FATF and FATF-style regional bodies publish periodic typology reports to “monitor changes and better understand the underlying mechanisms of money laundering and terrorist financing.”

An electronic transfer of funds is any transfer of funds that is initiated by electronic means, such
as an Automated Clearing House (ACH) computer, an automated teller machine (ATM), electronic
terminals, mobile telephones, telephones or magnetic tapes.

Systems like the Federal Reserve Wire Network (Fedwire), the Society for Worldwide Interbank Financial Telecommunication (SWIFT) and the Clearing House Interbank Payments System (CHIPS) move millions of wires or transfer messages daily.

money launderers may initiate unauthorized domestic or international electronic transfers of funds — such as ACH debits or by making cash advances on a stolen credit card — and place the funds into an account established to receive the transfers.

Some indicators of money laundering using electronic transfers of funds include:
• Funds transfers that occur to or from a financial secrecy haven, or to or from a high-risk geographic location without an apparent business reason, or when the activity is inconsistent with the customer’s business or history.
• Large, incoming funds transfers that are received on behalf of a foreign client, with little or no explanation or apparent reason.
• Many small, incoming transfers of funds that are received, or deposits that are made using checks and money orders. Upon credit to the account, all or most of the transfers or deposits
are wired to another account in a different geographic location in a manner inconsistent with the customer’s business or history.
• Funds activity that is unexplained, repetitive or shows unusual patterns.
• Payments or receipts are received that have no apparent link to legitimate contracts, goods or services.
• Funds transfers that are sent or received from the same person to or from different accounts.

Remote Deposit Capture (RDC) is a product offered by banks that allows customers to scan a check and transmit an electronic image to the bank for deposit. RDC decreases the cost to process checks for banks and is part of a gradual transition away from paper-based transactions. RDC is also increasingly used in correspondent banking for the same reasons, as it streamlines the deposit and clearing process.

To control the risks associated with RDC, efforts must be made to integrate RDC processing into other controls, such as monitoring and fraud prevention systems. In fact, this integration should occur with any new product offered by a bank.

Respondent banks obtain a wide range of services through correspondent relationships, including cash management (for example, interest bearing accounts in a variety of currencies), international wire transfers of funds, check clearing, payable-through accounts and foreign exchange services.

Risks incurred by the correspondent bank include:
While the correspondent bank may be able to learn what laws govern the respondent bank, determining the degree and effectiveness of the supervisory regime to which the respondent is subject may be much more difficult. This can make it difficult to determine the level of risk associated with developing a relationship with a respondent bank.

Determining the effectiveness of the respondent bank’s AML controls can also be a challenge. While requesting compliance questionnaires will provide some comfort, the correspondent bank is still very reliant on the respondent doing its own due diligence on the customers it allows to use the correspondent account.

Some banks offering correspondent facilities may not ask their respondents about the extent to which they offer such facilities to other institutions, a practice known as nesting. This means the correspondent bank is even further removed from knowing the identities or business activity of these sub-respondents, or even the types of financial services provided.

In some correspondent relationships, the respondent bank’s customers are permitted to conduct their own transactions — including sending wire transfers, making and withdrawing deposits and maintaining checking accounts — through the respondent bank’s correspondent account without first clearing the transactions through the respondent bank.

PTAs can have a virtually unlimited number of sub-account holders, including individuals, commercial businesses, finance companies, exchange houses or casas de cambio, and even other foreign banks.

Banks that use concentration accounts should implement adequate policies, procedures and processes covering operation and recordkeeping for these accounts, including:
• Requiring dual signatures on general ledger tickets.
• Prohibiting direct customer access to concentration accounts.
• Capturing customer transactions in the customer’s account statements.
• Prohibiting customers’ knowledge of concentration accounts or their ability to direct employees to conduct transactions through the accounts.
• Retaining appropriate transaction and customer identifying information.
• Reconciling accounts frequently by an individual who is independent from the transactions.
• Establishing a timely discrepancy resolution process.
• Identifying and monitoring recurring customer names.

Private banking is an extremely lucrative, competitive and global industry. Since the 2008 financial crisis, US and EU officials have placed greater scrutiny on private banks and their services, particularly in tax planning strategies.

