Compliance & Security Best Practices

Questions and Answers

Within the framework of the Head Office Compliance Unit's responsibilities, which activity necessitates the most profound comprehension of cryptographic protocols and their interplay with regulatory stipulations?

• Review of Data and File system backups, ensuring adherence to organizational retention policies.
• Cloud and Cybersecurity checks, including penetration testing and vulnerability assessments. (correct)
• Database Performance Management Review, particularly concerning query optimization and indexing strategies.
• Monitoring of EOD processes to guarantee transaction integrity across disparate systems.

Envision a scenario where a critical vulnerability is identified during a Data Center spot check, potentially impacting the confidentiality and integrity of customer data. Which immediate action aligns most effectively with a defense-in-depth strategy?

• Implement a temporary network segmentation to isolate the affected systems, minimizing lateral movement. (correct)
• Deploy an intrusion detection system (IDS) tuned to the specific vulnerability signature to monitor for exploitation attempts.
• Initiate a full system shutdown to prevent further exploitation and potential data exfiltration.
• Immediately escalate the issue to external cybersecurity consultants for remediation guidance.

In the context of NEFT/NIBSS transactions monitoring, which type of anomaly detection methodology would prove most effective in identifying sophisticated fraud patterns involving multiple colluding accounts, while minimizing false positives?

• Rule-based systems with predefined thresholds for transaction amounts and frequency.
• Unsupervised machine learning clustering techniques combined with social network analysis. (correct)
• Statistical analysis utilizing moving averages and standard deviations of individual account activity.
• Supervised machine learning with labeled datasets of known fraudulent transactions.

Regarding the review of Mobile Financial Services (MFS) & Digital Loans, what assessment is most crucial to ensure adherence to regulatory guidelines and the mitigation of unintended consequences?

Analysis of the algorithms used for credit scoring and loan approval, focusing on potential biases. (A)

Considering the Retail Compliance Unit's responsibilities, which control procedure MOST effectively mitigates the risk of internal fraud involving collusion between a branch employee and a customer?

Implementation of a robust data analytics system to detect anomalies in transaction patterns. (C)

In addressing customer complaints, which methodological approach would yield the most comprehensive insight into systemic failures and opportunities for service refinement?

Conducting root cause analysis to determine the underlying factors contributing to complaint generation. (C)

When coordinating regulatory examinations, which strategy best ensures comprehensive coverage of the bank's compliance posture while minimizing disruption to ongoing operations?

Developing a centralized repository for all compliance-related documentation, fostering transparency and accessibility. (D)

Within the Three Lines of Defence model, which entity is primarily responsible for developing risk-based Compliance Monitoring and Testing plans to assess adherence to risk appetite?

The Compliance Monitoring and Testing function, focusing on assessing businesses and functions. (A)

Assuming a scenario where a subsidiary is found to have deviated from the group's policies regarding Principal Officer's expenses, which unit is primarily responsible for detecting this non-compliance through routine monitoring?

The Subsidiaries Conduct & Compliance Unit, based on their oversight and review responsibilities. (A)

Considering the functions of the Subsidiaries Conduct & Compliance Unit, which action exemplifies their role as a liaison between the Group Office and the subsidiaries?

Disseminating policies and Standard Operating Procedures (SOPs) to the subsidiaries for adoption. (D)

Within the context of the Three Lines of Defence model, if Internal Audit identifies a significant control weakness that was previously undetected by Compliance Monitoring and Testing, what is the MOST appropriate next step?

Compliance Monitoring and Testing should reassess its risk-based monitoring plan to address the identified gap. (D)

Assuming a scenario where a banking group seeks to improve the alignment of subsidiary compliance activities with overall group strategy, which initiative would MOST effectively address this objective?

Establishing clear reporting lines from subsidiary compliance officers to the Group Chief Compliance Officer (CCO). (C)

Considering the role of the Subsidiaries Daily Trial Balance Review, what specific risk is this procedure PRIMARILY designed to mitigate?

Fraud risk associated with the manipulation of accounting records. (D)

Within the Three Lines of Defence model, if a business unit identifies a significant regulatory breach, what is their MOST immediate responsibility?

Immediately reporting the breach to Compliance Monitoring and commence remediation. (B)

Hypothetically, if the weekly cheque kiting report from a country indicates a pattern of suspicious transactions, which unit should initiate a detailed investigation?

