1er Congreso de Prevencin

de Lavado de Activos
Susan Rico S.V.P. Compliance Manager
Global Financial Institutions Compliance and Operational Risk

October 2015

2015 Wells Fargo Bank, N.A. All rights reserved.

Agenda

Risk Management as a Competitive Advantage

GFI AML Risk Management: Structure and Governance
International GFI AML Program Elements
Evolving AML Risk Management Programs
AML Risk Appetite and Outer Risk Baseline
GFI AML Program Elements
Understanding Our Customers (UOC)
Questions

Source: Wells Fargo Bank, N.A.

Risk Management as a Competitive Advantage

Example of how one image can be used to create impact, with a full bleed on three sides.

Key Regulatory Enforcement Actions

In the past year

BNP Paribas May 1, 2015, Sentenced to a 5-year term of

probation, and ordered to forfeit nearly $9B
The first time a financial institution has been convicted and sentenced
for violations of U.S. economic sanctions, and the total financial
penalty including the forfeiture and criminal fine is the largest
financial penalty ever imposed in a criminal case.
http://www.justice.gov/opa/pr/bnp-paribas-sentenced-conspiring-violate-international-emergency-economicpowers-act-and

Commerzbank - March 12, 2015, combined settlement of $1.45B:

Sanctions violations, AML Program, and Olympus accounting fraud.
(The overlap between OFAC and DOJ/NYDA accounts for conflicting totals of $1.45 billion
actually paid and $1.7 billion reported by some sources)

Bank Leumi December 29, 2014, fined $400M:

Allegations that it helped U.S. taxpayers hide assets and income in
unreported accounts in Israel and around the world

Standard Chartered - August 19, 2014, $300M in penalties:

Independent Monitor in place from 2012 detected the transaction
monitoring system failed to detect a significant number of potentially
high-risk transactions for further review.
3

FinCEN - Section 311 of the USA PATRIOT Act

FinCEN names Banca Privada dAndorra a Foreign Financial
Institution of Primary Money Laundering Concern
for several years, highlevel managers at BPA have knowingly
facilitated transactions on behalf of thirdparty money launderers acting
on behalf of transnational criminal organizations
BPA's corrupt highlevel managers and weak antimoney laundering
controls have made BPA an easy vehicle for thirdparty money launderers
to funnel proceeds of organized crime, corruption, and human trafficking
through the U.S. financial system
To obtain access to financial institutions, some transnational criminal
organizations use the services of third-party money launderers, including
professional gatekeepers such as attorneys and accountants

Source: FinCEN

http://www.fincen.gov/news_room/nr/html/20150310.html
4

Risk Management and Focus on Culture of

Compliance
FINCEN issues Advisory to U.S. Financial Institutions on Promoting a
Culture of Compliance on August 11, 2014.
Shortcomings identified in recent AML enforcement actions confirm that the
culture of an organization is critical to its compliance.
The Advisory highlights general principles illustrating how financial institutions
and their leadership may improve and strengthen organizational compliance
with BSA obligations. These principles are:
Leadership should be engaged
Compliance should not be compromised by revenue interests
Information should be shared throughout the organization
Leadership should provide adequate human and technological resources
The program should be effective and tested by an independent and
competent party
Leadership and staff should understand how their BSA reports are used

http://www.fincen.gov/statutes_regs/guidance/pdf/FIN-2014-A007.pdf
5

GFI AML Risk Management:

Structure and Governance

GFI AML Governance & Oversight:

Three Lines of Defense

WF Audit Services conducts

independent audits for BSA/AML/Global
Sanctions across Wells Fargo.

03

Credible Challenge

Audit

Corporate
Risk

Financial Crimes Risk

Management (FCRM)

International Risk Oversight

02

Reporting
and Oversight
Audit and
Examination
Committee of BOD
Chief Risk Officer
Audit and Examination
Committee of the BOD
BSA Steering
Committee

01
Line of Business
Risk Officers

Line of Business
Compliance (80)

Wholesale Financial Crimes

Risk Management

Wholesale
Risk Officer

GFI Compliance and

Operational Risk

Head
of International

IG CORM GTFx

Business Risk
Quality Assurance

Risk Underwriting Group

Client Facing Teams

Relationship Managers,
Product Specialists,
Client Services

(58),Business Support

Credible Challenge

LOD

Head of Global
Financial Institutions

Customer base
Source: Wells Fargo Bank, N.A.

