SANCTIONS AND STRATEGY: RISK MEASUREMENTS, DATA AND ...files.acams.org/pdfs/2016/CENNJ09192016_Presentation.pdf · • Lead U.S. Economic Sanctions Engagement conducting and coordinating
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
AREAS OF EXPERTISE• Anti-Money Laundering• Economic Sanctions• Regulatory Compliance• Financial Services Operations
INDUSTRY EXPERTISE• Financial Services• Capital Markets• International Banking
EDUCATION• B.A. – St. John’s University, New York
PROFESSIONAL EXPERIENCEJoe Hanvey is a Director with Protiviti in the firm’s Regulatory Risk Consulting practice assisting financial institution clients on regulatory and risk management issues with a focus on Bank Secrecy Act (BSA), Anti-Money Laundering (AML), and Economic Sanctions. Joe has extensive experience leading international engagements assisting financial institutions respond to formal and informal enforcement actions by banking supervisors and U.S. Authorities. Working with financial institutions subject to regulatory agreements, Joe has developed, enhanced and submitted BSA/AML and Economic Sanctions compliance programs for regulatory submission resulting in subsequent implementation for international financial institutions with wholesale banking, insurance, securities and investment advisory business activities.Joe joined Protiviti in 2014 after working previously as a Senior Manager for over 5 years with a large Financial Services Consulting Company leading BSA/AML and Sanctions engagements for domestic and international complex banking organizations and previously serving as the Head of AML for Nomura Securities International, Inc. responsible for the business operations for the Americas. Joe also served as the designated BSA/AML Officer for Canadian Imperial Bank of Commerce responsible for U.S. operations which included oversight of the institutional securities activities in U.S. and retail operations in Tel Aviv. He is a former examiner with FINRA (legacy NASD) where he was a lead participant in the SEC’s June 2001 AML Sweeps and is also the founder and former chair of the AML Strategic Leadership Group, a financial services industry group created in October 2002 bringing together over 1900 domestic and international industry leaders. Joe currently maintains an active security clearance with a focus on Threat Finance.
PRINCIPAL AREAS OF PRACTICE• Lead U.S. Economic Sanctions Engagement conducting and coordinating on-site testing of sanctions
screening, monitoring and governance controls for business operations in U.S., U.K., Singapore, Germany and additional international locations.
• Developed a Global Targeting Operating Model of a BSA/AML and OFAC Compliance Program for an international complex banking organization in response to regulatory enforcement actions.
• Managed a cross-border project conducting assessments of BSA/AML and Sanctions Compliance Processes and assisted the Bank Develop Enterprise-Wide Enhancements to the bank’s Policies and Procedures.
• Designed the BSA/AML and OFAC Testing Audit Program for the U.S. Operations of an International Bank for regulatory review and, subsequently, conducted the BSA/AML and OFAC Testing following approval.
• Managed a wide variety of anti-money laundering projects assisting clients enhance surveillance and monitoring programs, due diligence controls, metrics and analytics reports, wire analysis screening, and risk assessments.
MEASURING, COMMUNICATING AND MITIGATING RISKS (CONT.)
9
Gather metrics, establishing parameters, weightings to measure and manage can be through generation of a Risk Index Score based on changes in risk factor outcomes.
Time-oriented measures (past, present, future) should be used to extrapolate future-oriented compliance, operational and reputational risk measures.
Visibility of increasing risk and corresponding mitigating controls should be established allowing management to understand, review and decision shifts in performance of underlying compliance, operational and reputational risk factors.
Am I Riskier Today than I was
Yesterday?
Is My Risk Increasing?
What are the Underlying Causes?
Risk monitoring is an ongoing and continual assessment process. For a financial institution, capital risk is measured with each transaction and, similarly, compliance risks should also be monitored for changes in the business environment as the impact of compliance risks changes over time. The following three risks are at the very heart of every compliance concern:
MEASURING, COMMUNICATING AND MITIGATING RISKS (CONT.)
10
Am I Riskier Today than I was Yesterday?
Is My Risk Increasing?
considers the coverage of customers and products and the comprehensiveness of rules and scenarios
Transaction Monitoring
considers compliance with BSA reporting requirements, wire transfer information, and procedures for safeguarding the information/documentation
BSA Recordkeeping and Retention
considers the investigations and escalation processes, timeliness of SAR filing, and quality assurance processes
Investigation and Suspicious Activity Reporting
considers the policies, procedures and controls for Customer Due Diligence, client risk rating methodology, and counter-party risks
Customer Due Diligence
considers the screening thresholds, transaction monitoring, due diligence controls, training and testing
Sanctions
Utilizing Existing Data and Technology Platforms to Measure, Communicate and Mitigate Risks in your Bank Secrecy Act (“BSA”) / Anti-Money Laundering (“AML”) and Sanctions Programs:
• What data is currently available to us?
• What data is still needed?
• What is an acceptable level of dataquality, and who is ultimately responsiblefor ensuring data is delivered at thatquality?
• How will we keep this data updated, andrespond to changing systems andtechnology across the institution?
• Where does Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) and Officeof Foreign Assets Control (OFAC) fit intothe technology hierarchy?
• Sustain business/risk strategies & policies• Allocate capital • Review/approve policies, management & processes• Establish and Monitor accountabilities• Monitor internal/external events• Review/approve risk strategies/tolerances• Build risk management infrastructure• Monitor and drive Business Risk Management Plan • Align compliance and compensation
• Sustain policies & procedures• Create assessment tools & measurement methodologies • Demonstrate knowledge in specific risks• Responsive risk strategies• Monitor risk management process & results• Escalate and track issues• Provide performance assurance & drive continuous sustainability
• Execute Business Risk Management Plan • Identify, source, & measure risks• Apply control resources• Identify & correct control gaps• Provide timely management reporting• Escalate and resolve issues
INFORMATION NEEDS THROUGHOUT A FINANCIAL INSTITUTION (CONT.)
12
Customer Due Diligence
Transaction Monitoring
Investigations and Suspicious Activity
Reporting
BSA Recordkeeping and Reporting Sanctions
Operational Compliance Reputational
Analyst productivity and length of reviews.
Communicating with LoB, analyst coverage and QC reviews.
Resources capable of managing risk?
FTEs managing current and remedial activities?
Sustaining environment, reporting risks and backlogs.
Controls effective and sustainable?
Ratio of higher risk activities to overall activities?
Are risks identified, escalated and decisioned?
Reporting current and anticipated backlogs and risk concerns.
