Critical Evaluation Of AML/CTF Compliance Responsibility For Financial Services Organizations Essay.

You are the newly appointed AML/CTF compliance officer for an Australian-based financial services organisation. Your predecessor recently left the organisation after a visit from AUSTRAC’s Regulatory Review Team. The review uncovered several areas of concern and you have been recruited to manage the response to AUSTRAC and the remediation program required to ensure future compliance with regulatory obligations.

One of your first priorities as the newly recruited AML/CTF compliance officer, is to provide an overview with regard to the responsibilities the board of directors and the senior management team (SMT) hold in relation to the AML/CTF program within the organisation.

Produce a report for the board and SMT that critically evaluates the importance of the following aspects:

• The need for the board and SMT to fully understand the importance of identifying, mitigating and managing the risks associated with ML/TF, along with a recommendation as to why business unit heads should own this responsibility. This part of the report should comment on the importance of the risk-based approach as part of the AML/CTF framework.

• Explain the importance of introducing key result areas in order to measure the effectiveness and compliance of business unit heads in relation to the AML/CTF program; and how bonuses could be used to promote such effectiveness.

• The framework underpinning the responsibility of the Board and SMT to ensure the organisation implements an effective ‘compliance culture’.

Within the report, include a ‘roles and responsibilities’ framework that illustrates how the organisation should manage the overall ML/TF risks. Include relevant guidance as well as relevant legislative and regulatory provisions to support your discussions.

To support your report, you decide to prepare an appendix to it that identifies and discusses the key areas of the AML/CTF program within the organisation.

Write the appendix, ensuring it includes the following:

• An overview of the steps the organisation should take to assess the ML/TF risks it faces, as well as the risk indicators it should develop to detect any vulnerabilities.

• A brief summary of the systems and risk-based controls that should be in place as a result of a risk-based approach.

• An overview of the top five management information reports that would assist the board and SMT with regard to their oversight responsibilities in relation to the AML/CTF program.

Significance of identifying, managing and mitigating ML/TF risks

According to Chaikin (2018) terrorism financing means any activity which provides for financial support to non state actors or individual terrorist. A government generally passes law to block any form of financial support which is provided to such groups. These laws are used all around the world to prevent terrorism activities. There have been recommendations which have been made by the Financial Action Task Force on Money Laundering to prevent such actions. Choo (2015) argues that it is the responsibility of management of an organization to ensure that these activities are eradicated.  This section of the paper deals with the requirement of the Senior Management Team (SMT) of ANZ Private Bank to totally understand the significance of identifying, managing and mitigating the risk associated with money laundering and terrorism financing. The part also provides for recommendations as to why the heads of business units should take up this responsibility. The part also comments on the significance of having as a part of the AML or CTF structure a risk based approach. The importance of introduction of key areas of result for the purpose of evaluating the compliance and effectiveness of business unit heads with respect to programs of AML and CTF and the use of bonuses to enhance the effectiveness. The framework which underpins the responsibility of the SMT and the board for ensuring that an effective compliance culture is maintained within the organization is also included in the report. The report includes roles and responsibilities structure which shows the overall risk related to ML and TF can be addressed by the organization. The report in the light of relevant guidance and regulatory and legislative provisions the discussions are provided support.

As argued by June (2016) the integrity of businesses and the financial sector as a whole is undermined by Money laundering. The integrity of financial and banking services is largely based on the perception that its operations are within a frame of high ethical, professional and legal standards. There have been various researchers conducted in relation to determining the perception of AML/CTF regime by the Australian businesses, specifically their perception on customers and clients who pose higher risk of money laundering. The kind of money laundering risks posed to the business and the ways in which they can be reduced is also been analyzed. The reputation possessed by the financial sector in relation to integrity is its most valuable asset. In case funds form a criminal activity can be processed via a specific institution either because its directors or employees have been bribed or as the institution does not provide any relevance or importance criminal nature of the funding, the institution can become a criminal network itself and could be drawn in complicity with the criminals. Evidence in relation to such complicity always have a derogatory effect on the attitude of other financial organizations and of other regulatory organizations along with the general customers. Testimony on such sentiments can be provided by the scandal in the Bank of Credit and Commerce in the early 90s (Serhan, Mikhael and El Warrak 2016.).