The Subsidiaries Conduct & Compliance Unit, given their responsibility for monitoring subsidiary activities. (A)

Suppose a subsidiary seeks to adopt a new technology platform that could significantly impact its compliance framework. According to the Three Lines of Defence model, which stakeholders should be involved in assessing the compliance-related risks of this platform PRIOR to implementation?

The Businesses, Compliance Monitoring and Testing, and Internal Audit should conduct independent assessments. (D)

In the context of the Money Laundering Prohibition and Prevention Act 2011 (as amended in 2022) in Nigeria, what is the critical hierarchical distinction mandated for compliance officers within financial institutions?

The CCO must not be below the rank of a General Manager, and the ECO must not be below the rank of an Executive Director, reflecting a clear escalation path for compliance matters. (B)

Beyond adherence to legal statutes and regulatory mandates, what potential repercussions might a financial institution face due to non-compliance, even in the absence of direct sanctions?

Adverse/negative publicity and reputational damage. (C)

What constitutes the core responsibility of a Chief Compliance Officer (CCO) within a financial institution, as defined by international standards and Nigerian regulations?

The responsibility for ensuring that the bank adheres to all laws and regulations governing its business operations. (C)

Within the organizational framework of Deposit Money Banks (DMBs) in Nigeria, to whom does the Chief Compliance Officer (CCO) directly report, reflecting the hierarchical importance of the compliance function?

The Executive Compliance Officer (ECO), who is an Executive Director. (D)

Concerning AML program oversight, what specific mandate is bestowed upon the Chief Compliance Officer (CCO) within a financial institution?

The CCO has full responsibility for overseeing, developing, updating, and enforcing the AML program. (A)

How is the authority of the Chief Compliance Officer (CCO) defined concerning anti-money laundering (AML) policies and procedures within the bank?

The CCO has sufficient authority to oversee, develop, update, and enforce anti-money laundering policies and procedures throughout the bank. (A)

Consider a scenario where a financial institution's Chief Compliance Officer (CCO) identifies a significant gap in the existing AML Program. What course of action should the CCO, with their defined authority, undertake?

The CCO should immediately undertake the necessary steps to update and enforce the AML program, leveraging their authority. (A)

A bank is undergoing rapid expansion, opening multiple new branches. How should the bank ensure compliance with Section 9 of the Money Laundering Prohibition and Prevention Act 2011 (as amended in 2022) regarding the appointment of Chief Compliance Officers?

The bank must appoint a CCO at the management level at its headquarters and at every branch and local office. (C)

In the event of a regulatory examination that reveals significant AML deficiencies which senior management was aware of but did not remediate, what potential repercussions could the Executive Compliance Officer (ECO) face, beyond institutional sanctions?

Personal liability, including potential fines and imprisonment, alongside reputational damage and disqualification from holding similar positions in the future. (B)

Considering the evolving landscape of financial crime and regulatory expectations, how should a Chief Compliance Officer (CCO) proactively address emerging risks beyond the scope of existing AML policies and procedures?

By establishing a robust framework for continuous risk assessment, scenario analysis, and adaptive policy development, informed by intelligence sharing and industry best practices. (C)

In the context of AML compliance, what is the MOST critical consideration when tailoring written procedures for an AML program?

Aligning the procedures with the bank's actual operational modalities and conducting a meticulous risk assessment of its vulnerabilities to financial crime. (C)

Consider a scenario where a bank employee, deeply involved in structuring complex financial instruments, consistently bypasses AML protocols citing 'client confidentiality' and 'urgency.' What is the MOST appropriate course of action for the Chief Compliance Officer?

To conduct a comprehensive audit of all transactions handled by the employee, coupled with immediate disciplinary action and mandatory retraining. (D)

When should the AML procedures should be updated?

Whenever there are changes to laws, regulations, business operations, or when new risks are identified. (A)

In designing an AML training program, what approach MOST effectively ensures comprehensive employee understanding and adherence to AML policies?

Conducting highly specialized training sessions tailored to the specific roles and responsibilities of different employee groups, supplemented by regular updates. (A)

What constitutes the MOST effective strategy for a Chief Compliance Officer to foster a culture of compliance within a financial institution?

Creating a work environment where employees are encouraged to report suspected violations without fear of retaliation, coupled with consistent enforcement. (B)

A Chief Compliance Officer discovers a pattern of unusual wire transfers linked to a high-profile client known for their philanthropic activities. The transfers are just below the reporting threshold, but collectively substantial. What is the MOST responsible course of action?

