Red Flags Prt 3

This is the third part to our report on the main red flags compliance departments should look for to identify potential money laundering.

This section covers – Bank to Bank Transactions – Lending Activity – Cross Border Transactions and Currency Shipments.

You can navigate to our help on red flags in parts one and two from this post.

Jump to Specific Sections

Lending Activity

Bank to Bank Transactions

Cross Border Transactions

Currency Shipments

Go to part one Go to Part Two

Lending Activity   Go to top

  • Loans secured by pledged assets held by third parties unrelated to the borrower.
  • Loan secured by deposits or other readily marketable assets, such as securities, particularly when owned by apparently unrelated third parties.
  • Borrower defaults on a cash-secured loan or any loan that is secured by assets which are readily convertible into currency.
  • Loans are made for, or are paid on behalf of, a third party with no reasonable explanation.
  • To secure a loan, the customer purchases a certificate of deposit using an unknown source of funds, particularly when funds are provided via currency or multiple monetary instruments.
  • Loans that lack a legitimate business purpose, provide the bank with significant fees for assuming little or no risk, or tend to obscure the movement of funds (e.g., loans made to a borrower and immediately sold to an entity related to the borrower).

Changes in Bank-to-Bank Transactions  Go to top

  • The size and frequency of currency deposits increases rapidly with no corresponding increase in non-currency deposits.
  • A bank is unable to track the true account holder of correspondent or concentration account transactions.
  • The turnover in large-denomination bills is significant and appears uncharacteristic, given the bank’s location.
  • Changes in currency-shipment patterns between correspondent banks are significant.

Cross-Border Financial Institution Transactions  Go to top

  • U.S. bank increases sales or exchanges of large denomination U.S. bank notes to Mexican financial institution(s).
  • Large volumes of small denomination U.S. banknotes being sent from Mexican casas de cambio to their U.S. accounts via armored transport or sold directly to U.S. banks. These sales or exchanges may involve jurisdictions outside of Mexico.
  • Casas de cambio direct the remittance of funds via multiple funds transfers to jurisdictions outside of Mexico that bear no apparent business relationship with the casas de cambio. Funds transfer recipients may include individuals, businesses, and other entities in free trade zones.
  • Casas de cambio deposit numerous third-party items, including sequentially numbered monetary instruments, to their accounts at U.S. banks.
  • Casas de cambio direct the remittance of funds transfers from their accounts at Mexican financial institutions to accounts at U.S. banks. These funds transfers follow the deposit of currency and third-party items by the casas de cambio into their Mexican financial institution.

Bulk Currency Shipments  Go to top

  • An increase in the sale of large denomination U.S. bank notes to foreign financial institutions by U.S. banks.
  • Large volumes of small denomination U.S. bank notes being sent from foreign nonbank financial institutions to their accounts in the United States via armored transport, or sold directly to U.S. banks.
  • Multiple wire transfers initiated by foreign nonbank financial institutions that direct U.S. banks to remit funds to other jurisdictions that bear no apparent business relationship with that foreign nonbank financial institution. Recipients may include individuals, businesses, and other entities in free trade zones and other locations.
  • The exchange of small denomination U.S. bank notes for large denomination U.S. bank notes that may be sent to foreign countries.
  • Deposits by foreign non-bank financial institutions to their accounts at U.S. banks that include third-party items, including sequentially numbered monetary instruments.

Go to part one Go to Part Two

AML suspicious activity

Money Laundering Red Flags

By CYW-Admin / 27 May 2019 / 0 Comments
Retail Banking

How to Investigate Money Laundering

By CYW-Admin / 17 November 2019 / 0 Comments

Cyber Money Laundering 101

By CYW-Admin / 10 June 2019 / 0 Comments
Money Laundering Definition

What are the best Money Laundering Schemes?

By CYW-Admin / 19 November 2019 / 0 Comments

What is a Politically Exposed Person?

By CYW-Admin / 13 November 2019 / 0 Comments
How to Assess and Manage Risk

Anti Money Laundering Warning Signs

By CYW-Admin / 6 July 2019 / 0 Comments

AML Compliance Vacancies

By CYW-Admin / 1 June 2019 / 0 Comments
Money Laundering Compliance

Preventing Money Laundering 101

By CYW-Admin / 22 June 2019 / 0 Comments


By CYW-Admin / 29 September 2019 / 0 Comments

What are the best Money Laundering Schemes?

Money Laundering Definition

What are the best Money Laundering Schemes?

Best money laundering schemes
Best money laundering schemes

To keep this post quick and easy to read we’ve put all the schemes we can think of in a table and provided links to more content to find out how they work.

We’ve also provided a column explaining how the authorities, or even the banks could find out money was being cleaned.

Read on to find out what are the best money laundering schemes…

SchemeResourcesSectorDetect itLearn more
Cum ExInvestment accounts. Claim tax back on dividend revenue more than once. InvestmentsTrack short selling and same buyer/seller chain repeatedly transacting. Link
Bitcoin or otherCrypto wallet. Wash asset through bitcoin tumbler repeatedly across exchanges and borders. CryptoVery difficult tracing. Repeat buying and selling of Crypto with fiat currency exchanged as cash out. Link
Gift CardPurchase Gift cards with dirty money and sell them on the darknet or on exchange sites for less, cashing out. RetailRepeat purchases of giftcards and cash out receipts into legit accounts.Link
Cash businessA restaurant, gas station, car cleaning business etc.RetailOver average business income. All cash deposits. Deposits from outside the business area. Link
SmurfingPeople to deposit cash.DepositsDeposits away from business area. Multiple under threshold deposits.
Black Market exchangeA currency exchange network. Give dirty money to the exchange who uses it to purchase legitimate business contracts in that country. Country of origin legit business then pays for the contracts in local currency. Exchanger then gives that clean local currency to the original criminal (usually drug trafficker in Sth America) CurrencyRepeat deposits from the same exchanger. Unregistered currency exchange. High cash turnover.
Hawala exchangeSimilar to the above. Unregistered usually Asian market. CurrencySimilar to the above.
Gig economyEmploy a Uber taxi or AirBnB owner to take bogus bookings for a fee. Keep the returned clean money. GigGig business depositing large amounts over their usual amount. Over average refunds from bookings. Vehicle tracking. Link
Service sectorSell bogus services that do not take place in return for dirty money. Service sectorUnusual high value receipts. Out of the norm deposits. Out of the norm business.
Trade businessA registered business. Under or over invoice to transfer cash without product or serviceBusinessPort data. Trading in risk geographies. Customs data. Credit note discrepancies. Out of sector business.Link.
TrustsRegister personal assets in the trust to avoid tax. Planes, yachts. Register in tax havens and do not declare to authorities. Hide as a business asset. BusinessAsset base of trusts registered by nominee or law firms to hide beneficial owner.
Shell companyRegister company and use just to move money through complex transactions and loan arrangements. Have nominee directors to hide your identity or create a chain of businesses to ‘won’ each other with shares below 25% to avoid registration requirements. BusinessComplex and repeated business transaction of high value between offshore business. No natural person identification.
LoansSet up a company offshore as your employer. All payments for your work through the company. Get paid as a loan that you will never settle. They can’t tax a loan. BusinessPayments from offshore business each month with no apparent business conducted.
Real EstateBuy real estate with dirty money and hide behind offshore business as the owner. Avoid tax and clean dirty money. Real EstateHigh cost property purchase for no apparent business reason by a business. Offshore business purchasing it. No absolute beneficial owner.
Rental or renovateBuy and sell real estate within a network to move money. Purchase price improved by ‘renovations’ . Rent it to non-existent people to clean income. Real EstateProperty in a geography nt conected to the business. Frequently offshore beneficial owner.
Private ATMUse dirty money in your atm. Withdrawals to the general public transfer the cash into banking deposits of clean money. BusinessOver average withdrawals. Over average cash deposits in the machine. Unexplained business ‘profits’.
CasinoBuy chips with dirty money, place one bet and cash out with clean. GamblingRepeat deposits from gambling business.
Mirror tradingBuy and sell the same shares through complex web of accounts to maintain net neutrality but spending dirty money and replacing with clean.InvestmentsRepeat spending and returns from brokers with little in terms of revenue difference. Short term investments in what should be a long term position. Link
Risk jurisdictional tradingReceiving or depositing assets in risk jurisdictions. Gold in a location that doesn’t mine it is one example. TradeFrequent transactions with ‘risk’ jurisdictions for no apparent business aim.
InvoicingCreate fake invoices to take legitimate cash out of a business and use personally. Replace with false sales coming in. BusinessRepeated deposits to the same ‘business’ account

Of course for all money laundering schemes there are various databases and tools to deploy to combat them. Be that a fraud or sector database. The key is to employ them in a whole solution so searches are conducted once and do not rely on human interaction to miss-spell or other.

