validating and quantifying the qualitative elements...
TRANSCRIPT
P a g e | 1
Validating and Quantifying the Qualitative Elements of
Customer AML Risk in the Insurance Space
Louis A. Parris, CAMS, Dip(Compliance) FICA; Certified Professional
P a g e | 2
Validating and Quantifying the Qualitative Elements of
Customer AML Risk in the Insurance Space
1. Executive Summary
Regulation in the insurance space has tended to lag behind the more aggressive regulation of banking and
other financial institutions. As a result, risk modeling for the insurance industry has not been as
comprehensively developed. Examination of existing rating models indicates that there are generic
models, which insurance companies adapt to their own use. Moreover, the qualitative aspects have
largely been used in preference to a more demanding application of the quantitative method. Even where
regulators suggest models, these have tended to be driven primarily by qualitative inputs.
Purely qualitative assessments are inherently subjective and therefore prone to inconsistency, inaccuracy
and lack of transparency. Qualitative ratings tend to rely heavily on individual perceptions of risk. These
perceptions may vary from one person to another and are frequently anchored in asymmetric data.
The demands for better risk assessment by regulators will inevitably increase. Though there have not been
many large enforcement actions, the suspicious activity reports (SARs) statistics evidence an increasing
trend in suspicious activity and it is only a matter of time before more rigorous examination of entities
will be undertaken with consequential penalties for poor risk assessment of customers. Meanwhile,
enforcement actions and consent orders in the financial industry indicate that risk assessment is a great
concern to regulators and failures are likely to attract substantial fines, remedial action and possible
reputational damage. Therefore, insurance companies would be wise to embrace the best risk models
that may be available.
It is generally accepted that in risk assessment, quantitative methods have significant advantages over
qualitative methods.1 However, qualitative assessments in the insurance space carry immense benefits,
particularly in providing descriptive scenarios which constitute the necessary basis for building effective
control and mitigating protocols. On the other hand, quantitative assessment adds benefits of objectivity,
consistency and the facility of significant data manipulation.
In conclusion, the model being presented is a hybrid model that begins with the location of inherent
vulnerabilities and threats through qualitative assessments and then assigns quantitative weightings and
values to the qualitative levels. It leverages the advantages of both models and gives institutions a method
of consistently applying quantified scores to qualitative risk levels.
1 See Appendix 1
P a g e | 3
This hybrid model results in validating and quantifying the qualitative elements of customer AML in the
insurance space.
2. The Issue this Paper is Intended to Resolve
Risk assessment attempts to exercise some degree of control over the future of institutional risk by
discovering inherent vulnerabilities and threats, the likelihood of occurrence and the anticipated impact.
This diagnosis equips them with the capacity to deploy appropriate control and mitigation tools and
practices.
This paper is primarily concerned with the application of a quantitative discipline to a qualitative customer
risk rating for covered products in the insurance industry. A simple qualitative assessment has limitations
when risk rating an insurance customer because of the multi-faceted nature of what constitutes customer
risk. The primary dimensions of customer risk (and those that are addressed in this paper) are:
o Customer
o Product
o Geographic
o Account activity
Qualitative ratings are subjective in nature; ratings are descriptive such as high, medium, low. This
presents severe limitations and problems when attempting to aggregate the individual risk ratings, which
may be attributed to individual elements mentioned above. How do we satisfactorily aggregate separate
high, medium and low ratings in a single customer assessment? In addition, a rating such as “medium”
does not facilitate varying levels of risk within that level; this degree of granularity could be helpful in
assigning for instance, information technology (IT) resources.
This section will address the primary attributes of both qualitative and quantitative methods, the
limitations of reliance on a purely qualitative approach and how quantifying risk can improve the quality
of risk assessment.
Comparison of Qualitative Risk Rating and Quantitative Risk Rating
Qualitative Risk Rating
o Identifies the risk, describes the contours of the risk, indicates the likelihood of occurrence and
estimates the impact
o Permits a focus on specific vulnerabilities
o The culmination of consideration of all factors results in a subjective rating
o Subjective ratings are prioritized using levels such high, medium and low and are associated with
the severity of impact
o Descriptions of risk facilitate a comprehensive understanding of the risk and inform the design of
control and mitigation measures
o Where there are no numbers, cost benefit analysis is difficult
o Good at visualizing perceptions of loss, but poor at quantifying potential loss
o Does not permit same levels of granularity as quantitative methods
P a g e | 4
o Resulting ratings are general and simplistic in nature
Quantitative Risk Rating
o Involves the allocation of numbered ratings to identified risks
o Risks with the same qualitative assessment assigned the same quantitative rating thus lending
objectivity and consistency
o Facilitates the allocation of weightings so that appropriate risk may be allocated to the factors
which make up the composite risk
o Provides ratings that can be widely accepted in terms of what they mean in relation to the severity
of a risk; there is more precision within a scale of numbers
o Enhances the credibility of analysis
Summary
It is evident that both qualitative and quantitative methods have significant intrinsic value. However, as
stand-alone models they have significant limitations. These limitations become more acute as businesses
demand more data-driven models.
Qualitative assessment is an essential first step in identifying, describing and ascribing subjective ratings.
It also provides the essential scope for the control and mitigation of risks.
Quantitative assessment should not be considered a stand-alone model, but as an essential adjunct to
qualitative assessment, which enhances the utility of both methods when used in conjunction.
In conclusion, the model being presented is a hybrid model which begins with location of inherent
vulnerabilities and threats through qualitative assessments and then assigns quantitative weightings and
values to the qualitative levels. This hybrid model results in validating and quantifying the qualitative
elements of customer AML in the insurance space presents a number of benefits:
3. Regulatory Agencies around the World Require Insurance Companies to
Establish Rating Policies and Procedures Including the Risk Rating of
Customers
The insurance industry has generally been regarded as ranking lower in facilitating the risks of money
laundering and terrorist financing than other industries, such as banking and gambling.2 Nevertheless, it
is accepted that there is a high enough level of inherent risk in some insurance products to warrant the
implementation of universally accepted control measures.