Risk-based approach

 In addition there are also potential negative macro economic consequences of not attended money laundering. ML/FT are activities in which money is mainly transferred for distorting or concealing their sources and are initiated through banking systems along with other mediums. Banking corporations are at the frontline of the process of stopping such practices. In addition to debasement of values against which appropriate law gives a defence, the use of a banking company for ML/FT transactions by terrorists or criminals may tarnish the reputation of as well as public confidence in total system of banking (King 2018). Thus the senior management and the board of directors have to have in place procedures and policies for managing FT/ML risks and also monitor the implementation of the same as an integral part of the banking activities. A Senior Management team consist of people such as the chief officers, the deputy chief officers, the board of directors and any such related position. It is the responsibility of the SMT to form a written policy in AML/CTF which includes the fundamental principles through which the staff and the management shall act. They have to create procedures for the implementation of such policies so that inadvertent and deliberate abuse of the banking corporations by different entities can be prevented. They have to assure that they allocate adequate resources to AML/CTF officers such as human resources and financial resources so `that the objective of the banking corporation can be attained.  They have to at least annually identify and assess ML/TF risks which the banking sector is subjected to and make plans for addressing the identified risks. Thus it is important for the Senior Management Team (SMT) to totally understand the significance of identifying, managing and mitigating the risk associated with money laundering and terrorism financing. It is not only obligated to do under legal provisions but also they have to carry out such activities to ensure the integrity of the institution (Rose 2018). They have to take up the responsibility as running the entity in a effective manner is their responsibility and they also have the duty of act with due diligence and care under the provisions of section 180(1) of the Corporation Act 2001 (Cth).

A risk based approach contributes to the efficiency of allocating resources for the purpose of combating ML/FT as well as implementing risk based measures in all recommendations of the FATF. The primary principle in relation to this approach is that once a customer has been classified as high-risk, more enhanced measures have to be taken by a banking corporation to mitigate and manage these risks.  Thus when assessing the risk consideration has to be provided by the company to all important risk factors before determining the overall risk level and the approaches required to mitigate it.   One of the primary components of the recommendations provided by the FATF is the risk based approach of detecting and preventing money laundering as well as the financing of terrorism. A risk based approach mandates the regulated businesses to identify the risk of TF/ML faced by them, determine the transactions and customers posing high risk level and mitigates such risks through the implementation of increased procedures of due diligence and care. Proper compliance with the risk based AML/CTF framework mandates the businesses to understand the potential risk which is posed to the businesses and effectively and promptly address them.  

Importance of introducing key areas of result

Three risks elements have been identified by Omar et al (2015)each of which have to be taken into consideration with respect to an effective money laundering risk assessment. These elements are probabilistic, vulnerability and consequences risk. Probabilistic risk assessment includes establishing an association between an activity the observer would want to detect and an observable action. Where identity fraud and money laundering have a strong association then existence of identity fraud would signify a high risk related to money laundering. The potential impact of an activity is associated to consequences risk. A transaction involving small cash may be illegal but its impact may be very small as compared to that of a large illegal transaction. Thus in relation to this approach it would be feasible for an organization to monitor only large scale transactions as an effective way of risk assessment. Vulnerability risks are those risk which provide for detection or effective monitoring such as presence of opaque transactions or regulatory deficiencies. The significance of a considered risk assessment program have been highlighted because of high-profile CTF/AML regulatory enforcement activities in various countries such as USA. Thus having a risk based approach is important for the financial organization so that they can effectively mitigate ML/TF risks (Naheem 2016).