There are many methods to hide dirty money in the legitimate economy. If you suspect someone is laundering money through your business talk to us to help you.

How To Develop A Risk Based Approach

How to develop a risk based approach

How To Develop A Risk Based Approach

How to develop a risk based approach
How to develop a risk based approach

FATF advocate a risk based approach to manage Money Laundering and Terrorist Financing. But how do you develop a risk based approach and what does the term mean? Read on for a guide.

Assessing Risk and Developing a Risk Scoring Model

  • Risk-based AML controls are key and required in many countries
  • Increases the chances of avoiding criminals and government sanctions and penalties
  • Risk-Based Approach – RBA – A risk-based approach requires institutions to have systems and controls that are commensurate with the specific risks of money laundering and terrorist financing. Assessing these risks is, therefore, one of the most important steps in creating a good AML/CFT compliance program.

Levels of Risk

Prohibited Company will not tolerate any dealings of any kind. Examples: Prohibited transactions: Involving countries subject to sanctions. Prohibited customers: shell banks.

High Risk The risks are significant, but not necessarily prohibited. To manage the heightened risk, the firm should apply more stringent controls. Examples: PEPs, correspondent banking, private banking

AML suspicious activity

Money Laundering Red Flags

By CYW-Admin / 27 May 2019 / 0 Comments
Retail Banking

How to Investigate Money Laundering

By CYW-Admin / 17 November 2019 / 0 Comments

Cyber Money Laundering 101

By CYW-Admin / 10 June 2019 / 0 Comments
Money Laundering Definition

What are the best Money Laundering Schemes?

By CYW-Admin / 19 November 2019 / 0 Comments

What is a Politically Exposed Person?

By CYW-Admin / 13 November 2019 / 0 Comments
How to Assess and Manage Risk

Anti Money Laundering Warning Signs

By CYW-Admin / 6 July 2019 / 0 Comments

AML Compliance Vacancies

By CYW-Admin / 1 June 2019 / 0 Comments
Money Laundering Compliance

Preventing Money Laundering 101

By CYW-Admin / 22 June 2019 / 0 Comments


By CYW-Admin / 29 September 2019 / 0 Comments

Medium Risk Medium risks are more than a low or standard risk of money laundering, and merit additional scrutiny, but do not rise to the level of high-risk. Examples: Local company exporting some goods to Canada

Low Risk Baseline risk of money laundering; normal business rules apply. FATF member countries and domestic retail customers are frequently, but not always, considered to be standard- or low-risk. Examples: School teacher

Risk Types


Below the three main risk types there are structural risks.

Summary Risk Factors

Geographical Risk. Sanctions are frequently enforced against countries lacking adequate AML/CFT controls, terrorist funding countries, corruption, etc. They are more so now, enforced against sectors and even individuals.

Customer Risk. Casinos, offshore corporations, banks located in tax havens, leather good stores, currency exchange houses, money remitters, check cashers, car/boat/plane dealers, travel agencies, gem dealers, import/export, cash intensive businesses, etc.

Product Risk. PEPs, Private banking, offshore international activity, deposit-taking facilities, wire transfer and cash management functions, transactions in which beneficiary is undisclosed, traveller checks, money orders, etc.

FATF: CDD and Risk-Based Approach

  • USA Patriot Act Section 319:
    • CDD measures:
      • Identifying customer and verifying identity
      • Identifying beneficial owner, and verifying identity
      • Obtaining information on business relationship
      • Conducting ongoing due diligence on business relationship and scrutiny of transactions

The Financial Institution should determine the extent of such measures on a risk sensitive basis depending on the type of customer, business relationship or transaction.

Risk Assessment Links to the AML Management Program

Internal risk divergence
Internal risk divergence

How law enforcement may see negligence with a risk based approach. When obvious errors are missed or indeed deliberately and willfully ignored. The blue route suggests criminal insiders.

Policies and Procedures

  • Must be in writing
  • Endorsement of management
  • Overview of laws and regulations
  • What constitutes suspicious activity and how to deal with it
  • Procedures when reporting suspicious activity
  • How to deal with regulatory or law enforcement requests
  • While policies and procedures provide important guidance, the AML/CFT Program also relies on a variety of internal controls, including management reports, and other built-in safeguards that keep the program working.
    • Should include:
      • Identify high risk operations
      • Make sure board or committee of the board/senior management is informed of compliance initiatives, corrective actions, suspicious activity
      • Assign clear accountability to persons for performance of duties
      • Provide for program continuity
      • Meet regulatory requirements
      • Provide for periodic review
  • Use a risk-based approach
  • Provide sufficient controls and monitoring systems for timely detection of suspicious activity/large currency transactions
  • Provide for dual controls and segregation of duties
  • Comply with all record keeping requirements
  • Adequate supervision of employees who handle large currency transactions, complete records, grant exemptions
  • Train employees to be aware of their responsibilities
  • Implement screening programs to ensure high standards when hiring employees
  • Test effectiveness of the program
  • Use a risk-based approach
  • Provide sufficient controls and monitoring systems for timely detection of suspicious activity/large currency transactions
  • Provide for dual controls and segregation of duties
  • Comply with all record keeping requirements
  • Adequate supervision of employees who handle large currency transactions, complete records, grant exemptions
  • Train employees to be aware of their responsibilities
  • Implement screening programs to ensure high standards when hiring employees
  • Test effectiveness of the program.

The compliance officer should be responsible for designing and implementing the program, making necessary changes and disseminating the information about the program’s success and failures to key staff members, constructing AML/CFT related content for staff training programs and staying current on legal and regulatory developments in the field.

Role of Compliance

  1. Designing and supporting a regulatory risk framework for the business
  2. Supporting and challenging business line management on the completeness and accuracy of compliance risk management activities
  3. Advice to business units on regulatory obligations/expectations and the creation and implementation of compliance policies
  4. Monitoring and reporting
    The role of compliance should be to take the lead in identifying and managing the significant regulatory and reputational risks to which the business is exposed
AML suspicious activity

Money Laundering Red Flags

By CYW-Admin / 27 May 2019 / 0 Comments
Retail Banking

How to Investigate Money Laundering

By CYW-Admin / 17 November 2019 / 0 Comments

Cyber Money Laundering 101

By CYW-Admin / 10 June 2019 / 0 Comments
Money Laundering Definition

What are the best Money Laundering Schemes?

By CYW-Admin / 19 November 2019 / 0 Comments

What is a Politically Exposed Person?

By CYW-Admin / 13 November 2019 / 0 Comments
How to Assess and Manage Risk

Anti Money Laundering Warning Signs

By CYW-Admin / 6 July 2019 / 0 Comments

AML Compliance Vacancies

By CYW-Admin / 1 June 2019 / 0 Comments
Money Laundering Compliance

Preventing Money Laundering 101

By CYW-Admin / 22 June 2019 / 0 Comments


By CYW-Admin / 29 September 2019 / 0 Comments

Key Questions to Consider

  1. Do you have a formally stated, clearly articulated vision/role for compliance?
  2. Has the board approved the strategy for compliance to meet its objectives and does it have an adequate budget?
  3. Does the business have clear mechanisms for measuring the performance of compliance versus strategy?
  4. Is there a clear allocation of responsibilities between the first line and compliance. Is this understood?
  5. Does it work?

