Here are the questions and answers from our attendees at our recent webinar on Managing Monitoring Rules in Light of Indictments
At the end of the Q&A section are some resource links for information sources that were shared by our presenter.
Transaction Monitoring Rules: Q&A
Question: Is it true for effectiveness, and you are using third parties, that you need to have a way to check their effectiveness?
A: Yes. To me, the example that comes to mind is an audit firm. Audit is a pillar requirement. And if you think that a clean audit is a good one, then I have news for you. That’s not the case. You’d like your audit to be a good measure of an effective audit from the firm and what kind of issues they are bringing to light. If you do have some minor things on an audit, that doesn’t necessarily mean it wasn’t an effective audit.
Is that audit team looking at how effective your program is or are they saying, you forgot a date of birth on the CTR form or you transposed this person’s driver’s license number on this SAR form.
Those are all surface things that have nothing to do with your effectiveness. So to me, when you’re looking at third parties, especially as a customer or those third parties, you would want to make sure that their program is effective, their testing program and methodology are effective for sure.
Q: How would you handle searching Google for Chinese-based entities, especially with non-transparent information?
A: It is very difficult. You know, a lot of times, you get to a point where there is no more information, especially when you’re dealing with offshore funds out of Singapore, out of Hong Kong, as well, it’s not just China.
And you just get to a point where you say to yourself, well, this is just an LLC, or it’s ABC Investment, some generic name, and you can’t find any more information.
There’s really nothing more that you could do. When I come across those, when I do investigations for clients and I come across that type of limited information, that goes on the suspicious side of my brain.
The fact that this business, that I can find a whole bunch of stuff on them, they may be my customer and are now sending money to a business that I can’t find, to me adds to the level of suspicion.
So, I wouldn’t spend too much time on it. I think the first couple of searches that you do, make sure you Google everything in quotes. If you are looking for a full business name, you need to Google it with first and second names, the beginning and end of parentheses on those.
I usually just give up, because you just know that’s going to happen. Not all the time, because there are some Chinese businesses where you can find them online. And, you know, I just put that over on the suspicious side of my brain.
Q: Would you open the account if there are suspicions but if your client relations team is saying we have to open this account? How do you manage those risks?
A: If I was the practitioner saying, yes or no to opening the account, I would be looking at what time, what rate, what resources I have internally in order to properly manage that client.
So it’s not always going to be a yes.
If I know that I have a really good team member who has a little bit of flexibility, but they’re really quick and they’re really fast and really good at what they do, especially when it comes to the management of apparent shell companies or front companies or foreign businesses just as a whole, I might lean towards onboarding them depending on their source of wealth and their source of funds.
But if I’m looking at my maxed-out AML team and I’ve been asking for new people and they’re not giving me additional people, and I may not have a very efficient system, then I’m going to say No. Because to onboard something that you know is higher risk, that is going to need a lot more time to manage the risks, it’s setting yourself up for failure.
Q: Do you have any rules to identify human trafficking?
A: It depends on your system, right? I know it’s no secret to you, but I love Alessa, that’s one of the systems I’m such a fan of because of the customization options that your system has.
But not everyone has the ability to customize – especially if you’re a community institution, you’re John Patriot Officer, you know, a few other ones that give you the ability to customize some of your parameters. You may not be able to customize to the extent that you would need in order to isolate human trafficking, depending on what type of human trafficking you’re looking for.
If you’re looking for sex trafficking, labor trafficking, or organ trafficking, there are different data headers. So some of my clients, I use rules like, I have a list of ACH (automated clearing house) descriptions for a whole bunch of higher-risk websites that we know are used to facilitate the sex trade.
And so that is just in a static ACH field. And so if there is any ACH that comes in or out from any of these websites, it flags. I don’t put a dollar amount on them because you are not going to get a whole bunch of information. It is just one of those rules that sits there and it is like an arrow in your quiver.