It is important for introducing key result areas for the purpose of measuring the compliance and effectiveness of the SMT with respect to AML/CTF programs. According to Nazri, Zolkaflil and Omar (2016) there are various reasons for measuring performance and one of such reasons is that it enhances the productivity. As a part of the ML/TF risk assessment, an organization’s internal control as to be regularly subjected to evaluation to determine the effectiveness in relation to offsetting the overall inherent TF/ML risks which have been identified. Controls are generally used to provide protection against the materialisation of risks, for ensuring that there is prompt identification of potential risks and to maintain regulatory compliance. Many of similar controls are applicable to a number of activities in an organization and may be subjected to execution by both the compliance functions and business units. Assessment of the AML/CTF which a reporting entity has addresses both the operating effectiveness and overall designs of controls. Indicators in relation to effectiveness of control have to be documented. Controls have to be linked to measurements whenever it is possible. A way of assessing the effectiveness of control is by having in place the business carry out a focused self-assessment. The assessment can be independently challenged through the use of subject matter expertise as well as the present internal information such as audit reviews, assurance testing and business risks reviews. A pre-defined rating scale can be used to rate a specific control based on qualitative factors like satisfactory, needs improvements or deficient. The key performance areas in context include ongoing monitoring of controls and requirements register maintenance. There must be quantity effectiveness of internal controls as well (Crofts 2017).

Bonuses are important for the implementation of the framework. It has been considered by the JMLSG guidance that for the propose of implementing a risk based approach support is needed from all levels of the organization. Full commitment and support from the SMT is required by the approach along with the business unit heads. There has to be clear communication of procedure and controls across the company. There must also be various robust mechanisms for ensuring that they are effectively carried out, there is identification of weaknesses and improvements are made. The use of bonuses will ensure that there is motivation in every sphere of the organization to carry out the plans in an effective manner. They enhance the feeling of ownership in the management and the employees and thus they carry out their functions effectively (Thompson 2014).

Roles and responsibilities of the SMT and board

This part of the report evaluates the framework of ANZ private bank which underpins the responsibility of the SMT and the board for ensuring that an effective compliance culture is maintained in the company. The organization has a separate AML/CTF policy as required by the AUSTRAC and Anti-Money Laundering and Counter-Terrorism Financing Act 2006. The policy which the organization has looks very strong on paper and provides for the key obligations for the organization. They seek to implement a risk based preventive approach and adopt practices which identify mitigate and manage risks related to terrorism financing and money laundering. They seek to enforce proper due diligence with respect to the customers which is in proportion to the terrorism financing and due diligence risks posed by the customers. They have a transaction monitoring framework in place via which they identify transactions involving unusual behaviour and the reporting of such transactions where there is suspicion that a customer may be acting in an illegal manner such as committing an identity fraud. The organization through its polices ensure that third parties who are acting on behalf of the organization are subjected to proper due diligence and base their actions in compliance with the policy of the organization. However although the organization has a sound framework based in a risk based approach the implementation of such framework is not carried out in an effective manner as there have been non compliance issues which the organization have been facing (Serhan Mikhael and Warrak 2016).

The roles and responsibility structure for the purpose of mitigating the ML/TF risks which the organization possesses is effective. It concludes all components which are required in an ideal structure. According to Helmy et al (2016) an ideal structure which an organization may have in place for the purpose of addressing ML/TF risk must have a risk based approach. There must be a balance maintained between the services provided to the customers diligently and risks posed by them. There must been a record keeping department whose responsibility would be   to keep all record which are related to AML/CTF activities for a period of at least 7 years. There must also be a proper structure in relation to the role of compliance. This requires leadership, advice, guidance and direction to enhance compliance with the existing policy. There must also be proper implementation of an effective reporting and escalation policy with respect to AML,CTF issues. These guidelines are also supported by the recommendations provided by the FATF.

Conclusion 

In conclusion, it can be stated that a risk based approach is necessarily required to effectively address, identify and mitigate ML/TF issue. It is the role of the senior management to take responsibility towards the identification and mitigation of risk. Risks management must be an integrated part of the organization operations. There has to be ownership taken by the organization leaders and bonuses enhances such ownership within the team. The recommendations which have been provided by the FATF are a very effective guideline which can be followed by the organization for the purpose of addressing ML/FT risks.