Private banking provides highly personalized and confidential products and services to wealthy clients at fees that are often based on “assets under management.” Private banking often operates semi-autonomously from other parts of a bank.

The compensation paid to most relationship managers in private banking is based largely on the assets under management that they bring to their institutions.

The following factors may contribute to the vulnerabilities of private banking with regard to money laundering:
• Perceived high profitability.
• Intense competition.
• Powerful clientele.
• The high level of confidentiality associated with private banking.
• The close trust developed between relationship managers and their clients.
• Commission-based compensation for relationship managers.
• A culture of secrecy and discretion developed by the relationship managers for their clients.
• The relationship managers becoming client advocates to protect their clients.
• Use of private investment companies by clients to reduce transparency of the beneficial owner.
• Clients maintain personal and business wealth in numerous jurisdictions.

Private banking customers are often “non-residents,” meaning they conduct their banking in a country outside the one in which they reside. Their assets may move overseas where they are held in the name of corporate vehicles like private investment companies (PICs) established in secrecy havens. PICs are corporations established by individual bank customers and others in offshore jurisdictions to hold assets. They are “shell companies” formed to maintain clients’ confidentiality and for various tax- or trust-related reasons. They have been an element of many high-profile laundering cases in recent years as they are excellent laundering vehicles.

Many private banks establish PICs for their clients, often through an affiliated trust company in an offshore secrecy haven. Illicit actors may establish complex shell company networks where a company registered in one offshore jurisdiction may be linked to companies or accounts in other jurisdictions.

According to FATF’s International Standards on Combating Money Laundering and the Financing of Terrorism and Proliferation (2012), there are two types of Politically Exposed Persons (PEPs):
Foreign PEPs
Domestic PEPs

PEPs have been the source of problems for several financial institutions, as the examples below
show:

• Mario Villanueva, the corrupt governor of the Mexican state of Quintana Roo facilitated the smuggling of 200 tons of cocaine into the US, according to the US Drug Enforcement Agency (DEA). For five years, until 2001, he maintained private banking accounts at Lehman Brothers containing approximately $20 million that the DEA alleged he had received as bribes from Mexican drug traffickers.

• The Riggs Bank case revealed a web of transactions involving hundreds of millions of dollars that the bank had facilitated over many years for dictators on two continents, including Augusto Pinochet of Chile and Teodoro Obiang of Equatorial Guinea. The accounts formed part of the embassy banking portfolio that was the bank’s specialty product for decades.

• Vladimiro Montesinos, the former head of Peru’s Intelligence Service, and chief advisor of former Peruvian president Alberto Fujimori, had accounts at The Bank of New York in New York City, which held the proceeds from substantial bribes from drug traffickers. Other institutions, such as American Express Bank International, Bank of America, Barclays and UBS AG, in New York, also held accounts for Montesinos. In addition, he used shell companies to facilitate embezzlement, gun running, drug trafficking, and money laundering in excess of $400 million globally.

• Arnoldo Aleman and Byron Jerez, the former president and tax commissioner of Nicaragua, maintained accounts at Terrabank N.A. in Miami, through which they bought millions of dollars of certificates of deposit and condominiums in South Florida, allegedly with the proceeds of corruption.

Designing a transaction to evade triggering a reporting or recordkeeping requirement is called “structuring.”

Credit unions do not have clients or customers; instead they have members who are also owners. Credit unions serve only the financial needs of their members, and are governed by a “one member, one vote” philosophy. Credit union membership is based on a common bond, a linkage shared by savers and borrowers who belong to a specific community, organization, religion or place of employment. Most credit unions focus primarily on servicing personal banking relationships from within their community. Credit unions do not participate in trade-based financing, will not facilitate correspondent banking relationships, and will not maintain large corporate relationships, particularly those with international banking needs.

A credit union central is best defined as a trade association for credit unions; it is owned by its member credit unions and helps to serve many of their financial needs. Services may include those related to capital liquidity; research, training, and advocacy with respect to regulatory obligations; shared operational or back-office processes like check clearing and electronic funds transfer (EFT) processing.