AML/CFT Training

  • Document all training, even informal training at staff meetings, etc.
  • Ensure training is appropriate for target audience.
  • Provide training for the AML/CFT officer and staff conducting independent audit and testing.
  • Train senior management and board of directors on AML/CFT risks to the institution.
  • Maintain detailed records of attendance and publish metrics.
  • Why, who, how, where, when and what needs training.

Contact us to design a training package.

Effective Program Management

  • AML/CFT compliance programs are not static
  • Policies and procedures and internal controls need to evolve
  • Systems and procedures need to be tested, tuned and refined
  • Risk assessments need to be reevaluated
  • Senior management needs to be knowledgeable about the changes to the AML/CFT Program and approve them periodically
  • Audit and regulatory findings should be tracked and reported to senior management

Independent Review

  • Are proper records being maintained?
  • Are SARs/STRs properly filled out and filed in a timely fashion?
  • Is proper identification being requested from customers and verified?
  • Are “high risk” accounts being reviewed regularly?
  • Is the program being followed?
  • Do all employees understand the program?
  • Are the proper procedures in place?
  • Are employees of the institution using the procedures as required?
  • Are customers subjected to sanctions screening?
  • What processes are used for transaction monitoring?
  • Are employees being trained adequately?

Contact us for an independent review of your systems.

We can tress test your provision.

Compliance Culture

  • Embedding a compliance culture into the overall institutional culture is key to an effective AML/CFT program
  • Strong Culture of Compliance – Setting the Tone at the Top Guides and reinforces employees as they make decisions and choices each day. Raising awareness, to the point where everyone in the organization feels compelled to deter and detect money laundering, is vital.

FINCEN, the US FIU, issued an advisory on how financial institutions can ensure they maintain a culture of compliance:

  1. Leadership actively supports compliance
  2. Mitigation of AML/CFT risk is not compromised by revenue interests
  3. Internal information sharing
  4. Adequate resources for the AML/CFT program
  5. Independent testing by competent party
  6. Understand how STR reporting is used

Board Responsibility

  • Ultimate responsibility for the AML/CFT program rests with the board of directors
  • Reviewing and approving the overall AML/CFT program and ensuring that there is on-going oversight.
  • Make sure the program is adequately implemented and maintained by staff.
  • Responsibility Does not mean that board members are expected to become AML/CFT experts themselves, or that they are responsible for day-today program management.

Board Responsibility – During Audit/Exam

  • The board’s oversight role also extends to the supervisor’s examination process:
    • Examiners/auditors interview board and management to gauge the board’s commitment to compliance, its understanding of the law, and knowledge of how the institution operates
    • Ensure that any necessary corrective action is taken in respect of deficiencies found during the audit process. Specific duties can be delegated, but the board will be responsible if problems, cited by the examiner or the auditor, are not corrected

Board of Directors – Showing Commitment

  • Establishing a strong compliance plan that is approved by the board of directors and is fully implemented
  • Insisting that it be kept informed of compliance efforts, audit reports and any compliance failures, with corrective measures instituted
  • Communicating compliance expectations to the institution personnel
  • Employment is conditional on regulatory compliance

Independence of AML/CFT Compliance Team

  • Compliance staff should generally also be sufficiently independent of the line of business they support so that potential conflicts of interest are minimized.
  • No incentive based on the profitability of the line of business they support, to avoid a conflict of interest.
  • Compliance staff may sit within the line of business and report to line management, but it should have the ability to escalate issues without fear of recrimination to a compliance or risk management function outside the line of business.

How to Conduct Customer Due Diligence

How to conduct customer due diligence

How to Conduct Customer Due Diligence

How to conduct customer due diligence
How to conduct customer due diligence

It is of fundamental importance to institutes to understand who their customers are. How to conduct customer due diligence is therefore central to combating crime. Data management for customers is a critical issue. Today, institutes struggle to match up customer data from inside their own systems. Operation Embrace aims to change this for them.

In this article we will identify high level guidance to framework customer due diligence.

Customer Due Diligence

Understand customer due diligence
Understand customer due diligence
  • Main Elements:

Account Opening, Customer Identification and Verification

  • A sound CDD program should have reliable customer identification and account opening procedures.
  • Institutions should adopt account opening procedures that allow them to determine the true identity of customers.
  • Institutions should set identification standards tailored to the risk posed by particular customers.
  • Specific regulations and laws that set out what institutions are required to do regarding customer identification.

Account Opening

Account opening
CDD Account opening
  • Each customer should be asked:
    • Name
    • Address
    • Telephone number etc.
    • Date and place of birth
    • Nationality
    • Occupation
    • Personal ID number (tax/passport number)
    • Type of accounts and nature of relationship with FI
    • ALSO: When appropriate, obtain information about the source of wealth, source of funds and the customer’s line of business.
    • Apply equally effective customer identification procedures for non-face-to-face customers as for those available for interview.
  • For corporate entities:
    • Name of institution Principal place of its business operations, Mailing address.
    • Names of primary contact people or those authorized to use the account, Contact people’s telephone and fax numbers
    • Some form of official identification number, if available (e.g., tax identification number)
    • The original or certified copy of the Certificate of Incorporation, etc.
    • Board of Directors resolution to open an account and identification of those who have authority to operate the account, including beneficial owners
    • Nature and purpose of business, and its legitimacy

Customer data should then be mapped with metadata to explain how, when, where, who and what was recorded and why. The data should be identified and categorised to allow future mapping to other data-sets that may not align exactly (for example the middle name or date of birth missing but an age and first/surname being available in a second data-set)

Customer Identification Program (CIP)

  • Identifying information
  • Complying with record-keeping requirements
  • Checking new accounts against prescribed government lists, if applicable
  • Providing adequate notice about customer identification requirements
  • Covering the institution’s reliance on other financial institutions or third parties, if applicable.
  • Determining whether and when suspicious transaction reports should be filed
  • Conducting a risk analysis of customers
  • Opening new accounts for existing customers
  • Obtaining the approval of the board of directors, either separately or as part of AML/CFT program
  • Conducting audit and training programs to ensure that the CIP is adequately incorporated
  • Verifying that all new accounts are checked against government lists

Consolidated Customer Due Diligence

  • According to the Basel Committee, a global risk management program for CDD should incorporate consistent identification and monitoring of customer accounts globally across business lines and geographical locations, as well as oversight at the parent level
  • Appliance of customer acceptance policy, procedures for customer identification, process for monitoring and risk management framework on a global basis
  • CLASH? Where the minimum CDD standards of the home and host countries differ, offices in host jurisdictions should apply the higher standard of the two. Where this appears not to be possible, the institution should confer with its home office and attorneys

List Screening

  • Sanctions
    • Determine customer does not appear on designated lists provided by a government or international body
  • PEPS
    • Determine whether customer may currently or previously maintained a government position that meets a statutory or organizational PEP definition
  • Negative Media
    • Determine whether customer appears in media publications in negative manner, that a financial institution may consider risk relevant

Know Your Employee (KYE) Program

  • Having equal programs for know your customer and for know your employee are essential.
    • A criminally co-opted bank employee might facilitate money laundering (insider abuse/”enemy within”)
    • Goal: Allows firm to understand an employee’s background, conflicts of interest and susceptibility to money laundering complicity.
    • Background screening – a minimum, reveals information on a job applicant’s criminal convictions. When applying for a job and on an ongoing basis.
  • Policies, procedures, internal controls
    • Code of conduct/ethics
    • Levels of authority
    • Compliance with personnel laws and regulations
    • Accountability, Monitoring, Dual controls

Knowing who an employee or customer is can make managing financial crime easier to manage. Institutes should have controls, policies, processes and cultural cues to help them manage risk.