Legislative and regulatory provisions

The steps which the organization should take for the purpose of assessing the ML/TF risks faced by the organization along with the risk indictors the organization should evolve to identify vulnerabilities as well as are as Systems and risk-based controls that should be in place as a result of a risk-based approach follows:

In relation to inherent risk

The first step includes: identifying ML/TF and Predicate crime method

The working capacity of money laundering including having an understanding of the stages of money laundering

Predicating offences can be grouped broadly as crime in main stream economy and illicit economy

Identifying the different forms of money laundering

Recent experience which reporting entities have.

In the same way identifying the inherent risks related to Terrorism financing

Knowledge of terrorism financing methods are also required. The recent experience in relation to reporting entity of probable terrorism financing, any activity detected in the area which includes activities in the past have to be notified to AUSTRAC or DFAT as soon as they are indentified and there has to be legal advice taken on relation to the position of the company. The method of detection needs to be capable of identifying the nature which signifies terrorism financing.

This step can be achieved best by indulging with the owners of the identity’s channels, customers and products. They have to be explained about ML/TF.

The second step includes: Determining Risk indicators

Here risk indicators which a reporting entity needs to seek for potential sign of ML/TF has to be identified. This step has to be done in compliance with step 1.

The third step includes: focusing on the risk assessment

The step involves exclusion of irrelevant risks, incorporating scenarios for using risks, through changes in the organization incorporation risks and also incorporating the feedback provided by AUSTRAC.

The fourth Step includes: profiling organizational and sectoral risks

This step involves sectoring vulnerabilities, risks which arise from corporate culture and risk which arise from operations.

The fifth risks includes: establishing risk categories

Examples form risk categories include customers, channels, countries, employees, business processes, business oversees and business systems. Although these examples are not comprehensive and will not suit all organizations they can work as a guiding framework.

The sixth step includes: quantifying the inherent risks

The level of risk has to be measured by a reporting entity which is faced by it in providing the services. Quantification is based on the nature and category of each risks. There has to be risk rating or scoring and risk profiling. According to the Wolfsberg guidance in relation to quantifying the money laundering risk of a business division as per major risk categories each client should be assigned to a risk store, this score must also be assigned to products and services as well as countries and channels.

The first step includes mapping controls to categories of risks, establishing a control library, analysing the appropriateness of controls.  In relation to this step the controls needs to be mapped with risk. For instance the gap in control needs to be identified, controls have to be fine tuned with different risks, control have to follow any business change, there must be extension provided to changes in control to all operations which may be affected and the program coverage has to be seen by the management and AUSTRAC. In relation to the creation of a control library, all risk indicators have to be tracked in control, otherwise the reporting entity would be bound with respect to their presence. For ever risk indicator, there has to be a control to manage, indentify and mitigate the risk. This can be done through the creation of a control library. This is the list of all controls in operations within the firm. Many risk indicators can be addressed by one control. In case a risk indicator is not able to be trapped into control for financial or operational reasons the gap has to be recorded for over time closure. This area is tricky in relation to ML/TF risk assessment.

The second step includes assessing the effectiveness of internal controls

In relation to the ML/TF risk assessment, a company’s internal control has to be evaluated to find out how effectively they address the identified ML/TF risks. Generally controls are used to provide protection against risk materialisation of risks, to ensure that potential risks are indentified promptly and also to ensure compliance with regulations.

The third step includes quantifying the effectiveness of internal controls

Every area of control under examination can be provided with a score, when aggregated would show the effectiveness of the control. Every area can be given weightage based on significance which is placed on the control by the reporting entity.

The fourth Step includes recoding all the problems related to the controls

In this step note of any control which are operating effectively and not designed for future remediation has to be taken. It is also feasible for raising and action to fix this if any action is not already taken.

In relation residual risks the steps which needs to be followed are as follows

In the first step residual risks needs to be derived

Once the inherent risk and the effectiveness of control have been taken into consideration the residual ML/TF risks can be identified. Residual risk is the form of risk which is still present after controls have been applied to the existing inherent risk.

In the second step there has to be comparison between risks appetite and residual risks. The step also includes communication and reporting of results it is important to address the question that whether residual risk exceed or is equal to the entities risk appetite for TF/ML.

