Global Measures on ML/FT: BIS

By

Established in 1930, the Bank for International settlement (BIS ) is owned by 63 central banks, representing countries from around the world that together account for about 95% of world GDP. Its head office is in Basel, Switzerland and it has two representative offices: in Hong Kong SAR and in Mexico City, as well as Innovation Hub Centres around the world. Its mission is to support central banks' pursuit of monetary and financial stability through international cooperation, and to act as a bank for central banks.

 

The Basel Committee - initially named the Committee on Banking Regulations and Supervisory Practices - was established by the central bank Governors of the Group of Ten countries at the end of 1974 in the aftermath of serious disturbances in international currency and banking markets (notably the failure of Bankhaus Herstatt in West Germany).

The Committee, headquartered at the Bank for International Settlements in Basel, was established to enhance financial stability by improving the quality of banking supervision worldwide, and to serve as a forum for regular cooperation between its member countries on banking supervisory matters. The Committee's first meeting took place in February 1975, and meetings have been held regularly three or four times a year since.

Since its inception, the Basel Committee has expanded its membership from the G10 to 45 institutions from 28 jurisdictions

The Basel Committee on Banking Supervision (BCBS) is the primary global standard setter for the prudential regulation of banks and provides a forum for regular cooperation on banking supervisory matters. Its 45 members comprise central banks and bank supervisors from 28 jurisdictions.

The Basel Committee’s previous guidance on customer due diligence and anti-money laundering efforts has been contained in three papers. The Prevention of Criminal Use of the Banking System for the Purpose of Money-Laundering was issued in 1988 and stipulates several basic principles, encouraging banks to identify customers, refuse suspicious transactions and cooperate with law enforcement agencies. The 1997 Core Principles for Effective Banking Supervision states that, as part of a sound internal control environment, banks should have adequate policies, practices and procedures in place that "promote high ethical and professional standards in the financial sector and prevent the bank from being used, intentionally or unintentionally, by criminal elements." In addition, supervisors are encouraged to adopt the relevant recommendations of the FATF, relating to customer identification and record-keeping, reporting suspicious transactions, and measures to deal with countries with insufficient or no anti-money laundering measures. The 1999 Core Principles Methodology further elaborates the Core Principles by listing a number of essential and additional criteria.

In accordance with the updated Core principles for effective banking supervision (2012), all banks should be required to “have adequate policies and processes, including strict customer due diligence (CDD) rules to promote high ethical and professional standards in the banking sector and prevent the bank from being used, intentionally or unintentionally, for criminal activities”.14 This requirement is to be seen as a specific part of banks’ general obligation to have sound risk management programmes in place to address all kinds of risks, including ML and FT risks. “Adequate policies and processes” in this context requires the implementation of other measures in addition to effective CDD rules. These measures should also be proportional and risk-based, informed by banks’ own risk assessment of ML/FT risks. This document sets out guidance in respect of such measures. In addition, other guidelines are applicable or supplementary where no specific AML/CFT guidance exists.

The BCBS, the global standard setter for the prudential regulation of banks and a forum for cooperation on banking supervisory matters, incorporated the FATF Recommendations into its overall framework of banking supervision through guidelines on the sound management of risks related to ML and TF, without modifying the content of the FATF Recommendations.

AML and CFT in banking supervision

General principles

Banks' AML/CFT measures and related supervision should follow a risk-based approach. This entails a differentiation of risk classes and their separate management. Specifically, the risk-based approach requires the identification and assessment of the individual risk at hand, application of specific mitigation and monitoring measures, and documentation of the strategy taken and any major decisions made.  Examples of suitable candidates for risk differentiation include:

  • Politically exposed persons (PEPs) – individuals who hold or have held important functions in the public or private sectors and may have been exposed to corruption. As corruption is a predicate crime, their wealth may be illicit, and hence transactions with PEPs warrant enhanced due diligence
  • Business areas that have a high cash turnover, eg casinos, parking garages and construction, warrant enhanced due diligence
  • Countries that are designated as non-cooperative by the FATF

Governance and organisation

The principal responsibility for a bank's ML/TF risk management lies with the board of directors. It is responsible for defining and overseeing a bank's AML/CFT policy and allocating operational responsibilities and resources under the "three lines of defence" model:

  • The "first line of defence" lies with a bank's business units, eg its private banking or asset management divisions. These units are responsible for identifying, assessing and controlling ML/TF risks through the use of customer due diligence practices.
  • The "second line of defence" primarily refers to the chief officer in charge of AML/CFT, the compliance function, as well as human resources and technology. These entities should be independent of business units, give independent advice to management and act as main contact point for the relevant authorities. Conflicts between the first and second lines of defence should be resolved at the highest level.
  • The "third line of defence" refers to the independent internal audit function.

Banks' due diligence

Banks' due diligence refers to the collection and verification of client information at account opening and the monitoring of client transactions.

The overarching principle at account opening is "Know Your Customer" (KYC). This includes checking:

  • the identity of an individual or a legal entity, including corporate officers or proxies (attorneys-in-fact), through appropriate documents (eg passports or certificates of incorporation)
  • the financial and any criminal background of the customer, as well as the nature of a business or company
  • how the bank relationship fits into the client's broader activities (eg salary account or operating account of a company)

The FATF has clarified that correspondent banks are not required to conduct due diligence on their respondent banks' clients, ie the ultimate payers or payees. Nevertheless, correspondent banks should assess the ML/TF risks associated with the correspondent banking relationship.