CYW can help institutes with uncovering internal criminality.

Contact us for more…

What is a Financial Intelligence Unit?


What is an FIU?

What is a financial intelligence unit?
What is a financial intelligence unit?

What is a Financial Intelligence Unit and what do they do? FIUs are jurisdictional intelligence units who collate SARs/STRs across a region, have analysis departments to make sense of the information and coordinate with law enforcement agencies to instigate executive action.

Financial Intelligence Unit

A jurisdictional intelligence organisation that coordinates SAR/STR information and produces intelligence from the raw information. In large countries they have regional offices dispersed across the country.

Communication between FIU’s:

  • Participate in the Egmont Group
  • Often based on an MOU
  • Dedicated to obtaining intelligence that may lead to evidence (Use MLATS for evidence)
  • Free exchange of information based on reciprocity
  • Exchange of information should be informal and rapid
  • Communication between FIUs should be direct without intermediaries

FIU Requests

An Overview:

  • Most requests for financial intelligence via the FIU network are made in writing.
  • The requesting FIU sends a request to another FIU, either by letter or by filling out a request form.
  • Requests are transmitted either on paper or electronically.
  • Some FIUs send requests to each other via secure networks, such as the Egmont Secure Web or, for European Union FIUs, FIU-NET.
  • In urgent cases, FIUs will request information orally. If the receiving FIU accepts such a request, it will normally ask the requesting FIU to follow up with a request in writing.
  • Information exchange internationally is a vital component in the fight against money laundering. It, however, relies on swift response. In some cases jurisdictions can be slow to respond and fail in their responsibilities internationally. FATF ‘inspect’ this in evaluations.

FATF recommendations for FIUs

Recommendation 29

  • Countries should establish a FIU that serves as a national centre for the receipt and analysis of:
    • STRs
    • Information relevant to money laundering, associated predicate offences, and terrorist financing, and for the dissemination of the results of that analysis

Recommendation 30 & 31

  • Responsible for conducting money laundering and terrorist financing investigations within national AML/CFT framework
  • In major proceeds-generating offenses, develop a parallel financial investigation
  • Trace, freeze and seize property from the proceeds of crime
  • Access all necessary documents and information for the investigation
  • Utilise suitable investigation techniques such as undercover operations, communication interception, accessing computer systems, etc.
FIU data sharing and analysis
FIU data sharing and analysis

FATF cooperation between countries includes recommendations that involve FIUs

Recommendations that pertain to international money laundering investigations:
• Recommendation 36: Implementation of Conventions
• Recommendation 40: Other forms of cooperation

FATF Recommendation 36

International Instruments

  • Countries should take immediate steps to become party to and implement fully:
    • The Vienna Convention, 1988;
    • The Palermo Convention, 2000;
    • The United Nations Convention against Corruption, 2003; and
    • The Terrorist Financing Convention, 1999.

FATF Recommendation 40

  • Other forms of cooperation:
    • Countries should ensure that their competent authorities can rapidly, constructively and effectively provide the widest range of international cooperation in relation to money laundering, associated predicate offences and terrorist financing.
    • Countries should do so both spontaneously and upon request, and there should be a lawful basis for providing cooperation.
  • Countries should authorise their competent authorities to use the most efficient means to cooperate.
  • Should a competent authority need bilateral or multilateral agreements or arrangements, such as a Memorandum of Understanding (MOU), these should be negotiated and signed in a timely way with the widest range of foreign counterparts.
  • Competent authorities should use clear channels or mechanisms for the effective transmission and execution of requests for information or other types of assistance.
  • Competent authorities should have clear and efficient processes for the prioritization and timely execution of requests, and for safeguarding the information received.

FIUs play a critical part in ensuring the financial system is protected from crime. The more effective units produce intelligence products that can inform the wider AML public sector authorities and guide strategic thinking. They provide information in a timely manner and do not prevaricate over detail when speed is of the essence in ensuring seizure of assets. FATF monitor the performance of FIUs and during evaluation can downgrade whole jurisdictions on the basis of a lack of cooperation and sharing of intelligence.

The distinction between what an FIU does and what an MLAT achieves is the admissibility of the requested data. FIUs provide intelligence and intelligence product. MLATs request evidential and legal support to prosecutions or investigations into prosecutions.

What is a Mutal Legal Assistance Treaty

Financial compliance AML CTF audit

What is a Mutual Legal Assistance Treaty?

What is a mutual legal assistance treaty
What is a mutual legal assistance treaty

What is an MLAT and how can you request and send one? MLATs are treaties between cooperating states to request legal assistance. This article details a broad view on them.

MLAT AML – Cooperation Between Countries

Practices that restrict international cooperation between supervisory authorities or FIUs in analysing and investigating suspicious transactions, money laundering crimes, confiscating assets or extraditing accused money launders are serious obstacles to combating money laundering.

Methods for International Cooperation

  1. International ML Information Network
  2. Mutual Legal Assistance Treaties
  3. Financial Intelligence Units

Imolin is a Clearing house of money laundering information for the benefit of national and international AML agencies. Developed and administered by the UNODC ( Global Program Against Money Laundering) on behalf of the UN and other international organizations.

IMOLIN has five main features:

  1. Reference data: Research and analysis, bibliography, conventions, etc
  2. Country page: Includes full text of AML legislation, links to national FIUs
  3. Calendar of events: Training etc
  4. Current events: News of recent initiatives
  5. AML International Database – AMLID (password protected): compendium of laws, information and contacts internationally.

Mutual Legal Assistance Treaties

  • In money laundering cases, an MLAT can be extremely useful as a means of obtaining banking and other financial records from treaty partners.
  • Classical “Gateway” and powerful bilateral weapon embodied in a Mutual Legal Assistance Treaty (MLAT).
  • In the US: Negotiated by the Department of State in cooperation with the Department of Justice to facilitate cooperation in criminal matters.
  • MLATs are in force between countries globally.

The MLAT is a treaty-based mechanism for seeking foreign law enforcement cooperation and assistance in support of an ongoing criminal investigation or proceeding. The MLAT process, and its benefits, are available only to government officials, typically prosecutors. They are applied for via the country prosecuting agency and sometimes have clauses to prevent abuse. An MLAT can be multi-lateral or thematic, for example multi-lateral tax treaty agreements.

MLATs generally allow for the exchange of evidence and information in criminal and related matters. They provide a legal basis for transmitting evidence that can be used for prosecution and judicial proceedings. If evidence is required from another jurisdiction, a request can be made for “mutual legal assistance”.

Most MLATs require the country that receives a request for assistance to take certain actions, such as:
• Taking testimony or statements of persons
• Providing documents, records and evidence
• Service of documents on persons or organizations in the requested country
• Locating or identifying persons
• Executing requests for search and seizure
• Identifying, seizing and tracing proceeds of crime

FIU data sharing and analysis
FIU data sharing and analysis

FATF cooperation between countries.

The financial action task force makes several recommendations with regard to sharing information internationally – MLATs are just one…
• Recommendation 36: Implementation of Conventions
• Recommendation 37: Mutual Legal Assistance Treaties (MLATs)
• Recommendation 38: Freezing and confiscation
• Recommendation 39: Extraditable offenses
• Recommendation 40: Other forms of cooperation

FATF Recommendation 36

International Instruments

  • Countries should take immediate steps to become party to and implement fully:
    • The Vienna Convention, 1988;
    • The Palermo Convention, 2000;
    • The United Nations Convention against Corruption, 2003; and
    • The Terrorist Financing Convention, 1999.

FATF Recommendation 37

Mutual Legal Assistance:

Countries should rapidly, constructively and effectively provide the widest possible range of mutual legal assistance in relation to money laundering, associated predicate offences and terrorist financing investigations, prosecutions, and related proceedings. Countries should have an adequate legal basis for providing assistance and, where appropriate, should have in place treaties, arrangements or other mechanisms to enhance cooperation (…) Countries should render mutual legal assistance, notwithstanding the absence of dual criminality, if the assistance does not involve coercive actions. Countries should consider adopting such measures as may be necessary to enable them to provide a wide scope of assistance in the absence of dual criminality.