To conduct an exhaustive internal investigation, file a Suspicious Activity Report (SAR) with relevant authorities, and reassess the client's risk profile. (D)

What is the PRIMARY reason for maintaining meticulous records of employee attendance and content covered during AML training sessions?

To demonstrate the organization's commitment to regulatory compliance and provide evidence of adequate training in the event of an audit or investigation (B)

What is the MOST effective method for identifying 'red flags' that may indicate potential money laundering activities within a bank's operational framework?

Implementing a combination of advanced technology solutions, employee training, and ongoing risk assessments to foster a holistic approach to detection. (C)

An employee notices a colleague consistently accepting lavish gifts from a client known for operating several offshore shell corporations. The employee reports this to the compliance department, but no action is taken. What should the employee do?

Escalate the concern to a higher authority within the organization, or consider reporting it to external regulatory agencies if necessary. (B)

A financial institution is implementing a new AML program. Which of the following steps is MOST crucial for ensuring the program's effectiveness and long-term sustainability?

Conducting a comprehensive risk assessment, developing tailored policies and procedures, and providing ongoing employee training and independent audits. (D)

A politically exposed person (PEP) initiates an unusually large transaction that deviates significantly from their established transaction pattern. The financial institution (FI) has already obtained senior management approval and established the source of wealth. Which of the following actions MUST the FI immediately undertake, according to regulatory stipulations?

Flag the account and immediately report the transaction to the NFIU as a suspicious transaction, irrespective of the established source of wealth. (A)

A financial institution (FI) identifies a transaction that involves a complex series of transfers across multiple jurisdictions, ultimately lacking clear economic justification. While no direct evidence of terrorist financing is immediately apparent, the complexity and lack of lawful objective raise concerns. Under what conditions in Section 38 must the FI deem this transaction suspicious?

If, in the FI's opinion, the transaction appears to have no economic justification or lawful objective, irrespective of direct links to terrorist financing. (D)

A financial institution (FI) suspects that funds, irrespective of their origin, are intended for terrorist financing purposes. What actions MUST the FI undertake regarding confidentiality rules and banking secrecy obligations according to Section 38 (2)?

Immediately report the matter to NFIU without liability for violating confidentiality rules and banking secrecy obligations, regardless of the funds’ legal or illegal source. (C)

An individual attempts to initiate a wire transfer of US$950. Which of the following data points relating to the originator MUST the ordering financial institution (FI) obtain and maintain, as stipulated by the regulatory provisions?

The FI is exempt from collecting any originator information since the transaction is below the US$1,000 threshold. (A)

A financial institution (FI) identifies a series of domestic transactions meeting the criteria for reporting under Section 40. What is the maximum timeframe allowed for submitting a written report containing all relevant information on the transaction, together with the identity of the principles and beneficial owners?

Within 24 hours of identifying the suspicious activity. (A)

Flashcards

Head Office Compliance Unit

Oversees Information System Security, IT standards, application certification, archiving, cloud and cybersecurity checks, and data center management.

Retail Compliance Unit

Monitors KYC, branch controls, closed accounts, conducts spot checks, trains branch staff, manages vault and cash.

Global Compliance Advisory Unit

Handles compliance training, ethics, anti-bribery measures, policy reviews, and customer complaints resolution.

KYC Review

Ensures new and existing accounts adhere to KYC (Know Your Customer) regulations to prevent illicit activities.

Spot Checks

The periodic, unscheduled examination of a bank's premises or activities to verify compliance and identify issues.

Mobile Services Review

Review of Mobile Financial Services (MFS), Digital Loans, Token Issuance and Linking to Customers and Reset

Assets Monitoring

Monitoring process of Procurement and Disposal of assets and consumables

Subsidiaries Conduct & Compliance Unit

A unit acting as a bridge between the Group Office and subsidiaries, overseeing compliance and policy adoption.

Subsidiaries Daily Trial Balance Review

Reviewing daily trial balances to detect unusual financial activity.

Review of Weekly Cheque Kiting Report

Reviewing reports to indentify any instances of cheque kiting.

Review of Country Compliance

Verifying that the subsidiaries are following group policies, especially regarding expenses.

Off-Site Compliance Review of Countries

Remote compliance checks of subsidiaries.

Three Lines of Defence Model

A risk management model with three levels of control.

