Assessment Of ML/TF Risks For Business Solutions Ltd And Cash 4U Direct

Assessment of ML/TF Risks for Business Solutions Ltd

Assume you are a senior AML/CTF compliance manager for Business Solutions Ltd (BSL), an Australian reporting entity providing over-the-counter niche business finance (leasing and factoring). At present, BSL operates only in Australia and all business is conducted face to face, either at a branch of the entity or at the customer’s premises.

BSL is planning its first venture offshore and is considering acquiring an online leasing business in New Zealand, Frontline Financing (FF). The New Zealand entity offers online trade financing, among other services. It owns an innovative online leasing product, available to commercial customers, which allows customers to apply and transact completely online. FF is regulated under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (NZ).

One attraction of FF for the Board of BSL is using the online tool in Australia as part of a longer term strategy to broaden BSL’s appeal and open its product to customers in more remote areas of Australia.

The Board has not yet decided whether BSL should also assume the day-to-day management of FF.

You have been asked to provide senior stakeholders with an assessment of ML/TF risk considerations to assist them in understanding the challenges if the acquisition goes ahead.

The BSL Board has asked you to prepare a document that clearly identifies and evaluates the ML/TF risks involved in the acquisition of FF.

1. Applying AUSTRAC guidance and/or Australian standards (or some equally valid methodology that you reference), formulate a risk assessment methodology targeted at the proposed acquisition. Ensure that you:

1. outline the risk criteria you will use to identify and assess the proposed acquisition
2. describe the tools that you will use in the risk assessment
3. explain, with an example, the role that industry typologies will play in the risk assessment methodology
4. explain the role that BSL’s risk appetite will play in the risk assessment methodology
5. describe how you will review the ML/TF risk assessment.

1. Analyse the ML/TF vulnerabilities that might arise for BSL as a result of:

1. running a business that offers online trade financing and leasing products
2. running an offshore entity/branch that provides products and services to New Zealand customers.
3. What conclusions can you draw about the impact of each strategy on BSL’s risk profile? For example, does it increase or reduce risk? Why, and in what way?

As part of BSL’s business risk plan, you are required to prepare a document on the issues concerning ML/TF risk controls to be addressed if BSL proceeds with the acquisition of FF.

Use the risk assessment that you developed for Part 1 to complete the questions below.

1. Assess the AML/CTF controls required initially and on an ongoing basis if the online leasing product is acquired and offered by BSL in Australia. Specifically address the following questions:
2. Which of BSL’s current controls will be appropriate for use in their present form (i.e. without enhancement)? Base your answer on the key controls that BSL is likely to have in place, given its current business profile. State your assumptions.
3. Which stakeholders would you consult to determine deficiencies in existing controls and identify new controls that are required?
4. Will some of BSL’s current controls be appropriate with enhancement? Support your answer with analysis.
5. What new controls will need to be developed? Of these new controls, which are a priority for implementation if resources are limited and which can wait until after ‘going live’ with the new product? (For example, sampling of KYC files using a remote method may be a priority because of the introduction of an online channel.) Justify your answer. Present your answer in the form of recommendations to senior management.
6. Prepare a short video (no more than three minutes) where you present your recommendations from part iv above to senior management.
7. Assume that the new controls you recommended in Question 2(a) (iv) have been approved. Choose one (1) control and answer the following questions:

1. Explain how you would design the control.
2. Describe how you would work with stakeholders to implement the control.
3. Advise as to which senior manager(s) should be allocated responsibility for monitoring the new control.
4. Explain how you would monitor and assess the effectiveness of the control on an ongoing basis.
5. Assume that BSL acquires FF. Design a system for ensuring that you and your staff keep up with changes in products, services and channels in both Australia and New Zealand that may affect BSL’s ML/TF risk.

1. Assume that BSL acquires FF. Identify emerging trends in financial services. Discuss the likely impact of one (1) trend on the ML/TF risk of the online leasing product.

Important notice: the facts from the previous scenario do not apply to Part 3. Read the scenario and questions for Part 3 independently of the scenario and questions for Parts 1 and 2.

You are the newly appointed compliance officer (CO) for Cash 4U Direct (Cash4U), a small, Melbourne-based boutique remitter. As Cash4U’s CO, your job responsibilities cover a broad range of compliance areas, including AML/CTF.

Cash4U facilitates remittance of money by individuals in Australia to three (3) destinations in the Pacific?Fiji, Nauru and Papua New Guinea (PNG). Established for just over three years, and registered and enrolled with AUSTRAC, the business has a total of five (5) branches, all in the greater Melbourne area.

Cash4U has an AML/CTF Program and a documented risk assessment, which were approved by the owners three years ago when the business commenced operation. The risk assessment assumes all individuals are low risk unless their transactions or behaviour at the counter indicate the potential need to prepare a suspicious matter report (SMR). Where a possible SMR is indicated, ECDD procedures are initiated, including asking the customer for two (2) additional pieces of information—the nature of the relationship to the person in the Pacific to whom funds are to be remitted and the source of funds.

