AML-CFT risk management framework

evolutions

Radish Singh, Southeast Asia Anti-Money Laundering / Sanctions Leader,

Deloitte Southeast Asia

1
Agenda

Introduction: Increased focus by regulators

Global, regional trends and developments
Impact on FCC risk management framework
Issues and expectations
Recap

© 2015 Deloitte & Touche Financial Advisory Services Pte Ltd 2

Increased focus by regulators

3
FCC tops the agenda of regulators globally

In recent years, regulators have dramatically stepped up enforcement of anti–money laundering (AML) and
CFT laws and regulations.
Today, it is not uncommon to see the US Justice Department and regulators announce multi–million dollar
criminal or civil fines as settlements for AML violations.
Sometimes compliance related fines exceed many hundreds of millions of dollars with a recent judgment
reaching USD 9 billion.
FCC tops the agenda of regulators globally

Examples of fines for AML and Sanctions violations 8.97b

Record–breaking fines (in USD million)
imposed on financial
institutions

1.92b
536m 619m 967m
100m 298m 350m 500m

Penalty
Source: Multiple news sources
Trend of fines and penalties 2003–2014 Amount
9B
Number of Trend of increasing
Fines 7B
regulatory scrutiny
175 5B and penalty
150 2B
125 1B

100 750M
500M
75
100M
50
50M
25 25M

5
2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2014 Source: Multiple news sources

© 2015 Deloitte & Touche Financial Advisory Services Pte Ltd 5

Focus on financial crime risk management

Risk management guidelines related to anti–money laundering and terrorist financing issued by the Basel
Committee (15 January 2014)
• Assessment and understanding of risk

• Board responsibility and governance

• Effectiveness of three lines of defense

AML risk tolerance,
• Transactions / ongoing monitoring effectiveness of AML risk
• Due diligence and customer acceptance policy management framework
and single client view are
• Verification of beneficial owners and risk profiling critical to enhance
compliance standards
• MIS – record keeping, updating and reporting to supervisors

• Reporting suspicious activity and freezing of assets

• Group wide / cross border management of customer risk,

management of risk, consistent policies and procedures and
information sharing
© 2015 Deloitte & Touche Financial Advisory Services Pte Ltd 6
Key events shaping the industry standards

• FINRA, FSA (now FCA) – focus on individuals (AMLOs) for AML weaknesses
In addition to looking into
• Huge fines imposed by US regulators for sanctions and AML failures
policies, procedures and
• Regulatory audit / inspection now focus on the operations and effectiveness of the AML / FCC operations systems, regulators also get
• Regulators test skills and knowledge of staff – qualitative assessment is done by interviewing staff, amongst others into the overall effectiveness
• Inspecting minutes of meetings and files to ensure that AML risks are escalated and have senior management input and of the AML operations and
oversight controls within a bank.
• New developments from FATF perspective – TBML, new technology (mobile banking etc.), tax evasion Reliance on head office
• January 2014 – BCBS issued guidelines on how banks should include management of risks related AML / CFT within infrastructure is insufficient –
their overall risk management framework local expectations must be
• July 2014 – the FinCEN proposed amendments to existing BSA regulations that would impose explicit customer due taken into account .
diligence requirements, including a new beneficial ownership requirement.
• FATCA implementation and impact on compliance – FATFC generally requires a financial institution to know whether a AML / CFT compliance has
10% owner of certain entities is a US person or not based on a self–certification provided by the entity. For most of the become a credibility issue for
AML/KYC reviews, the threshold is normally 25% (for low risk customers). Additionally, FATCA monitoring for change in regulators to demonstrate
circumstances is not risk–based, must be monitored as it occurs and applies to all customers that the country is part of the
• January 2015 – the FDIC released a statement encouraging institutions to take a risk–based approach in assessing all international network in
individual customer relationships rather than “de–risking,” or declining to provide services to entire categories of combating AML / CFT.
customers

Criminals and terrorists conduct billions of dollars in transactions each year through the formal financial sector, the informal financial sector,
the trade system and cash smuggling. Despite international attempts to develop a blueprint for fighting money laundering and terrorism
financing, several countries and jurisdictions – particularly some emerging and other markets – have yet to implement anti–money
laundering in its true spirit .
Global, regional trends and
developments

