CCM

How many shareholders should be lijmited to placing on the form related to FATCA? (for IGAs and non IGAs)

Limit table of shareholders to: 4 names for intergovernmental agreements 9 names for non governmental agreements

What are some risk mitigations you can take on instead of requesting SoF for businesses with intensive cash activity?

Limit to legal persons Limit to cash intensive Request site visits Request docs confirming daily sales eg sample of cash inventory, daily statement, list of suppliers, sample of receipts and shipping papers Try to set a ceiling for the exemption on a daily/weekly/ monthly basis according to the study and analysis you have done on the company profile. Repeat periodically Pay attention to debit cycle (should be logical, money in and out) e.g. don't expect to see money remain there as savings, or transfers to unrelated businesses

What are some examples of registered deemed compliant entities?

Local FFI, Local Bank, Trustee Entity

Name some red flags in transactions for virtual assets

Making multiple high-value transactions to new accounts in short succession or in a pattern Transferring Virtual assets immediately to multiple Virtual asset service providers(18) (VASP), especially to Virtual asset service providers registered or operated in another jurisdiction where the customer has no relation / where the AML controls are weak Depositing Virtual assets at an exchange and withdrawing or converting immediately Many more

Which specific documents are required for proving work and income information? See below q also.

Many banks allow the customer to choose or approach third parties for the info (not allowed to approach them in some countries). Job title and sector and name required. Recommended to also obtain work address.

What are the most important Risk departments in a bank?

Market risk management, credit risk management, and operational risk management

What is meant by "Compliance is a control department"?

Meaning must stay independent and don't carry out control actions.

What are the most important documents for charities to provide?

Memorandum of association and certificate of registration

What is the mission of the Bank for International Settlement - BIS? And who owns them?

Mission is to serve federal reserve banks in pursuit of monetary and financial stability, foster international cooperation, act as bank for federal reserve banks (these are a US thing) owned by 60 federal reserve banks

Which FATCA agreement type does Germany have?

Model 1

Which should be conducted first, Name screening or account activation?

Name screening must be conducted before the account activation

What kinds of information should be entered in the registration process for IRS?

Name, address, standard FATCA stuff, RO if applicable, branch locations, legal name of parent entities, attestation.

What are the extra steps needed for personal affirmation of a non national?

National ID card / passport, and review the requirements of local laws that may require evidence of a visa or work permit.

What is the difference between PoA and bank authorisation?

Risk level higher with BA PoA official since made by gov bod. BO and attorney must both be present.

Who are the permanent members of the UN Security Council and what particular right do they have?

Russia, France, China, UK, US, right to veto

What should be included in the compliance policy?

Scope and purpose Tasks of BOD Tasks of Compliance Committee Responsibilities of Exec Management Team for monitoring compliance Tasks and qualifications of Compliance Dept Tasks of institutions staff regarding compliance Communication with regulatory bodies Policy to outline rules.

How does IDES ensure security?

Secure file data transfers and uses encryption standards established by the United States National Institute of Standards and Technology (NIST). Also prohibits long term storage - data with errors is auto deleted. Each file transmitted from US to receiver remains available for a few days.

How do you manage internal accounts properly?

Should assign transaction code (specific) and the system should detect and reject these.

What should be included in reports submitted to Board/Executives?

Should be limited to 2 points: 1. Statistical info e.g. number of reports submitted in last year, classified according to suspicion indicators 2. Most important issues and recommendations for improvement of controls against ML ops and risk associated with new products etc"

What are some requirements for sanctions software?

Should contain all official lists (international and local, e.g. OFAC, EU) Should enable admin user to add internal lists for monitoring purposes A stand-alone manual "Name Checker feature" should be available and would especially be useful for account opening stage and facility granting process. Should be able to integrate with authenticated messaging systems eg SWIFT. Should enable bulk file uploads and facilitate File Scanner Feature (ability to scan all existing customer accounts).

What steps must a customer take to create an order via fax?

Sign a fax indemnity. Nominate a specific fax number belonging to them, Accept calls to their reg phone number to confirm each payment.

What are some types of SWIFT message?

Single Customer Credit Transfer Multiple Customer Credit Transfer Free Format Message General Financial Institution Transfer Documentary Credits and Guaranties

What should you pay attention to when reviewing ML flags for insurance?

SoF and to policies related to celebs, payments to 3rd parties

Can Lead FIs renew the FFI Agreement on behalf of a member FI?

No

Do all stages of money laundering have to exist in each money laundering scheme?

No

Does issuing a periodic report to the regulator require the consent of the Compliance Department?

No

What are some factors to include in E-training of staff?