In November 2014 guidance by the JMLSG, the group concluded that high-risk transactions include: money transfers to third parties, third parties paying in cash for someone else, and reluctance to provide identity information when opening an account. Another money laundering indicator given in the guidelines is there are transactions of larger than usual amounts and erratic member behavior.

The credit card industry includes:
• Credit card associations, such as American Express, MasterCard and Visa, which license member banks to issue bankcards, authorize merchants to accept those cards, or both
• Issuing banks, which solicit potential customers and issue the credit cards.
• Acquiring banks, which process transactions for merchants who accept credit cards.
• Third-party payment processors (TPPP), which contract with issuing or acquiring banks to provide payment processing services to merchants and other business entities

Money launderer Thomas prepays his credit card using illicit funds that he has already introduced into the banking system, creating a credit balance on his account. Thomas then requests a credit refund, which enables him to further obscure the origin of the funds. This constitutes layering.

Third-party payment processors are generally bank customers that provide payment-processing services to merchants and other business entities and often use their commercial bank accounts to conduct payment processing for their merchant clients.

TPPPs that provide services to telemarketing, gambling (online, casinos, etc.), or internet merchants and/or process RCCs for these entities may present a higher level risk of risk to a financial institution, as these types of businesses carry a high risk for consumer fraud and money laundering.

A money services business (MSB), or money or value transfer service (MVTS) as defined by FATF, transmits or converts currencies. Such businesses usually provide currency exchange, money transmission, check-cashing, and money order services.

In the United States, FinCEN defines MSB to include any person doing business, whether or not on a regular basis or as an organized business concern, in one or more of the following capacities:

Dealer in Foreign Exchange
Check Casher
Issuer of Traveler’s Checks or Money Orders
Money Transmitter
Provider and Seller of Prepaid Access
US Postal Service

MSBs in Canada are defined as businesses engaged in foreign exchange dealing, money transferring, or cashing or selling money orders, traveler’s checks and similar monetary instruments to the public. They are required to register with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC).

An MSB’s business model can range from small, independent business to large multinational organizations. MSB services typically include grocery stores, drug stores, restaurants and bars. The services provided by these businesses include but are not limited to cashing payroll checks and selling prepaid cards.
Traditional MSBs typically provide services to the underserved or un-banked individuals. MSBs can be categorized into principals or agents.

In the United States, principal MSBs are required to have written AML policies, procedures, and
internal controls; appoint a Bank Secrecy Act (BSA) Officer, provide education and training, conduct
independent reviews/audits, and monitor transactions for suspicious activity.

FATF fulfills these objectives by focusing on several important tasks including:
1. Spreading the AML message worldwide.
2. Monitoring implementation of the FATF Recommendations among its members.

Assessors reach a conclusion about whether a country complies with the FATF standard. The result is a rating of five possible levels of technical compliance:

• Compliant
• Largely compliant
• Partially compliant
• Non-compliant
• Not applicable

An Effectiveness Assessment under the FATF is evaluated on the basis of 11 Immediate Outcomes:
1. Money laundering/ terrorist financing (ML/TF) risks are known and actions coordinated to combat or thwart the proliferation of ML/TF.
2. International cooperation provides actionable information to use against criminals.
3. Supervisors regulate financial institutions and non-bank financial institutions (NBFIs) and their risk-based AML/CFT programs.
4. Financial institutions and NBFIs apply preventative measures and report suspicious transactions.
5. Legal persons are not misused for ML/TF and beneficial ownership information is available to authorities.
6. Financial intelligence information is used by authorities in money laundering and terrorist financing investigations.
7. Money laundering offenses are investigated, criminally prosecuted, and sanctions imposed.
8. Proceeds of crime are confiscated.
9. Terrorist financing offenses are investigated, criminally prosecuted, and sanctions imposed.
10. Terrorists and terrorist organizations are prevented from raising, moving, and using money, and not permitted to abuse non-profit organizations (NPOs).
11. Persons and organizations involved in the proliferation of weapons of mass destruction are prevented from raising, moving, and using Money.