Information Needs
Management
Control Persons
Senior Leadership
Communication Model
Control Effectiveness
Operational Monitoring
Risk Strategy
A financial institution must develop and maintain a sound compliance management system that is integrated into the overall risk management strategy of the institution. However, financial institutions face multiple challenges with respect to obtainingand leveraging the right metrics. To ensure the right metrics are being utilized, a well-defined governance framework must be established, along with clearly articulated roles and accountability to meet regulatory requirements.
BSA Recordkeeping and Reporting SanctionsTransaction
Monitoring
The concept of Customer Due Diligence (CDD) begins with verifying the customer’s identity and assessing the risks associated with that customer. The objective of CDD should be to enable the bank to predict with relative certainty the typesof transactions in which a customer is likely to engage. These processes assist the bank in determining when transactions are potentially suspicious. ~ (FFIEC)
With the ultimate focus on monitoring account behavior, there are several ways to monitor accounts that require extra due diligence. These range from acquiring more information about accounts holders to analyzing their international transfers and trades.
We are familiar with the information needed to be collected including Purpose of accounts, Source of funds, Ownerships/ control over account, banking references, location of business, proximity to customer, international trades from account, description of business operations/anticipated volume of currency and product use, customer-follow-up to understand changes in account behaviors, and establishing the expected/anticipated pattern of account.
BSA Recordkeeping and Reporting SanctionsTransaction
Monitoring
Regulatory Enforcement: In one 2012 and another 2013 Consent Order between the Office of the Comptroller of the Currency (OCC) and large financial institutions, the OCC required banks to establish “sufficient management information and metrics to manage and adjust the system”.
Industry Practices: In 2010 written testimony delivered to the Permanent Subcommittee on Investigations, a compliance officer provided background on their bank’s monitoring on Fraud and AML representing metrics are used in that monitoring.
Metrics should serve to control and proactively monitor risk, assess effectiveness of investigation and reporting controls. Typical key performance measures would include assignment and aging reporting, and other relevant data assessing an analysts alert handling and investigation response time.
In 2013, the U.S. Senate’s Committee on Banking, Housing, and Urban Affairs helda hearing on Examining Bank Secrecy Act Compliance and Enforcement. Inresponse to written questions received regarding FTE reductions, the OCCComptroller reported that compliance management metrics failed to point out therisk of declining staff, and banks often cut staff while making the case that systemenhancements permit efficiencies. It is something we now pay closer attention toand expect the banks to have better MIS to provide early warning internally whenstaff cannot keep pace with workload or quality.
The BSA recordkeeping requirements include the requirement that a financial institution’s records be sufficient to enable transactions and activity in customer accounts to be reconstructed if necessary as these records and reports have a high degree of usefulness in criminal, tax, and regulatory investigations or proceedings.
Additional reporting requirements include Currency Transaction Reports and Exemptions (CTR), Form 8300, Report of International Transportation of Currency or Monetary Instruments (CMIR), and Reports of Foreign Bank and Financial Accounts (FBAR).
Recordkeeping requirements include the Funds Transfer and Travel Rule Requirements, and Recordkeeping Requirements for the Purchase and Sale of Monetary Instruments.
In 2008 guidance, the Board of Governors of the Federal Reserve System (FRB) issued SR 8-08 clearing outlining their expectation that a firm-wide sustainable compliance function be established that includes identifying and responding to changes in risk profile based on business activities.
Treasury Strategic Objective 4.4 (Protect the integrity of the financial system by implementing, promoting, and enforcing anti-money laundering and counterterrorism financing standards): TFI administered and enforced economic and trade sanctions based on U.S. foreign policy and national security under Treasury authorities. In order to gauge its performance, TFI created a composite measure meeting its performance target (8.3) on a risk index composite measure in FY 2013, FY 2014 goal of 8.5 for this metric is 8.5 and FY 2015 goal of 8.5.
In August 2014, the FDIC, in response to FDIC OIG Audit 14-009, indicated that they were considering the adoption of new metrics and greater use of data analytics to facilitate the identification of BSA/AML problems at institutions.
• In one 2015 OFAC action, it was reported that several employees who had responsibilities for a particular client assumed that once the entity was designated, then all of its subsidiaries and related entities are treated as one customer group, and as such, required to be designated. However, while knowledge existed, controls weren’t updated.
A nation that is boycotted is a nation that is in sight of surrender. Apply this economic, peaceful, silent, deadly remedy and there will be no need for force. It is a terrible remedy. It does not cost a life outside the nation boycotted but it brings a pressure upon the nation which, in my judgement, no modern nation could resist
“A nation that is boycotted is a nation that is in sight of surrender. Apply this economic, peaceful, silent, deadly remedy and there will be no need for force. It is a terrible remedy. It does not cost a life outside the nation boycotted but it brings a pressure upon the nation which, in my judgement, no modern nation could resist”
Lary v. Republic of CubaUnited States Court of Appeals,Second Circuit.February 27, 1987S.D.N.Y., 643 F. Supp. 194
Paradissiotis v. RubinUnited States Court of Appeals, Fifth Circuit.Chris PARADISSIOTIS, Plaintiff-Appellant, v. Robert E. RUBIN, Secretary of the United States Department of Treasury; et al., Defendants, Robert E. Rubin, Secretary of the United States Department of Treasury; R. Richard Newcomb, Director of the Office of Foreign Assets Control, Defendants-Appellees.April 1, 1999
OFAC does not have a set requirement identifying specific data to be screened or the type of information required to be screened. Third-Party Service Provider (TPSP), payment processors, can provide additional visibility on user activity.
Industry practices continue to be strengthened around payment processors, third party providers, vendors and other intermediaries resulting from guidance from various regulators and financial services industry groups including the Financial Crime Enforcement Network advisory FIN 2012 A010 issued in 2012.
Specifically, Due Diligence and OFAC Screening is expected to be conducted on all counter parties to assess 1) types of products and services offered, 2) Location(s) and market(s) served, 3) Anticipated account activity, and 4) purpose of the account.
