AML/CTF compliance reports
Section 47, requirement to lodge compliance
reports to AUSTRAC, does not apply to a
reporting entity if all of the designated
services provided by the reporting entity are
covered by Item 54 of Table 1 in Section 6.
What should be done now?
If not already done, it is time for Item 54
providers to educate management and all
affected employees to ensure that they
understand the requirements and their duties,
and to ensure that they have adequately
resourced the implementation of the AML
DOING THE CRIME
China and the criminal
proceeds of ‘cinderella’ crimes
by Dr. Nick Ridley
N THE POST 9/11 DECADE, a
realignment of law enforcement
resources occurred in many jurisdictions.
Resources and manpower were prioritised
to anti-terrorism at national and international
level, and also there was a re-emphasis
on local policing. Both are laudable and
progressive, but have left a ‘middle band’ of
certain serious crimes which tend to become –
or have always been – comparatively
neglected and grown in threat accordingly.
Such crime categories have become known
as ‘cinderella’ crimes.
Certain of these are international in
scope and involve a significant Chinese
dimension. It is indeed true that the impact of
Chinese organised crime is fully recognised
in the issues of heroin trafficking and illegal
immigration, both controlled by the insidious
triad organised crime structures. However
China also affords a dimension in other types
of less prominent crime.
Illegal deforestation is resulting in serious
environmental and economic consequences for
Indonesia and South America. An area the size
of Switzerland is lost every year in South-East
Asia due to illegal logging. China is a main
factor in this. In 2005, the international NGO –
the Environmental Investigation Agency;
and in 2008, Greenpeace, both cited Chinese
demand for merbau trees as the principal
demand generator for illegal deforestation
in Indonesia’s Papua province.
Counterfeiting of goods has grown exponentially, partially due to lack of coordinated
governmental and law enforcement action.
The annual value of counterfeit goods
globally is estimated at €450 million,
Cigarette smuggling has also grown
globally; a World Bank Report estimated over
33% of all cigarettes exported are smuggled
and re-exported. China is both a consumer
and transit country for smuggled cigarettes.
On a regional basis, cigarettes are smuggled
in millions into China from Vietnam; on a
global scale, 18% of all exported smuggled
cigarettes have transited Jiangman, in China’s
IN THE WORDS OF AN ANONYMOUS CHINESE LAW
ENFORCEMENT SOURCE, “... THE LAW IS STRONG AND
ADEQUATE ENOUGH, THE PROBLEM IS ENFORCING. ”
a 150% increase from half a decade ago.
The number of counterfeited goods intercepted on entry to the EU has increased 1000%
over the same period. 80% of counterfeit
medicines, and 70% of counterfeit household
goods entering the EU originate from China.
In 2004 Chinese authorities strengthened the
laws of arrest and seizure, but there remain
significant vested economic interests in the
in international counterfeiting of goods. In
the words of an anonymous Chinese law
enforcement source, “... the law is strong and
adequate enough, the problem is enforcing. ”
Much of the criminal proceeds from
counterfeiting are being laundered within
China; intelligence indicators indicate that
the proceeds of illegal logging and cigarette
smuggling are also being laundered through
China. In 2007 and 2008 money laundering
cases investigated by Chinese authorities
totalled the equivalent of €89 million
in suspected criminal proceeds. Only 10%
was suspected drug trafficking proceeds;
the rest were diverse crimes including the
DOING THE CRIME
Criminal proceeds of these ‘cinderella’
crime categories are laundered in China.
However, as far as the Chinese authorities
were concerned, until comparatively recently
money laundering itself appears to have
been a ‘cinderella’ crime.
In China anti-money laundering measures
have only recently made significant advances
and effective international money laundering
control is still limited. The intense efforts
did not start until 2002, the first anti-money
laundering law was drafted in 2004, with
no less than ten differing judicial, law
enforcement and financial agencies involved.
In October 2006, China passed anti-money
laundering legislation containing basic
customer identification provisions. These only
came into effect on 1 January 2007.
The biggest money laundering case in
recent history occurred in China in 2007. The
case involved the equivalent of an estimated
633 million US$ over two years and exploiting 68 different bank accounts, The accounts
were held at banks in different regions of
China and abroad. Monies were moved from
account to account in complex and phased
groups of simultaneous transactions
The Financial Action Task Force 2007
assessment of anti-money laundering and
counter-terrorist financing measures in China
recorded that China had made significant
progress in implementing its AML/CFT
system in a short period of time. However,
it noted a reluctance to pursue money
laundering as a stand-alone offence, and also
identified a major vulnerability in the lack
of information on beneficial ownership of
From the crime trends and the laundering
cases dealt with so far within China there
are some points worthy of note in terms of
international anti money laundering efforts.
