资源描述
Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,*,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Date here,Subtitle,*,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,*,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Date here,Subtitle,*,*,Q & A,Subtitle,*,2 July,2010,Victor Matafonov, Group Head of Systems and Monitoring, Financial Crime Risk,Martin RowlandsGroup Sanctions Adviser,Introduction sanctions compliance roles,Victor Matafonov Group Head of Systems and Monitoring, Financial Crime Risk,Sets standards for operation of Group,s screening systems,Oversees deployment of screening lists,Ensure systems users have proper guidance,Assurance,Martin Rowlands - Group Sanctions Advisor,Maintains Group Policy and Procedures,Training,General advice and internal reporting,Transactional advice,Regulatory relationships,2,Agenda,Introduction,Nature and impact of sanctions,Sanctions compliance in banks,Compliance challenges,System selection process,3,Introduction to,Standard Chartered Bank (SCB),4,Established for over 150 years,Dual-primary listed - London, HK,Top 15 of FTSE 100 companies,Regulated by FSA,73,800 employees, 125 nationalities,75 countries and territories,Income $15.2 b, PBT $5.1b, Assets $435b,American Express Bank acquired Feb 08,Key facts,Focus on Asia, Africa and the Middle East,*Based on Final Results 2009,Our Business,Consumer Bank,Wholesale Bank,5,International Profile,6,Focus on Asia, Africa and Middle East,International sanctions,Nature and impact of international sanctions,7,International sanctions,Sanctions are measures imposed by governments to deprive a country, organisation or individual of:,Financial and/or economic assets,The benefit of trade,Economic interaction with the country or countries imposing or implementing sanctions,8,International sanctions,US sanctions against named parties, and against six countries (Myanmar / Burma, Cuba, Iran, North Korea, Sudan, Syria),UK sanctions against named parties,9,International sanctions,United Nations sanctions,European Union sanctions,Other country sanctions against named countries or parties, e.g. country boycotts of Israel; country sanctions against named parties,10,Impact of sanctions,Criminal offences,corporate entities,individuals,Regulatory and/or criminal fines,Regulatory reviews, audits and enforcement actions,Licence issues,Reputational impact,11,Impact of sanctions,Sanctions remain a priority for major regulators:,UK: FSA April 2009 - thematic review on UK sanctions:,“,We expect firms to implement more effective systems and controls.”,US: Credit Suisse December 2009 - $53,6m,fine over Iran sanctions; ABN Amro May 2010 additional $500m fine.,Sanctions compliance remains a top priority in SCBs Compliance and Assurance agenda for 2010, which projects further enhancements to the Groups sanctions compliance programme.,12,Our approach to sanctions compliance,Continuous improvement approach,Actively seeking opportunities to enhance processes,Ongoing benchmarking,Commitment to remain at industry best practice,Integral part of the Groups sustainability programme,13,Sanctions compliance,Sanctions compliance in banks,14,Sanctions compliance programme,A comprehensive sanctions compliance programme includes the following elements:,I Policies and procedures,II Training and awareness,III Automated screening systems,IV Management information and Assurance,V Governance and oversight,15,Compliance programme objectives,I,Policies and Procedures,Maintain in line with changing regulation and industry best practice,Continuously improve clarity and ease of use,II,Training and Awareness,Raise awareness of sanctions compliance risks,Improve the technical understanding of targeted staff,16,Compliance programme objectives,III,Automated Screening Systems,Ongoing improvement: effectiveness and operational efficiency,Align screening capabilities with changing best practice,Maximise standardisation across the Group,IV,Assurance,Maintain/ improve framework of controls, management information and assurance,V,Governance and Oversight,Develop and drive sanctions compliance strategy,Ensure effective management,oversight maintained,17,Sanctions compliance programme,I Policies and Procedures,18,19,Policies and Procedures,Group Sanctions Policies,Group Procedures,Country Procedures Operations Procedures (trade and payments),Unit Operating Instructions,Policies and Procedures,Policy and Procedures apply globally (subject to dispensations),Clear rules which describe transaction types permitted and prohibited,Clear responsibilities for advising,Operational procedures focussed on key risk areas those which make payments or release assets,20,Policies and Procedures,Group Sanctions Policy,Country Sanctions Procedures,and US Persons