Source: Conference State Bank Supervisors Third Party Payment Processors
Country Target Goal First year Last yearUNITED STATES JAPAN Shipping for Allies 1917 1918UNITED STATES MEXICO Expropriation dispute 1938 1947UNITED STATES GERMANY, (JAPAN) Regime change 1939 1945UNITED STATES GERMANY, (JAPAN) Military victory 1939 1945UNITED STATES JAPAN Withdraw from Southeast Asia 1940 1941UNITED STATES (GERMANY), JAPAN Regime change 1941 1945UNITED STATES (GERMANY), JAPAN Military victory 1941 1945UNITED STATES ARGENTINA Destabilize Peron 1944 1947UNITED STATES NETHERLANDS Recognize Indonesia 1948 1949UNITED STATES USSR, COMECON Impair military potential 1948 1994UNITED STATES CHINA Impair military potential 1949 1970UNITED STATES CHINA Military disruption, Korea 1950 1953UNITED STATES NORTH KOREA Regime change 1950 --UNITED STATES NORTH KOREA Military impairment 1950 --UNITED STATES IRAN Destabilize Mussadiq 1951 1953UNITED STATES NORTH VIETNAM Military impairment 1954 1974UNITED STATES EGYPT Suez nationalization 1956 1956UNITED STATES ISRAEL Intermittent, various 1956 1983UNITED STATES LAOS Destabilization 1956 1962UNITED STATES UNITED KINGDOM End Suez intervention 1956 1956UNITED STATES CUBA Destabilize Castro 1960 1989
Country Target Goal First year Last yearUNITED STATES CUBA Disruption of military adventures 1960 1989UNITED STATES DOMINICAN REPUBLIC Destabilize Trujillo 1960 1962UNITED STATES CEYLON Expropriation dispute 1961 1965UNITED STATES GDR Berlin Wall 1961 1962UNITED STATES BRAZIL Expropriation, destabilization 1962 1964UNITED STATES EGYPT Military disruption,Yemen,Congo 1963 1965UNITED STATES INDONESIA Regime change 1963 1966UNITED STATES INDONESIA End "Crush Malaysia" 1963 1966UNITED STATES SOUTH VIETNAM Destabilize Diem 1963 1963UNITED STATES CHILE Reduce copper price 1965 1966UNITED STATES INDIA Agriculture policy 1965 1967UNITED STATES PERU French fighter jets 1968 1968UNITED STATES PERU Expropriation 1968 1974UNITED STATES CHILE Destabilize Allende 1970 1973UNITED STATES (INDIA), PAKISTAN Military disruption, Pakistan 1971 1971UNITED STATES INDIA,(PAKISTAN) Military disruption, Pakistan 1971 1971UNITED STATES UGANDA Destabilize Amin 1972 1979UNITED STATES SOUTH KOREA Human rights 1973 1977UNITED STATES TURKEY Military disruption, Cyprus 1974 1978UNITED STATES CHILE Human rights, Letelier 1975 1990UNITED STATES KAMPUCHEA Human rights, deter Viets 1975 1979
Account for MIAs, withdrawal from Cambodia 1975 1998
UNITED STATES SOUTH AFRICA Nuclear policy 1975 1982UNITED STATES SOUTH KOREA Nuclear proliferation 1975 1976UNITED STATES USSR Freer emigration 1975 1994UNITED STATES ARAB LEAGUE Antiboycott 1976 --UNITED STATES TAIWAN Nuclear policy 1976 1977UNITED STATES URUGUAY Human rights 1976 1981UNITED STATES ARGENTINA Human rights 1977 1983UNITED STATES BRAZIL Human rights 1977 1984UNITED STATES EL SALVADOR Human rights 1977 1981UNITED STATES ETHIOPIA Human rights, expropriation 1977 1992UNITED STATES GUATEMALA Human rights 1977 2005UNITED STATES NICARAGUA Destabilize Somoza 1977 1979UNITED STATES PARAGUAY Human rights 1977 1981UNITED STATES ARGENTINA Nuclear policy 1978 1982UNITED STATES BRAZIL Nuclear policy 1978 1981UNITED STATES INDIA Nuclear policy 1978 1982UNITED STATES LIBYA Destabilize Gadhafi 1978 2004UNITED STATES LIBYA Nuclear proliferation 1978 2004UNITED STATES USSR Human rights (dissidents) 1978 1980UNITED STATES BOLIVIA Human rights, drugs 1979 1982
Country Target Goal First year Last yearUNITED STATES IRAN Return hostages 1979 1981UNITED STATES PAKISTAN Nuclear policy 1979 1997UNITED STATES IRAQ Terrorism 1980 2003UNITED STATES USSR Invasion of Afghanistan 1980 1981UNITED STATES USSR Impairment, Afghanistan 1980 1981UNITED STATES NICARAGUA Destabilize Sandinistas 1981 1990UNITED STATES POLAND Various, Solidarity 1981 1987UNITED STATES USSR Impairment, Poland 1981 1982UNITED STATES CHILE Restore democracy 1983 1990UNITED STATES GRENADA Destabilize Bishop-Austin regime 1983 1983UNITED STATES ROMANIA Human rights, emigration 1983 1989UNITED STATES USSR KAL shooting down 1983 1983UNITED STATES ZIMBABWE Foreign policy 1983 1988UNITED STATES IRAN Nuclear proliferation, terrorism, etc. 1984 --UNITED STATES LEBANON Hostage taking, Hezbollah activities 1984 1997UNITED STATES SOUTH AFRICA Apartheid 1985 1991UNITED STATES ANGOLA Cuban troops; Marxism 1986 1992UNITED STATES SYRIA Terrorism 1986 --UNITED STATES EL SALVADOR Amnesty 1987 1988UNITED STATES HAITI Human rights, drugs, elections 1987 1990UNITED STATES PANAMA Destabilize Noriega 1987 1990
Country Target Goal First year Last yearUNITED STATES BURMA Human rights, elections 1988 --UNITED STATES CHINA Human rights (Tiananmen Square) 1989 --UNITED STATES SUDAN Human rights; democracy 1989 --UNITED STATES (JORDAN), YEMEN et al. Enforce UN embargo v. Iraq 1990 1997UNITED STATES CUBA Destabilize Castro 1990 --UNITED STATES EL SALVADOR Human rights, end civil war 1990 1993UNITED STATES JORDAN, (YEMEN et al.) Enforce UN embargo v. Iraq 1990 1994UNITED STATES
KENYAPolitical repression, human rights, democracy 1990 1993
UNITED STATES ROMANIA Democracy, elections 1990 1993UNITED STATES ZAIRE Democracy 1990 1997UNITED STATES CHINA Nuclear proliferation 1991 --UNITED STATES INDONESIA Human rights in East Timor 1991 1997UNITED STATES PERU Democracy, human rights 1991 1995UNITED STATES THAILAND Coup 1991 1992UNITED STATES USSR Coup 1991 1991UNITED STATES AZERBAIJAN End Armenia embargo 1992 2002UNITED STATES CAMEROON Human rights, democracy 1992 1998UNITED STATES MALAWI Democracy, human rights 1992 1993UNITED STATES