Firstly, banking institutions remain a
principal vehicle for placement of the criminal
proceeds, and banks within the Chinese
banking system and banks in other
jurisdictions, including Australian banks,
are essential in layering.
Secondly, in funds moving, both within
China and on the international transfer dimension, certain account patterns have become
apparent. These include bank to second bank
transfers in two stages over an 8 day working
period, followed by transfers of the majority
of the funds from the second bank to third and
fourth institutions simultaneously with the
remainder being withdrawn from the second
bank in cash deposits, and then physically
couriered. The third and fourth ‘receiving’
banks are in differing jurisdictions.
Thirdly, the Chinese experience of
laundering the proceeds of smuggled goods
in several cases has revealed the increasing
use of debit cards as a form of laundering
transfer, usually combining transferred
deposits into banks and cash withdrawals in
another location, or jurisdiction. Globally, the
growth of prepaid debit cards is increasing.
Within the USA between 2005 and 2008 debit
card issuance and use has increased at three
times the rate of credit cards. Within the EU
between 2006 and 2010 overall spending
by use of prepaid cards will be in excess of
€75 billion, encompassing a four year period
yearly growth rate of 110%. In China there
are 1.58 billion credit and debit cards,
of which 91% are debit cards.
A particular threat is posed from the open
systems cards, which enable speedy transfer
of monies through replenishing value on an
international basis and via international ATM
systems. Such cards are not legally defined
as monetary instruments either in the USA
or in the EU. They can be openly carried,
transported or sent across borders.
Fourthly, training of bank staff can result
in useful monitoring of customer behaviour.
In the above money laundering case involving
the 633 million US$, alert bank staff in
different banks reported several instances
of incongruous behaviour by customers
(the involved perpetrators). The reports were
collated, disseminated to law enforcement
and were of value in the investigation.
The objective of this article is not to
vilify or to isolate China as an expanding
criminal hub. Chinese law enforcement
authorities have shown the highest commitment to eradicating crime, engage in international criminal co-operation and are deeply
conscious of the adverse impact of such trends
on their country. However, given the growing
economic role of China, and its position
regarding the international money flow
circulation of capital within the current ailing
global financial systems, such ‘cinderella’
crime trends and the accruing criminal
proceeds impact globally. In strategic terms,
the criminal commodities particularly impact
westwards, but the laundering of the proceeds
is carried out on an Asian axis.
for Cinderella crimes:
Connection with countries involved
Connection with timber businesses
in countries involved in deforestation;
Client has businesses that do trade
through Jiangman in China;
Client imports goods susceptible to
counterfeiting from China;
Debit card use crossing country borders;
Open system card use where value is
replenished on an international basis and
via international ATM systems.
Dr. Ridley will be making a regular contribution
to the AFMA anti money laundering magazine
on the theme “Doing the crime.” He is senior
lecturer at the John Grieve Centre for Police
Studies, DASS, London Metropolitan University.
He was a criminal intelligence analyst for
just over 22 years, firstly at the Metropolitan
Police, New Scotland Yard, in various departments including the Anti Terrorist Branch,
and then at Europol, in The Hague, Netherlands
At both Scotland Yard and Europol he
specialised in organised crime from south east
Europe, anti money laundering and terrorism.
In 2006-2007 he was a holder of a Research
Fellowship from the Airey Neave Trust
researching an aspect of terrorist financing,
and also occasionally lecturing at the NATO
Centre of Excellence – DAT in Ankara Turkey
in financing of terrorism.
AML skills – is there
really a drought?
Ever since Australia’s financial services industry woke up to find
out it had to implement a risk-based anti-money laundering (AML)
regime from the ground up, there was panic. It was widely thought
that there would be a critical skills shortage which had to be
addressed as soon as possible.
NEW REGIME would require
massive cultural change, exorbitant
technology expenditure, intensive
retraining and education programs, and the
adoption of internationally-experienced
consultants and technicians.
The industry was given a set of staggered
deadlines with which to do their own know
your customer (KYC) and AML risk management and monitoring – subject, inevitably, to
the regulator’s satisfaction. The immediate
impulse was to bring in superior and more
experienced management, and that had to
come from overseas.
