外国银行制裁合规管理框架(英文).

《外国银行制裁合规管理框架(英文).》由会员分享，可在线阅读，更多相关《外国银行制裁合规管理框架(英文).（67页珍藏版）》请在装配图网上搜索。

1、 2 July 2010 Victor Matafonov, Group Head of Systems and Monitoring, Financial Crime RiskMartin RowlandsGroup Sanctions AdviserIntroduction sanctions compliance roles Victor Matafonov Group Head of Systems and Monitoring, Financial Crime RisknSets standards for operation of Groups screening systemsn

2、Oversees deployment of screening listsnEnsure systems users have proper guidance nAssuranceMartin Rowlands - Group Sanctions Advisor nMaintains Group Policy and ProceduresnTrainingnGeneral advice and internal reportingnTransactional advicenRegulatory relationships 2Agenda nIntroductionnNature and im

3、pact of sanctions nSanctions compliance in banksnCompliance challengesnSystem selection process3Introduction to Standard Chartered Bank (SCB)4nEstablished for over 150 yearsnDual-primary listed - London, HKnTop 15 of FTSE 100 companiesnRegulated by FSAn73,800 employees, 125 nationalitiesn75 countrie

4、s and territoriesnIncome $15.2 b, PBT $5.1b, Assets $435bnAmerican Express Bank acquired Feb 08 Key factsFocus on Asia, Africa and the Middle East*Based on Final Results 2009Our BusinessConsumer BankWholesale Bank5International Profile6Focus on Asia, Africa and Middle East International sanctionsNat

5、ure and impact of international sanctions7International sanctions Sanctions are measures imposed by governments to deprive a country, organisation or individual of:nFinancial and/or economic assetsnThe benefit of tradenEconomic interaction with the country or countries imposing or implementing sanct

6、ions8International sanctions nUS sanctions against named parties, and against six countries (Myanmar / Burma, Cuba, Iran, North Korea, Sudan, Syria)nUK sanctions against named parties9International sanctions n United Nations sanctionsn European Union sanctionsn Other country sanctions against named

7、countries or parties, e.g. country boycotts of Israel; country sanctions against named parties10Impact of sanctions nCriminal offencesncorporate entitiesnindividualsnRegulatory and/or criminal finesnRegulatory reviews, audits and enforcement actionsnLicence issues nReputational impact 11Impact of sa

8、nctions nSanctions remain a priority for major regulators:nUK: FSA April 2009 - thematic review on UK sanctions: “We expect firms to implement more effective systems and controls.”nUS: Credit Suisse December 2009 - $536m fine over Iran sanctions; ABN Amro May 2010 additional $500m fine. nSanctions c

9、ompliance remains a top priority in SCBs Compliance and Assurance agenda for 2010, which projects further enhancements to the Groups sanctions compliance programme.12Our approach to sanctions compliancenContinuous improvement approachnActively seeking opportunities to enhance processesnOngoing bench

10、markingnCommitment to remain at industry best practice nIntegral part of the Groups sustainability programme 13Sanctions compliance Sanctions compliance in banks14Sanctions compliance programmeA comprehensive sanctions compliance programme includes the following elements:I Policies and proceduresII

11、Training and awarenessIII Automated screening systemsIV Management information and Assurance V Governance and oversight15Compliance programme objectives I Policies and Procedures nMaintain in line with changing regulation and industry best practicenContinuously improve clarity and ease of useII Trai

12、ning and Awareness nRaise awareness of sanctions compliance risks nImprove the technical understanding of targeted staff16Compliance programme objectivesIII Automated Screening Systems nOngoing improvement: effectiveness and operational efficiencynAlign screening capabilities with changing best prac

13、ticenMaximise standardisation across the GroupIV AssurancenMaintain/ improve framework of controls, management information and assuranceV Governance and OversightnDevelop and drive sanctions compliance strategynEnsure effective management oversight maintained 17Sanctions compliance programme I Polic

14、ies and Procedures 1819Policies and Procedures Group Sanctions PoliciesGroup ProceduresCountry Procedures Operations Procedures (trade and payments)Unit Operating InstructionsPolicies and Procedures nPolicy and Procedures apply globally (subject to dispensations)nClear rules which describe transacti

15、on types permitted and prohibited nClear responsibilities for advisingnOperational procedures focussed on key risk areas those which make payments or release assets 20Policies and Procedures nGroup Sanctions PolicynCountry Sanctions Procedures nand US Persons ProcedurenProcedures concerning dealings

16、 with named sanctioned partiesnUS sanctioned partiesnUK sanctioned parties21Policies and procedures - challenges nClarity and simplicity in proceduresnProhibition of attempts to circumvent sanctions nEscalation processnInternal reporting of any departures from procedures and preventive steps 22Sanct