NICARAGUACivil control over military; expropriation claims 1992 1995
UNITED STATES GUATEMALA Coup 1993 1993UNITED STATES NIGERIA Human rights, democracy, narcotics 1993 1998
Country Target Goal First year Last yearUNITED STATES NORTH KOREA Nuclear proliferation 1993 1994UNITED STATES SUDAN Terrorism, religious persecution 1993 --UNITED STATES THE GAMBIA Democracy 1994 1998UNITED STATES (PERU), ECUADOR Border conflict 1995 1998UNITED STATES PERU, (ECUADOR) Border conflict 1995 1998UNITED STATES COLOMBIA Narcotics, human rights 1996 1998UNITED STATES NIGER Democracy 1996 2000UNITED STATES PARAGUAY Possible coup attempt 1996 1996UNITED STATES ZAMBIA Human rights; constitutional reform 1996 1998UNITED STATES INDIA Nuclear proliferation 1998 2001UNITED STATES PAKISTAN Nuclear policy 1998 2001UNITED STATES YUGOSLAVIA, SERBIA Destabilize Milosevic 1998 2001UNITED STATES YUGOSLAVIA, SERBIA Kosovo 1998 1999UNITED STATES INDONESIA Independence for East Timor 1999 2002UNITED STATES IVORY COAST Coup, democracy 1999 2002UNITED STATES PAKISTAN Coup, democracy 1999 2001UNITED STATES ECUADOR Coup 2000 2000UNITED STATES NORTH KOREA Nuclear proliferation 2002 2006
Sector Sanctions Program Entity Settlement YearFinancial Services Libya Sanctions Allfirst Financial Inc. $4,000 2003
Banking Libya Sanctions Banco di Napoli $2,300 2003Banking Cuba Sanctions Bancomer S.A. $5,000 2003Banking Yugoslavia Sanctions Bank of New York $24,750 2003Banking Sudan Sanctions Citigroup, N. A. $2,500 2003Banking Terrorism Sanctions Regulations Citigroup, N. A. $2,925 2003Banking Libya Sanctions Credit Lyonnais $5,500 2003Banking Iran Sanctions First Security Bank $63,200 2003Banking Iran, and Cuba Sanctions Fleet Bank $41,050 2003Banking Libya Sanctions National Australia Bank $4,780 2003Banking Cuba, Sudan, and Kosovo Northern Trust $18,027 2003Banking Sudan Sanctions Safra national Bank $5,381 2003Banking Kosovo Sanctions Union Bank of CA $14,913 2003Banking Iran Sanctions Union Bank of CA $12,000 2003Banking Sudan Sanctions Union Planters Bank $4,500 2003Banking Sudan Sanctions Wells Fargo Bank $5,500 2003Banking Kosovo Sanctions State Bank of India $5,500 2003
BankingCuba Sanctions
Bank of the West on behalf of Sanwa Bank
$72,220 2003
Banking Sudan Sanctions Deutsche Bank A.G. $5,500 2003Banking Sudan Sanctions Deutsche Bank A.G. $4,500 2003Banking Iraq Sanctions UBS (USA) Inc. $14,750 2003
Sector Sanctions Program Entity Settlement YearBanking Cuba Sanctions UBS (USA) Inc. $5,000 2003Banking Libya Sanctions HSBC Bank USA $1,944 2003Banking Iran Sanctions HSBC Bank USA $5,500 2003Banking Yugoslavia Sanctions HSBC Bank USA $11,000 2003Banking Reporting and Procedures Regulations State Street Bank & Trust Co. $22,000 2003Banking Kosovo Sanctions Bank United $5,843 2003Banking Iraq Sanctions Union Bank of California $4,800 2003Banking Libya Sanctions Société Générale $11,000 2003
BankingCuba Sanctions
Bank Polska Kasa Opieki SA/Bank Pekao SA
$9,725 2003
Banking Iran Sanctions National City Bank $5,500 2003Banking Kosovo Sanctions National City Bank $250 2003Banking Libya Sanctions Banco Bradesco S.A. $9,000 2003
BankingCuba Sanctions
Bank Audi (USA) nka InterAudi Ban
$13,750 2003
Banking Libya Sanctions MashreqBank $5,500 2003Banking Libya Sanctions Harris Bank International $11,000 2003Banking Sudan Sanctions Bank of America $4,308 2003Banking Iran Sanctions Bank of America $158,039 2003Banking Libya Sanctions Bank of Communications $2,684 2003Banking Libya Sanctions Barclays Bank PLC $10,108 2003Banking Cuba Sanctions Intrust Bank $8,000 2003Banking Libya Sanctions Société Générale $6,600 2003
Sector Sanctions Program Entity Settlement YearBanking Libya Sanctions South Trust Bank $2,750 2003
BankingCuba Sanctions
Bridgeview Bank on behalf of Uptown National Bank of Chicago
$5,500 2003
Banking Kosovo Sanctions Arab Banking Corp. $5,500 2004Banking Cuba Sanctions Bank of China $10,000 2004
BankingCuba Sanctions
Eastern Financial Florida Credit Union
$4,000 2004
Banking Cuba, Libya andSudan Sanctions JP Morgan Chase & Co.
$17,304 2004
Banking Cuba, Iran, Libyaand Sudan JP Morgan Chase & Co.
$73,281 2004
Banking Kosovo Sanctions American Express Bank, Ltd. $3,291 2004
Banking Sudan Sanctions and ForeignNarcotics Kingpin regulations Bank of America
$13,573 2004
Banking Iran and Sudan Sanctions Bank One $6,683 2004Banking Libya Sanctions Barclays Bank PLC $14,970 2004
Banking Cuba, Libya andSudan Sanctions Bank of New York
$34,623 2004
Banking Libya Sanctions Bank of New York $27,500 2004Banking Kosovo Sanctions Bank of New York $5,500 2004Banking Cuba Sanctions Columbia Bank $1,000 2004Banking Sudan Sanctions Commerzbank AG $5,500 2004
Sector Sanctions Program Entity Settlement YearBanking Kosovo Sanctions Comerica Bank $850 2004Banking Kosovo Sanctions Corporate One Federal Credit Union$5,500 2004Banking Cuba Sanctions HSBC Bank USA $8,375 2004Banking Libya and Iran Sanctions Wachovia Bank $11,000 2004
BankingIran Sanctions
Wachovia Bank on behalf of First Union Bank
$18,470 2004
BankingIran Sanctions
Webster Bank on behalf of Village Bank & Trust
$2,824 2004
Capital Markets Cuba Sanctions Church Pension Fund $74,294 2004Banking Cuba Sanctions Citicorp Vendor Finance Ltd. $7,380 2004
Capital MarketsCuba Sanctions
Merrill Lynch, Pierce, Fenner & Smith, Inc.