No ability to speed up video or skip through. Should have replay and subtitles Multiple choice qs. Exam Advisable to hold face to face or online to discuss case studies and answer qs from trainee Continuous review and development of training material"

Does the BCBS possess formal supranational authority?

No, its decisions do not have legal force.

Is it necessary to monitor every transaction?

No, you should use a risk based approach and justify any that aren't investigated.

Should AML and CTF team review transactions of HR accounts?

Not all, depends on risk again.

Should you screen terrorist nicknames?

Not best technique - eg terrorist alias's are just nicknames and cannot be used to open accounts or execute transactions.

Is a PEP declaration required on the KYC form?

Not if screening is also conducted. You can have it anyway though.

If a non registered company changes its mind and wants to release the frozen capital or close the account, what do you do?

Obtain a letter from the relevant government body to release the frozen capital and close the account.

Incoming payment orders can be accepted via 3 media (apart from in person). What are these and what are the order of preference due to security?

Online banking, Fax, Email

When can nesting practices be accepted?

Only on an exceptional basis, with controls in place: transparent transactions and EDD.

What are the differences between ML and TF, with regard to purpose, source of funds, amount of money and penalty.

P154

What type of classification would a financial firm based in a country that hasn't signed a FATCA agreement have?

Participating FFI

When should dual control be applied to sanctions software?

Passing messages Deleting/editing names on sanctions screening list Adjusting settings

Which type of NFFE is most likely to be used to hide assets?

Passive

What is a PTA account?

Payable through account - the bank allows customers of another bank that maintains a Vostro Account with them, to have direct access to that account and conduct banking transactions through it.

Which documents and information are required for opening an individual account?

Personal affirmation document, Address, Work and income information, Purpose of account opening, Authorised signatories, Queries, Also Ts and Cs

Must policies and procedures be approved by the BoD?

Policies must be reviewed by Board of Directors, procedures not

What are administrative risk controls?

Policies, procedures or guidelines defining business practices in accordance with the org's security goals. Can apply to staff hiring/termination, equipment and internet usage, physical access to facilities, segregation of duties, auditing.

What should be investigated in a charity?

Presence of the charity and its branches and targeted sites, membership fees or annual subscriptions (if any), sources of funding detailed in the document and approved by the state, details of managing, resolving, and closing the charity. Names of the main founders of the charity must also be screened, to ensure that their nationalities and ages are consistent with the laws and regulations of the state and verify their legal past by all available means.

What are the three type of risk control functions and their definitions?

Preventative: Any security measure designed to stop unwanted/unauthorised activity, includes all the above types of control but not every single factor within. Detective: Implemented to detect and alert to unwanted activity in progress or after. Eg system administrators Corrective: Measures taken to repair damage or restore resources and capabilities to their prior state following unauthorised/unwanted activity. Inc terminating process or rebooting system. An incident response plan into action is an example of administrative corrective control.

What does the Federal Reserve System aim to do?

Promote the effective operation of the U.S. economy and, more generally, the public interest

What is a single FI?

"Does not have any member FIs

What is an Excepted NFFE?

"Includes Publicly Traded, Entity in liquidation/bankruptcy, Start-up company, Nonfinancial group entity, Non-profit organisation, and active NFFEs.

What are the 3 types of FATCA Agreements?

"Model 1 IGA

What is the difference between a Model 1 IGA and a Model 2 IGA?

"Model 1 IGA (Intergovernmental agreement): An agreement between the Government of the Foreign State and IRS

What are the steps to be undertaken (5) in preparing an RCM?

"Placement phase

What is the difference between RIM and RCM?

"Regulatory Inventory Matrix (RIM). compile information in Excel to be able to search by regulation name, reference number, or a word

What are the 4 types of FIs?

"Single FI

What is a Lead FI?

"Subsidiary of Member FFIs

What are some factors to consider when issuing regulatory compliance reports to the Compliance Committee of the Board of Directors?

"Use graphs to depict

What should be done in the allocation phase of preparing the RCM?

"When transferring instructions from RIM to RCM, ensure each req or action is in separate field/row.

What is an FFI Agreement?

"an agreement between the FI and IRS.

Should General Managers/Board of Directors be informed about reports? Or queries from FIU?

"n some countries, NO. Even within the usual reports submitted to the Board, not even CEO. But this is not a rule. Need to know policy is more important. Sometimes they do need to know.

What are examples of numerical data that highlights an institution's AML risk exposure?

% of HR customers % of HR customer deposits % of outward and inward wire transfers to/from HR countries % of customer data pending update Number & value of financial transactions executed electronically Number & value of financial transactions executed electronically Number of accounts/transactions rejected due to ML/TF suspicion Number of correspondent bank accounts Set ceilings to determine what is acceptable.

What are the 3 factors to consider when determining customer risk?