8
Global effort to combat financial crime …

4 FATF guidance to consider…

1. October 2014: FATF’s draft

3 Asia
Guidance on Transparency and
Beneficial Ownership:
• The FATF has set international

2 • The AML regime globally and in Asian continues to be

under much regulatory scrutiny
• Key events are the mutual evaluation in Australia,
standards which require
countries to implement
measures to ensure that
accurate information on the

1 Europe
Singapore, and Hong Kong , India and others

• EU focusing on ML/TF risk since Feb 2013, and is updating the

beneficial ownership of legal
persons and legal
arrangements is available to
competent authorities in a
AML Directive
timely fashion.
• FSA (now FCA) – has fined individuals (AMLOs) for AML
2. The FATF adopted the risk–
weaknesses
US based approach guidance for the
• Huge fines being imposed by US regulators for banking sector which gives clear
guidance on how to properly
sanctions framework failures
implement the risk–based
• New CDD requirements issued by FinCEN approach, and is explicitly meant
General to be read in conjunction with
Tax evasion, trade finance, new the FATF Guidance on AML/CFT
technologies, risk assessments and financial inclusion.

© 2015 Deloitte & Touche Financial Advisory Services Pte Ltd 9

Regional updates and developments

• July 2014 – The MAS released a consultation paper with proposed amendments to the MAS Notice 626. The changes aim to ensure
that the AML/CFT regime is effective and in line with international best practices and FATF’s latest recommendations.

Last mutual evaluation date: Last follow–up date: Upcoming mutual evaluation date:
Oct 2008 October 2012 Nov/Dec 2016

• 31 March 2015 – HKMA released a Guidance Paper for authorised institutions on anti–money laundering controls over tax evasion .
The Guidance aims to enhance the effectiveness of measures to mitigate money laundering risks in respect of tax evasion.

Last mutual evaluation date: Last follow–up date: Upcoming mutual evaluation date:
June 2008 October 2012 Early 2016

• June 2013 – India rectified nearly all of the technical deficiencies identified with respect to the criminalisation of ML and TF and the
implementation of effective confiscation and provisional measures.

Last mutual evaluation date: Last follow–up date: Upcoming mutual evaluation date:
June 2010 June 2013 Unscheduled

© 2015 Deloitte & Touche Financial Advisory Services Pte Ltd 10

Regional updates and developments

• October 2014 – The National Coordination Committee to Counter Money Laundering (NCC) recently conducted a National Risk
Assessment (NRA) to enhance the country's collective understanding of the ML and TF risks facing the country.
• June 2014 – Amendments to AMLATFA were made with the aim of strengthening Malaysia’s AML/CFT framework against criminal
activities.

Last mutual evaluation date: Recent mutual evaluation date: Upcoming plenary discussion date:
July 2007 November 2014 July 2015

• October 2014 – Japan’s cabinet approved bills to tighten rules against money laundering and terrorist financing bid to avoid being
classified as high–risk and non–cooperative jurisdictions by FATF.

Last mutual evaluation date: Last follow–up date: Upcoming mutual evaluation date:
Oct 2008 June 2014 Unscheduled

• New CDD requirements take effect from 1 June 2014 through amendments to seven chapters of the AML/CTF Rules. The new
requirements introduce enhanced beneficial owner identification and verification.
• The implementation period is slated between 1 June 2014 to 31 December 2015. Major reporting entities are expected to be fully
compliant with the new CDD rules by 1 January 2016.

Last mutual evaluation date: Last follow–up date: Upcoming mutual evaluation date:
Oct 2005 – July–august 2014

© 2015 Deloitte & Touche Financial Advisory Services Pte Ltd 11

Regional updates and developments

• April 2015 – The National Legislative Assembly (NLA) approved in principle three bills on the anti–money laundering agency.

Last Mutual Evaluation Date: Last Follow–up Date: Upcoming Mutual Evaluation Date:
August 2007 Ongoing 4Q 2016

• China has enacted various legislations to enhance its criminalisation of money laundering and terrorist financing
• Repealed the old RMB–LVT/STR Rules and FX–LVT/STR Rules, and adopted new regulations which extend the reporting obligation to
the insurance and securities sectors.
• However, several deficiencies continue to remain across various recommendations and China has taken steps to enhance the
effectiveness of implementation.