FATF Recommendation 38

Mutual Legal Assistance: Freezing and Confiscation:

  • Countries should ensure that they have the authority to take expeditious action in response to requests by foreign countries to identify, freeze, seize and confiscate property laundered;
  • Proceeds from money laundering, predicate offences and terrorist financing; instrumentalities used in, or intended for use in, the commission of these offences; or property of corresponding value.
  • This authority should include being able to respond to requests made on the basis of non-conviction-based confiscation proceedings and related provisional measures, unless this is inconsistent with fundamental principles of their domestic law.
  • Countries should also have effective mechanisms for managing such property, instrumentalities or property of corresponding value, and arrangements for coordinating seizure and confiscation proceedings, which should include the sharing of confiscated assets.

FATF Recommendation 39 Extradition:

  • Countries should constructively and effectively execute extradition requests in relation to money laundering and terrorist financing, without undue delay.
  • Countries should also take all possible measures to ensure that they do not provide safe havens for individuals charged with the financing of terrorism, terrorist acts or terrorist organizations.
  • Countries should ensure that they have clear and efficient processes for the timely execution of extradition requests including prioritization where appropriate.
  • Countries should monitor progress of requests a case management system should be maintained;
  • Countries should not place unreasonable or unduly restrictive conditions on the execution of requests; and
  • They ensure they have an adequate legal framework for extradition.
  • Each country should either extradite its own nationals, or, where a country does not do so solely on the grounds of nationality, that country should, at the request of the country seeking extradition, submit the case, without undue delay, to its competent authorities for the purpose of prosecution of the offences set forth in the request.
  • Those authorities should take their decision and conduct their proceedings in the same manner as in the case of any other offence of a serious nature under the domestic law of that country. (…)

FATF Recommendation 40

  • Other forms of cooperation:
    • Countries should ensure that their competent authorities can rapidly, constructively and effectively provide the widest range of international cooperation in relation to money laundering, associated predicate offences and terrorist financing.
    • Countries should do so both spontaneously and upon request, and there should be a lawful basis for providing cooperation.

MLATs are useful tools for FIUs to exchange evidence, documents and even people suspected of criminality. Banks receiving requests based on MLATs should respond in a timely manner to avoid criticism and reputational damage in post court press. Talk to us to advice on institute response.

For information on FIUs see this post.

How to Investigate Money Laundering

Retail Banking

How to Investigate Money Laundering – A short Guide

How to investigate Money Laundering
How to investigate Money Laundering

There are many new entrants to the AML sector that have little to no investigative experience. That’s natural in any sector. Below are some tips on how to instigate and progress an investigation into Money Laundering or Terrorist Financing within a bank. And the factors that will impact it. What needs to be considered with every investigation is the proportionality of it. It may just be a case of reviewing transactions, or going the extra mile due to the value and volume of transactions. That comes with experience and an understanding of the risk a customer or series of transactions places on an organisation. Read ‘How to investigate money laundering’ to get some insight.

Investigations Initiated by a Financial Institution

Common investigation initiators include:

  1. Regulatory recommendation or findings
  2. Transaction monitoring rules designed to detect potentially suspicious activity
  3. Referrals from customer-facing employees regarding potentially suspicious activity
  4. Information obtained from internal hotlines
  5. Negative media information
  6. Receipt of a governmental subpoena or search warrant
  7. Whistle-blowers.

Regulatory Findings

  • Investigation may be initiated based on regulatory findings or recommendations:
    • Identify remedial measures
    • Ongoing reviews
    • One-time reviews
    • Require internal and external reporting
    • Document results of investigations
    • Escalate to senior management

Transaction Monitoring Rules

The below transactions are from an account. Let’s see what the transaction monitoring rule does.

Rule: Incoming aggregated cash deposits more than $20,000 and outgoing wire transfers more than $20,000 within 10 days on individual accounts:

14/11/2019 Cheque Deposit Lantana Inc, BVI$5500
15/11/2019 Cash Deposit$8000
16/11/2019ATM Withdrawal$200
17/11/2019Cash Deposit$9000
18/11/2019Cash Deposit$8500
19/11/2019ATM Withdrawal$500
20/11/2019ATM Withdrawal$300
21/11/2019Cheque deposit – Lantana Inc, BVI$5500
22/11/2019 Wire Out Lantana Ltd, Panama($11000)
23/11/2019Wire Out Lantana Ltd, Singapore($24000)

Transaction Monitoring Rules – What Met the Rule?

14/11/2019Cheque Deposit Lantana Inc, BVI$5500
15/11/2019Cash Deposit$8000
16/11/2019ATM Withdrawal$200
17/11/2019Cash Deposit$9000
18/11/2019Cash Deposit$8500
19/11/2019ATM Withdrawal$500
20/11/2019ATM Withdrawal$300
21/11/2019Cheque Deposit – Lantana Inc, BVI$5500
22/11/2019Wire out Lantana Ltd, Panama($11000)
23/11/2019Wire out Lantana Ltd, Singapore($24000)
  • Cash Deposits equal $25,500 in less than 10 days.
  • Wire out on the 23rd equals $24000.

Transaction Monitoring Rules – What did not?

14/11/2019Cheque Deposit Lantana Inc, BVI$5500
15/11/2019Cash Deposit$8000
17/11/2019Cash Deposit$9000
18/11/2019Cash Deposit$8500
21/11/2019Cheque Deposit – Lantana Inc, BVI$5500
22/11/2019Wire out Lantana Ltd, Panama($11000)
23/11/2019Wire out Lantana Ltd, Singapore($24000)
  • Cheque deposits only $11,000
  • Wire out less than $20,000

What should be investigated?

14/11/2019Cheque deposit – Lantana Inc, BVI$5500
15/11/2019Cash Deposit$8000
17/11/2019Cash Deposit$9000
18/11/2019Cash Deposit$8500
21/11/2019Cheque Deposit – Lantana Inc, BVI$5500
22/11/2019Wire out Lantana Ltd, Panama($11000)
23/11/2019Wire out Lantana Ltd, Singapore($24000)

The wire out to Lantana Ltd in Panama, it looks like the two Cheque deposits are being aggregated into the payment to Panama. The $24000 payment to Lantana in Singapore also needs investigating. The fact the transactions are going to jurisdictions that have secretive business registrations and low tax plus the similarity in name raise suspicions enough to ask questions.

Referrals from Customer-Facing Employees

  • Financial institutions may maintain an internal communication system to report activities identified by customer facing employees.
  • Referrals would be completed by the employee and sent to the compliance investigations unit. Examples include:
    • Internal form
    • Internal email
    • Internal database
    • Observed activity, behavior relevant to determining whether something suspicious.
    • Executed transactions may be identified by transaction monitoring rules, but not the observed activity.

Internal Hotlines

Negative Media

Adverse media
Adverse media
  • Investigations can be initiated by information obtained in the public domain such as:
    • Information about a financial institution’s customer
    • How a product is used in the market
    • Geographic location it serves or
    • Money laundering or terrorist event
  • Negative media should be considered in the STR process

Receipt of Governmental Subpoena or Search Warrant

  • Subpoena / Warrant
    • Compulsory legal process issued by a court to compel the appearance of a witness at a judicial proceeding, sometimes requiring the witness to bring specified documents.
  • Search warrant
    • A grant of permission from a court for a law enforcement agency to search certain designated premises and to seize specific categories of items or documents.
    • Generally, the requesting agency is required to establish that probable cause exists US, suspicion in the UK) to believe that evidence of a crime will be located.
    • The warrant is authorised based on information contained in an affidavit submitted by a law enforcement officer.