1 Customer type 2 Geography 3 Product, services and delivery

How do you ensure sanctions compliance in SWIFT messages?

1. Add a "Sanctions Clause" to the letter of credit in the body of the (SWIFT) stating that payment will not be made if the other party becomes listed on a sanctions list (mainly the UN List) at the due date of payment. And, that the relevant sanctions regulations will apply if any of the parties are affected. 2. When the applicant bank receives the Bill of Lading (BOL), the vessel name and its flag beside the shipping company name should be examined."

Name 3 things that should be part of the Ts and Cs

1. Dealing with minors' accounts 2. Procedures for closing accounts Mechanisms for communication Procedures for dormant accounts Complaints Dealing with incoming cheques Right of the bank to suspend account Methods of calculating interest Special fees Applicable laws in judicial disputes

What are the 3 possible outcomes after conducting a deep analysis on an account after an alert?

1. No suspicion 2. Suspicion (SAR) 3. Account on monitoring

How should you handle companies which are not yet registered?

1. Obtain draft of AoA 2. Prepare special KYC form for these accounts to identify shareholders, objectives and transactions expected 3. Freeze the amount deposited for the capital until registration is complete

What are the problems with de-risking?

1. People and organisations more volatile areas of the world or in small countries with limited financial markets could be completely cut off from access to regulated financial services. 2. Keeping individuals and businesses in regulated financial systems is a precondition for effective systems to mitigate risks and combat financial crimes. 3. Turning away customers could actually reduce transparency in the system by forcing transactions through unregulated channels.

How many hours of training do experts recommend new staff should undergo?

10 to 20 hours (and maybe more) of comprehensive training along with practical cases, while periodic training for existing staff may be limited to half of this period,

How many members does the Wolfsberg Group have?, and what type are they?

13 global banks eg HSBC, Santander

How many member states does the UN have?

193

How long does the periodic certification period cover, and how long does a FI have to submit after the end of the period?

3 years, 6 months

Who are the members of the Basel committee for banking supervision?

45 members consisting of central banks and authorities

What ownership threshold applies for sanctioned company owners?

50%

How long after receiving an IDES Alert do you have to A) initiate a file download and B) complete the file download?

7 days 24 hours

What is a delta report and how is it useful for screening?

A delta report reflects changes in the activity shown in any report type, so you can check if any of the newly listed names maintain an account with your institution, instead of re-screening all the existing customer names.

What is the difference between a shell company and a shelf company?

A shell corporation is a company or corporation that exists only on paper and has no office and no employees, but may have a bank account or may hold passive investments or be the registered owner of assets, such as intellectual property, or ships. A shelf corporation, shelf company, or aged corporation is a company or corporation that has had no activity. It was created and left with no activity.

What is an Air Waybill?

A type of Bill of Lading - a document that accompanies goods shipped by an international air courier to provide detailed information about the shipment and allow it to be tracked. The bill has multiple copies so that each party involved in the shipment can document it. A way to prove a shipment occurred, track online.

Can an account be opened without A) primary or B) secondary documents?

A) No B) Depends on policy, with controls

If a customer wishes to re-open a closed account, should you reactivate or open a new account?

Re-activate the old account

What are the most important policies that the institution should have in the AML/CTF space?

AML and CTF policy Sanctions and Embargoes Regulatory compliance Other policies where AML dept participates

What are the benefits of correspondent banking?

Access to financial services in different jurisdictions and provide cross-border payment services to their customers, supporting international trade and financial inclusion.

What type of classification would a non financial firm with active income have?

Active NFFE

What does OFAC do?

Administers and enforces US and trade sanctions based on US foreign policy and national security goals against targeted foreign regimes and nationals, traffickers, weapons of mass destruction etc.

Who must comply with OFAC?

All US persons must comply, inc all permanent resident aliens, citizens no matter where they are resident, all entities in US and foreign branches. Certain programs also require foreign persons in possession of U.S. origin goods to comply.

Who should the Compliance Manager submit reports to?

All relevant parties, such as the Compliance Committee of the Board of Directors, the Audit Committee, the CEO, and also to the Internal Audit Manager.

What is a Member FI?

An FI that registers as a member FI of an expanded affiliated group (EAG) that is not acting as a lead FI is required to obtain a GIIN as a condition of each status. A member FI will need to obtain its FATCA ID from its lead FI. The FATCA ID is used to identify the member FI for purposes of registration and is not the same number as the GIIN.

What is a Sponsoring Entity?

An entity that will perform the due diligence, withholding, and reporting obligations of one or more sponsored FFIs or the due diligence and reporting obligations of one or more sponsored direct reporting NFFEs. FFI or direct reporting NFFE that registers as member FI of an expanded affiliated group EAG that is not acting as a lead FI

Describe a recommended flow for achieving compliance in an institution

Analyse laws Determine which parts affect business Circulate to relevant depts Guide the depts to comply Monitor compliance level through a monitoring process But ensure that Legal Dept is involved.