As CO, one of your initial priorities is to identify any deficiencies in procedures, so you decide to investigate the effectiveness of the controls for monitoring and mitigating money laundering (ML) and terrorism financing (TF) risks. Listed below are the findings from your interviews with management and staff and review of Cash4U’s AML/CTF files, AML/CTF Program and risk assessment.

• Cash4U does not process any inward remittances and senders are individuals only.

• Neither the AML/CTF Program nor the risk assessment have been reviewed since approved three years ago. The AML/CTF Program states that an independent review will be conducted regularly, but at least once every three years.

 The KYC procedures include collecting from new clients their first and last name, residential address and date of birth. The information provided is verified by inspecting either a domestic or foreign driver licence or passport. 

• Payments go through a bespoke platform established with money service businesses (MSBs) in the receiving countries. Cash4U net settles the funds at the end of each week by making bulk payments via bank transfers to the MSBs in the other country.

• Transactions are monitored at the end of each month by downloading all transactions into Excel and filtering the payments to identify unusual transaction patterns.

The downloaded transaction reports and records of the investigation carried out (if any) are managed by the CO.

• When branch staff are appointed, they complete mandatory training on topics sufficient to meet the requirements of Chapter 8. All staff undertake refresher training every two years. As a result, staff know to be alert for ‘in person’ suspicious activity and to report a suspicion by phoning head office with their concerns. It is the responsibility of the CO at head office to lodge the SMR online with AUSTRAC.

• Only one (1) SMR has been lodged over the past three years and that customer continues to remit money regularly to six receivers in PNG.

• The risk assessment rates Fiji and Nauru as low risk and PNG as medium risk; however there is no methodology or rationale provided to expand on this assessment.

• Cash4U is meeting its obligations with respect to sanctions and DFAT.

• Cash4U does not subscribe to a list provider for PEP checking. Instead it asks customers to declare if they are a PEP. If the customer replies in the affirmative, they are rated ‘high risk’ and required to advise on the form their source of funds and their relationship to the receiver.

Use the information provided above to answer the following questions.

1. In priority order, list and explain the deficiencies in Cash4U’s current AML/CTF processes.
2. Prepare a report for Cash4U’s senior management and owners:
3. updating them on the key ML/TF risks and vulnerabilities facing Cash4U
4. outlining your planned approach to address the key deficiencies you have identified, including estimates of the time, cost and resources required.

1. Effective remediation of deficient controls involves working with stakeholders. Conduct an interview with a senior AML/CTF manager at your organisation to find out how they would approach the remediation of control deficiencies. Based on the interview, summarise how the AML/CTF manager would go about:

1. identifying appropriate stakeholders with whom to workconsulting stakeholders about their knowledge of controls and their views as to any deficiencies
2. engaging with stakeholders to ensure remediation of the deficiencies
3. implementing ongoing processes to monitor and assess the effectiveness of controls.

1. Reflect on the suitability of the stakeholder consultation and engagement strategies outlined by the AML/CTF manager at your organisation for addressing the remediation of the deficiencies you identified at Cash4U.

1. Justify your view as to whether or not the strategies would be effective for Cash4U.
2. Draft a high level stakeholder engagement plan for the deficiencies identified at Cash4U that outlines how you will work and communicate with stakeholders during the remediation.
3. Identify one of Cash4U’s key controls and prepare a plan to implement processes to monitor and assess its effectiveness.

(a). There are several risk assessment methodologies utilized under different standards, to determine the vulnerability of financial products and facilities offered by different institutions. The key business risk highlighted include data, system and  people capacity. Therefore, coming up with a risk plan, it is important to access the vulnerabilities that data is exposed to and the points of weakness in the system. For this risk plan, guidelines outlined by AUSTRAC and Australian standards will be used to formulate the risk assessment methodology required for the proposed acquisition (Bryans,2014, 441). The document used is the AS/NZS 4360:2004: Standards for risk management (Australian Standards). This document combines the important aspects from Australian standards partisan to ML/TF and regulations highlighted by AUSTRAC to produce a comprehensive methodology for risk assessment and management (Bajada,2006, 12).The risk categories as identified in ML/TF are four namely customer type ie PEPs, designated services provided, methods by which delivers designated services and foreign jurisdiction.

To provide a comprehensive and efficient risk assessment framework, there are various tools and AUTRAC topologies that will be used in the assessment methodology such as identification, assessment, treatment and monitoring and review (Bryans, 2014, 441).  The most relevant of the typologies and case studies is from 2014.example is Case 6 – Accountant jailed for laundering money via Hong Kong and New Zealand and Case 1 – Suspect used black market website and digital currencies for drug trafficking 2014 AUSTRAC report. This report highlights the Australian businesses that have been exploited for criminal activities such as drug smuggling, tax evasion and even human trafficking.

