WATCH WEBINAR: https://www.caseware.com/alessa/webinars/elements-customer-risk-profiles-relationships/
Customer risk rating is an integral part of the customer due diligence process, yet it can be a difficult tool to implement. The risk tolerance of the organization, what products are used, what data is available and the weighting of each risk factor are just some of the variables that need to be considered to determine whether the overall aggregate score is considered high-, medium- or low- risk.
In Part 1 of this webinar series, Laurie Kelly, CAMS will discuss her experience with calculating risk ratings and things that every financial institution should consider.
Viewers will learn about the objectives and fundamentals of customer risk scoring, as well as a logical way to categorize types of risks. She will then review various risk factors to consider when assessing customer risk from a demographic/profile and relationships perspective.
Finally, Laurie will explore separately individual and business/commercial customers risk factors but with a greater focus on business customers, which have more nuanced and complex risk considerations.
About Alessa, a CaseWare RCM product:
Alessa is a financial crime detection, prevention and management solution offered by CaseWare RCM Inc. With deployments in more than 20 countries in banking, insurance, FinTech, gaming, manufacturing, retail and more, Alessa is the only platform organizations need to identify high-risk activities and stay ahead of compliance. To learn more about how Alessa can help your organization ensure compliance, detect complex fraud schemes, and prevent waste, abuse and misuse, visit us at caseware.com/alessa.
Connect with us online:
Visit the Alessa WEBSITE: https://www.caseware.com/alessa/
Follow Alessa on LINKEDIN: https://www.linkedin.com/caseware-alessa
Follow Alessa on TWITTER: https://twitter.com/casewarealessa
SUBSCRIBE to Alessa on YouTube: http://tiny.cc/Alessa
2. https://www.alessa.caseware.com/ 2
Alessa: Integrated AML Compliance Solution
Customer Due
Diligence
Transaction
Monitoring/
Screening
Regulatory
Reporting
Sanctions
Screening
AML
Capabilities
Data Management, Workflows, Case Management,
Fraud Detection & Prevention (Advanced Analytics)
Traditional FIs FinTechs
Gaming and
Casinos
MSBs
Markets
Questions? Email us at alessa@caseware.com
3. https://www.alessa.caseware.com/
Agenda
3
1. What is risk, and why do we care about it?
2. Customer Due Diligence vs. CIP
3. Categorizing, quantifying and measuring
customer risk
4. Profile and Relationships risk factors for
individuals/consumers and businesses/legal
entity clients
5. Relationships in context of customer risk
6. Key Takeaways and Q & A
4. https://www.alessa.caseware.com/ 4
What is risk?
The intentional interaction with uncertainty
Uncertainty is a potential, unpredictable, and uncontrollable outcome
Risk is an aspect of action, taken despite uncertainty
A subjective judgment made about the severity and probability of a risk
Risk Perception:
Risk:
5. https://www.alessa.caseware.com/
FinCEN CDD Rule: Customer Risk Profile
Challenge for compliance professionals: Not so much WHY, but HOW?
Certain elements of customer risk scoring only you can determine:
• How you build your institution’s scoring model – which risk factors you choose, and
if/how you assign weights to different factors
• How you incorporate customer risk scores into your transaction monitoring software
5
Why a Customer Risk Score/Rating?
“A financial institution should establish an understanding of the money
laundering and terrorist financing risks of its customers.”
Department of the Treasury, Financial Crimes Enforcement Network (2016)
6. https://www.alessa.caseware.com/ 6
Customer Due Diligence vs. CIP
Customer Due Diligence is:
Detailed analysis of a customer from a
money laundering risk perspective
Assessment of risk factors involving
demographic data, products/services,
anticipated transaction behavior, and
geography
May expand into enhanced due diligence
Ongoing, continuously evolving over life of
customer relationship
CIP + CDD = KYC
CIP is:
Identity verification
For new customers
For beneficial owners of legal
entity customers
Government photo ID, address,
date of birth for individuals
OFAC screening
One and done
8. https://www.alessa.caseware.com/
• Customer risk scoring model: Keep it simple
• Need to quantify risk objectively, but be able to modify for judgement
• Most models are way too complex
• Will never be perfect
8
Quantifying and Measuring Risk
Important: Risk scores should be dynamic
10. https://www.alessa.caseware.com/ 10
Risk Factors: Individual/Consumer Clients
Risk Factor Why?