Legal and AML Obligations

  • Financial institutions maintain two independent obligations:
    • Fulfill the requirements of the subpoena or warrant; and
    • Determine whether the activity of its customer identified in the subpoena or warrant requires the filing of a STR
    • Excerpt from the Wachovia Bank, NA civil money penalty (2010) on AML program failures, including investigating subpoenas:
Wachovia subpoena
Wachovia subpoena

Summons and Subpoenas

  • If the FI is served with summons/subpoena compelling the production of documents senior management and/or counsel should review it.
  • If there are no grounds for contesting the summons or subpoena, the institution should comply with the summons or subpoena on a timely and complete basis. Failure to do so can result in adverse action and penalties for the institution.
  • Do not notify/tip off the customer who is being investigated.
  • If the government asks the bank to keep certain accounts open, such a request should be obtained in writing under proper letterhead and authority from the government.

What To Do – Search Warrant

  • Inform the institute counsel.
  • Review the warrant to understand its scope.
  • Ask for and obtain a copy of the warrant.
  • Ask for a copy of the affidavit/laying of information document that supports the search warrant. The agents are not obligated to provide a copy of the affidavit, but, if an institute is allowed to see the affidavit, the institute can learn more about the purpose of the investigation.
  • Remain present while the agents record an inventory of items they seize.
  • Make copies of the records taken by the agents.
  • Ask for a copy of law enforcement’s inventory of what they have seized.
  • Write down the names and agency affiliations.
  • Attorney-client records: Suggest, as an alternative, that the records be given to the court for safekeeping.

In the UK the law enforcement are required to leave inventories and should not have to be asked. CYW provide a private to public liaison service designed to advise on what the authorities can and cannot do and the likely action that would be taken in an inquiry/operational search/seizure. Contact us for more.

Order to Freeze an Account

If the law enforcement agency or a prosecutor obtains a court order to freeze an account or to prevent funds from being withdrawn or moved, the institution should obtain a copy of the order and should comply with it.
Generally, the order is obtained based on a sworn affidavit/laying of information. Ask to see the affidavit. It provides clues about why a customer’s information is being requested. Whether authorities are obligated to provide the affidavit depends on laws and regulations.

Conducting the Investigation

In the course of conducting an effective financial investigation, consider the following steps:

  • Review internal records
  • Review external information related to subjects of the investigation
  • Review adverse media
  • Review business registrations
  • Review links to other businesses and accountants/law firms
  • Review links to business registration agents
  • Review large purchases through real estate, brokers, high net purchase retailers.
  • Review publicly available movement tracking databases.
  • Conduct open source intelligence searches
  • Conduct trade based inquiries
  • Review fraud databases.
  • Cross match and merge records, telephone numbers, email, IP addresses, digital footprints.
  • Consult with internal witnesses.
  • Contact the business line responsible for the account relationship
  • Generate a written report recording relevant findings
  • Follow the money trail
  • Maintain an investigative mindset
  • Include digital data searches for digital footprints.
  • Include basic CCTV inquiries for ATM/counter withdrawals, who was it?
  • Consider facial recognition if your institute has it.
  • Share and request data relating to transactions and customers with partner agencies and institutes.
  • For more contact us…

CYW are creating a network to share intelligence between agencies. The network removes the identity of the requesting institute, scores, weights and grades intelligence return and removes the identity of the returning agency. Protecting commercial interest while improving AML investigations. #Opembrace

Review Internal and External Information

  • Review internal records covering the time frame of the suspected activity, including time before and after. Examples:
    • Signature cards
    • Account statements
    • Deposit tickets, checks and withdrawal items
    • Credit and debit memorandums
    • Records on loans, cashier’s checks, certified checks, traveler’s checks and money orders
    • Request further information from other agencies.
    • Liaise with partners.

Utilising the Internet when Conducting Financial Investigations

Open source intelligence
Open source intelligence
  • Start with Metasearch (search tool that sends user requests to several other search engines and aggregates results into a single list) and then move to specific search engines
  • Tips on search engines:
    • Use multiple search engines
    • Use local (foreign) search engines when searching in a foreign country
    • Ideally you should be employing an Open Source search company or software. The internet has many search options, not least different language. Unless you are very proficient in search you should employ experts. You will miss critical evidence/intelligence otherwise.
    • Search social media accounts.
    • Employ a system that does all of this with AI capability.

STR Decision-Making Process

  • Decision whether or not to file a STR/SAR often involves weighing the aggravating and mitigating factors arising from the research conducted during the investigative process.
  • The final decision should be documented and supported by the factors that were used to make the determination.
    • File report to Financial Intelligence Unit
    • Comply with STR timelines

Quality Assurance

  • Financial institutions are required to file timely and complete STR/SARs and the quality of STRs can be an indication of the quality of the institutes AML/CFT program. For this reason managers should dip sample and provide feedback on STR/SAR submission.
  • QA review helps to ensure that STR filings are internally consistent, the right decisions are being made and high priority matters are identified and escalated to leadership.
  • The institute should have a clear direction for its staff, in policy, that indicates what, when, how and why to escalate an investigation. Guidance to staff is critical.

Quality Assurance Impacts Investigations

Bank SAR
Bank SAR
  • TCF National Bank
  • 2013 consented to a $10M civil money penalty for AML program violations
  • Quality of investigation process cited in consent order

Closing the Account Based on its internal investigation, the institution should make an independent determination as to whether to close the account. Consider: – The legal basis for closing an account. – The institution’s policies and procedures for closing an account. – How serious is the underlying conduct? If the conduct is serious and rises to the level where the account would ordinarily be closed, then consider closing the account. If Law Enforcement requests the institution to keep the account open, request it in writing. In addition, the institution should determine whether or not to file a STR.

Communicating with Law Enforcement
Communicating with Law Enforcement

Law Enforcement Investigations vs. Bank Examinations

In the U.S. and several other jurisdictions, the banking regulatory agencies do not need to use subpoenas or search warrants. Their authority to conduct examinations includes the ability to inspect all books and records of a regulated institution.

Law Enforcement Investigations

  • WHEN: Law enforcement investigations can be triggered by STRs, tips from sources and information from other cases.
  • WHAT: The agency can request information from an institute in order to obtain evidence.
  • HOW: Requests for information can come in several forms: subpoenas, search warrants, etc.
  • WHY: The documents and testimony are designed to allow the agency to investigate suspicious transactions, develop evidence and put together a case for prosecution.

Steps Law Enforcement Agencies Take in a Money Laundering Investigation

  • Follow the money – Identify the unlawful activity (predicate offense)
  • Document the underlying activity and transactions, flow of funds through bank accounts
  • Review databases (FIU databases, commercial databases)
  • Review public records (court records, corporate filings, newspapers)
  • Review licensing and registration files (including motor vehicle department)
  • Analyze the financial transactions and account activity of the target.
  • Review STR/SARs
  • In cross-border cases, seek international assistance via MLAT or other.

Decision to Prosecute a Financial Institution

When considering whether – or to what extent – to bring a case against a Financial Institution involving ML-related charges, prosecutors will look at:

  • Does the institution have a criminal history?
  • Has the institution cooperated with the investigation
  • Did the institution discover and self-reported the ML -related issues
  • Does the institution have a comprehensive and effective AML program
  • Did the institution take timely and effective remedial action
  • Are there civil remedies available that can serve as punishment
  • Will deterring wrongdoing be served by a prosecution

Responding to a Law Enforcement Investigation

  • Respond quickly and completely to all requests.
  • If a request is overly broad/unduly intrusive, the institut can attempt to narrow the request or can even seek to contest the request, in court. Typically, the most effective strategy is to cooperate with investigators and prosecutors.
  • Never ignore, defer or otherwise put aside or delay responding to a law enforcement inquiry or request for documents.
  • Obtain counsel.
  • Create a centralised control policy: To ensure requests are responded to on a complete and timely basis and to establish a complete record of what is provided.
  • Keeping a centralised record will also assist with regard to the institute’s own internal investigation.
  • The FI needs to ensure that appropriate senior management is informed.
  • Someone should be designated as being responsible for responding to all law enforcement requests.
  • If the inquiry appears to be focused on the institution and not just an account or customer, then the Board of Directors should be kept appraised as well.
  • Information about an investigation should not be provided to any employees, officers or directors of the institution who might be a suspect in the investigation.