Risk identification.  As a reference from, Ferweda & Reuter (2018), 7, this tool aims at determining the ML/TF risks that are associated with the business and the products that it offers. Under this tool, there are two types of risks that are taken into account, namely: Business and regulatory risks. The business risk refers to the main ML/TF risks associated with the business operations such as :

• Product and services provided such as credit cards, private banking and wealth management and retail banking.
• Customer types for example PEPs(Politically Exposed Persons), natural persons (individuals) or Legal persons(personal representation created by law)
• Countries of operation such as transactions to countries known to have sanctions on trade or regarded as a source of narcotics or/ and reputable criminal activity are considered high risk.
• Methods of delivery for various services such as the online services, emailing or third-party brokers.

Regulatory risks refer to risks that are as a result of not adhering to the AML/CTF act, which is an Anti-Money Laundering and Counter-Terrorism Financing Act of 2006(Choo.2008,363). Such risks include failure to carry out customer verification accurately, lack of an AML/CTF program in an institution or failure to submit AML/CFT compliance reports.

Risk Assessment. This tool allows for the measure of the quantity and effect of the risk to be stated. The assessment is done in two measures: likelihood, which defines probability of the risk occurring and impact, the damage that the risk would cause. A product of the two measures provide a risk score or level which can be low, medium , high or extreme depending on contributive factors.

Risk Treatment. This tool allows for the identification and enforcement of remedying measures to manage the risk that has already being identified using previously mentioned tools. Such measures could include introducing transactional limits or putting in place processes to deal with high risk costumers or those that choose to transact with high risk countries among other viable strategies and policies.

Assessment of Deficiencies in Cash 4U Direct's AML/CTF program

Risk Monitoring and Review. This tool is used to keep track of the risk plan and how it is holding up in the face of changing products, services and targets customers.

Industry typologies dictate in a lot of ways the manner in which an institution provides its services (Freeman,2016, 25). Therefore, the level of risk between for example a retail bank and a private bank will not be similar because they employ varied policies of engagement for their customers, provide different services, probably operate in different jurisdictions and use varied modes of transactions. Therefore, when it comes to using the risk assessment methodology to produce risk plans for either of these institutions certain vulnerabilities will be high-risk for the retail banks than the private banks and vice versa (Favarel 2011, 179). In the case of this particular situation, BSL usually provides face to face transactions while FF uses their online platform to sell their products. Therefore, a vulnerability such as anonymity will be more prevalent for FF because online transactions do not demand much background or personal information from the customer while for BSL the risk will be much less because the face to face interaction lead to collection of customer information as well as the identification of the account owner (Gardner, 2007, 337). Examples are Case 6 – Accountant jailed for laundering money via Hong Kong and New Zealand and Case 1 – Suspect used black market website and digital currencies for drug trafficking 2014 AUSTRAC report.

A company's risk appetite refers to a specific amount of risk that the company is willing to endure as they target certain business goals, as referenced by Harvey, (2015). In this case, BSL's risk appetite will help to provide the guidance in coming up with remedy strategies for the risks anticipated. Understanding the risk appetite of the company will help determine the types of risk that the company is not willing to take, the risks that will be treated on individual levels as well as the risks that will be delegated to higher management (Hopton, D. 2016).

In reviewing the ML/TF risk assessment, it is important to understand that risks change over time due to increase or changes in products and customer types (Sadiq, &Governatori, and,2009, 165). It is therefore important that a monitoring and review procedure of the risk assessment methodology be developed to ensure that it can be adjusted accordingly in case it is not working correctly. It is important that a system for keeping records is determined. Using the records that are provided, analysis and review of the risk plan will be backed up with performance data that can be used to adjust areas of weakness in the plan. It is important or the top management to not that ML/TF risk mitigating cheque account is fact that a fully auditable trail exists between the payer and the payeee.as a resolution there is no negotiation of each cheque. ADIs are subject to AML/CTF customers, it has also been noted that the use of bank accounts introduces illigal money in the currency circulation .

Conclusion

 It is also very important to carry out internal audits of the company which allow for the company to provide AML/CTF compliance reports (Hamin, Kamaruddin and Rosil, 2018, 3)

i. Vulnerabilities of running a business that offers online trade financing and leasing products include (Tahiri, 2018):

• It is possible to operate from different jurisdictions and make value movement to a third party.
• It is possible to aggregate value due to the complex currency exchange transactions that usually occur multiple times hence value transfer is kept untraceable and the anonymity of the criminal is concealed.
• Setting up accounts and transactions can be done without face to face contact.
• Due to the voluminous flow of goods and transactions, it is not easy to isolate individual criminal transactions and therefore granting opportunity to criminal to transfer value.
• Limited resources and verification programs exchange between custom offices in countries make it difficult to detect value transfer over multiple jurisdictions.