What steps should be taken after an alert is generated on the system?

Analyse name, acct holder info, basically everything. Review income docs and other papers Verify via gov systems etc. Investigate the customer's partners and the account authorised signatories and any other individuals related to the customer and verifying the real beneficiary of the account. Analyse financial capacity and history eg returned cheques, credit score Rescreen them Adverse media search Review visitor log, look at credit/debit cards & safety deposit boxes Enquire about electronic services on account Sometimes worth deep financial check: such as cash deposits and documents submitted as sources of funds, depositors' names and their relationship with the account holder, and geographic locations of branches used for deposits, and then move to other types of financial transactions, such as cheques and remittances. You don't always need to follow all steps.

Which entities (taking ownership into account) are considered to be a blocked person under OFAC?

Any entity owned in the aggregate, directly or indirectly, 50 percent or more by one or more blocked persons is itself considered to be a blocked person

What are physical risk controls?

Anything tangible used to prevent or detect unauthorised access to physical areas, systems or assets, eg fences, security cards, CCTV, motion detectors.

What is the difference between a back to back Letter of Credit and a Transferable Letter of Credit?

B2B: - 1. Because it is a new and separate LC- Bank B can change any information they want! = High sanctions risk 2. two LCs will be issued. One from the importer to the intermediary, and another one from the intermediary to the exporter. Importer (Bank C) doesn't know about bank A (Exporter) Transferable: Another option available to the intermediary, is to transfer the same LC they receive from the importer, to the exporter. This type of LC is called Transferable. Bank B only allowed to change select info (applicant name, validity date, shipment date, unit price, value of LC)

Give an example of a corrective administrative control

BCP

What is the BIS and what is its mission?

Bank for International Settlements (BIS), owned by 62 banks. Fosters discussion and facilitates collaboration among central banks, research etc.

What is nesting?

Bank's misuse of its relationship with correspondent banks, by carrying out transactions for other banks' customers, when the other bank could be located in a country that is subject to sanctions and embargoes, or rated as a high- risk country (in terms of money laundering and terrorism financing). done by a respondent bank who maintains a Vostro account with major correspondent banks The respondent bank then directs a transaction through its correspondent bank account, pretending that this transaction belongs to one of its clients, when it does not.

What system do banks use to make remittances to one another?

Banking Authenticated Messages System like SWIFT(24)

What should you request for a child's account?

Birth cert or similar to show legal guardian on account and perform KYC on them. Also need purpose of account opening

What are the 2 types of FATCA Certifications?

COPA: relates to an entity's certification of pre-existing accounts (COPA) and; Periodic Certification: relates to the entity's compliance with various FATCA requirements

What does the UN do?

Can take action on issues confronting humanity, such as peace and security, climate change, sustainable development, human rights, disarmament, terrorism, humanitarian and health emergencies, gender equality, governance, food production etc etc

What should charities and NPOs be informed of at the outset of account opening?

Cash transactions must be v limited, they should manage via cheques /remittances (better tracking) and the bank may reject distribution to other countries

Why do experts criticise having AML risk within AML system rather than account opening system?

Classification should be available to the employee who is opening the account or entering the customer data so they can determine correct action. Risk rating can be mirrored on AML system. V important to have this update automatically since info changes sometimes."

What are the controls needed to open an account without secondary docs?

Clear reason for postponement Needs to be in policies how long you can go without and which docs Customer signs an undertaking to provide the bank with required info/ docs within a specified period. The power to grant these exceptions given to a central authority with a specific role within bank Follow up required

Boards usually form committees to facilitate work before it's submitted to Board for approval. Which document does each board need to determine its tasks?

Committee Charter or Terms of Reference

How should you handle the closing of dormant accounts with outstanding fees?

Communicate with the account holder, to ensure they do not want the account. Then reflect the amounts of these fees, after obtaining approval from management or the relevant department. This will help to eliminate unnecessary accounts, and reduce effort and costs.

How can you check that the provided address is real?

Comparison with utility bills, residence card, lease documents, real estate registration papers, or even a visit.

Which elements should be considered when giving correspondent banks a risk rating?

Complex ownership structure, owners' names and nationalities, countries of residence and legal history (even if not PEPs). Country of the bank/nationality and locations of branches and subs Durability of AML program and adherence to sanctions and embargoes.

Should regulatory enquiries go to Legal or Compliance?

Compliance

What are the best standards for Compliance's position and role within the organisational structure?