17、ions compliance programmeII Training and Awareness 23Training and awareness nSanctions elements in training for basic banking processes (e.g. account opening)nSanctions components in Financial Crime Risk related training (e.g. Anti Money Laundering eLearning) nPeriodic sanctions-specific training fo

18、r target groups:nTrade teams nCash Management teams nCountry Heads of Financial Crime RisknRelationship Management teams24Sanctions compliance programmeIII Automated screening systems(refer end of presentation)25Sanctions compliance programmeIV Management Information & Assurance26Management Informat

19、ion & AssurancenMetrics and Management Information nMonthly account and transaction screening metrics. nCountry Financial Crime Risk staff track issues to resolution. nConsolidated numbers reported to Group Financial Crime Risk Committee. nRisk Assessment and Assurance nKey Control Self Assessment t

20、o ensure compliance with policies and procedures in training and customer / transaction screening.nOngoing risk assessment of products and services. nExternal benchmarking.27Sanctions compliance programmeV Governance and oversight28Governance and Oversight nCountry Financial Crime Risk teamsnCountry

21、 management nRegional Compliance HeadnCountry operations teamsnCountry management nGroup Operations nGroup Financial Crime RisknGroup Head, Compliance and Assurance nGroup Board29Sanctions compliance programmeIII Automated screening systems30Automated Screening SystemsAgendanWatchlistsnOverview of s

22、creening processes, workflows and guidance: Customer screeningTransaction screeningnContinuous improvement processesnChallengesnRisk assessmentnInitiatives underwaynAssurancenSystems selection process31Group Watch lists - SourcesnThe Groups watch lists are made up of the following components:Externa

23、l vendor provided data consolidated regulatory lists and specialist value added listsExternal data not publicly available (e.g. from some regulators such as Singapore)Internal Group watch lists (i.e. prohibited names, country names, SWIFT Bank Identification Codes).Internal country specific watch li

24、sts (e.g. lists of credit defaulters, fraudsters, exited accounts etc).nBy far the biggest component is from the external vendor (i.e. more than 1 million names). They provide us with names in 3 broad categories:A consolidation of publicly available regulatory lists including UK Her Majestys Treasur

25、y (HMT) list, US Office of Office of Foreign Asset Control (OFAC), UN, EU.A listing of Politically Exposed Persons (PEPs)A listing of names associated with adverse media323333Group Watch lists - UsesnGlobal screening of potential and existing customer names and select other parties (e.g. counterpart

26、ies in Trade, directors of corporate entities etc) against:All Group watchlistsnGlobal screening of transactions (e.g. SWIFT messages) against:Global regulatory lists (i.e. HMT, OFAC, Enhanced OFAC, US Patriot Act).Global internal lists (i.e. prohibited names, country names, BIC codes)Country specif

27、ic sanctions lists (e.g. MAS, HKMA, UN)343434Overview of Screening Processes Automated screening of customers and other parties (e.g. counterparties, directors or beneficial owners of corporate entities, staff, vendors etc) against the all Group watch lists: Prior to account opening or undertaking s

28、elected transactions (e.g. trade) Periodically to ensure existing customers / other parties have not been added to watch lists. Looking for name or word matches Pre and after the event Outcomes of confirmed matches: Reject new account or transaction application. Take appropriate action on existing a

29、ccount in accordance with Group Customer Due Diligence (CDD) / Sanctions policies and procedures. Amend risk rating. Issue Suspicious Activity Report (SAR) Automated screening of transactions (e.g. SWIFT messages) against the following watchlists: Global regulatory lists (i.e. HMT, OFAC, Enhanced OF

30、AC, US Patriot Act). Global internal lists (i.e. prohibited names, country names, BIC codes) Country specific mandatory lists (e.g. MAS, HKMA, UN) Looking for name or word matches. Real time prior to message being sent or acted upon. Outcomes of confirmed matches: Reject transaction. Take appropriat

31、e action on transaction in accordance with Group Sanctions policies and procedures. Amend customer risk rating. Issue SAR.Screening of customer / other party namesScreening of transactions353535Screening Statistics - GroupCustomer Due Diligence (CDD) screening at account opening: Approx.16k register

32、ed users across the Group undertake approx. 400 k searches every month as part of Customer Due Diligence processes and other investigative searches. This results in approx. 52 k alerts (potential matches) per month being investigated across the Group.Periodic customer screening: Periodic rescreen of