GFI Compliance and Operational

Risk (GFICOR)

01

Michael Cho
Head,
GFICOR

Assistant

Country Risk
(8)

Framework
(8)

Analytics and
Reporting
(6)

Operational
Risk (4)

Testing (21)

CAO (3)

Emerging
Risk (28)

Evolution of GFICOR
Framework
Emerging Risk

Country Team
Apr-15

Testing

Jan-14

Operational Risk

Analytics and Reporting

Chief Administrative Officer
0

Source: Wells Fargo Bank, N.A.

10

20

30

International GFI AML Program

Example of how one image can be used to create impact, with a full bleed on three sides.

Evolving Risk Management Programs

Wisdom

Information
Data
Customer
Transactions
Customer
Information
Building
Databases

Organize the
customer
information

Alerts based on
deviations

Noise

Initial
Framework

Knowledge

Focus on ML/TF
typologies

Design more
rules based
monitoring
systems

Defining the
banks risk
appetite

Customer Risk
Ratings

Determining if
there is activity
outside the
banks risk
appetite.

Advanced
Frameworks

Risk
Differentiation

Making
Informed
Decisions
Understanding
Our
Customers

Too much data or information

that is not properly managed can
confuse the decision makers.

Jet Engine Effect

Source: Wells Fargo Bank, N.A.

10

AML Risk Appetite and Outer Risk Baselines

Assess Residual Risk:
effort to remediate
v. risk appetite

Outside
Risk
Appetite

Risk Appetite Categories

No Go Decisions

Most Risk

AML Enhanced dialogue

or control

More Risk

AML related account closure

Activity restrictions

Moderate
Risk

Least
Risk

Reputation

Operational

Geography

Product
Client
Type

Types of Risk

Source: Wells Fargo Bank, N.A.

11

GFI AML Program Elements

Risk
Assessment
Model

Understanding
Our Customers
to Make Informed
Risk Decisions

Intelligence
Gathering
(Internal
& External)

Automated
KYC
System

External
Due
Diligence

Customer
Dialogue

Transaction
Monitoring
& EDD
Source: Wells Fargo Bank, N.A.

12

Overall Components
Risk Assessment Model is comprised of multiple AML risk factors used to

numerically quantify the risk the customer poses to Wells Fargo. AML risk rating
used to determine frequency and depth of due diligence.

Automated KYC system that incorporates risk assessment model

Customer dialogue includes: questionnaires, Compliance Calls, site visits,

Requests for Information, webinars, client seminars, and other ways to increase
two-way communication between GFI and our customers.

Transaction monitoring and due diligence includes vendor-based and

internally developed monitoring systems, AvA due diligence alerts, Transaction

Enhanced Due Diligence reports, issue-based due diligence.

External due diligence includes Investigation Reports and Negative News, which
automatically feed CRMS record for review and disposition.

Intelligence gathering includes formal quarterly intelligence reports, country

reports, meetings with regulators, banks, law enforcement and other external
stakeholders.

Source: Wells Fargo Bank, N.A.

13

Risk Assessment Model

Our dynamic Risk Assessment Model is designed specifically for financial
institutions and takes into account various risk factors including:

Country of Physical Location

Country of Parent Institution (if different)
Presence of PEPs among Owners, Sr. Managers & Board of Directors
Countries of Wire Transactions
Products Utilized
AML Materially Adverse Data on Key Parties
Customer Base/Activities

Quality of AML Program

Quality of Regulatory Authority

Ownership Structure

Source: Wells Fargo Bank, N.A.

14

Continuous Feedback Loop

Top typologies /
Substantive country risks
Customer / Relationship
Manager
US Govt / International
bodies
Intelligence Reports
Media

Country
Assessments

Government controls

Discussions with
customers about
typology , other
ML risks , their
customer risk
appetite

Transaction Reviews,
Emerging Risk Reviews,
Enhanced Due Diligence,
Actual vs Accepted,
Request for Information

Overall Assessment
General FATF / FinCEN
Payment Transparency
Secrecy and Cooperation
Due Diligence
Customer Types

Customer controls

AML Program elements

Understanding our
Customers (UOC) through
their customers (KYCC)
Local Rel Mgr
& Risk Officer
feedback

KYC
Documentation

Who does our customer want

to bank
. who do they not want to
bank
and how do they tell the
difference?

Know Your Transactions

Internal
Intelligence

AvA
Transaction reviews and
EDDs
UAR
RFIs

Source: Wells Fargo Bank, N.A.

15

AML Regime Gaps

Assessment
of Country Risk
Focus on Government Controls
FATF/FINCEN

Payment Transparency
Bearer Shares
Secrecy and Cooperation
Customer Due Diligence

KYC Due DiligenceCustomer

Talking Points
Gaps between the banks
AML/TF Program and FATF
standards.
Bearer Shares
Wire rules

Risk assessment of
deficiencies
New local laws or regulations

Source: Wells Fargo Bank, N.A.