In 2002, the industry and regulators had an alarming awakening with the revelations out of Operation
Capstone.3 Federal agents were able to crack a scheme by Colombian drug dealers involving the use of
2 International Association of Insurance Supervisors | Guidance Paper on Anti-Money Laundering and Combatting the Financing of Terrorism
| October 2004 | Page 1 – Introduction- section 2 https://www.iaisweb.org/page/supervisory-material/guidance-papers//file/34267/5-guidance-paper-on-anti-money-laundering-and- combating-the-financing-of-terrorism-october-2004-updated-title
3 Money Laundering Scheme Squashed, Washington Times |December 8, 2002
http://www.washingtontimes.com/news/2002/dec/8/20021208-104640-1081r/
P a g e | 5
insurance policies to launder some $80 million in drug profits. The operation netted some $30 million in
cash, life insurance policies and bonds. Panamanian authorities who also participated in the operation froze
another $1.2 million. Some of the key money laundering techniques uncovered included:
o Purchase of large cash value life insurance policies
o Beneficiaries were their associates around the globe
o The policies allowed funding beyond the initial face value and permitted early withdrawals
o Use of intermediary brokers in the U.S., Isle of Man and other locations
o The premium payments were made by third parties around the globe
o The cartels on a frequent basis liquidated the policies after being in force for a short time
regardless of the extent of penalties for early withdrawal
o Beneficiaries received checks and wire transfers from the insurance companies which were
then “clean funds”
o More than 250 insurance policies were involved in the scam
The tactics used by the drug cartels in the Operation Capstone scam have come to be recognized as
classic elements in the arsenal of money launderers. Though insurance companies were in the
regulatory scope before this, Operation Capstone was the first discovered large-scale money
laundering scheme involving the insurance industry and no doubt played a major role in influencing
the universal comprehensive regulatory rules for the industry.
Risk Guidance from Standard Bodies, Regulators and Insurance Industry MAember
association
The examination of regulatory agencies in key financial centers across the world indicate a universally
consistent approach to the requirement for risk rating customers and the key elements of the
attendant methodology. Regulatory bodies and representative industry associations have for the
most part followed the lead of the Financial Action Task Force (FATF) as the premier standard setting
body. In September 2008, FATF convened a meeting attended by organizations representing life
insurance companies and intermediaries. Following this consultation FATF was able to issue RBA
Guidance for life insurance companies and intermediaries at its October 2009 Plenary. The guidance
recommendations require insurance companies to adopt a risk-based approach to combating money
laundering and terrorist financing. This approach allows insurance companies and intermediaries to
adopt policies thatare commensurate with the unique and inherent risks relating to their customers.
Life insurance companies are required to identify higher risk customers, products, services, including
delivery channels and geographical locations.4
4 Risk Based Approach – Guidance for the Life Insurance Sector-FATF | October2009
http://www.fatfgafi.org/media/fatf/documents/reports/RBA%20Guidance%20for%20Life%20Insurance%20Sector.pdf
P a g e | 6
The FATF model forms the basis on which the model offered in this paper is built. The following is a
sampling of guidance from national regulators who demonstrate the consistency of approach based
on the FATF model.
U.S. Department of the Treasury Financial Crimes Enforcement Network (FinCEN)
The Financial Crimes Enforcement Network’s (FinCEN) document Anti-Money Laundering Program
and Suspicious Activity Reporting Requirements for Insurance Companies - Frequently Asked
Questions,5 addresses the issue of risk rating for customers as follows:
“Policies, procedures, and internal controls must be developed, based on the insurance company’s
assessment of the money laundering risk associated with its business, that are reasonably designed
to enable the insurance company to comply with the applicable requirements of the Bank Secrecy
Act and to prevent the insurance company from being used by money launderers,”
Australian Government | Australian Transaction Reports and Analysis Centre (AUSTRAC)
AUSTRAC requirements are set out in Part B of an AML/CTF program (customer due diligence procedures) document and is quoted:6 “A reporting entity is required to have risk-based CDD procedures. To develop these procedures, reporting entities should consider the risk posed by each of the following factors.” It goes on to list the risk elements based on the FATF model.
Financial Transactions and Reports Analysis Centre of Canada (FINTRAC)
Guideline 4: Implementation of a Compliance Regime7 states: “Your compliance regime has to include an assessment and documentation of risks related to money laundering and terrorist financing in a manner that is appropriate to you. This is in addition to your client identification, record keeping and reporting requirements. A risk-based approach is a process that allows you to identify potential high risks of money laundering and terrorist financing and develop strategies to mitigate them.”
International Association of Insurance Supervisors (IAIS)
The International Association of Insurance Supervisors (IAIS) is a voluntary membership organization of insurance supervisors and regulators from more than 200 jurisdictions in nearly 140 countries. Its
Application Paper on Combating Money Laundering and Terrorist Financing – October 2013,8 states:
18. “The FATF Recommendations require the adoption of a risk-based approach to combating ML/FT. By adopting a risk-based approach, supervisors, insurers and intermediaries4 are able to
5 Department of the Treasury Financial Crimes Enforcement Network | 31 October 2005 |page 5
http://www.naic.org/documents/committees_d_antifraud_meetingcc_faqsinsurance_103105.pdf (Page 5)
6AUSTRAC - Part B of an AML/CTF program (customer due diligence procedures) http://www.austrac.gov.au/part-b-amlctf-program-customer-due-diligence-procedures
7 Guideline 4: Implementation of a Compliance Regime | July 2006 http://www.fintrac.gc.ca/publications/guide/guide4/4-eng.asp#s222
8 Application Paper on Combating Money Laundering and Terrorist Financing | October 2013 http://www.iaisweb.org/page/supervisory-material/application-papers
P a g e | 7
ensure that measures to prevent or mitigate ML/FT are commensurate with the risks identified. This will allow resources to be allocated in the most efficient ways.”
25. “Assessing inherent ML/FT risks in business activities involves a process of analysis of ML/FT risks in relation to customers, business relationships, countries or geographic areas, products, services, transactions and distribution channels, and whether or not the activities in which the risks arise are considered material in value.”
4. The Requirement to Ensure Independent Audit of Risk Rating Controls
Standard setting bodies and regulators have sought to ensure that there is sustained integrity in the control systems relating to risk rating of customers. Regulators have followed the lead of FATF, which has enshrined the requirement for an audit function and activity in the 40 recommendations. Recommendation 15 advises:
“Financial institutions should develop programmes against money laundering and terrorist financing. These programmes should include:
o The development of internal policies, procedures and controls, including appropriate compliance management arrangements, and adequate screening procedures to ensure high standards when hiring employees;
o An ongoing employee training programme; o An audit function to test the system (emphasis mine).” 9
Though insurance companies are not specifically mentioned, regulators have generally brought insurance companies under these regulations indicated below.
FinCEN - Anti-Money Laundering Program and Suspicious Activity Reporting Requirements for
Insurance Companies Frequently Asked Questions10
The response to question 1 states in part:
“Recognizing the need for a more comprehensive anti-money laundering regime, Congress passed
and the President signed into law the USA PATRIOT Act, which, among other things, requires that all
entities defined as financial institutions for Bank Secrecy Act purposes establish anti-money
laundering programs. An insurance company is defined as a “financial institution under the Bank
Secrecy. The USA PATRIOT Act further directs the Secretary of the Treasury to prescribe through
regulation minimum standards for such programs.”