Each of the 11 Immediate Outcomes represents a key goal of an effective AML/CFT system. They also feed into the 3 Intermediate Outcomes that represent major thematic goals of AML/CFT measures:

1. Policy, cooperation, and coordinaton to mitigate money laundering and terrorist financing.
2. Prevention of proceeds of crime into the financial system and reporting of such when they do.
3. Detection and disruption of of ML/TF threats.For each individual Immediate Outcome, assessors reach conclusions about the extent to which a country is (or is not) effective and provide an effectiveness rating based on the extent to which the core issues and characteristics are addressed:
• High level of effectiveness
• Substantial level of effectiveness
• Moderate level of effectiveness
• Low level of effectiveness

A key element of FATF’s efforts is its detailed list of appropriate standards for countries to implement. These measures are set out in the 40 Recommendations, which were first issued in 1990 and revised in 1996, 2003 and 2012.

The 40 Recommendations provide a complete set of countermeasures against money laundering and terrorist financing, covering:
• The identification of risks and development of appropriate policies.
• The criminal justice system and law enforcement.
• The financial system and its regulation.
• The transparency of legal persons and arrangements.
• International cooperation.

With its 2003 revisions of the 40 Recommendations, the FATF expanded the reach of its global blueprint for cracking down on illicit movements of funds.
The most important changes made to the Recommendations in 2003 were as follows:
• Expanded coverage to include terrorist financing.
• Widened the categories of business that should be covered by national laws, including real estate agents, precious metals dealers, accountants, lawyers and trust services providers.
• Specified compliance procedures on issues such as customer identification and due diligence, including enhanced identification measures for higher-risk customers and transactions.
• Adopted a clearer definition of money laundering predicate offenses.
• Encouraged prohibition of so-called “shell banks,” typically set up in offshore secrecy havens and consisting of little more than nameplates and mailboxes, and urged improved transparency of legal persons and arrangements.
• Included stronger safeguards, notably regarding international cooperation in, for example, terrorist financing investigations.

In 2012, the Recommendations were revised again, incorporating the Nine Special Recommendations on Terrorist Financing into the 40 Recommendations. The most important changes in this revision were:
• Creation of a Recommendation on assessing risks and applying a risk-based approach to all AML/CFT efforts.
• Creation of a Recommendation for targeted financial sanctions related to the proliferation of weapons of mass destruction.
• More attention on domestic politically exposed persons (PEPs) and those entrusted with a prominent function by an international organization.
• New requirement for the identification and assessment of risks of new products prior to the launch of the new product.
• New requirement for financial groups to implement group-wide AML/CFT programs and have procedures for sharing information within the group.
• Inclusion of tax crimes within the scope of designated categories of offenses for money laundering.

Financial institutions should conduct customer due diligence when they:
— Establish business relations.
— Carry out an occasional transaction or a wire transfer above the specified threshold.
— Have a suspicion of money laundering or terrorist financing.
— Have doubts about the veracity or adequacy of previously obtained customer identification information.

Financial institutions must, using a risk-based approach:
— Identify the customer and verify that customer’s identity using reliable, independent source documents, data or information. Establishing accounts in anonymous or obviously fictitious names should be prohibited.
— Take reasonable measures to verify the identity of the beneficial owner such that the financial institution is satisfied that it knows who the beneficial owner is. For legal persons and arrangements, this should include understanding the ownership and control structure of the customer.
— Understand and, as appropriate, obtain information on the purpose and intended nature of the business relationship.
— Conduct ongoing due diligence on the business relationship and scrutinize transactions undertaken in the course of that relationship to ensure that the transactions are consistent with the institution’s knowledge of the customer, the customer’s business and risk profile, including, where necessary, the source of funds.
— Maintain records of the above customer information as well as all transactions to enable them to comply with requests from competent authorities.
— Rely on other parties to conduct customer due diligence in certain circumstances; however, the relying institution remains liable for compliance with completing the required customer due diligence.
— Establish group-wide AML program for financial groups.