First Line of Defence Responsibilities

Own and manage compliance risks, implement controls, and ensure quality.

Second Line of Defence Responsibilities

Develops risk-based testing plans to assess control effectiveness.

Third Line of Defence Responsibilities

Develops independent audit plans providing assurance on risk management and process effectiveness. The Auditing role

Politically Exposed Persons (PEPs)

Individuals entrusted with prominent public functions.

Suspicious Transaction Reports (STRs)

Transactions with unjustifiable frequency, unusual complexity, no economic justification, or suspected terrorist financing.

Wire Transfer Information

For wire transfers of US$1,000 or more, financial institutions must obtain the originator's name, account number (or reference number), and address (or national identity number).

Threshold for Reporting to NFIU

Financial institutions must report single transactions above N5,000,000 (individual) or N10,000,000 (corporate) to the NFIU.

Record Keeping Duration

Financial institutions must keep transaction records for at least five years.

Compliance Officer

An international standard where institutions appoint a person to oversee compliance with laws and regulations.

Money Laundering Prohibition and Prevention Act 2011 (amended 2022)

Nigerian law requiring all financial institutions to have Chief Compliance Officers at the management level.

Chief Compliance Officer (CCO)

Staff member responsible for ensuring the bank follows all laws and regulations.

Executive Compliance Officer (ECO)

The CCO reports to this person, who is an Executive Director.

CCO Responsibilities

The CCO should possess the authority to oversee, develop, update and enforce anti-money laundering policies and procedures throughout the bank.

CCO & AML Program

The CCO must have full responsibility for overseeing, developing, updating, and enforcing the AML Program.

CCO's Core Duty

Overseeing, developing, updating and enforcing the AML Program.

CCO Authority

CCOs need to have high enough authority to enforce policies.

Consequences of Non-Compliance

Negative publicity and reputation damage.

CCO and ECO Rank

Regardless of the category of the financial institution, the CCO must not be below the rank of a General Manager and the ECO should not be below the rank of an Executive Director.

AML Competence

Knowledge of money laundering risks and the AML legal framework.

AML Policy Goal

Deter and detect money laundering and terrorist financing.

AML Procedures

Policies based on business, risk assessment of vulnerabilities, designed to detect activities, and identify 'red flags'.

Enforcing AML Program

Supervising compliance, updating procedures, and consistent disciplinary action.

AML Training

Training of appropriate employees and new employees, periodic retraining and updating, and record keeping.

Corporate AML Policy

A clear corporate policy against involvement in money laundering and terrorist financing.

Written AML Procedures

Setting up written procedures based on the bank’s actual method of doing business.

Updating AML Procedures Trigger

Updating AML procedures as laws/regulations or business operations change.

AML Non-Compliance

Consistent disciplinary action against employees who don't follow AML procedures.

CCO's AML Responsibilities

Developing, implementing, directing/enforcing, training, and auditing the program.

Study Notes

Compliance Culture and Function

• Presented by Group Conduct and Compliance.

Corporate Philosophy

• Access Bank's vision is to be the world's most respected African Bank.
• Access mission is to set standards for sustainable business practices, unleash employee talents, deliver superior value to customers, and provide innovative solutions for the markets and communities it serves.
• The core values include leadership, excellence, empowered employees, passion for customers, professionalism, and innovation.

Course Outline

• Module 1 focuses on the Conduct and Compliance Group's structure, function and culture.
• Module 2 addresses Anti-money Laundering and Countering the Financing of Terrorism.
• Module 3 concerns Knowing Your Customer, CDD (Customer Due Diligence), and Beneficial Owners.
• Module 4 is about Ethics and Conduct.
• Module 5 is about Whistleblowing.

Course Objectives

• Participants are equipped with knowledge of the compliance function.
• An understanding of the principles to fight money laundering and terrorist financing is provided.
• Trainees are educated about proper KYC in line with the Bank's vision.
• Trainees are guided on their duty in fighting bribery and corruption.
• The essence of right conduct for the business of banking is instilled.

What is Compliance?

• The Compliance Function ensures observance with policies, applicable laws, regulations, and corporate ethical standards both locally and internationally.
• Compliance is a middle office function involving observance and conformity with regulatory requirements.
• It manages reputation and regulatory risks, and some operational risk elements.
• Compliance risk is the impairment to a bank's model, reputation, and financial condition due to non-compliance with laws, regulations, controls, and policies.
• Compliance describes acting according to orders, rules, or requests.
• Business compliance occurs at two levels: compliance to external rules and compliance with internal controls to meet externally imposed rules.

