Welcome to the ACAMS Live Chatfiles.acams.org/webcasts/20110309/Live Chat - Securities Industry... · Welcome to the ACAMS Live Chat Securities Focus: Risk-Assessments and the Broker-Dealer
Post on 04-Jun-2018
223 Views
Preview:
Transcript
Welcome to the ACAMS Live Chat
Securities Focus:Risk-Assessments and the
Broker-Dealer
March 9, 2011 – Noon to 1:00 PM ESTA sound check will be performed 5 minutes before
web seminar
2
Technical Assistance & Audio Broadcast
Technical Assistance • Send a message via the Q & A box• Or Call WebEx Technical Support:
(U.S.) 866-229-3239 (International) +1 916-229-3239
Attendee instructions on how to use Audio Broadcast • Do not close the Audio Broadcast panel • If you are not able to listen to the audio on your computer speakers,
press the stop button, wait 5 seconds then press play. • If you are still not able to hear audio, you will need to join the
teleconference.• To join the teleconference, first close the Audio Broadcast window.
Then click the Request Telephony button beneath the participant list.• Do not forget to enter the meeting number and your designated
attendee ID number when dialing in.
5
Moderator:John J. Byrne, CAMSExecutive Vice PresidentACAMS
Speakers:Vasilios P. Chrisos, CAMSAmericas Anti-Money Laundering andEconomic Sanctions DirectorMacquarie Group
6
Speakers:
Jay Shechter, CAMSVice President, AML CompliancePershing Advisor Solutions LLC, a BNY Mellon Co.
Importance of Risk Assessments
• Compliance expectation
• Central focus of regulatory examinations
• Anchors the entire AML and sanctions risk management framework
• Facilitates the allocation of compliance resources
• Sound business practice
7
US Regulatory Guidance
• Institutions should not only assess risk within individual business lines, but also on a consolidated basis across all activities and legal entities.
• BSA / AML and OFAC risk assessments should be an ongoing processes, and not just a one-time exercises.
• Institutions should reassess their BSA / AML & OFAC risks at least every 12 to 18 months.
• Risk assessments should also be revisited more frequently if and when there are material changes in the facts and circumstances of the underlying businesses.
• Institutions structure their BSA / AML & OFAC compliance programs to adequately address its risk profiles (as determined by the risk assessments).
8
The revised Federal Financial Institutions Examinations Council (FFIEC) Bank Secrecy Act / Anti-Money Laundering (BSA / AML) Examination Manual recommends that:
International Standards• Financial Action Task Force (FATF)
“Guidance on the Risk-Based Approach to Combating Money Laundering and Terrorist Financing – High Level Principles and Procedures” (June 2007)
• Basel Committee on Banking Supervision“Compliance and the Compliance Function in Banks” (April 2005)
• The Wolfsberg Group“Guidance on a Risk-Based Approach for Managing Money Laundering Risks”
• The United Kingdom Joint Money Laundering Steering Group (JMLSG)
“Prevention of Money Laundering / Combating the Financing of Terrorism” (November 2009)
9
Key Attributes for Success• Executive sponsorship
• Active participation from key stakeholders
• Identification of relevant risk categories / factors
• Comprehensive in terms of depth and breadth
• Applied consistently throughout the enterprise
• Consensus of LOB executive management
• Approval by the appropriate committees
• Risk philosophy and risk assessment methodology are clearly described and documented
10
Commonly Cited Weaknesses
• Risk assessments were not performed / documented
• Risk assessments did not incorporate all line of business or entities
• Assessments did not consider all major risk categories
• Policies did not specify frequency of updates / re-assessments
• Lack of methodology for assigning risk levels to customers
• Policies and procedures not commensurate with institution’s risk profile
11
Key Stakeholders
12
BSA / AML OfficerBSA / AML Officer
AML SteeringAML SteeringCommitteeCommittee
RegulatorsRegulators
LOB ExecutiveLOB ExecutiveManagementManagement
ComplianceCompliance& &
Info TechInfo Tech
Internal AuditInternal Audit
Risk AssessmentRisk Assessment
Determine the population / inventory of business units, legal entities, etc.
Identify the specific risk categories to be used in the risk analysis
Identify types of products / services, customer base, and geographic locations unique to the institution.
Map applicable laws and regulations to business units, legal entities, etc.