Channel – online or third party Anonymity factor - collusion
Depth & length of relationship Mitigating factor – longer/deeper is lower risk
Employment status
–Unemployed ask why
Cash basis – placement risk; potential undocumented status
Assets & sources of wealth
Higher than expected for stated employment; unusual or irregular sources
– red flags
Citizenship status & residence Non-resident alien; potential money mule
Politically Exposed Person (PEP)
Higher risk of involvement in money laundering, bribery, corruption or
terrorist financing
Joint account – no familial
relationship
Red flag for potential fraud or funnel account
Anticipated risky transaction activity Cross border transfers, frequent cash deposits are high risk indicators
– risk of comingling, fraudSelf-employed
11. https://www.alessa.caseware.com/ 11
Individual/Consumer Clients: Case Study
Mr. Talal Chahine:
• Naturalized citizen, native of Lebanon
• Prominent businessman, self-made
• Founded a chain of restaurants in greater Detroit area
• Highly respected in the community, family man
• Deep customer relationship with his bank: personal
and business accounts, commercial and personal
loans, investment services
Risky?
12. https://www.alessa.caseware.com/
• Four-year period: skimmed $20 million in cash proceeds from the
restaurants
• Maintained double set of computerized books – computer generated
• Altered books artificially reduced amount of cash receipts
• Employees converted millions of dollars in cash into cashier’s checks,
sent to people in Lebanon
• Employees converted cash from smaller to larger denominations –
smuggled to Lebanon
• Paid employees in cash
• Strong ties to high-level leaders of Hezbollah terrorist organization
• Currently a fugitive, believed to be in Lebanon
• Wife pled guilty, served 18 months in prison
12
Individual/Consumer Clients: Case Study cont’d
14. https://www.alessa.caseware.com/ 14
Business/Legal Entity Clients – ML Risk
Risk Factor Lower Risk Higher Risk
Ownership Transparent, easily verifiable
Beneficial owners hidden behind trusts or
layers of LLCs/other entities
Entity legal structure
Simple — sole proprietorship, general
partnership, or publicly traded corporation
Complex — less transparency, such as
LLCs, trusts, joint ventures, limited
partnerships
Third party oversight Regulatory or licensing oversight required No independent oversight
Cash Intensive No Yes
Foreign business
activities
None
Extensive, especially involving higher risk
countries
Length and depth of
customer relationship
Over 5 years; multiple accounts &
services
Less than 5 years; one or two accounts
15. https://www.alessa.caseware.com/ 15
Risk Factors: Business/Legal Entity Clients
Risk Factor Lower Risk Higher Risk
Ownership
Transparent, easily
verifiable
Beneficial owners
hidden behind trusts
or layers of
LLCs/other entities
Entity legal
structure
Simple — sole
proprietorship, general
partnership, or publicly
traded corporation
Complex — less
transparency, such as
LLCs, trusts, joint
ventures, holding
companies, limited
partnerships
Third party
oversight
Regulatory or licensing
oversight required
No independent
oversight
• Less transparency/oversight = greater risk
• Money laundering risk associated with certain
entity types and related ownership structures is
based on:
• Ability to disguise human (beneficial) owners
• Potential to hide actual business purpose
and activities
• Lack of external/internal oversight of
business activities
16. https://www.alessa.caseware.com/
Nominee incorporation services (NIS) firms
• AKA corporate formation agents
• Can legally form a business entity in any state
• Provides Resident Agent, mail forwarding,
and “corporate office service packages” -
gives a shell company the illusion of
legitimacy
• Establishes “nominee” officers, directors,
stockholders, or bank signatories - hides true
owners’ identities from public records
16
Red Flags – Ownership/Legal Structure
17. https://www.alessa.caseware.com/
Domicile location - higher risk:
• Not domiciled where business operations
located
• Domicile state known to promote anonymity:
Delaware, Wyoming, Nevada
• Physical address: nominee incorp service?