What is Compliance Risk?

• Compliance Risk is the risk of regulatory sanctions, financial loss, or reputational damage due to failure to comply with organization standards and applicable codes for banking activities.
• At Access Bank, complying with laws and guidelines delivers superior value to customers.

Characteristics of a Good Compliance Officer

• A good compliance officer is competent, self-motivated, meticulous, and knowledgeable in corporate governance.
• They are risk-focused, independent, confidential, and have good interpersonal relations with regulators.
• They possess a strong understanding of regulations affecting their local and international environment.
• Discretion, impartiality, critical thinking, and neutrality are key characteristics.
• Proactiveness, independent judgment, natural authority, and relevant experience in the industry are crucial.

Conduct and Compliance Objectives

• The compliance function aims at supporting the first line of defense, upholding laws, maximizing opportunities, minimizing risks, and optimizing efficiency.
• It safeguards stakeholders' interests/assets, ensures employee compliance awareness, and mitigates compliance breaches.
• Additional aims include encouraging a better workplace culture, removing bank liability in wrongdoing, and protecting the organization's reputation.

Summary of Key Functions & Activities

• Regulatory Surveillance Compliance Unit: handles regulatory inquiries, acts as liaison, coordinates with law enforcement, establishes partnerships, scans for updates, and ensures healthy partnership with regulators and law enforcement.
• Financial Crimes Compliance Unit: assess AML/CFT risk, monitors transactions including high-risk ones, performs KYC/Due Diligence, monitors specialized products, reviews staff accounts, and reviews STRs.
• Head Office Compliance Unit: is responsible for information system security, IT standards, application certification, cloud and cybersecurity checks, data center management, data system back up, reviews databases, handles transaction, monitors the procurement process, etc.
• Retail Compliance Unit: reviews KYC for new/existing accounts, monitors control logs, reviews closed branch functions, trains staff, and ensures vault and cash administration.
• Global Compliance Advisory Unit: focuses on compliance training and awareness, ethics, anti-bribery, corruption risk assessment, policy review, and resolves bank-wide audit exceptions.
• Subsidiaries Conduct & Compliance Unit: liaises between the Group Office and subsidiaries, overseeing compliance monitoring, policy dissemination, and review of reports from countries related to compliance and expenses.

The Three Lines of Defence Model

• Businesses own and manage their compliance risks by implementing internal controls and quality assurance mechanisms.
• Compliance develops risk-based monitoring/testing plans to assess functions' adherence to compliance risk appetite.
• Internal Audit develops independent audit plans to test controls, providing assurance that risk management and controls are operating effectively.
• Businesses utilize internal risk control functions or quality assurance processes to verify the controls' effectiveness, including through a Manager's Control Assessment process.
• Compliance utilizes ongoing Compliance Monitoring, periodic Compliance Testing, and other quality controls to provide reasonable assurance that the Bank is complying with laws, regulations, and standards.
• Internal Audit executes audits, assesses controls, and provides independent assurance on the design, operation, and effectiveness of controls.
• Businesses adopt and follow reporting/escalation protocols, reporting risk items to management committees.
• Compliance escalates monitoring exceptions and issues compliance testing reports, following up on remedial actions.
• Internal Audit issues reports and tracks remedial actions, reported on through management.

The Compliance Function Mandate

• Focus on Regulatory Intelligence aims at increasing regulatory intelligence to keep up with the regulatory environment and strengthen the relationship with regulatory bodies.
• Strengthen Internal Controls aims at improving internal controls with an effective compliance culture and establishing policies for risks/controls documentation.
• Empower First-Line of Defense involves holding the first line responsible for non-compliance and promoting knowledge transfer through training.

Who is a Chief Compliance Officer?