9 FATF 40 Recommendations | October 2003 http://www.fatf-gafi.org/media/fatf/documents/FATF%20Standards%20-%2040%20Recommendations%20rc.pdf
10 FINCEN - Anti-Money Laundering Program and Suspicious Activity Reporting Requirements For Insurance Companies Frequently Asked Questions | 31 October 2005 http://www.naic.org/documents/committees_d_antifraud_meetingcc_faqsinsurance_103105.pdf
P a g e | 8
On page 5, section 5 it says in part:
“Using customer and other information obtained through agents, brokers or otherwise, an insurance
company can assess the money laundering risks presented by its business based on such factors as
the particular types and locations of customers served, distribution channels, and products offered.”
Onpage 5, section 4 it states:
“Some person or group of people who are not working specifically for the compliance officer on the
compliance program should be selected to determine whether the program complies with the
requirements of the rule and that the program functions as designed.”
International Association of Insurance Supervisors (IAIS) Guidance Paper on Anti-money
Laundering and Combating the Financing of Terrorism -October 200411
This guidance paper states:
91. “The development of policies, procedures and controls enables the insurer to comply with
legislation and to determine the desired standard of (Customer Due Diligence) CDD for its own
organisation. In order to be able to verify whether the insurer works in compliance with its internal
policies, procedures and controls, an audit function should be in place. It is of importance that the
audit function is independent and, if applicable, that the auditor has direct access and reports directly
to management and the board of directors.”
In summary, the implementation of a risk rating regime for customers must have a complementary
audit function to ensure the model is validated, that it is effectively implemented and truly delivers a
dependable measurement of inherent risk and threats.
5. Regulatory Consequences of Failure to Adequately Assess Customer Risk
Regulatory sanctions has not been a major challenge for the insurance industry up to this point.
However, this may be a consequence of the macro risk-based approach regulators have taken to curb
money laundering. Greater risks are more likely to take place in banking and other financial
institutions and it is this area that regulators have concentrated their efforts. History has shown that
money launderers tend to migrate to areas that are not heavily “policed”12 and we will no doubt see
an increase over time in the scrutiny of insurance companies and consequential regulatory sanctions.
The possibility that insurance companies and products may increasingly be used for money
laundering is indicated by the SAR statistics shown in section 6 below, which indicate a rising trend in
the reporting of suspicious activities.
11 International Association of Insurance Supervisors (IAIS) Guidance Paper on Anti-money Laundering and Combating the Financing of
Terrorism | October 2004
http://www.iaisweb.org/page/supervisory-material/guidance-papers//file/34267/5-guidance-paper-on-anti-money-laundering-and-combating-
the-financing-of-terrorism-october-2004-updated-title 12
OECD Observer Article : Money laundering: staying ahead of the latest trends | author - Patrick Moulette | April 2000 |section on
“increasingly sophisticated methods” http://oecdobserver.org/news/archivestory.php/aid/244/Money_laundering:_staying_ahead_of_the_latest_trends.html
P a g e | 9
The action taken by U.K.’s Financial Services Commission against Aon plc. is a major modern case,
which illustrates that the insurance industry is not immune to large-scale money laundering. Aon plc.
is a U.K.-based leading global provider of risk management, insurance brokerage, reinsurance
brokerage, human resources solutions and outsourcing services. In 2009, U.K.’s Financial Services
Authority issued a Final Notice in respect of Aon.13 FSC imposed a fine of 5.25 million pounds for
violation of FSA principle 3. Principal 3 states “a firm must take reasonable care to organise its affairs
reasonably and effectively with adequate risk management systems. Aon failed to properly assess the
risks involved in dealings with overseas third parties and failed to implement effective controls to
mitigate those risks.”
I. Indicative regulatory sanctions in the USA
In the U.S. enforcement action against financial institutions, in general, provide a guide as to how
regulators regard failures in the effective implementation of risk assessment protocols and the fines
that may attach to such failures. The core issues arising out of regulatory examinations relate to
failures to implement effective risk-based analysis, policies and controls. They point to the lack of
competent management of the individual elements of AML risk management (i.e. products,
geography etc.) as well the management of consolidated enterprise-wide risk including cross-border
risk factors. These enforcement actions are not purely about risk analysis but the tangential failures
have their genesis in inadequate risk analysis and control protocols. The following are a selection of
cases, which illustrate the concerns and actions of U.S. regulators.
The FinCEN Assessment of Civil Money Penalty against Wachovia Bank,14 National Association Charlotte,North Carolina imposed a fine of $110 million and specifically addresses product/business lines and geographical reach. The Determinations section states:
Page 2 -”Wachovia failed to implement a program commensurate with the risks inherent within its business lines and geographical reach. As a result, Wachovia failed to timely file thousands of suspicious activity and currency transaction reports, thus greatly diminishing the value of the reports to both law enforcement and regulatory agencies.”
Page 4 – “Wachovia also failed to implement an adequate risk-rating methodology that evaluated correspondent customers”
It often seems that compliance professionals find it easier to manage risk by focusing on individual silos (e.g., product, delivery channels, geography, etc.), in the process ignoring or being unaware of the dangers that spring from not having a robust enterprise-wide and cross-border protocol. This
issue was highlighted in the FinCEN Assessment of Civil Money Penalty against Pacific National Bank1,5 Miami, Florida. FinCEN imposed a fine of $7 million. At the Determinations section, it states:
13 Financial Services Authority Final Notice | 6 January 2009 https://www.fca.org.uk/publication/final-notices/aon.pdf
14 FINCEN Assessment of Civil Money Penalty | Wachovia Bank, National Association, Charlotte, North Carolina |Number 2010 | 12 March 2010 https://www.fincen.gov/sites/default/files/shared/100316095447.pdf
15FINCEN Assessment of Civil Money Penalty | Pacific National Bank15, Miami, Florida| Number 2011-5 | 23 March 2011 https://www.fincen.gov/sites/default/files/shared/PacificNationalBankASSESSMENT.pdf
P a g e | 10
Page 3 – “Pacific did not adequately conduct periodic enterprise wide assessments of the entire Bank’s exposure to money laundering or other illicit activity (emphasis mine). During the relevant period of time, bank products, customers and services included deposit services, lending, pouch activity, wire transfers, non-resident aliens, bearer share corporations and correspondent banking. Pacific’s consistent failure to satisfactorily identify potential money laundering vulnerabilities negatively affected collection of sufficient customer documentation, on a risk graded basis, necessary to adequately assess risk and the potential for money laundering, based on each customer’s business, products, services, location. Sources of funds, and normal range of activities.”