$22,904 2004
Banking Kosovo Sanctions Arab Bank PLC $2,450 2004Banking Iran Sanctions Banco de Chile $5,500 2004Banking Iran Sanctions Banco do Brasil $10,163 2004Banking Iran Sanctions Bank One $5,500 2004Banking Iran Sanctions Central Carolina Bank $3,750 2004Banking Libya Sanctions Citibank $5,500 2004
Sector Sanctions Program Entity Settlement YearBanking Libya Sanctions HSBC Bank USA $5,500 2004
BankingBurma Sanctions
Hanmi Bank on behalf of Pacific Union Bank
$450 2004
BankingLibya Sanctions
International Commercial Bank of China
$5,988 2004
Banking Cuba and Libya Sanctions JP Morgan Chase Bank $9,748 2004Banking Cuba, Iran and Sudan Sanctions JP Morgan Chase Bank $18,094 2004Banking Kosovo Sanctions LaSalle Bank N.A. $3,050 2004Banking Kosovo Sanctions Lee Bank $16,500 2004
BankingIran Sanctions
Nordea Bank Finland, PLC on behalf of Christiania Bank
$5,900 2004
Financial Services
Cuba Sanctions
American Express Company, Inc. on behalf of American Express, S.A. de C.V.
$18,391 2004
Financial Services
Iran Sanctions
American Express Company, Inc. on behalf of Inc. on behalf of American Express Bank Ltd.
$2,750 2004
Financial Services
Libya Sanctions
American Express Company, Inc. on behalf of Inc. on behalf of American Express Bank Ltd.
$5,500 2004
Banking Kingpin Act First National Bank $19,200 2004
Sector Sanctions Program Entity Settlement YearBanking Iran Sanctions Hanmi Bank $7,000 2004
BankingKosovo Sanctions US Bancorp on Behalf of California United Bank
$7,250 2004
Banking Kosovo Sanctions Hudson United Bank $3,347 2004
Banking
Cuba Sanctions
Santander Bank & Trust (Bahamas) Ltd. (formerly Santander Central Hispano Bank & Trust [Bahamas] Ltd.)
$20,000 2004
Banking Iran Sanctions PNC Bank $8,200 2005Banking Libya Sanctions Union Bank of California $5,500 2005Banking Iran Sanctions Wells Fargo Bank $42,833 2005Banking Sudan Sanction Atlantic Bank $5,500 2005Banking Iran Sanctions Bank of America $2,760 2005Banking Sudan Sanction Bank of China $11,000 2005Banking Iran Sanctions SunTrust Bank $30,800 2005Banking Libya Sanctions The Bank of New York $5,845 2005Banking Cuba Sanctions United National Bank $11,000 2005Banking Libya Sanctions Wachovia Bank $5,500 2005Banking Kingpin Act Bank of New York $4,650 2005Banking Iran Sanctions Bank-Fund Staff Federal Credit Union $14,000 2005
Norton Lilly International (“Norton”), Mobile, AL $25,000 2011
Shipping Lines
Cuban Assets Control Regulations, 31 C.F.R. part 515, the Iranian Transactions Regulations, 31 C.F.R. part 560, and the Sudanese Sanctions Regulations, 31 C.F.R. part 538,
CMA CGM (America) LLC $640,000 2011
Banking
Cuban Assets Control, Weapons of Mass Destruction Proliferators Sanctions Regulations, Global Terrorism Sanctions Regulations, Iranian Transactions Regulations, Sudanese Sanctions, Former Liberian Regime of Charles Taylor Sanctions Regulations, Reporting, Procedures, and Penalties Regulations
JPMorgan Chase Bank $88 Million 2011
ManufacturingIranian Transactions Regulations, Sudanese Sanctions Regulations, and Cuban Assets Control Regulations
Flowserve Corporation $661,053 2011
Financial ServicesIranian Transactions Regulations Zurigo Trading, Inc. $10,000 2011
Cuban Assets Control Regulations (“CACR”), 31 C.F.R. part 515; the Burmese Sanctions Regulations (“BSR”), 31 C.F.R. part 537; the Sudanese Sanctions Regulations (“SSR”), 31 C.F.R. part 538; the now-repealed Libyan Sanctions Regulations (“LSR”), 31 C.F.R. part 550; and the Iranian Transactions Regulations (“ITR”), 31 C.F.R. part 560. ING Bank N.V.
$619 Million 2012
BankingSudanese Sanctions Regulations, 31 C.F.R. part 538 National Bank of Abu Dhabi $855,000 2012
INDUSTRY IMPACT (CONT.)
NEVER FINISH THE RACE
45
EXPECTATIONS AND STANDARDIZATION
Compliance Area OFAC Components Description
Data Currently Screened
Automate Metrics Monitoring (e.g.
Datazen)
GovernanceDefine and communicate Policy on Organization's Sanctions program
Policy to comply with high standards of Sanctions-related compliance in all markets and jurisdictions to ensure compliance with applicable legislation and regulations
Should be a set of consistent Enterprise-wide Standards Policies and Procedures should address all stages of
Sanctions procedures including customer screening, wire / check screening, investigating and decisioning potential matches, rejecting / freezing / blocking Sanctions hits, Sanctions list maintenance and testing and management and external law enforcement reporting
Sanctions policy should extend beyond the requirement to meet all applicable local laws and regulations i.e. policies which support Institution's values
GovernanceConduct and Refresh Enterprise-Wide Sanctions Risk Assessment
Establish guidance in policies and procedures for conducting Sanctions Risk Assessment and frequency of the risk assessment (at least annually). Consider conducting more frequently based upon level of risk (e.g., high risk areas should be re-evaluated more than once per year)
Report Sanctions Risk Assessment to appropriate Senior Management, committees and Board
Utilize results to set thresholds for monitoring clients and transactions based on line of business and region
Establish guidance in policies and procedures for refreshing Sanctions Risk Assessments at least annually, if not more frequently based upon risk-level
Compliance Area OFAC Components Description Data Currently
Screened
Automate Metrics
Monitoring (e.g.