Last Mutual Evaluation Date: Last Follow–up Date: Upcoming Mutual Evaluation Date:
June 2007 February 2012 Unscheduled

© 2015 Deloitte & Touche Financial Advisory Services Pte Ltd 12

Impact on FCC risk management
framework

13
Regulatory focus
Financial crime is shaping the banks’ compliance / risk programmes

Regulatory environment

Regulators are increasingly focussed on KYC / AML / Sanctions / Conduct issues with increased volumes of regulation and convergence amongst regulatory
requirements. The focus of regulation is not on the setting of specific requirements, thresholds etc., instead the focus is upon banks:
• Effectiveness of the framework and its implementation / execution
• Understanding their risk profile
• Having a risk based approach to control
• Putting in place the appropriate governance, processes and controls

How are banks responding

Banks have commenced KYC / AML compliance and change programmes with a particular focus on:
i. Due diligence process vi. Global KYC / AML governance
ii. Refreshed policies, procedures, processes vii. Shared service centres and external utilities
iii. Risk assessment viii. Remediation
iv. Better reporting of risks ix. More prudent risk thresholds and transactions surveillance parameters
v. Single client view and owner x. Documentation of decisions and senior management involvement

© 2015 Deloitte & Touche Financial Advisory Services Pte Ltd 14

Framework for FCC operating model is evolving
Governance
Risk & Management Committee

Group Legal and Compliance, Compliance, or Risk

Financial Crime Compliance Division

External Drivers / Regulatory Environment / Customers (behaviour, risks and service experience)
External Stakeholders
Internal Drivers / Compliance and Risk Thresholds / Business (strategy, growth and service delivery) / Internal Audit

Financial Crime Compliance Remit – Specialisation by business segments (PB, Consumer and Global Banking)

Transactions
Operations AML advisory Sanctions advisory ABC advisory Investigations
monitoring advisory
Operationally kept separate
from FCC
Managing relationships with regulators – MLRO function

Remediation and change

KYC / CDD Key Drivers
• Regulatory Policy and procedures setting Regional and country
Transactions , expectations FCC
Roles
Trades Monitoring, • cost of non– Risk identification, management & risk assessment
and Reporting line to
Name screening list compliance
Respon global or regional FCC
• response to crisis Compliance monitoring and surveillance
sibilities as applicable
AML Hub / CoE
or remediation
• Internal risk AML&CFT / Sanctions / ABC Advisory
thresholds
IT / Systems Regulatory reporting, SAR filing and internal MI

Training and awareness

Holistic view of remediation – Additional Considerations Risk thresholds and

Effectiveness of FCC
effectiveness, achieving the objective Efficiency variations

Systems and FCC, COE, CDD Crisis Clarity of roles and Skills set and resourcing
BAU vs PMO
technology governance management overlaps assessment

© 2015 Deloitte & Touche Financial Advisory Services Pte Ltd 15

Elements of a financial crime compliance

• Policy and procedures • Governance, internal

setting dashboard reporting and MI

• Regulatory affairs – dealing with

• Advisory role regulatory / upstream / external
risk / SAR

• Risk identification and Financial Crime • Monitoring and surveillance –

assessment – risk threshold, compliance transactions, trades, cash,
product and client RA sanctions

• Sanctions programme • Remediation and

Change / PMO

• Training and awareness • Resourcing and skills

© 2015 Deloitte & Touche Financial Advisory Services Pte Ltd 16

Financial crime risk management framework
Managing internal risk – escalation of FCC or AML risks to leadership, AML risk heat maps, regulatory
issues, audit and risk assessment outcomes, client / product risk vs business strategy issues

Governance
Effectiveness of CDD /
gate keeping – customer
identification and
verification, screening
Risk assessment, audit

Board

Culture and tone –

Technology and policies, procedures,
process architecture training, expertise

Transactions surveillance
and governance of
“hubbed” activities Management
Controlling persons –
FCC and operations

Managing regulatory risk

• FCC obligations to have a sound compliance framework 17

• Responsive to regulatory changes and effective self assessment to remediate or prevent breaches
17
Financial crime risk management framework

Regulators expect financial institutions to undertake a holistic, firm–wide approach to AML compliance risk
management which encompass governance and oversight, sound monitoring programme and process, staff
training and comprehensive onboarding and monitoring documentation and retention.
The framework is used throughout our AML engagements as a benchmarking tool to benchmark and assess
the robustness of a client’s existing framework against current and changing regulatory requirements and
developments.