In addition to the imposition of fines, enforcement actions have also been prescriptive and have left
no doubt as to how policies should be constructed and implemented; settlement agreements have
included undertakings by financial institutions to follow pretty specific guidance on key elements of
risk protocols to be implemented. The Cease and Desist Order against Citibank N.A.,16 Sioux Falls,
South Dakota, at Article V of the order, stipulated an “evaluation of the banks current methodology
for quantifying the level of BSA/AML risk associated with specific customers. This evaluation shall
result in the development of a comprehensive approach to quantifying BSA/AML risk for new and
existing customers. The quantification of risk shall encompass a customer’s entire relationship with
the Bank, including the purpose of the account, actual or anticipated activity in the account e.g. type
and volume (number and dollar) of transaction activity engaged in), nature of the customer’s business
or occupation, customer location (e.g. customer’s geographic location and where they transact
business), types of products used by the customer, material changes in the customer’s relationship
with the Bank, as well as other factors discussed within the FFIEC BSA/AML Examination Manual.”
This is one of the most comprehensive prescriptions on customer risk assessment to be found in
regulatory sanctions and can form the basis of a rigorous risk evaluation model for insurance
companies.
The evidence so far is that institutions who fail to have adequate risk management policies and
controls will suffer exemplary fines and will need to undertake significant remedial work. As the rules
for insurance companies, including specific audit guidelines, become more refined, the insurance
industry can expect more examinations and a rise in the incidence of regulatory sanctions.
6. SAR Statistics in the U.S. Indicate an Increasing Propensity for Insurance
Products to be used for Money Laundering
The fact that there have not been many enforcement actions against insurers does not mean that the
insurance industry is not being used for money laundering. The paucity of enforcement actions is
more likely to be a consequence of the macro risk-based approach to risk monitoring and the fact
that insurance was brought under regulatory oversight later than other financial institutions and
industry specific examination protocols are still being developed.
16 Consent Order | Citibank N.A., Sioux Falls, South Dakota | AA-EC-12-18 | 5 April 2012
https://www.occ.gov/news-issuances/news-releases/2012/nr-occ-2012-57a.pdf
P a g e | 11
Though evidenced on a low scale, SAR statistics in the U.S. do indicate that insurers have reasonable
suspicion that insurance companies are at risk for money laundering activities by their customers.
Statistics in the following table reinforce what we know about the inherent risk in the highest risk
insurance products, life annuities. Statistics show the highest amount of SARs are filed for this
product. It also appears that money launderers have attempted to use this method more each year
as the numbers indicate a 47 percent in the number of SARs filed in the period 2013-2015.
Insurance SARS by Product Category
Products 2015 2014 2013
Annuities 1391 1125 945
Reference: https://www.fincen.gov/reports/sar-stats
The following table is a good illustration of how insurance products may be used to launder money
after the insurance policy has been established. It appears that attempts to structure the deposit of
illicit funds is very prevalent. Another prominent feature is the incidence of premium payments made
by third parties; this was one of the primary methods used by the Colombian cartels in the Operation
Capstone case. Overall, it is evident that money launderers will increasingly find creative ways to use
insurance products for money laundering.
Insurance Companies
Suspicious Activity Category
Trending Now 2014 March 1, 2012
To
Dec 31, 2013
INSURANCE Proceeds Received from Unknown Third Party
56 49
Marijuana Limited 24 0
Money Laundering Multiple cash equivalents received 59 32
Suspicious use of Prepaid Access Card 27 0
Loan within six months of Policy issue 26 41
Other Suspicious Activity
Match to Government List/OFAC Match 34 23
Unconfirmed Source/Destination of Funds
28 2
Beyond Expected Income 23 0
Structuring Money Orders Bought Same/Different Days/Locations – Submitted Together
103 173
Reference: https://www.fincen.gov/sites/default/files/sar_report/SAR_Stats_2_FINAL.pdf
P a g e | 12
7. General Criteria Indicated by Standard Setting Bodies and Regulatory
Agencies in Respect to Customer Risk Rating Models
The FATF recommendations (Risk-Based Approach–Guidance for the Life Insurance Sector)17 promote
the concept of risk-based analysis. The risk-based approach allows insurance companies and
intermediaries to allocate proportionate resources to varying levels of risk in combatting money
laundering and terrorist financing.
The deployment of a risk-based protocol will require a three stage approach in order to be
ultimately effective. The three elements are:
o Recognition of inherent risk
o Assessment of risk
o The development of control measures to mitigate risks
Life insurance companies and intermediaries are required to identify the level of risk attaching to:
o Customers
o Products and services including delivery channels
o Geographical locations
o Account activity
The International Association of Insurance Supervisors (IAIS) provided a list18 of factors under
these heads, which will provide a higher degree of granularity to the risk assessment. These are:
o Type and background of customer and/or beneficial owner and beneficiaries
o The customer’s and/or beneficial owner’s and beneficiaries’ geographical base
o The geographical sphere of the activities of the customer and/or beneficial owner
o The nature of the activities
o The means of payment as well as the type of payment (cash, wire transfer, other means of
payment)
o The source of funds
o The source of wealth
o The frequency and scale of activity
o The type and complexity of the business relationship
o Whether or not payments will be made to third parties
o Whether a business relationship is dormant
o Any bearer arrangements
17 FATF-GAFI Risk Based Approach-Guidance for the Life Insurance Sector | October 2009 |Sections 11,12
http://www.fatf-gafi.org/media/fatf/documents/reports/RBA%20Guidance%20for%20Life%20Insurance%20Sector.pdf (sections 11&12)
18 International Association of Insurance Supervisors (IAIS) | Application Paper on Combatting Money Laundering and Terrorist Financing | October 2013 http://www.iaisweb.org/page/supervisory-material/application-papers//file/34107/application-paper-on-combating-money-laundering-and- terrorist-financing
P a g e | 13
o Suspicion or knowledge of ML/FT or other crime, including whether the customer and/or
beneficial owner and beneficiaries are designated by the applicable and relevant U.N. Security
Council Resolutions (UNSCRs).
Customer risk rating is not a one-off exercise and businesses should evaluate these risks on an ongoing
basis and change the risk rating as appropriate.
Not all insurance products have the same level of inherent risk and countries have some flexibility in
determining which products are included in a list that must be subject to the regulations. Most country
regulators have chosen to include products with some degree of investment value in a “covered
products” category.
FINCEN regulations19 define “covered products” as:
o A permanent life insurance policy, other than a group life insurance policy
o Any annuity contract, other than a group annuity contract
o Any other insurance product with features of cash value or investment
An examination of country regulations indicates that this is the universally accepted standard with a
few countries including general insurance under “covered products.”