The thinking was: Australia’s compliance
and AML skills were outmoded, formed under
the benign but dated auspices of the 20-yearold Cash Transaction Reporting Act. This
country has to catch with our more sophisticated brethren in Europe (particularly the UK)
and the US, who were way ahead of us.
Then, of course, in the space of the past
six to 12 months, the jurisdictions from which
the expertise has been tapped (and from which
Australia has taken its AML compliance cue)
have delivered nothing better than confused
and half-evolved risk-based regimes. The
international risk management industry as a
whole has an even less worthy scorecard,
failing to foresee the largest credit crisis in
history, the result – at least partially – of poor
oversight and controls. Australian banks and
financial organisations remain relatively aloof
and unsullied by the poor judgements which
have brought about the credit crunch, but they
are not immune to its consequences.
The paradox for the industry is that the
skills shortage which institutions have feared
and made provision for, may very soon
become a surplus. The Australian banking
industry is now in the midst of a major contraction, resizing itself from the top down.
By Adam Courtenay
Just this year, the industry has witnessed
Westpac’s acquisition of stricken mortgage
provider RAMS Home Loans Group, not to
mention the bank’s $16.6 billion takeover
of St George Bank, which is expected to take
place this quarter. Adelaide Bank and Bendigo
Bank have merged and Commonwealth Bank
of Australia has finalised its $2 billion
acquisition of BankWest from its struggling
UK parent HBOS. At the time of writing
there was much talk of the impending
break-up of the banking, wealth and insurance
arms of Suncorp.
What this means for the so-called skills
shortage in the AML arena is as yet unclear,
but there are well-known precedents. The
so-called ‘synergies’ of these deals tend to
mean only one thing – the integration of IT
systems and the shedding of large numbers
of staff, particularly in the back office. In this
climate, there is no room for duplication.
‘We know that when there are merger
talks, there is generally a freeze on compliance personnel at the best, but at worst there’s
a reduction,’ says Chris Cass, Deloitte’s lead
‘It’s inevitable when you bring together
two large risk and compliance teams, there
will be casualties. And it’s all happening at
a time when good-quality risk management
personnel are critical.’
According to press articles, ANZ intends
to axe hundreds of middle-management roles
and other banks are looking at their cost bases
‘as the lending market cools’. Arguably, most
at risk are Westpac and St George workers,
whose takeover agreement may result in as
many as 5000 job cuts according to union
estimates. Westpac has so far declined to
provide details about expected job losses
under the merger. What about AML? Not
surprisingly, Andrew Smith, head of fraud
and AML control at Westpac, was unable to
comment on the skills fallout which may
befall the merger of the two teams.
However, it is known that both banks
have adopted Norkom Technologies as their
main AML transactions monitoring tool. The
synergies there, at least, could not be better.
In the same vein, Bendigo Bank and Adelaide
Bank have recently reported a very successful
integration of their AML systems. This of
course, is not the same as personnel synergies.
Despite the credit crisis and the ensuing
banking sector consolidation, there are still
skills shortages in AML, which are changing
in both type and volume as compliance
with the legislation continues to progress.
Recruitment firm Hays Legal says it has been
used regularly by some large financial services
firms to go ‘shopping’ for skilled AML and
compliance personnel in the UK, the jurisdiction most closely resembling our own.
‘Often they are hoping to lure back
Aussies who have middle-ranking compliance
or AML experience in the UK, who might be
looking for more senior roles back home,’
says Daniel Sterling, financial services section
manager at Hays.
“We know that when
there are merger talks,
there is generally a
freeze on compliance
personnel at the best,
but at worst there’s
Chris Cass, Deloitte
‘But the hardest people to find are senior
people with decent AML management experience. This area is very specialised and what is
needed is people with strong advisory and/or
While there is still a call for middle and
senior-ranking AML experts to come to
Australia, some say this demand is slowing as
the local firms retrain staff in the midst of
fashioning their own local risk-based programs.
The immediate needs of banks and wealth
management companies are fairly clear and
a quick trawl of recruitment agencies shows
where they lie – good business analysts and
program managers are in short supply. Typical
is the need for a program manager for AML
roll-out and AML compliance for a major bank;
or for good business analysts with credit card
Transactional analytics and monitoring
customer behaviour is foremost in big and
medium players’ minds. The need is very
much IT-based and ‘business change’ related.
Most of the largest financial organisations are
in the midst of rolling out their new transaction monitoring systems and need people to
run the programs and analyse the transactions
which the technology will require.