© 2015 Deloitte & Touche Financial Advisory Services Pte Ltd 18

Financial crime risk management framework

Business senior management responsibility

Monitoring programme
Customer onboarding screening , risk Transaction activity STR investigation Disclose and exit,
Risk assessment OCDD (KYC)
(KYC) scoring and ECDD monitoring and FIU response prevent re–entry
Define risk assessment Identify and verify Perform ECDD Perform OCDD Monitor transactions Investigate and report Exit customer account
Identify new–to–bank/ Identify additional Key Scheduled or trigger–driven Set transaction alert
suspicious activity
existing customer account party information initiation of OCDD parameters and monitoring Create Manual STRs and Complete and submit
Define approach to risk schedule Collate System Generated disclosure report and
Review existing KYC data STRs
assessment Identify required information supporting evidence to FIU
Perform ECDD
for different customer/service Request and review
needs supporting evidence Monitor transactions Investigate and request
Review, approve and supporting evidence
Request ID and verify activate account Obtain relevant approvals
Assess and perform exit
documentation Change customer Escalate internally decisioning
Develop and maintain risk Store additional ECDD Obtain pre–consent of
engagement and store KYC
assessment documentation suspicious transactions
Store ID and verified Information Report to FIU
documentation
Customer risk scoring Escalate account closure
Retain record decision for
Perform CDD Perform customer screening through Perform trend analysis
existing intelligence data remedial action
Identify key account party
Respond to FIU
Develop and maintain information Identify customer risk category (PEP and High/Normal)
Evaluate and update Identify and gather relevant
customer risk rating
Perform initial KYC (CDD) monitoring criteria information for FIU request
Set due diligence criteria (ECDD and OCDD) Account closure
Review, approve and Submit information gathered
Intelligence data
activate account to legislator
Maintain intelligence lists and sources
Maintain submitted
Prevent re–entry
Store KYC documentation Sanctions screening
Define due diligence criteria information
Customer screening Maintain prohibited list
Quality assure third party on–
boarding providers Payments screening Respond to other FIU orders

Tailored risk based policies and procedures

Training
Management information and reporting
© 2015 Deloitte & Touche Financial Advisory Services Pte Ltd 19
Issues and expectations

20
Overview of financial crime related issues

Regulators continue to expect strong anti–money laundering standards,

robust controls, enhanced client due diligence and suitable AML policies and
Regulatory
procedures.

Organisational operational structures are not in sync with the

Operational fast–moving financial crime landscape

The battle to solve financial crime is rapidly evolving into a

People race for the talent required to mount an effective defence.

Meeting regulatory expectations for near real–time analysis to

Technology potentially detect and prevent fraudulent activities will depend
on a bank’s ability to properly leverage technology

© 2015 Deloitte & Touche Financial Advisory Services Pte Ltd 21 21

What are the expectations from regulators?

• Effectiveness of governance
• Robustness of KYC profiling
• Dealings with shell banks or unlicensed banks
• Anonymous, numbered accounts and/or passbooks
• Source of funds and source of wealth
Some focus areas • Politically Exposed Persons (PEPs)
• No face-to-face meeting with clients
of regulatory • Dormant accounts
inspections • Effectiveness of monitoring systems thresholds – periodic testing of thresholds
• Accounts that have been inactive suddenly experience large activity inconsistent with the normal practice of the
client or their financial ability
• Any dealing with a third party when the identity of the beneficiary or counter–party is undisclosed
• Effectiveness of management oversight and consideration of AML / Sanctions issues at senior management /
key committees
• Follow–up actions after filing of SAR – how decisions made to continue or otherwise exit the relationship

• Governance: Are financial crime / AML / Sanctions issue discussed actively at your Board level?
• Focused on the importance of maintaining a “culture” of compliance and risk management. To be
truly effective, the framework must be reinforced by the proper “tone at the top.”
• Trade finance compliance
• De–risking (global)
• Sanctions
• Tax evasion Expectations?
• Standardisation of KYC / CDD
• Transactions surveillance and name screening / list management
• Understanding regulatory expectations amidst the regulatory diversity in Asia
• Use of technology and analytics as a step above AML framework and systems

© 2015 Deloitte & Touche Financial Advisory Services Pte Ltd 22

22
How does ‘good’ look like?

To ensure a robust AML/CFT framework, several key weaknesses identified across different areas need to be
avoided.
Further, the key fundament to a sustainable AML/CFT framework is one that is nimble, that allows for the
formalisation of key practices and precedents as well as adjustments to account for new developments and
requirements.