8. Overview of the Hybrid Quantitative/Qualitative Customer Risk Rating
Model This proposed model is designed to rate customer risk at the outset of the relationship. Both aspects
of qualitative and quantitative will be combined to a final quantitative score that is linked to a range
of qualitative ratings designated high, medium and low.
Scope
i. The model will include the products designated by most regulators as “covered products”
ii. The model will cover only personal customers but may be built out to cover entities by
following the same methodology.
iii. The model will address risk that may be present at the time of customer onboarding. The
model may be built out to cover other stages of the customer relationship by following the
same methodology.
iv. Category risk factors will be limited to:
o Product
o Geography
o Customer
o Account activity
The model may be extended to other risk factors by using the same methodology.
19 Federal Financial Institutions Examination Council Bank Secrecy Act/Anti-Money Laundering InfoBase |Bank Secrecy Act Anti-Money Laundering Manual | Insurance Overview https://www.ffiec.gov/BSA_aml_infobase/pages_manual/OLM_073.htm
P a g e | 14
Qualitative Modeling
The descriptions of qualitative inherent risk attributes are well documented and taken from various
authoritative sources as referenced. Those relative to products are taken directly from the document
on risk by the Joint Money Laundering Steering Committee (JMLSG),20 a U.K. group made up of leading
U.K. trade associations whose aim is to promulgate good practices in countering money laundering.
The same approach is taken to the descriptive elements of the various risk factors and sources
referenced.
Quantitative Modeling
This aspect is based entirely on the model presented by Christopher Price, Metavante´ compliance
consultant in the Metavante´ white paper “Customer Risk Assessment.”21
i. Relative Risk Weight
In the Metavante´ model the relative weight of each risk factor is a subjective risk management
decision based of the estimated severity of impact of each factor in the model relative to each
other. For this paper, the following weights have been chosen for the risk factors. The total of
weights must be 100 percent.
Risk Factor Relative Risk Weight
Products 40%
Geographic 30%
Customer 20%
Account Activity 10%
Total 100%
These ratings are based on a preponderance of evidence that the
intrinsic design of insurance products is the biggest determinant of
risk for money laundering and account activity the lowest due to the
availability of Know Your Customer (KYC) information that make
deviations from expected activity easy to identify.
20 Joint Money Laundering Steering Group | Prevention of Money Laundering/ Terrorist Financing | 18 April 2012 |Part 11- Section 7
http://www.jmlsg.org.uk/industry-guidance/article/guidance
21 Metavante´ White Paper | Customer Risk Assessment | Author: Christopher Price http://primeassociates.com/data/documentations/customerriskassessment.pdf
P a g e | 15
ii. Result Score Contribution
The result score contribution is the value applied to a possible risk factor result. The result score
contribution is multiplied against the relative risk factor to arrive at the quantified final score for
a risk factor.
Taking “Product” as a risk factor the table below provides an illustrative example of result score
contribution.
Hybrid Quantitative/Qualitative Customer Risk Rating Model
Risk Factor Relative Risk
Weight
(%)
Risk Element Result Score Contribution
Final Score
Product 40 % Low-risk product (annuity) 30 12
Medium-risk product (whole life ) 50 20
High-risk product (life insurance) 100 40
General
In the larger model that follows, sections resembling the above are built up for each risk factor,which then
facilitates the aggregation of weighted quantitative scores for all risk factors in the model and these are
linked to qualitative levels of high, medium and low. In this way a hybrid model is achieved, which lends
certainty and consistency customer risk rating.
9. The Detailed Hybrid Qualitative/Quantitative Hybrid Model
Developing the model requires the detailed risk rating of customers using the methodology set out above
at section 8 by applying it to the risk factors of products, geography, customers and account activity.
Products
This section covers a selection of life and personal investment products. As indicated in section 8 titled
“Scope,” general insurance products will not be covered due to the recognition by most jurisdictions that
these products are inherently low risk. In addition, many country regulators do include these in the list of
covered products. However the model can easily be adapted to include general insurance products should
an insurance company determine from their risk-based analysis that these products cause significant risk.
The core information on the qualitative aspects is taken from information published by JMLSG.22
22 Joint Money Laundering Steering Group | Prevention of Money Laundering/ Terrorist Financing | 18 April 2012 |Part 11- Page 69
http://www.jmlsg.org.uk/industry-guidance/article/jmlsg-guidance-current
P a g e | 16
Due to the widespread similarities of design in named insurance products universally, the qualitative
ratings have wide applicability and are ideal for building a reliable model.
Summary Model Ratings for Products Section
PRODUCTS
Risk Factor/Products Relative Risk Weight Factor
Inherent Risk Attributes
Result Score Contribution
Low-Risk Products 40 As detailed* 30
Medium-Risk Products 40 As detailed* 50
High-Risk Products 40 As detailed* 100
Maximum Possible Risk Contribution in overall risk model - 40% x 100 40
*Specific products and the inherent risk attributes attaching to each may be selected from appendix 2.
Geographic
The country or geographic risk for customers has a number of dimensions, which at first glance may
not be obvious. The assessment of risk in this section takes into consideration:
National Risk Assessments – Risk should not only be allocated to external geographies but must
be informed by internal geographic risk. In this regard, the NRA can provide valuable
information of economic sectors, local high-risk areas within a country and risks associated with
certain job and commercial activity;
Mutual Evaluations - The comments above also apply to mutual evaluations;
Geographical Location Country Risk Ratings – Several regulatory agencies publish country risk
ratings. This model references ratings information provided by Basel Committee on Banking
Supervision (Basel), FATF, Office of Foreign Assets Control (OFAC) and the INCSR.
Summary model ratings for Geographic section
Geographic
Risk Factor/Products Relative Risk Weight Factor
Inherent Risk Attributes
Result Score Contribution
Low Risk locations 30 As detailed* 30 Medium Risk locations 30 As detailed* 50
High Risk locations 30 As detailed* 100
Maximum Possible Risk Contribution in overall risk model - 30% x 100 30
*Specific geographic locations and the inherent risk attributes attaching to each may be selected from
appendix 3.
P a g e | 17
Customers
This section takes into consideration the multi-dimensional aspects of what constitutes a “customer” for
risk purposes. Evaluation of qualitative elements for this section as set out in appendix 3 are primarily
from the International Association of Insurance Supervisors (IAIS)23 and FATF-GAFI.24
Summary model ratings for Customers section
Customers
Risk Factor/Products Relative Risk Weight Factor
Inherent Risk Attributes
Result Score Contribution
Low Risk Customers 20 As detailed* 30 Medium Risk Customers 20 As detailed* 50
High Risk Customers 20 As detailed* 100
Maximum Possible Risk Contribution in overall risk model - 20% x 100 20
*Specific customer groups and the inherent risk attributes attaching to each may be selected from
appendix 4.
