Categories
Blog

AML Trends for 2022

I recently had the chance to visit with Koby Bambilia, Managing Director at K2 Integrity. We looked at some key anti-money laundering (AML) trends in 2021 and how they might impact AML investigations, prevention and enforcement going forward into 2022. We consider the impact to-date from the passage of the AML Law of 2020 then move to some of the key questions on AML going into 2022. Has COVID and the global crises created shifts which allowed bad actors take advantage of the financial system? Finally, what are some of the key risks to mitigate these risks and get ahead of the rule making as we head into 2022?
We began by considering the focus of Department of Treasury (Treasury) and its regulators. Here there are several topics that were given priority as part of the national Strategy for Countering Corruption, terrorism and other illicit activities. These priorities include cybercrime, virtual foreign currency, domestic terror financing, criminal organizations, human trafficking, smuggling, drug trafficking, corruption, fraud and proliferation financing. Bambilia related, “we can easily see that the list is quite extensive yet. There is something in common for all these priorities. If you look at the priorities, they include predicate crimes that generate illicit funds thought assets, which allows criminal actors to launder through the financial system.” As money laundering is linked to all these priorities it remains a priority.
Bambilia believes financial institutions need to incorporate these AML priorities into their risk-based Bank Secrecy Act (BSA) compliance programs by assessing the potential risk associated with the client base, the products and service services they offer, in conjunction with their geographic areas and countries of operations. Bambilia believes that government examiners will soon ask to see and review what steps banks and financial institutions have taken with regards to these priorities. In other words, whatever steps you take Document, Document, and Document so you can show the regulators when they come knocking.
As Treasury continues to issue regulations stemming from the AML Law of 2020, banks and financial institutions should be prepared to face new and revised beneficial ownerships and obligations in 2022. Bambilia believes, “December’s proposed rule to implement the Corporate Transparency Act, gave us all the preview into the Treasury Department’s mind and approach to developing a national registry of beneficial ownership information.” Moreover, this should also act as a reminder to meticulously follow the Beneficial Ownership Rule, which requires covered financial institutions to identify beneficial owners of each customer at the time a new account is being opened and to determine the true and official owners based on both the control and ownership prongs. Bambilia also noted, “looking ahead into 2022, beyond the immediate implications, the proposed rule will also require changes to existing customer due diligence obligations for financial institutions.” Finally, they will most probably be the subject of a future FinCEN rule making.
It is clear that COVID-19 had immense impact on everything relating to illegal activities and bad actors. Ransomware is the tool most bad actors are using, even with financial institutions. Bambilia related, “those nefarious actors are probing to obtain both customer and commercial credentials, as well as proprietary information to defraud financial institutions and to disrupt business functions.” Interestingly, Bambilia and colleagues observed a significant increase in criminal attempts to exploit the pandemic through phishing campaigns and business extortions, email compromise and traditional fraud schemes.
Tying all this back to our initial discussion, the proceeds of these activities are being channeled and funneled through the regular banking and financial systems. This puts a higher burden on financial institutions as they are uniquely positioned to observe and detect the suspicious activity that results from cybercrime. Now they are required to report it through the normal channels of Suspicious Activity Report. This has led to an increased need for financial institutions to process, review and monitor transactions that go through their system and evaluate those transactions with a sufficient and comprehensive set of skills required to identify the illegal activities and to properly report it to authorities.
Just as ransomware attacks have become more ubiquitous so have ransomware payments. In September 2021, OFAC issued an updated advisory on potential sanction risks for facilitating ransomware payments, which is specifically designed to disrupting criminal networks and virtual currency exchanges responsible for laundering these ransom payments to encourage improved cyber security across all sectors, including the banking industry. Bambilia said this “emphasized the need to properly report ransomware incidents and related sanctions to US government agencies, including both Treasury and law enforcement.” It also re-emphasized the need to properly monitor bank transactions for potential illegal activities.
We turned to a discussion of what businesses and financial institutions need to do to prepare for the upcoming regulations and increased enforcement. Bambilia emphasized that a strong compliance program for AML, BSA and sanctions is the best place to start and build upon going forward. Bambilia laid them out as follows:

