Assess the Risk of Money Laundering :
Due to the nature of their business, banks are ready for targeting those who are engaged in the money laundering activities by which the proceeds of
illegal acts are converted into proceeds from the legal acts. The RBI has framed specific guidelines that deal with prevention of money laundering and “Know Your Customer (KYC)” norms. The RBI has from time to time issued guidelines (“Know Your Customer Guidelines – Anti Money Laundering Standards”), requiring banks to establish policies, procedures and controls to deter and to recognise and report money laundering activities. The RBI, vide its master direction no. RBI/DBR/2015-16/18 Master Direction DBR.AML.BC.No.81/14.01.001/2015-16 dated December 08, 2016 on “Know Your Customer (KYC) Direction, 2016”, have advised the banks to follow certain customer identification procedure for opening of accounts and monitoring transactions of a suspicious nature for the purpose of reporting it to appropriate authority. These policies, procedures and controls commonly extend to the following:
Customer acceptance policy, i.e., criteria for accepting the customers.
Customer identification procedure, i.e., procedures to be carried out while establishing a banking relationship; carrying out a financial transaction or when the bank has a doubt about the authenticity/veracity or the adequacy of the previously obtained customer identification data. A requirement to obtain customer identification (know your client).
Monitoring of transactions – Banks are advised to set key indicators for risk sensitive (e.g., high turnover accounts or complex or unusual transactions accounts) accounts, taking note of the background of the customer, such as the country of origin, sources of funds, the type of transactions involved and other risk factors. Banks should also put in place a system of periodical review of risk categorisation of accounts and the need for applying enhanced due diligence measures. Such review of risk categorisation of customers should be carried out at a periodicity of not less than once in six months. In view of the risks involved in cash intensive businesses, accounts of bullion dealers (including sub-dealers) and jewellers, the banks are also advised to categorise these accounts as ‘high risk’ requiring enhanced due diligence. Further, the banks are also required to subject these ‘high risk accounts ‘ to intensified transaction monitoring. High risk associated with such accounts should be taken into account by banks to identify suspicious transactions for filing Suspicious Transaction Reports (STRs) to FIU-IND.
Further, banks should closely monitor the transactions in accounts of marketing firms (MLM Companies). In cases where a large number of cheque
books are sought by the company, there are multiple small deposits (generally in cash) across the country in one bank account and where a large number of cheques are issued bearing similar amounts/dates, the bank should carefully analyse such data and in case they find such unusual operations in accounts, the matter should be immediately reported to Reserve Bank and other appropriate authorities such as Financial Intelligence Unit India (FIU-Ind) under Department of Revenue, Ministry of Finance.
Banks were advised to complete the process of risk categorization and compiling/updating profiles of all of their existing customers in a time-bound
manner latest by end-March 2013.
Such review of risk categorisation of customers has to be carried out at a periodicity of not less than once in six months.
Closure of accounts – In case of non-application of proper KYC measures, banks may decide to close the account of the particular customer after giving due notice to the customer.
Risk Management – The Board of Directors of the bank should ensure that an effective KYC programme is put in place by establishing appropriate
procedures and ensuring their effective implementation. It should cover proper management oversight, systems and controls, segregation of duties, training and other related matters. Responsibility should be explicitly allocated within the bank for ensuring that the bank’s policies and
procedures are implemented effectively. Concurrent/ Internal Auditors should specifically check and verify the application of KYC procedures at the
branches and comment on the lapses observed in this regard. The compliance in this regard should be put up before the Audit Committee of the Board on quarterly intervals.
Reporting to the authorities of suspicious transactions or of all transactions of a particular type, for example, cash transactions over a certain amount.
The RBI master direction also advised the banks to pay special attention to any money laundering threats that may arise from new or developing
technologies including, internet banking that might favour anonymity, and take measures, if needed, to prevent their use in money laundering schemes. Further, banks are required to report all frauds to the RBI on a periodical basis. The auditors should review the same to get an idea of the nature and extent of frauds. “Money mules”2 can be used to launder the proceeds of fraud schemes (e.g., phishing and identity theft) by criminals who gain illegal access to deposit accounts by recruiting third parties to act as “money mules.” In some cases these third parties may be innocent while in others they may be having complicity with the criminals. In a money mule transaction, an individual with a bank account is recruited to receive cheque deposits or wire transfers and then transfer these funds to accounts held on behalf of another person or to other individuals, minus
a certain commission payment. Money mules may be recruited by a variety of methods, including spam e-mails, advertisements on genuine recruitment web sites, social networking sites, instant messaging and advertisements in newspapers. When caught, these money mules often have their bank accounts suspended, causing inconvenience and potential financial loss, apart from facing likely legal action for being part of a fraud. Many a times the address and contact details of such mules are found to be fake or not up to date, making it difficult for enforcement agencies to locate the account holder. The operations of such mule accounts can be minimised if banks follow the guidelines contained in the Master Directions on Know Your Customer (KYC). Banks are, therefore, required to strictly adhere to the guidelines on KYC/AML/CFT issued from time to time and
to those relating to periodical updation of customer identification data after the account is opened and also to monitoring of transactions in order to protect themselves and their customers from misuse by such fraudsters.
Money laundering involves three steps namely – Placement – Layering – – Integration.
Placement involves introducing money in the financial system by some means.
Layering means carrying out transactions generally complex to camouflage bthe illegal source.
Integration means acquiring wealth generated from the transactions of the illicit funds.
Some methods in which money laundering takes place are as under –
Breaking up of cash into smaller amounts and depositing it in to the bank below the monitored reporting thresholds.
Physically moving the cash into locations or jurisdictions and depositing it in off shore banks with lesser stringent enforcement laws and regulations.
Using business typically known to receive revenue in cash to be used to deposit criminally derived cash.
Trade based laundering – Over or Under Invoicing.
Shell companies operating in jurisdictions not requiring reporting of beneficial owner to earn tax favored profits.
Round Tripping wherein money is deposited in a controlled foreign corporation offshore preferably a tax haven where minimal records are kept & then shipped back as FDI to earn tax favored profits through a shell company.
Use of Casinos – Chips are purchased with laundered cash and on winning, the buyer either gets back the winnings in cheque or gets a receipt for the winnings.
Real estate Transactions – seller agrees to understate the value of the property and collects the difference in cash.
Bank capture – Buying a controlling interest in a Bank in a jurisdiction with weak money laundering controls and then move money through the bank without much scrutiny.
Banks have software in place whereby they generate alerts based on thresholds as per parameters given in IBA guidance. The bank scans through
these alerts and in case they find anything suspicious they have to report the same to the Financial Intelligence Unit. This reporting varies from bank to bank as the definition of “suspicious” is interpreted by various banks differently. Banks should have adequate documentation in place justifying why a transaction was not reported as Suspicious when they had alerts of the same. Banks also need to review these alerts from time to time. If a Suspicious Transaction Reports (STR) is reported in a Low risk account, the classification in the account may need upgradation to a High risk profile account.
Central Statutory Auditors should review the process of closure of AML alerts. AML alerts are transactions identified by AML application as exceptional. The same needs to be closed after getting explanation from customer regarding genuineness of transactions. In many Banks the AML alerts are closed based on information provided by Branch Managers, which he/she receives from customer. At Branch level the Statutory Auditor may review process of documenting explanations received from customer regarding AML alerts.
Central Statutory Auditor should review the process of modifications/deletion in parameters entered in AML application.