• The CCO is responsible for effective management of compliance risk in the bank.
• All institutions should appoint a CCO, it is an international standard.
• In Nigeria Section 9 of the Money Laundering Prohibition and Prevention Act 2011 (amended in 2022) mandates a CCO in financial institutions at management level, headquarters, branches, and local offices.
• The function of compliance is important.
• Failure to adhere to compliance issues can result in adverse publicity and reputational damage.
• The Chief Compliance Officer is the designated staff ensuring compliance with governing laws and regulations.
• DMBs are mandated to appoint a CCO (not below a General Manager) and an Executive Compliance Office (ECO), who should not be below the rank of an Executive Director

Chief Compliance Officer & AML Program

• The Chief Compliance Officer (CCO) is responsible for overseeing, developing, updating, and enforcing the AML Program.
• CCOs need sufficient authority to oversee and enforce anti-money laundering policies and procedures.
• CCOs are expected to be competent and knowledgeable in money laundering issues, risks, and anti-money laundering legal frameworks.
• Responsibilities include developing policies to deter money laundering/terrorist financing, implementing the AML Program directing and enforcing it.
• Responsibilities include training employees on it, and ensuring independent AML program audits.

Chief Compliance Officer & AML Program/2

• Developing policies to deter money laundering and terrorist financing includes having policies against involvement in money laundering and terrorist financing.
• Development includes support for deterrence and detection of it through the AML Program.
• Development includes a clear policy on enforcing the AML Program and prohibiting retaliation against those reporting.
• Steps for implementing the AML Program include setting up written procedures based on business methods, vulnerabilities to money laundering, activities designed to detect such actions, and red flags that indicate potential money laundering.

Chief Compliance Officer & AML Program/3

• Directing and enforcing the AML Program includes maintaining AML policies and procedures, training and education and engagement in action against those who do not follow procedures.
• Training of employees on Anti-Money Laundering Program is critical.
• Employee attendance must be kept as a record.

Chief Compliance Officer & AML Program/4

• A CCO should advise senior management on law, rules and ethics, act as a matter of compliance, act as intermediary between regulators and the company, ensure all returns are sent to regulatory bodies as at when due and formulate proposals for amendments.

Components of an Effective Compliance Program

• Components: Designated Chief Compliance Officer, Internal Policies, Procedures, and Controls, KYC/CDD/EDD/STR/SAR, Employee Training Program, Document Retention, and Independent Testing.
• Tools: Knowledge, Training, Authority, Control, Culture, Manuals/Handbook, Adequate Staffing, Software Solutions, Commitment, Contacts/Networking/Building Bridges, Independent Testing, Communication, and Expertise.

Compliance Culture

• Compliance culture is an establishment of attitudes and workflow to builds compliance management.
• Good Compliance culture includes: established by top-management, characterized by senior management, inseparable for org. structures, clearly communicated/embedded activities, reinforced by penalties, integral to info system/management and incorporated in enterprise risk management.

Building a culture of compliance-The Three C's of Compliance

• Communication facilitates policies, procedures, and regulations.
• Confirmation involves monitorin.
• Correction ensures product and process owners close identified gaps.

Benefits of a good Compliance Culture Vs Lack of It

• Benefits: Includes, avoidance of criminal charges, good brand reputation, better operational efficiency, planning and strong bottom line with employee loyalty.
• Lack: Includes, regulatory scrutinity, heave fines, loss of personnel and reputational loss.

Compliance and Co-operation with other Groups

• Legal: Handles developments in legislation and consequences for the Group along with complaints.
• Human Resources: Applies internal regulations with codes of conduct and training.
• Internal Audit: Reviews all risk assessments and activities.
• Financial Control: Uses regulatory reporting, accounts with CBN etc.
• Business Units: Applies transaction monitoring and customer onboarding activities.

Money Laundering (ML) - Facts

• The conversion/transfer of property to conceal its illicit origin, or to assist someone involved in a crime to evade legal consequence
• ML involves: Concealment, disguise, transfer, receipt, aiding etc.
• The offenses is a 'Catch-all', which applies to natural, civil and legal persons.
• Deception is the key, and Wilful blindness should be avoided.

But Why partake in ML?

• ML conceals assets to avoid forfeiture of money
• ML disguises origins of wealths to divert attention from LEAs
• ML offers economic explanation at transaction sources
• ML allows escape punishment and destroy evidence to legitimize illegal funds.

Money Laundering Stages

• ML involve 3 steps of Placement, Layering and Integration:
  • Proceeds from illegal activities are placed into financial systems.
    • ML then transfer the money to conceal illegal origin by use of layers
      • The illegal funds are integrated and cleanse to appear legitimate.

Money Laundering (ML) - Red Flags

• Warning Signs for ML include:
  • Discrepancies, unrealted business transaction, multiple foreign bank accounts, high-risk countries, inconsistend explanations, missing documents.