Compliance & AML Depts are independent and not merged with other depts Compliance reports directly to Board Compliance Committee and not CEO Reports go directly to that committee, copy to CEO

What is the difference between the Internal Audit and Compliance Depts?

Compliance = don't make field visits Scope = regulatory instructions. IA scope is broader, such as compliance with internal policies and detecting risks arising from weakness of controls"

Should the Compliance Manager conduct field visits or obtain samples of files or transactions for inspection?

Compliance Manager does not conduct field visits or obtain samples of files or transactions for inspection. Instead, he conducts compliance monitoring from his desk, either via emails or meetings, to ensure that the concerned department is aware of the regulatory instructions.

Who should compliance reports be submitted to?

Compliance reports should be submitted to the Board Committee

What are the responsibilities of Exec Management Team for monitoring compliance?

Complying with measures Help C team Awareness of risks Obtaining C recommendations Staff awareness & culture, disciplinary measures Separation of compliance & internal audit Developing at least annual plan for non-C risk assessment Submitting policies etc to C Dept for review and approval

What are the 3 types of sanctions?

Comprehensive: Usually applied to whole country (exceptions include humanitarian aid). Sectoral: Country or jurisdictional level but one sector, e.g. petroleum, arms, gold, diamonds. Can deal with the country apart from these sectors. Targeted: Individuals, companies, groups. This may include not allowing them to enter the country (Travel Ban), freezing their assets, or not being permitted to sell them military equipment."

How do you calculate control ineffectiveness?

Control ineffectiveness = 100% - (Control impact X Control effectiveness) Control impact: is the expected value of its risk mitigation.

What transactions and vendors etc did 5AMLD add to its scope?

Custodian wallet providers Virtual currency and fiat service providers Art traders/intermediaries (where carried out by freeports or where transaction exceeds 10k) Any person that undertakes to provide (directly or indirectly or by means of other persons) material aid, assistance, or advice on tax matters as a principal business or professional activity (auditors, external accountants and tax advisors were already included)

Who in a business is responsible for ensuring compliance with policies & procedures?

Department Heads.

Can you conduct business with a company where the UBO is subject to sanctions?

Depends on risk level, but not if more than 50% ownership

What does the compliance policy do and what is its purpose?

Describes the policies of the institution in certain areas and determines its general frameworks inc the way of work in the institution Describe responsibilities of the Board of Directors concerning compliance management, responsibilities of senior management and other parties within the institution, the scope, responsibilities, reports, authorities of the Compliance Department Purpose: to inform stakeholders/ regulators of the commitment to laws, regs, ethics, empower the compliance dept"

Where is it recommended that Legal and Compliance work together?

Determine relevant laws & articles within which require action. This should be done by Legal not Compliance. Compliance coordinates with legal to receive analysis. Compliance interprets laws and incorporates into programme. Compliance must provide legal with info regarding legal risks, and discuss methods.

The Compliance Dept must comply with Direct Regulatory Bodies' Instructions. What does Direct mean?

Direct means any official regulatory body appointed by the government to control the sector.

What is a letter of guarantee?

Document issued by the bank that ensures the supplier gets paid for the goods or services it provides to a company, in the event that the company itself can't pay.

According to 5AMLD, what is the threshold for conducting DD on transactions carried out by traders of works of art or persons acting as intermediaries in the trade of works of art (including where this is carried out by art galleries or auction houses) and persons storing, trading, or acting as intermediaries in the trade of works of art when this is carried out by freeports?

EUR 10,000

What is a Passive NFFE?

Earns more than 50% of gross income from passive income or more than 50% of assets are held for production of passive income, e.g. securities, rental property held as investments.

How can money laundering occur through letters of credit?

Eg pretend value of goods is higher than it is Or other way around Price manipulation

What is the difference between a sanction and an embargo?

Embargo is severe and can represent complete prohibition of all trade activities between countries. The word "Embargo" is commonly linked with restrictions on weapons and dual use goods(21) and is most often used in the context of "Arms Embargoes".

What are the ML risks and pros related to virtual currencies?

Enables financially excluded countries to transfer money (e.g. countries that prohibit women from having a bank account). However absence of regulatory oversight could contribute to people being defrauded No sanctions screening Limits role of intermediaries Adversely affects the monitoring of the normal financial system Public domain: deters some ML

What are some features of IDES?

Enrollment Certificate Management Account Management Secure Data Transmission Status of Data Transmission (Alerts and Notification)"

What are some rules in applying de-risking?

Ensure justification and measure the impact Senior management provide written approval and that this is monitored Make sure this practice doesn't violate any regulations or instructions from regulatory authorities Ensure that this practice does not waste any valid business opportunities.

What should you check for when reviewing authenticated message processes?