ii. Vulnerabilities of running an off-shore entity/branch that provides products and services to New Zealand Customers (Spink, 2017, 642)

• Bank secrecy that ae very rigid and therefore do not allow thorough investigations of suspicious transactions by relevant financial institutions.
• The ability to maintain anonymity during the setting up and transacting of accounts due to the inadequate information required to set up accounts.
• The product allows for transfer of value from owner to beneficiary without the requirement of identity disclosure.
• The jurisdiction is considered as a moderate tax-haven hence there is minimal background information needed, this type of transactions make it difficult for the authorities to track criminal transactions.
• There is a deficiency in the effectiveness of inter-border intelligence which makes it difficult to create patterns between criminal transactions that are connected but conducted in different jurisdictions.

The BSL risk profile suggests acquiring a company that offers online trade financing and leasing products and also to run an offshore branch to provide its services to an expanded customer base in New Zealand. Both these strategies increase the company's risk (King, C. 2018, 15-31)). The main source of risk comes from the online platform that allows for full anonymity of the company's clients in this region. The strategies also offer the option of offering services over various jurisdiction, which limits monitoring efforts, as well as enabling criminal to mask their activity in normal transactions among other customer (Mahnken, Weiss, Graboske, and Whelan, 2004.904).  The acquisition involves increase in the product and service selection as BSL seeks to reach Australians in remote areas. This means the criminals have a source of entry for their value into the financial system and also have various products that can assist in disguising their transactions.  The company need to improve its control to combat these and other risks (Loayza,Villa, & Misas,  2017).

(i).When coming up with the required control for the new product the following assumptions were made about the model for BSL prior to the acquisition of FF. The leasing benefactor paid monthly payments to the leasing company upon receiving item on lease. The company also makes a transaction to the supplier company to pay for the item. Therefore, the model is a traditional one with the leasing beneficiary in this case being the payer of the leasing fee; the receiving remitter is the agent/ operator at the company (Ryder, 2012). There is also a transaction between a sending remitter from the BSL to the supplier who is also a beneficiary of the transaction (Ryder, N.2015). In its current state, the controls that are in the system will not be able to handle the online product without some adjustment (Malama,.2010). The controls in this model are extremely vulnerable to risk associated with online transactions. As it is now, the model is already high risk in as far as ML/TF is concerned.

The basic role of customer due diligence procedures is to guarantee the revealing element knows its clients and comprehends their clients' money related exercises. The announcing substance must set up a structure and report its client due constancy (CDD) methods in detail. All AML/CTF programs (standard, joint and uncommon) must incorporate Part B. An announcing element must be sensibly fulfilled that: an individual client is who they guarantee to be for a non-singular client, the client exists and their advantageous proprietorship points of interest are known.

By knowing its clients, an announcing element ought to be better ready to recognize and alleviate ML/TF hazards in the lead of their budgetary exchanges, especially where the action or exchanges are abnormal or strange. The CDD necessities include: gathering and confirming client distinguishing proof data. Example instance, records, information or other data acquired from a dependable and autonomous source recognizing and confirming the useful owner(s) of a client recognizing, whether a client is a PEP (or a partner of a PEP) and finding a way to build up the wellspring of assets utilized amid the business relationship or exchange getting data on the reason and proposed nature of the business relationship.

The basic role of Part A  of an AML/CTF program is to recognize, relieve and deal with the ML/TF chance emerging from the arrangement of an assigned administration by a detailing element. Components of Part A likewise educate the risks based methodology that is connected in Part B (customer identification).

The stakeholders that are best suited to assist in the determination of deficiencies in the controls and probable solutions are the project manager and the project team (Parker, 2018, 454) these are people who are in control of the business for example in positions that are vital for decision making.  The project manager is in charge of the daily operation of any company about any new project implementation or maintenance of older projects The project manager and the project team managers play a vital role in influencing the decisions made by the business. It , therefore, calls for their involvement in a vital decision such as determination of deficiencies in controls and any solution to be availed. It is more of their department and therefore directly affects them.

With some adjustments, the controls in the previous models can be used (Iken, &Agudelo, 2017, 255-266).  The highest risk vulnerability is the transaction from the payer to the company. Therefore, adjusting the control for the payer will improve aspects of user identification and even location will go a long way reducing the vulnerability risk. The transaction from the company to the supplier is also vulnerable but the risk is not as high (Ross,& Hannan, 2007, 109). It is also of importance to evaluate account holders information online verify the user details and habits as this pose potential risks. The main risk from this side would be that the company is running on criminal activity and uses the cash from the leasing company to clean up their money as they acquire product to lease.