There is a need for people who can investigate alerts and conduct case management to
determine if a firm has to report suspicions.
“This area is very specialised and what is
needed is people with strong advisory and/or
Daniel Sterling, Hays Legal
There is an analytics management side as well
– skills to determine that the software tool is
being used to best effect by an institution.
So far big banks such as ANZ, Westpac,
NAB and St George have adopted Norkom
Technologies as their major transactions
intelligence tool. CBA and Bank of
Queensland have opted for AML compliance
software from SAS.
What about the smaller wealth and fund
management companies? Phil Anderson,
AML/CTF compliance officer at Perpetual,
says he doubts many fund managers have
given thought to transaction monitoring,
and predicts that the demand for program
management experts and business analysts
will soon become critical.
‘We haven’t yet come to a point where
we have the business-as-usual personnel in
place,’ says Anderson. ‘It’s an issue I’ve
raised at various industry groups – that is,
where will people go looking for analysts
who will do the work around assessing alerts
and investigating potential issues?’
‘It needs to be done in a short time frame
and it will be challenging,’ Anderson says.
‘You can’t go overseas for that level of
expertise – analysts simply aren’t paid at
that high a level.’
Zoe Lester, group AML/CTF officer at
the soon to be merged St George, says the
bank has many of its business as usual roles
in places. Lester says the initial need for
senior overseas recruits with risk-based
AML experience was far greater 12 months
ago, but that international experience is
no longer so critical.
‘A year ago it was more important than
it is now – but we’ve seen a concerted
upskilling in the past 12 months and it has
been a big learning curve for most people,’
‘Having international experience is great
– but it’s now becoming no more important
than having people with a sound knowledge
of the Australian regime.’
All the same, Lester agrees that there are
always opportunities for middle-ranking
implementation managers from overseas who
have been ‘amongst the detail’.
‘It would be easier for them to get a
more senior operational position here now,’
Anderson at Perpetual says it is difficult
to find people who can conform to exact roles
required by the new laws. For instance, at one
point he was seeking someone with strong
corporate trust experience with an AML
background, but the combination was almost
impossible to find.
In both project and business as usual
roles, you have to improvise, he says. ‘If your
focus is on someone for investigations, does
the person you’re seeking also have enough
business or pure AML knowledge?’ he asks.
‘Or if you’re putting someone in an
analyst’s role, you may find someone who
knows the customer service function or who
has good business knowledge, but then needs
to be reskilled for AML.’
While the big banks tend to say they’re
confident in the design of their programs,
they are not without skills shortages, not
“It’s not rocket science.”
Gary Gill, KPMG
much towards implementation, and much of
that is about getting our data ready for the
Bell admits the market is short on
Norkom expertise and that the bank needs
to hire contractors for that work. ‘Even the
Norkom contractors are in short supply,’
Bell says that in the business as usual
roles, he intends not to hire from outside
but to train staff internally. ‘There’s going to
be a significant training component required,’
Like Lester at St George, Westpac’s
Andrew Smith says the need for overseas
expertise has diminished as needs have
changed. While they may have the skills to
understand things that ‘do and don’t work
from a point of view of controls’, it has to be
done in a local, risk-based environment.
‘It requires a new level of thinking – you
are trying to marry AML compliance with
operational risk thinking,’ he says.
“...we’ve seen a concerted upskilling in the past
12 months and it has been a big learning curve
for most people.”
Zoe Lester, St George
surprisingly related to their current IT
Geoff Bell, ANZ’s general manager
of group compliance, says the bank has
had to rely on a large number of people
and skills from outside ANZ, particularly
in the past six months.
‘The Norkom system we’re implementing
requires brand-new technology – and that’s
true for all the banks,’ says Bell. ‘Up until
eight to 12 months ago the program was
at a design phase, and we were putting
that in to deliver a compliance solution.
But since then that has transitioned very
Smith also believes in reskilling the
right kind of candidate for the AML context
rather than finding a perfect match. Westpac
is always looking for people with skills to
analyse risk and vulnerability, who can help
design the framework the bank will use to
‘I do put a premium on risk professionals.
Essentially we’ve been looking for people
with good risk experience and then bringing
them into the game,’ Smith says.
The use of consultants has changed.
In the lead-up to the legislation – and in its
initial phases – many of the larger companies
sought out the big four consultancy firms to
define parameters and do scoping studies.