One of the other ones I look at is lower cash deposits made at an ATM during the night on or on a repetitive basis. And the money going back out – we’re not talking about large amounts of cash, we’re talking about smaller amounts. It is almost like a micro-structuring but they are probably just depositing either the funds from the women that they are pimping out, or the victim is actually depositing the funds into the ATM at night. I look for those because most ATMs have a data header of some kind that you search and only look for our ATM deposits during this timeframe. Or you can put a total dollar amount on those types of rules.
If you’re looking for human trafficking, in terms of labor trafficking, Another rule that we use is looking for an industry code having to do with farming. And look through their rent, or what appear to be rent payments out. A lot of farmers will pay rent. Or they will receive rent payments in the form of small checks or small dollar amounts.
Really what is happening is they are keeping all of the individuals that are working on their farm in one room. If you know that farmer and he only has one or two buildings on this property you may flag it. Now we’re seeing all these little tiny rent payments come through as he keeps all of these individuals in one room, which is a sign of labor trafficking.
So that is basically where I would start if you’re a community institution.
Q: So in terms of incorporating the changes, based on the indictments and the policies and procedures at the company, could it form part of the internal manual the company prepares and do these changes have to be formally documented?
A: Yes. Any time you make a change to your transaction monitoring system or your customer service criteria, it should always have a change control form. But a change control form should definitely be there.
I think, when it comes to the formal policies and procedures, it shouldn’t be in the policy because this should be a living, breathing document. So in the procedure side, on your suspicious activity monitoring procedures, which I always recommend, that is a standalone document that talks about all the different feeds and avenues by which you receive indicators of potential suspicious activity.
One of those pathways, one of those feedback loops into your suspicious activity monitoring program, should be listed as indictments, guidance, and cases.
Q: How do you deal with the credibility of internet sources? Do you think it is truly reliable?
A: When I am looking at something if I can not substantiate what I am finding, then I do not let it undo my gut feeling. I do not let it undo that suspicious element.
If I find something that enhances the suspicious element that I have, I tend to lean more towards that. Because again, you are going to err on the side of being more suspicious about something throughout the investigative process than you would being less suspicious. I do not think being less suspicious or finding discrepancies online should undo what you have already compiled or the facts before you.
Q: How do you train the front staff to ask quality questions and to find the answers to the CDD questions? Or to ask questions involving clients who withdraw or deposit large amounts of cash?
A: I think I’ll probably ruffle some feathers on this one. Like in the U.S. we do this thing, where we collect the expected activity, the customer, when we onboard them. And so I would assume that that’s what this question is kind of talking about. You are asking them ahead of time, how much are they going to do in transactions for wires, numbers, dollar amounts, ranges, and so on.
I personally have a problem with that, because most criminals are not going to give you something very low, and then end up tripping your rules because they are going to far exceed that.
To me, there are types of information that you should be looking for, and the expected activity is not what you’re collecting at the front end.
So that also means that if your measurement, your benchmark, when you’re reviewing their monitoring, when they flag as an alert against some of your rules, and you go pull the onboarding information, you’re finding that the answers are not accurate.
That means that you are implying that they were 100 percent truthful at onboarding, which is hardly ever the case. So your expectations, your expected amount that you should be focused on is what you believe is reasonable and normal for that customer, not what they stated at the beginning. It’s what they are going to be doing.
So it’s kind of shifting it a little bit. I would not spend any time trying to train individuals on the front end to collect more information about what the customer thinks they’re going to be doing. Because to me that is projected activity, not expected activity. Expected should come from the AMLs. That person can look at a nail salon, or a pizza store, to determine if this is reasonable activity. This is what I would expect from this customer type.
Links to resources from the webinar:
We are unable to share the slides for this webinar, but you may listen to the webinar recording and read the following questions and answers.
Alessa provides software solutions for AML compliance and fraud detection and prevention. Our knowledge of compliance regulations has allowed us to create transaction monitoring software that can assist you in avoiding indictments. Contact us today to learn more about how our software can help you with complying with transaction monitoring rules and more.