Money Laundering: A Changing Paradigm

Item: Robert Khuzami, the SEC's Director of Enforcement, announced last August that the SEC has established an FCPA Unit to “focus on new and proactive approaches to identifying violations” because “more needs to be done, including being more proactive in investigations, working more closely with our foreign counterparts, and taking a more global approach to these violations.”

A New Paradigm

The days when AML compliance meant focusing narrowly on transactional activity related to the volume, velocity, origin and direction of money movements may be ending. A new paradigm for AML compliance is emerging ' one that requires a holistic view that includes risks related not only to the FCPA, but also to fraud, tax evasion, and other criminal activity related, for example, to mortgages, etc. While many large U.S. and EU financial institutions have kept FCPA compliance separate from AML, this new imperative might require a convergence of the two in order to provide for improved detection and enhanced investigation while realizing significant, synergy-derived cost savings.

What FCPA risks should an AML compliance officer consider under this new paradigm? Predominantly, there are three types of risk, two addressed by standard AML measures, and the third by an effective FCPA compliance program:

1. The risk of providing services to persons whose funds may derive from public corruption, e.g., Politically Exposed Person (PEP) risk. Of the three risk categories, risk of 'accepting' funds derived from public corruption may be the easiest to detect if your AML protocols are robust. Virtually all financial institutions have, or should have, some mechanism for identifying PEPs and other public officials within their customer screening systems. Improved detection rates may be achieved by transaction monitoring focused on corruption proceeds entering the PEP account.

2. The danger of facilitating corrupt payments to foreign officials by “legitimate” clients of the financial institution, e.g., an oil company. The judicial dockets are filled with cases involving corruption with domestic and foreign public officials. While historically these cases have focused on the corrupt officials, there appears to be a trend toward prosecuting the financial institutions that accepted corruption proceeds for transit or as deposits. This may even entail personal liability, both civil and criminal, for the officers and directors of the financial institution if they knew, should have known, or were willfully blind to the activity in which the government is interested. Once you get a subpoena ' a sure sign of government interest ' it may be too late to fix the problem.

3. The risk that a financial institution is itself engaging in public corruption by making corrupt payments to gain a business advantage. As financial institutions expand into more diverse geographies, there is a growing likelihood that the institution, in an effort to secure permits, licenses and facilities or to obtain additional revenue from, for example, public sources such as pension or sovereign funds will conduct business with individuals who are “public officials” under the FCPA. Building an effective FCPA compliance program can mean the difference between an event requiring self-disclosure or no event at all. For example, a U.S. SEC-registered brokerage company just reported in its 2009 8-K that “it has recently uncovered actions initiated by an employee based in China in an overseas real estate subsidiary that appear to have violated the FCPA.” Public reports indicate that the activities in question are related to company's real estate practice in China, which invests with various state-owned entities. The employee reportedly was a top property dealmaker in China.

A Compliance Checkup

What questions a financial institution asks its internal-controls program and the compliance professionals who manage it often defines the difference between avoiding these risks or not. Here are some questions to ask at the outset of a compliance checkup:

• Does your institutional risk assessment accurately identify high-risk areas for both FCPA and AML/OFAC?
• Have you identified high-risk customers, products, services and geographies for both FCPA and AML/OFAC?
• Have you considered the inter-relationships of risk factors between AML/OFAC and the FCPA?
• Is your risk assessment nimble enough to be responsive to external events and political changes?
• Have you defined corruption and money laundering typologies related to all your products and services (e.g., trade finance, construction loans, etc.)?
• Have you reviewed your own SAR filing history to be certain you are filing FCPA-related SARs?
• Have you adapted and refined the red flags in your transaction monitoring system to address the footprint of your organization and its business portfolio?
• Are your Customer Identification Program (CIP) and Know Your Customer (KYC) protocols adequate to the corruption risks reasonably foreseeable in each location in which you are doing business?
• Have you established a bank-wide definition of who is a PEP? Does it include both domestic and foreign government persons? Do you also identify more generally customers who fit the FCPA definition of “public officials”?
• Are your employees dealing directly or indirectly with government officials both as regulators and as bank customers? Do you have FCPA compliance guidelines and an associated training program that reach those employees?
• Have you assessed and addressed your risk related to agents and intermediaries?
• What data are available for FCPA monitoring?
• What are your expenses, gifts, entertainment, charitable contributions?
• Do you focus on high-risk government touch points and client relationships?
• Are there third parties and third-party payments?
• To what extent can contemporaneous information about corruption risks, events and investigations be integrated into monitoring and surveillance programs?
• Do you use external data (e.g., country corruption indices, quality of government procurement regimes) to complement the use of customer risk ratings or transaction monitoring?
• Where and how is FCPA monitoring being conducted?
• Do you have centralized or decentralized monitoring?
• What degree of convergence of FCPA and AML monitoring is taking place at your institution now? Are you using different analytic engines, case management tools, investigators and investigation protocols? Are FCPA findings informing AML monitoring and vice versa?