Ensure that there is live integration between the name screening system and the authenticated message system. This allows for alerts to be issued immediately. The matching rank(28) implemented on the system should be phonetic to catch any misspellings. Relying on full match ranking (100%) is not acceptable because it will miss matching names with slightly altered spellings. Dual control should be in place to release any SWIFT message. The officers working on the name screening system should have the necessary experience and training. Amending the matching rank feature should be deactivated for all users, especially when the matching rank is set to a percentage. To avoid resubmitted messages that match to a previously rejected transactions except missing (stripping) the offending information, the specialist should make sure: - That the used software has a feature to detect duplicate messages, including screening against rejected messages (i.e., the software compares against reference number and/or amount). - Compile a sample of rejected messages and compare against the reference number and/or amount for successfully received messages to ensure that the software is functioning properly."

What are the tasks of the compliance committee?

Ensuring independence of Compliance dept Reviewing compliance reports, approving C policy & related ones Issuing recs concerning new instructions from regulator Providing BOD with minutes from meetings Raise compliance level Keep abreast of developments, recommendations to BOD Monitoring implementation of C policy. Supporting C Dept

What are the required tasks and qualifications of the Compliance Department?

Establish framework of responsibilities and procedures for C Give needed powers to C staff to communicate with employees, access to files & records Authority to investigate to determine cause of violations. Ask for assistance from legal & internal audit, or others without violating confidentiality provisions. Issue reports to C Committee and copies to CEO Staff must have: Qualifications, experience, personal, prof skills Understanding of relevant laws and regs Keeping abreast of developments and getting ongoing training Assist exec management in managing non compliance risks, provide advice and guidance Reporting violations to Committee. Managing corrective actions Assessing procedures and processes. Formulating proposals for adjustments Identify & evaluate risks of non compliance Circulate requirements and instructions to relevant depts within institutions Developing compliance policy & code of conduct

Which parts of foreign company names should be translated for screening?

Everything apart from the brand name

What should be included in a committee's business charter? And what is the most important?

Explaining relationship with compliance dept. Also includes: Responsibilities of secretary (not a committee member) Purpose of committee How BOD evaluates performance Frequency of meetings Membership period Authority to access info The right to call whomever to attend their meetings

What are the main objectives/changes of 5AMLD?

Extended scope of the persons subject to AML requirements (in particular to address TF risks linked to virtual currencies and anonymous prepaid cards and tech evolutions); EDD (especially involving HR 3rd countries) Increased transparency measures (enhanced access to transparency registers & bank registers) Enhanced powers for FIUs and supervisory authorities

True / False - if a customer has 2 addresses you do not need to request the second one

FALSE

True / False - incorporation documents should be collected for every LE

False (e.g. Barclays founded 1896, doesn't achieve much and hard to come by)

True / False - if a customer has 2 passports you do not need to request the second one

False (e.g. if name differs on second one you need to screen that name too, also for FATCA purposes)

What are some current challenges in the Fintech space?

Financial cybercrime, Processing big data, Gap existence between financial service and regulators, Lack of tech and AI expertise, Financial software based on Blockchain tech weakens ability of data exchange (I suppose due to anonymity?)

Who must be identified in a charity?

Founders and members of the current administrative body, the authorised signatories on the account

What are the 2 types of licence to authorise a transaction that would otherwise be prohibited?

General: Authorise a particular type of transaction for a class of persons Specific: To a particular person (NP or LE) authorising a particular transaction

What are examples of good and bad proofs of work information?

Good: Registration certificate, payroll statement Bad: Business card

What are the roles of governments and regulators in sanctions?

Gov: Setting foreign policy, establish sanctions framework Monitor import and exports, identify end-users of goods Regulators: Usually establish committees to create national sanctions list and govern the adherence to it, as well as receiving sanctions reports and managing frozen assets.

What are technical risk controlsl?

Hardware or software mechanisms to protect assets. Common examples: authentication solutions, firewalls, antivirus software and encryption measures.

What does the UNSC do?

Has primary responsibility, under the UN Charter, for the maintenance of international peace and security

What are Computer Assisted Audit Techniques (CAATs) used for?

Help auditors provide more analytical results, leverage statistical tools and data analytics to compare certain scenarios

What is a HCTA?

Host Country Tax Authority

What should be done in the placement phase of preparing the RCM?

Identify items needing compliance examination. When C managers are reviewing policies/procedures or providing advice, should refer to RIM. When conducting a compliance examination, refer to RCM.

Where is the AML risk in internal accounts?

If an internal account was used to execute a customer's transaction, this transaction may not be detected through AML monitoring systems because the intermediate accounts are supposed to be for accounting and statistical purposes

What information is required as to expected activity on the account?

If foreign activity, cash deposit/cheques etc

Does the KYC form need to be signed once or multiple times?