© 2015 Deloitte & Touche Financial Advisory Services Pte Ltd 23

How does ‘good’ look like?
AML/CFT Risk Management Framework Key Weakness to Avoid
Business senior management responsibility Management oversight and involvement in decision making – especially
Monitoring programme high risk matters (clients, sanctions, PEPs, etc.) and minutes of committee
Screening , Transaction
STR
Disclose and meetings where AML issues are discussed
Customer investigation
Risk assessment risk scoring OCDD (KYC) activity exit, prevent
onboarding (KYC) and FIU
and ECDD monitoring re–entry
response Failure to differentiate between CDD and ECDD
Define risk Identify and verify Perform ECDD Perform OCDD Monitor transactions Investigate and report Exit customer account
assessment Scheduled or suspicious activity
Identify new–to– Identify additional
bank/ existing Key account party Trigger–Driven Set transaction
Create Manual Complete and
Systems and processes are not robust enough to deal with high risk issues
Initiation of OCDD alert parameters
customer information and monitoring STRs and Collate submit disclosure or effective transactions monitoring
Define approach Review existing System report and
Identify required schedule
to risk assessment KYC data Generated STRs supporting
information for
different
Perform ECDD
Request and evidence to FIU Failure to take action after SAR is filed or close follow up on relationships
Investigate and
customer/service review supporting Monitor
Request identified for exit
needs Review, Approve evidence transactions
Supporting
and Activate Obtain relevant
Request ID and
account approvals
Evidence Assess and Weak documentation for approvals / rationale in closing and / or dealing
verify
Develop and documentation Store additional
Change customer Obtain pre–
consent of
Escalate internally
perform exit
decisioning
with issues that come to the bank’s attention
engagement and
maintain risk ECDD store KYC suspicious
Store ID and documentation
assessment
verified Information transactions Report to FIU Inconsistency in treatment of AML findings and as a result of process and
documentation
Customer risk scoring Escalate account requirements not being formalised and “ad–hoc” approach
Perform trend Retain Record closure decision
Perform CDD Perform customer screening through for
existing intelligence data
analysis
remedial action
Lack of clarity or otherwise escalation process not formalised
Identify key
account party Respond to FIU
Develop and Identify customer risk category (PEP and Identify and gather
information High/Normal) Evaluate and Timeliness in addressing remediation or recurring issues, investigation /
maintain customer relevant
update monitoring
risk rating Perform initial KYC Set due diligence criteria (ECDD and criteria
information for FIU
Account closure
escalations – inefficient process and exercise of judgment
(CDD) OCDD) request
Review, approve Submit information
and activate
Intelligence data gathered to Failing to record the rationale for decisions to discount false positives or
account Maintain intelligence lists and sources legislator transactions alerts
Prevent re–entry
Store KYC Maintain submitted KYC/CDD and customer risk classifications are unclear or weak and the
Define due documentation Sanctions screening information
diligence criteria
Customer screening Maintain prohibited bank and key stakeholders do not understand the risks
Quality assure
Respond to other list
third party on–
boarding providers Payments screening FIU orders Level of due diligence required is not clearly documented/ understood
Tailored risk based policies and procedures
“Warning signs list” and red flags are not updated regularly
Training

Management information and reporting Lack of standalone policies/procedures to address various specific AML 24
© 2015 Deloitte & Touche Financial Advisory Services Pte Ltd risk (e.g. trade finance) and training often fails to address emerging risks 24
Recommendations for actions

Take a holistic approach

In practice, taking a more holistic approach means moving away from In tandem, the organisation should assess its current state, set a vision for
federated approaches to more centralised efforts for preventing, the future state, develop a roadmap for getting there, and outline a target
investigating and remediating financial crime. Here, the risk management operating model. During this process, the organisation should search for
elements that were once handled within silos are linked in an effective, synergies between its financial crime intelligence and customer intelligence
organisation–wide programme. This involves seeing financial crime as a initiatives to identify opportunities for improving customer service and adding
lifecycle comprising four stages — compliance, prevention and detection, value to the business. The more this can be achieved, the greater the
investigation and remediation, and monitoring and testing — then economies of scale and the better the chances of cross–domain bearing
addressing each item. fruit.