Datazen)
Training and Education
Train all new hires
Global training program for all new hires to include U.S. Sanction Program requirements
Required training to be completed within a defined time period i.e. XX number of days after initial start date, part of the overall OFAC training program
Annual employee training (enterprise-wide program)
Develop training specific to controls, employee oversight responsibilities, and advanced training for others involved in U.S. OFAC Program Risk Management Decisions
Require employees involved in USD Clearing and those global employees that support controls identified in enforcement actions to sign annual compliance attestation confirming they have attended training and are aware of all U.S. OFAC-related issues
Training tailored to specific business lines in high-risk services, geographies and customers
Specific business lines will be more high risk so will require additional training for staff to understand the inherent risks in their business line (i.e., jurisdictions with strong commercial ties)
Advanced Training for OFAC Compliance Staff
Training to ensure OFAC staff are current with changes to U.S.Sanctions Programs
Affiliate DueDiligence
Affiliate Due Diligence (ADD)
Define an enterprise-wide policy specifically for due diligence on affiliates (majority owned subsidiaries)
Periodic reviews of ADD compliance including site visits Define ADD standards for adherence by all internal affiliates
Identify and manage relationship with Internal affiliates
Define an enterprise-wide policy for the identification of appropriate relationships including a sign-off process
EXPECTATIONS AND STANDARDIZATION (CONT.)
Compliance Area OFAC Components Description Data Currently
Screened
Automate Metrics
Monitoring (e.g.
Datazen)
Customer Due
Diligence
Conduct Initial Customer Screening
Policy specifically requiring Customer Screening against sanctions lists upon initial onboarding of clients including beneficial owners
Utilize RDC as well as World Check for initial screening
Conduct Ongoing Customer Screening
Ongoing customer screening against sanctions lists Frequency of ongoing customer screening Information / relevant data fields to be screened (e.g., capture
changes in customer information, all records including electronic and manually obtained documents, beneficial ownership or name fields on account, address / country)
Due Diligence
Screen employees against all Sanctions Lists
Defined information and documentation requirements Ensure legal is consulted regarding the obtaining and storing of
screening information
Screen vendors against all Sanctions Lists
Defined information and documentation requirements Standards for vendor approval process
EXPECTATIONS AND STANDARDIZATION (CONT.)
Compliance Area OFAC Components Description Data Currently
Screened
Automate Metrics
Monitoring (e.g.
Datazen)
TransactionMonitoring
Manage Higher Risk Products, Services and Transactions: Trade Finance and Correspondent Banking
Standards and Policies when engaging in higher risk activities Establish defined fields and related documentation
requirements Establish manual / automatic screening process
Screen incoming wires
Screen incoming wires Procedures for managing false positives and decisioning alerts Decisioning process: procedures for managing false positives,
decisioning alerts, and blocking / rejecting transactions) Established metrics collection process identifying actual or
attempted transactions that impact business activities Procedures for responding to Requests for Information from
other financial institutions which received a transaction identified as having a potential Sanctions list match (e.g., immediately route to investigations for response)
Escalation process for decisioning and reporting of positive matches
EXPECTATIONS AND STANDARDIZATION (CONT.)
Compliance Area OFAC Components Description Data Currently
Screened
Automate Metrics
Monitoring (e.g.
Datazen)
Transaction Monitoring Screen outgoing wires
Screen outgoing wires Procedures for managing false positives and decisioning alerts Decisioning process: procedures for managing false positives,
decisioning alerts, and blocking / rejecting transactions) Established metrics collection process identifying actual or
attempted transactions that impact business activities Procedures for responding to Requests for Information from
other financial institutions which received a transaction involving a potential Sanctions list match (e.g., immediately route to investigations for response)
Escalation process for decisioning and reporting of positive matches
EXPECTATIONS AND STANDARDIZATION (CONT.)
Compliance Area OFAC Components Description Data Currently
Screened
Automate Metrics
Monitoring (e.g.
Datazen)
Transaction Monitoring
Screen checks (incoming / deposited checks and those issued via Accounts Payable for vendors) and monetary instrument sales
Screen all checks deposited / checks written to Vendors and monetary instrument sales
Procedures for managing false positives and decisioning alerts Decisioning process: procedures for managing false positives,
decisioning alerts and blocking / rejecting transactions) Established metrics collection process identifying actual or
attempted transactions that impact business activities Procedures for responding to Requests for Information from
other financial institutions which received a transaction involving a potential Sanctions list match (e.g., immediately route to investigations for response)
Escalation process for decisioning and reporting of positive matches
EXPECTATIONS AND STANDARDIZATION (CONT.)
Compliance Area OFAC Components Description Data Currently
Screened
Automate Metrics
Monitoring (e.g.
Datazen)
Transaction Monitoring
Screen ACH (Automated Clearing House) payment transactions - US domestic and International transactions
Screen all ACH payment transactions Procedures for managing false positives and decisioning
alerts Decisioning process: procedures for managing false positives,
decisioning alerts and blocking / rejecting transactions Established metrics collection process identifying actual or
attempted transactions that impact business activities Procedures for responding to Requests for Information from
other financial institutions which received a transactioninvolving a potential Sanctions list match (e.g., immediately route to investigations for response)
Investigate potential Sanctions List violations
Policy to address proper procedures to investigate / evaluate potential Sanctions list matches including case management, when a hit cannot be immediately decisioned
Desktop procedures for decisioning hits against a Sanctions List with guidance by data field
Clear escalation process for approval / consultation that transaction is a violation of Sanctions List
Procedures for moving funds out of queue and into holding account
Retain a clear audit trail of the investigation of potential target matches and the decisions / actions taken
EXPECTATIONS AND STANDARDIZATION (CONT.)
Compliance Area OFAC Components Description Data Currently
Screened
Automate Metrics
Monitoring (e.g.
Datazen)
Transaction Monitoring
Determine if Sanctions List hit is a permissible transaction
Policy and desktop procedures should address both general and specific OFAC licenses, as well as transactions for Non-governmental organizations (NGOs) for humanitarian purposes in sanctioned countries (Exceptions Lists)
Sanctions Officer is responsible for interpreting all OFAC licenses
If Specific OFAC license is on file, procedures should still require Sanctions Officer approval to release, block or reject transaction
If no license and not a permitted transaction, must determine to block or reject the transaction
If QC process identified released transaction, escalation and reporting through VSD and related protocols and accountabilities established
Process document to obtain licences
Establish OFAC Block procedures
Establish systems and controls for freezing / blocking accounts Process for obtaining a licence from OFAC and the
circumstance where this appropriate
EXPECTATIONS AND STANDARDIZATION (CONT.)