In the final step determination of remediation plan needs to be carried out

In situation where the process of risk assessment has deficiencies or uncovered gaps there has to be a follow up action which prioritises properly and tracks the problem. There has to be ownership of such actions taken by the present.

An overview of the top five management information reports

The five reports are

1. Money Laundering in Australia 2001

This report has been provided by AUSTRAC which provides for the way in which organizations should tackle money laundering by having in place proper policies and procedures for the same.

2. Terrorist Financing in Australia

This report has also been provided by AUSTRAC which provides for the way in which organizations should tackle TF. The report provides for the incorporation of risk based approach to tackle the problem related to TF.

3. ACIC reports

This report is in relation to organized crimes in Australia. The report provides statistics about such activities in the country and what was the process followed to carry out such activities

4. Financial Intelligence Units

This report has been provided by Financial Intelligence Units  of different countries like US and UK which provides for the way in which organizations should tackle money laundering and TF by having in place proper policies and procedures for the same.

5. Media reports of TF/ML cases

These reports deal with specific cases in relation to ML/TF and provide detailed view in such cases.

References 

Chaikin, D., 2018. A Critical Analysis of the Effectiveness of Anti-Money Laundering Measures with Reference to Australia. In The Palgrave Handbook of Criminal and Terrorism Financing Law (pp. 293-316). Palgrave Macmillan, Cham.

Choo, K.K.R., 2015. Cryptocurrency and virtual currency: corruption and money laundering/terrorism financing risks?. In Handbook of Digital Currency (pp. 283-307).

Crofts, P., 2017. What Went Wrong with Money Laundering Law.

Force, F.A.T. and Asia Pacific Group on Money Laundering, 2015. Anti-money Laundering and Counter-terrorist Financing Measures: Australia: Mutual Evaluation Report. Financial Action Task Force.

Helmy, T.H., Zaki, M., Salah, T. and Badran, K., 2016. DESIGN OF A MONITOR FOR DETECTING MONEY LAUNDERING AND TERRORIST FINANCING. Journal of Theoretical & Applied Information Technology, 85(3).

June, S., 2016. Money Laundering through Gambling Devices–Big Business in Australia and the USA?.

King, C., 2018. Anti-Money Laundering: An Overview. In The Palgrave Handbook of Criminal and Terrorism Financing Law (pp. 15-31). Palgrave Macmillan, Cham.

Naheem, M.A., 2016. Money laundering: A primer for banking staff. International Journal of Disclosure and Governance, 13(2), pp.135-156.

Nazri, S.N.F.S.M., Zolkaflil, S. and Omar, N., 2016. The Effectiveness of the Law Enforcement Agencies in Investigating Money Laundering Cases: An Evaluation of Mutual Evaluation Report of Malaysia and Australia.

Omar, N., Johari, R.J., Sukir, S.S.B. and Said, J., 2015. Money Laundering and Terrorist Financing: Real Global Cases, Behavioural Theories and Internal Control Mechanism. In A New Paradigm for International Business (pp. 295-308). Springer, Singapore.

Pok, W.C., Omar, N. and Sathye, M., 2014. An Evaluation of the Effectiveness of Anti?money Laundering and Anti?terrorism Financing Legislation: Perceptions of Bank Compliance Officers in Malaysia. Australian Accounting Review, 24(4), pp.394-401.

Rose, G., 2018. Terrorism Financing in Foreign Conflict Zones. Counter Terrorist Trends and Analyses, 10(2), pp.11-16.

Serhan, C., Mikhael, S. and El Warrak, S., 2016. Anti-Money Laundering Rules and the Future of Banking Secrecy Laws: Evidence from Lebanon. International Finance and Banking, 3(2), p.148.

SM Irwin, A., Slay, J., Raymond Choo, K.K. and Lui, L., 2014. Money laundering and terrorism financing in virtual environments: a feasibility study. Journal of Money Laundering Control, 17(1), pp.50-75.

Thompson, R.J., 2014. Controlling hawala in Australia: a study of Australia’s post-9/11 anti-money laundering and counter terrorist financing regulatory framework for remittance systems.