Be prepared for significant cultural change

Institutions shouldn’t underestimate the cultural and operational change Taking a genuinely enterprise–wide approach to financial crime therefore
programme required to take a more holistic approach to financial crime. requires significant levels of internal communication and agreement, and can
This should begin with setting the tone at the top of the organisation and result in significant changes. For example, Deloitte has seen institutions
continue by working diligently toward buy–in from stakeholders, having a relinquish up to 30 percent of their customers as part of programmes aimed
clear and effective communications programme, and allowing sufficient at making their organisations compliant and resilient.
resources for training staff and managing workforce transitions.

25
Recommendations for actions
Improve the quality of your data
The larger and more distributed a financial organisation becomes, the In response, organisations should focus on improving and standardising
harder it is for it to access consistent, high–quality and standardised data. data to increase their capacity to perform centralised analysis. They
This is particularly true for institutions that have multiple technology should also explore the use of the latest analytics techniques, which
systems because they have grown through acquisition, and those that make it possible to still derive insights from unstructured information
have offices in countries such as Switzerland with restrictive data transfer sources or data from disparate systems across the enterprise. The more
laws. sophisticated systems can not only help predict problems, they can learn
as they go.

Secure the right talent – centrally and locally

The battle to solve financial crime is rapidly evolving into a race for the They are also finding it desirable to have strong capabilities “on the
talent required to mount an effective defence. Our clients are experiencing ground” close to customers, especially in locations that may be very
a particular shortage of individuals capable of completing more analytical different to the countries in which their central corporate governance and
and critical assessments in emerging market locations, including parts of compliance teams are located.
Africa, Asia, and Central and South America.

Prepare for the future

A new framework for addressing financial crime should consider both We are also seeing a rapid evolution in payment technologies; issues
current and future threats. As with the rise of online banking in recent regarding commercial espionage; and a growing interest in how financial
years, crypto–currencies are opening up new avenues for criminals. institutions can help authorities monitor money flows into and out of
burgeoning sovereign wealth funds. To accommodate these trends, new
frameworks should be built to expect the unexpected and allow for
relatively rapid change.
26
Recap …

27
The financial crime lifecycle
Assessing allegations of fraud or
financial mismanagement, responding
to government regulatory requests, and
Assessing financial crime systems helping financial services organisations
and policies to ensure they are remedy issues and prevent their
efficient and tailoring systems to reoccurrence. This involves data
meet changing internal and assessment, e–discovery,
external threats. understanding relevant laws and
regulations, and undertaking cyber
response activities.

THE FINANCIAL
CRIME LIFE CYCLE

Reducing financial crime incidents

and identifying early issues and
Acting in accordance with the risks by implementing effective
requirements of relevant operational controls. The focus is
authorities by implementing on enterprise fraud and misuse
governance structures and management using integrated
financial crime strategies. technology platforms and
advanced analytics.
© 2015 Deloitte & Touche Financial Advisory Services Pte Ltd 28
A seamless and effective financial crime risk management
framework needs a concerted effort across functions, with
leadership from the top
Financial institutions – Lines of defense

Business unit
Front line staff and their supporting administrative teams represent the
Relationship managers
In business AML first line of defense
Teller staff
• Onboarding of new customers, application of Know Your Customer
policies and procedures, and increasingly, performing full cycle
Customer Due–diligence (CDD) activities
Operations 1
Transactions surveillance CDD / KYC
Provides AML advisory to and day–to–day management of the 1st and
3rd lines of defense to include AML technology applications
• Provides assurance of controls using guidelines from UK, US,
HKMA and MAS regulatory agencies and interpretation of AML regs
Geographic units and legal / compliance
• Typically houses Banks’ FIU; reviews High Risk clients (i.e. EDD)
2
AML / FCC
Regional heads Global heads
specialist teams

Testing • Internal testing and assurance

• Internal remediation before regulatory issues are raised
Internal audit Risk assessments 3

Leadership / Management • Accountable for all FCC/ AML policies, procedures, and controls
© 2015 Deloitte & Touche Financial Advisory Services Pte Ltd 4 • Approves bank–wide FCC platforms and resourcing decisions 29
Board of Directors CCO, COO, CEO
• Risk escalations
Importance of financial crime risk management
Inadequate or poorly managed FCC programmes will increase reputational, operational, and legal risk to the bank.