Compliance Area OFAC Components Description Data Currently
Screened
Automate Metrics
Monitoring (e.g.
Datazen)
Transaction Monitoring
Establish OFAC Block procedures
Procedures to open an OFAC block account to hold blocked funds (interest bearing-account)
Internal log / documentation requirements for tracking OFAC block transactions
Address release of blocked funds (e.g., receipt of general or specific license)
Define and update process for monitoring enforcements following review of alerts - alert management of internal affiliates
Procedures to disposition OFAC alerts and when escalation is required
Internal log for tracking OFAC alerts and decisioning Address decisioning of closed alerts not escalated
List Maintenance
Maintaining and Updating Lists-Sanctions Software List Management
Change protocols established for List Maintenance Established lists such as 'good guy‘ and 'bad guy' lists have an
approval process (and responsibilities identified) for adding and removing names to / from list?
Add account related information based on new information received during investigation of a potential true match to Sanctions List
Screening Maintain Sanctions screening software program
Utilize appropriate technology that will screen wires, payments, new and existing customers, new and existing employees, vendors and can be adaptable to Organization's needs based on its Sanctions Risk Assessment
EXPECTATIONS AND STANDARDIZATION (CONT.)
Compliance Area OFAC Components Description Data Currently
Screened
Automate Metrics
Monitoring (e.g.
Datazen)
TestingSanctions Testing program
Sanctions Testing program addressing end-to-end sanctions screening including assurance testing of screening lists, system feeds, thresholds, higher risk products including correspondent banking, trade finance and higher risk investment banking activities
Any breaches of policy needs to be reported to management Defined policies and processes that includes:
Modifying the audit program, plan and methodology that is comprehensive and includes all relevant components of the OFAC program including systems used to support compliance
Create new work papers that clearly document the testing performed, are consistent in methodology and presentation, address all audit plan items and describe the sampling methodology – explain sample size selected
Document the activities performed - formal interviews, walk-throughs, documents assessed and other factors
Previous audit or regulatory findings should be clearly incorporated into the audit program
Track Management to reported items
Policies should address time periods in which management must submit reports
EXPECTATIONS AND STANDARDIZATION (CONT.)
Compliance Area OFAC Components Description Data Currently
Screened
Automate Metrics
Monitoring (e.g.
Datazen)
OFAC Reporting
Report Blocked and Rejected Payments - OFAC / OFAC / EU / Other Applicable Agencies
Regulatory processes and report templates to use for communicating with OFAC, Federal Reserve Board, NY Department of Financial Services and other regulatory and/orgovernment agencies
Desktop procedures should include all steps that must be followed when rejecting or blocking payments, including documentation needed for case file
Policy and procedures for notifying appropriate management Annual OFAC report to be completed by Sanctions Officer
Report Blocked and Rejected Payments - Internally
Policy and procedures for notifying appropriate management Information sharing protocols on actual or attempted
transactions that have impact on business activities Monthly account reconciliation of blocked accounts
Metrics / Management
Reporting Report on number of Sanctions Lists hits
Statistics should include number of hits decisioned at each level, number of false positives, number of true matches, number of rejects, freezes, licenses and blocks statistics by line of business and related activity
Should also include hits related to customer, employee and vendor screening names, false positives and alerts decisioned
EXPECTATIONS AND STANDARDIZATION (CONT.)
Compliance Area OFAC Components Description Data Currently
Screened
Automate Metrics
Monitoring (e.g.
Datazen)
Metrics / Reporting
Report on frequency and accuracy of file updates to technology
Statistics should include number of names / entities to be added / dropped from list based on Sanctions List update from regulatory authority (e.g., OFAC, EU)
Number of names / entities successfully added / dropped Number of subsequent potential matches for further
investigation
Report on compliance of affiliates
Frequency of reports should be determined by Head of Sanctions or relevant committee
Determine which members of Senior Management and relevant committees to receive reports
Include in statistics the number of alerts arising from internal affiliates including information on resolution
Information Sharing -
Internally and Externally (law enforcement
and other agencies)
Sharing Information with affiliates
Modify protocols, including a point of contact for responding to and submitting Requests for Information
Establish protocols for sharing information among internally specifically when responses are delayed and/or not timely received
EXPECTATIONS AND STANDARDIZATION (CONT.)
Compliance Area OFAC Components Description Data Currently
Screened
Automate Metrics
Monitoring (e.g.
Datazen)
Record Retention
Document retention of data and information
Establish a policy for the retention and maintenance of data Periodic review of information
Documentation and records for transactions that were rejected, frozen or blocked due to Sanctions violations must be kept on file
Policy should specify which documents must be retained and the time period for which they must be retained (minimum 5 years)
Reporting Type Intended Recipients Metrics Included in Report Frequency
Senior Leadership Committee
BSA/AML & Sanctions
Committees
Customer Due Diligence files escalated for further action and review (with sanction concerns) Monthly
Number of Customer Accounts located in a jurisdiction that has “Conflict of Law” with U.S. Sanctions Monthly
Management Line of Business Management
Number of Customer Accounts located in a jurisdiction known to have material trade with sanctioned jurisdictions Quarterly
Number and Volume of Transactions where the institution sent or received funds to/from a jurisdiction known to have material trade with sanctioned jurisdictions
Monthly
OFAC Matches as a Result of Updates to OFAC Lists Daily/ Weekly
Blocked Transactions by number, volume and amount identified further by outgoing and incoming
Monthly / Annually Identify date and time of OFAC Updates and provide corresponding frequency of internal file updates
Control Persons Team Leads
Number of Screen checks (incoming / deposited checks and those issued via Accounts Payable for vendors) and monetary instrument sales
Weekly
Number of ACH (Automated Clearing House) payment transactions screened including US domestic and International transactions Weekly
Reporting Type Intended Recipients Metrics Included in Report Frequency
Senior Leadership Committees
BSA/AML & Sanctions
Committees
• Ratio of high risk customers to total customers.• Days needed to complete onboarding.• Days needed to complete enhanced due diligence reviews.• Days needed to complete customer refresh reviews.
Monthly
• Ratio of individual accounts to institutional accounts.• Ratio of foreign customers to domestic customers.• Ratio of regulated customers to non-regulated customers.
Quarterly
Management
2nd Line and Control Management
Reports
• Number of New Customer Accounts by risk rating and account type.
• Number of New Customer Relationships established.• Number of reviews resulting in rejections.• Number of reviews resulting in investigation referrals.
Daily/ Monthly/ Quarterly
• Number of existing clients with expiring and dateddocumentation and information.