Money Laundering (ML) - Predicate Offences

• Predicate offenses for money laundering include participation in organized crimes, fraud, forgery and Insider tradings.

Terrorist Financing (TF) - Facts

• TF is the financing of the acts and organizations of terror.
  • TF uses formal and non-formal sources of funds and techniques to achieve crime.
  • Techniques are like those of ML, aimed at evading authority and protecting financial sources.
  • Source of funds include raising membership and goods sales.

Terrorist Financing (TF) - Terrorist Financing/Red Flags

• Red Flags include:
  • Customer's occupation do not match account amount nor activity
  • Shared address with unknown persons -Small funds transfer
  • High risk destination of FX transfers
  • Dormancy activities as a result of training for combat
  • Lack of Economic transaction Note: A STR must be made if the Red Flags are observed.

Counter Proliferation (and Financing) of Weapons of Mass Destruction (WMD)

• Weapons of Mass Destruction are used for transer of nuclear, chemical and bio hazard weapons as it's delivery.
  • This disruption is essential as it affects systemically the country while it applies the same control as terrorist financing. With Recommendation 7 and 9.

Proliferation Financing (PF): Red Flags

• "Many-to-one", parties from country engaging in Terror act, individual in transaction is on sanctions.
• A sudden change in financial habits as a sign of fundraising for PF,
• Inconsistencies in trade documents Note: A STR must be made if the Red Flags are observed

Access banks does:

• Management approval frameworks, transaction monitoring, sensitization and awareness as it screens customers.
• It has strict compliance to the laws/legislations.

ML/TF/PF: Differences & Red Flags

• ML motives comes from profit of the individual for illegitimate activities with formal routes while it is illegal. Inconsistencies as red flags.
• The aim of TF is for ideological reasons with legitimate activities done through informal routes. Small cash use as the red flag.
• PF activities are ideological on virtual assets (crypto) and uses both legitmate/illegitimate routes.

Redesigned STR Filling Process on Proccessmaker

• AML/CFT/CPF 2022 mandates bank to forward STR with 24 hours on funds transfer.
  • For illegal activities that relates to terrorism. Note: Failure to meet requirement violates CBN rules and procedure to log case.

How to File STR/SAR Cont.

• SAR filling must contain local and foreigh logs for money
• Account holders follows the STR filing steps and uploads the XML to process maker.
  • For local funding, it to to make and send the xml
  • For new user, need to follow same XML method. For IMTO,
• Submit then go back to edit XML, which takes you to notes .
• Log into GOAML to upload XML file
  • Note, then input NFIU report to enable submission of the case process. Checks and Balances: Log into GOAML portal and click on submitted report to check details and status.

Law Enforcement/regulatory in Nigeria

• CBN, Economic and Financial Crimes Commission(EFCC), Nigeria Deposit Insurance Corporation(NDIC) and National Drug Law Enforcement Agency(NDLEA)
• Also: Nigeria Financial Intelligence Unit (NFIU), SCUML etc

KYC-CUSTOMER PROFILE

• Important: details of a customer must be correctly filled in. Name of staff must be correctly done. and occupation etc.

Additional notes for KYC:

• Note: each field as corporate or personal, depends on type on source, must be ticked and completed.

• An Anti Money Laundering Risk management Worksheet, must have "high risk" and the reasons completed correctly.

Three KYC Tier are:

• 1 has information provided not required,
• 2 has evidence which is required
• 3 provides what applies

Anti-Money Laundering Risk Management Worksheet Form

• These must be properly checked as its a basis of bank compliance:
  • High Risk area , reason, and classification.

What is KYC?

• A due deligence and bank that regulated by financial institution to the following:
  • Reasonably and determine identity/benefial ownership. Know-What you should know?:
• make reasonable effort to determine identity and beneficial ownership of the accounts.
• your =Account Officers and Relationship Managers
• Customer= A "real" person,

Business Advisory Tool for Customer Understanding

• What are you customer and why for? - Bank must understand the needs and concerns to provide a profile. - Understanding the purpose of use.

What is Customer Due Diligence?

• A Financial Institution shall verify its customer's identity and address to the following:
  • Verifying ID from multiple sources with relationship intentions. Note: The customer needs the RM or AO (risk monitor/account officers) of the transaction.

Due Diligence (cust) and 2023 requirements. Includes:

• New legislation for penalties apart from ECO,
• Maintain BO registered to include vote status, Wealth, PEC status. Line with memorandum 17 of F1 .