The Know Your Customer (KYC) control is the first and most important control that ought to be developed (Madinger, 2016). It will help to reduce risk on both ends of the transaction. The KYC control would comprise of customer acceptance policy, customer identification and transaction monitoring. With this control ,the biggest vulnerability for online bank transfers and payments  which is anonymity is removed and transactions can now be accredited to specific individuals. This assumption is based on either lack of a KYC control in BSL or an ill performing one that necessitates an upgrade to avoid vulnerabilities. The next control would be the access control, more specifically logical access control. This control will limit the network (Ross, & Hanna,,2007, 110) system files and data that both suppliers and consumers can access on BLS online and therefore allow users to leave a digital footprint. This type of control also reduces the possibility of untraceable transaction, bank transfers and payments  because all transaction take place on one network.

The final control included would be a clearing control (Ryder,2015). This control will work effectively for transaction, bank transfers and payments  made online from credit cards or bank account because it allows for verifying of user information and completion of the transaction will the ability to keep record of all transactions made. The order of priority will be as the controls have been stated above. The first control that should incorporated is the KYC, followed by the access control and finally the clearing control. The last two can be installed once the product has ‘gone live’ since they work when the system is up and running.

(i) The main objective of the KYC control is to be able to acquire potential client information and using the vetting processes lined up to determine whether the customer is a vulnerability factor to the company or not. The design will entail prompting first time users to log in, which entails user identification and verification. The information required at this point is personal and unique to all individuals (Teffera, Sadagopan,& Nunes-Vaz,,2004., 164) Once the individual is logged in, the next stage through a series of question will determine the individual’s source of wealth, perform sanction screenings and a risk scoring. If the individual is deemed high risk, further due diligence with be required from a manager but a low risk individual with be accepted into the system and allowed to start transacting. A high-risk individual who is still high risk after due diligence will be denied membership (Kilcullen, 2005, 609). This is a perfect systems that will go on to identify Politically Exposed Persons (PEPs) and help the company to either avoid such people because they draw a high level of attention to themselves or look for  a way in which to manage such people. PEP’s are ranked as high risk factors for money launders; the launders do not necessarily look for this type of customer but rather look for what such people possess which include high value accounts that are valuable to any money laundering business. PEPs can also be corrupt and or have poor history with lending and credit facilities. Use of such a system as this that verifies customers and allows access and or enrollment to customers that are approved is a long way in ensuring the taming of money laundering at registration or intake of customers.

(ii,iii & iv). The stakeholders chosen and or identified for consultation and or for involvement in the decisions such as company deficiencies are very vital as early on mentioned. These stakeholders stand as engineers for the day to day functioning of the business. In other words, they are the arms and legs of the business and therefore play a vital role in ensuring that the small decisions and or actions of the common laborer translate in meeting the objectives of the business however minute they might seem. Stakeholders such as the project manager would assist to come up with an efficient and accurate design for the vetting process in order to ensure that no criminal transactions slip by. The project manager is at the heart of the running of the business and is responsible for all the decisions made. He or she offers advice and gives instructions and directions on what and what should not be done. They handle the project team daily and are responsible for recruits and continuing team members. Therefore, they will come in handy in offering such advice as to an accurate system to vet transactions. Also because of their day to day experience with the business and such transactions as early on stated they have more wisdom on matters to do with suspected criminal activity. The project team will also assist with technical skills such as coding . The project team is the driver of the agenda and or the daily business of the firm. They not only offer their skills and knowledge but also insight and advice on some matters such as the direction the company is taking and what to be done and what not to be done. They can influence certain aspects of control for the firm. They can also offer their experiences from which the management can be influenced to make the right choices to minimize risks. The project teams are also responsible for the active registering and or counter-checking of new members to the firm, if they remain vigilant and trustworthy to the business then they can contribute immensely to the fight against criminals propagated by money launders. The functional aspects will provide information on the control that they feel has not been explored as they are the individuals working on it during working hours. The senior financial control manager, is the senior most official in the financial department. His role is to be in charge of monitoring the controls, as he will play an important role in monitoring transaction, accurately reporting and protecting the company from fraud.

The Senior Controller assumes an administrative job in regulating the exercises and productivity of the lesser controller. In this position he likewise approves every money related control and strategies inside the business, guaranteeing the sufficient upkeep of appropriate arrangements and techniques in the regions of fund, bookkeeping, and duty with the end goal to keep up reasonable interior controls that prompt finish, exact, and opportune monetary detailing. The Senior Controller additionally oversees reviews of the business by working intimately with outer examining firms at all phases to guarantee precision in announcing.

The Senior Controller moreover readies the business' yearly spending plan in his administrative job and supervises budgetary reports from bookkeeping groups with the end goal to affirm exact audits of the business' current and anticipated monetary position, consequently, guaranteeing honesty of data.