Many of the big four also had the
international experience which was deemed
so critical when the AML/CTF law was
‘We often used them on an advisory
basis to provide us with a sounding board
rather than outsourcing an entire project
to them,’ says Bell at ANZ. ‘They
provided us with key design or compliance
interpretations, and we think we used them
effectively for that.’
The consultants, of course, tend to
think they haven’t been used enough, and
that too many financial services firms have
opted – from the board-level down – for
minimal ‘box-ticking’ rather than good
KPMG forensic partner Gary Gill
believes there’s still a general shortage of
good risk-management people across the
board who understand AML. He does believe
that a good risk manager can adapt without
too much difficulty to the AML world.
‘It’s not rocket science,’ Gill says.
Gill says that in the end it is the
regulator’s attitude which may have the
last say on skills and personnel requirements.
If AUSTRAC takes a tougher stance than it
has hitherto signalled, then a number of
people will be caught short. ‘They will have
to go back and fill the gaps and where will
they go? They will have to use consultants
and it will be expensive,’ Gill says.
Cass at Deloitte agrees that the skills
gap is for people with experience in finding
‘the fault-lines in operational control
infrastructure’. These are the ‘skills gaps’
which could leave a company vulnerable
to fraud and laundering, he says.
Nor is technology the sole answer.
Cass says the problem is that too many
big firms think transaction monitoring
will be the saviour, when in fact it is a
secondary control, and less important than
putting in a good KYC system.
‘So many people have put their whole
strategy into doing minimal work on the
KYC end and then hope the technology
will find the launderers. This is not a risk
and detection of
client tax evasion
By Kenneth Rijock
FINANCIAL CRIME CONSULTANT
Illustration by Elly Walton
OVERNMENTAL regulators and
compliance officers at financial
institutions often encounter unusual
patterns and activity when examining financial records, but many are unaware that what
they are seeing is often a simple variation of
tax evasion, that pedestrian form of financial
crime, but one that often escapes detection.
Today we examine what indicia, or ‘red flags’
might indicate its presence.
First of all, let us profile the common
business tax evader; he or she is generally
the owner and operator of a cash-intensive
business, where payment by credit card or
cheque is either an unacceptable part of
the industry’s culture, or is traditionally a
business that has existed long before modern
forms of electro-payment.
The evader diverts a portion of the net
profits, generally somewhere between 15 and
30%, artfully fails to enter them properly into
the accounts of the company, and secretes
them, generally but not universally offshore,
in a tax haven jurisdiction or in a disguised
onshore location. Are all your cash receipt
clients then high-risk for tax evasion? Perhaps
you may have noticed some of them engaged
in suspicious activity.
Unfortunately, it is never so simple. The
truth is that there are certain sub-classes of
these clients who are even more apt to evade
the taxman with a substantial portion of their
income. Let us examine some of them:
• Professionals whose malpractice coverage
may not cover their entire range of risk,
and who choose to move a large sum of
their fees, generally those generated in
cash, to an offshore tax haven. Though
they compound their crimes by failing to
report the cash fees they receive, and then
bulk-cash smuggle into a cooperating
bank, their tax evasion is accomplished
under the excuse of “Asset Protection.”
THOUGH THEY COMPOUND THEIR CRIMES ... THEIR TAX EVASION
IS ACCOMPLISHED UNDER THE EXCUSE OF “ASSET PROTECTION.”
Clients whose ultimate goal is to retire
offshore, and who gleefully create
accounts there for their “Golden Years,”
through profit diversion from their cashintensive businesses. They take liberties
with generally accepted accounting
principles, and hope they will not be
unmasked before they flee to a zero-tax
jurisdiction in a warm climate.
Affluent, cheating husbands with high
incomes, who are contemplating divorce,
and re-marriage to the latest flame.
Their divorce settlements depend upon
a minimization of the profit picture.
Crooked partners intent upon defrauding
their business associates, who are often
absentee investors, and are taking an
excessive, an unauthorized, share,
and parking it some obscure part of
the financial world.
All of the above types represent the
highest degree of risk, in a class of businessmen and women who have the singular ability
to manipulate their above-the-waterline cash
receipts and profit picture.
So, what us to be done to identify and
interdict these illicit funds on a real time
basis? We return to the basics, for it is not the
departed, covertly-smuggled funds, but what
is left behind, that tells the tale for the
Look at the following:
Conduct inconsistent with their
specific trade or business. Hint: look at the
competition and compare the operations.