Tipping off , new rules CBN 2023.

• Do not pursue code process and file STR w NFIU as follows.

what is new on:

• tiered kycs

• trustes What is needed

• Blind trust- trust with grantor Identified etc.

New legislation: CBN 2023 code.

F1 shall use identification issued by the Nigerian immigration Services or other recognizable, government agency to render banking service to refugees or asylum seekers. Electronic KYC Fls shall adhere to e-KYC requirements Correspondent financial institution shall terminate an account with a correspondent bank Non face to face customer systems or solutions that are designed to recognize unusual transactions and related patterns of transactions shall he put in place to recognize suspicious transactions; and

CDD requirements

• Access bank prohibits and trade with items goods on relation to its customer : shell companies: Hawala (WMDs)/Weapons"Weapons Proliferation, Crypto, Narcotics

CDDHIGH Risk-

• Customers :non residence high net individuals, trust,charities, sleeping people with partnerships, government.

The Ultimate Beneficial Owners (UBO):

• Refers to a individual maintains control/ ownership
• Definition: has over 5% shares -All BO records in the register should be created for CDD processes

Red Flags for Identifying BOs (beneficial owners) AND obligations

• Where the records in in correct, - Apply "risk" of the approach and report.

Determinations of "beneficial ownership" -:bo.

• Hold 5% of shares.
• Who to conduct ,and those to exercise .effective control.

Domesticated PEP List

• Elected politicians in the LegislativeArm of Government including Senators, House ofRepresentatives, House of Assembly and Councilors. • Elected politicians at National, State and LocalGovernment levels.

• All those who exercise political or official control at all levels of Government in Nigeria either directly or through proxies
• Reasons why PEPS are not Detected and Flagged • Non availability of information on search engines andonline resources about the status of someindividuals who are PEPs. . Customer became PEP long after on-boarding
• What to do when a PEP is Identified All PEP relationship must have an approvedEDD, What to do when a PEP is Identified, Take adequate measures to establish the source of wealth

What to do when you see "politically exposed person"

• FATF considers them high risk due to terrorism and abuse of funds • What are we doing?

Politically Exposed Persons/What are WE Doing??: • Due to "power" can engage in "Money Laudering,terrorism financing”.

• **Steps and Actions (Bank Code): -Obtain senior approval,Flag it,

Steps and Actions for Code Ethics

• The Access banks promotes business ethics. including

  Establishes a written code with. top management.

Definition of Ethics

• Business ethics are rules to examine the process " ethics and ethics that arise in a business .
• *Access bank "3" points as it Ethical Code Ethics in the work place requires compliance with rules and standards: Compliance will improve the Access Bank

Ethics are of what to accept /not accept

Main rules of the Access bank

Must accept the terms. / Must accept the terms.

Personal conflict. / Interest in the bank.

• Note must be declared before hand.

Code of ethics require for bank:

• To avoid tipping.
• Fraud.
• Corruption

Key terms: Transparency, code requirements What to do if you see "Bribery"? • is illegal: the laws • the ethics code, what are steps to be taken

Steps Access bank has taken: What are WE Doing??:

• Inyag Ethics"Senior Manager to"Corruption Code • ABC policy • Anti –Bribery "prevention" with agreement • Corruption Training/clauses are in Vendors. Note also, -Must promote "ethical behavior".

Benefits code for "Ethics":

• Enhances trust" • Guiding and better reduction " Ethics"

code: for Misconduct?

• Classification includes, "minor","Gross"
• Lateness,unlicensed software are breaches".
• The company requires you to report all illegal acts. ( whistle blowers)*

what are the features for whistleblowers?

• The ethics, allows "3" means of contacts, the code Phone calls, to remain annyamous

• Reporting is with deloitte ( no consequences)
• It creates a anonymous enviroment.
• key items on -Whistle /Blowing 1- channels to report: 2- it creates good governance +risk management? 3- allows for protection and anonymous reporting.

Note reasons for. whistle blowing

• What is expected and protected,
• The silence of reporting as a sign" code
• Provides you with "rights"!

What would stop Whistle blowing?

• Fear of victimization/Retribution, a skeleton /cupboards.

Description

Assessing compliance tasks involving cryptography, data vulnerability responses, transaction monitoring for fraud, mobile financial services, and retail compliance controls. Focus on regulatory adherence and unintended consequences. Best practices in security and regulatory oversight.