how to structure and manage an effective compliance...

Building Capacity & Competency

ACAMS 2018 ©

How to Structure and

Manage an Effective

Compliance Function

13 November 2018

Cinnamon Grand Colombo - Oak Room

Speaker

Dr. William Scott Grob, CAMS, AML Director, ACAMS ASP


ACAMS 2018 ©2

Agenda

Driving for Effectiveness

Basic Elements

Testing & Assurance

Training & Development

Observations

The Last Word


ACAMS 2018 ©3

FATF/APG has put an emphasis on effectiveness in addition to technical

compliance

Effectiveness Finding

Technical Compliance Findings in relation to the Recommendations

Source: Sri Lanka FUR 2018, p.3-4


ACAMS 2018 ©

FCA fines and imposes a restriction on Canara

Bank for anti-money laundering systems failings

https://www.fca.org.uk/news/press-releases/fca-fines-and-imposes-restriction-canara-bank-anti-

money-laundering-systems-failings

Financial services firms are required to maintain robust anti-money laundering

(AML) systems and controls since they are at risk from those seeking to

launder the proceeds of crime or to finance terrorism.

Between 26 November 2012 and 29 January 2016, Canara failed to maintain

adequate AML systems and was unable to take sufficient steps to remedy

identified weaknesses, despite having been notified of shortcomings in its

AML systems and controls.

Specifically, the FCA found that Canara failed to maintain adequate systems

and controls to manage the risk of money laundering. These failures were

systemic and affected almost all levels of its business and governance

structure including (1) Senior Management; (2) Governance / Oversight; (3)

three Lines of Defense; (4) Money laundering reporting function; and (5)

AML systems and controls.

Example

20Source:

https://www.fca.org.uk/news/press-releases/fca-fines-and-imposes-restriction-canara-bank-anti-money-laundering-systems-failings


ACAMS 2018 ©5

How do you make a Compliance Function more effective?


ACAMS 2018 ©

The Basic Elements of aCompliance Program

Internal Policies, Procedures & Controls

Chief Compliance Officer & Function

Training, Competency, &

Building Oversight

Testing, Assurance, & Auditing

Governance and Oversight

Transaction & Sanction Monitoring

KYC, CDD and EDD activities

5


ACAMS 2018 ©

Regulatory Controls and Policies

Monitoring & Investigations

Training & Competency Building

Assurance & Testing

Chief Compliance Officer

Transaction &

Sanction Monitoring

KYC, CDD and EDD

activities

Testing 1st and 2nd

Line Effectiveness

Licensing and building

competency in roles

Collaborating with the Business and

regulator(s) to drive efficient and

effective application of policy

Detecting and reporting activities to

management and regulator(s) in a timely

and competent manner

Sampling activity to ensure it conforms to policy and reporting to Management and

business of incomplete application.

Building capacity and competency

across all three lines of business

6


ACAMS 2018 ©

Risk Assessment

Risk Identification

Risk Analysis

Risk Management

Risk Monitoring

Risk

Assessment

Methodology

Likelihood

Impact

Risk Outcome

Policies

Procedures

Systems

Controls

Deficiencies & Gaps

MSIIs

Action Plan

Assurance & Audit

Lines of Business

Geography

Customers

Products, Services,

Transactions

Overview of the Process

8


ACAMS 2018 ©

Testing & Assurance

8


ACAMS 2018 ©

Assurance Function

9

Risk Based ModelAssurance Reviews examine -

Countries

Entities

Businesses

1st and 2nd Line Process (such

as KYC files, CDD process,

Transactional and Sanction

alerts, STR filings)

Progress updates

Sample Testing

Scope

Analysis Report

Management &

Business

Feedback


ACAMS 2018 ©

Tone from the Top

10

Board & Audit Committee

(& EXCO)

Senior & Middle Management

(EWRA Operations Committee)

Operational Staff

How effective is the AML programme

Identify gaps

Push 1st Line adoption

Monitoring 2nd Line efficiency

Using 3rd Line to identify issues

1st Line 2nd Line 3rd Line

Strategic vs tactical efforts

Align priorities

Determine resourcing

Typologies

Transactional & Customer Data

Tools, processes, and policies

COO CCO


ACAMS 2018 ©

An engaged Board of Directors and Audit Committee

An Approach that cover all Three Lines of Defence

A robust Enterprise-wide Risk Assessment

Supervision that incorporates Testing & Assurance

A comprehensive Mitigation Plan that addressing ML and CT

risks

Fit and Competent person in the compliance function

An integrated approach linking People & Systems

Maker – Checker rules

Training and Guidance aimed a capacity and competency

building

KYC, CDD, Transactional Monitoring that adopt a risk-based

approach

Attributes of an effective Compliance Function?