Account Activity
Account activity can present money laundering risks based on the origin of funds, the medium used for
payment, the nature of funds as well as the degree of account activity. Cash and wire transfers in
particular are easy mediums to facilitate money laundering. Knowing the source of funds/wealth is
essential to continued monitoring as this will provide a comparative indicator in respect of future
payments or investments. This know your customer (KYC) information and attendant risk rating will
provide the basic control measures to mitigate the risk of money laundering.
Summary model ratings for Account Activity section
Account Activity
Risk Factor /Products Relative Risk Weight Factor
Inherent Risk Attributes
Result Score Contribution
Low Risk Customers 10 As detailed 30
Medium Risk Customers 10 As detailed 50
High Risk Customers 10 As detailed 100
Maximum Possible Risk Contribution in overall risk model - 10% x 100 10
23 International Association of Insurance Supervisors (IAIS) | Guidance Paper On Money Laundering and Combatting the Financing of
Terrorism | October 2004 https://www.iaisweb.org/page/supervisory-material/guidance-papers//file/34267/5-guidance-paper-on-anti-money-laundering-and- combating-the-financing-of-terrorism-october-2004-updated-title
24FATF-GAFI Risk Based Approach-Guidance for the Life Insurance Sector | October 2009 http://www.fatf-gafi.org/media/fatf/documents/reports/RBA%20Guidance%20for%20Life%20Insurance%20Sector.pdf
P a g e | 18
*Specific account activity types and the inherent risk attributes attaching to each may be selected from
appendix 5.
Aggregate Computation of all Risk Factors in the Model
The table below is a composite summary of all the above tables for the four risk factors and further
incorporates the illustrative final quantitative scores.
Products Risk Factor Relative Risk
Weight Factor Inherent Risk Attributes Result
Score Contribution
Final Score
Low-Risk Products 40 As detailed 30 12
Medium-Risk Products 40 As detailed 50 20
Hig-Risk Products 40 As detailed 100 40
Maximum Possible Risk Contribution in overall risk model - 40% x 100 40
Geographic Risk Factor Relative Risk
Weight Factor Inherent Risk Attributes Result
Score Contribution
Final Score
Low-Risk locations 30 As detailed 30 9
Medium-Risk locations 30 As detailed 50 15
High-Risk locations 30 As detailed 100 30
Maximum Possible Risk Contribution in overall risk model - 30% x 100 30
Customers Risk Factor Relative Risk
Weight Factor Inherent Risk Attributes Result
Score Contribution
Final Score
Low-Risk Customers 20 As detailed 30 6
Medium-Risk Customers 20 As detailed 50 10
High-Risk Customers 20 As detailed 100 20
Maximum Possible Risk Contribution in overall risk model - 20% x 100 20
Activity Risk Factor /Products Relative Risk
Weight Factor Inherent Risk Attributes Result
Score Contribution
Low-Risk Customers 10 As detailed 30 3
Medium-Risk Customers 10 As detailed 50 5
High-Risk Customers 10 As detailed 100 10
Maximum Possible Risk Contribution in overall risk model - 10% x 100 10
P a g e | 19
Correlation of Qualitative Risk Levels to Quantified Score Ranges
The correlation of Qualitative Risk levels to Quantified Score Ranges is shown below (the “Quantitative
Score Range” being the determinant of whether a customer falls into the qualitative range of Low,
Medium, or High.
Correlation of Qualitative Risk levels to Quantified Score Ranges
Qualitative Risk Rating
Computation (Products+Geogaphy+Customer+Account Activity)
Quantitative Score Range
Low 12+9+6+3 = 30 1-30
Medium 20+15+10+5 = 50 31-50
High 40+30+20+10 = 100 51-100
Proof of Concept Example
Use of the model is demonstrated through the following scenario:
A customer who is a retail store manager, living in the U.S. wishing to purchase a whole life policy in the
U.S. He will be paying premiums by wire transfers from his account held in Kenya.
Risk Factor Relative Risk Weight Factor
Inherent Risk Attributes
Result Score Contribution
Final Score
Product 40% Medium Risk Whole Life Policy
30 20
Geographic 30% High Risk Kenya-Rated 7.71 on Basel AML index Report
100 30
Customer 20% Low Risk Retail Store Manager
30 6
Account Activity 10% Medium Risk Payments from country designated “ jurisdiction of concern”
50 5
Final Score The final score of 61 will place this in the quantitative category of “high risk” even though there are a combination of risk levels in the qualitative ratings. The model demonstrates added value where it can be seen that this rating it is just outside the “medium risk” range by 4.9 percent. In the risk-based environment, this information tells us that this customer is not as critical as others who may be nearer the top end (100) of the “high-risk” category.
61
P a g e | 20
10. Benefits of the Hybrid Qualitative/Quantitative Hybrid Model in
Quantifying the Qualitative Elements of Risk Rating Insurance Customers
The model put forward above is a hybrid model that retains the usefulness of qualitative assessments,
which identify and describe risks and categorize risks; thus enabling clear formulation of mitigation
strategy. This usefulness is extended and greatly enhanced by adding quantitative assessment in the
model that provides consistency, clarity and the ability to mine data which would not have been
possible with a qualitative only based model.
The model is immensely useful in terms of producing data that could aid management in the proactive
mitigation of risk and audit in terms of providing a data stream, which is easily accessible and could be
sliced and diced to produce sampling and other metrics required to prove compliance in several areas.
The inclusion of finite weights and scores to the qualitative aspects enable custom designed databases,
which could be easily interrogated. If the key qualitative aspects are coded, this expands this usefulness
of the model from a data mining perspective, as these aspects then also become easily searchable.