33、 the entire customer base (approx. 15 m retail and 126 k wholesale customers) against all Group watch lists. This results in approx. 160 k alerts per month being investigated by approx. 75 staff within the Chennai SSC and in the respective countries.Transaction screening:Up to 7 m payment messages a

34、re screened per month for sanctions purposes, generating up to 460 k alerts per month for further investigation. The equivalent of approximately 70 full time operations staff are involved in sanctions screening processes.WLM Watch List ManagerWLM feeds two functions:- AOC Account Opening Check for n

35、ew customers. CMR Customer Match Report for periodic screening of existing accountsWLMAOCCMR16,000 users across the Group access AOC to identify high risk sanctioned and high risk names prior to account openingExternal Vendor Lists - Regulatory Lists- PEPs & Associates- Adverse Media- Enhanced lists

36、Internal Lists- Group lists- Country ListsPeriodic Reports (Monthly) are run per country to identify name matches between the Watch Lists and Customer DatabaseLists of customer names (country / business / Group) WLMDatabase Screening Systems Used Customer Screening36Source Customer &CounterpartyName

37、sDataWatchlist ManagementAnalysis &ReportingEscalation to Country Compliance and / or Group Sanctions AdvisorReview of Name Matches Sanctions ScreeningSystem Shared Service Centre,Payment Operations in CountryMessaging SystemReview of Name Matches Payment Operations in Shared Service Centre, Chennai

38、, IndiaScreening Systems Used Transaction Screening and WorkflowAlerts (potential name match)Notification of release / rejectEscalation of alert.37Sanctions Guidance GFCR Policies, Procedures and Guidance38Sanctions Guidance Key investigation steps39Review alert score, the closer the score to 100% t

39、he closer the match.Compare alerted customer / transaction details against watch list entry.For individual customers, compare unique identifying information such as date of birth, passport numbers, fathers name, country of birth, nationality, residence and other background information.For entity cus

40、tomers, compare unique identifying information such as incorporation details (i.e. country of incorporation, country of operation) company profile and other background information.For payment messages compare address details to determine if it is the same person or entity. Review other background in

41、formation on watch list entry to see if there is any commonality. If still uncertain can go back to correspondent bank and ask for details.Sanctions Guidance Escalation process40Outlined in Automated Payment Screening Procedure, Group Names Screening Systems Procedure and Group Sanctions Procedure.G

42、roup Names Screening Systems Procedure Steps to be taken if a confirmed match against sanctions list: follow the Group Sanctions Procedure, inform Group Sanctions Adviser immediately of the name match and action taken, procedures require to act as bound by UK law unless there is a conflict with loca

43、l law, in which case refer to Group Sanctions Procedure. 41414141Continuous improvement SanctionsEnhancementProgrammeInternalInternal AuditBenchmarking throughEngagement with industry bodies FSAThematic industry reviewExternal consultancyInternalPeriodic policy andprocedure reviews byGroup Sanctions

44、 Advisor& Group Head of Systems& Monitoring Industry GuidanceBasle CommitteeWolfsberg GroupFATF SR7JMLSGName Matching LogicThere are essentially two types of name matching logic:Exact name matching used to perform exact name matching against main watch list entities and aliases.Non exact name matchi

45、ng (fuzzy matching) used to detect non exact name matches against watch list entities and aliases. This includes part matches, name variations, spelling variations and permutations. Specific rules help identify close matches by eliminating spaces, special characters, noise words or by adding synonym

46、s, noise words etc.Non-exact name matching increases the level of false alerts, therefore systems need to employ techniques to reduce them such as “exclusion or good guy” lists, noise word suppression etc.42Screening System Testing and TuningWith the help of external consultants, SCB created an inde

47、pendent testing team to periodically test the effectiveness its customer and payment screening systems. The team creates data files from sanctions lists to test approximately 40 different exact and non-exact name match scenarios. These are then run against the banks sanctions screening systems in a

48、test environment and the output reviewed to identify areas where the systems logic can be enhanced.The general trend is that exact name matching in banks has historically been working effectively, however the level of effectiveness of non-exact name matching is much more varied and there are tests t

49、hat require improvement. Work is continuing to improve these results.434444444444SWIFT MessagesTypes ScreenedThere are currently 243 SWIFT Message Types (MTs) in use across the industry. Banks may not subscribe to or use all of these and many are not direct payment instructions. Banks have each deci

50、ded for themselves what MTs to screen. SCB risk assesses the SWIFT MTs used by the business and covered by its screening systems and with the assistance of external consultants compares that list to industry peers. As a result a group minimum (containing approx 90 MTs) has been established and syste

51、ms are tuned to include these as a minimum. Systems are updated and aligned as and when policy amended.4545454545Evaluation of messages rejectedAll banks will from time to time have their messages rejected by other banks. It is important to monitor this and take appropriate action to avoid continuin