11


ACAMS 2018 ©

Success Story

20122017

HSBC enters Deferred

Prosecution Agreement

12

Launch Global

Standards

Realignment of FCC

function, businesses &

functions

Remediation

The journey …


ACAMS 2018 ©


13


ACAMS 2018 ©

Competency Testing

Hong Kong – Enhanced Competency Framework serves to:

“to develop a sustainable talent pool of AML/CFT practitioners for meeting

the workforce demand in this sector; and

to raise and maintain the professional competence of AML/CFT

practitioners in the banking industry.”

Core Professional

Source: https://www.hkib.org/en/training-examinations/ecf/aml-cft

50-60 Multiple-choice Type Questions

(MCQ) + Essay Questions80 Multiple-choice Type Questions

Understand and apply risk

assessment methodology

Conduct customer due diligence /

know-your-customer processes

Implement remediation of

compliance deficiencies

Collect and document for

SAR/STR filings

Develop, review and update AML/CFT

policies, framework and governance with

a risk-based approach,

Propose improvements to the

governance and oversight arrangements

Address deficiencies

Perform in-depth due diligence

investigation

Reassess the risk rating of clients

Knowledge of industry benchmark and

best practices

14

https://www.hkib.org/en/training-examinations/ecf/aml-cft


ACAMS 2018 ©

Expectations

an accurate understanding of the laws and regulations that apply

to the financial institution and its activities (possibly across multiple

jurisdictions);

develop a deep understanding of the financial institution, its

business activity, and operations;

understand the markets and businesses, including emergent areas

of growth, which a financial institution operates within and may

touch upon;

develop a comprehensive understanding of the financial

institution's customers, products and services, and vulnerabilities;

and

identify areas where conflicts of interest arise or know how to

resolve these issues; and

understand the compliance systems and technology platforms and

policies and procedures act as the mitigation of inherent risks.

Compliance Officers are expected to have:

15


ACAMS 2018 ©

InternationalDomestic

Professional

Regulatory


Professional

Development

Banking Act

Virtual Currency &

Blockchain

AML for Fintechs

Trade-Based Money

Laundering

KYC/CDD

Transactional

Monitoring

Counter-Terrorist

Financing (CTF) GDPR and 4 AMLD

FATCA

Sanctions Compliance

Cyber enabled crime

Corporate

Governance

16


ACAMS 2018 ©

Compliance is an evolving, adaptive field. Compliance officers are

expected to navigate internal and external challenges to make

organizations effective.

The success of a firm’s control environment is heavily dependent on the

knowledge and skill of the compliance professional.

Current and Future Needs

Providing leadership within an organisation;

Understanding the regulations as well as the regulatory and reputational

risks;

Contributing to a culture of compliance within the organisation.

Ensuring that knowledge of the ML/TF risks reasonably faced is

appropriately maintained;

Ensuring they remain abreast of changes in law, regulation and internal

practices;

Ensuring that compliance has an effective program; and

Supporting Governance and Assurance.

Skilled compliance professionals are vital to:

17


ACAMS 2018 ©

Driving Effectiveness

Onboarding

Delays

Transactional

Backlogs

Poor Policies A lack of understanding

how to operationalize the

policies

Problems OutcomesResults

Inadequate KYC

Files

Poor STR/SAR filings

Ineffective

procedures

Inability to get First Line to

update files in a timely

manner

Unable to

thoroughly

understand a

customers

behaviour

Long delays in onboarding

lower risk customers

Customer

complaints

FIU

complaints

Poor

responsiveness

Impotent analysis

Poorly written filings

22


ACAMS 2018 ©

The Skillset of an Effective AML Professional

• A critical and thoughtful thinker;

• A collaborative but independent decision-maker,

• One that balances the business and compliance

priorities; and

• Provides leadership inside and outside an

organisation.

Includes:

It is about a professional that is creative, adaptive, yet

rigorous. A mind-set that continuously learns, works in cross

functional teams and builds strategic partnerships

23


ACAMS 2018 ©

Leadership Should Be Engaged with you

Compliance Should Not Be Compromised By Revenue

Interests, so how will you defend your stance

Challenge Points Should be Shared

Throughout the Organization

Leadership Should Provide Adequate Human and

Technological Resources

The Program Should Be Effective and Tested By an

Independent and Competent Party

The Last Word

24

how to structure and manage an effective compliance...

Documents