Intrinsic Advantages of the Model
o Combines the advantages of qualitative as well as quantitative assessments; thus enhancing
the value of each method
o Consistency—similar qualitative assessments are given a quantitative weighting or score
which in an agreed model will be used by every employee making a rating assessment
o The inclusion of quantitative weighting or scores enables the production of data that can be
interrogated, manipulated to produce reports, pivot tables, etc. By coding the key qualitative
elements, the accessibility of the data to be searched is enhanced. This facility will enable a
deeper understanding of customer risk behavior and ultimately enable better control
environments
o Whilst risk levels of low, medium and high are available from the qualitative levels, the
quantitative scores facilitate a much deeper level of granularity. Within the scores for low,
medium and high are a range of numbers. This could be helpful to show trends in the
migration of the customer base in the direction of higher or lower risk. Such information
would be helpful in planning IT and staff resources
o The quantitative aspect brings more transparency and a readily acceptance of the validity of
the model
Management Information (MI) Available from the Model
o Composite profiles of customers producing the highest risk. A customer in a low-risk location
purchasing a low-risk product may end up with a higher rating because of high-risk activity
o The distribution of risk in various geographies. Trend analysis will show whether criminal
groups (e.g., drug dealers) in particular locations may be using insurance products to launder
money
o Which products are producing an unacceptable level of risk? This will provide a basis for re-
design of the product as well informing better design of new products and control measures
P a g e | 21
Audit
o Segmentation of the customer base. Which customers are buying which product and how the
products are serviced in terms of source and method of payments. This would be relevant to
the design of AML controls and training
o Assessment of the relationship between the purchase of particular products and delivery
channel and attendant risk (e.g., incidence of purchase of high-value annuities through
brokers).
o Management are able to discover which risks cross business lines;
o Giving a comprehensive view of anticipated payment methods that will inform monitoring
strategy and resources
o Enables a better assessment of systemic risk
o Audit is able to clearly see that ratings tied to numbers, provides reliably and consistency of
measurement. The audit function is then able to avoid conflicts related to the subjectivity of
ratings
o Provides the audit function with finite data and an audit trail in how rating decisions were
arrived
o The capability of the model to deliver a wide variety of data provides audit with the
opportunity to choose varied sampling scenarios (e.g., looking at the number of customers
who pay into annuities with wire transfers audit may need to sample a higher number of such
customers than those falling into another category)
o Audit is better able to identify and track composite risk leading to better diagnosis as to
whether appropriate management controls have been put in place.
11. Conclusion
The requirement for the risk rating of insurance customers is virtually universal. The premier standard
setting regulatory body, the Financial Action Task Force (FATF) has systematically widened the sphere of
countries who have adopted their regulations, including guidance for the insurance industry. National
regulators have been aggressive in implementing risk control guidelines and the insurance industry is
required to follow, in principle, the same requirements for risk rating customers as those in other financial
institutions.
There are serious consequences for regulatory failures as evidenced by enforcement actions in other
business sectors, which have resulted in substantial fines and consent to extensive remedial work in
instituting risk rating protocols. The insurance industry has been relatively unscathed in terms of
enforcement actions. The paucity of enforcement actions rises out of a combination of factors. The fact
that the insurance industry does not facilitate money laundering to the same degree as other sectors,
regulation has tended to lag behind that of other financial institutions such as retail banking, and delay by
regulators in developing insurance specific audit procedures.
This situation is unlikely to continue as the trend analysis of U.S. SARs indicate that insurers and other
financial institutions see an increasing incidence of instances where they have reason to believe insurance
products and services are being used for money laundering. This
P a g e | 22
trend is likely to reinforce the requirement for effective risk rating of customers and an increase in the
frequency of regulatory examinations and no doubt regulatory sanctions. Therefore, it is imperative that
insurers seek to implement the most robust risk rating tools at their disposal.
The insurance industry has tended to rely on relatively unsophisticated risk rating models that place much
reliance on qualitative ratings. Qualitative models rely largely on criteria that is inherently subjective, with
the limitations of inconsistent judgement and application and lack of transparency. However, qualitative
ratings should not be dismissed as they have great value in terms of the location, description and
categorization of risk, which facilitate risk mitigation and the formulation of policies. The effectiveness of
qualitative risk rating can be significantly increased with the addition of quantitative techniques, which add
consistency, clarity and enhanced utility to risk rating models.
The quantitative/qualitative hybrid model presented here brings together these two aspects and leverages
the value of both models to provide the insurance industry with a comprehensive model, which can be
mined for significant management information as well as provide extensive data metrics to enable the
independent audit function.
P a g e | 23
Appendix 1 – It is Generally Accepted that Quantitative Methods have
Significant Advantages Over Qualitative Methods
Various analysts have indicated the advantages quantitative assessment has over a purely
qualitative assessment. Below is a sampling of sources:
Scalar Blog Document - Qualitative vs Quantitative Assessments | Author – Nafis Shah
https://www.scalar.ca/en/blog/qualitative-vs-quantitative-risk-assessments-2/
“While a quantitative risk assessment process provides a more accurate reflection of an
organization’s risks (emphasis mine) and their potential impact, they are most often very difficult to
implement and/or impractical for many organizations due to the data requirements.”
McKinsey & Company
A Best-Practice Model for Bank Compliance | Authors-Piotr Kaminski and Kate Robu
http://www.mckinsey.com/business-functions/risk/our-insights/a-best-practice-model-for-bank-
compliance
“Even if a compliance testing program was established, it frequently borrowed heavily from the
late- 20th-century operational-risk playbook by emphasizing a bottom-up, subjective process of
control testing versus a more objective, risk-based monitoring of material residual risks (emphasis
mine).”
Taylor Francis Online
A Statistical Diagnosis of Customer Risk Ratings in Anti-Money Laundering Surveillance |
Authors – Bhojnarine R. Rambharat & Andrew J. Tschirtart | section 1-Introduction
http://www.tandfonline.com/doi/full/10.1080/2330443X.2014.1004005
“While there are several varieties of risk ratings in AML, arguably risk ratings of customers (or
entities) within a financial institution are the most common. Typically, a range of risk ratings
with categorical labels such as “Low,” “Medium,” or “High” is used to classify customers.
Ratings can be assigned manually and/or through an automated process. Irrespective of how
ratings are developed, they help focus attention on risky entities. Moreover, AML analysts who
assign ratings might update their beliefs about customers with the arrival of new information,
either from internal or external sources. We argue that it benefits risk prioritization if customer
risk ratings are somehow diagnosed in a quantitative sense. One could leverage established
statistical methodology as diagnostic tools of customer risk ratings to better inform the relevant
bank personnel who use them as part of AML surveillance efforts (emphasis mine).”
P a g e | 24
Appendix 2 -Products
Products Low Risk
Risk Factor/Product Relative Risk Weight Factor
Inherent Risk Attributes Result Score
Contribution
Term life assurance 40%
Only pays out on death of assured
No surrender value
Small, regular premiums: additional payments by customer not possible
Large premiums will normally require medical evidence
No investment element
Once term of policy is finished no payout and policy ceases
30
Income protection products related to long-term illness
40% Only pays out on medical evidence and proof required as to loss of income
No surrender value
Small, regular premiums: additional payments by customer not possible
30
Group Life Protection
40% Only pays on medical evidence
No surrender value
Premiums paid by employer—no member funding
Relatively small regular premiums
30
Pension, superannuation or similar schemes which provide retirement benefits to employees, where contributions are made by an employer or by way of deduction from an employee’s wages and the scheme rules do not permit the assignment of a member’s interest under the scheme
40% Long-term savings vehicle - No surrender value
Product may not be used as collateral
30
Pensions annuities, whether purchased with the company running the long- term savings vehicle or through an open market option.