52、g rejects. The trends that we are seeing are as follows:Category% of rejects1. Banks system logic did not detect a hit, whereas system at other bank did (e.g. a spelling variation).52. No direct hit against any official watchlist on Banks system. The message was either processed without stopping or

53、subject to operator release. Bank believes message was correctly processed but other bank has taken a different, more cautious interpretation.153. No direct hit against any official watchlist on Banks system. Hit against other banks internal watchlists and message rejected either immediately or afte

54、r further investigation.504. Hit against official watchlist on Banks system. Operator makes the wrong judgment or fails to undertake further investigation.30Total100Challenges in screening process nNeed for detailed information on sanctioned parties in sanctions lists to help decisioning of potentia

55、l name matches (alerts).nNeed for accurate and up to date client information to help decisioning of alerts.nTurnround times and client expectations.nCommon names and false alerts (e.g. Ali Khan on OFAC list)nSpelling variations and the risk of missing true alerts.46Alternate Spelling Islamic NamesFi

56、rst name - Mohd Iqbal Surname - Abd Al Rahman395 variations for Mohd26 variations for Iqbal227 variations for Abd Al RahmanCourtesy: Language Analysis Systems Inc47Name variations / aliasesHotelBookingTraffic ViolationCriminalIntel FileCellPhoneCo.The Name Problem: One Name Many VariationsMustafa Kh

57、an OwasiWANTEDMissed at Routine StopMoustafa Kan Elowesse(cultural variation & phonetic variation)Mustaffa Bouasy(cultural variation)Moustafa Abouassi(cultural variation)Mustaffa Kan Owazi(character variation)Mostaffa Ken Abdolwasie(cultural variation & character variation)Moostapha Kanawasi(phoneti

58、c variation)Criminal RecordFileCourtesy: Language Analysis Systems Inc48Name TranslationsTaiwanPhilippinesIndonesiaThailandCambodiaMyanmar(Burma)LaosVietnamHong KongMacauMalaysiaChinaSingaporeZhang,Zhang,Q i usuQ i usuC hang,C hang,C h i u-SuC h i u-SuKhi u,Khi u,Saw Sae Ti uSaw Sae Ti uC heung,C he

59、ung,Yau So BettyYau So BettyTeoh,Teoh,Khoo TowKhoo TowZhang D e C hen,Zhang D e C hen,Q i u SuQ i u SuThe Same Name across SE AsiaCourtesy: Language Analysis Systems Inc49Name TranslationsThe Same Name in a Korean Telephone BookCourtesy: Language Analysis Systems Inc50515151Use of codes in messages

60、Chinese Commercial Code - long standing practice used for official and other purposes. Not to conceal identity but to enable accurate translation. Used to record details of remitter, beneficiary and other payment details in SWIFT messages. Code could be used to conceal names of sanctions targets. Sc

61、reening of code is a challenge.:72:/REC/CONTINUE ORDERING CUSTOMER /8002 1579 1562 0794 1444 1367/1466 7108 2621 8827 6567 0074525252Ongoing Risk Assessment Ongoing risk assessment / benchmarking against industry to evaluate coverage and determine next product / channels to screen. Sanctions risk as

62、sessment undertaken with input from the business, operations and Financial Crime Risk (Compliance). Risk assessment looking at product, country and customer, taking into account screenability, volumes and values. Risk assessment of watchlists to stop or trigger enhanced investigation.535353Ongoing R

63、isk Assessment Country RisknInherent risk scored on the basis of:regulatory requirement to screen payments industry practice to screen payments differences in local as opposed to Group sanctions lists whether there was a significant cluster of sanctioned persons from the country on the OFAC / HMT li

64、st reserve currency status AML risk nExposure to the risk scored on the basis of:whether Transaction Banking has infrastructure therenetwork banking partnership country whether Bank has a clearing businesswhether Bank clears foreign currency, esp. USDBanks status as a cash management bank in the cou

65、ntryvolumes and values of transactions through Bank5454545454Initiatives underway and plannedSystems tuningFine tune systems to continuously improve screening effectiveness, whilst minimising the level of false alerts. Sometimes this requires adjusting system logic thresholds, system enhancements or

66、 list enhancements (i.e. fuzzy variations of watchlist names).Extending screening to other products, party names and wider watchlistsConnection of the Groups global Trade Finance systems to customer screening systems to screen more parties.Screening parties on transactions against wider watchlists to identify higher risk parties and improve investigation efficiency.Extending screening to select higher risk domestic RTGS systems. Watchlist enhancementsPurchase of external value added watchlists a