Regulatory Reputational Operational Legal

Failure to meet the Adverse publicity Loss of business Enforcement, lawsuits,

various regulations and regarding an resulting from adverse judgments,
expectations will organisation’s business inadequate internal unenforceable
subject banks to practices and processes, personnel or contracts, fines and
penalties and associations, whether systems or from penalties generating
consequences. It will accurate or not, will external events. losses, increased
also means prolonged cause a loss of public expenses for an
scrutiny under the confidence in the organisation, or even
regulators’ radar – integrity of the the closure
locally, regionally and organisation. of the organisation.
globally.

Founded in 1836, US based Riggs Bank, which for years was known as ''the
Switzerland's oldest bank shut down after admitting to helping American clients most important bank in the most important city in the world,'‘ closed its doors in
evade $1.2bn in taxes. Wegelin became the first foreign bank to plead guilty to tax 2005 due to investigations, fines, and media backlash over its sub–standard
evasion in the US and it has been forced to pay $57.8m in fines to the US AML/Sanctions controls.
authorities. • The bank held substantial assets for Gen. Augusto Pinochet, the former
• The US allegations forced the bank to sell off its Swiss and other non–US Chilean dictator
businesses • Numerous improprieties identified in some of 150 Saudi accounts at Riggs,
• Wegelin is a small bank where eight partners hold unlimited liability for its including Saudi Royal family members
operations. It has no US offices or branches and it conducted its tax evasion • Equatorial Guinea’s dictator, Teodoro Obiang Nguema Mbasago was the
business in part through correspondent banking accounts at UBS the US bank's largest client, with accounts amounting to more than $700 million
Source: Reuters Source: The New York Times
© 2015 Deloitte & Touche Financial Advisory Services Pte Ltd 30
Speaker’s profile

31
Speaker’s profile

Radish Singh

Southeast Asia Anti-Money Laundering / Sanctions Leader, Deloitte Southeast Asia

+65 6224 8288
[email protected]

Radish Singh leads the Regulatory Advisory – Financial Crime, Anti-Money Laundering (AML), Sanctions and
Know-Your-Customer (KYC) – practice within Deloitte Forensic in Singapore and Southeast Asia. With over 17
years of experience, Radish is a subject matter expert on advising financial institutions on financial crime. She has
been actively presenting on global regulatory reform to major banks and institutions in Singapore as well as in
various public forums. Her clientele currently incudes major global and local banks in Singapore. She has also
previously led an engagement with the Association of Banks in Singapore to revise and modernise their AML
guidelines for the banking industry in Singapore. She has also advised the Institute of Banking and Finance
Singapore on revising their compliance and AML industry standards modules.

© 2015 Deloitte & Touche Financial Advisory Services Pte Ltd 32

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its
member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/sg/about for a more detailed
description of DTTL and its member firms. Deloitte provides audit, consulting, financial advisory, risk management, tax and related services to public and private clients spanning multiple industries.
With a globally connected network of member firms in more than 150 countries and territories, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they
need to address their most complex business challenges. Deloitte’s more than 210,000 professionals are committed to becoming the standard of excellence.

About Deloitte Southeast Asia

Deloitte Southeast Asia Ltd – a member firm of Deloitte Touche Tohmatsu Limited comprising Deloitte practices operating in Brunei, Cambodia, Guam, Indonesia, Lao PDR, Malaysia, Myanmar,
Philippines, Singapore, Thailand and Vietnam – was established to deliver measurable value to the particular demands of increasingly intra-regional and fast growing companies and enterprises.
Comprising over 270 partners and 6,300 professionals in 24 office locations, the subsidiaries and affiliates of Deloitte Southeast Asia Ltd combine their technical expertise and deep industry knowledge
to deliver consistent high quality services to companies in the region. All services are provided through the individual country practices, their subsidiaries and affiliates which are separate and
independent legal entities.

About Deloitte Singapore

In Singapore, services are provided by Deloitte & Touche LLP and its subsidiaries and affiliates.

This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the “Deloitte network”) is, by means of this
communication, rendering professional advice or services. No entity in the Deloitte network shall be responsible for any loss whatsoever sustained by any person who relies on this communication.

© 2015 Deloitte & Touche Financial Advisory Services Pte Ltd

33