For this particular control, monitoring and assessment would involve analysis of records and therefore generation of performance report. The control would also be subject to review every year to ensure that it is updated to deal with diversification in products of consumer type. Record analysis involve transaction audit to verify the organization trades and tax reports. In addition, it will be necessary to check the organizations books to evaluate if the strategy is taking effect. Compliance assessments AUSTRAC has distinguished four key zones where detailing substances can enhance their AML/CTF results: ML/TF risk assessments applying the risk-based way to deal with AML/CTF re-appropriated and robotized forms administration issues. It is pivotal that all announcing substances keep up thorough AML/CTF frameworks and controls. Announcing substances are welcome to consider the issues brought up in this report and guarantee their AML/CTF program is exceptional and shielding them from abuse.

The ML/TF risk appraisal is the foundation of an agreeable AML/CTF program. Understanding the ML/TF risks it might confront is an essential initial step for an announcing element in creating; actualizing and keeping up systems that moderate and deal with those risks. Revealing substances with proper ML/TF risk assessments exhibited that they comprehended: how their items and administrations could be abused by offenders to launder cash or reserve fear mongering how likely it is that every item or administration could be abused.

The design for the online leasing system for the product is basically a combination of all the controls and modules, such as the Know Your Customer (KYC) and transitional module, only that they cover a wider scope now because customers from both Australia and New Zealand are included (Oneil,.2007, 485). The system design consists of the following parts:

1. The KYC control: as example this control is to ensure that accounts can be traced back to names, addresses and even location. This control is used for the vetting of potential clients, it is the same control that allows a member to log back in. This control at this point will have two interfaces for customers from each country to ensure efficiency.
2. The next step is the transaction module (Ravenda, &Valencia-Silva, 2018). In this module we have the access control, that ensure whenever a module that certain parameters are met. At this point the transaction is made from the payer to the receiving remitter of the company.  The control works to increase visibility and therefore reduce the probability of masking criminal activity. Another instance of transaction is from the sending remitter from the   company to the supplier. Transactions that are made using credit cards, debit cards, visas or bank information go through the clearing control to ensure that the information provided is correct. This aspect of the system reducing third-party transaction and allows for comprehensive record keeping after every transaction.

A trend in the financial services that is more relevant now than when it started is cybersecurity (Frebowitz, 2018).  It remains a huge concern for financial services those offered through the internet or the banking systems.  According to Gardner, (2007), as technologies and brands in financial services online continue to grow, more gaps are left that expose financial products to more risk. It therefore goes without saying that the technological world will be working to come up with mitigating measure for any vulnerabilities exposed in development.

The involvement of tech in financial services as contributed greatly to the shortening of leases. Many customers seem to prefer shorter more convenient leases that go well with their lifestyle and businesses (Ferwerda and Reuter.2018, 13). This has lead the leasing retailers to respond to the demand with a different model for their businesses.

The shorter leases are growing in demand and will continue to grow s individuals get into entrepreneurship lifestyles (Copeland,.2015). This trend is therefore causing online leasing institutions to come into the game with a brand new revenue model. One that accommodates the short term for leases.

1. The deficiencies in Cash4U’s current AML/CTF processes

• Money transfer programs such as the bespoke platform that are not face-to-face and not linked directly with the company are also high risk money laundering avenues as listed by AML/CTF programs. They pose as a high risk avenue for money launders and especially if the transactions are only received by the business at the end of the week.
• The business has not reviewed either the risk assessment or the AML/CTF program in the las three years. The AML/CTF program however states otherwise. It should be reviewed regularly or at least once in every three years something that Cash4U has failed to do. Adding to these facts, the review needs to be conducted by an independent party so as to avoid biases.  The business not having conducted this review has put itself under very high risk of not being able to identify any abnormalities in their day to day running of the business. Money launders are fond of taking advantage of such loopholes to infest their way into laundering money from the business if review measures have been delayed such as in the case with Cash4U.
• Politically Exposed Persons PEPs are high risk as rated by AML/CTF programs. The fact that the business solely trusts the response from customers on whether they are PEP or not is a high risk action in itself. People could lie and put the business at a very high risk. PEP are exposed to high opportunities of corruption and their accounts are targets by money launders due to their position and resources, they should therefore be under the watch and knowledge of AML/CTF in any business failure to which they put the business at high risk.
• Rating countries of such as Fiji and Nauru as low risk without any back up or rationale as to arrival of this decisions is very unlikely for the nosiness. The rationale used to arrive at such critical decisions needs to be clearly outlined and available for the CO. This is  because this it  can be false and could be an avenue for Money Laundering (ML) ,to utilize because any person reviewing the transactions by the company, may not concentrate on these countries since they do not raise an alarm as they are ranked low risk .Whoever in the real case, it might be the opposite and these countries could be very high in money laundering activities.

1. Cash4U has put the business at risk in numerous ways. Some of the vulnerabilities the business faces with regards to the guidelines of AML/CTF processes include the following:

Among the vulnerability the business currently faces is failing to review the AML/CTF program and or the risk management program as required by the guidelines.  This is a high risk move because malicious activities could be going on without the notice of the management. Money is likely being laundered from the business. Reviewing the AML helps a business identify and take precaution against money laundering because it offers a guideline and shows the management indicators of likely hood of money laundering activities (Malmendier, and Saidi, 2016, pp. 92-106).