16

Know Your Transactions: Understanding Our

Customers Through Activity Reviews
AvA
alerts

Enhanced
Due Diligence
Reviews

AvA alerts are generated in CRMS when a customers transactions

in a payment product vary significantly from the customers
accepted activity.

Emerging Risk conducts targeted enhanced due diligence reviews

in order to further Understand Our Customers and their
transactions.

A key tool in providing credible challenge and risk appetite reviews.

Unusual
Activity
Report

Unusual Activity Reports is W.F. internal reporting channel for all

Request for
Information

Request for Information (RFI) are sent by FCRM to the customer

Team Members to escalate to FCRM any activity that needs further

review and investigation.

in order to further understand the activity.

Source: Wells Fargo Bank, N.A.

17

Understanding Our Customers Through RiskBased Activity Reviews

Know Your Country: Country Risk Reports
Top typology/substantive country risk
Government Controls Assessment
General FATF/FinCEN
Payment Transparency

Secrecy and Cooperation

Customer Due Diligence

Know Your Market: Portfolio Risk Assessment

High Level Review of All Transaction to Identify Transaction
Patterns Consistent with Typologies of Concern
Identify FIs with High Risk Customer Segments for Targeted
Reviews
Know Your Customer: Targeted Enhanced Due
Diligence Review
Identify Top Transactor
Ensure Actual Activity is Consistent with Expected
Activity
Identify High Risk Customer Segments
Ensure High Risk Customer Activity is Mitigated

Identify Issues for F/U with FI

Identify Referrals to Investigations
Unit

Customer base / risk appetite

Understanding our Customers (UOC) through their customers (KYCC)
Who does our customer want to bank
. who do they not want to bank
and how do they tell the difference?
Real people, doing real things . transparently
vs. unknown people hiding in the shadows
Typologies = known potential trouble spots

Benefits
Most FFIs have benign customer base
Easier for both clients and account officers to discuss customer base
rather than more abstract program issues
Much more effective to drill down on specific customer-set as opposed
to deal with one-size-fits-all
Granularity on Financial Institutions client base drives understanding
of our Financial Institution

Source: Wells Fargo Bank, N.A.

19

Customer base / risk appetite

Can you tell us some success stories about .?
Industry needs to change dialogue away from what are we missing to
how we are helping
Everyone has problem customers good programs detect and report
such customers
No names needed just general story with enough detail to make it
meaningful, but not violate privacy
This will illustrate how the AML Program is effectively working > AML
Regime
How do you differentiate .?
Licit and illicit activity
Customers to keep vs customers to avoid/close

What typologies are you finding/looking for?

Can you provide some examples of top transactors with respect to ?
No names sanitized such as 100 location gas station chain
What most concerns you about .?

Source: Wells Fargo Bank, N.A.

20

UOC through KYCC: USD Bank Notes

a HOT TOPICin the Industry
USD Bank Notes a HOT TOPIC:

A high risk typology in the industry as an example.

Legitimate uses of cash

Convenience
Large Un-banked population
USD is a hard currency and readily accepted in different countries
Dollarized economy

Risks of cash

Anonymous
Breaks audit trail
Facilitates transactions including criminal transactions

Source: Wells Fargo Bank, N.A.

21

UOC through KYCC: USD Bank Notes

a HOT TOPIC in the Industry
KYC Due Diligence:

UOC and mitigating controls

USD Bank Note Deposits Key Trends and Top Customers
CDD and Due Diligence
Local Regulations Old & New and efforts to implementation

Source: Wells Fargo Bank, N.A.

22

Cash Vault
Benign Activity vs Activity of Concern
Central Cash Vault

$200,000/week
$50,000/week

Grocery store chain (20 locations)

$500,000/week

$500,000/week

MSB (one location

commercial activity)

Owner of government
vendor

Cash flowing both ways consistent with

consumer sales (change orders)

Cash deposits only

(no change orders)

Cash withdrawal
for no apparent reason

Amount per location is reasonable; deposits

almost daily

Amount for single

location is high

Amount is high

Customer has physical store consistent with

amount of cash

Customer base of
depositor is unclear

Single transaction
or structuring suggests
single transaction

Average net/location = approximately

$1,000/day

Cash appears to go
in wrong direction
(not remittances)

Use of cash is unclear

(potential bribes;
breaks audit trails)

Source: Wells Fargo Bank, N.A.