Does something not fit? Is there a normal
amount of reinvestment of profits into the
physical assets? Are they running a successful
company on a shoestring? Maybe the string is
International travel, by management or
the owners, that is not normal with this type
of business. Is he monitoring his offshore
accounts? Do the credit card statements show
trips to exotic locales, when the company’s
market focus is totally domestic?
Is there a marked reluctance to divulge
details, to your account representative,
about suppliers, clients, customers, or other
affiliates? One of these may be totally bogus,
and a front organization facilitating the
movement of substantial cash offshore. Have
you satisfied yourself that the companies that
the client deals with are not shells?
Is the client methodically disposing of his
immobile assets, thereby facilitating an easy
transition to another jurisdiction? Have his or
her ties to the community begun to weaken?
Is the business for sale?
Have gross and net profits declined in
a business that has been expanding exponentially until recently, without any logical
reason? If purchases of wholesale or raw
materials have not similarly dropped, there
may be a diversion of cash.
Has the client opened up any new accounts
in a city where he had neither business nor
customers? Does the owner now make the
deposits himself, instead of the employees?
Moving away from cash businesses, a
business that is involved in import and export
may use import transactions to move value
offshore through invoices which over-state
amounts to be paid to offshore companies
who then remit the additional value to a suitable account in an offshore jurisdiction for
the business. The business benefits through
higher tax deductions for goods imported
and retains the value outside its higher taxed
country. A similar approach using export
transactions for under-stated values keeps
domestic income low and allows the funds to
be diverted again to tax havens.
Businesses that supply consultancy
services internationally find it easy to use over
stated and under stated invoicing with little
risk of detection because establishing the
value of such services is in the eye of the
beholder (the receiver).
Whilst these indicators of possible tax
evasion activity are certainly not iron-clad
evidence, look carefully at any company
whose actions are similar to those appearing
above, for you may have uncovered a client
who is a tax evader; Happy hunting.
Kenneth Rijock is believed to be the only former
banking attorney-turned career money launderer
who actively consults with law enforcement
and the financial community. He has more
than 25 years’ experience in the field of money
laundering, as a practicing ‘laundryman’,
financial institution compliance consultant,
and trainer/lecturer to law enforcement and the
intelligence services of both the United States
and Canada. After serving as a banking lawyer
in an international law firm, he spent the
decade of the 1980s as a money launderer and
advisor to narcotics trafficking organisations
operating in North and South America. Whilst
serving a federal prison sentence for racketeering
and money laundering, he assisted with the
first joint Swiss-American money laundering
investigation of bankers and lawyers, which
resulted in a major seizure of the proceeds of
crime. Kenneth writes a daily AML column. For
more information visit www.world-check.com
Don’t get taken to the cleaners
Subscribe to anti-money laundering magazine, the
definitive source of information for the financial services sector
on anti-money laundering and counter-terrorist financing.
Call our subscription department today on 02 9776 7923
Are you struggling with making the link between
money laundering risk and customer identification
procedures? This case study is designed to help.
Use the risk indicators to review the quality of your
anti-money laundering/counter-terrorism financing
risk assessment. And use the AML/CTF controls
to consider whether your processes would have
identified some of the indicators in this case.
Although Bendigo Bank and Adelaide Bank contributed
some of the controls and risk indicators in this
typology, nothing in this case resembles any
transactions or clients handled by Bendigo Bank and
Adelaide Bank. For most lenders, the facts in this case
would be unlikely to have proceeded past the credit
application stage without detection by their risk
controls. However, as the two trusts in this case used
at least nine financial institutions, it is possible that
one or more may have missed key risk indicators.
CHINESE NATIONAL aged in her 40s arrived in
Australia having secured a permanent residency visa.
On her arrival she opened several deposit accounts in
the name of a trust which was established in Hong Kong with a bank
(FI #1). She was one of two beneficiaries of the trust and supplied
her name and address during the account-opening procedures.
The trustee of the trust was a professional services company in
Hong Kong which provided agency and trustee services.
Within six months of her arrival she applied for a mortgage
through a mortgage broker for 50 per cent of the estimated value of
a small commercial property which had been acquired in the name
of a trust at the same time as her arrival. This estimated value aligned
with the purchase price stated on the transfer of title. The property
had been unencumbered since the trust had acquired it.
The funds advanced were provided by a non-bank financial
institution (FI #2), deposited in the accounts with FI #1 and then
immediately transferred to the Cayman Islands to accounts in the
names of third parties.
Following this advance and overseas transactions, the trust
subsequently sought three more loans over three more properties.