Procedure,Procedures concerning dealings with named sanctioned parties,US sanctioned parties,UK sanctioned parties,21,Policies and procedures - challenges,Clarity and simplicity in procedures,Prohibition of attempts to circumvent sanctions,Escalation process,Internal reporting of any departures from procedures and preventive steps,22,Sanctions compliance programme,II Training and Awareness,23,Training and awareness,Sanctions elements in training for basic banking processes (e.g. account opening),Sanctions components in Financial Crime Risk related training (e.g. Anti Money Laundering eLearning),Periodic sanctions-specific training for target groups:,Trade teams,Cash Management teams,Country Heads of Financial Crime Risk,Relationship Management teams,24,Sanctions compliance programme,III Automated screening systems,(refer end of presentation),25,Sanctions compliance programme,IV Management Information & Assurance,26,Management Information & Assurance,Metrics and Management Information,Monthly account and transaction screening metrics.,Country Financial Crime Risk staff track issues to resolution.,Consolidated numbers reported to Group Financial Crime Risk Committee.,Risk Assessment and Assurance,Key Control Self Assessment to ensure compliance with policies and procedures in training and customer / transaction screening.,Ongoing risk assessment of products and services.,External benchmarking.,27,Sanctions compliance programme,V Governance and oversight,28,Governance and Oversight,Country Financial Crime Risk teams,Country management,Regional Compliance Head,Country operations teams,Country management,Group Operations,Group Financial Crime Risk,Group Head, Compliance and Assurance,Group Board,29,Sanctions compliance programme,III Automated screening systems,30,Automated Screening Systems,Agenda,Watchlists,Overview of screening processes, workflows and guidance:,Customer screening,Transaction screening,Continuous improvement processes,Challenges,Risk assessment,Initiatives underway,Assurance,Systems selection process,31,Group Watch lists - Sources,The Groups watch lists are made up of the following components:,External vendor provided data consolidated regulatory lists and specialist value added lists,External data not publicly available (e.g. from some regulators such as Singapore),Internal Group watch lists,(i.e. prohibited names, country names, SWIFT Bank Identification Codes).,Internal country specific watch lists (e.g. lists of credit defaulters, fraudsters, exited accounts etc).,By far the biggest component is from the external vendor (i.e. more than 1 million names). They provide us with names in 3 broad categories:,A consolidation of publicly available regulatory lists including UK Her Majestys Treasury (HMT) list, US Office of Office of Foreign Asset Control (OFAC), UN, EU.,A listing of Politically Exposed Persons (PEPs),A listing of names associated with adverse media,32,33,33,Group Watch lists - Uses,Global screening of potential and existing customer names and select other parties (e.g. counterparties in Trade, directors of corporate entities etc) against:,All Group watchlists,Global screening of transactions (e.g. SWIFT messages) against:,Global regulatory lists (i.e. HMT, OFAC, Enhanced OFAC, US Patriot Act).,Global internal lists (i.e. prohibited names, country names, BIC codes),Country specific sanctions lists (e.g. MAS, HKMA, UN),34,34,34,Overview of Screening Processes,Automated screening of customers and other parties (e.g. counterparties, directors or beneficial owners of corporate entities, staff, vendors etc) against the,all,Group watch lists:,Prior to account opening or undertaking selected transactions (e.g. trade),Periodically to ensure existing customers / other parties have not been added to watch lists.,Looking for name or word matches,Pre and after the event,Outcomes of confirmed matches:,Reject new account or transaction application.,Take appropriate action on existing account in accordance with Group Customer Due Diligence (CDD) / Sanctions policies and procedures.,Amend risk rating.,Issue Suspicious Activity Report (SAR),Automated screening of transactions (e.g. SWIFT messages) against the following watchlists:,Global regulatory lists (i.e. HMT, OFAC, Enhanced OFAC, US Patriot Act).,Global internal lists (i.e. prohibited names, country names, BIC codes),Country specific mandatory lists (e.g. MAS, HKMA, UN),Looking for name or word matches.,Real time prior to message being sent or acted upon.,Outcomes of confirmed matches:,Reject transaction.,Take appropriate action on transaction in accordance with Group Sanctions policies and procedures.,Amend customer risk rating.,Issue SAR.,Screening of customer /,other party names,Screening of transactions,35,35,35,Screening Statistics - Group,Customer Due Diligence (CDD) screening at account opening:,Approx.16k registered users across the Group undertake approx. 