Self protection against money laundering
There is much that both financial and non-financial businesses can do to take the initiative and implement their own money laundering prevention measures. The framework for such prevention measure for protection against money laundering is:
- Know your administration
- Know your business
- Know your client and counterparty
A. Know your administration
The most effective protection against money laundering is the commitment by the whole organisation to defend itself actively against money laundering attacts. This principle must be instilled in all members of the organisation, regardless of rank, and translated into practical policies, procedures and systems. The most crucial administrative elements of self-protection are:
- A formal statement from the Board of Directors or senior management team clearly spelling out the institution’s commitment to combat the abuse of its facilities for the purposes of money laundering.
- A system of formal internal control procedures to recognise and deter money laundering by attention to each of the following points:
- A designated officer responsible for ensuring day-to-day compliance with internal controls on behalf of the institution and with direct access to, but independence from, the Board, as well as designated officers in each subsidiary branch or unit which deals directly with clients and counterparties.
- Client and counterparty approval procedures and transaction procedures which facilitate the recognition of suspicious transactions and other reportable transactions, as well as deterring fraud, assessing creditworthiness, and ensuring that the client receives the full services offered appropriate to its needs.
- Record compilation and retention procedures which enable a full transaction audit trail to be established, and for records to be admissible as evidence in the appropriate court.
- A process for the prompt reporting of suspicious transactions to the designated officer and the relevant authorities, which complies also with relevant confidentiality and tipping-off laws.
- A self-assessment program carried out at least once a year, to review both the vulnerability of the institution and its business lines to both money laundering and fraud and the effectiveness of the institution’s money laundering prevention procedures.
- A system to test the procedures implemented independently, carried out by internal audit personnel or a competent external source.
- Vetting procedures for new employees.
- Appropriate personnel training plans and programme for both new employees and refresher training.
B. Know your business
All institutions have clients whose activities fall into a number of broad categories, each of which has its distinctive trading pattern and associated demand for banking and other financial services.
Knowing what constitutes a normal pattern of trading and demand for services can greatly assist in the detection of money laundering attempts. Analysis of patterns of events has helped to identify occasions where money laundering may be taking place.
Each firm should try to understand its own business and products as much as possible in order to establish reasonable and unreasonable (which may be suspicious) questions and requests. This is especially true of new products, where a firm might not yet have developed sufficient in-depth expertise. In such cases it is essential to seek suitably qualified advice.
As the pace of business accelerates, so does the demand for payment transmission. Electronic funds transfer has become a favoured means of money laundering. Businesses should be extremely careful when they accept funds from non-clients and non-correspondent banks for electronic transfer to equally unknown third parties. If such funds are accepted, suitable identification of the new depositors and knowledge of the source of the funds should be required, as well as compilation of records identifying sources, size type, currency and destination of funds.
Instilling awareness of business procedures should not be looked upon merely as an extra burden. Such procedures clearly assist in ensuring that clients receive the correct services and that new business development opportunities are not missed.
C. Know your client and counterparty
There is much better chance of detecting attempts at money laundering at an early stage and being able to thwart them when an organisation actually knows its clients and counterparties, rather than just having evidence of their identity. The “Know your client” principle is now a cornerstone of money laundering self-protection.
There are several ways in which a business can get to know its clients and thus be better able to determine the risks it faces in doing business with them. Together, they help to build a more complete picture of the situation. Identification should be looked upon as a two stage process. Firstly, identification evidence should be taken from the prospective client. Secondly this evidence should be checked by an independent third party if at all possible, and all checks carried out fully before trading starts.
As the sophistication of prevention increases, so does the sophistication of attack. Clients may have been established as “sleepers” to establish a creditable track record before the business is used for money laundering. Sudden and unexpected increases in client business or changes in the type of business should be investigated further, and the types of check referred to below should be carried out on a regular basis:
- Bank references: Bank references can be a useful indicator but are often rather vague. A bank’s duty of confidentiality towards its client often prevents a full and frank written response and it may seek the client’s permission before doing so. However, the obvious presence of due diligence may be enough to deter a fraudster from proceeding with the trade. Informal enquiries may generate a more informed picture but a sophisticated client is unlikely to only hold one account.
- Credit agency: If a client has a formal credit rating from a reputable agency, the business is likely to be reasonably substantial. However, neither the rating nor the size of the business should be relied upon alone as a guarantee of creditworthiness as credit agencies provide an opinion based on their own research, which may or may not be sufficiently robust.
- Financial data: Financial data is important as far as it goes, but a balance sheet with profit and loss account, provides only a snapshot of the situation at a certain time. The way these documents are put together, manipulated and sometimes abused can make them of limited value for risk assessment. Creative accounting is widely used to make the financial health of a business appear better than it actually is. A view over at least the previous three years is recommended. Look not only at the figures but at the time the business has been in operation. Few businesses set up to perpetrate fraud or for use in money laundering have a long history (although it is possible for a company to have been set up as a “sleeper” or for recent management changes to have resulted in infiltration). Also, many countries still do not require formal auditing of accounts and there may be more than one set of books.
- Broker reports: these are prepared by experts with great resources but not beyond being influenced by chairmen looking to buy a recommendation.
- Industry grapevine: A most instructive source to find out who else has worked with the prospective client recently and what their experience was. Did they pay on time? What is their reputation? Information may be imparted verbally which the informant may not wish to say elsewhere or have written.
- Press cutting: Well worth looking at. Various agencies exist to provide information reported on the subject in a wide range of publications over a period of time.
- Client visits: There is no substitute for visiting the risk, which can reveal a number of new factors. This may be difficult and costly if the client is located in another country, a factor criminals often rely on. Costs can be controlled by use of trusted local contacts to carry out such visits.
- Credit insurance: This provides a further risk reduction. Before taking out a credit insurance policy the client will have had to demonstrate to the insurers that it has competent credit control and debt collection systems. A bad risk will not get cover. Be sure to study the terms of any policy and ascertain the extent of the cover provided.
- Company fact find: Ask the client about his business and intentions, collating annual reports and returns as well as accounts.
- Database search: Databases can be searched, including corporate registries.
Find more: Contributing Authors