CYW can support institutes under investigation.

Legal Counsel

Upon notification of a law enforcement investigation, especially one directed at the institution, consideration should be given to the retention of qualified, experienced legal counsel.

  • Guides the institution through the inquiry.
  • Contests requests that are perceived to be improper.
  • Assist in negotiating settlements if necessary.
    • If the inquiry is merely focused on a particular account or is only seeking to obtain financial evidence about a customer and there is no apparent wrongdoing by the institution, there is a less pressing need to obtain counsel. Each case, however, requires individualized review and analysis.

We have articles on MLATs and FIU roles and responsibilities. We recommend you read these in continuing learning around investigations. Follow the links.

MLAT learning

FIU role learning.

Factors That Impact Your AML Success

Encrypted messaging platform

Factors That Impact Your AML Success

Operation Embrace is our project to design a cutting edge intelligence solution to help banks route out criminals and criminality from their systems.

Data management in banking
Data management in banking

Big data is all around. It is said that in 20 years Facebook will have over 70,000 data points on our children. It seems to me that is perverse when the banking industry can’t yet match customer data within their own four walls.

With an industry bursting at the seams with data, yet no credible way to make use of it, it is time for a change of thought process.

Software available to banks to manage AML, be that the process to manage a case, or alert to a risk, is letting them down.


The solution to this all relates to information governance and dissemination.

Sharing data
Sharing data

Institutes should be sharing data on customers and transactions automatically. This should be expanded to include public sector authorities also sharing data to provide a more holistic view of risk and criminality.

Currently all intelligence products focus on the same data-sets.

  • Adverse media
  • ‘Some’ open source
  • Their own records
  • Fraud data-sets
  • Sanctions/watch lists

Imagine a solution that did all of that and included;

  • Social Media
  • Dark Net
  • Police Data
  • Full open source
  • Digital footprints
  • Tracking movement software
  • Biometrics
  • Psychographics
  • Port authority
  • Customs
  • Criminal data
  • Financial Industry intelligence network
  • and more…

Now imagine a system that utilised a sharing engine to control how the network ethically, lawfully and commercially shared data.

The police today work in a ‘plural’ policing network. Working with private companies, public authorities and security companies to keep us safe. They share data with all of them to prevent crime. And yet the banking industry doesn’t receive this data.

Add to these concepts an artificial intelligence solution that intelligently merges data-sets to create a product that provides less false positives and more meaningful and accurate data results. Shutting out the criminal with nefarious aims.

All of this is possible with today’s technology. A solution that can;

Data accuracy and relevance
Data accuracy and relevance
  • Weight
    • Relevance
    • Accuracy
    • Timliness
    • Provenance
  • Grade
    • Dissemination rules
    • Utility
  • Score
    • To aid decision-making.

Operation Embrace is building this system. The team has over 200 years experience and critically, none of it is in IT with most forged from hard years at the front-line of AML. A team with a breadth of experience that includes military and policing intelligence experience.

Do you want to see the future? Contact us to shape it with us. #OpEmbrace

How to reduce False Positives

How to reduce False Positives

The amount of revenue banks spend on AML is burgeoning. Hastened by tech that is letting them down. Rather than identify risk it fogs it with needless and inaccurate assumptions. How to reduce false positives is a critical question to save resource. Read on for some ideas…

Talk to us to improve your Intelligence systems.

Define the problem.

The problem is caused by poor data management. Every bank should have a data governance strategy with teams of individuals specifically focused on improving data relevance, accuracy, timeliness and categorization.

One of the key ways this can be done is by improving Meta data management to help teams understand not only what the data is but where, when, why, how and by whom it was sourced.

From that an algorithm would be able to relatively easily grade and weight the accuracy and allow it to be merged with other equally assessed data. The problems stem from the below list.

  • Volumes of alerts, transactions and entity lists are growing.
  • “Sectoral” – focused sanctions on a specific area or activity versus blanket sanctions; these are here now are more are coming .
  • This combination creates more false positives than have been experienced in the past.
  • Poor data management, timeliness and accuracy cause inaccurate results.

Match Exclusion

Knowing not only what to include but just as importantly what not to, is a critical decision.

  • When is a match not a match
  • How you can meet issues such as sectoral sanctions
  • Focus here is on transaction screening but has lessons for customer screening
Reducing false positives
Reducing false positives

By introducing Artificial Intelligence systems, the hard work can be shifted to a machine, away from the highlighting pen of an AML investigator. While costs are burgeoning for human resource and accuracy is as low as 90% false positives, the decision is made, it is just time to implement it.

If we consider customer cost. Imagine being stopped and accused of shoplifting, what actually is the difference when we freeze accounts or cards pending investigation of a transaction?

False positive data
False positive data

The matching of data across categories defines the problem. Poorly laid out matching rules with poorly managed data alerting to the wrong result.

Improving bank data
Improving bank data

The below table gives some examples of poorly matched and alerted data. This gives rise to false positive results.

Comon false positive typologies
Comon false positive typologies

False Positive Impact

Time, money and morale are the three biggest issues with false positives. These three concepts amply demonstrate the criticality of improving false positive rates.

Cost of false positives
Cost of false positives

False positive distinction
False positive distinction

By examining the nature of false positives, even with a human eye, we can categorise the main components causing the errors. Through this, focus can be made on the top 20%. The Pareto principle claims this will account for 80% of all errors. By improving this we improve the whole error issue.

Examine the data
Examine the data

If Machine learning is utilised to learn the patterns of errors, this step can be automated with supervised AI systems. This will reduce manual handling and improve accuracy. But the over-arching issue is to improve the management and accuracy of data with a governance structure throughout the business.

Exclude The Rubbish

Exclude the rubbish
Exclude the rubbish

Focus on the 20%

Pareto Principle
Pareto Principle

Key False Positive Improvement Principle

Key false positive improvement takeaway
Key false positive improvement takeaway

Contact us to improve your false positive rate and get networked to an intelligence solution. #OpEmbrace

What is a Politically Exposed Person?

What is a Politically Exposed Person?

What is a politically exposed person
What is a politically exposed person

This post will give a definition for a PEP and answer what is a politically exposed person. It also provides details of red flags that indicate a PEP is acting criminally. There is also a detailed guide from FATF.

PEPs are governed by the recommendations of FATF, recommendations 12 and 22 specifically.

FATF recommend enhancing due diligence when dealing with a PEP in financial transactions or account dealing.

An individual is a PEP if he is or has been entrusted with a prominent function. Many PEPs hold political positions that can be abused for the purpose of laundering stolen funds or other predicate offences such as corruption or bribery. A PEP includes politicians/councillors, senior police, business and military people. Checks with the relatives and associates of PEPs is also recommended to prevent second person related offences.

Because of the risks associated with Politically exposed people, FATF recommends additional Anti-Money Laundering or Counter Financing of Terrorism measures with PEPs. The measures are to prevent offences not criminalise PEPs specifically.

It is a fundamental principle of managing PEPs that institutes know who their customers are. Institutes need data to identify PEPs, be they domestic or foreign. Intelligence systems exist globally to help identify who is and who is not a PEP. However, these databases are not sufficient to comply with the PEPs requirements.

Institutes should find ways to share data throughout the industry to help identify customers as they conduct business with the institute.

The below list identifies many of the ‘red flags‘ that indicate a PEP is abusing their position of trust.