400 k searches every month as part of Customer Due Diligence processes and other investigative searches. This results in approx. 52 k alerts (potential matches) per month being investigated across the Group.,Periodic customer screening:,Periodic rescreen of the entire customer base (approx. 15 m retail and 126 k wholesale customers) against all Group watch lists. This results in approx. 160 k alerts per month being investigated by approx. 75 staff within the Chennai SSC and in the respective countries.,Transaction screening:,Up to 7 m payment messages are screened per month for sanctions purposes, generating up to 460 k alerts per month for further investigation.,The equivalent of approximately 70 full time operations staff are involved in sanctions screening processes.,WLM Watch List Manager,WLM feeds two functions:-,AOC, Account Opening Check for new customers.,CMR, Customer Match Report for periodic screening of existing accounts,WLM,AOC,CMR,16,000 users across the Group access AOC to identify high risk sanctioned and high risk names prior to account opening,External Vendor Lists,Regulatory Lists,PEPs & Associates,Adverse Media,Enhanced lists,Internal Lists,Group lists,Country Lists,Periodic Reports (Monthly),are run per country to identify name,matches between the Watch Lists and Customer Database,Lists of customer names (country / business / Group),WLM,Database,Screening Systems Used ,Customer Screening,36,Source Customer &,Counterparty,Names,Data,Watchlist Management,Analysis &,Reporting,Escalation to Country Compliance and / or Group Sanctions Advisor,Review of Name Matches,Sanctions Screening,System,Shared Service Centre,Payment Operations in Country,Messaging System,Review of Name Matches,Payment Operations in Shared Service Centre, Chennai, India,Screening Systems Used Transaction Screening and Workflow,Alerts (potential name match),Notification of release / reject,Escalation of alert.,37,Sanctions Guidance GFCR Policies, Procedures and Guidance,38,Sanctions Guidance ,Key investigation steps,39,Review alert score, the closer the score to 100% the closer the match.,Compare alerted customer / transaction details against watch list entry.,For individual customers, compare unique identifying information such as date of birth, passport numbers, fathers name, country of birth, nationality, residence and other background information.,For entity customers, compare unique identifying information such as incorporation details (i.e. country of incorporation, country of operation) company profile and other background information.,For payment messages compare address details to determine if it is the same person or entity. Review other background information on watch list entry to see if there is any commonality. If still uncertain can go back to correspondent bank and ask for details.,Sanctions Guidance ,Escalation process,40,Outlined in Automated Payment Screening Procedure, Group Names Screening Systems Procedure and Group Sanctions Procedure.,Group Names Screening Systems Procedure Steps to be taken if a confirmed match against sanctions list:,follow the Group Sanctions Procedure,inform Group Sanctions Adviser immediately of the name match and action taken,procedures require to act as bound by UK law unless there is a conflict with local law, in which case refer to Group Sanctions Procedure.,41,41,41,41,Continuous improvement,Internal,Internal Audit,Benchmarking through,Engagement with industry,bodies,FSA,Thematic industry,review,External consultancy,Internal,Periodic policy and,procedure reviews by,Group Sanctions Advisor,& Group Head of Systems,& Monitoring,Industry Guidance,Basle Committee,Wolfsberg Group,FATF SR7,JMLSG,Name Matching Logic,There are essentially two types of name matching logic:,Exact name matching, used to perform exact name matching against main watch list entities and aliases.,Non exact name matching (fuzzy matching), used to detect non exact name matches against watch list entities and aliases. This includes part matches, name variations, spelling variations and permutations. Specific rules help identify close matches by eliminating spaces, special characters, noise words or by adding synonyms, noise words etc.,Non-exact name matching increases the level of false alerts, therefore systems need to employ techniques to reduce them such as “exclusion or good guy” lists, noise word suppression etc.,42,Screening System Testing and Tuning,With the help of external consultants, SCB created an independent testing team to periodically test the effectiveness its customer and payment screening systems. The team creates data