23

Downstream Correspondent Banking:

UOC through KYCC - C
A downstream correspondent relationship occurs when a correspondent bank
client provides correspondent services to other banks, and Non-Bank Financial
Institutions/Intermediaries. These can include:

Banks
MSBs
FX Operators
Finance Companies
Trading Companies
Securities broker/dealers

Service facilitates international fund transfer services on behalf of the downstream

correspondents clients.
Represents a higher risk because the due diligence conducted focuses on the
correspondent bank client and not on the downstream correspondent.

Source: Wells Fargo Bank, N.A.

24

Downstream Correspondent Banking:

UOC through KYCC - C
KYC Due Diligence:

UOC and mitigating controls

Understanding the different types of downstream correspondents

Reviewing the AML Regime/Regulator over downstream correspondents

The geographic location and customer base

The types of services provided and if they will flow through the account

The correspondents due diligence on the downstream correspondents AML/CTF

programs

The correspondents ongoing risk management due diligence and monitoring for
unusual activity

Source: Wells Fargo Bank, N.A.

25

Correspondent Banking Downstream Risks

USD
Clearing
Bank
#2

USD Clearing
Bank #1

Eastern European Bank

South American Bank

South American
Country - FATF
non-compliant
Downstream FIs
Downstream
entity
and their customers
is have
newly
regulated
same
low
Newly regulated NBFI
risk
factors
High Risk Country
and GFI customer
High Risk Originator
No verifiable
address

Company with
No Public Profile

OffShore Bank
License

Company from
High Risk Country
that allows Bearer
Share

High Risk
Country

High Risk
Financial
Institution
No verifiable
Business
Type

Flow of Funds
Unknown Source
of Funds

No Verifiable Business Purpose

Unknown Use
of Funds

Source: Wells Fargo Bank, N.A.

26

UOC
through
KYCC:
Off-Shore
Financial
Centers
Types of Jurisdictions:
International Finance Centers:

Large domestic economies

Full-service international centers with:

advanced settlement and payments systems

supporting large domestic economies

deep and liquid markets where both the sources and uses of funds are diverse

legal and regulatory frameworks are adequate to safeguard the integrity of principal-agent
relationships and supervisory functions
Examples: London, New York, and Tokyo

Regional Financial Centers (RFCs):

Relatively small domestic economies

Developed financial markets and infrastructure and intermediate funds in and out of their region
Examples: Hong Kong, Singapore, Luxembourg

Specialist OFCs:

Provide specialist and skilled activities attractive to major financial institutions in specific business
sectors (e.g. reinsurance, hedge funds)
Examples: Cayman Islands; Channel Islands

Lightly regulated OFCs:

Mostly tax driven or to reduce transparency

Limited resources to support financial intermediation
Historically seen as:

low quality of supervision

non-co-operative with onshore supervisors

little or no attempt to adhere to international standards

Changing due to international pressure and extra-jurisdictional pressure such as FATCA
Examples: Antigua; Cook Islands; Vanuatu
Source: Wells Fargo Bank, N.A.

27

UOC through KYCC: Off-Shore Financial Centers

RISK Categories:

Shell company addresses:

Exposure and risk tolerance for material activity with shell company addresses? By
customers? By counterparties?

Criteria to differentiate between licit and illicit activity that flows through such shell
companies?

Controls to determine and record ultimate beneficial party behind such activity

Non-transparent markets:

Customer exposure to any unique markets (such as a parallel currency market,

trans-shipment centers, OFC trade, etc.) or intermediaries that impact
transparency?

Customer criteria to differentiate between licit and illicit activity that flows through
such markets or high risk financial intermediaries? (be granular)

Controls to determine and record ultimate beneficial party behind such activity

Secrecy laws impair answering of RFI? If yes, solutions?

Source: Wells Fargo Bank, N.A.

28

UOC through KYCC: Off-Shore Financial Centers

KYC Due Diligence - Customer Talking Points:
UOC and mitigating controls

Exposure to non-resident activity

Primary countries of origin of non-resident accounts and general profile of
customers
Reasons that such non-residents have accounts.
Specialized marketing or source of referrals, or out-reach to non-residents

Controls against non-resident typologies, including tax, fraud, drugs,

corruption
Criteria to differentiate between licit and illicit sources of funds
Any prohibition or restrictions on non-resident accounts (countries,
customer types, bearer shares, activity patterns, etc.)
Success Stories detection of illicit activity through non-resident accounts
Secrecy laws and RFI
Source: Wells Fargo Bank, N.A.