Use of third parties for money transfer in receiver countries such as the bespoke platform is a vulnerable factor for Cash4U. The business further takes one week to review these transactions; this is a long time in matters dealing with money (King, 2018). It is sufficient time to conduct money laundering. Such private entities according to AML/CTF possess high wealth and secrecy something that is very attractive for money launders. Further, third parties disguise the identity of money launders hence providing a very high-risk platform for conducting business.

1. Approach to Address the Key deficiencies

Remedy	Time required	Cost
Regular review of the AML/CTF and risk management	Quarterly	$150
Regular monitoring of the (bespoke) third party transactions in the receiver countries, develop a cashless system for money transfer for example using internet banking transfers only where the payment flows are transparent to the bank involved hence they can report suspicious cases (Li, et. al., 2015, pp. 277-288).	Daily	$10-$25
Put in place a system that identifies customers status and remits their names for PEP analysis	Daily	$50

1. identification of passionate, competitive and integral shareholders iin the business, customers and finance regulating bodies and bringing them on board to work with should be given highest priority at any organization because these are people that will be stuck with you in the business. The process of identification should follow that relevant and enough knowledge about their personal and business history is available for example their connections with corruption and other malicious scandals. The information about their previous business transactions should also be available and trustworthy. Their competencies about delivering and resourcefulness should also be prioritized.
2. Developing a comprehensive stakeholder consultation program for instance capacity building and skills development among the shareholders in the business, which  involves the incorporation of all the stakeholder views, complaints and complements to be undertaken annually b via online feedback platforms or via email and suggestions boxes laid at the company office premises. This would include a detailed approach that incorporates their individual views, their feelings about the program and or business and their suggestions on the business activities and how they are run.

iii. Stakeholders are people with direct or indirect interest in the business. They should be given priority when it is matters dealing with the business. A clear engagement plan should be put in place including a face to face meeting with the stakeholders which in this case could be for example at least quarterly. However such meetings will not be sufficient to address urgent matters and complaints or compliments. It therefore calls for providence of feedback systems for instance through the business website and or social media handles where customers are able to send their views by commenting and or sending email to the business management. The customers’ views are then evaluated by a team set a aside for such a duty as evaluation and communicated to the management who then make a decision on such matters as raised by the customers.

iv To ensure the effectiveness of the controls, regular checkup and consistent storage of data is important (Masciandaro, 2017). An independent contractor that is certified and has experience in the monitoring and evaluation of controls and data storage should be contracted to undertake the monitoring and assessment. In this way, it is not the implementation body that is tasked with monitoring and evaluation of its work but rather an independent body to avoid compromise. It is also important to schedule regular maintenance of the controls to allow for upgrades if it is not effective

1. The company is already ailing from the troubles already outlined such as failure to constantly review the risk management and failure to identify customer status correctly. The company should: Regularly review of the AML/CTF and risk managementquartile but this is not enough, it’s should be done all the time through means such as constant customer feedback, put in place a system that identifies customers status and remits their names for PEP analysis and identify passionate and willing customers to work with. The suggested strategies will help reduce vulnerability to money laundering and allow the company to increase revenue flow. The new strategies also allow for accountability and traceability of transactions and items.
   
   
2. To ensure a successful remediation, the following are the talk points ;

• First, bringing to the attention of the shareholders the problems/deficiencies that we have as a company and the effects or risk that it has and will expose our products to in the future (O'neil, 2007).
• Second would be to table the strategies that are available to remedy the deficiencies at Cash4U.
• Engaging the stakeholders and allowing them to volunteer their opinions on the matter in an aim of fostering a sense ownership.
• Coming up with a plan together on how to implement and remedy the deficiencies in Cash4U.
• One of cash4U key controls is the KYC procedures that collect first and last name, residential address and birth date from new clients. The information from the new clients is verified and inspected by looking at the license and or passport of the client. Therefore the company should put in place a body that confirms if any information captured by the KYC system has ever found a name that is in the crime or corruption. More information about the new clienst other than just their name and address should be included. Their history of engagement with other money transfer and credit facilities should also be included in the information to be verified. The client should further be thoroughly monitored by cash4U for a period not less than the first six months

References.

Bajada, C., 2017. Money laundering activities in Australia—an examination of the push and pull factors driving money flows. In the Changing Face of Corruption in the Asia Pacific 34(2)pp. 127-147.

Bryans, D., 2014. Bitcoin and money laundering: mining for an effective solution. Ind. LJ, 89, pp.441.

Choo, K.K.R., 2008. Money laundering risks of prepaid stored value cards. Trends & Issues in Crime & Criminal Justice, Cambridge: Belknap Press.

Copeland, M.A., 2015. Trends in government financing (Vol. 2396). Princeton University Press.