Some customer types and activities pose heightened risks, especially:
— Politically Exposed Persons ( PEPs) : Approporiate steps must be taken to identify PEPs, including obtaining senior management approval of such business relationships, taking measures to establish the sources of wealth and funds, and conducting ongoing monitoring.
— Cross-Border Correspondent Banking: Approporiate steps must be taken to understand the respondent institution’s business, reputation, supervision and AML controls; obtain management approval of such relationships; document the responsibilities of each institution; mitigate risks associated with payable-through accounts; and ensure accounts are not established for shell banks.
— Money or Value Transfer Services (MVTS) : Countries should ensure that MVTS are licensed or registered, and subject to appropriate AML requirements.
— New Technologies: Countries and financial institutions should assess the risks associated with the development of new products, business practices, delivery mechanisms and technology. Financial institutions should assess these risks prior to launching new products; they should also take appropriate measures to mitigate the risks identified.
— Wire Transfers: Countries should require financial institutions to obtain and send required and accurate originator, intermediary and beneficiary information with wires. Financial institutions should monitor wires for incomplete information and take appropriate measures. They should also monitor wires for those involving parties designated by the United Nations Security Council and take freezing actions or otherwise prohibit the transactions from occurring.

The Recommendations expand the fight against money laundering by adding new non-financial businesses and professions to the roster of financial institutions that are the usual focus of AML efforts. These designated non-financial businesses and professions (DNFBPs) include:

Casinos when customers engage in financial transactions equal to or above a designated threshold.

Real estate agents when they are involved in transactions for clients concerning buying and selling properties.

Dealers in precious metals and stones when they engage in any cash transaction with a customer at or above a designated threshold.

Lawyers, notaries and independent legal professionals and accountants when they prepare or carry out transactions for clients concerning buying and selling real estate; managing client money, securities or other assets; establishing or managing bank, savings or securities accounts; organizing contributions for the creation or management of companies; creating, operating or managing legal persons or arrangements; and buying and selling businesses.

Trust and company service providers when they prepare or carry out transactions for a client
concerning certain activities

In 1988, the Basel Committee issued a Statement of Principles called, “Prevention of Criminal Use of the Banking System for the Purpose of Money Laundering” in recognition of the vulnerability of the financial sector to misuse by criminals. This was a step toward preventing the use of the banking sector for money laundering. The statement set out principles with respect to:
• Customer identification.
• Compliance with laws.
• Conformity with high ethical standards and local laws and regulations.
• Full cooperation with national law enforcement to the extent permitted without breaching customer confidentiality.
• Staff training.

FATF published an initial report on Non-Cooperative Countries and Terriotries that set out the 25 criteria that help identify relevant detrimental rules and practices and that are consistent with the 40 Recommendations. It described a process whereby jurisdictions having such rules and practices can be identified and encouraged to implement international standards in this area.

The 25 distinct criteria covered the following four broad areas:
1. Loopholes in financial regulations:
— No or inadequate regulations or supervision of financial institutions.
— Inadequate rules for the licensing or creation of financial institutions, including assessing the backgrounds of managers and beneficial owners.
— Inadequate customer identification requirements for financial institutions.
— Excessive secrecy provisions regarding financial institutions.
— Lack of efficient suspicious transactions reporting.
2. Obstacles raised by other regulatory requirements:
— Inadequate commercial law requirements for registration of business and legal entities.
— Lack of identification of the beneficial owner(s) of legal and business entities.
3. Obstacles to international cooperation:
— Obstacles to cooperation from administrative authorities.
— Obstacles to cooperation from judicial authorities.
4. Inadequate resources for preventing and detecting money laundering activities:
— Lack of resources in public and private sectors.
— Absence of a financial intelligence unit or equivalent mechanism.

The Basel Committee’s 2001 paper reinforced the principles established in earlier Committee papers by providing more precise guidance on KYC standards and their implementation. A number of specific sections in the paper offer recommendations for tougher standards of due diligence for higher risk areas within a bank.
The paper addresses:
1. Importance of KYC standards for supervisors and banks.
2. Essential elements of KYC standards.
3. The role of supervisors.
4. Implementation of KYC standards in a cross-border context.

Specific issues emphasized in the paper include:
• The four key elements of a KYC program are:
1. Customer identification.
2. Risk management.
3. Customer acceptance.
4. Monitoring.