Conclusion

The FCPA and AML compliance environment is unforgiving. U.S. law enforcement views compliance in these areas a national-security imperative. Regulators across the globe are developing strict examination procedures, and failures have lead to stiff fines and, in the case of the FCPA, criminal convictions of senior personnel. Frederic Bourke and the investment management company Omega Advisors were prosecuted in New York for bribery of senior government officials in Azerbaijan to ensure that those official would privatize the state oil company; in the UK, the Financial Services Authority fined Aon Ltd. '5.25 million for failure to maintain adequate systems to counter the risks of bribery and corruption. These prosecutions likely portend the future in this fast evolving area. In the words of Bob Dylan: “He not busy being born is busy dying.”

Michael Zeldin ([email protected]), a member of this newsletter's Board of Editors, is a Principal in Deloitte Financial Advisory Services LLP and the global AML/Sanctions practice leader. Miriam Ratkovicova ([email protected]) is a Senior Manager in the AML/Sanctions Practice of Deloitte FAS LLP.

When government officials speak, those regulated by them should listen carefully. Over the past several months there has been a slew of public pronouncements that should put financial institutions on edge. Enhanced enforcement of the Foreign Corrupt Practices Act (FCPA) is now migrating into the financial sector and linking up with anti-money laundering (AML) and Office of Foreign Assets Control (OFAC) compliance requirements.

Item: The Financial Industry Regulatory Authority (FINRA) wrote to securities industry executives last March to “highlight new and existing areas of particular significance to FINRA's examination program for 2009,” warning them to reassess their firms' compliance and supervisory programs with special attention to AML and the FCPA. The letter concludes: “We hope that by sharing these areas of potential examination focus and other developments, your Firm will be well armed to assess your compliance operations, internal controls and supervisory systems.” http://www.finra.org/web/groups/industry/@ip/@reg/@guide/documents/industry/p118113.pdf

Item: New York State's Insurance Department last June issued Circular Letter 11 (2009) to all Licenses, setting forth the Superintendent's expectations regarding compliance by licensees with three areas of federal law: the Bank Secrecy Act, the FCPA, and regulations of the Office of Foreign Assets Control. “Although supervision and enforcement of these statutes resides with national regulators,” the Superintendent observes warns that “compliance with these laws is consonant with prudent risk management” and that well designed programs to ensure compliance with federal law “should prove effective in detecting violations of New York law ' pertaining to money laundering and insurance fraud.” The letter warns that the Insurance Department may specifically ask the members of a licensee's senior most governing body or senior management” about policies aimed at compliance with federal law. http://www.ins.state.ny.us/circltr/2009/cl2009_11.htm.

Item: Robert Khuzami, the SEC's Director of Enforcement, announced last August that the SEC has established an FCPA Unit to “focus on new and proactive approaches to identifying violations” because “more needs to be done, including being more proactive in investigations, working more closely with our foreign counterparts, and taking a more global approach to these violations.”

A New Paradigm

The days when AML compliance meant focusing narrowly on transactional activity related to the volume, velocity, origin and direction of money movements may be ending. A new paradigm for AML compliance is emerging ' one that requires a holistic view that includes risks related not only to the FCPA, but also to fraud, tax evasion, and other criminal activity related, for example, to mortgages, etc. While many large U.S. and EU financial institutions have kept FCPA compliance separate from AML, this new imperative might require a convergence of the two in order to provide for improved detection and enhanced investigation while realizing significant, synergy-derived cost savings.

What FCPA risks should an AML compliance officer consider under this new paradigm? Predominantly, there are three types of risk, two addressed by standard AML measures, and the third by an effective FCPA compliance program:

1. The risk of providing services to persons whose funds may derive from public corruption, e.g., Politically Exposed Person (PEP) risk. Of the three risk categories, risk of 'accepting' funds derived from public corruption may be the easiest to detect if your AML protocols are robust. Virtually all financial institutions have, or should have, some mechanism for identifying PEPs and other public officials within their customer screening systems. Improved detection rates may be achieved by transaction monitoring focused on corruption proceeds entering the PEP account.

