1、 2 july 2010 victor matafonov, group head of systems and monitoring, financial crime risk martin rowlands group sanctions adviser introduction sanctions compliance roles victor matafonov group head of systems and monitoring, financial crime risk nsets standards for operation of groups screening syst

2、ems noversees deployment of screening lists nensure systems users have proper guidance nassurance martin rowlands - group sanctions advisor nmaintains group policy and procedures ntraining ngeneral advice and internal reporting ntransactional advice nregulatory relationships 2 agenda nintroduction n

3、nature and impact of sanctions nsanctions compliance in banks ncompliance challenges nsystem selection process 3 introduction to standard chartered bank (scb) 4 nestablished for over 150 years ndual-primary listed - london, hk ntop 15 of ftse 100 companies nregulated by fsa n73,800 employees, 125 na

4、tionalities n75 countries and territories nincome $15.2 b, pbt $5.1b, assets $435b namerican express bank acquired feb 08 key facts focus on asia, africa and the middle east *based on final results 2009 our business consumer bank wholesale bank 5 international profile 6 focus on asia, africa and mid

5、dle east international sanctions nature and impact of international sanctions 7 international sanctions sanctions are measures imposed by governments to deprive a country, organisation or individual of: nfinancial and/or economic assets nthe benefit of trade neconomic interaction with the country or

6、 countries imposing or implementing sanctions 8 international sanctions nus sanctions against named parties, and against six countries (myanmar / burma, cuba, iran, north korea, sudan, syria) nuk sanctions against named parties 9 international sanctions n united nations sanctions n european union sa

7、nctions n other country sanctions against named countries or parties, e.g. country boycotts of israel; country sanctions against named parties 10 impact of sanctions ncriminal offences ncorporate entities nindividuals nregulatory and/or criminal fines nregulatory reviews, audits and enforcement acti

8、ons nlicence issues nreputational impact 11 impact of sanctions nsanctions remain a priority for major regulators: nuk: fsa april 2009 - thematic review on uk sanctions: “we expect firms to implement more effective systems and controls.” nus: credit suisse december 2009 - $536m fine over iran sancti

9、ons; abn amro may 2010 additional $500m fine. nsanctions compliance remains a top priority in scbs compliance and assurance agenda for 2010, which projects further enhancements to the groups sanctions compliance programme. 12 our approach to sanctions compliance ncontinuous improvement approach nact

10、ively seeking opportunities to enhance processes nongoing benchmarking ncommitment to remain at industry best practice nintegral part of the groups sustainability programme 13 sanctions compliance sanctions compliance in banks 14 sanctions compliance programme a comprehensive sanctions compliance pr

11、ogramme includes the following elements: i policies and procedures ii training and awareness iii automated screening systems iv management information and assurance v governance and oversight 15 compliance programme objectives i policies and procedures nmaintain in line with changing regulation and

12、industry best practice ncontinuously improve clarity and ease of use ii training and awareness nraise awareness of sanctions compliance risks nimprove the technical understanding of targeted staff 16 compliance programme objectives iii automated screening systems nongoing improvement: effectiveness

13、and operational efficiency nalign screening capabilities with changing best practice nmaximise standardisation across the group iv assurance nmaintain/ improve framework of controls, management information and assurance v governance and oversight ndevelop and drive sanctions compliance strategy nens

14、ure effective management oversight maintained 17 sanctions compliance programme i policies and procedures 18 19 policies and procedures group sanctions policies group procedures country procedures operations procedures (trade and payments) unit operating instructions policies and procedures npolicy

15、and procedures apply globally (subject to dispensations) nclear rules which describe transaction types permitted and prohibited nclear responsibilities for advising noperational procedures focussed on key risk areas those which make payments or release assets 20 policies and procedures ngroup sancti

16、ons policy ncountry sanctions procedures nand us persons procedure nprocedures concerning dealings with named sanctioned parties nus sanctioned parties nuk sanctioned parties 21 policies and procedures - challenges nclarity and simplicity in procedures nprohibition of attempts to circumvent sanction

17、s nescalation process ninternal reporting of any departures from procedures and preventive steps 22 sanctions compliance programme ii training and awareness 23 training and awareness nsanctions elements in training for basic banking processes (e.g. account opening) nsanctions components in financial

18、 crime risk related training (e.g. anti money laundering elearning) nperiodic sanctions-specific training for target groups: ntrade teams ncash management teams ncountry heads of financial crime risk nrelationship management teams 24 sanctions compliance programme iii automated screening systems (re

19、fer end of presentation) 25 sanctions compliance programme iv management information & assurance 26 management information & assurance nmetrics and management information nmonthly account and transaction screening metrics. ncountry financial crime risk staff track issues to resolution. nconsolidated

20、 numbers reported to group financial crime risk committee. nrisk assessment and assurance nkey control self assessment to ensure compliance with policies and procedures in training and customer / transaction screening. nongoing risk assessment of products and services. nexternal benchmarking. 27 san