• Off-shore domicile
17
Red Flags – Ownership/Legal Structure cont’d
18. https://www.alessa.caseware.com/
Cash Intensive Risks
• Ability to easily comingle dirty cash with
legitimate receipts
• Large cash deposits are routine – may be
exempt from CTR reporting
• Examples:
18
Cash Intensive Businesses: Risks
Risk
Factor
Lower
Risk
Higher
Risk
Cash
Intensive
No Yes
Convenience store Car wash Nail/hair salon
Restaurant Private ATM operator Tavern/bar/nightclub
Marijuana dispensary Thrift/retail store Liquor store
Parking lot/garage Money service business Vending company
Pawnbroker
19. https://www.alessa.caseware.com/
Cross border activity
• Export/import businesses: foreign payments typical, especially wire transfer
• Involves frequent transportation of goods across southwest US border – land or air
• Money service business in southwest border region – Casas de Cambio
19
Foreign Business Activities: Risks
Risk Factor Lower Risk Higher Risk
Foreign
business
activities
None
Extensive,
especially
involving higher
risk countries
20. https://www.alessa.caseware.com/
Consider that:
Money laundering:
Introduces criminal $$ into legitimate/respectable business
Uses techniques developed for legitimate business purposes
Uses service providers: attorneys, accountants, financial advisors
The more profitable organized crime becomes, more important to shift profits
into legitimate activities
Conclusion: “Family owned and operated” respectability now a red flag
Closely-held entity with few or no controls/oversight
Money laundering & fraud increasingly committed through:
Legit businesses with strong reputations
Traditional or well-respected industries
In perceived “safe” rural/small urban areas
20
The “Respectability Factor” and Customer ML Risk
The perfect hiding places for illegal activities?
21. https://www.alessa.caseware.com/ 21
Business/Legal Entity Clients: Case Study
CATT International Inc.
• Yuma, Arizona
• Husband and wife team with two other employees
• Cattle broker: arranges for live cattle to be driven from
Chihuahua, Mexico into the US.
Chihuahua:
• Just south of New Mexico/Texas
• Largest cattle producing state in Mexico
• Major center of the illicit Mexican drug trade
• Ciudad Juarez: heavy drug cartel violence;
political/law enforcement corruption
22. https://www.alessa.caseware.com/ 22
Business/Legal Entity Clients: Case Study #2
Business model:
• Individuals in Mexico paid a per-head fee to drive herds into US
• Payments: $10,000 to $20,000 per person
• US dollar wire transfers through Mexican casas de cambio
• Report gross income of $20 million + annually
What makes this small, “family owned” business a high-risk
customer?
• Massive cattle herds - convenient vehicle for drug smuggling?
• Business dealings primarily with unidentifiable Mexican
individuals
• Large payments through Mexican casas de cambio
• High-intensity drug trafficking region
23. https://www.alessa.caseware.com/
Length of customer relationship to the institution: risk mitigator
• Established pattern of normal activity
• 5 years is a common threshold
Individuals: Two or more unrelated individuals are owners or
authorized signers
• Possible funnel account
• Potential indicator of human trafficking or elder abuse
23
Customer Relationships and Risk
24. https://www.alessa.caseware.com/ 24
Customer Relationships and Risk cont’d
Businesses:
• Look for hidden connections:
Bob
Smith
Logistics
LLC
Salon Pro
LLC
NuChem LLC
Magic Nails
LLC
Speedy
Cleaners LLC
LoDo
Trucking Inc
100%
100% 100%
Customers:
Not Customers:
Not a Customer:
• Foreign subsidiaries, parent or affiliates – in what countries
25. https://www.alessa.caseware.com/
• Keep the customer risk scoring model as simple
as possible
• DOCUMENT the how/why of your model
• Educate front line staff
• Ensure customer information and resulting risk
factors are regularly updated
• Customer risk profiles: continuously evolving
• Address change
• Ownership change (business)
• New foreign payment sources/destinations
• Changes in behavior
• SAR filing
25
Concluding Comments
26. https://www.alessa.caseware.com/
• Use technology built into your AML systems –
machine learning
• No one risk factor exists in a vacuum
• Risk profile has limited value unless consider
customer behavior as well
26
Concluding Comments