If form is a number of pages, each page should be signed. Otherwise just one signature at end.

When is it especially required to check the number of branches of a LE?

If large sums and many transactions are expected on the account.

How must customer documents be presented?

In their original copy, and then the employee can take a photocopy of it, and stamp it as (Original Seen)

What are the most important factors in a successful compliance programme? (8)

Independence and appropriate location within institution Relationship between AML and Reg functions Qualified team Independent audit Automatic systems and keeping abreast of tech developments Continuous training Policies & Procedures Mind and way of thinking for AML Manager"

Which types of insurance are most likely to be used for ML?

Insurance policies that allow the client to have their money back during the insurance period, such as an investment. Inc fixed term assurance policy, an endowment policy and an annuity

What is IDES?

International Data Exchange Service - a secure file transfer system available to FIs and Host Country Tax Authorities (HCTA) to facilitate FATCA reporting.

In addition to the OFAC sanctions, on which act can the US president rely to enact financial and economic sanctions against countries?

International Emergency Economic Powers Act (IEEPA)

What is the OECD?

International organization that works to shape policies that foster prosperity, equality, opportunity and well-being for all, Forum and hub. Supervises a wide variety of topics and sectors from the economy, trade, tax, finance, investment, insurance and retirement, education, etc. Developed CRS

How can you manage correspondent banking risks?

Reject unknown or weird risks inc transactions related to specific customers. Avoid duplication risk - rely on security of regulator (ie don't check what the regulator has already checked) Ensure not a shell bank Review website to identify products and services Verify ownership structure (according to predetermined % eg 5, 10, 25) Automated negative media screening against bank, owners and controllers Review AML program of CBank with an AML questionnaire asking about AML policy, PEPs etc (big list) - use Wolfsberg as template, request W8-BENE Also approval by Senior Management.

What are some risk based screening decisions to implement and that should be included in the governance framework?

Remove reference data from screening once it's no longer risk relevant Add a party that poses low sanctions risk to a list of parties omitted from screening Use suppression rules or "Good guy" lists to manage common false positive alerts requiring unnecessary manual review Establish criteria and tech processes to ensure lists are only screened against a subset of data relevant to a specific jurisdiction.

What type of classification would a Germany based payments firm that is not registered deemed compliant have under FATCA?

Reporting Model 1

What is the International Chamber of Commerce (ICC)?

Representative of millions of companies internationally Promote international trade, responsible conduct, global approach to regulation Dispute resolution

Is inherent or residual risk reduced when multiple controls are implemented?

Residual

What is the calculation for inherent risks?

Residual risk = Inherent Risk X Control ineffectiveness Inherent risk = Impact of an event X Probability"

What are System Internal Lists?

Kept by bank (as opposed to EU list etc), used for: Monitoring transactions of customers under investigation Capture transactions requiring special approval (e.g. donations to foreign charities) Record FIU inquiries (list as potentially risky customers) Monitor commercial transactions

Why is correspondent banking considered high risk for ML?

Large numbers of transactions and huge amounts in total The correspondent bank cannot investigate the information of the issuer and beneficiary of the wire transfer and has no data about them, such as their identification documents and KYC. Therefore, the correspondent bank has to rely on the compliance program of the other bank"

Are PTA accounts allowed?

Largely no

How would the registration process differ between a Single FI and Lead FI?

Lead FI must give its member FIs their FATCA login information receives notification for all of them re GIINs.

What are the differences between Charities and NPOs?

Licensing authority differs Charities: min no of founders Revenue usually much higher than operating costs for charities. NPO usually derived from gov bod.

What is the difference between structured data and unstructured with regard to screened data?

Structured data = standardised format. The applicant's name on an outward wire transfer transaction (SWIFT), may be considered "Structured Data". The applicant's name on an inward wire transfer (SWIFT) may not be considered "Structured Data", because it was entered via another institution, and might not exactly match the name on the receiving institution's records."

What are the reasons for applying sanctions?

Support peaceful transitions Deter non constitutional changes Protect human rights and promote non-proliferation Constrain terrorism

Give an example of a detective physical control

Surveillance cam

Should ML or TF reports be prioritised?

TF

True / False - General Ts & Cs provided to customers should include AML, CTF and KYC controls?

TRUE

True / False - In all cases, it is necessary to know the relationship between a customer and any other person delegated to act on behalf of them.

TRUE

True / False - The account must be rated high-risk when the process of verifying the company's business is difficult.

TRUE

True / False - each KYC form needs a serial number

TRUE

True / False - the verification of a signatory's identity will often require the application of the same due diligence process for the actual customer.

TRUE

What are some examples of secondary information?

Tax ID of a new company Building number on an address Utility bill as address proof

What is blockchain?