Identify key “knowledge”personnel in each BU
Conduct interviews with key personnel
Administer surveys or questionnaires
Review pertinent documents and other BU-specific information
Prepare interview notes and process maps
Validate information obtained with BU management
Prepare final report outlining the risk assessment methodology, procedures performed, and assessment results
Construct “heat maps”summarizing the inherent and residual risks across all business units
Prepare workpapers containing all of the documentation supporting the risk assessment exercise
Obtain requisite approvals
Address key issues stemming from risk assessments
Revisit AML compliance program to determine whether it aligns to institution’s risk profile
Implement modifications to AML compliance program, as necessary
Monitor for changes in the institution’s business strategy and / or operating model and assess impact on money laundering / terrorist financing risk profile
Develop matrix of inherent risks against pre-determined categories
Analyze data and information obtained
Determine the inherent risk across each of the pre-determined risk categories
Assess mitigating factors
Evaluate overall residual risk for each in-scope line of business, legal entity, etc.
Gain concurrence from BU management
Project Management
AligningReportingRisk ratingInformationgathering Planning
Sample Risk Assessment Approach
Ongoing Communication with Key Stakeholders
BU Risk Assessments Program Development & Execution Risk Reporting
Escalation
Formalized, Documented Process
• A formal process that considers all elements, stakeholders, inherent risk, and residual risk within a documented, defensible and maintainable form
• Reporting is key to managing operational risk, regulatory need, and to influencing future risk assessments
Governance Policies and Procedures
Program Monitoring
Evaluation
Internal Metrics
Formally Linking Risk Scores to Practices
Transaction Monitoring /Case Mgmt
ClientOnboarding
Executive Sponsorship / Advocacy
SARReporting
OFAC /Sanctions
EmployeeTraining
• Allows for a phased implementation approach based on risk.• Initial roll-out to those business units more likely to be used as conduits for money laundering / terrorist
financing activities (e.g., business units deemed high risk after conducting the risk assessments).• Other factors that would be considered during the completion of the risk assessments and would
potentially impact the phased roll-out would be business units with multiple source systems, existence of data warehouses, known data quality issues, and the extent of manual monitoring procedures already in place.
BSA/AML Risk Assessment Factors
Primary Factors• Customer and Entities• Geographic Locations• Products and Services• Distribution Channels• Funds Flow• Terms of Settlement /
Delivery
Secondary Factors• SARs Filed• 314(a) and 314(b)
Referrals• Subpoena Volume
15
Controls / Mitigating Factors
• Organizational structure and tone
• Business practices
• IT infrastructure and transaction monitoring capabilities
• BU-specific policies and procedures
• Employee training and awareness
• Results of prior internal and external program assessments
• Issue / incident resolution process
16
Inherent Risk - Controls / Mitigating Factors = Residual Risk
17
RESIDUAL RISK MATRIX Quality of Risk Management
InherentRisk
Satisfactory Needs Improvement Deficient
High M H H
Medium L M H
Low L L M
Broker-Dealer Risk Assessments
• In 2010, FINRA released an updated version of the AML Template for Small Firms
– New version recommends a risk assessment as a “good practice”
– Guidance notes that a risk assessment is a “useful tool for demonstrating to your firm’s examiner that the firm used a reasonable approach for designing its AML program.”
– Stresses the importance of developing internal controls to identify when circumstances change
Source - http://www.finra.org/Industry/Issues/AML/p006340
Assessing Risk in the Clearing/Introducing Firm Model
• FINRA enforcement actions have cited failures by clearing firms to adequately assess AML risks associated with introducing firms
– Legent Clearing • Legent “did not adequately consider the money laundering risks posed by its
introducing firms,”• Noted high risk AML activities such as penny-stock liquidations and
providing clearing services to firms with “significant disciplinary backgrounds”
– Penson Financial• Penson utilized exception reports but the criteria used for the reports were
not appropriately risk based and did not identify or account for high-risk customers and activities
Beneficial Ownership Guidance
• March 2010 guidance stresses the importance of evaluating risk when reviewing and on-boarding new customers
• “The requirement that a financial institution know its customers, and the risks presented by its customers, is basic and fundamental to the development and implementation of an effective BSA/AML compliance program.”
• Procedures reasonably designed to identify and verify beneficialowners “based on the institution’s evaluation of risk pertaining to an account.”
Source – FIN-2010-G001 Guidance on Obtaining and Retaining Beneficial Ownership Information
22
If you have questions about today’s session, please send them to
training@ACAMS.org
Thank You for Joining Us Today!
24
With more than 10,000 members in over 140 countries, ACAMS has been serving the AML community since 2002 through:
The CAMS certification program
A powerful career resource center
Online forums and listservsmake connections, share ideas, ask questions
Live and virtual training eventsfive annual international conferences, web seminars, live AML seminars and free live chats
Visit www.ACAMS.org for more information
top related