Each property had been unencumbered since acquisition by the trust,
and the funds sought were for 50 per cent of their estimated value,
which again aligned with the purchase price on the transfer of title.
The acquisition dates of each property were close to the date of
arrival of the Chinese national.
The applications were made by the same broker to three separate
non-bank financial institutions, one per property (FI #3-5). All
lenders relied on the accounts opened at the banks in the name
of the trust as supporting information for the verification of the
All the estimates of value were provided by a local valuer to the
applicant and discussed verbally with the lenders’ valuers as well as
verified against the transfers of title.
Six months later, after the funds had been advanced on the last
of the four properties, the trust then sold the properties for twice the
values used to secure the four mortgages to a single purchaser,
which also was a trust established in the US.
The purchaser operated through a local law firm and used the
same mortgage broker to secure funding for 90 per cent of the new
value from four separate non-bank financial institutions (FI #6-9).
The same valuer provided new valuation reports supporting the
doubling in value for each from a valuer that was well respected.
The financial institutions relied on these valuation reports and did not
conduct their own valuation because the broker implied that the purchaser was prepared to borrow elsewhere if the approval was delayed.
The trust paid out the original loans in full and deposited the
proceeds into the various accounts the Chinese national had opened
on her arrival with FI #1,where the money was then immediately
transferred to the Cayman Islands to accounts in the names of third
parties. There had been no other funds deposited to these deposit
accounts since the opening deposit and the first mortgage advance.
The Chinese national stated that the purpose of the transfer was to
settle acquisition of property in Hong Kong.
The purchaser defaulted on the mortgage payments on all four
loans. The four non-bank financial institutions discovered that the
purchaser’s identity information was false and that there was a
relationship between the valuer, the vendor and the purchaser.
The value of the property was commensurate with the original
transfer values not with the price paid by the purchaser and the
valuations supplied by the US trust were forged.
Subsequent investigation showed that the purchase funds for
the properties acquired by the trust were all sent from the Cayman
Islands to the trust account of the Australian lawyer handling the
acquisitions. All Cayman Island accounts were found to be in
the names of the same third parties that received the subsequent
Note – this customer interacted with nine financial institutions, each of which only saw a segment of the customer’s actions, and this is a
perennial problem for all financial institutions. Active credit reports existed for four of these lenders in respect of the first four mortgages
depending on timing of application, and may have existed for some of the second four mortgages, depending on timing of application.
Client is a trust established overseas.
Persons associated with the trust and one of the beneficiaries is a Chinese national.
The Chinese national has only recently arrived in Australia.
Short period of time in Australia on a working visa and no permanent residency papers.
Active credit report across various lenders depending on timing of applications.
Associations with Hong Kong, China and Cayman Islands.
Description of possible controls
• The combination of an overseas trust and association with a Chinese national
should have lead FIs #1-5 to conduct due diligence appropriate to high ML/TF risk
customers of this type. This would overlap with the information obtained from the
credit applications by FIs #2-5 but would be an expansion for FI#1 who was
opening deposit accounts.
Chapter 4 AML/CTF Rules
requiring consideration of
what additional KYC information would be collected
at customer acceptance, using
a risk based approach.
• The type of additional KYC information that would be useful would relate to
reason for investment in Australia, source of funds for acquisition of properties,
source of income, source of wealth, stronger verification requirements such as
certificates of incumbency for the trust, notarised identification papers for the
Chinese national, the purpose of the trust, details of other beneficiaries, and value
and volume of transactions for the deposit account.
• Assessment of the need for Foreign Investment Review Board approval for both
trusts to acquire property should be completed.
• The credit risk-assessment processes should be tuned for money laundering risk,
including the multiple active credit reports associated with the same trust.
• Lenders should always conduct their own valuations and not rely on valuations
reflected by transfer documents or on valuation reports supplied by the customer –
irrespective of how well respected the valuer’s name is.
Chapter 15 of the AML/CTF
Rules requiring (from
December 2008) consideration
of what additional KYC is
required from customers
during the life of the relationship for ongoing customer
due diligence purposes.
Sections 84 and 85 of the
AML/CTF Act setting
out the obligation to identify,
mitigate and manage
• Staff processing applications for overseas payments should be seeking
information and documents to support the stated purpose of the payment where
higher risk customers or higher risk countries are involved.
• International transfers to third parties where higher risk customers or higher risk
countries are involved should lead to requests for details of the relationship with the
third party. Heightened due diligence could include public domain searching on
parties involved in the transaction, fraud and other blacklists etc.