Technology that can program a group of ledgers to record and track anything of value, such as financial transactions or contracts and property and companies registration, and more, by storing data in blocks connected within a continuous chain.

What is de-risking?

Terminate or restricting client relationships with whole categories/sectors of clients, so as to not have to manage financial crime risks associated with these groups of clients

What if the beneficiary "Bank B", does not have an account with "Bank C", the correspondent of "Bank A"?

That means Correspondent Bank C will send the money to another correspondent bank that maintains an account for Bank B.

What are the three key Federal Reserve entities of the Federal Reserve System?

The Federal Reserve Board of Governors (Board of Governors), the Federal Reserve Banks (Reserve Banks), and the Federal Open Market Committee (FOMC).

If you are a Compliance Manager at a bank, who will be the official authority to control the business of your institution?

The Reserve Bank

If the compliance manager works for a small exchange house or money service business (MSB) owned by one person, who should the compliance reports be submitted to?

The compliance manager should be reporting to the owner/manager directly, which is the highest point in the organization's structure, and independent from any other department.

Who is responsible for the Monitoring of Periodic Reporting to the Regulator?

The relevant department, but the commitment of that dept should be reviewed through the monitoring process.

What is the definition of a sanction?

The type of action (measure) taken by official bodies like the United Nations Security Council (UNSC) to force individuals, groups, or countries to maintain or restore international peace and security

When are certain types of FI required to submit Periodic Certifications?

Those who are in approved status or were previously in approved status, are required to submit periodic certifications.

What is the purpose of the PATRIOT Act?

To break financial channels with some high-risk countries. Gives US State Dept authority to apply measures against the foreign party by forcing banks in US to seize assets and obtain financial transactions and records.

Why is it important for AML purposes to have a telephone number linked to the account?

To check for patterns and linked accounts

At what stage of account opening should terrorist financing flags be reviewed?

Trick question - they should be covered by transaction monitoring system and not at account opening.

True / False - information already contained in the document provided does not need to be requested on the KYC form again

True, except recommended for additional nationalities

What type of classification would a US entity have under FATCA?

US entity (trick q)

How many POCs are allowed for each entity on the IRS platform?

Up to 5

What are the tasks of the BoD?

Vary but eg forming Compliance Committee Adoption of compliance charter, supporting, evaluating compliance Resource allocation, hiring compliance, raising awareness. Reviewing minutes of meetings

How do you mitigate the risks presented by bank authorisation?

Verifying the other bank signatures through certain systems or websites that contain all bank's authorised personnel and their signatures for such purposes, such as ""Bankers Almanac,"" • doing the verification by other means like telephoning or emailing the other bank.

What is a VASP?

Virtual Asset Service Provider

What are the 3 types of correspondent banking relationships?

Vostro Account: Used by Bank B, referring to Bank A's money on deposit Nostro Account: Used by Bank A, referring to "our" account held by Bank B. RMA (Relationship Management Application): a service offered by SWIFT - communication between 2 banks without having any services for one another.

Which FATCA form should be signed if the customer is not American but has another FATCA indicator?

W8BEN

Which FATCA form should be signed if the customer is American?

W9

According to best practice, which employees should check source of funds?

Where possible the front-line employees/tellers should be responsible for checking the source of funds and when applicable for undertaking a preliminary examination of the customer's documents.

What is interbank placement (regarding correspondent banking)?

Where the respondent bank must keep a term deposit (fixed-term investment with specified maturity date) in its account on the correspondent bank's records, no less than a specified ceiling.

Where do EU sanctions apply?

While EU sanctions inherently have an effect in non-EU countries, as they are a foreign policy tool, the measures apply only within EU jurisdiction. In other words, the obligations they impose are binding on EU nationals or persons located in the EU or doing business there.

What are some red flags for TF?

Wire transfers with no clear purpose of payment, or nature of the relationship between the applicant (payer) and the beneficiary, especially between individuals. Frequent cash withdrawals from the accounts of NPOs/ charities Remittances to charities outside of the country, as donations Frequent transactions via countries related to terrorism, and not fitting with expected activity Access to online banking services from high-risk countries, especially if the customer is not a resident, as well as the use of bank ATMs or credit cards in these countries

Is knowledge of the source of funds required to be prosecuted for ML?

Yes

Should the building number and floor be included when collecting address?

Yes

Can the AML dept be merged with the Compliance Department?

Yes, depending on size and necessity

Can the Compliance manager's scope be extended to ensuring compliance with Legal provisions?

Yes, if legal dept thinks essential

Should it be asked in KYC form if shareholders who have substantial % are subject to FATCA.

Yes, qs about citizenship, residency and green cards MUST be obtained. They can be simplified into 1 q, eg "Are you subject to FATCA?"