Favarel-Garrigues, G., Godefroy, T. and Lascoumes, P., 2011. Reluctant partners? Banks in the fight against money laundering and terrorism financing in France. Security Dialogue, 42(2), pp.179-196.

Ferwerda, J. and Reuter, P., 2018. Learning from Money Laundering National Risk Assessments: The Case of Italy and Switzerland. European Journal on Criminal Policy and Research, pp.1-16.

Frebowitz, R.L., 2018. CRYPTOCURRENCY AND STATE SOVEREIGNTY (Doctoral dissertation, Monterey, CA; Naval Postgraduate School).

Freeman, M., 2016. Sources of Terrorist Financing: Theory and Typology. In Financing Terrorism :pp.17-36.

Gardner, K.L., 2007. Fighting terrorism the FATF way. Global Governance: A Review of Multilateralism and International Organizations, 13(3), pp.325-345.

Hamin, Z., Kamaruddin, S. and Rosil, W.R.W., 2018. “Trust me; I’m your lawyer”: Lawyers’ Reporting Duty under AML/ATF Law in Malaysia. Journal of ASIAN Behavioural Studies, 3(10): pp 19-34

Harvey, J., 2015. A Critical and practical evaluation of the efficacy and cost benefit of anti-money laundering laws. Cambridge:Belknap Press.

Hopton, D., 2016. Money laundering: A concise guide for all business. New York: Gower press.

Iken, J.G. and Agudelo, A., 2017. Managing correspondent banking ML/TF risks: Recent regulatory developments on the risk-based approach model. Journal of Financial Compliance, 1(3), pp.255-266.

Kilcullen, D.J., 2005. Countering global insurgency. Journal of Strategic Studies, 28(4), pp.597-617.

King, C., 2018. Anti-Money Laundering: An Overview. In The Palgrave Handbook of Criminal and Terrorism Financing Law (pp. 15-31). Palgrave Macmillan, Cham.

Li, S., Mäcker, A., Markarian, C., auf der Heide, F.M. and Riechers, S., 2015. Towards flexible demands in online leasing problems. In International Computing and Combinatorics Conference (pp. 277-288). Springer, Cham.

Loayza, N., Villa, E. and Misas, M., 2017. Illicit activity and money laundering from an economic growth perspective: A model and an application to Colombia. Journal of Economic Behavior & Organization.

Madinger, J., 2016. Money laundering: A guide for criminal investigators. CRC Press.

Mahnken, T., Weiss, P., Graboske, B. and Whelan, P., Homestore com Inc, 2004. System and method for online leasing. U.S. Patent Application 09/843,904.

Malama, M. (2007). The effects of Globalisation on money laundering. Phd. Oxford. 

Malmendier, U., Opp, M.M. and Saidi, F., 2016. Target revaluation after failed takeover attempts: Cash versus stock. Journal of Financial Economics, 119(1), pp.92-106.

 Masciandaro, D. (2017). Economics of Money Laundering: A Primer. SSRN Electronic Journal, 56(4), pp.23-45. 

O'neil, A., 2007. Degrading and managing risk: Assessing Australia's counter-terrorist strategy. Australian Journal of Political Science, 42(3), pp.471-487.

Parker, M., 2018. Tackling terrorist fundraising and finances. In Routledge Handbook of Terrorism and Counterterrorism (pp. 451-459). United Kingdom., Routledge Press.

Ravenda, D., Valencia-Silva, M.M., Argiles-Bosch, J.M. and García-Blandón, J., 2018. Money laundering through the strategic management of accounting transactions. Critical Perspectives on Accounting. 22(3), pp.71-87

Ross, S. and Hannan, M., 2007. Money laundering regulation and risk-based decision-making. Journal of Money Laundering Control, 10(1), pp.106-115.

Ryder, N., 2012. Money Laundering–An Endless Cycle? A Comparative Analysis of the Anti-Money Laundering Policies in the United States of America, the United Kingdom, Australia and Canada. United Kingdom. Routledge Press.

Ryder, N., 2015. The financial war on terrorism: A review of counter-terrorist financing strategies since 2001, pp55-86. United Kingdom Routledge.

Sadiq, S. and Governatori, G., 2009. A methodological framework for aligning business processes and regulatory compliance. Handbook of business process management, 2, pp.159-176.

Spink, J., 2017. Product fraud and product counterfeiting as a source of terrorist financing. Security Journal, 30(2), pp.640-645.

Tahiri, N.R., 2018. Financial Analysis of Afghanistan International Bank pp6-12. Kabul. Shah M Book Co

Teffera, E., Sadagopan, G. and Nunes-Vaz, R., 2004. Root Causes of Terrorism: A Systems View. In SETE 2004: Focussing on Project Success; Conference Proceedings; 8-10 November 2004 (p. 164). Sydney. Systems Engineering Society of Australia.