Politically Exposed Persons – Red Flags

  1. The determination that a customer is a PEP is not an aim in itself but forms part of the process that enables financial institutions and DNFBPs to assess the different types of higher risks related to PEPs. Determining that a customer is a PEP does not absolve financial institutions and DNFBPs of further ongoing due diligence specifically tailored to the fact that the client is a PEP.
    Being a PEP does not prejudge a link to criminal activities, or equate to being a criminal and / or subsequent abuse of the financial system. Similarly, the fact that a person is a domestic/international organisation PEP does not automatically imply that he/she poses a higher risk. Financial institutions and DNFBPs need nevertheless to be aware of the risks that a PEP may abuse the financial system to launder illicit proceeds, and financial institutions and DNFBPs need to be aware of the red flags / indicators that can be used to detect such abuse.
  2. The list of red flags below is relevant to detect those PEPs that abuse the financial system, and does not intend to stigmatize all PEPs.
  3. PEP red flags are not an exhaustive list and are complementary to the usual ML red flags that a reporting entity may be using. The methods of those PEPs that engage in illicit activity change and therefore indicators of their activity will do so as well. Also, there may be other red flags that should be considered as equally important in a particular country or region.

Detecting Misuse of the financial system by PEPS – Red Flags and Indicators for suspicion.


PEPs are aware that their status as a PEP may facilitate the detection of their illicit behaviour. This means that PEPs may attempt to shield their identity, to prevent detection. Examples of ways in which this is done are:

  • Use of corporate vehicles (legal entities and legal arrangements) to obscure the beneficial owner.
  • Use of corporate vehicles without valid business reason.
  • Use of intermediaries when this does not match with normal business practices or when this seems to be used to shield identity of PEP.
  • Use of family members or close associates as legal owner.


  • Use of corporate vehicles (legal entities and legal arrangements) to obscure i) ownership, ii) involved industries or iii) countries.
  • The PEP makes inquiries about the institution’s AML policy or PEP policy.
  • The PEP seems generally uncomfortable to provide information about source of wealth or source of funds.
  • The information that is provided by the PEP is inconsistent with other (publicly available) information, such as asset declarations and published official salaries.
  • The PEP is unable or reluctant to explain the reason for doing business in the country of the financial institution or DNFBP.
  • The PEP provides inaccurate or incomplete information.
  • The PEPs seeks to make use of the services of a financial institution or DNFBP that would normally not cater to foreign or high value clients.
  • Funds are repeatedly moved to and from countries to which the PEPs does not seem to have ties with.
  • The PEP is or has been denied entry to the country (visa denial).
  • The PEP is from a country that prohibits or restricts its citizens to hold accounts or own certain property in a foreign country.


The position that a PEP holds and the manner in which the PEP presents his/her position are important factors to be taken into account. Possible red flags are:

  • The PEP has a substantial authority over or access to state assets and funds, policies and operations.
  • The PEP has control over regulatory approvals, including awarding licences and concessions.
  • The PEP has the formal or informal ability to control mechanisms established to prevent and detected ML/TF.
  • The PEP (actively) downplays importance of his/her public function, or the public function s/he is relates to associated with.
  • The PEP does not reveal all positions (including those that are ex officio).
  • The PEP has access to, control or influence over, government or corporate accounts.
  • The PEP (partially) owns or controls financial institutions or DNFBPs, either privately, or ex officio.
  • The PEP (partially) owns or controls the financial institution or DNFBP (either privately or ex officio) that is a counter part or a correspondent in a transaction.
  • The PEP is a director or beneficial owner of a legal entity that is a client of a financial institution or a DNFBP.


A connection with a high risk industry may raise the risk of doing business with a PEP. Under FATF Recommendation 1, competent authorities, financial institutions and DNFBPs are required for determining which types of clients may be higher risk. For this, financial institutions and DNFBPs will also be guided by national guidance or risk assessments. Which industries may be at risk depends on the risk assessments and varies from country to country, and on other industry safeguards that may be in place. Examples of higher risk industries are:

  • Arms trade and defence industry.
  • Banking and finance.
  • Businesses active in government procurement, i.e., those whose business is selling to government or state agencies.
  • Construction and (large) infrastructure.
  • Development and other types of assistance.
  • Human health activities.
  • Mining and extraction.
  • Privatisation.
  • Provision of public goods, utilities.


Red flag and indicators can also relate to the specific business relationship or transaction:

  • Multiple STRs (sometimes called a SAR) have been submitted on a PEP.
  • (Consistent) use of rounded amounts, where this cannot be explained by the expected business.
  • Deposit or withdrawal of large amounts of cash from an account, use of bank cheques or other bearer instruments to make large payments. Use of large amounts of cash in the business relationship.
  • Other financial institutions and DNFBPs have terminated the business relationship with the PEP.
  • Other financial institutions and DNFBPs have been subject to regulatory actions over doing business with the PEP.
  • Personal and business related money flows are difficult to distinguish from each other.
  • Financial activity is inconsistent with legitimate or expected activity, funds are moved to or from an account or between financial institutions without a business rationale.
  • The account shows substantial activity after a dormant period; or over a relatively short time; or shortly after commencing the business relationship.
  • The account shows substantial flow of cash or wire transfers into or out of the account.
  • Transactions between non-client corporate vehicles and the PEP’s accounts.
  • A PEP is unable or reluctant to provide details or credible explanations for establishing a business relationship, opening an account or conducting transactions.
  • A PEP receives large international funds transfers to a gaming account. The PEP withdraws a small amount for gaming purposes and withdraws the balance by way of cheque.
  • A PEP uses third parties to exchange gaming chips for cash and vice versa with little or minimal gaming activity.
  • A PEP uses multiple bank accounts for no apparent commercial or other reason.


The FATF Recommendations contain examples of products, industries, service, transaction or delivery channels, which are of a higher risk, irrespective of the type of customer. These examples are:

  • Private banking.
  • Anonymous transactions (including cash).
  • Non-face-to-face business relationships or transactions.
  • Payments received from unknown or un-associated third parties.

If these industries, products, service, transaction or delivery channels are used by PEPs, then this adds an additional risk factor (depending on the nature of the PEP). In addition to the examples already listed in the FATF Recommendations, there are other products, industries, service, transaction or delivery channels that can become additionally vulnerable when used by PEPs.
Examples of these are:

  • Businesses that cater mainly to (high value) foreign clients.
  • Trust and company service providers.
  • Wire transfers, to and from a PEP account that cannot be economically explained, or that lack relevant originator or beneficiary information.
  • Correspondent and concentration accounts.
  • Dealers in precious metals and precious stones, or other luxurious goods.
  • Dealers in luxurious transport vehicles (such as cars, sports cars, ships, helicopters and planes).
  • High end real estate dealers.

[download id=”1455″]


The FATF Recommendations contain examples of higher risk country or geographic risk factors, irrespective of the type of customer. Additionally, the following red flags and indicators relating to countries can be taken into account when doing business with a PEP:

  • The foreign or domestic PEP is from a higher risk country.
  • Additional risks occur if a foreign or domestic PEP from a higher risk country would in his/her position have control or influence over decisions that would effectively address identified shortcomings in the AML/CFT system.
  • Foreign or domestic PEPs from countries identified by credible sources as having a high risk of corruption.
  • Foreign or domestic PEPs from countries that have not signed or ratified or have not or insufficiently implemented relevant anti-corruption conventions, such as the UNCAC, and the OECD Anti-Bribery Convention.
  • Foreign or domestic PEPs from countries with a mono economies (economic dependency on one or a few export products), especially if export control or licensing measures have been put in place.
  • Foreign or domestic PEPs from countries that are dependent on the export of illicit goods, such as drugs.
  • Foreign or domestic PEPs from countries (including political subdivisions) with political systems that are based on personal rule, autocratic regimes, or countries where a major objective is to enrich those in power, and countries with high level of patronage appointments.
  • Foreign or domestic PEPs from countries with poor and/or opaque governance and accountability.
  • Foreign or domestic PEPs from countries identified by credible sources as having high levels of (organised) crime.

If you need to train your staff on recognising a PEP or putting measures in place to mitigate risk, contact us to provide you with a bespoke training package.