40% Product already subject to due diligence and ongoing monitoring from the pension provider
30
Medium Risk
Risk Factor/Product Relative Risk Weight Factor
Inherent Risk Attributes Result Score
Contribution
Whole of Life 40% 50
P a g e | 25
may accrue some surrender value
benefits usually payable on death or diagnosis of terminal illness or, in some cases, critical illness of the policyholder
partial surrenders are normally allowed within specified limits
qualifying whole of life plans will comply with the rules applicable to qualifying life policies
Life Assurance Savings Plan 40% Long-term savings plan often for retirement
Requires at least five years to gain positive return on investment
Often unable to be surrendered in first or second year, with penalties in years three to five
Additional ‘top up’ payments may be permitted
50
Endowments 40% Long-term savings plan for a set term, often linked to mortgages
Usually long term, 10 to 25 years
50
Group Personal Pension (GPP)
40% Long term policy, usually up to 40 years
No surrender value 50
Self-Invested Personal Pension (SIPP)
40% Provides a choice of allowable investments, including commercial property, i.e., can be used to buy business premises.
Long term policy, usually up to 40 years
No surrender value.
HMRC registered scheme. Transfers are possible, but only to another registered scheme.
Annual and lifetime limits apply
50
High Risk
Risk Factor/Product Relative Risk Weight Factor
Inherent Risk Attributes Result Score
Contribution
Single premium investment bonds, including: • With profits • Guaranteed • Income • Investment • Offshore international bonds
40% Open ended investment
Usually a 5 year recommended minimum investment term but can be surrendered earlier
Additional ‘top up’ payments permitted by policy holder and by third parties
May be segmented and individual segments may be assigned
40% Products offered through brokers or agents where there is not a comparable standard of due diligence
50
P a g e | 26
P a g e | 27
Appendix 3 - Geographic
GEOGRAPHIC
Low Risk
Risk Factor/Customer Location
Relative Risk Weight Factor
Inherent Risk Attributes Result Score Contribution
Low-Risk Countries 30 Countries with a rating between 0 - 3.3 on the BASEL AML Index Report
Countries are identified by credible sources such as mutual evaluations or detailed assessment reports as having effective AML/CFT systems
Countries are identified by credible sources as having a low level of corruption or other criminal activity
Countries designated as “ Other Jurisdictions monitored” by the Bureau Of International Narcotics And Law Enforcement Affairs (INCSR)
30
Medium Risk Medium-Risk Countries
30 Countries with a rating between 3.3 - 6.6 on the BASEL AML Index Report
Countries designated as “Jurisdictions of Concern” by the Bureau Of International Narcotics And Law Enforcement Affairs (INCSR)
50
High Risk
High-Risk Countries
30 Countries with a rating between 6.6 – 10 on the BASEL AML Index Report
Countries designated as “Jurisdictions of Primary Concern” the Bureau Of International Narcotics And Law Enforcement Affairs (INCSR)
Countries subject to OFAC sanctions including state sponsors of terrorism
Countries identified as supporting terrorism
Jurisdictions or countries monitored for deficiencies in their regimes to combat money laundering and terrorist financing. Identified as non-cooperative by international entities such as the Financial Action Task Force on money laundering FATF.
100
P a g e | 28
Appendix 4 - Customers
Customers
Low Risk
Risk Factor/Product Relative Risk Weight Factor
Inherent Risk Attributes Result Score
Contribution
Source of wealth 20 Source of wealth easily verified and is a source which carries a low associated risk of money laundering
30
Occupation risk 20 The occupation of the customer is verifiable and rate low in terms of an occupation which generates money laundering
30
Length of relationship risk 20 The length of the relationship has provided a basis and pattern of behavior which indicates a reasonable belief that that the customer is unlikely to be involved in money laundering or terrorist financing
30
Negative news risk 20 No negative news relating to actual terrorist financing, money laundering or predicate crimes
30
Medium Risk
Source of funds/Source of wealth
20 Source of wealth verification is reliant on a third party with an AML regime of less than equivalent standard
50
Occupation risk 20 The occupation of the customer has a medium risk possibility of facilitating money laundering/terrorist financing e.g. connection to other high risk occupations or situations
50
Length of relationship risk 20 During the length of the relationship the experience is satisfactory; however the length of the relationship is not enough to provide a basis for assigning a low rating
50
Negative news risk 20 Customer can be indirectly linked to persons or situations which involving predicate crime or possible money laundering
50
High Risk
20 The business relationship is conducted in unusual circumstances e.g. significant unexplained geographic distance between the insurer or intermediary and the customer
Customer is non-resident
PEPS
Customers who wish to assign benefits to an apparently unrelated third party
Gatekeepers such as accountants, lawyers, or other professionals holding accounts/policies/contacts at an insurance company acting behalf of their clients and where the insurance company places unreasonable reliance on the gatekeeper
100
Source of funds/Source of wealth
20 Source of wealth is difficult to verify. Customer has beneficial ownership in high-risk enterprises.
100
P a g e | 29
Occupation risk 20 Persons having occupations listed below or who are the beneficial owners of listed businesses.
o Commission agents o Real estate agents o Gatekeepers o High value goods dealers o Arms dealers o Money service proprietors o Digital currency providers o Charities and non-profits
100
Length of relationship risk 20 No relationship history in combination with the purchase of high risk products
100
Negative news risk 20 News of possible involvement in predicate crime, money laundering or terrorist financing
100
Appendix 5 – Account Activity
ACCOUNT ACTIVITY
Low Risk
Risk Factor/Product Relative Risk Weight Factor
Inherent Risk Attributes Result Score
Contribution
Cash transactions 10 Cash activity between x – xx 30
Transfer from bank account with a bank subject to acceptable CDD standards
30
Top up 10 Top up amount below current holdings 30
Wire Transfers 10 Transfers from countries cleared by FATF and other regulatory agencies
30
Medium Risk
Cash transactions 10 Cash activity between xx – xxx 50
Top up 10 Top up amount equal to current holdings 50
Wire Transfers 10 Transfers from countries designated as “Jurisdictions of Concern” by the Bureau Of International Narcotics And Law Enforcement Affairs (INCSR)
50
High Risk
Cash transactions 10 Cash activity between xxx – xxxxxx 100
Top up 10 Wire Transfers 100
10 Top up amount exceeds 10% current holdings 100
Wire Transfers 10 Transfers from countries designated as “Jurisdictions of Primary Concern” the Bureau Of International Narcotics And Law Enforcement Affairs (INCSR)
100
Occasional Customers Occasional customers who do business above a certain threshold
100