• Number and details of records escalated to 1st Line.
Daily/ Monthly/ Quarterly
1st Line Management
• Number of reviews resulting in rejections.• Number of Customers by Risk Rating.• Number of New Accounts and Relationships established.
Monthly/ Quarterly/ Annually
Control PersonsTeam Leads
• Reviews assigned, in-progress and completed/rejected by FTEs.
• Identifying aging reviews 30, 60, and 90 days.• Average number of quality control issues identified by line of
Reporting Type Intended Recipients Metrics Included in Report Frequency
Senior Leadership Committee
BSA/AML & Sanctions Committees
Transaction Count and Volume Monthly
Percentage of investigations and SARs assessed through the examination process, internal testing, and/or quality assurance process resulting in observations
Monthly/ Quarterly/ Annually
Management Line of Business Management
Aging of Open Alerts / Cases (with breakdowns, as appropriate, by scenario or collection of scenarios, business unit, investigator) Quarterly
Case Inventory by Analyst Monthly
Number of Investigations Processed per line of business within the periodMonthly / Annually
Alerts, rules and escalated activity that lead to investigations and no SAR filings
Alert-to-SAR Ratio (with breakdowns, as appropriate, by scenario or collection of scenarios, business unit, investigator)
Monthly / AnnuallyAlert-to-Case Ratio (with breakdowns, as appropriate, by scenario or collection of scenarios, business unit, investigator)
Control Persons Team Leads
Number of cases opened along with aging criteria Weekly
Percentage of cases assessed through an internal or external testing process resulting in observations Quarterly/ Annually
Volume of Alerts / Cases Generated (with breakdowns, as appropriate, by scenario or collection of scenarios, business unit, investigator) Monthly
Illustrative BSA Recordkeeping and Reporting Measurements
Reporting Type Intended Recipients Metrics Included in Report Frequency
Senior Leadership Committee
BSA/AML & Sanctions Committees Number of CTRs and CMIRs filed
Monthly/ Quarterly/ Annually
Number of Monetary Instruments Sold
Transactions performed under BSA Reporting Requirements (i.e., Breaking up a transaction into amounts less than the reporting/recordkeeping thresholds
Management Line of Business Management
Results of Quality Control reviews performed on BSA record retention (i.e., Retention of copies of SARs and supporting documentation for five years from the date of filing)
Monthly/ Quarterly/ Annually
Number of Nostro Accounts Opened
Monthly / Annually
Total number of non-customer transactions
Number and percentage of late form filing for (FBAR, CTR, CMIR, SARs)
Cash Transfer logs, large item reports, significant balance change reports
*Inclusive of Protiviti’s Member Firm network, revenue for the year ending 2015 was $797M
Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 60 percent of Fortune 1000® and 35 percent of Fortune Global 500® companies. Protiviti and our independently owned Member Firms serve clients through a network of more than 70 locations in over 20 countries. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies.
Ranked 57 on the 2016 Fortune 100 Best Companies to Work For® list, Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.
Protiviti’s AML Leadership Team includes former financial institution regulators, former financial institution compliance officers, fraud and forensic specialists, and AML technology system experts. We draw on our previous industry experience to help compliance officers, board members, and all three lines of defense to respond to situations of noncompliance, to improve processes and controls, and to provide ad-hoc support. At Protiviti, we understand the AML challenges faced by financial services organizations. Our solutions are designed to help your company exceed regulator’s expectations. We enable clients to take a disciplined approach to managing AML/Sanctions risk and provide sustainable solutions.
We provide expertise in the following areas: Design and Implementation of AML Risk Assessments; Program Development, Implementation and Assess; System Vendor Selection and Utilization; Program Remediation; Money Laundering Investigations; Independent Testing of AML Programs; and Training.
• We have deep knowledge of the Financial Services Industry and a proven track record of successful project delivery
• Many of our team members hold professional industry related certifications (e.g., CAMS, CFE, PMP, CRCM) and advanced experience in BSA/AML, Sanctions, Threat Finance & related topics
KNOWLEDGE
• Our team consists of industry leaders in their field of expertise across jurisdictions
• The size and skillset of our dedicated risk and compliance professionals allows our clients the flexibility to expand and reduce project teams as needed
• Additionally, with RHI as our parent company, we have the scalability to access qualified resources for large scale projects
RESOURCE
• We have extensive expertise and direct relevant experience in BSA/AML, sanctions, technology, and models
• We combine our former industry experience with our consulting acumen to develop customized client resolutions
• Our experiences span several areas of assessments and enhancements to all aspects of the BSA/AML and Sanction Program Requirements and Practices
EXPERIENCE
• Our BSA/AML and Sanctions practice is comprised of four primary disciplines: BSA/AML, Domestic and International Sanctions, Technology, and Model Risk
• We provide a wide variety of consultative services designed to assist organizations in all aspects of BSA/AML and Sanctions Compliance
• Setting the “Tone-at-the-Top”• Organizational Capability Assessments • BSA/AML and OFAC Officer designation • Board Oversight/Reporting• Risk Strategy/Appetite definition• Compliance Program Design/Integration• Policy and Procedure Governance• Process Mapping and Business Transformation
Services
• Annual BSA/AML and OFAC Training Plan• BSA/AML and OFAC Training Program• New Hire Training• Existing Employee Annual/ Periodic Training• Senior Management Training/Awareness• Role-Specific Training
• Model Tuning and Threshold Setting• Independent Model Validation• Data Validation and Analytics• Scenario and Alert Optimization• Transaction Monitoring Model development,
PROTIVITI RANKS HIGH IN CLIENT SATISFACTIONOUR CLIENT VALUE MANAGEMENT PROCESS
79
Protiviti has a systematic, global process for measuring, monitoring and improving our clients’ satisfaction. We invest time in understanding and improving our level of service and ensuring we are delivering upon our promise of “Powerful Insights, Proven Delivery.”
100% of our clients said they would “Retain Protiviti for Future
Projects”
WHAT WE’VE HEARD FROM OUR CLIENTS:Protiviti was able to supply valuable resources to assist our team when we needed them most so the impact on our operations was significant.------------------------------------------------------------------------------------------------------------We cannot say enough good things about your work and the impact on our business. In terms of measurable results, shrink was an industry best practice level when we started and it has declined to an even lower level since you began.------------------------------------------------------------------------------------------------------------We appreciate: Quality of people and work. Service mind set. Flexibility in your approach and work schedule. Work with a sense of urgency. Also Protiviti’s depth of knowledge with control environment; appropriate perspective on control, how you see the big picture.