  • First, make sure that your policies and procedures adequately address the new regulations, then update and validate your BSA risk assessment accordingly. Your risk assessment should consider factors like banks, products and services, customer entities and geographic locations and operating jurisdictions.
  • Second, a designated individual that is responsible for the day-to-day compliance and who is familiar with the new requirements, who has the full support of both senior management and the Board of Directors to manage these changes.
  • Third, update your current system of internal controls to reflect the change in regulation, then monitor and update as appropriate. Your controls testing should help you determine if your internal controls can effectively detect and identify possible breaches of your policies and procedures.
  • Fourth, work together with your internal audit function to assure their yearly audits to assess the effectiveness of the updated compliance program.
  • Fifth, training. Here Bambilia re-emphasized the importance of training via properly tailored and targeted trainings. They constitute a key element in the ability to successfully implement any new policies, procedures and controls for any new regulations.

We ended  by recognizing that it is up to all employees, not simply the compliance function, to be a part of these new efforts. Employees need to understand their role on the first line of defense and how to report up violations or raise their collective hands to ask for information as AML regulations continue to evolve. COVID-19 has impacted compliance functions in many ways so compliance will have to re-double its efforts as well. Banks and financial institutions must commit the requisite resources to upgrading their compliance programs to meet these new regulatory requirements as well.
Bambilia concluded, “I will end by saying that the world of financial crimes continues to evolve. And our thinking must be as always one step ahead of those looking to take advantage of our financial systems. It is not just about identifying it, understanding today’s threats, but also being prepared for the threats of tomorrow.”
Check out the K2 Integrity website here. Check out my full interview of Koby Bambilia here.

Categories
The Compliance Life

Valerie Charles – Move to ComTech

The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to success navigate the compliance waters in any company? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Valerie Charles, partner at StoneTurn. We discuss Valerie’s journey to the CCO chair, then to a ComTech start up, to her current role at StoneTurn and look down the road at where ComTech and compliance will be in 2025 and beyond.

Valerie made one very courageous move from an in-house position into the world of ComTech. She joined Gan Integrity. In this role she worked on the problem of the incredible inefficient way corporate compliance programs were managing data and set out to solve the problem. At Gan, she worked with 200+ global programs and helped to grow the company.

Resources

Valerie Charles LinkedIn Profile

Valerie Charles at StoneTurn

Categories
Compliance Kitchen

Strategy for Countering Corruption


The Biden Administration issues its 5 pillar Strategy on Countering Corruption.

Categories
Everything Compliance - Shout Outs and Rants

Everything Compliance – Shout Outs and Rants from Episode 92


In this edition of the award-winning Everything Compliance – Shout Outs and Rants, the gang looks at their top Shout Out or early Rant from 2022. They include:
1. Karen Woody shouts out to workers in the travel industry who are keeping the US travel industry afloat..
2. Jay Rosen shouts out to Antonio Brown.
3. Matt Kelly rants about Elon Musk selling his shares of Tesla stock immediately before the company announces a major product recall.
4. Jonathan Armstrong shouts out to Nicholas Burks and the advent of the synthetic ransomware attack.
5. Jonathan Marks rants about the multiple and mixed messages from the CDC.
6. Tom Fox rants about Novak Djokovic.

Categories
Innovation in Compliance

Leadership & Climate Change: A Talk with Don MacPherson

 
Don MacPherson is a futurist, a history buff, and has a degree in mass communications. He is Tom Fox’s guest on this episode of the Innovation in Compliance Podcast. Tom and Don talk about talent acquisition and retention, climate change, and the future of leadership.  
 

 
Nurturing The Right Talent
In the 20 years that the HR profession has been in existence, the biggest lesson that Don has learned is that ensuring you have the right talent is top priority. The companies that have the right talent are the most successful. Differentiate your organization by how you relate to your employees: provide them with better tools and resources in order to maximize their talent. 
 