2. The danger of facilitating corrupt payments to foreign officials by “legitimate” clients of the financial institution, e.g., an oil company. The judicial dockets are filled with cases involving corruption with domestic and foreign public officials. While historically these cases have focused on the corrupt officials, there appears to be a trend toward prosecuting the financial institutions that accepted corruption proceeds for transit or as deposits. This may even entail personal liability, both civil and criminal, for the officers and directors of the financial institution if they knew, should have known, or were willfully blind to the activity in which the government is interested. Once you get a subpoena ' a sure sign of government interest ' it may be too late to fix the problem.

3. The risk that a financial institution is itself engaging in public corruption by making corrupt payments to gain a business advantage. As financial institutions expand into more diverse geographies, there is a growing likelihood that the institution, in an effort to secure permits, licenses and facilities or to obtain additional revenue from, for example, public sources such as pension or sovereign funds will conduct business with individuals who are “public officials” under the FCPA. Building an effective FCPA compliance program can mean the difference between an event requiring self-disclosure or no event at all. For example, a U.S. SEC-registered brokerage company just reported in its 2009 8-K that “it has recently uncovered actions initiated by an employee based in China in an overseas real estate subsidiary that appear to have violated the FCPA.” Public reports indicate that the activities in question are related to company's real estate practice in China, which invests with various state-owned entities. The employee reportedly was a top property dealmaker in China.

A Compliance Checkup

What questions a financial institution asks its internal-controls program and the compliance professionals who manage it often defines the difference between avoiding these risks or not. Here are some questions to ask at the outset of a compliance checkup:

• Does your institutional risk assessment accurately identify high-risk areas for both FCPA and AML/OFAC?
• Have you identified high-risk customers, products, services and geographies for both FCPA and AML/OFAC?
• Have you considered the inter-relationships of risk factors between AML/OFAC and the FCPA?
• Is your risk assessment nimble enough to be responsive to external events and political changes?
• Have you defined corruption and money laundering typologies related to all your products and services (e.g., trade finance, construction loans, etc.)?
• Have you reviewed your own SAR filing history to be certain you are filing FCPA-related SARs?
• Have you adapted and refined the red flags in your transaction monitoring system to address the footprint of your organization and its business portfolio?
• Are your Customer Identification Program (CIP) and Know Your Customer (KYC) protocols adequate to the corruption risks reasonably foreseeable in each location in which you are doing business?
• Have you established a bank-wide definition of who is a PEP? Does it include both domestic and foreign government persons? Do you also identify more generally customers who fit the FCPA definition of “public officials”?
• Are your employees dealing directly or indirectly with government officials both as regulators and as bank customers? Do you have FCPA compliance guidelines and an associated training program that reach those employees?
• Have you assessed and addressed your risk related to agents and intermediaries?
• What data are available for FCPA monitoring?
• What are your expenses, gifts, entertainment, charitable contributions?
• Do you focus on high-risk government touch points and client relationships?
• Are there third parties and third-party payments?
• To what extent can contemporaneous information about corruption risks, events and investigations be integrated into monitoring and surveillance programs?
• Do you use external data (e.g., country corruption indices, quality of government procurement regimes) to complement the use of customer risk ratings or transaction monitoring?
• Where and how is FCPA monitoring being conducted?
• Do you have centralized or decentralized monitoring?
• What degree of convergence of FCPA and AML monitoring is taking place at your institution now? Are you using different analytic engines, case management tools, investigators and investigation protocols? Are FCPA findings informing AML monitoring and vice versa?

Conclusion

The FCPA and AML compliance environment is unforgiving. U.S. law enforcement views compliance in these areas a national-security imperative. Regulators across the globe are developing strict examination procedures, and failures have lead to stiff fines and, in the case of the FCPA, criminal convictions of senior personnel. Frederic Bourke and the investment management company Omega Advisors were prosecuted in New York for bribery of senior government officials in Azerbaijan to ensure that those official would privatize the state oil company; in the UK, the Financial Services Authority fined Aon Ltd. '5.25 million for failure to maintain adequate systems to counter the risks of bribery and corruption. These prosecutions likely portend the future in this fast evolving area. In the words of Bob Dylan: “He not busy being born is busy dying.”

Michael Zeldin ([email protected]), a member of this newsletter's Board of Editors, is a Principal in Deloitte Financial Advisory Services LLP and the global AML/Sanctions practice leader. Miriam Ratkovicova ([email protected]) is a Senior Manager in the AML/Sanctions Practice of Deloitte FAS LLP.