21、ctions compliance programme v governance and oversight 28 governance and oversight ncountry financial crime risk teams ncountry management nregional compliance head ncountry operations teams ncountry management ngroup operations ngroup financial crime risk ngroup head, compliance and assurance ngrou

22、p board 29 sanctions compliance programme iii automated screening systems 30 automated screening systems agenda nwatchlists noverview of screening processes, workflows and guidance: customer screening transaction screening ncontinuous improvement processes nchallenges nrisk assessment ninitiatives u

23、nderway nassurance nsystems selection process 31 group watch lists - sources nthe groups watch lists are made up of the following components: external vendor provided data consolidated regulatory lists and specialist value added lists external data not publicly available (e.g. from some regulators s

24、uch as singapore) internal group watch lists (i.e. prohibited names, country names, swift bank identification codes). internal country specific watch lists (e.g. lists of credit defaulters, fraudsters, exited accounts etc). nby far the biggest component is from the external vendor (i.e. more than 1

25、million names). they provide us with names in 3 broad categories: a consolidation of publicly available regulatory lists including uk her majestys treasury (hmt) list, us office of office of foreign asset control (ofac), un, eu. a listing of politically exposed persons (peps) a listing of names asso

26、ciated with adverse media 32 3333 group watch lists - uses nglobal screening of potential and existing customer names and select other parties (e.g. counterparties in trade, directors of corporate entities etc) against: all group watchlists nglobal screening of transactions (e.g. swift messages) aga

27、inst: global regulatory lists (i.e. hmt, ofac, enhanced ofac, us patriot act). global internal lists (i.e. prohibited names, country names, bic codes) country specific sanctions lists (e.g. mas, hkma, un) 343434 overview of screening processes automated screening of customers and other parties (e.g.

28、 counterparties, directors or beneficial owners of corporate entities, staff, vendors etc) against the all group watch lists: prior to account opening or undertaking selected transactions (e.g. trade) periodically to ensure existing customers / other parties have not been added to watch lists. looki

29、ng for name or word matches pre and after the event outcomes of confirmed matches: reject new account or transaction application. take appropriate action on existing account in accordance with group customer due diligence (cdd) / sanctions policies and procedures. amend risk rating. issue suspicious

30、 activity report (sar) automated screening of transactions (e.g. swift messages) against the following watchlists: global regulatory lists (i.e. hmt, ofac, enhanced ofac, us patriot act). global internal lists (i.e. prohibited names, country names, bic codes) country specific mandatory lists (e.g. m

31、as, hkma, un) looking for name or word matches. real time prior to message being sent or acted upon. outcomes of confirmed matches: reject transaction. take appropriate action on transaction in accordance with group sanctions policies and procedures. amend customer risk rating. issue sar. screening

32、of customer / other party names screening of transactions 353535 screening statistics - group customer due diligence (cdd) screening at account opening: approx.16k registered users across the group undertake approx. 400 k searches every month as part of customer due diligence processes and other inv

33、estigative searches. this results in approx. 52 k alerts (potential matches) per month being investigated across the group. periodic customer screening: periodic rescreen of the entire customer base (approx. 15 m retail and 126 k wholesale customers) against all group watch lists. this results in ap

34、prox. 160 k alerts per month being investigated by approx. 75 staff within the chennai ssc and in the respective countries. transaction screening: up to 7 m payment messages are screened per month for sanctions purposes, generating up to 460 k alerts per month for further investigation. the equivale

35、nt of approximately 70 full time operations staff are involved in sanctions screening processes. wlm watch list manager wlm feeds two functions:- aoc account opening check for new customers. cmr customer match report for periodic screening of existing accounts wlm aoc cmr 16,000 users across the gro

36、up access aoc to identify high risk sanctioned and high risk names prior to account opening external vendor lists - regulatory lists - peps & associates - adverse media - enhanced lists internal lists - group lists - country lists periodic reports (monthly) are run per country to identify name match

37、es between the watch lists and customer database lists of customer names (country / business / group) wlm database screening systems used customer screening 36 source customer & counterparty names data watchlist management analysis & reporting escalation to country compliance and / or group sanction

38、s advisor review of name matches sanctions screening system shared service centre, payment operations in country messaging system review of name matches payment operations in shared service centre, chennai, india screening systems used transaction screening and workflow alerts (potential name match)

39、 notification of release / reject escalation of alert. 37 sanctions guidance gfcr policies, procedures and guidance 38 sanctions guidance key investigation steps 39 review alert score, the closer the score to 100% the closer the match. compare alerted customer / transaction details against watch lis

40、t entry. for individual customers, compare unique identifying information such as date of birth, passport numbers, fathers name, country of birth, nationality, residence and other background information. for entity customers, compare unique identifying information such as incorporation details (i.e.