Climate Change: A Great Economic Opportunity
Tom asks Don to talk about the main topics holding his interest at the moment. Don says that climate change is one such topic. “I think about [climate change] from two ways: why did we get here, what benefits have we gotten out of it, and what opportunities does it present,” he tells Tom. Even though climate change is the greatest threat to humanity at the moment, Don also sees it as “the greatest economic opportunity humans have ever seen.” Without climate change, and without global warming, humans would not have been able to build buildings, create infrastructure, travel, or create advances in both science and technology. 
 
The Future of Leadership
While AI is going to be a big part of the future of work, it will be replacing tasks not jobs, contrary to what many people believe. What becomes important then, is leaders’ ability to connect with their employees and other stakeholders in the new hybrid workforce, and create cultures that get the best out of their people. 
 
Resources
Don MacPherson | LinkedIn | Twitter
12 Geniuses
 

Categories
Daily Compliance News

January 11, 2022 the Visibility Edition


In today’s edition of Daily Compliance News:

  • Visibility for private companies coming? (WSJ)
  • End to Supply Chain in sight? (FT)
  • MACC head digs in heels. (This Week in Asia)
  • Can employer ban BLM masks at work? (Bloomberg)
Categories
Blog

Podcasting for Compliance Training and Communication

If there is one truism from the practices of law which translates to the practice of compliance it is that you are only limited by your own imagination. This holds true in the 360-degree realm of communication in compliance, as communications obviously come in many forms. Many compliance practitioners will well remember the 2012 Morgan Stanley declination. In this first declination made public, the Department of Justice (DOJ) recognized Morgan Stanley for emailing out 35 compliance reminders to Garth Peterson over seven years. Think about the power of 360-degrees of communications in the context of compliance reminders. Now imagine the power of short ethics and compliance video training clips going out over the same period of time and the effect it would have both on your employees and the regulators.

Podcast Storytelling

Why not tell the story of compliance through a podcast? I call it podcast storytelling and it can be a powerful tool. Each podcast series is 5-part series and constitute one story arc. The podcasts are about 10-15 minutes in length. The podcast storytellingseries can be a variety of interviews led by a noted podcast host such as the Voice of Compliance, yourself as the Chief Compliance Officer (CCO) or by anyone from your organization. It can be an interview with one or more people, or it can be a solo podcast.

Accompanying each podcast would be approximately 700 words of text. While there would be a fully integrated story line, each podcast and accompanying text is stand-alone compliance training and communications which could be used by anyone at your organization. The podcasts could be pushed out internally as well as via your organization’s social media channels. There is a full panoply of podcast sites available, such as iTunes, Spotify, IHeartRadio, Google Pods and/or Amazon.

At the end of the series, the text forms the basis of a more detailed white paper. This process would create between 11 different deliverables for your own marketing efforts, including five podcasts, five blog posts and a consolidated white paper. From each podcast, you can create multiple short audio clips or other forms of social media sharing materials with key quotes and lessons learned which you be created as podcast cover art.

A series such as this allows your organization to not only tell a story more effectively but reach a much larger audience than in any other format; live, audio-video or in-person. Yet there is another reason why you should consider this type of approach for compliance training and communications. It will provide you with the equivalent of market research and feedback. The numbers of listeners and downloads will give you a reliable source of data that you can use in other communications and trainings.

Compliance Department Branded Podcasts

Want another option? How about a fully produced branded podcast series for your internal compliance function. It could be two 25–30-minute episodes per month, with the guest selected by your compliance team. This format allows your corporate compliance function to tell the story of its greatest asset, its people, through interviews. Cannot get out of the country to travel? Still working remotely? Your branded podcasts give you a way to reach your employees as we continue to struggle through the Covid-19 variants. You can use the branded podcast to tell the story of compliance successes in your organization; you can include other departments to share their successes too. As with the podcast storytelling series, it would be done in a collaborative manner working with your comms team.

Compliance News of the Day

Want to make some short and snappy compliance communications? How about ‘Compliance News of the Day’? Have a daily curated news show of 3-4 compliance stories with a short summary of the series and how it relates to a compliance perspective to your organization. Make it fun so your employees want to check in daily. When the DOJ comes knocking and asks how often you send out compliance communications, you can point to your Compliance News of the Day as a great starting point.