files from sanctions lists to test approximately 40 different exact and non-exact name match scenarios. These are then run against the banks sanctions screening systems in a test environment and the output reviewed to identify areas where the systems logic can be enhanced.,The general trend is that e,xact name matching in banks has historically been working effectively, however the level of effectiveness of non-exact name matching is much more varied and there are tests that require improvement. Work is continuing to improve these results.,43,44,44,44,44,44,SWIFT MessagesTypes Screened,There are currently 243 SWIFT Message Types (MTs) in use across the industry. Banks may not subscribe to or use all of these and many are not direct payment instructions. Banks have each decided for themselves what MTs to screen.,SCB risk assesses the SWIFT MTs used by the business and covered by its screening systems and with the assistance of external consultants compares that list to industry peers. As a result a group minimum (containing approx 90 MTs) has been established and systems are tuned to include these as a minimum.,Systems are updated and aligned as and when policy amended.,45,45,45,45,45,Evaluation of messages rejected,All banks will from time to time have their messages rejected by other banks. It is important to monitor this and take appropriate action to avoid continuing rejects. The trends that we are seeing are as follows:,Category,% of rejects,1. Banks system logic did not detect a hit, whereas system at other bank did (e.g. a spelling variation).,5,2. No direct hit against any official watchlist on Banks system. The message was either processed without stopping or subject to operator release. Bank believes message was correctly processed but other bank has taken a different, more cautious interpretation.,15,3. No direct hit against any official watchlist on Banks system. Hit against other banks internal watchlists and message rejected either immediately or after further investigation.,50,4. Hit against official watchlist on Banks system. Operator makes the wrong judgment or fails to undertake further investigation.,30,Total,100,Challenges in screening process,Need for detailed information on sanctioned parties in sanctions lists to help decisioning of potential name matches (alerts).,Need for accurate and up to date client information to help decisioning of alerts.,Turnround times and client expectations.,Common names and false alerts (e.g. Ali Khan on OFAC list),Spelling variations and the risk of missing true alerts.,46,Alternate Spelling Islamic Names,First name -,Mohd Iqbal,Surname,- Abd Al Rahman,395 variations for Mohd,26 variations for Iqbal,227 variations for Abd Al Rahman,Courtesy: Language Analysis Systems Inc,47,Name variations / aliases,Hotel,Booking,Traffic Violation,Criminal,Intel File,Cell,Phone,Co.,The Name Problem: One Name,Many Variations,Mustafa Khan Owasi,WANTED,Missed at Routine Stop,Moustafa,K,an Elo,w,e,s,se,(cultural variation & phonetic variation),Mustaffa Bouasy,(cultural variation),Moustafa Abouassi,(cultural variation),Mustaffa Kan Owazi,(character variation),Mosta,f,fa Ken Abd,o,lwasie,(cultural variation & character variation),Moostapha Kanawasi,(phonetic variation),Criminal Record,File,Courtesy: Language Analysis Systems Inc,48,Name Translations,Taiwan,Philippines,Indonesia,Thailand,Cambodia,Myanmar,(Burma),Laos,Vietnam,Hong Kong,Macau,Malaysia,China,Singapore,The,Same Name,across SE Asia,Courtesy: Language Analysis Systems Inc,49,Name Translations,The,Same Name,in a Korean Telephone Book,Courtesy: Language Analysis Systems Inc,50,51,51,51,Use of codes in messages,Chinese Commercial Code - long standing practice used for official and other purposes.,Not to conceal identity but to enable accurate translation.,Used to record details of remitter, beneficiary and other payment details in SWIFT messages.,Code could be used to conceal names of sanctions targets.,Screening of code is a challenge.,:72:/REC/CONTINUE,ORDERING CUSTOMER /8002 1579,1562 0794 1444 1367/1466 7108 2621,8827 6567 0074,52,52,52,Ongoing Risk Assessment,Ongoing risk assessment / benchmarking against industry to evaluate coverage and determine next product / channels to screen.,Sanctions risk assessment undertaken with input from the business, operations and Financial Crime Risk (Compliance).,Risk assessment looking at product, country and customer, taking into account screenability, volumes and values.,Risk assessment of watchlists to stop or trigger enhanced investigation.,53,53,53,Ongoing Risk Assessment Country Risk,Inherent risk scored on the basis of:,regulatory requirement to screen payments,industry practice to screen payments,differences in local as opposed to Group sanction
展开阅读全文