Transaction monitoring is a particularly important aspect of banks' due diligence as it allows them to identify criminal activities and report those activities to the relevant authorities. The size of transactions and whether they are deemed suspicious govern escalation and reporting. With "large" transactions, reporting is triggered if certain, jurisdiction-specific thresholds are met. In terms of "suspicious" transactions, national AML regimes typically qualify such transactions as suspicious on the basis of the following patterns:

  • The transactions do not "make economic sense", eg they have unrealistically high profits.
  • "Structured" transactions are employed, ie multiple small transfers are used where one large transfer would have been more convenient but would have met an AML threshold.
  • The transactions involve unusual withdrawals, especially if an account is closed and funds are withdrawn in cash.

Information management

To ensure a proper audit trail, foster sound supervisory reporting and, where necessary, support criminal prosecutions, banks should ensure that all information obtained through client and transaction due diligence is recorded and documented, including the inputting of transcripts into the bank's information technology systems. Recorded information should be retained for at least five years.


Happy reading


Those who read this, also read:


Formerly Faculty for Finance & Associate Dean, IBS-Kochi MBA (Banking & Finance – CUSAT);CFA. Accredited Management Teacher from CME of AIMA, Delhi has been in Management Education from 1988. Exposure is in the field of Mutual Funds, Market Research, Project Report preparation & evaluation, Advertising & NGO Activities. This Chief Manager, UTI Asset Management Co Pvt. Ltd(1992-2003), Mumbai. Undergone training in Case Study method of teaching under Mr. Trevor Williams and Mr. Scott M Andrews conducted by the ECCH, UK . Published Books & Book Review, Series of academic articles and maintains a column on MFs under "Fund scan" in Business Manorama since January 2007,Contributes "Portfolio Doctor" column for 'Sampadyam' a wealth mgt publication in Malayalam from manorama group since February 2007, Listed her case studies at asiacase.com.Presented papers in national & international conferences on Mutual Funds. Faculty Member @ ASIET, Kalady from 2010 to June 2019. Dean @ SNGIST, N Paravur, Ernakulam from Sep 2019 -Jan 2021, I continue my efforts to spread the knowledge in area of Finance and contribute to Management Education

Comments

Post a Comment

Popular posts from this blog

National Risk Assessment (NRA): India

By
  India's National Risk Assessment (NRA) is  an ongoing exercise to identify sectors that are vulnerable to money laundering and terrorist financing (ML/TF) .  The NRA is based on recommendations from the Financial Action Task Force (FATF) and helps inform policy-making, resource allocation, and the implementation of effective AML/CFT measures. The NRA also ensures that national strategies address both domestic and international threats. The NRA provides a foundation for informed policy-making, resource allocation, and the implementation of effective AML/CFT measures . It ensures that national strategies are aligned with the specific risk landscape of the country and that they address both domestic and international threats. The subject matter of NRA  was discussed in the Anti-Money Laundering Steering Committee (AMLSC) set up with the approval of Finance Minister, and it was decided to conduct the NRA following the World Bank methodology. The Methodology requi...
Read more

Customer Due Diligence(CDD) : Individuals

By
Image
This post is based on RBI Master Circular dated Feb 25, 2016 updated on Jan 04, 2024  Part I - Customer Due Diligence (CDD) Procedure in case of Individuals For undertaking CDD, REs shall obtain the following from an individual while establishing an account-based relationship or while dealing with the individual who is a beneficial owner, authorised signatory or the power of attorney holder related to any legal entity: (a)     the Aadhaar number where,   (i) He is desirous of receiving any benefit or subsidy under any scheme notified under section 7 of the Aadhaar (Targeted Delivery of Financial and Other subsidies, Benefits and Services) Act, 2016 (18 of 2016); or (ii) He decides to submit his Aadhaar number voluntarily to a bank or any RE notified under first proviso to sub-section (1) of section 11A of the PML Act; or (aa) the proof of possession of Aadhaar number where offline verification can be carried out; or (ab) the proof of possession of Aa...
Read more

Periodic Updation of Customer Risk Profile

By
1. Preparation of Customer Profile from KYC Data In the initial years of KYC, RBI has been following a handholding approach as can be seen from their circular dated July 2009 and that of Feb 25, 2016 as updated on Jan 04, 2024. RBI requires REs to conduct risk profiling and risk categorization and periodic updation.  Extracts from RBI MD dated July 01, 2009 under Customer Acceptance Policy a)ii) Parameters of risk perception are clearly defined in terms of the nature of business activity , location of customer  and his clients, mode of payments, volume of turnover, social and financial status etc. to enable categorisation of customers into low, medium and high risk (banks may choose any suitable nomenclature viz. level I, level II and level III). Customers requiring very high level of monitoring, e.g. Politically Exposed Persons (PEPs) may, if considered necessary, be categorised even higher; b). Banks should prepare a profile for each new customer based on risk categorisatio...
Read more