Specific issues emphasized in the paper include:
-Specific customer identification issues related to higher-risk customers
-Private banking accounts should “under no circumstances” be allowed to escape KYC policies.
-Banks should make every effort to know the identity of corporations that operate accounts and when professional intermediaries are involved, should verify the exact relationship between the owners and intermediary.
-Periodic bank-wide employee training should be provided that explains the importance of the KYC policies and AML requirements.
-Internal auditors and compliance officials should regularly monitor staff performance and adherence
to KYC procedures.

Customer identification is an essential element of an effective customer due diligence program, which banks need in order to guard against reputational, operational, legal and concentration risks. It is also necessary in order to comply with AML legal requirements and to be able to identify bank accounts related to terrorism.

The need for rigorous customer due diligence standards is not restricted to banks. The Basel Committee believes similar guidance needs to be developed for all non-bank financial institutions and professional intermediaries of financial services, such as lawyers and accountants.

In October 2004, the Committee released another important publication on KYC: “Consolidated KYC Risk Management” as a complement to its Customer Due Diligence for Banks issued in October 2001. The 2004 paper examines the critical elements for effective management of KYC risk throughout a banking group and addresses the need for banks to adopt a global approach and to apply the elements necessary for a sound KYC program to both the parent bank or head office and all of its branches and subsidiaries. These elements consist of risk management, customer acceptance and identification policies, and ongoing monitoring of higher-risk accounts.

Specific customer identification issues related to higher-risk customers such as:
— Trust, nominee and fiduciary accounts.
— Corporate vehicles, particularly companies with nominee shareholders or entities with shares in bearer form.
— Introduced businesses.
— Client accounts opened by professional intermediaries, such as “pooled” accounts managed by professional intermediaries on behalf of entities such as mutual funds, pension funds and money funds.
— Politically exposed persons.
— Non-face-to-face customers (i.e., customers who do not present themselves for a personal interview).
— Correspondent banking.

Banks should develop customer acceptance policies and procedures describing the customer’s background, country of origin, business activities and other risk indicators, and should develop clear and concise descriptions of who is an acceptable customer.

Bank regulators should ensure that bank staff follow KYC procedures, review customer files and a sampling of accounts, and emphasize that they will take “appropriate action” against officers who fail to follow KYC procedures.

The Committee describes three lines of defense in the bank’s AML efforts; first, the line of business, second, compliance and internal control functions, and third, internal audit.
1. The Line of Business is responsible for creating, implementing and maintaining policies and procedures, as well as communication of these to all personnel.

2. The AML Compliance Function is the contact point for all AML issues for internal and external authorities and should have the responsibility for reporting suspicious transactions.

3. The Audit Function should report to the audit committee of the board of directors (or similar oversight body) and independently evaluate the risk management and controls of the bank through periodic assessments

The Audit Function should report to the audit committee of the board of directors (or similar oversight body) and independently evaluate the risk management and controls of the bank through periodic assessments, including: the adequacy of the bank’s controls to mitigate the identified risks, the effectiveness of the bank’s staff’s execution of the controls, the effectiveness of the compliance oversight and quality controls, and the effectiveness of the training.

Since one of the primary purposes of AML rules is to create records that enable law enforcement to trace financial transactions back to the people who conduct them, banks should retain records. Banks should both record the documents it is provided when verifying customer/beneficial owner identity, whether a photocopy of the document or by recording information from the document or non-documentary source, and enter all CDD information into its IT system.

The first European Union Directive, “Prevention of the Use of the Financial System for the Purpose of Money Laundering (Directive 91/308/EEC),” was adopted by the Council of the European Communities in June 1991. This First Directive required the members to enact legislation to prevent their domestic financial systems from being used for money laundering.

In December 2001, the EU agreed on a Second Directive (Directive 2001/97/EEC) that amended the first one to require stricter money laundering controls across the continent.
The following were the key features of the Second Directive:
• It extended the scope of the First Directive beyond drug-related crimes.
• It explicitly brought bureaux de change and money remittance offices under AML coverage.
• It clarified that knowledge of criminal conduct can be inferred from objective factual circumstances.
• It provided a more precise definition of money laundering.
• It widened the businesses and professions that are subject to the obligations of the directive.