29

UOC through KYCC: Trade Based Money

Laundering (TBML)
International Trade of Goods
The Financial Action Task Force (FATF) defines TBML as the process of
disguising the proceeds of crime and moving value through the use of trade
transactions in an attempt to legitimize their illicit origins
The items being transported are normally legitimate goods
Over-and-under invoicing, false invoicing and merchandise substitutions are
techniques commonly used

Different studies show that (TBML) are linked to tax evasion, arms
smuggling, drug trafficking, terrorism or public corruption

Source: Wells Fargo Bank, N.A.

30

UOC through KYCC: Trade Based Money

Laundering (TBML)
KYC Due Diligence - Customer Talking Points:
UOC and mitigating controls:
Exposure to international import/export trade clients (client profile)
CDD and EDD conducted

Primary countries of transactions of customers import/export flows

Product flows

Controls against TBML typologies

Red flags include payments by vendor to unrelated 3 rd parties, false
reporting (commodity misclassification, over/undervaluation), commodities
traded dont match business involved), double-invoicing, etc.

Source: Wells Fargo Bank, N.A.

31

Miami Electronics and the FinCEN GTO

FinCEN issued a Geographic Targeting Order (GTO) on 4/21/2015 to about
700 Miami electronics (including cell phones) exporter businesses to shed
light on cash transactions that may be tied to trade-based money laundering
schemes. Goes into 4/28/2015 effect for 180 days
Requirements:

TBML Schemes:

Schemes used by drug cartels,

including the Sinaloa and Los Zetas,
to launder their illicit proceeds.

Businesses are exploited as part of

sophisticated TBML schemes in
which drug proceeds in the United
States are converted into goods that
are shipped to South America and
sold for local currency, which is
ultimately transferred to drug
cartels.

Geographic area designated by zip codes:

33172, 33178, 33166,33122, 33126.
The reporting threshold is lowered from
$10,000 to $3,000 in cash for FinCEN
Form 8300.
Include a description of the goods
involved, the name and phone number of
the person receiving such goods, and the
address to which such goods are being
shipped.
Written certification from the customer as
to whether he or she is acting on behalf of
another person, if yes, require their
information

Source: Wells Fargo Bank, N.A.

32

UOC through KYCC: PEPs, Government Entities

PEPs, Government Entities

The FATF states that corruption has the potential to bring catastrophic harm
to economic development, the fight against organized crime, and respect for
the law and effective governance.

They state that the FATF Recommendations, when effectively implemented

they can also help combat corruption, by:
safeguarding the integrity of the public sector
protecting designated private sector institutions from abuse
increasing transparency of the financial system
facilitating the detection, investigation and prosecution of corruption
and money laundering, and the recovery of stolen assets.

Source: Wells Fargo Bank, N.A.

33

UOC through KYCC: PEPs, Government Entities

KYC Due Diligence:

UOC and mitigating controls:
Specific areas that customer self-assesses as posing its greatest exposure to
corruption risk
Exposure to PEPs (both International and Local PEPs), Government entities,
public works projects, shell companies.
CDD and EDD conducted and restrictions on accounts
Typologies of concern and Criteria and controls used by the customer to
detect potential corruption transactional activity
Examples of corruption-nexus accounts that were closed or avoided by the
customer, including what triggered the detection
Source: Wells Fargo Bank, N.A.

34

Questions - Preguntas
Important Disclosure for International Clients:
This document and any other materials accompanying this document (collectively, the
Materials) are provided for information only. By accepting the Materials, the recipient
acknowledges and agrees to the matters set forth below in this notice

Wells Fargo Bank N.A. (WFBNA) makes no representation or warranty (express or

implied) regarding the adequacy, accuracy or completeness of any information in the
Materials. Information in the Materials is preliminary and is not intended to be complete,
and such information is qualified in its entirety. The views expressed in the Materials do not
necessarily reflect the views of Wells Fargo & Company, WFBNA or their affiliates. The
information presented is based upon diverse sources that WFBNA believe to be reliable,
though accuracy of the information is not guaranteed.

The Materials are distributed by WFBNA London Branch and WFBNA DIFC Branch. For the
purposes of Section 21 of the U.K. Financial Services and Markets Act 2000 (the Act), the
content of the Materials have been approved by WFBNA London Branch. WFBNA is
organized under the laws of the United States. Authorized by the Prudential Regulation
Authority. Regulated by the Financial Conduct Authority and the Prudential Regulation
Authority. WFBNA DIFC Branch is regulated by Dubai Financial Services Authority.

2015 Wells Fargo Bank NA. All Rights Reserved.

Juntos llegaremos lejos

2015 Wells Fargo Bank, N.A. All rights reserved.

36