41、 country of incorporation, country of operation) company profile and other background information. for payment messages compare address details to determine if it is the same person or entity. review other background information on watch list entry to see if there is any commonality. if still uncert

42、ain can go back to correspondent bank and ask for details. sanctions guidance escalation process 40 outlined in automated payment screening procedure, group names screening systems procedure and group sanctions procedure. group names screening systems procedure steps to be taken if a confirmed match

43、 against sanctions list: follow the group sanctions procedure, inform group sanctions adviser immediately of the name match and action taken, procedures require to act as bound by uk law unless there is a conflict with local law, in which case refer to group sanctions procedure. 41414141 continuous

44、improvement sanctions enhancement programme internal internal audit benchmarking through engagement with industry bodies fsa thematic industry review external consultancy internal periodic policy and procedure reviews by group sanctions advisor & group head of systems & monitoring industry guidance

45、basle committee wolfsberg group fatf sr7 jmlsg name matching logic there are essentially two types of name matching logic: exact name matching used to perform exact name matching against main watch list entities and aliases. non exact name matching (fuzzy matching) used to detect non exact name matc

46、hes against watch list entities and aliases. this includes part matches, name variations, spelling variations and permutations. specific rules help identify close matches by eliminating spaces, special characters, noise words or by adding synonyms, noise words etc. non-exact name matching increases

47、the level of false alerts, therefore systems need to employ techniques to reduce them such as “exclusion or good guy” lists, noise word suppression etc. 42 screening system testing and tuning with the help of external consultants, scb created an independent testing team to periodically test the effe

48、ctiveness its customer and payment screening systems. the team creates data files from sanctions lists to test approximately 40 different exact and non-exact name match scenarios. these are then run against the banks sanctions screening systems in a test environment and the output reviewed to identi

49、fy areas where the systems logic can be enhanced. the general trend is that exact name matching in banks has historically been working effectively, however the level of effectiveness of non-exact name matching is much more varied and there are tests that require improvement. work is continuing to im

50、prove these results. 43 4444444444 swift messagestypes screened there are currently 243 swift message types (mts) in use across the industry. banks may not subscribe to or use all of these and many are not direct payment instructions. banks have each decided for themselves what mts to screen. scb ri

51、sk assesses the swift mts used by the business and covered by its screening systems and with the assistance of external consultants compares that list to industry peers. as a result a group minimum (containing approx 90 mts) has been established and systems are tuned to include these as a minimum. s

52、ystems are updated and aligned as and when policy amended. 4545454545 evaluation of messages rejected all banks will from time to time have their messages rejected by other banks. it is important to monitor this and take appropriate action to avoid continuing rejects. the trends that we are seeing a

53、re as follows: category% of rejects 1. banks system logic did not detect a hit, whereas system at other bank did (e.g. a spelling variation). 5 2. no direct hit against any official watchlist on banks system. the message was either processed without stopping or subject to operator release. bank beli

54、eves message was correctly processed but other bank has taken a different, more cautious interpretation. 15 3. no direct hit against any official watchlist on banks system. hit against other banks internal watchlists and message rejected either immediately or after further investigation. 50 4. hit a

55、gainst official watchlist on banks system. operator makes the wrong judgment or fails to undertake further investigation. 30 total100 challenges in screening process nneed for detailed information on sanctioned parties in sanctions lists to help decisioning of potential name matches (alerts). nneed

56、for accurate and up to date client information to help decisioning of alerts. nturnround times and client expectations. ncommon names and false alerts (e.g. ali khan on ofac list) nspelling variations and the risk of missing true alerts. 46 alternate spelling islamic names first name - mohd iqbal su

57、rname - abd al rahman 395 variations for mohd26 variations for iqbal227 variations for abd al rahman courtesy: language analysis systems inc 47 name variations / aliases hotel booking traffic violation criminal intel file cell phone co. the name problem: one name many variations mustafa khan owasi w

58、anted missed at routine stop moustafa kan elowesse (cultural variation & phonetic variation) mustaffa bouasy (cultural variation) moustafa abouassi (cultural variation) mustaffa kan owazi (character variation) mostaffa ken abdolwasie (cultural variation & character variation) moostapha kanawasi (pho

59、netic variation) criminal record file courtesy: language analysis systems inc 48 name translations taiwan philippines indonesia thailand cambodia myanmar (burma) laos vietnam hong kong macau malaysia china singapore zhang,zhang, q i usuq i usu c hang,c hang, c h i u-suc h i u-su khi u,khi u, saw sae

60、 ti usaw sae ti u c heung,c heung, yau so bettyyau so betty teoh,teoh, khoo towkhoo tow zhang d e c hen,zhang d e c hen, q i u suq i u su the same name across se asia courtesy: language analysis systems inc 49 name translations the same name in a korean telephone book courtesy: language analysis sys