As a compliance practitioner, you should strive to bring more storytelling into your compliance messaging, training and communications. If you put the employee in the shoes of the person they’re watching, they will remember it, because they will see how it applies to their lives. Such training and communication experiences will last much longer than if you drone over a written policy or show a PowerPoint. Marc Havener has called this “expanding your classroom.” Ronnie Feldman calls this bringing memorable storytelling to your compliance communications and training.

Since you are only limited by your imagination in compliance, why not use some of that to be creative in your compliance training and communications.

For more information on getting your compliance messages out to your employees, via a fully produced 5-part podcast series, branded podcast and/or daily news format, or you want to share your company’s successes on the Compliance Podcast Network give me a call or shoot me an email.

Categories
Compliance Kitchen

FinCEN opens public comment window


FinCEN opens public comment window: how to modernize the U.S. AML/CFT regulatory regime.

Categories
The ESG Report

ESG in Conflict Zones with John Katsos


John Katsos is a scholar, educator, and writer. His mission is to ‘help people learn to start and manage better, more sustainable businesses and be better humans.’ He is also the co-author of Business, Peacebuilding and Sustainable Development. He joins Tom Fox in this episode of the ESG Report to discuss the importance of ESG and due diligence, particularly in conflict zones.
 

 
Due Diligence in Conflict Zones
Tom asks John, “How do you counsel companies to think through due diligence in conflict zones?” First, make sure that you can do the due diligence, John responds, as you may not have access to the data you need in many conflict zones. Companies in these countries need to have a “very clear red line” if they can’t do due diligence, he continues. Assume that money is going to people and places it shouldn’t, and have a process for withdrawing or shutting down operations if necessary. Corporations should ensure that workers are not being exploited: what is happening on the ground should be what’s actually in workers’ contracts, John tells Tom. “There’s lots of places where the contract will say one thing, and the contract they’re providing for due diligence might not be the same document they’re providing even to the government,” he remarks.
 
Reporting on ESG 
Can companies in conflict zones start to make a difference around climate change, and how do they report it, Tom asks John. Reporting is the easy part, John replies, as the reporting structures and benchmarks already exist. It would be harder to start from scratch. Tom comments that he believes 80% of ESG is what you’re doing already. Companies may be doing more ESG than they realize. John agrees; he adds that siloing is a problem in that data may not be shared across the organization. “That’s why I think we see in a lot of companies a shift to hiring more data managers, and hiring more information specialists who can help bridge those types of gaps.” More companies are pushing for formal reporting, John remarks; he is also seeing more intent and financing toward reporting related to the UN sustainable development goals. Companies “are much more focused on trying to align what they’re doing with what not only other companies are doing, but with what governments and civil society actors are doing on these sustainable development goals,” John says.
 
Corporate Responses in Conflict Zones
Tracking companies before, during, and after conflict is challenging, John tells Tom. Reliable data is hard to come by, and often casualty data is the best they have. He explains, “What that means from a studying standpoint is a lot of it is going to be secondary or indirect to what we actually want to measure. So when we look at things like the impact of a CSR policy or program in a conflict zone, it’s often hard to know how much of an impact that program has, because there’s so many other things going on around it.” Tom asks if there’s a role for for-profit companies in conflict areas in battling corruption. It’s everyone’s responsibility, John points out. “Everyone else is impacted by conflict. And so everybody else should be at the table trying to figure out ways to deal with this. And that includes for-profit companies.”
 
Resources
John Katsos on Website | LinkedIn | Twitter
 

Categories
FCPA Compliance Report

Mike Volkov on FCPA Enforcement and Compliance from 2021 and into 2022

In this episode of the FCPA Compliance Report, I am joined by Mike Volkov to take a look back at FCPA enforcement and compliance from 2021 and prognosticate to where it may be going in 2022. Highlights of this podcast include:

  1. Three FCPA enforcement actions.
  2. DAG Lisa Monaco’s October Speech to the ABA White Collar Defense Conference.
  3. The Biden Administration’s Strategy on Countering Corruption.
  4. Where will FCPA enforcement head in 2022.
  5. Where will ABC compliance go in 2022?

Resources

Tom in the FCPA Compliance and Ethics Blog

FCPA Year in Review

Compliance Year in Review