• The higher ML/TF risk of these customers suggests that the customer relationship
should be managed by a relationship manager with a review cycle of three months
after drawdown or establishment of the deposit accounts, then annually or on the
occurrence of transactions above certain thresholds or with certain characteristics
such as payments to the Cayman islands.
Chapter 15 of the
(from December 2008)
monitoring of transactions.
• Transaction monitoring would be tuned to look for transactions above certain
thresholds or with certain characteristics, and include weightings drawn from the
high ML/TF risk ratings.
Table continues next page
Description of possible controls
• Generally, lenders should ensure that the mortgage broker has accreditation with
the lender and is a member of MFAA or FPAA and has conducted AML training.
These requirements ensure a certain level of probity has been conducted on the
broker before establishing a relationship with it. Examples of such probity controls
are set out below:
Sections 84 and 85 of the
AML/CTF Act setting out the
obligation to identify, mitigate
and manage ML/TF risks.
• The MFAA conducts police checks on brokers, which acts as a further level of
• Requiring the broker to have two referees and professional indemnity insurance.
• Establishing a dedicated relationship between the broker and one of the lender’s
• Close monitoring and detailed investigation of losses and unusual events
involving the broker (including fraud).
• Conducting spot file reviews on the broker’s customer files.
• Acting on fraud or poor lending practices which involve the brokers.
• Reporting the broker to both the MFAA or FPAA and the police as well
• Generally, lenders are likely to have the following valuer controls in place:
• All properties might be required to have an independent valuation from a
‘panel’ managed by the lender.
Sections 84 and 85 of the
AML/CTF Act setting out the
obligation to identify, mitigate
and manage ML/TF risks.
• The valuation assignment is randomly allocated thus avoiding increased exposure
to the one valuer who might be corrupt.
• Valuations are randomly rechecked as part of the compliance program by way of
a check valuation.
• Valuations cannot be reassigned and are only valid for three months.
• Strict agreements are in place with valuers regarding the way they
• All valuers are reviewed annually.
• Valuations that differ markedly from the values provided by the customer lead to
immediate detailed investigation of all aspects of the customer’s application and
broader relationship with the lender.
• KYC requirements are documented and training conducted for those that open
accounts covering both minimum requirements and the more detailed requirements
for higher risk customers.
Chapters 8 and 9 of the
AML/CTF Rules require
• Credit assessment staff need to be trained on the money laundering implications
of what they look at. Much of this training will focus on red flags and why certain
characteristics are indicators of higher money laundering risk e.g. the use of
overseas trusts and the involvement of higher risk countries.
• Training for relationship managers involved in the different aspects of the trust’s
relationships with financial institutions should also focus on red flags and why
certain characteristics are indicators of higher money laundering risk e.g. the use of
overseas trusts and the involvement of higher risk countries.
• Staff processing overseas payments also need red flag training.
• Transaction monitoring rules designed to identify unusual credits/debits and
specific rules for mortgage spiking might also act as early detection mechanisms
in this case.
Chapter 15 of the AML/CTF
Rules (from December 2008)
monitoring of transactions.
Take the bite out of AML and
On June 12 2007, the Australian
parliament passed the second phase of
its Anti-Money Laundering and CounterTerrorism Financing Act 2006, which
introduced correspondent banking
The Australian Transaction Reports
and Analysis Centre will carry out more
rigorous on-site inspections to examine
AML/CTF programmes, including
processes; recordkeeping systems;
ongoing customer due diligence; and the
regulator’s strict guidance on transaction
reporting and in-house training.
Complinet Global Screening
Complinet’s Global Screening solutions can help to reduce your
organisation’s exposure to unacceptable clients and transaction activities.
AML solution. Complinet’s Global Screening delivers a smarter end-toHQGSURFHVVWKDWUHGXFHVIDOVHSRVLWLYHVPD[LPLVHVHI¿FLHQF\DQGFXWV
your operational screening costs.
Find out more about Complinet’s Global Screening solutions at
Complinet AML training and e-learning
Complinet combines expert content with cutting-edge design capability to
help organisations meet all their AML training needs. Our market-ready
Abuse and Insider Dealing.
The new obligations will create immense
Find out more about Complinet’s e-learning solutions at
have only one year to implement the
To register for a free trial, visit www.complinet.com or
reforms and become fully compliant.
contact us on [email protected]
6400| | fax:
6405| | email: