Anti Money Laundering - Global Survey 2007 - KPMG

FORENSIC
Global Anti-Money Laundering

Survey 2007
How banks are facing up to the challenge
A DV I S O RY
Global Anti–Money Laundering Survey 2007 3
Contents
Foreword 4
Executive Summary 7
Detailed survey findings 11
- 1. The role of senior management 11
- 2. The costs of AML compliance 14
- 3. AML policies and procedures 19
- 4. Formal testing and monitoring
of AML systems and controls 21
- 5. Risk-based approach to Know Your
Customer activity 24
- 6. Politically Exposed Persons 29
- 7. Transaction monitoring 33
- 8. Training 39
- 9. Attitudes towards regulation 43
- 10. Sanctions compliance 46
Concluding remarks 50
Regional perspectives 51
© 2007 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. All rights reserved.
4 Global Anti–Money Laundering Survey 2007
Foreword
Estimated money laundering flows are reported to be in excess

of US$1 trillion being laundered every year by drug dealers, arms
traffickers and other criminals1. Recent years have seen rapid
change in the financial services industry and growing regulatory
expectations and pressures. Combating money laundering and
terrorist financing continues to be a major challenge for the banking
sector, as gatekeepers to the legitimate financial system.
Given this backdrop, KPMG International have become more complex, there • In addition to the wider regulatory
commissioned this Global Anti-Money is greater investment in emerging changes, there have been
Laundering (AML) Survey to build on markets, the amount of privately enhancements in AML standards
the findings from our last survey in held wealth has vastly increased, specifically, with changes in the
2004. Three years on, we have sought and all alternative asset classes requirements of the Financial Action
to establish whether the significant have undergone significant growth. Task Force (FATF) and Wolfsberg
changes in the financial and regulatory These structural changes have deep Group, together with new
environment have led to increased implications for how banks tackle legislation at the national and
focus on AML and new and improved the challenges of AML and counter supranational level (including the EU
ways of tackling the challenge. Our terrorist financing (CTF). Third Money Laundering Directive).
survey shows how significantly banks There has also been tougher
have responded to this challenge • At the same time, banks have had enforcement of AML requirements,
– in increased investment, senior to come to terms with significant particularly in the U.S. but also
management focus, and cooperation regulatory change across all of their internationally, reinforcing the
with governments, regulators and law activities and operations globally. This message that money laundering
enforcement. Despite this good intent includes legislative changes (for remains a key priority for banks.
and strong commitment, many banks example, those stemming from
continue to struggle to design and Basel II) but also increased focus on Our survey points towards significant
implement an effective AML strategy, the wider responsibilities of financial investment and improvement in the
and they believe that much more needs institutions, and development of the AML systems and controls
to be done internationally to combat right regulatory framework to deliver environment within individual financial
money laundering more effectively. the outcomes governments and institutions, together with an
regulators seek. This has led to understanding and commitment to the
Since our last survey in 2004, there has stronger emphasis on corporate role banks have to play in the overall
been unprecedented change in the governance and senior management AML and counter-terrorism effort.
financial market place and the regulatory accountability, and has led some However, there is also more to be
environment, key developments include: governments, in particular the U.S. done to make the financial system less
government, to seek to apply their vulnerable to money laundering and
• Banks have a more international standards globally through the terrorist financing. For banks, this
footprint, markets and products extra-territorial reach of U.S. law. means greater focus on the
effectiveness of their AML and CTF participants in the survey coming from Our first Global AML Survey in 2004
strategy, systems and controls. For the these countries and more analysis of was extremely well received by the
government, regulatory and law the underlying results. We have also industry, and helped to provoke
enforcement community, it means added sections on each region to discussion and debate among banks,
greater partnership with banks, explain how the survey results relate practitioners, regulators, governments
including clearer and better information more directly to them. and law enforcement alike. We believe
sharing. There are already signs of that this survey is one of the most
progress, with banks and the public All of this should help our firms’ clients detailed and authoritative reports on
sector moving in the right direction, and regulators to benchmark banks’ AML systems and controls undertaken
but it will be important for this AML systems and controls against in the market place, and we hope that
momentum to be maintained. trends, peer comparisons and you will take this opportunity to consider
opportunities in a more precise way. how to respond to the challenges in
Set against this background, we are Likewise for law enforcement and today’s financial services industry.
pleased to publish KPMG Forensic’s policymakers, the survey aims to
second Global AML Survey. Reflecting provide an insight into how the industry We would like to thank all the 224
the themes that have driven financial is embedding new requirements and banks and senior executives that
markets in the past three years, our provides some thoughts for future AML participated in the survey.
survey this year has looked in greater policy direction.
depth at emerging markets, with more
Brendan Nelson Karen Briggs

Global Chairman Global Head of AML
KPMG Financial Services KPMG Forensic
224 respondents overall,
up from 209 in 2004
Over 25% of the top 250
banks represented
55 countries covered
60% of the banks surveyed
were multi-national
Executive Summary
KPMG’s Global AML Survey 2007 explores the range of challenges that
banking institutions face in complying with global AML requirements.
We have used the same methodology as the 2004 survey, to ensure
comparability of results over the intervening three years.
KPMG International commissioned RS The survey covered the following topics:

Consulting, an independent research 1 The role of senior management in AML issues
agency based in the United Kingdom,
2 The costs of AML compliance
to conduct a telephone survey of banks
across the major sectors (retail banking, 3 AML policies and procedures
corporate / business banking, private 4 Formal monitoring of AML systems and controls
banking, investment banking and
5 Taking a risk-based approach to ‘Know Your Customer’ activity
wholesale banking). These banks were
drawn from the top 1,000 global banks 6 Politically Exposed Persons
by tier 1 capital, and the caliber of 7 Transaction monitoring
respondents was high, with job titles
8 Training
ranging from Group Money Laundering
Reporting Officer (MLRO) to Head of 9 Attitudes towards regulation
Legal and Head of Risk. Details of the 10 Sanctions compliance
survey methodology are in Appendix I:
Survey Methodology
Strong senior management interest in AML is directed towards The main drivers of the past and future
engagement in AML efforts ensuring systems and controls are increases in costs continue to be
Banks in our survey reported that senior effective in practice. transaction monitoring and staff training,
management were more engaged in consistent with the 2004 survey. As
AML issues than they had been in 2004, AML costs have grown well beyond banks develop more risk-based AML
with the percentage of respondents expectations programs, the pressure will be to focus
reporting that their senior management Average AML costs were reported by on using resources within compliance
and their board of directors take an the participants in our survey to have effectively and efficiently, and this may
active interest in AML increasing increased by 58% over the last three involve considerable reallocation of
by 10 percentage points to 71%. years. This was more than banks had resources within compliance as well as
The result reflects a mix of regulatory expected when we carried out our 2004 cost reduction through outsourcing,
and international pressure on senior survey - at that time, banks predicted offshoring or centralization of AML
management to take responsibility for costs would only rise by 43% over the functions.
the full range of risks in their business, following three years. Despite the
including compliance, as well as unexpectedly high increase in AML Setting a global standard
continued focus on counter-terrorist costs, respondents anticipate that With growth in the proportion of income
financing. As the financial services growth will slow, with banks predicting derived from international business,
industry becomes more complex, and an average increase of 34% in AML banks have become more global in their
AML risks become more pressing, it will costs over the next three years. approach to managing AML risk. Nearly
be important that this heightened 85% of internationally active banks
reported that they had a global AML policy More focus on Politically Exposed Vigilant staff are the first line of
in place. As ever, though, the challenge Persons (PEPs) defense but focus is now on
is to ensure effective implementation Increased regulatory and industry focus effectiveness of training
of policies at the local level. has led more banks to seek to apply The proportion of banks training over
additional scrutiny to PEPs. In our 2004 60% of their staff has grown by
More monitoring and testing of AML survey, a surprisingly low number of 9 percentage points since 2004, with
systems and controls banks performed enhanced due face-to-face training, the most
Greater regulatory focus on governance, diligence on PEPs at account-opening commonly used mechanism and the
and the resulting increase in the (55%); this year, the figure has increased method regarded as the single most
accountability of senior management to 81%. Moreover, significant numbers effective. Banks continue to report that
for AML, appears to have driven up of banks have put in place specific properly trained staff is the best AML
the amount of independent monitoring procedures to identify and monitor PEPs control, and this is reflected in continued
and testing of AML systems and on an ongoing basis (71% of all banks in high spending on training programs.
controls. More banks report that they our survey). However, with no universal
have a monitoring and testing program definition of a PEP, there are likely to be The regulatory focus now is moving to
in place, and banks report that a wider substantial differences between the effectiveness of all this training, with
range of functions within their individual banks’ interpretation of the pressure to implement more tailored
organization are involved in this. The key requirements in practice. With greater training and testing, and evidence that
to successful testing and monitoring, sensitivity to the reputational staff have the level of AML understanding
however, relies on a strong drive from consequences of dealing with PEPs, they need to carry out their role.
senior management as well as effective banks are likely to be under pressure
and timely follow-up and feedback of to examine how robust their procedures Broad-based support for regulatory
improvements into current systems for PEPs really are. This is even more AML efforts, but more needs
and controls. relevant in markets where business to be done
and politics are closely intertwined. The survey shows continued support
Broader acceptance of a risk-based for global AML efforts by regulators,
approach Continued strong investment in governments and law enforcement,
Our survey shows an increase in the transaction monitoring with 93% of banks saying the burden of
number of banks using a risk-based Virtually all respondents rely heavily on regulation is either acceptable or should
approach to determine the level of due their people to spot suspicious activity, be increased. However, a 51% majority
diligence performed on clients at and with banking becoming more of banks still believe that AML regulation
account-opening stage (‘Know Your electronically based, many are investing could be focused more effectively,
Customer’ or KYC processes). In in sophisticated IT monitoring systems. through clearer legislation, better
addition, a wider range of risk factors Transaction monitoring continues to be feedback to the industry and a greater
are taken into account than was the the single greatest area of AML endorsement of a risk-based approach.
case in our 2004 survey, recognizing expenditure for banks, and is expected While some banks have called for wider
the evolving international best practice to remain so over the next three years. acceptance of a risk-based approach to
in this area and greater focus on Despite this, many banks want to AML, there is concern over whether
reputational risk among banks. Going improve the quality of their transaction regulators are willing to accept all of the
forward, banks in many regions are likely monitoring, with many looking to invest consequences that flow from this. Even
to be under pressure to extend a risk- in enhancing system capacity, so, banks, governments, regulators and
based approach to other areas of their functionality and coverage. Banks need law enforcement agencies are united in
AML strategy and – where they are to understand, however, that IT seeking more collaboration and
given more flexibility in the design of systems are only one component of an information-sharing although banks are
AML processes – they will be under effective AML strategy and that they uncertain as to how such a public-private
pressure to document the rationale for are no substitute for well-trained and partnership will really work in practice.
their approach so that they have an audit vigilant staff.
trail for the decisions they have made.
Sanctions compliance a key of complying with sanctions rules that some of the more high-profile
challenge for banks are detailed, complex and potentially examples). Banks may also find it
Sanctions compliance was a major broad in scope. A particular challenge challenging to adapt to many of the key
driver of AML costs over the past three is the design and implementation of a changes that are taking place in the
years, being ranked the third greatest sanctions compliance program that can financial services market, with
area of AML expenditure after transaction support this goal. increased product complexity, greater
monitoring and staff training. This involvement with emerging markets,
reflects increased focus on counter Looking ahead and integration of mergers that have
terrorism, the long arm of the U.S. law, The survey results show significant taken place on a new scale. All of these
and growth in the number of lists that investment in AML systems and mean future challenges in relation to
banks need to monitor against, as well controls, and increased engagement AML compliance going forward.
as the tougher enforcement of sanctions from senior management. The challenge
requirements by regulators. Despite the for many banks will be to maintain this Overall, although much has been
progress made so far, there is more to focus as they enter a new phase of achieved, there is still much to do to
do in this area, as banks work to regulatory initiatives (Basel Il, EU make the financial system more robust
ensure they design operational regulatory change and the extra in the fight against money laundering.
processes that are equal to the task territorial effects of U.S. legislation being
Compliance starts at the top. It will
be most effective in a corporate
culture that emphasises standards
of honesty and integrity and in
which the board of directors and
senior management lead by
example. It concerns everyone
within the bank and should be
viewed as an integral part of the
bank’s business activities. A bank
should hold itself to high standards
when carrying on business, and at
all times strive to observe the spirit
as well as the letter of the law.
Basel Committee on Banking Supervision, ‘Compliance
and the compliance function in banks’, April 2005.
Detailed survey findings
1. The role of senior management

AML remains a high priority formally discussed AML issues at least High-profile enforcement
for senior management quarterly, with an additional 25%
AML remains a high profile issue for saying they did so at least monthly. action, regulatory emphasis
the senior management of banks globally. on senior management
In our 2007 survey, 71% of banks The increased profile of AML as an
reported that their most senior levels
accountability, legislative
issue is part of a broader shift in the
of management – including their boards governance of the world’s major banks, change, and increased
of directors – take an active interest in with boards of directors being held business with countries
AML compliance, up from 61% in our more directly accountable by
2004 survey. Of the remaining banks, shareholders and regulators for the full
with higher AML risk has
the majority stated that senior range of risks run by their banks. pushed AML up the senior
management took “some interest”
in AML issues.
management agenda
However, anecdotal evidence suggests
that it may also reflect the extra-territorial
Only 1% of banks reported that senior effects of U.S. legislation. The U.S.A.
management took little interest in the PATRIOT Act 2001 requires due
subject. diligence, and in some cases enhanced
due diligence, for correspondent
Moreover, over 40% of respondents banking relationships and international
said that their main board of directors private banking customers. The practical
Figure 1
Profile of AML at senior management level
% of respondents
(Percentages may not add up to 100% due to rounding) Source: KPMG International, 2007
effect of this is to require the international Responsible and accountable of the risks in their business, rather
community to provide information Since our last survey in 2004, AML than by meeting multiple rules. This
sufficient to meet U.S. standards, controls have not only remained a high raises difficult questions about the
which in the case of high risk profile issue for senior management, level of engagement that regulators
correspondent banking clients may but have become more so. expect senior management to have
include providing information on the
in each of the processes underlying
client’s customers.
Many regulatory regimes have for a this approach, from risk assessment
long time imposed potential personal through to design, implementation,
Within the global results, a marked shift
liability on directors of banks for monitoring and oversight of controls.
has taken place in the Asia Pacific
region. This year, 72% of banks reported shortcomings in systems and controls,
that senior management took an active including AML. As the FATF recommendations, which
interest in AML, up from only 49% in form the bedrock of global anti-money
2004. This appears to be a response to However, the responsibility of senior laundering standards, have moved
increased regulatory focus in the region, management for AML controls is likely toward a risk-based agenda, many
and new legislation introduced or to become more real, and less regulators are moving in the same
implemented in several countries, abstract, as global regulation moves direction, including those in the EU
including Australia, India and China. towards more principles-based and and Australia.
risk-based approaches.
Terrorist financing continues to be an One of the clearest examples of
area of focus for senior management, At the core of the principles-based principles-based regulation and
regulators, law enforcement and approach is the obligation for senior strongest endorsements of a risk-
governments, and the issues and management of banks to meet based approach has been in the UK,
challenges arising from this have been high-level regulatory objectives using where the Financial Services Authority
closely bound up with AML issues. their own judgment and evaluation (FSA) has replaced fifty-seven pages
of detailed AML rules with two pages In addition, a number of high-profile reviews, and in the indirect costs
of principles, backed up by industry AML and sanctions enforcement cases of management distraction. This points
guidance. Both the new material from in the U.S., and outside the U.S. by U.S. to the need for senior management
the Financial Services Authority and regulators, have concentrated senior to focus not just on the costs of AML
the industry guidance (the Joint Money management’s attention on the compliance, but the associated risks
Laundering Steering Group guidance reputational, legal and financial risks if they fail to meet regulatory
notes) place particular emphasis on the of AML violations. In addition to fines, expectations in respect of AML policies,
responsibility and accountability of the costs of remediating deficiencies procedures, culture and oversight.
senior management for AML systems are high, in terms of the direct costs
and controls. of new systems, training, “look-back”
KPMG comment
Setting the tone from the top to take responsibility for financial involved in each of the processes that
Senior management has a critical role crime risk (including AML), and underpin the bank’s AML strategy,
in managing an institution’s AML risk, ensuring the audit committee is from risk appetite, through to policy
and with increasing focus on sufficiently focused on AML as design, implementation and ongoing
reputational risk, senior management an issue. monitoring.
have taken on board the need to set
the right tone at the top of the bank • They have to align incentives for staff There are additional complications for
and push this down throughout the to ensure better direct management internationally active banks in defining
organization. A number of steps may be of AML and compliance risks. which layers of senior management
necessary for this to happen in practice: need to be involved in the bank’s AML
• They also need to foster a culture strategy, with regulatory obligations
• Senior management have to be of cooperation between the various attaching to senior management in the
visible in the AML process, through functions within the bank, and in local region, but also board
communications to staff, in-person particular between the front-office responsibility for the bank’s global AML
or video introductions to training and compliance, so that there is approach. In a number of instances,
sessions, and ongoing awareness proper dialogue between them, regulators are focusing on AML risk in
and sensitivity to AML issues. clear accountability for tasks, and a the branches of the global banks that
heightened willingness to cooperate operate in their country, and this raises
• They have to articulate an approach and assist one another in combating particular risks where deficiencies in
to compliance, including AML money laundering. AML controls have resulted from the
compliance, that focuses on absence of a clear articulation of the
substance over form – making sure The strong impact senior management responsibilities of local and global
that employees follow the spirit as can have on an organization’s culture senior management.
well as the letter of policies and means that regulators internationally
procedures. are becoming more focused on the Senior management at the global level
attitude and approach taken by them should ensure that there is clear
• They must put in place the towards risk management, including accountability throughout the
appropriate corporate governance compliance risk and AML risk organization for AML compliance,
mechanisms to ensure effective management. The challenge for banks and that there is effective oversight
management of AML risk. This is how to engage with regulators on and cultural sensitivity to AML at all
means training for the board of these issues, in particular identifying levels of the bank.
directors, nominating a director what level of management needs to be
2. The costs of AML compliance
Costs are up substantially, AML costs far exceed expectations and regulatory changes in the U.S., and
With growing regulatory expectations the wider impact of the extra-territorial
far more than participants and strong demand for experienced provisions of U.S. law around the world.
in the survey anticipated in compliance professionals, the costs
2004. As costs continue to of AML compliance have increased In many regions, the rate of growth is
substantially over the past three years surprisingly consistent in the 2004 and
increase, there will be
– well ahead of the expectations of the 2007 surveys, implying that AML costs
pressure to innovate and banks that we surveyed in 2004. At that may continue to grow at a similar rate
streamline costs through time, banks predicted that their AML (see figure 3 on page 15).
outsourcing, offshoring and costs would rise by 43% over the
following three years; our survey this Despite the strong, sustained rate
process re-engineering year shows banks reported that their of growth in AML costs, banks
actual costs had increased by 58% over internationally continue to predict that
the period. costs over the next three years will
grow at a slower rate, and are even
Unsurprisingly, the regions that recorded more optimistic about the anticipated
the highest increase in costs were slowdown in costs than they were
North America and the Middle East / three years ago (in 2004, banks
Africa. This reflects the significant legal expected the growth rate to fall by
Figure 2
Banks’ estimates of average % increase in AML investment over the past three
years and the next three years
% increase in AML investment
Source: KPMG International, 2007
18 percentage points; this year they to the degree of optimism in their necessarily be well positioned to
expect the growth rate to fall by 24 compliance budgets going forward. consider how they can better apply their
percentage points). resources to focus on the major areas
The difficulty of estimating AML costs of AML risk. Although there may be
North American banks were particularly is that cost may be spread across many difficulties in identifying and quantifying
optimistic in 2004, and remain so in different functions (operations, all of the drivers of AML costs, there
2007. In our last survey they reported compliance, risk) or regions, involve can be ancillary benefits to doing so.
that, despite a 66% rise in AML costs direct and indirect costs, and overlap It can, for example, improve a bank’s
over the previous three years, they with processes that are embedded in understanding of the full range of AML
expected the rate of growth for the next normal business practice (e.g. credit risk processes that exist across its
three years to slow to 46%. The actual or customer relationship management). organization and - through this - can
rate of growth according to our 2007 These factors, together with the highlight enhancements required in
survey was closer to 71%, and these unexpectedly sharp increase in AML processes, unjustified variations in
banks, in spite of under-estimating costs costs over the past three years, meant these, or learning points that can be
in 2004, still expect the growth rate to that a substantial proportion of applied elsewhere in the bank.
slow over the next three years to 28%. respondents felt unable to predict their
future AML costs (10% of respondents).
This points to the need for banks in this
region in particular, and banks Where banks are not aware of the full
internationally, to give careful thought costs of AML compliance, they may not
Figure 3
Banks’ estimates of average % increase in AML investment over the past three
years, 2004 and 2007 surveys
2004 2007
Estimate of increase Estimate of increase
in AML investment in AML investment Increase / decrease
over prior three years over prior three years (percentage points)
Total 61% 58% -3%
Europe 63% 58% -5%
North America 66% 71% 5%
ASPAC 36% 37% 1%
C/S America / Caribbean 73% 59% -14%
Russia / CIS 66% 60% -6%
Middle East / Africa 68% 70% 2%
Source: KPMG International, 2004 and 2007
Areas of greatest AML expenditure to existing systems, and the provision

The AML activities requiring the largest of additional tailored training to staff.
investment over the previous three
years have not changed markedly from As in 2004, we asked banks to estimate
2004, with transaction monitoring and their absolute costs of AML compliance.
training topping the survey. Sanctions Not many respondents felt able to do
compliance was a new activity included this, and the few estimates that we
in this year’s survey, and it has already did receive seemed to be fairly low,
been ranked as the third largest area suggesting that perhaps these banks
of expenditure over the last three years. had only included the direct costs
of AML compliance. This helps
The drivers of higher expenditure appear to underscore the difficulties of
to be greater expenditure on transaction estimating the wide range of costs
monitoring capabilities and upgrades associated with AML compliance.
Figure 4
Banks’ estimates of greatest additional AML spending over the last and next
three years
Score out of 5 Source: KPMG International, 2007
Outsourcing or offshoring range of different functions involved had never considered either or had
of AML functions in AML processes. This makes it more considered and rejected doing so.
As banks review their costs, a topical difficult to coordinate outsourcing or This is likely to be because many
issue is the use of outsourcing or offshoring projects, and may also mean of the countries in these regions are
offshoring. Internationally active banks that no single function has the ability themselves low cost centers, and
appear to have been reluctant in the to begin such a project on their own therefore the relative attractiveness of
past to consider moving AML initiative. outsourcing or offshoring is diminished.
functions offshore or to a third party.
This reluctance appears to stem from Within the global result, banks from Where banks have outsourced or
legitimate concerns among banks the North Americas reported a slightly offshored AML functions, our
about their accountability for a higher willingness to consider or use understanding is that functions have
function they may cease to have day- outsourcing or offshoring as a solution mainly moved to low cost centers in
to-day control or oversight over. (13% of banks had outsourced or Asia, and so far have consisted of
offshored some AML functions, and ‘vanilla’ AML processes, for example
Globally, 73% of banks reported they 20% were considering doing so, or had initial KYC gathering or initial screening
had never considered the outsourcing considered doing so but put their plans of transaction monitoring reports to
or offshoring of AML functions. on hold). clear ‘false positives’.
As well as concern over potential loss ASPAC and Russia & CIS were the two
of control, the low number of banks regions with the least appetite to
that have outsourced or offshored AML consider outsourcing or offshoring:
activities may also reflect the wide 94% and 95% of banks respectively
Figure 5
Consideration of outsourcing or offshoring of any AML functions
% of respondents
KPMG comment
Understanding AML costs Without this focus on costs, banks risk gathering. In general, banks have had
and processes losing many of the opportunities more success where they have moved
Banks have long been applying Activity offered by process improvements AML functions along with
Based Costing and Six Sigma techniques made elsewhere in the bank, for accompanying operational processes,
across a range of functions to identify the example, the benefits of increased rather than AML functions in isolation.
drivers of costs and embed operational automation of payments processing But it is important to recognize that
effectiveness. However, this does not are undermined if AML controls within banks retain ultimate responsiblity
appear to have happened often in relation the process continue to be manual and for AML risk irrespective of where
to compliance or AML, perhaps because cause downstream disruption. processes are based. Accordingly,
of the complexity of the exercise, or in practice, many banks are moving
because of the mandatory nature of However, as other functions have been toward a ‘global’ or ‘group’ AML and
these functions. In practice, though, outsourced or offshored, some banks financial crime function which operates
banks have discretion over how they have had success in moving as a ‘center of excellence’ in providing
direct their resources, and there are steps components of the AML process as proactive AML risk management.
they can take to improve efficiency and well, for example alerts management
effectiveness. or customer due diligence data
Streamlining of AML processes
Outsourcing /
Offshoring
Shared Service
Centers
Over time, globally active banks may move

towards a combination of Shared Service
Centers and outsourcing or offshoring.
Diverse AML
processes
spread over Most banks are at a stage where diverse AML processes are
multiple locations spread over multiple locations, or some combination of this
and Shared Service Centers
Time
3. AML policies and procedures
Increasing use of global AML policies In making decisions about which Growing ‘internationalization’
and procedures approach to adopt, banks need to balance
As capital flows have become more the simplicity of a single set of global of banking is pushing
international and cross-border mergers policies and procedures against the institutions towards the
and acquisitions of banking institutions potential competitive disadvantage of
have driven consolidation in the industry, applying higher standards in local markets
use of global AML policies
banks must assess whether to apply around the world. Our survey results, to ensure they manage
a single set of AML policies and however, suggest that, in general, their AML risk using a
procedures across borders. We asked concerns about the potential reputational
banks which of three approaches they damage of inadequate AML policies and consistent and
used to set their policies and procedures: procedures has led most banks to adopt comprehensive approach
a global approach, a local approach, global minimum standards.
or some combination of the two.
There are, however, regional variances
Nearly 85% of internationally active in the results. Notably, banks from North
banks reported that they had a global America, Europe and Russia & CIS all
AML policy in place, up from 83% in our have a strong bias towards global policies
2004 survey. Whilst this is a relatively and procedures, even if in some
modest increase, it is from a high base, instances detailed procedures are set
and reflects growing acceptance and at a local or regional level.
adoption of international best practices.
Figure 6
Statement best describing respondents' AML policies and procedures
(excluding respondents only operating in one country)
In the case of the U.S., it is apparent implemented outside the home country. By contrast, significant numbers of
that all internationally active banks have It may also reflect the fact that a banks in the Middle East and Africa
a global component to their policies common legislative framework applies regions have adopted a “local approach”
and procedures, reflecting the need in Europe and so many of the European to setting AML policies and procedures.
to implement the extra-territorial respondents may find it feasible and There is a reluctance among banks in
components of domestic legislation economic to implement one set of the region to suffer competitive
on a global basis, principally the Office global policies and procedures. disadvantage by voluntarily adopting
of Foreign Assets Control (OFAC) higher AML standards than is required
requirements and the requirements In Russia, a very high proportion of by law, as well as less focus among the
of the U.S.A. PATRIOT Act 2001 with banks reported using global policies regulatory community in pushing banks
respect to, for example, correspondent and procedures. This is likely to reflect towards global policies. In some
banking and international private regulatory pressure, where AML instances, the standards set by a bank’s
banking relationships. policies need the approval of the local home regulator may not be appropriate
regulator (the Central Bank of Russia, for ‘export’ to other markets in which
In Europe, there appears to be a greater or CBR) and a number of banks have had, the bank operates. This may be because
willingness to apply global policies and and continue to have, their banking they are not sufficiently demanding for
procedures on a more consistent basis, licenses revoked for failure to comply use in other countries, or are too heavily
with less delegation to local operations. with AML regulations. Whilst there is no influenced by local factors.
This is likely to reflect the high-level, requirement to have a global policy, it is
principles-based nature of AML a common way for banks in the region
requirements in this region, which makes to demonstrate that their approach to
it easier to design policies and AML is comprehensive and aligned with
procedures that are flexible enough to be regulatory expectations.
KPMG comment
Operationalizing a risk-based approach they have followed in setting policies in to the bank’s services in other
through global policies their organization so that they can explain countries or regions without meeting
Global banks face significant challenges to regulators and internal stakeholders the AML requirements that are
in developing and operationalizing their what approach they have taken in each necessary in those parts of the world
risk-based approach across multiple country, and why. This is particularly (whether required by local regulations
business units and territories. There is important as a line of defense when or by the bank’s global policy).
also a real need for banks to fully regulatory expectations change in a
articulate their risk-based approach, country or region without any formal Banks also need to focus continually
including how the specific risk appetite changes to rules or legislation. Where on the effective implementation of
of the bank has driven the design of the banks are able to explain what approach policies and procedures. Regulatory
model. Much of the experience gained they have taken, and why, this can form action can equally be taken where
by banks in developing their operational the basis for an informed discussion with banks have not applied policies and
risk program under the requirements of the regulatory community and an procedures consistently, rather than
Basel ll could also be leveraged in enhanced ability to avoid gaps emerging failed to design any in the first place.
developing a comprehensive top-down, between regulatory expectations and the In practice, this means focusing on the
bottom-up approach to designing and bank’s actual AML practices. realities of implementing the policies
operationalizing an effective AML risk- and procedures, such as the clarity
based approach. In addition, some banks Documentation of local deviations to of the policies for employees, training
may find it useful to assess the extent to global policy is particularly important to and communicating the policies and
which the risk of an AML failure has help ensure a common understanding procedures, and the application of
been reflected within the operational risk across the organization of the policies these, i.e. how easily and quickly
model of the bank. in place in each country or region. employees can follow processes
Without this, there is a risk that clients in practice, as well as monitoring
Throughout this process, banks need to accepted into a part of the group with effectiveness on a regular basis.
document carefully the thought process lower KYC standards can gain access
4. Formal testing and monitoring

of AML systems and controls
Eighty-three percent of banks in the undertook formal testing of their AML The drive among regulators
survey formally test and monitor the systems and controls, despite this
effectiveness of their AML systems being a requirement of the U.S.A.
and senior management to
and controls PATRIOT Act 2001 (in 2004, the challenge banks’ control
Greater senior management and comparable figure was 91%). functions to demonstrate
regulatory focus on AML has
As with the previous survey, the the effectiveness of AML
heightened the relevance of formal
and independent testing of the
European figure appears low, with systems and controls has
only 70% of banks reporting that
effectiveness of AML systems and
they had formal testing or monitoring
led to an increase in both
controls. Our survey reflected this, the amount of testing and
of their AML controls. However, this
with the overwhelming majority of
banks reporting that they had a formal
masks variations in the different monitoring taking place and
countries within Europe.
program of testing and monitoring the range of control
of their AML systems and controls.
One hundred percent of respondents
functions involved
The results show an increase in the in 10 European countries (including
amount of testing and monitoring France, Ireland, Spain and the U.K.) had
undertaken by banks since the 2004 formal testing in place, but a number
survey (83% of banks versus 75% in of major European constituents had
2004). The surprising figure is that only lower percentages (for example,
92% of U.S. banks reported that they Germany 38% and Switzerland 50%).
Figure 7
Respondents with a formal program for testing and monitoring
the effectiveness of their AML systems and controls
% of respondents
In reading the results, it should be this, they would be broadly in line engaged in client on-boarding and
borne in mind that in Germany, local with other regions. ongoing monitoring; control functions
law requires banks’ external auditors that test the effectiveness of controls
Our survey also showed that a wider
to report on their AML systems and on an ongoing and regular basis; and
range of functions within banks are
controls on an annual basis, and in fully independent control functions that
now undertaking formal testing and
Switzerland there is also a legal review and test controls after the event
monitoring of AML compliance,
requirement for the external auditors (Figure 9).
recognizing the range of functions
of banks to audit AML compliance
involved in AML compliance.
and report to the bank and their local A significant figure in the 2007 survey
regulator annually. is the increase in the amount of AML
Whilst the survey reflects the monitoring carried out by financial
This suggests that banks in these multiplicity of functions with potentially crime or fraud prevention units,
regions may have responded to the overlapping responsibilities with which – although they may not be
question purely in terms of internal respect to AML, it is important to note more independent than compliance
monitoring rather than by reference to that these functions have differing – may nevertheless act as a center
any statutory review work undertaken roles and responsibilities in relation to of excellence for AML and fraud
by their external auditors. If the AML. There are three “lines of prevention. The survey results
European figures were adjusted for defense” in AML compliance: staff therefore reflect a broader trend
Figure 8
Functions with a role in testing and monitoring the effectiveness
of AML systems and controls
(Options are not mutually exclusive) Source: KPMG International, 2004 and 2007
in the industry towards the setting up and attributes brought to bear on the KPMG comment
of a financial crime function with task. This means having the right mix
Taking ownership of AML monitoring
oversight of both AML and fraud, and of independence, timeliness of review,
With such a broad range of functions
in the long-term may come to include proximity to the business, and AML involved in AML monitoring, there is
market abuse. This is consistent with experience to ensure that the key a risk within banks that senior
what is happening in the industry. issues are identified and tackled, and management, and compliance, may
that learning points are fed back into take false comfort in the view that
In Australia, for example, a number operational processes. because the overall quantity of
of banks are considering whether cost monitoring is high, it will be sufficient
efficiencies and reductions in fraud can to prevent any mishaps. The reality is
be achieved by combining AML and that some monitoring may be impaired,
fraud monitoring within one function, whether by lack of independence,
using a common system. infrequency of review, inexperience
of staff, or lack of coordination between
Whatever the approach adopted, the functions with resulting overlaps or
key to effective AML monitoring is to gaps in monitoring. In many instances,
seek to ensure the bank has a range internal audit is the last line of defense
and through their detailed and
of complementary skills, experience
independent review work, weaknesses
in AML controls are often identified
which should have been identified by
other functions at a far earlier stage.
Figure 9
One approach to this problem can be
“Three lines of defense”
to set up a dedicated quality assurance
(QA) team for AML controls, whether
this is situated within compliance or
another independent risk function (such
as a financial crime function). QA teams
can be used to carry out spot checks
on banks’ end-to-end AML control
processes. This means not only
focusing on the common areas for
monitoring such as KYC and client on-
boarding, but also looking at other areas
such as staff training, transaction
monitoring, and sanctions compliance.
Internal audit should be an overlay
to this, not a substitute for it, and
should be able to leverage off work
performed by the QA team in planning
and executing their audit work.
One of the key challenges is finding

suitably skilled and experienced staff.
It requires a detailed knowledge of
AML typologies, controls, and up-to
date intelligence to identify the right
issues and find areas for enhancement
or additional focus.
5. Risk-based approach to Know Your Customer activity
Most banks around the world In our 2007 survey, we asked banks
Enhanced due diligence
apply a risk-based approach whether they used a risk-based
procedures for high-risk at account-opening approach to KYC, and – if so – what
customers is common The requirement to know your risk factors they took into account.
practice, and it is only in a customer underpins global efforts to
counter money laundering, and it is a As in 2004, the majority of banks (86%)
small minority of countries legal requirement in most jurisdictions. employ a risk-based approach, up from
that it has not gained wide When a bank takes on a new 81% in our last survey. These banks are
acceptance. As risk customer, it provides the customer also using a wider range of risk factors
with an entry point to that bank both than three years ago; the broader
approaches have become
locally and internationally. It is acceptance of the wider range of risk
more sophisticated, therefore fundamental that banks factors is encouraging (Figure 11).
however, banks have been understand their customers’
forced to re-visit their circumstances and financial situation A key development in this year’s
and know with whom they are dealing. survey is the higher level of
existing client base and Doing so across a wide customer base consideration given to whether the
upgrade the quality of KYC is logistically challenging, and the customer is a Politically Exposed
information held international regulatory focus has been Person (“PEP”) at account-opening
moving towards encouraging banks to stage. This reflects increasing focus on
apply a risk-based approach to KYC. PEPs in the international environment.
Figure 10
Respondents that employ a risk-based approach at account-opening stage
% of respondents
Figure 11
Factors taken into account by respondents when using a risk-based approach
at account-opening stage
% of respondents with a risk-based approach
(Options are not mutually exclusive) Source: KPMG International, 2004 and 2007
Banks continue to use remediation action, or informal pressure (for example over a longer historical time-period than
programs to ‘backfill’ customer data through the regulatory examination would normally be looked at through
The basic premise of AML is process). The emphasis in the U.S. has, current transaction monitoring
understanding who you are dealing with in the past three years, been more procedures.
and the nature of their business. Risk- focused on transaction “look-backs”, as
based monitoring for unusual or opposed to remediating KYC information We asked banks in our survey if they
suspicious activity must be based on an (which has been mainly a European had an active program to remedy gaps
understanding of what represents trend). Transaction look-backs generally in the KYC information they held on
normal activity for that client. Banks require a bank to review historic existing customers, what approach they
have historically not held very much, transaction data using scenarios or had taken, and if they did not have
if any, information on long-standing parameters agreed and negotiated a remediation program, why not.
customers or groups of customers. with their regulator, with a view to
Banks face a particular challenge in risk investigating and filing suspicious The survey results show a slight but not
assessing existing customers whose activity reports where necessary. significant increase in the number
relationship with the bank pre-dates the These exercises can be expensive of banks engaged in a remediation
introduction of current KYC and and time-consuming, and can also program, although it remains
account-opening legislation and be difficult to perform if gaps in KYC significant that 77% of banks have
guidance. As a result, a significant information mean that the institution a remedial plan in place. In 2004,
majority of banks have set up a program does not fully understand the context 74% of respondents had a remedial
of retrospective remediation to fill in for the transactions their customers program in place. This may help
gaps in their KYC data. In a number of have executed. Look-backs can be to explain in part the unexpected increase
countries, this has been mandated by useful, however, in identifying new in costs of AML compliance that has
the regulatory authorities through a mix typologies of money laundering and/or been cited elsewhere in the survey.
of formal rule-making, enforcement spotting suspicious behavior spread
Figure 12
Respondents with a program to remediate gaps in KYC information held
on existing customers
% of respondents
For the banks that did not have a entire customer base. This year, the respondents only operated in a small
remediation plan, the most commonly figure rose to 83% of banks performing number of countries and so had no
cited reason was that they did not have a remediation program, with 40% experience of operating in jurisdictions
sufficient gaps in their KYC information carrying this out across their entire outside of this.
to warrant remedial action. The second customer base. Of the remaining
most commonly cited reason was the banks with a remediation program The main countries or regions in which
absence of legal or regulatory pressure 55% of banks now report they use a respondents reported the greatest
to do so (Figure 13). risk- based approach, and 5% report difficulties obtaining KYC information
they only gather more KYC information were the Cayman Islands, Russia, and
We also asked banks to specify what when a customer opens a new Eastern Europe. In relation to Russia,
methodology they had adopted for account or transacts new business. this is likely to reflect known issues
remedying gaps in their KYC surrounding the wide use of shell
information. This showed a broad range We also asked respondents what companies, and the difficulties of
of approaches being used, as in our issues they encountered in gathering identifying the beneficial owners of
2004 survey (Figure 14 on page 28). KYC information from customers. these. The U.S., Switzerland and Middle
Over 30% of banks reported difficulties East were also cited by some
The main change since our 2004 in obtaining information in particular correspondents as being difficult regions
survey is the shift in approach used by countries or regions. to obtain KYC information, although to a
banks from the ‘Central & South lesser degree, again reflecting difficulties
America and Caribbean’ region. In The responses overall did not single in obtaining beneficial ownership
2004, 73% of banks in the region out any specific jurisdictions as being information and/or wider bank secrecy /
reported that they were performing a uniquely difficult, but this is largely data protection concerns.
remediation program across their because a significant proportion of
Figure 13
Respondents’ reasons for not having a remediation program in place
% of respondents without a remediation program
(Options are not mutually exclusive) Source: KPMG International, 2007
Note: One hundred percent of banks in Russia & CIS reported having a remediation plan and so do not appear in the above table. Note also that relatively few banks
responded to this question (the majority of banks had a remediation program in place), and so the percentages given are from a low base. Respondents citing another
reason or ‘don’t know’ have been excluded.
Figure 14
Respondents’ approach to remediation
% of respondents
KPMG comment
The challenges of applying a risk- disciplines to bear on AML issues, as KYC data, with many banks under-
based approach well as focusing on the outputs of their estimating the complexity, time taken
Our survey has focused on the AML processes and not just the inputs. and cost of the exercise. It also reflects
application of a risk-based approach to In jurisdictions where senior the fact that banks are not only seeking
client on-boarding and KYC, but the management are given greater flexibility to fill gaps that have arisen because
challenge is to apply this to all of the by the regulator to set their own risk- regulatory requirements have increased
components of AML systems and based processes, they will be under since an account was opened; they are
controls including training and pressure to create an audit trail for their also having to fill gaps left by poor
compliance monitoring. As in the early thought processes, and document the application of the bank’s processes that
stages of the development of operational rationale for the approaches that they have been in place since regulatory
risk frameworks, it appears that banks in have adopted. requirements changed. This points to the
many regions are in a situation where need for banks to plan carefully for any
they are not able to articulate the linkage A particular area in which banks have remediation program. There are potential
between the institution’s risk appetite used a risk-based approach has been cost savings and operational synergies
and the risk-based approach adopted for filling in gaps in their KYC information for those who tackle the task in discrete
AML. This may be exacerbated by the through remediation programs. Our stages, prioritized according to the level
challenge of balancing absolute AML survey this year showed approximately of risk associated with those client
legal requirements with desired best the same proportion of banks had a accounts, as well as anticipating and
practices. Banks need to focus more on remediation program in place as in 2004 planning for future AML challenges.
these areas, and bring some of the rigor (77% of all banks in our 2007 survey).
of operational risk techniques and This reflects the challenges of backfilling
6. Politically Exposed Persons
Increasing numbers of banks have Across all banks, irrespective of whether Increased emphasis
specific procedures to identify and they use a risk-based approach to KYC,
monitor Politically Exposed Persons 71% reported that they had specific
on reputational risk
PEPs are individuals who have political procedures for identifying and management, as well as
roles or associations, such as politicians, monitoring PEPs on an ongoing basis. legislative and cultural
diplomats and high ranking members of This is up from approximately 45% in
changes, mean that more
the military, but there is no uniform our 2004 survey. In the U.S., nearly all
definition of a PEP. Differing definitions banks have specific processes in place banks than ever before
appear in laws, regulations and guidance to identify and monitor PEPs, driven by have procedures in place
notes internationally. Despite this, there the U.S.A. PATRIOT Act 2001, which to identify and monitor
is a growing consensus among banks, requires monitoring of foreign PEPs.
governments and regulators that PEPs
their relationships with
present heightened AML risks. In our The increased focus on PEPs has not Politically Exposed Persons
2004 survey, only 55% of banks using a been uniform across all regions, with
risk-based approach to KYC reported that some countries in ASPAC placing far less
PEP status was one of their risk factors. emphasis on PEPs as a risk factor (for
In this year’s survey, the figure has example, Australia, Japan, South Korea,
increased to 81% of respondents (see Philippines and Taiwan). This is believed
section 5 of this survey). to reflect higher public trust in politicians
and senior business executives in some
Figure 15
Respondents with specific procedures in place for identifying and monitoring
PEPs on an ongoing basis
% of respondents
of these countries and a general lack were the most likely to have PEP to use centralized lists of PEPs to
of requirements to identify and monitor procedures (86% and 62% of facilitate easy classification of
PEPs. This is changing, however, with respondents respectively). The three individuals as PEPs.
recent legislative changes in some remaining countries lagged behind this:
countries in the ASPAC region now France (50%), Spain (29%) and Italy We asked our respondents what
requiring procedures for identifying (13%). approach they took to create or obtain
and monitoring PEPs. these lists (Figure 16).
One surprising result is that some of
The comparatively low figure for Europe the smaller banks in our survey were Our survey shows that banks in
is likely to change as a result of the EU more likely to have specific procedures Europe and North America were the
Third Money Laundering Directive, which in place for PEPs than their larger rivals. most likely to rely entirely on
requires banks to screen for PEPs. The Out of the respondents who were in commercial lists they had purchased,
Directive is due to be implemented by the top 250 banks globally (measured whilst respondents in Central / South
December 15, 2007 in all countries within by tier 1 capital ), only 64% had PEP America and the Caribbean, Russia/CIS,
the EEA, although it is possible that procedures. This compares to a figure and Middle East / Africa were more
individual countries may take longer of 87% for banks who were ranked likely to use a hybrid approach. We
than this. Among the larger countries 751-1000 of the world’s biggest banks. believe this is likely to be the case
in Europe, there were significant because of the blurring of politics and
variations in the extent to which they had Classification of PEPs business in some countries in these
specific procedures in place with regard With differing definitions of PEPs regions, and therefore the necessity
to PEPs. In the five biggest countries by across regions, and varying regulatory of modifying commercial lists to reflect
GDP in the EU, the U.K. and Germany requirements, banks have sought local practices and risk appetite.
Figure 16
Banks approach to classifying individuals as PEPs
% of respondents with specific PEP procedures
Defining PEPs
There are a variety of definitions of PEPs available in domestic legislation, regulations, supranational bodies and industry guidance
(three of these are provided below). Whilst these may at a high-level have common features, there are many differences
in the detail.
This includes subtle differences in terms of the level of seniority necessary for politicians, judicial figures, or other officials to be
classified as PEPs. There are also differences in the definition of who constitutes a ‘family member’ or ‘close business associate’
of a PEP. However, these difficulties of definition can be overcome by adopting a broad definition of a PEP, and applying a risk-
based approach.
The real difficulties are the practical application of the requirements, including:
• Identification of family members or close associates of PEPs where this is not readily apparent from their name, situation,
or information disclosed to the bank or available publicly.
• Identification of situations where existing customers may have become a PEP because of a change in their status,
or the status of a family member or business associate of theirs.
• Application of PEP standards in countries with uncertain, unstable or non-transparent political structures.
Wolfsberg Group The Financial Action Task Force EU Third Money Laundering
“Individuals who have or have had “Individuals who are or have been Directive
positions of public trust, such as entrusted with prominent public “Natural persons who are or have been
government officials, senior executives functions in a foreign country, for entrusted with prominent public
of government corporations, politicians, example Heads of State or of functions and immediate family
important political party officials, etc., government, senior politicians, senior members, or persons known to be
as well as their families and close government, judicial or military close associates, of such persons”.
associates”. officials, senior executives of state Source: Article 3(8) of the EU Third Money
owned corporations, important political Laundering Directive, October 2005.
Source: The Wolfsberg Group AML Principles
on Private Banking, revised version, May 2002 party officials”.
Source: FATF Forty Recommendations,
as amended October 2004.
KPMG comment
The operational complexity However, banks may need to bring Intelligence) providers to find out who
of dealing with PEPs in relation these lists together into a single source their customers really are, and what
to AML requirements which can be accessed from across reputation they have in local markets in
With the heightened risks associated the bank. order to support their enhanced due
with PEPs, banks may need to think diligence. A number of banks are also
carefully about the end-to-end control As with sanctions screening, ‘PEP lists’ setting up their own internal Financial
processes they have in place to identify are not static, and banks need a process Intelligence Units to coordinate
PEPs, accept them as customers, and to source updates to lists against which intelligence gathering, and take a
monitor their account activity. all new customers should be screened, proactive approach to identifying
and an accompanying process to try to emerging risks in relation to new
Identifying PEPs ensure that the changes to the list are products, customers or markets.
With a wide range of definitions of a screened against the bank’s entire client Enhanced due diligence and the use
PEP from regulators, industry bodies base, so that any existing account holders of Corporate Intelligence is equally
and governments, banks need to give who become a PEP are identified. applicable in respect of other high risk
careful thought to what definition would customers such as high net worth
be appropriate for their business, and Accepting customers individuals from high-risk jurisdictions.
how they can apply this consistently Doing business with PEPs raises unique
across all of their operations. While the reputational issues that require Activity monitoring
individuals who meet this definition will judgment and experience to evaluate. Banks must have processes in place to
vary from country to country, a global For many banks, it is not possible to monitor the account activity of PEPs,
approach helps to create a greater codify the range of risks, or the bank’s applying critical judgment in determining
degree of consistency. risk appetite, for dealing with PEPs, and whether this activity is in line with
therefore it is important that senior expectations. Transaction monitoring
Whilst the use of external providers of management is involved in the decision should be based on good quality due
‘PEP lists’ is common, banks need to to accept a new client who is a PEP, or diligence undertaken at account-opening
think about centralizing their use of these agree to continue servicing a client who and updated on a regular basis. This
lists in order to ensure consistency has become a PEP. These decisions should address the expected source of
in the identification of PEPs. This does should be based on good quality funds in the account, and the expected
not necessarily mean adopting a single information and intelligence, which is transaction activity in the account,
provider for PEP lists; it may be not always readily available, and banks including any underlying business and
appropriate to use a number of different are increasingly using respected beneficial ownership (if it is a corporate
providers to obtain global coverage. Integrity Due Diligence (or Corporate account).
7. Transaction monitoring
People are still the first line of defense suspicious activity to law enforcement, Vigilant staff continue to
in the fight against money laundering in addition to currency transaction
Transaction monitoring has long been an reporting in a number of countries.
be the main defense that
area of focus for regulators and banks. Accordingly, most banks have a bank has against
It is the area of AML compliance that developed systems and controls money laundering, and
has incurred the greatest expenditure in to monitor transactions and escalate
whilst transaction
both our 2004 and 2007 surveys, and is unusual or suspicious items.
expected to remain a key driver of AML monitoring may be the
costs over the next three years. In our survey, we asked banks what key to the future, much
methods they used to monitor work remains to be done
The legal framework and AML transactions. This showed little change
requirements in most jurisdictions are since the 2004 survey.
to improve the
based on a regime for reporting effectiveness of systems
Figure 17
Methods used by respondents to monitor transactions
% of respondents
(Options are not mutually exclusive)

Within the regions, it is clear that there Bearing in mind that a score of 3 Increased number of Suspicious
is comparatively less transaction is ‘neutral’ and a score of 4 is ‘fairly Activity Reports
monitoring in ASPAC with lower than satisfactory’, the responses indicate Greater investment in AML transaction
average scores for nearly all of the banks are generally satisfied with their monitoring systems and efforts appears
monitoring approaches under review. transaction monitoring, but only just. to have resulted in higher volumes of
This reflects a general lack of any The scores in ASPAC are noticeably suspicious activity reports (SARs) being
requirements to conduct transaction lower than other regions. filed with law enforcement authorities
monitoring, other than threshold (Figure 19).
monitoring, in many countries in this We also asked banks what
region. However, increasing emphasis recommendations they would make Our survey shows that 72% of
is being placed on transaction to improve their IT monitoring systems. respondents reported some level of
monitoring as legislative requirements Of the responses, 31% were focused increase in the number of SARs over
are updated around the region. on aspects of enhancing software or the past three years, up from 67%
The lower amount of transaction systems, such as increasing system in 2004. This trend is particularly clear
monitoring in the ASPAC region is also capacity, or better integration of in the North American region, with
reflected in respondents’ satisfaction multiple systems across the bank. 95% of respondents reporting some
with their transaction monitoring An additional 17% of banks wanted level of increase. The two biggest
systems (Figure 18). systems with improved functionality reasons for the increase in SARs were
or broader coverage. reported to be improved electronic /
automated transaction monitoring
systems and better staff training.
“People who design Figure 18

Respondents’ satisfaction with transaction monitoring systems
these systems should
use them. Although I've
Mean score out of 5:
said systems are not 1= very unsatisfactory
5= very satisfactory
sophisticated, they are
sometimes too much
so for our own good”
Score out of 5
Switzerland respondent
“I would like to have

a system that can track
both behavioral and
statistical transactions
based on a transaction
pattern (e.g. volume,
country, business)”
Hong Kong respondent Source: KPMG International, 2007
“We need more Figure 19

Change in number of suspicious activity reports compared with three years ago
intelligence-based
transaction monitoring
with the capability to
detect transactions
not noted by human
scrutiny”
Russia respondent
% of respondents
“We should focus

on updating the
enterprise-wide
system, rather than
different ones in
different areas of
the bank”
Taiwan respondent
Figure 20
Factors that have caused the increase in SARs
Mean score out of 5:

1= no impact
5= very strong impact
Costs of transaction monitoring and customer relationship management, home state. This may reflect the fact
Where respondents attributed the 30% referred to improved reputational that many respondents had not had
increase in SARs to improved transaction risk management, and 20% mentioned personal experience of dealing with
monitoring, we asked about the impact fraud reduction. In relation to fraud FIUs outside of their jurisdiction.
of this on the ongoing human and reduction, a number of banks now appear
financial resources needed to operate to be moving towards incorporating There was broad support for better
these systems. A clear consensus additional modules into their automated and more frequent interaction with
emerged, with 92% of banks reporting AML transaction monitoring platforms to FIUs, although with recognition that
that improved monitoring systems meant identify potential fraud, as well as moving this could lead to resourcing pressure
more resources were required. The most towards consideration of wider financial within those organizations if the volume
commonly cited reasons for the required crime risks. of SARs continued to increase and
increase in resources were ongoing processing backlogs built up. In this
maintenance costs, the need to review Feedback from government sources context, the generally positive views
‘false positives’, and the complexity In both this year’s survey and 2004’s, expressed by U.S. banks about their
of fully implementing the systems. a number of banks emphasized the domestic FIUs and law enforcement
importance of better feedback from agencies is impressive given the strong
Our survey also looked at the potential government sources such as financial growth in the volume of SARs in that
commercial benefits flowing from intelligence units (FIUs). Around one region. Over 30% of U.S. banks said
implementation of automated transaction third of banks could name a FIU that that their domestic authorities were
monitoring systems. Of the banks that they regarded as particularly good at good at providing feedback, with
identified commercial benefits, 37% providing feedback, although typically particular credit going to the Financial
cited improved marketing opportunities they named the FIU operating in their Crimes Enforcement Network (FinCEN).
FinCEN cross-border transaction It is estimated that it will take three and A significant challenge for FinCEN
database a half years to set up the system and is how to use the information they
The Intelligence Reform and Terrorism bring it into operation. It is also estimated receive as effectively as possible, and
Prevention Act of 2004 required the that 300-500 million transactions would to analyze it in a way that produces
Secretary of the U.S. Treasury to fall under the reporting requirements (as valuable insight and intelligence for law
investigate the feasibility of requiring they have been defined to date), and that enforcement agencies. They also need
U.S. financial institutions to report the system will need to hold a three year to consider how they will interact with
certain cross-border transactions to history of transactions, with a further financial institutions so as to help them
FinCEN. The feasibility study has now seven years of data maintained in an enhance their AML detection
been completed, and it concluded that archive, in order to perform meaningful capabilities (i.e. the type and quantity
it would be appropriate for financial and relevant analysis. of feedback they provide to industry).
institutions which deal directly with
foreign financial institutions to disclose The specific requirements of which The requirements and FinCEN database
information on all cross-border transactions will need to be reported will clearly have an impact on all U.S.
payments over US$3,000. have not yet been determined. In financial institutions handling cross-
addressing these requirements, FinCEN border payments, generating additional
As a result, a program of work will now has stated they will take a number of reporting requirements for the industry.
be undertaken to set up a central factors into consideration, including the
database into which these transactions impact on financial institutions, the
can be reported by institutions, and privacy concerns of individuals (both U.S.
logged for subsequent analysis by FinCEN and non-U.S.), and the wider impact on
Source: ‘Feasibility of a Cross-Border Electronic Funds
and other law enforcement agencies. the use of the dollar as the basis for Transfer Reporting System Under the Banking Secrecy
Act’, October 2006, published by U.S. Department of
international financial transactions. Treasury Financial Crimes Enforcement Network.
Joined-up monitoring evidence that the larger banks in our

One of the challenges for internationally survey were any more capable in this
active banks in carrying out transaction area than smaller banks. This may
monitoring is the ability to monitor reflect privacy laws in some countries
a single customer’s transactions and that prevent the sharing of information
account status across multiple around the group.
countries. Our survey shows that a
significant proportion of banks could A number of banks are reported to be
not carry out this type of monitoring. looking at introducing single customer
identification numbers to use across all
Within the global results, it was clear of their operations globally, which
that North American banks were ahead would significantly enhance their ability
of their peer group, with 42% of to carry out joined-up monitoring.
internationally active banks in the
region able to carry out monitoring of
customer transactions across multiple
countries. Interestingly, there was no
Figure 21
Banks capable of monitoring a single customer's transactions and account status
across multiple countries
% of respondents
KPMG comment
Taking transaction monitoring Despite the difficulties encountered, identified or prevented, and using
forward many banks are now at a stage where this to reinforce staff awareness.
With the significant steps forward in they are moving from putting an
the processing capacity of IT, the move electronic monitoring system in place, • Intelligence is critical to designing
towards electronic banking and services, to a point where the core platform typologies to screen for money
and a steady decline in the cost of IT exists, and they can focus more on laundering, and banks need to
equipment, new possibilities have refining the typologies they screen network effectively to pick up on
opened up in the monitoring of customer for and the escalation criteria used. current trends in money laundering.
transactions. Banks worldwide have In some countries, such as the U.K.,
taken steps forward in the automated Whilst there is a growing trend towards regulators and FIUs have set up fora
monitoring of transactions, with implementing AML transaction for banks to share views, and learn
significant investment in new IT monitoring systems, there are a number from FIUs about the trends they are
platforms and development of advanced of industry best practice points that seeing in the market. Banks should
data analytical software. However, banks’ banks can use: seek to ensure that they participate
experience of new systems have not in the discussions they are entitled
• Whilst monitoring systems offer
always met their expectations. They have to, and take steps to ensure the
the potential to screen high
found that significant resources need information they receive is – where
volumes of transactions and spot
to be deployed in the continual updating possible – disseminated widely
patterns of behavior that may be
of monitoring software, data feeds within the organization so that it can
spread over time or spread over
for transactions, and review of the be used by front-line staff and
multiple transactions, they are no
exceptions and potentially suspicious operations as well as the AML team.
substitute for staff vigilance on the
transactions identified by the systems.
front-line. A significant proportion of
Banks have also found it difficult to Good quality intelligence is particularly
SARs are raised by vigilant staff
design the right typologies for identifying important in the context of monitoring
rather than complex systems, and
money laundering, and calibrate the transactions for terrorist financing,
banks should ensure that in building
escalation thresholds to a level they are and a number of banks in our survey
up systems they do not lose focus
comfortable with. The challenge remains expressed the view that they would
on staff training and awareness-
that many of these systems contain like to see more and better quality
building. Banks can enhance and
complex mathematical algorithms that information sharing with FIUs; this
develop staff potential by singling
make it difficult to understand intuitively will be critical in ensuring a joined-up
out occasions when money
the inter-relationships between inputs approach.
laundering has been successfully
to the system and the outputs.
8. Training
There is a growing commitment significant variation in the percentage of Banks continue to invest
to train staff to combat money staff that banks deliver AML training to.
laundering
heavily in training programs,
AML training and awareness is key Within Europe, the figures for 2004 and with institutions in many
to a bank’s ability to combat money 2007 show banks moving towards the regions under pressure
laundering effectively, with 97% of banks center of the distribution (the 61-80%
saying they are dependent on the category), with fewer banks in the 81
to demonstrate the
vigilance of staff to monitor transactions 100% category and in the under 60% effectiveness of their
and identify suspicious activity. Reflecting categories, than was the case in our training, and are looking
this, 97% of banks say they provide 2004 survey.
some level of AML training to their staff.
to make it more relevant
(Interestingly, out of the six banks in our These shifts may reflect a more risk- to front-line staff through
survey with no AML training program, based approach to training, with banks case studies and practical
five nevertheless said they relied on the focusing training more directly on staff
vigilance of staff to identify suspicious with a real need for it, and the amount
examples
transactions). and content of training adjusted to reflect
the AML risks inherent in employees’
The overall amount of training given by roles. Whatever the cause of it, however,
banks has not changed markedly since the training patterns seem to be reflected
our 2004 survey, and continues to show in the costs of AML compliance, with
Figure 22
Estimate by respondents of percentage of staff who received AML training in
the past two years
% of respondents that provide some form of AML training
European banks reporting that training is based training (CBT), usage of this confidence in the effectiveness of that
relatively less expensive than it appears method has increased significantly from method of delivery.
to be in other regions. Training was the 2004 (up from 61% to 79% of all
fourth largest area of AML spending in respondents). This may reflect a need by Improvements to training
the past three years for European banks, banks in some countries to ensure We asked respondent banks about
but - on average - was ranked second complete coverage of their employee measures that could be employed
across all regions globally. base, and the comfort they can derive to improve the quality of AML training
from electronic tracking of which (Figure 25). The main theme among
The results for the U.S. show particularly employees have taken the training and respondents was the wish to use more
rapid change, and is likely to reflect the passed the test, also important as case studies for staff, both to raise
impact of the U.S.A. PATRIOT Act 2001, employees change roles and move awareness that AML exists in the real
which requires AML training for all around the bank. world, and to give staff the practical
relevant employees of a bank, as well as skills and knowledge to apply the AML
some high profile enforcement actions The use of CBT also makes it easier for training in their role. Despite greater
(Figure 23). banks to demonstrate compliance with pressure on banks to examine the
any training requirements set by their effectiveness of their AML controls,
Methods of training regulator. including training, the percentage
As in 2004, face-to-face training continues of banks considering testing of staff
to be the most common method used by The survey results pointed towards a appears low, and whilst testing is a
all banks; this method is also regarded as particular growth in confidence in CBT common feature in many CBT packages,
being the most effective (Figure 24). in emerging markets and corresponding this can often be a fairly basic
higher usage thereof. In more developed assessment test.
Despite there being no apparent shift in markets, usage of CBT has also
views of the effectiveness of computer- increased despite a slight dip in overall
Figure 23
Estimate by North American respondents of percentage of staff who received
AML training in the past two years, 2004 and 2007 surveys
(Percentages may not add up to 100% due to rounding)
Source: KPMG International, 2004 and 2007
“We need to use more Figure 24

Training methods used by respondents compared with assessment of effectiveness
examples or real case
studies to give the
staff the awareness
that money laundering
is a real existing issue”
Austria respondent
% of respondents
“We need more face-

to-face training – small
groups role-playing to
give people the chance
to work together and
practice what they are
looking for”
U.S.A. respondent
(Options for training delivered are not mutually exclusive)
“We need to identify Figure 25

instances across all Measures that could be employed to improve the quality of AML training
the institutions where

things have gone
wrong with KYC. We
need to identify the
reasons and train
% of respondents
people to know how

best to avoid them”
India respondent
(Options are not mutually exclusive) Source: KPMG International, 2007
KPMG comment
Enhancing the effectiveness Whilst CBT modules can include a have comparatively low SAR
of training degree of testing of comprehension, reporting and why this is the case
With a significant proportion of this can often be at a fairly basic level
• whether a suspicious transaction
Suspicious Activity Reports (SARs) and there is a need to include more
identified by electronic monitoring
raised by staff on the front-line, training case studies dealing with actual money
systems should have been spotted
is a key control that banks need to have laundering examples. In some respects,
by staff first
in place. In many jurisdictions, it is also face-to-face training offers more
mandatory under local regulations, or opportunities for staff to raise questions • the interaction that takes place with
important as a line of defense should or demonstrate their understanding of staff during training sessions.
any employee of the bank commit an AML requirements, and for those
offence under AML regulations. providing training to assess their Monitoring of AML controls by
understanding. Accordingly, banks need compliance or internal audit can also
In a number of countries, regulatory to focus more on the processes, formal include brief interviews with staff to
attention is now shifting towards giving and informal, that they have in place to assess their current understanding of
banks greater flexibility in who they train monitor the effectiveness of their AML systems and controls, and this,
and what level of training they provide, training. This includes CBT test results, coupled with the results of monitoring
reflecting the risk-based approach. but also making judgments based on a and testing, can be an effective way
Whilst this offers the opportunity to range of other indicators: of assessing staff’s understanding.
focus resources on the staff with the
greatest need for AML awareness, and • the quality of KYC compliance during All of this information needs to be used
to design training courses that are customer on-boarding to enhance the AML training program
tailored to an employee’s specific and wider AML systems and controls.
• the detail and level of understanding
needs, regulators are also beginning to
reflected in SARs escalated by staff
ask more pressing questions about how
banks assess the effectiveness of their • which branches or divisions of the
training. bank have not raised any SARs or
9. Attitudes towards regulation
Global support for regulatory AML burden as acceptable (83% of Broad-based support
frameworks respondents), this left a large minority
Our 2007 survey continues to reflect who regarded their regime as
for AML efforts by the public
broad-based support for AML excessively onerous (17% of sector, but prevailing view
regulation internationally, with 93% of respondents). No respondents in the that more needs to be done
respondents saying the burden of AML U.S. regarded it as necessary for their
regulation was acceptable, or even AML requirements to be increased, to combat money laundering
should be increased. However, this probably reflecting the increased effectively
includes 51% of respondents who said activity and high profile enforcement
that AML requirements needed to be cases in recent years.
better focused to combat money
laundering more effectively. Eight percent of banks globally
believed that AML requirements in
Respondents in the North Americas their jurisdiction should be increased,
region displayed divided views on their however some stronger views were
regulatory regime. Whilst a significant expressed, notably in the UAE, Nigeria
majority regarded the regulatory and Kazakhstan (Figure 27).
Figure 26 Figure 27 % of respondents

Statement most closely reflecting respondents’ view on AML requirements in that country
expressing the
view that AML
requirements
should be
increased
United Arab Emirates 83%
Nigeria 50%
% of respondents
Kazakhstan 67%
We believe this reflects banks in the law enforcement, should provide better Although the U.S.A. PATRIOT Act 2001
Middle East wanting more specific quality feedback (18% of the banks was enacted six years ago, it has taken
guidance from their regulators so that we surveyed referred to this). There time for banks to implement and adjust
there is more consistency in the was also a significant minority of banks to the new regime, and to respond to
application of AML requirements, and a that wanted their regulator to adopt additional guidance provided by U.S.
more level playing field for banks in the a risk-based approach (6% of all banks regulators (after enactment of the
region. The result for Nigeria is likely to we surveyed). legislation) as well as follow-up points
be a consequence of the country being from regulatory examinations. The
removed from the FATF list of Non- Impact of global legislation and ripple effect of this legislation on
Cooperative Countries and Territories in guidance on banks overseas banks has taken even longer
June 2006, and a resolve by Nigerian As in 2004, we asked banks to identify to gain momentum.
banks and its government to ensure the legislation or guidance that had the
that it remains off the list. greatest impact on them by scoring In Russia & CIS, there has also been
them from one to five. a shift in the requirements impacting
Of the respondents who expressed the their business, in that the effects of
view that – whilst the burden of The results show little variation over international requirements and
regulation was acceptable – there was the past three years (at a global level), expectations are now much more
room for improving AML requirements, but regional differences emerged. In pronounced, and it has emerged as the
a wide range of potential improvements particular, perceptions of the influence only region in which international
were identified. However, there was no of all types of legislation and guidance guidance (Basel, Wolfsberg) was rated
strong consensus among banks in any on North American banks has as a more significant impact on their
country as to how regulation could be strengthened, with the U.S.A. PATRIOT business than domestic regulatory
improved. Overall, there was a general Act 2001 scoring highly among North guidance.
feeling that regulators should produce American banks (4.53) followed by
clearer legislation, and together with domestic regulatory guidance (4.30).
Figure 28
Impact of global legislation and guidance on respondents
KPMG comment U.K. Vetted Group

“The Vetted Group is a multi-agency
AML global environment to entrench a risk-based, intelligence-
forum comprised of experts from law
For money laundering to be led approach to supervision, and –
successfully tackled, it is critical that as a secondary priority – share enforcement agencies and the
there is a joined up approach between information on threats and regulated private sector which
the private and public sectors. What is vulnerabilities. considers sensitive intelligence on
needed within banks is a clear new money laundering risks. The
understanding of the typologies used Section 314 of the U.S.A. PATRIOT Act group develops the intelligence using
by money launderers, and the risk permits information sharing between the specialist knowledge of its
factors they should use in identifying financial institutions and law
these, as well as intelligence in relation members and identifies areas where
enforcement, and among financial
to individuals and entities. Whilst banks institutions. further joint working would be
can make some progress on their own valuable. The group also reviews
initiative, the regulatory focus has now Pursuant to Section 314(a), FinCEN intelligence to produce declassified
shifted towards better cooperation and receives requests from law material which is tailored to be as
intelligence sharing between enforcement including names of relevant and meaningful as possible
governments and banks. This has been individuals and/or entities believed to
given greater urgency not only by the to the private sector audience.
be engaged in money laundering or
need to improve the effectiveness of terrorist financing. FinCEN circulates
AML efforts, but in particular by the those requests every 2 weeks to a This material is circulated by the
need to tackle terrorist financing. designated point of contact within Serious Organised Crime Agency
financial institutions. The institutions (SOCA) the [U.K.’s FIU] to the
Within a number of countries, structures receiving such requests must respond appropriate industry sector as an
have been put in place to facilitate this within 2 weeks if they have held Intelligence Alert. Alerts have already
information sharing. This includes accounts for such individuals/entities
been issued on the Abuse of Virtual
industry associations, issuance of within the past 12 months, or
guidance, government and regulatory conducted transactions on their behalf Payments Systems and the Takeover
liaison, and formal working parties and within the last 6 months. Institutions and Redemption of Life Insurance
committees. are well served if they use this Policies, and a further program
information to conduct internal reviews of activity for the Vetted Group is
As an example, the U.K. government to determine whether suspicious agreed to late 2007.
has identified a number of priority activity has occurred within the bank.
areas for stepping up its approach
This approach allows the private
to financial crime: Section 314(b) permits institutions
sector to add value to SOCA
which have registered with FinCEN to
• Enhanced data-sharing between the share information among themselves intelligence analysis at an early stage
public and private sectors, and pooling with respect to individuals and/or and ensures that SOCA shares
intelligence better between different entities the institution has reason to relevant information which will enable
public authorities, including the U.K. suspect may be or may have been its partners to increase the resilience
Vetted Group (see panel opposite). involved in money laundering or of their anti-money laundering
terrorist financing. This is a useful tool
procedures”.
• Further steps to extend the risk- which enables institutions to complete
based approach, including through a picture of a customer that might not
the creation of a new money otherwise exist within the institution.
Source: ‘The Financial Challenge to Crime and
laundering Supervisors’ Forum and Terrorism’, February 2007, published jointly by
a commitment to ensure The Australian regulator also recognizes HM Treasury, the Home Office, the Serious
authoritative guidance is available in the need for information sharing and Organised Crime Agency, and the Foreign
and Commonwealth Office.
all regulated industries. The forum places a strong emphasis on working
will bring together all of the U.K. with industry to improve understanding
organizations with responsibility for of money laundering issues and
ensuring compliance with domestic regulatory requirements and
and international AML/CTF standards, expectations.
10. Sanctions compliance
Greater international Background In our survey this year, we asked banks

Domestic governments have, for many how they updated KYC information on
pressure to tackle terrorist years, administered sanctions regimes principals for the purposes of sanctions
financing has raised the on the basis of international policy. screening and monitoring (i.e., directors,
profile of sanctions shareholders, and beneficial owners
In many cases, the sanctions regimes of opaque entities). Eighty percent
compliance. The complex
adopted and administered by domestic of banks reported that they had
nature of practical governments mirror the sanctions procedures in place to update principal
implementation of the imposed by the United Nations Security KYC information, although this still left
detail of multiple Council acting under chapter VII, Article a significant minority who did not have
41 of the UN Charter. any procedures in place.
overlapping sanctions
regimes is clearly a Recent Changes Respondents showed divergence
challenge for many banks We did not cover the issue of sanctions in the approach taken to updating
application in our 2004 survey and its principal information, with the majority
inclusion in 2007 is testament to the opting to do so only in response
growing impact of the issue on financial to a trigger event.
institutions globally. In particular, the
influence of U.S. Treasury sanctions Where banks did not have procedures
administered and managed by OFAC in place to update principal information,
has become high profile in recent years 50% said that the reason for this was
due to their extra-territorial application the absence of legal or regulatory
and the number of ways in which banks pressure to do so. Around 25% of these
all over the world can be caught by respondents also commented that they
them and potentially be held liable did not have sufficient deficiencies in
for violations. The impact of OFAC their KYC information to justify putting
sanctions violations can be very procedures in place for this.
damaging to an institution’s reputation
but can also have substantial financial
ramifications with punitive fines and
criminal action.
Office of Foreign Assets Control
OFAC mission statement OFAC sanctions coverage

‘The Office of Foreign Assets Control OFAC covers: OFAC prohibits transactions with:
(OFAC) of the U.S. Department of the
• U.S. activities; • Sanctioned countries and territories;
Treasury (U.S. Treasury) administers and

enforces economic and trade sanctions • “U.S. persons” no matter where • Specially designated nationals
based on U.S. foreign policy and they are located (SDNs);
national security goals against targeted • Persons includes institutions • Sanctioned entities;
foreign countries, terrorists, international • U.S. persons includes U.S. • Those engaged in sanctioned
narcotics traffickers, and those engaged nationals or foreign nationals activities
in activities related to the proliferation who are resident aliens or
of weapons of mass destruction.’ “green card” holders.
Source: OFAC web site and KPMG International, 2007
Figure 29
Approach to updating principal information for the purposes of sanctions compliance
% of respondents
KPMG comment
Sanctions entity, and therefore any updates to client sanctioned individuals or organizations
With increasing focus on terrorist records also need to be screened against from moving their funds to a bank based
financing, sanctions compliance has sanctions lists. in a jurisdiction where no sanctions are
become a more high profile issue for in place against them, or compliance
banks and regulators. It is imperative In addition to checking account-holders, standards are known to be lower.
that banks have appropriate controls banks also have an obligation to filter for
in place to ensure compliance with payments to or from sanctioned Institutions need to screen transactions
sanctions laws at all stages of the individuals or entities, and to ‘block’ the (before they have been processed)
transaction lifecycle. execution or settlement of payments to seek to ensure that the counterparty
where necessary. In carrying out this to a payment is not a sanctioned
At account-opening, clients should be filtering, it is critical that the central individual or entity, and that the
screened against applicable sanctions repository of sanctions lists is updated as underlying transaction is not restricted
lists before an account is opened. In soon as practicable after an update is or prohibited by a sanctions program.
addition, banks need to check their released. Our member banks are seeing A particular challenge in this area is
existing client base against new names leading practice as updating this filtering in respect of ‘cover payments'
that have been added to sanctions lists. repository within twenty-four hours of an (see panel overleaf). As the volume of
This can be challenging where data on update being released. In the U.S., it can cross-border transactions has gone up
principals or beneficial owners is held in happen more frequently than this, with to accommodate increasingly
manual form or distributed over many OFAC lists being checked multiple times a international investment and trade
different databases. Banks also need day to identify whether filters need to be flows, it will be particularly important
to be vigilant to ensure that updates to updated and prevent any unlawful for banks to be vigilant in the
client records (such as a change of payments being made inadvertently in correspondent banking relationships
signatory) do not result in them holding the few hours following the release of an that they have.
an account for a sanctioned individual or update. This is important to prevent
Cover payments which may relate to sanctioned (2) The adoption of payment messaging
‘Cover payments’ is a term used to individuals, entities or countries. standards within the banking industry.
describe a specific type of payment These standards would require
made from one bank to another via Moreover, correspondent banks cannot financial institutions not to omit, delete
correspondent banks. This may be distinguish between cover payments or alter information in messages – or
necessary where the two banks do not that are made to settle underlying use particular types of messages (such
have a direct banking relationship and client transactions, and those that are as those used for cover payments) –
need to use intermediaries to settle made to settle proprietary flows for the purpose of avoiding detection
payments between them. Cover between the originating and of that information by any other
payments have several characteristics, beneficiary banks. This means that financial institution in the payment
but a key one is that information on the correspondent banks cannot process.
originator (or originators) and unilaterally deal with the issue of cover
beneficiary (or beneficiaries) is payments. Although they may request It has yet to be seen what format the
ordinarily communicated directly from that other banks do not send cover new SWIFT messaging protocol will
the originating bank to the beneficiary payments to them, or only send cover take, and whether it can address the
bank. This means that any payments where details of the problem of how to communicate the
correspondent banks involved in the originator and beneficiary are included, details of originator and beneficiary
transaction are not usually aware of the they have no mechanism to be sure where the cover payment is settling
identity of the originator or beneficiary. this request has been complied with. the net balance arising from multiple
underlying transactions between the
Cover payments can often be used The indicative transaction flows for a originating and beneficiary bank.
where the originating bank and single cover payment using SWIFT are However, it will require greater
beneficiary bank execute multiple indicated in the diagram opposite. transparency between banks (as well
transactions on behalf of their as more concrete procedures) for the
customers each day. It can be more This problem of cover payments has issue to be effectively tackled.
economical to batch these up and been recognized by the industry, with
make one net payment via their the Wolfsberg Group and The Clearing If these proposals are adopted by the
correspondent banks to ‘cover’ the House Association LLP issuing a joint SWIFT member firms, a new message
outstanding balance between the statement on the topic . The statement format could be in place by November
originating bank and beneficiary bank. includes two components: 2008. This would be a key step in
This can help to reduce fees and improving the transparency for parties
intraday liquidity needs. (1) A proposal to create a new or to international payments.
enhanced SWIFT message format for
The nature of the information disclosed third-party cover payments that
to correspondent banks in a cover enables information on the beneficiary
payment is in many cases insufficient and originator to be included, and
to allow them to identify payments
“These actions will promote the effectiveness of risk-based programs designed

to reduce vulnerabilities associated with financial intermediation and enable banks
to avoid the use of their facilities by individuals and organizations that the banks
would not accept as their own customers, including, most particularly, those
engaged in money laundering, terrorist financing or transactions in violation
of relevant sanctions.”
Source: Wolfsberg Group, Clearing House Statement on Payment Messaging Standards, April 19, 2007.
Figure 30
Cover payments
Step 1: Step 4:
A instructs its bank to make a payment to B, and provides Correspondent Bank A makes
account details for B’s Bank. A’s Bank is able to assess
Correspondent Correspondent
Bank A payment to Correspondent Bank B Bank B
whether the payment would be compliant with sanctions within the relevant funds transfer
regimes that apply to it. system.
MT202
Step 2: Step 5:
A’s Bank sends a SWIFT message (MT103) to B’s Bank Correspondent Bank B sends
informing them about the payment. This generally includes Step 3:
A’s Bank instructs its correspondent confirmation to B’s Bank
details of A and B, and therefore B’s Bank is normally able that funds have been
to assess whether the payment would be compliant with bank to make a transfer to B’s Bank
transferred into its account
sanctions regimes that apply to it.
MT202
Step 3: Step 2:
A’s Bank sends a SWIFT message (MT202) instructing that A’s MT103 A’s Bank informs B’s B’s
a transfer be made to B’s Bank. This does not ordinarily Bank that its client,
Bank Bank
include details of A or B, and therefore Correspondent A, intends to make
Bank A cannot know whether the payment would comply a payment to B
with the sanctions regimes that apply to it.
Step 4: Step 1: Step 6:

Correspondent Bank A makes payment to Correspondent A instructs its bank to B’s Bank instructs B that
Bank B within the relevant funds transfer system. Neither make payment to B funds have been paid into
of the Correspondent banks are aware of the existence or its account.
identity of A and B, and thereby cannot know whether the
payment would comply with relevant sanctions laws.
“A” “B”
Originator of funds Beneficiary
Step 5:
(Payor) (Recipient)
Correspondent Bank B sends a SWIFT message (MT202)
confirming that a transfer has been made from A’s Bank
to B’s Bank.
Step 6: Key:
B’s Bank instructs B that funds have been paid into MT103 refers to SWIFT Message Type 103, Single Customer Credit Transfer – used for customer transfers
its account. MT202 refers to SWIFT Message Type 202, General Financial Institution Transfer – used for bank-to-bank transfers
Concluding remarks
The issue of AML is one that continues to present a challenge for

banks. From ensuring the appropriate tone and profile is set by senior
management, to the alignment of operational processes across a
complex business, the challenges faced by banks continue to evolve,
as do the regulatory environments in which they operate.
A more sophisticated approach, focusing supervisors) is to be welcomed. A risk- to dealing with AML issues in banks.
on risks, by banks and regulators to based approach offers banks greater This means real follow through on
tackle the issue, together with better flexibility in how they assess and the risk-based approach.
cooperation and feedback between the respond to the AML risks they face.
public and private sectors is necessary However, for this to be successful, both In the current climate of ever increasing
in the continued fight against money banks and their regulators need to step complexity across the global financial
laundering, terrorist financing and wider up to their obligations. For banks, this system, the AML challenges for the
financial crime. The challenges that banks means allocating the right resources to industry can only be resolved through
encounter are even more acute in the their AML efforts, securing senior constructive engagement between
less familiar area of counter-terrorist management engagement, and driving the public and private sector. In the
financing, and there are compelling through the cultural changes, investment past three years, there have been
reasons for governments internationally in IT and processes, and monitoring to meaningful steps in this direction in
to work more closely with banks in implement a credible and effective AML a number of countries, and there are
finding pragmatic mechanisms to disrupt strategy. For regulators, governments strong and compelling reasons, along
and prevent terrorist financing networks. and FIUs, it means greater feedback to with widespread willingness, for this
the industry on SARs, better momentum to be maintained.
In this context, a move towards a more promulgation of good practice, clear
risk-based approach (by banks and their standards, and a constructive approach
Regional perspectives:
Europe
Towards greater consistency

The implementation of the EU Third Money
Laundering Directive across the EEA in
December of this year will be the result of
a combined effort by member governments
to tackle the issues of money laundering
and terrorist financing across the region.
The Directive changed EU AML standards
to bring them into line with the 2003 revision
of the FATF recommendations on money
laundering and terrorist financing. Many states
in Europe will, however, face challenges in
incorporating the requirements into their
national legal systems and for the accession
states the challenges will be particularly great.
The role of senior management were updated to include specific years, despite recording growth
Across the European Union, the guidance on senior management of 58% over the past three years.
implementation of the EU Third Money responsibility, PEPs, and the
Laundering Directive by December application of a risk-based approach This average expected growth rate
2007 will result in the incorporation to AML and CTF. Perhaps as a for Europe masks some significant
into member states’ national law of consequence, 100% of U.K. banks variations between states, with larger
specific provisions on the role of senior in our survey reported that AML was countries reporting relatively low
management in respect of AML. a high profile issue for senior historic and expected future growth
Specifically, the Directive requires that management; that they used a risk- rates in costs. Of the five largest
senior management approval is based approach at account-opening; European countries in our survey
obtained for certain AML-related tasks, and that they applied heightened due (measured by GDP), France reported
such as the establishment of diligence at account-opening for PEPs. the highest expected increase in AML
correspondent banking relationships costs over the next three years (35%).
and the acceptance of customers that Cost of compliance The U.K. and Italy reported the lowest
are classified by the bank as ‘high risk’. The rise in expenditure on AML in anticipated increase, with both reporting
Europe has been greater than was an average expected increase of 13%
In the U.K., many of these key anticipated in the 2004 survey with this over the next three years.
requirements are already included in year’s survey showing a gap of 10
the industry’s guide to AML good percentage points between predicted Within Europe also, there were
practice (the Joint Money Laundering and actual growth. European banks significant variations in approaches
Steering Group’s Guidance notes said that they expect growth in AML to outsourcing. Banks in only three
(JMLSG)). In 2006, the JMLSG notes costs of 27% over the next three countries currently outsourced some
EU Third Money Laundering of their AML functions: the Netherlands without a formal monitoring program,
Directive (33% of respondents), the U.K. (29%) where banks appear to have responded
The approval of the EU Third Directive and Italy (29%). We believe that some to the question purely in terms of internal
on Money Laundering 2005/60/EC of this is likely to be the outsourcing monitoring rather than reference to any
(The Directive) represented a of basic identification services (e.g. statutory review work undertaken by
substantial commitment by EU
checking names and addresses against their external auditors (a requirement
member states to the introduction
electoral rolls), rather than more in those two countries). If the European
of measures to combat money
laundering and terrorist financing substantial outsourcing. figures were adjusted for this, they would
across member states. The Directive be broadly in line with other regions.
enhances and updates the content AML policies and procedures
of the First and Second Directives Reflecting the concentration of Risk-based approach to Know Your
on the prevention of money internationally active banks responding Customer activity
laundering in EU states. to our survey in this region, 94% Although several jurisdictions in Europe
The Directive introduces a number of of internationally active European have implemented a risk-based
key measures which must be adopted respondents reported that their policies approach, the term has particular
by member states in their domestic and procedures had a global dimension resonance in the U.K., where it has
legislation (and expands the regulated to them. European banks were divided been a feature of the regulator’s and
sector beyond financial institutions) equally between the two ‘global’ industry’s approach to AML since as
including the following: approaches to AML policies and early as 2003-2004. Across the rest of
• The ‘risk-based approach’ –
procedures set out in our survey. the European Union, the EU Third
The Directive was the first to Forty-nine percent of European banks Money Laundering Directive will result
enshrine this concept within EU stated that they had a global set of in the incorporation of this approach
law. It also provides for flexibility policies and procedures which they into the legislation of all member
in the application by banks of due attempted as much as possible to states. The Directive is significant in
diligence procedures which may be implement consistently across their that it is represents the first attempt by
enhanced or simplified based on an entire organization (a ‘global’ approach). a major country or region to give banks
assessment of a range of risks Forty-five percent of European banks flexibility on how they assess and
associated with the client; reported that they had a global AML respond to customer risk.
• PEP due diligence – Banks, among policy, but that detailed procedures
other institutions in the regulated were set at a regional or local level Ahead of the implementation of the
sector, are required to identify (a ‘hybrid’ approach). European banks EU Third Money Laundering Directive
Politically Exposed Persons at the were significantly more likely than in December of this year, 83% of the
account-opening stage and to have
those in other regions to apply a global European banks surveyed say that they
in place appropriate measures do
approach, reflecting the high-level and already employ a risk-based approach
deal with such individuals;
flexible nature of much European AML in their treatment of customers at the
• Identification of any ‘beneficial legislation. account-opening stage. A significant
owners’ that are individuals who
proportion of banks also had a
own or control 25% plus one share
of a legal entity (or more). Formal monitoring of AML systems remediation program in place (73%)
and controls that will enable them to perform risk-
The Directive’s implementation Only 70% of respondents in Europe based monitoring of customer activity
deadline is December 2007. Whilst say that they have a formal program for more effectively. The challenge for
some member states’ domestic AML testing the effectiveness of AML banks in the coming years will be to
regimes already include the provisions apply a risk-based approach to all
systems and controls and, although
of the Directive, many require
this represents an 11 percentage point customer monitoring, including
substantial enhancements to ensure
increase on our 2004 survey, it is lower transaction monitoring but also regular
compliance before the deadline and,
as a consequence, application may be than other regions. The cause of this is a updating of KYC information as
uneven in the period immediately after comparatively low number of customer relationships develop and
the implementation deadline (as was respondents in Germany and Switzerland change.
the case for the Second Directive).
Source: EU Third Money Laundering Directive (2000/60/EC)
Going forward, a significant proportion respondents in the region believed to be difficulties. There is a need for
of banks in Europe will be providing the key factor in the rise in SARs over the increased sharing of intelligence and
services covered by the Markets in past three years. information between the private and
Financial Instruments Directive (MiFID), public sectors.
which imposes additional obligations While there is generally no specific
on banks to collect information from legal or regulatory requirement across Training
customers on an ongoing basis. Europe that banks implement an Only 38% of European banks surveyed
Although this information is intended automated transaction monitoring indicated that they provided training to
to be used to ensure the suitability or system within their organization, 81-100% of their staff. This is in stark
appropriateness of services or monitoring is the key to the fulfilment contrast to the 93% of U.S. banks
products provided to customers, it may of numerous other legal and regulatory claiming to do so and is below average
also have benefits or economies of obligations, such as sanctions screening, for the survey as a whole. This seems
scale in terms of KYC and ongoing and assists in the implementation of to be a result of banks in the region
monitoring. However, it is likely that a risk-based approach. The preamble taking a risk-based approach to training,
the pressure to implement so many to the EU Third Money Laundering with more emphasis on tailoring their
regulatory initiatives at one time Directive also states that it would be training to the level of risk attached to
(Basel/CRD, MiFID, EU Third Money ‘appropriate’ for banks and larger specific staff roles within the business,
Laundering Directive) will mean that financial institutions to have electronic for example by allocating additional
some of the potential efficiencies may monitoring systems in place. An effective resources to the training of customer-
be over-looked, and much of the system for transaction monitoring facing staff. By contrast, the high U.S.
implementation of these initiatives may depends to a great extent on the figure appears to be driven by the
not be as comprehensive, robust information gathered at the account- requirements of the U.S.A. PATRIOT Act
or considered as banks would like. opening stage but the process itself is 2001 which requires training of all
not necessarily limited to procedures relevant staff, and therefore CBT is an
Politically Exposed Persons conducted at client on-boarding. In fact, easy way to achieve this even if it is
In 2007, 75% of European banks said the Directive requires regulated regarded as less effective than other
that they consider whether a customer institutions to undertake ongoing methods (98% of U.S. banks use CBT,
is a PEP for the purposes of monitoring of their client relationships versus 80% of European banks).
conducting due diligence at account- to ensure that transactions on each
opening stage, a marked increase on customer’s account are in line with the As in other regions, it is likely that
the 35% who claimed to do so in the bank’s expectations of the customer’s regulatory attention will increasingly
region in 2004. The increase is likely to activity. focus on the overall effectiveness
be a consequence of increased focus of training. In the U.K., this is already
on PEPs in recent years and the Transaction monitoring has taken on encapsulated in industry guidance
increased focus on the issue during additional significance across Europe (the JMLSG Notes) that have been
the EU Third Money Laundering in light of recent terrorist attacks in endorsed by the U.K. regulator and HM
Directive’s implementation phase. The London and Madrid and the potential Treasury. The Notes state that banks
challenge, as in other regions, however ability of transaction monitoring should not only obtain acknowledgement
is to reconcile the many different systems to help identify patterns of from the individual that they have
interpretations of who is a PEP, and behavior which correspond with received the necessary training, but
develop effective processes to identify established ‘typologies’ for terrorist should also take steps to assess its
and monitor PEPs on an ongoing basis. activity. Nonetheless, terrorist financing effectiveness.
still presents substantial challenges
Transaction monitoring to banks across Europe because of the
Sixty-five percent of European banks small value of transactions that may be
surveyed said that they use associated with terrorism. Accordingly,
sophisticated externally developed IT enhanced transaction monitoring alone
systems to monitor transactions, which is unlikely to prove a solution to their
Attitudes towards regulation and on an ongoing basis against lists of around ensuring that transactions being
Our survey indicates that the majority individuals identified as having links to processed through the bank’s locations
of banks in Europe believe that their terrorist activity (in addition to those around the world are in line with
current legislative and regulatory connected to other criminal or relevant U.S. legislative requirements
burden is acceptable but that the illegitimate purposes), along with where applicable.
content of existing legislation requires screening of payments to/from these
improvement if money laundering is individuals. These lists are produced, Outlook
to be effectively tackled in the region. among others, by the UN, the EU and With significantly greater flexibility arising
domestic organizations such as the from the EU Third Money Laundering
This broad support for the regulatory Bank of England in the U.K. and OFAC Directive, it will be challenging for banks
framework in Europe is likely to be in the U.S.A. to determine how to embed an effective
attributable to the flexible, risk-based AML approach in their business while at
approach that has been incorporated Due to the number of global banks the same time leaving a sufficient audit
into the EU Third Money Laundering operating out of London, there has trail for the process whereby they have
Directive, as well as the degree of been increasing emphasis in the U.K. made decisions about the key AML risks
consultation that has taken place on the extra-territorial aspects of U.S. and the suitability of controls to mitigate
between the Commission, regulators legislation and in particular the OFAC these risks. However, the Directive also
and banks in writing the Directive. sanctions regime. These have offers a major opportunity for banks to
presented both operational and enhance their AML controls.
Sanctions technological issues for banks arising
A key step in countering terrorist out of the need to screen customers
financing has been the screening of against applicable sanctions lists and
individuals at account-opening stage wide-ranging operational considerations
European Union enlargement For example, under the EU Third Whilst safeguards are in place in
On May 1, 2004, the EU welcomed ten Money Laundering Directive (‘the relation to these provisions, and much
new countries to join the Union, Directive’): depends on how individual states
expanding its membership to twenty- choose to implement the Directive,
five states. The new entrants were • Banks are not required to identify new opportunities may be opened up
Cyprus, the Czech Republic, Estonia, customers that are regulated for money launderers to gain access
financial banks other than confirming
Hungary, Latvia, Lithuania, Malta, to the financial system in countries
that they are in fact regulated.
Poland, Slovakia and Slovenia. On that have not had time to adapt to and
January 1, 2007, two additional states • Banks may be entitled to rely on implement the Directive in full, and
joined, Bulgaria and Romania. regulated third parties for then to move funds into more reputable
identification and verification, including financial centers. Some banks may be
This poses additional AML risks for entities that are not in the regulated particularly vulnerable to these risks if
banks operating in the EU. Many of the financial services industry, but are their internal procedures are based on
countries joining the EU have not nevertheless covered by the Directive the assumption that EU banks are low
(e.g. lawyers, accountants, estate risk, and accordingly apply less scrutiny
historically had stringent AML processes
agents, money service businesses,
in place, and although their admission to to these relationships.
or other high-value dealers).
the EU requires them to comply with EU
legislation, it is likely that it will take time • Banks do not need to apply As well as changes to the legal fabric
for these countries to adapt. The enhanced identification procedures of the EU, enlargement has clearly
regulatory framework in many of these to non face-to-face customers also engendered changes in the real
countries is also believed to be less well where the initial funds are economy, including greater cross-
developed, meaning the practical transferred from an account held in border trade and migration into and
the customer’s name with another
application of AML standards may have from the accession states, which has
EU bank.
been inconsistent in the past. in turn led to new banking products
• In the context of non face-to-face with unique AML risks. The existence
The challenge with this is that many transactions, banks can rely on the of greater volumes of legitimate
legal provisions in EU law are predicated fact that initial funds are transferred payments to and from countries that
upon the assumption that the same into a new customer account from would otherwise have been regarded
regulatory standards have been an account held in the customer’s as potentially high risk may also make
consistently implemented and enforced name with another EU bank, where it harder to identify any illegitimate
they would otherwise have to apply flows.
across the EU. Until this is the case in
the more demanding identification
reality, however, the financial system is
procedures that apply to other high-
potentially more vulnerable to money risk customers. As with emerging markets, those
laundering. In particular, it may open up operating in the enlarged EU need
new opportunities for money launderers • The enhanced due diligence that to approach AML sensitized to the
to move money into the financial applies to correspondent banking potential risks involved and construct
system in accession states and across relationships does not apply where AML programs accordingly.
into more developed financial systems. the correspondent is another EU
credit institution.
North America
AML is high on the agenda

North America’s legal and regulatory landscape
for AML is dominated by the Bank Secrecy
Act, the U.S.A. PATRIOT Act 2001, and the
application of the OFAC sanctions regime.
These have extended U.S. jurisdiction beyond
the limitations of national borders and have,
as a consequence, had an impact on banks
around the world.
Role of senior management score for the North American region at AML policies and procedures
Our survey indicated that only 63% a time when a wide range of factors In the U.S. case, it is apparent that all
of respondents in North America felt would otherwise have suggested AML internationally active banks have a
that AML issues were a high priority would be a high profile issue for senior global component to their policies
for senior management. This response management. and procedures, reflecting the need
is surprising in the light of the volume to implement the extra-territorial
of legislation on this issue and the Cost of compliance components of domestic legislation
profile of AML and CTF issues in North American banks have seen the on a global basis, including OFAC
the region. It is also unexpected highest percentage rise in expenditure requirements.
because of the number of high impact of any region in the survey over the
AML-related enforcement actions in the past three years (71%), much of which, Formal monitoring of AML processes
region, and the substantial personal banks tell us, has been directed at The U.S.A. PATRIOT Act 2001 identifies
liability and criminal sanctions senior improving transaction monitoring. It is four pillars of requirements to be met by
staff in North America can be subject expected that expenditure will continue covered institutions, one of which is the
to for violations of AML and CTF to grow in this region though requirement that banks have an
legislation and regulations. One respondents predict that the pace independent system for testing AML
possible explanation for this is that of growth will slow, despite banks systems and controls. Ninety-three
some banks have hired relatively senior having significantly under-estimated percent of banks surveyed in this region
executives to AML roles (often as a what the growth in costs would be in say that they have a formal monitoring
response to the new regulatory our 2004 survey. For many banks the system in place, which implies that
environment) and senior management anticipated slowdown in costs is likely seven percent of the banks in our survey
may feel that they are entitled to to reflect the fact that they believe were not in compliance with U.S.
delegate in full to these AML staff and they have already implemented the statutory requirements. This is
do not need to have ongoing basic architecture for AML that was supported by the fact that nine out of
engagement in the implementation of required as a result of the U.S.A. ten regulatory enforcement orders in
their bank’s AML strategy. This may PATRIOT Act 2001. North America cite a lack of independent
help to explain the comparatively low testing as a specific failing.
U.S.A. PATRIOT Act 2001 Risk-based approach to Know Your Transaction monitoring
The U.S.A. PATRIOT Act 2001 amended Customer activity The majority of banks surveyed in North
the Bank Secrecy Act in response to In line with the average for the survey as America indicated that increased
the 11th September 2001 terrorist a whole, 83% of North American banks transaction monitoring activity had been
attacks in the U.S. The U.S.A. PATRIOT say that they apply a risk-based approach a key factor in rising AML costs in banks
Act 2001’s purpose is to strengthen
at account-opening stage. across the region. Measured against
U.S. measures to prevent, detect and
other regions, North American banks
prosecute international money
laundering and terrorist financing. Eighty percent of banks have a system were more likely to rely on externally
in place to remedy gaps in KYC developed IT systems to carry out
Specifically, the U.S.A. PATRIOT Act information held for existing transaction monitoring (83% of banks
2001 consolidated and amended AML customers, up by only one percentage reported using these). Potentially as a
requirements in the U.S., with the
point from the 2004 survey. Of the consequence of higher investment in IT,
effect that banks must develop a
North American banks that have a 42% of internationally active banks in
written AML compliance program that
includes the following four key pillars: remediation program in place, there the region said that they were able to
are a mix of approaches taken to the monitor one customer’s transactions and
• the development of internal
policies, procedures and controls; exercise, with 38% only gathering new account status across multiple countries,
KYC information when the customer more than any other region surveyed.
• the designation of a compliance transacts new business or opens a
officer;
new account, 28% taking a risk-based Banks in the region reported the highest
• an ongoing employee training approach, and 25% reviewing all of increase in the number of SARs, both in
program;
their customer base. This reflects a our 2004 and 2007 survey. Over 63% of
• an independent audit function slight shift towards using a risk-based respondents in North America said that
to test the program. approach since the 2004 survey. the number of SARs they had filed had
The U.S.A. PATRIOT Act 2001 also increased 'substantially’. U.S. banks
requires that an institution's due During the three years since our last appeared to have significantly higher
diligence for international private survey, we have seen a significant levels of satisfaction with their domestic
clients includes steps to identify the increase in the U.S. in transaction FIU (FinCEN), with over 30% saying
source of funds and the purpose and “look-back” reviews, with U.S. FinCEN was particularly good at providing
expected use the account. The Act regulatory authorities putting greater feedback. Despite this, few respondents
also requires heightened due diligence emphasis on the review of the bank’s linked the rise in SARs to better feedback
with respect to foreign PEPs. past transaction history over and above and interaction with the FIUs.
In addition, although there is no attempts to remediate gaps in KYC
mandatory requirement to identify
information (the latter being an area Training
domestic PEPs or identify the source
of focus for European regulators). North American banks show a
of funds for U.S. private clients, there
is a strong regulatory expectation significant commitment to providing
that banks should do this. Politically Exposed Persons AML training for their staff, with 93%
The identification of foreign PEPs is saying that they provide AML training
In addition, section 311 of the U.S.A. one of the key requirements outlined to more than 80% of their employees.
PATRIOT Act 2001 provides the U.S. in the U.S.A. PATRIOT Act 2001. There It appears that one of the key drivers
Treasury with the ability to determine is also a strong regulatory expectation for this focus on training is the U.S.A.
that a foreign jurisdiction or institution that banks would identify U.S. domiciled PATRIOT Act 2001 and its requirement
constitutes a ‘primary money laundering PEPs. As such, it is a high priority for that regulated financial institutions
concern’ and to impose ‘special banks in the U.S.A.. Across the whole operate an ongoing training program
measures’ with respect to such of North America, 98% of banks said
jurisdiction, institution(s), class(es) of for all relevant employees.
that they had specific procedures in
transactions, or type(s) of account(s).
place to identify and monitor PEPs.
Source: U.S.A. Patriot Act 2001
Around a third of respondents from Sanctions Knowing one’s customer is critical

North America said that they felt that The U.S.A. Office of Foreign Assets in the area of sanctions scanning.
computer-based training was the most Control administers the U.S. sanctions For example, institutions must not only
effective method of delivering training, regime and recent history has understand named account-holders,
more than in any other region. This may witnessed significant regulatory but also authorized uses or signatories.
be because of the broad geographical enforcement actions and fines In the case of institutional clients,
coverage that CBT can provide, the specifically targeting OFAC violations. signatories, owners, large shareholders,
ability to communicate a consistent This has included fines being levied and management must also be
message, or an economic response with respect to activity that occurred considered.
to a statutory requirement to train all mainly offshore but the transaction
relevant staff (i.e. CBT is the easiest touched the U.S. or involved a U.S. Outlook
way to get complete coverage of all person. Significant legal and regulatory
relevant employees, and keep track pressure in the North American region
of the training they have received). In addition, industry best practice has created a more challenging AML
dictates that institutions in the U.S., landscape over the past three years,
Attitudes towards regulation particularly those doing international particularly in the U.S.. Changes
The compliance environment in the business, as well as U.S. institutions initiated in 2001, with the U.S.A.
U.S. places significant and detailed abroad, screen transactions and PATRIOT Act, have taken time to
requirements on regulated institutions. customers against other lists, such as influence the AML strategies and
From the Sarbanes-Oxley Act 2002 those issued by the UN, and the U.S. controls of banks and other financial
to U.S.A. PATRIOT Act 2001 to the State Department. institutions, both inside and outside
Foreign Corrupt Practices Act 1977, U.S. the U.S.. With ongoing debate about
institutions are under increased pressure The scanning of both transactions and the future direction of U.S. regulation
to ensure that their systems and controls customers against these lists is a and regulatory enforcement (principles
are capable of dealing with an increasing resource intensive exercise. Unlike versus rules), it will be interesting to
regulatory burden. These legislative transaction monitoring where activity is see if governments, regulators and law
requirements relate not only to domestic monitored, alerts investigated, and enforcement are ready to move
business in the U.S. but also to their reports made -- if necessary -- after the towards a more flexible approach to
overseas subsidiaries, branches and fact, sanctions scanning or filtering is AML. It is likely, however, that ongoing
personnel. The burden of legislation is done in real time. Transactions stopping concerns - particularly in relation to
now felt to be excessively onerous by a in filters must be investigated on the terrorist financing and sanctions
significant proportion of banks, with spot and rejected or blocked if any true enforcement - mean that there will not
18% saying that AML requirements in "hits" are identified, with reporting be any substantial or practical easing of
their country were unacceptably required in short order. Violation of the regulatory burdens faced by U.S.
onerous and should be reduced. Only OFAC provisions can carry strict liability financial institutions in the short term.
12% of those surveyed in 2004 believed penalties, and repeat violations can
this to be the case. bring about enforcement actions.
Asia Pacific (ASPAC)
A work in progress
With many countries in the region in the
process of developing and introducing new
legislation or strengthening existing
legislation, we can expect to see considerable
investment in AML over the next two to
three years. These legislative and regulatory
changes will see a move away from rules-
based requirements toward a more risk-based
approach and this is likely to result in
challenges for banks and regulators.
The role of senior management recent AML legislation introduced region as multinational banks
Our survey results show that over two in a number of ASPAC states including increasingly apply global policies
thirds of banks in this region consider Japan, Korea and Singapore. As a modeled on the European and U.S.
AML issues to be high priority for senior consequence of these new requirements.
management, an increase from 49% of requirements, it seems likely that
respondents in 2004. We believe that institutions will undertake additional The approach to the implementation
this increased emphasis on AML issues expenditure in relation to AML training, of AML policies and procedures does
is a recent development. In addition, transaction monitoring and the vary across the region. In India, for
respondents warned that many banks in implementation of appropriate systems example, banks with a more global
the region considered AML to be ‘just and controls. In Australia, the costs of presence tend to apply their home
another compliance issue’ which brings complying with its recently introduced market requirements as a minimum
costs but no tangible benefit to financial new legislation are expected to be standard for overseas branches and
institutions. substantial and we understand that make additional provision for any local
senior management are questioning requirements which are in excess
Cost of compliance whether sufficient commercial benefit of that minimum standard.
Banks in this region claim the lowest can be derived from this expenditure
increases in spending on AML in the to justify the cost. Banks from Pakistan, on the other
three years since we conducted our hand, would be more likely to follow
last survey, and are anticipating future AML policies and procedures overseas requirements. For example,
growth that is in line with the global AML legislation and regulations currently some of Pakistan’s largest banks use
average. This may be considered in place in Europe and the U.S. are U.K. AML policies and procedures for
surprising in light of the proposed or having a growing influence in this some of their overseas branches.
This position is likely to change over In spite of this predominantly rules-based Transaction monitoring
time. There is a real desire in India to try approach to AML in the region, 87% of Many of the banks in this region are
to meet the various requirements of the respondents said that their banks applied used to working to quite specific rules
main international regulators. To assist in a risk-based approach at client take-on. for monitoring transactions and as a
this process, the Reserve Bank of India consequence are likely to respond
is currently establishing AML regulations Despite the real challenges in the slowly to the introduction of a more
in line with this. Pakistan, as a whole is maintenance of customer records on risk-based approach. The results for
also fast improving its own local AML an ongoing basis, our survey indicates the region show comparatively less
legislation and regulations in response to that less than two thirds of respondents transaction monitoring than elsewhere
increasing pressure from international in ASPAC have a program to remedy in the world, with particular reluctance
regulators (the U.S. in particular) and by gaps in their KYC information, the to purchase externally developed IT
the close of 2008 Pakistan is aiming to lowest percentage recorded for any monitoring systems. As a result of
have its own stringent set of standards of the regions surveyed. For the 36% potential under-investment in IT, only
in place. Another key driver of Pakistan’s of ASPAC banks that did not have a 9% of internationally active banks in the
reform program is the desire to be seen remediation plan, 47% said that they region said that they could monitor one
to be taking a stand against money did not have one because they had customer’s transactions and account
laundering and terrorism. no deficiencies in their KYC data. status across multiple jurisdictions.
Twenty-nine percent of these
Formal monitoring of AML systems respondents said that they did not There has been a rise in SAR reporting
and controls have a remediation plan in place because across the region, with 69% of
Overall, 79% of banks in ASPAC say of the absence of legal or regulatory respondents reporting some level
that they have a formal AML pressure to do so. of increase in the number of SARs they
monitoring program in place, with have filed.
respondents indicating that compliance New legislation across the region aims
often plays a more direct role in the to ensure that banks will be doing this Training
process than elsewhere in the world. in future although there are specific Respondents across ASPAC tell us that
In Australia, for example, compliance regional and cultural issues which may training in many parts of the region is
are usually responsible for AML prove a barrier, including the risk of relatively unsophisticated, reflecting
monitoring, while designated crime offending clients with requests outdated legislation and lack of
and fraud departments carry out for additional information. regulatory pressure. Seventeen
internal investigations. Australia’s new percent of respondents indicate that
AML legislation has, like the U.S.A. Politically Exposed Persons they provide training to less than 40%
PATRIOT Act 2001, introduced a The concept of applying heightened of their total staff. In addition, in
requirement that banks undertake due diligence standards to PEPs is a countries such as India and Pakistan,
independent monitoring of AML new one across much of this region, although it is common for banks to
systems and controls but it is not yet and for that reason it is not surprising provide training that meets the
clear where the responsibility for this that considerably fewer than half of minimum regulatory requirements, the
independent monitoring will lie. responding banks sought to identify quality of some of the training taking
and monitor PEPs on an ongoing place in the region might need to
Risk-based approach to Know Your basis, less than in all other regions in improve to bring it up to international
Customer activity our survey. Certain countries within standards. Training is, however,
In many of the countries in this region, the region face specific problems in assuming greater importance in
with the exception of Australia, relation to the practical application of countries like Australia, where new
legislation tends to be rules-based. this concept in the context of their legislation means that banks will be
There is, however, a move across the clients. In China, for example, as in required to demonstrate to regulators
region toward the application of a risk- Russia, the line between business that their staff have been adequately
based approach, as various countries and politics is often blurred thus trained under a risk-based approach.
upgrade their AML regulatory standards. making the task challenging.
Attitudes towards regulation The legislative process in ASPAC is Outlook

Our survey results showed broad- less consultative than in other regions. AML is clearly moving up the corporate
based support for AML legislative However, the introduction of new AML agenda for banks in the ASPAC region.
frameworks in ASPAC, with no legislation in Australia indicates a move As the countries in this region review
respondents in the region saying the towards a more consultative approach. and upgrade their legislation and
regulatory burden was too onerous. This legislation was drafted in partnership regulatory requirements to bring their
Forty-seven percent of all respondents between the industry, the Attorney AML regimes into line with global
said that the AML requirements in General’s department and the AML practice, there will be considerable
their country were adequate and that regulator. investment in AML and greater
no change was necessary (the highest harmonization of requirements among
of any of the regions we surveyed). Sanctions these countries. Global banks have
Even so, an equal number of banks In line with many other regions, a a very important role to play in this
said that regulators in the region could number of banks that are foreign filers process, as their experience in other
focus their requirements more with the SEC have been criticized or parts of the world will be important
effectively in order to combat money disciplined by U.S. regulators. This has in shaping the AML environment in
laundering (47% of all respondents). raised the level of awareness about the region.
There appears to be a generalized belief the extra-territorial impact of U.S.
across ASPAC that the regulators could requirements, and focused
communicate more regularly with management’s attention on ensuring
banks, sharing the outcomes of SARs that effective sanctions policies and
and new money laundering typologies, procedures are in place.
and thus helping to spread industry
best practice.
Central and South America
and the Caribbean
In the shadow of the U.S.A.

Banks in Central and South America and the
Caribbean are, through trade and financial
links, closely bound to the U.S. and have
been impacted by the extra-territorial effects
of U.S. legislation. Banks in the region
reported greater AML investment than ever
before in order to meet the higher standards
expected of them.
The role of senior management already strong growth since our last regulatory demands not only in their
The results of our survey indicate that survey. Banks in the region attributed home countries, but within other world
senior management considers AML to the rise in costs to increased financial markets as well.
be a high priority in this region, with 88% expenditure on transaction monitoring
of respondents confirming that this is the and training, perhaps in response to AML policies and procedures
case within their own institutions. This increased pressure from U.S. regulators. Banks in the region showed a slight
represents virtually no change from the A third of our respondents had increase in the number of banks seeking
response in 2004. This sustained interest responsibility for global or North to use a global AML policy across their
in AML issues affecting banks in the American operations, and many other entire organization. The number of banks
region may well be a consequence of banks in the region have correspondent reporting that they develop policies and
recent regulatory enforcement actions banking relationships with the U.S.. procedures at a global level and
in which a lack of senior management These links to the U.S. are believed to implement them consistently worldwide,
oversight has been specifically singled have been influential in increasing focus increased by 18 percentage points, and
out as a weakness within the institution. on AML training in the region. This is now account for 38% of all banks in the
In some instances, the entire board of reflected elsewhere in our survey, with region. This is likely to reflect the U.S.
directors of some institutions have been banks in this region rating OFAC rules as influence, as well as the fact that banks
replaced as a result of regulatory action the most significant impact on their in the region are in an early stage of the
related to AML, and this has helped to institution with the exception of local development and implementation of
focus senior management’s attention legislation and regulations. The banks AML policies and procedures. The
on the issue. currently face increased burden not only percentage increase can most likely be
to indirectly “comply” with U.S. but also attributed to a number of enforcement
Cost of compliance with EU legislation and regulations. actions in the U.S. and EU that are being
Banks in the Central and South America While this in the short term increases used by banks in the region as guidelines
and Caribbean region anticipate high the cost of compliance, in the long term, in order to avoid similar costly
growth in future AML costs, with an financial institutions in this region will be enforcement actions.
average expected growth rate of 42% well suited to preserve their global
over the next three years. This is despite competitiveness, while satisfying
Formal monitoring of AML systems procedure in place for identifying and conducting and continuously updating:
and controls monitoring PEPs. Regional factors,
• a comprehensive assessment of the
All banks in the region reported that they such as a history of political corruption,
banks’ products and product groups
had a formal program for testing the are likely to have influenced the high in order to determine the risks
effectiveness of their AML systems and profile that this issue has in the region. certain products and product groups
controls (the only other region to report The majority of jurisdictions in the pose for money laundering and
this was Russia & CIS). However, region require banks to identify both terrorist financing;
several banks have voiced concerns foreign and domestic PEPs, which
• a full analysis to understand the
about regulatory expectations regarding exceeds the requirement in the U.S.A. universe of all transaction-types that
the requirements for testing the PATRIOT Act 2001 to identify foreign the institution uses;
effectiveness of their automated AML PEPs only.
• a comprehensive assessment to
monitoring systems, and the lack of
determine the risk the customer
regulatory guidance in this area. Transaction monitoring base poses for money laundering
Respondents in the region noted and terrorist financing.
Risk-based approach to Know Your transaction monitoring as one of their
Customer activity two most significant areas of investment, Training
Along with the majority of respondents although the majority of banks in the The proportion of staff at banks in this
to our survey, many banks in this region said that they were satisfied with region that are given AML training was
region say that they use a risk-based the systems that they had in place relatively high, with 71% of banks saying
approach at account-opening and that (more so than any of the regions they had trained 81-100% of their staff
they consider the two most important surveyed except Russia and the CIS). in the past two years. This emphasis on
factors for risk assessment to be the AML training may be attributable to the
nature of the customer’s business and Banks in the region also said that impact of U.S. legislation, specifically
whether the individual is a PEP. improved transaction monitoring was the U.S.A. PATRIOT Act 2001. However,
the most significant driver of increased rather than conduct tailored training
A relatively high percentage of banks numbers of SARs and claimed a courses, many institutions choose to
in the region have a remediation relatively high degree of functionality give every relevant member of staff the
program in place to fill in gaps in their for their IT, with 38% of internationally same level of basic AML training so as
KYC information for existing customers active banks in the region saying that to satisfy both local and U.S. regulators.
(83% of respondents). This has increased they could monitor a single customer’s With some of the large banks having
by 10 percentage points from the 2004 transactions and account status across tens of thousands of employees, this is
survey, although the key change since multiple jurisdictions (only the North a pragmatic approach to meeting
this time is a growing emphasis on the American banks did better than this, compliance needs, but is only the first
use of a risk-based approach to with 42% of banks making the same step toward implementing a robust and
remediation. In our last survey, 100% claim). comprehensive AML training program
of respondents with a remediation that takes into account the different lines
program said that they were doing so The high results for this region and the of businesses and AML risks across
across their entire customer base. U.S. is not surprising given the high the bank.
This year, only 40% of respondents degree of U.S. regulatory influence in
were in this situation, with the majority the region and the banks’ ability to adapt Attitudes towards regulation
of the remaining banks using a risk- and mirror their processes in line with Banks in the region, in common with
based approach. U.S. regulatory expectations. However, those across the survey, say that the
transaction monitoring cannot be viewed biggest influence on their AML policy
Politically Exposed Persons in isolation, and many respondents and procedures is their domestic
Most respondents in this region, 83% commented that their transaction legislation and regulation. However,
of those surveyed, said that they had a monitoring efforts could be improved by U.S. legislation is the next most
commonly cited influence on AML
policy, reflecting the close commercial Sanctions Outlook

and financial ties between the U.S. and In the area of sanctions compliance, With ongoing U.S. and international
Latin America, and the correspondent the extra-territorial effects of U.S. law pressure, banks in the region are likely
banking relationships that underpin have been particularly prominent, to continue to enhance their AML
these relationships. Banks in this region because of the close trade and processes in line with the evolution
are currently experiencing a certain financing links between the region of practices in the U.S. and elsewhere.
level of “double” regulation, both by and the U.S., banks reported particular Whilst this can raise operational issues
domestic regulatory bodies and vigilance in updating their information and costs, it will make it easier for
indirectly by U.S. legislation. One of the on principals for the purposes of banks in the region to carry on business
most commonly cited concerns of sanctions screening and monitoring internationally and access overseas
banks in this region is the lack of overall (83% of banks reported they did so on markets, and this is increasingly
harmonization of regulations between an annual basis). Similar to the important at a time that the majority
the U.S. and domestic regulations. challenges banks are experiencing of emerging markets are going through
Banks have cited numerous efforts in the area of transaction monitoring, unprecedented economic growth and
being conducted by trade associations the U.S. influence is significant, leading internationalization of capital flows.
in order to achieve a greater level of to amendment of AML compliance
harmonization between domestic and programs to take account of this.
U.S. regulators, while preserving the
integrity and soundness of the entire
Americas financial markets.
Russia and the Commonwealth
of Independent States
A focus on rules rather than

principles
The AML environment in Russia continues
to be highly formal, with an emphasis on
strict adherence to rules, and regulatory
pressure to adopt AML best practices. At the
same time, there are grey areas in Russian
AML requirements, leading to demands
for the regulator to provide clarity over
requirements, particularly where AML
deficiencies have resulted in revocation
of banking licenses.
The role of senior management Cost of compliance There are ongoing and widespread efforts
Ninety-five percent of the banks that we Our survey suggests that AML by banks in the region to recruit new
surveyed in Russia and the expenditure in this region has risen by people with relevant AML experience.
Commonwealth of Independent States 60% since we conducted our 2004
survey, six percentage points higher AML policies and procedures
(CIS) claim that senior management
than the predictions these banks made The percentage of internationally active
consider AML issues to be high priority.
in our 2004 survey. The region also banks in this region indicating that they
This is the highest proportion of banks in
reported the highest expected rate of develop and implement policies and
any of the regions in our survey. This may,
growth for AML costs over the next procedures at a global level is 69%,
to some extent, be a result of the sample
three years, with banks expecting on a relatively high percentage compared
of banks which responded to our survey
average a 53% increase in costs over to other regions. This is likely to reflect
in this region, which tended to be the
this period. While expenditure has regulatory pressure on AML compliance,
largest banks in the region, and therefore
undoubtedly risen, this appears to have with banks seeking to demonstrate a
may have a higher focus on AML, but
been from a lower initial base. comprehensive and thorough approach
also reflects the large number of banks
through global AML policies.
that have lost their banking license for
AML-related reasons. Since the start of AML compliance functions in Russian Formal monitoring of AML systems
this year, 22 financial institutions in Russia banks tend to be smaller than in other and controls
have lost their banking license; in 20 regions, but are well trained and Of the banks surveyed in this region,
experienced, reflecting the need to have 100% stated that they had a formal
instances, failure to comply with AML
local knowledge in an environment where program in place to test the effectiveness
requirements was one of the cited
AML requirements are not always clear in of their AML systems and controls
reasons. Sixty financial institutions had
practice and information is not as readily (up from 93% in 2004).
their licenses revoked in 2006, with AML
available as in some other jurisdictions.
being cited in 57 instances.
As for other high results in the region, important factor in assessing AML risk. remediation efforts. There was less
this is likely to reflect ongoing regulatory This represents a slight but not significant reliance on a risk-based approach, and
pressure and an environment of increase on the 2004 results. The results greater tendency to review their entire
heightened sensitivity to AML issues. are driven by the CBR regulatory customer base.
requirement to assign a risk level to each
The majority of monitoring and testing of customer, with specific rules on how this Politically Exposed Persons
AML systems and controls is carried out should be done (including the nature of Current legislation and regulation in
by internal audit, with 95% of the customer’s business, among other Russia/CIS does not require that banks
respondents saying internal audit had a factors). Many banks in the region identify PEPs or have measures in place
role in this activity (against 43% saying employ security professionals to assist to deal with them. The CBR is, however,
compliance were involved). Many banks them in identifying customers, finding out currently considering the introduction of
also have a separate AML function, which about their background, and/or following legislation which will require banks to do
is required under CBR regulations to be up potentially suspicious transactions. so. The enhancement of requirements
independent. Some banks have started to relating to PEPs is in response to the
add a separate compliance function, but One hundred percent of banks in the recommendations of FATF and the
for the time being most monitoring of region also reported that they had a Wolfsberg Group.
AML systems and controls is carried out remediation program in place to fill in gaps
by internal audit. in the KYC information they held on Despite the absence of regulatory
existing customers (the highest or legal requirements to identify PEPs,
Risk-based approach to Know Your percentage of any of the regions we 69% of banks within the region say
Customer activity surveyed). This result represented no that they do so. This is believed to be
Ninety-five percent of respondents from change from the 2004 survey, suggesting driven by a wish to improve their
Russia and the CIS say that they employ that remedial programs are taking a long reputational standing internationally,
a risk-based approach at account-opening, time to bring to completion. Since our last and to enable correspondent banking
with most banks stating that the nature survey, banks appeared to have changed relationships to be maintained with
of the customer’s business is the most the approach they were using in their banks operating in regions, such as
North America and Europe.
Figure 31
Respondents’ approach to remediation within the Russia/CIS region
While these are positive steps for reflecting the relatively small size of In terms of the impact of legislation and
institutions in this region, the political compliance departments and therefore regulations, respondents in this region
and cultural environment in Russia will a lack of qualified AML staff to carry cited domestic legislation as having the
undoubtedly continue to present out face-to-face training. It has been greatest impact on their business as did
challenges to banks of all sizes and observed that training programs can be banks from most other regions. Perhaps
areas of coverage. Specifically, the grey formulaic at present, although there is because of a relative lack of established
area between politics and business growing recognition of the need to guidance on AML issues and practical
in the region will require banks to be focus on effectiveness of training. implementation from domestic regulators
vigilant, use judgment, and continue or the slow pace of legislative change,
to review and update their PEP policies Attitudes towards regulation banks in Russia and the CIS listed the
and procedures. The majority of respondents in this Wolfsberg Group’s guidelines in second
region were broadly supportive of place in terms of impact on their AML
Transaction monitoring their regulatory regime, saying the policies and procedures. U.S. legislation
Banks in this region say that they use burden of AML compliance was and regulations are relatively less
a broad range of methods to monitor acceptable. Sixty percent of respondents, important in this part of the world, the
transactions, with most banks reporting however, said that their regime needed exception being those banks wanting to
they use the full range of monitoring to be better focused in order to combat begin or maintain correspondent banking
techniques to some degree. In addition, money laundering more effectively. relationships with North America.
respondents reported wide use or In Kazakhstan, recognizing this was
development of sophisticated IT systems a small number of banks overall, the Sanctions
to assist in the automation of monitoring majority of respondents said that they Sanctions compliance has become
processes, with 100% of banks saying would like governments to increase the more of a significant issue in the
they currently use internally developed level of regulation applicable to banks region since the U.S.A. PATRIOT Act
systems for this. This is believed to reflect in the region, perhaps indicating a lack 2001 came into effect, with significant
regulatory pressure to do so. of government focus on the issue. repercussions for banks that have
correspondent banking relationships
In contrast to most other regions, A particular dimension to AML in with U.S. banks. Given the common
our survey did not identify a significant the region is that much of the illegal usage of shell companies in the region,
increase in the number of SARs activity in the region is not connected the overwhelming majority of banks
reported by banks in Russia & CIS. with the placement of cash into the (95%) have procedures in place to
Only 21% of respondents reported a financial system, but the reverse. It can update their information on the
‘substantial’ increase in SARs, which is be the process of making illegal principals behind such structures in
half the global average (42% of global encashments, in which money held order to assist in ensuring ongoing
respondents reported a ‘substantial’ in bank accounts is converted into cash sanctions compliance.
increase in SARs). This is likely to reflect which can then be used to pay ‘black’
reluctance among banks to over-report salaries (without tax being withheld, Outlook
SARs in an environment where this or the income declared to the tax With continued regulatory pressure on
might be interpreted by their regulator authorities) and/or corruption payments. AML compliance, and high inherent
to be a sign of problems in the client The majority of banking licenses that risks of money laundering, banks will
base or KYC controls of the bank. have been revoked on AML grounds need to be vigilant in ensuring their
have typically been connected to AML controls remain in line with
Training encashment schemes rather than regulatory expectations and
Eighty-six percent of banks surveyed conventional money laundering. The international practices. There are clear
in this region said that they provided legislation against encashment is not and significant legal and reputational
training to more than 60% of their regarded as being particularly effective risks for banks that do not focus
staff, which is slightly above the in its implementation, with the CBR sufficiently on developing, implementing
average reported for all regions. recommendations perceived as the and monitoring a robust AML strategy.
Respondents reported greater usage main source of rules and enforcement
of CBT than in our last survey, possibly in this area.
Middle East and Africa
Seeking more guidance

Our results show that attitudes to AML
regulation vary greatly between countries
across this region, although common themes
are the need for a more consultative approach
by governments and regulators, and a general
feeling among all respondents that greater
clarity of direction is required on AML policy
in future.
Role of senior management African respondents saying it was laundering is an issue which has only
Across the region, our results show a high profile issue, and only 41% recently begun to be addressed by
a lower than average prioritization of of Middle Eastern banks saying so, senior management. This appears to be
AML issues at senior management with 47% citing moderate profile. a response to the increase in perceived
level with only 54% of banks believing AML risks and/or external pressure
AML to be a high profile issue for In the Middle East, strong economic from countries, such as the U.S..
senior management. In 2004, our growth and wealth creation are likely to
results demonstrated a substantial have increased the inherent AML risks, Cost of compliance
divide in responses from institutions in and therefore it is surprising to see AML The Middle East and Africa region
this region between Africa and the apparently slipping down senior experienced the second highest
Middle East, with 88% of Middle East management’s agenda. percentage increase in AML costs over
respondents indicating at that time that the past three years, with banks
they believed AML to be a high priority In Africa, our survey showed an reporting an average increase in costs
issue compared with just 50% of increased profile for AML at senior of 70%. It is important to note,
respondents in Africa. This year, the management level. With the exception however, that this increase has been
position is reversed, with 78% of of South Africa and Nigeria, money from a low base, reflecting the relatively
Figure 32 Figure 33
Africa – Profile of AML at senior Middle East – Profile of AML at senior
management level management level
High Moderate Low High Moderate Low

profile profile profile profile profile profile
2004 Survey 50% 40% 10% 2004 Survey 88% 12% 0%
2007 Survey 78% 22% 0% 2007 Survey 41% 47% 12%

Source: KPMG International, 2004 and 2007 Source: KPMG International, 2004 and 2007
recent increase in interest in AML Formal monitoring of AML systems reduced access to IT can prove
issues at senior management levels. and controls a challenge.
Much of the increased expenditure has The majority (81%) of respondents
been focused on investing in the from the Middle East and Africa say In addition to these practical issues,
enhancement of customer information that they have a formal program in cultural practices can also present
held on bank databases. This is due in place to test the effectiveness of their challenges to institutions in this region,
part to the specific regional challenges AML systems and controls. The quality particularly in relation to the gathering
faced by banks in obtaining customer of some of this monitoring can be of customer information and
information at account-opening because called into question, however. There is specifically in the Middle East, where
of a range of diverse factors, e.g. the a high degree of reliance on internal customers may in some cases view
lack of publicly maintained records in audit to carry out independent testing, banks’ requests for additional
countries such as Malawi, Tanzania and doubts as to whether internal audit information as intrusive or offensive.
and Angola. have sufficient experience and knowledge
to carry out this testing effectively. In Politically Exposed Persons
Training has also been an area of focus addition, our member firm’s experience The Middle East and Africa survey
for investment across both the Middle is that internal audit reviews, in many group covers a broad spectrum of
East and Africa but in the Middle East, cases, only take place infrequently and political regimes which can, in addition
the secondary focus has not been the some time after the event. This to the cultural challenges in the region,
updating of customer information but highlights the need for compliance to present specific challenges for financial
rather greater investment in the become more engaged in undertaking institutions in employing a risk-based
enhancement of transaction monitoring regular reviews of systems and controls. approach at the account-opening stage.
capabilities. Our results also suggest This is particularly true in Africa where
that increased costs are attributable to Risk-based approach to Know Your it may, for example, be difficult for an
more external reporting, with two Customer activity institution to refuse to enter into or
thirds of the African banks surveyed Eighty-nine percent of the banks indeed to exit a PEP relationship where
indicating that this had had a ‘very surveyed in this region claim to adopt to do so may attract personal risk to
strong impact’ on costs. Respondents a risk-based approach at the account- bank staff.
in the Middle East were less emphatic opening stage, with only two banks
about the impact of external reporting in Africa and one in the Middle East Despite these difficulties, 89% of
on their overall AML costs. saying that they did not make any respondent banks across the Middle
assessment of customer risk at the East and Africa say that they have
AML policies and procedures inception of a customer relationship. specific procedures in place for
Only 29% of internationally active However, whilst a risk-based approach identifying and monitoring PEPs
banks in this region claim to develop may be integrated into policies and perhaps indicating a more formalized
and implement policies at a global procedures, it is often the case that approach being adopted.
level. A significant proportion of banks banks experience real challenges
rely on policies and procedures in implementing these in practice. Transaction monitoring
designed at a local level. Whilst these Banks in the Middle East and Africa, like
can take into account local sensitivities Client risk assessment can be a other regions, are heavily reliant on staff
and cultural issues, they also appear to difficult process within the region due vigilance to combat money laundering
be driven by a reluctance among banks to the specific challenges faced by throughout their banks. The significance
to suffer the competitive disadvantages banks operating here. In Mozambique, and potential impact of staff awareness
of voluntarily applying higher AML for example, limited sources exist is heightened in this region, however,
standards in their overseas branches against which company ownership by the lower level of investment in
than is required by local law. information can be verified, making transaction monitoring systems.
a flexible approach to client risk difficult Greater investment in automated
to achieve. Across the whole region, processes may well make the task
of monitoring transactions more banks surveyed said that they felt that the a drive for increased regulation in the
manageable and effective in this region, legislative burden was too onerous, with Middle East. This method of transferring
although experience indicates that this most saying that the legislation in place money can often prove cheaper for
will not necessarily reduce costs; it may was adequate but required clarification. customers than traditional banking
only result in the diversion of resources methods and it has, therefore,
to reviewing and reporting a higher Behind the regional results, there were continued to be a popular and attractive
volume of suspicious transactions. significant differences of view for different option, particularly for migrant workers
countries. In particular, banks from both transferring money back home. One
Banks in the region reported an UAE and Nigeria showed strong support example of increased regulation of
increase in the number of SARs they for an increase in AML requirements Hawala is in the UAE, where
had filed, with 50% saying the number (83% and 50% of respondents in each 'Hawaladers' are now required to
had increased substantially (the average country, respectively). Banks from other register themselves with the UAE
for our survey was 42%). Banks countries also reported an appetite for central bank, and are also required to
attributed the increase to improved increased AML regulation, although for record a higher level of detail in relation
monitoring, enhanced account-opening several of these countries we only had to their customers.
procedures, and better staff training. one respondent, and therefore the results
may not be representative of views Sanctions
Training generally in those countries. Specific regional challenges apply in the
Seventy-five percent of banks across Middle East and Africa in relation to the
the Middle East and Africa said that In addition to those banks seeking an application of the sanctions regime.
they had provided training to more than improvement in AML standards, 15% It can, for example prove difficult to
60% of their staff over the previous of respondents said that although the perform a check against sanctions lists
two years, which is in line with the regulatory burden was acceptable, based on the customer's name due to
average for our survey. This represents regulatory requirements should be the multiple available spellings of names
an increased amount of training since better focused to tackle money used in the region. Sophisticated IT
our 2004 survey (in which the laundering more effectively. The demand systems provide a potential solution to
comparable figure had been 56%). for regulatory change in the region is this issue but again require substantial
likely to reflect the respondents’ investment in both the systems, and in
It is not easy to measure the comments on the lack of formal the training of bank staff to understand
effectiveness of staff training delivered consultation processes in the region sanctions and use the automated
by institutions in this region. Banks during the formation of AML policy by systems properly.
generally favor face-to-face training over regulators and governments.
other methods such as computer-based Outlook
training. This is perhaps due to the The impact of non-domestic legislation Ongoing regulatory and international
relatively limited access to technology and regulations is more limited for pressure is likely to lead to
in some areas and particularly across respondents in this region, primarily due enhancements in the AML regulation
Africa, and thus the increased coverage to their limited geographical coverage. in Africa and the Middle-East, together
that face-to-face training can provide. A number of respondents do, however, with broader acceptance and usage of
have relationships with banks or clients in best practices from other parts of the
Attitudes towards regulation the U.S. or are involved in effecting dollar world by banks. Increasing investment
Respondents in this region had mixed transactions, all of which may be covered flows between the region and markets
views on AML regulation, with a relatively by the requirements of the U.S.A. internationally is also likely to add
high proportion of banks (35%) saying PATRIOT Act 2001 and OFAC. momentum to the movement towards
that AML requirements should be enhancement of AML standards.
increased, even if this increased the The alternative or parallel remittance
burden on banks. None of the African system known as ‘Hawala’ has attracted
KPMG International
KPMG is a global network of professional firms providing Audit, Tax, and Advisory
services. We operate in 148 countries and have more than 113,000 professionals
working in member firms around the world. The independent member firms
of the KPMG network are affiliated with KPMG International, a Swiss
Cooperative. KPMG International provides no client services.
Major KPMG Member Firms’ Contributors
We would like to thank all of our AML contacts for their contribution to the AML survey, in particular:
Europe North America Russia & CIS

Karen Briggs Teresa Pesce Ian Colebourne
Mark Daws Darren Donovan Oleg Lykov
Jeremy Allan Laurence Birnbaum-Sarcy
Anders Wombell Middle East & Africa
Neal Dawson ASPAC Colin Lobo
Marius Fourie Gary Gill Kevin West
Eleanor Winton Deepankar Sanwalka
Jimmy Helm Arpinder Singh
Giles Williams
Central/South America & Caribbean
James Martin
Antonio Pereira
Eric Collard
Lee Griffin
KPMG Forensic
KPMG Forensic helps clients reduce With a team of 250 partners and staff Our wealth of experience allows us to
reputational risk and commercial loss. across the U.K., together with an work closely with you and provide
We do this by using accounting, international network of over 1,600 robust, practical advice. Our aim is to
investigation, intelligence, technology professionals spanning 29 accredited help you take immediate, effective
and industry skills to help our firms’ practices, we have both a strong action to achieve a positive outcome,
clients prevent and resolve commercial national presence and a multinational whilst remaining sensitive to concerns
disputes, fraud, misconduct and capability to handle complex cross- over business disruption,
breaches of rules and regulations. border engagements. confidentiality and reputational issues.
We also help public sector agencies
to deal with criminal issues.
Global AML Contacts
Africa and Middle East
Africa1 Middle East and South Asia2

Kevin West Colin Lobo
Tel: +27 12 431 1521 Tel: +971 6517 0724
Fax: +27 12 431 1301 Fax: +971 6572 3773
kevin.west@kpmg.co.za cdjlobo@kpmg.com
Herman De Beer Bob Chandler

Tel: +27 11 647 7342 Tel: +971 6517 0723
Fax: +27 11 647 8266 Fax: +971 6572 3773
herman.debeer@kpmg.co.za rbchandler@kpmg.com
Americas
Canada United States
Pamela Johnson Teresa Pesce Laurence Birnbaum–Sarcy
Tel: +1 613 212 3614 Tel: +1 212 872 6272 Tel: +1 212 872 5808
Fax: +1 613 212 2896 Fax: +1 212 658 9494 Fax: +1 212 872 7701
pamelajohnson@kpmg.ca tpesce@kpmg.com lbirnbaumsarcy@kpmg.com
Latin America3 Darren Donovan Antonio Pereira

Tel: +1 617 988 1833 Tel: +1 305 913 2697
Antonio Pereira
Fax: +1 617 507 8321 Fax: +1 305 946 0633
Tel: +1 305 913 2697
djdonovan@kpmg.com apereira@kpmg.com
Fax: +1 305 946 0633
apereira@kpmg.com
Asia Pacific
Australia India Malaysia
Gary Gill Deepankar Sanwalka Woonchee Ooi
Tel: +61 (0) 2 9335 7312 Tel: +91 (124) 307 4302 Tel: +60 3 2095 3388
Fax: +61 (0) 2 9335 7466 Fax: +91 (124) 254 9101 Fax: +60 3 2094 7005
ggill@kpmg.com.au dsanwalka@kpmg.com wooncheeooi@kpmg.com.my
Tony Byrne Japan Republic of Korea

Tel: +61 (0) 2 9335 8227
Mahito Ogawa Daniel Kang
Fax: +61 (0) 2 9335 7466
Tel: +81 3 5218 6770 Tel: +82 2 2112 0577
tbyrne@kpmg.com.au
Fax: +81 3 5218 6708 Fax: +82 2 2112 0704
mahito.ogawa@jp.kpmg.com dongwonkang@kr.kpmg.com
China and Hong Kong
Grant Jamieson Tetsuya Umehara Singapore
Tel: +852 3121 9804 Tel: +81 3 5218 6701
Bob Yap
Fax: +852 2869 7357 Fax: +81 3 5218 6708
Tel: +65 6213 2677
grant.jamieson@kpmg.com.hk tetsuya.umehara@jp.kpmg.com
Fax: +65 6225 0984
byap@kpmg.com.sg
1 All assignments in the Africa region are undertaken from our accredited Forensic practice in South Africa.
2 All assignments in the Middle East and South Asia region are undertaken from our accredited Forensic practice in the United Arab Emirates.
3 All assignments in the Latin America region are undertaken from our accredited practices in Argentina and Brazil.
kpmg.com
Europe
Austria Ireland Sweden
Gert Weidinger Andrew Brown Martin Kruger
Tel: +43 732 6938 2107 Tel: +353 (0) 1410 1147 Tel: +46 8723 9199
Fax: +43 732 6938 2153 Fax: +353 (0) 1412 1147 Fax: +46 8723 9766
gweidinger@kpmg.at andrew.brown@kpmg.ie martin.kruger@kpmg.se
Belgium Italy Switzerland

Els Hostyn Gabriella Chersicla Anne van Heerden
Tel: +32 2708 4362 Tel: +39 02 6763 2440 Tel: +41 44 249 3178
Fax: +32 2708 4399 Fax: +39 02 6764 3721 Fax: +41 44 249 2233
ehostyn@kpmg.com gchersicla@kpmg.it annevanheerden@kpmg.com
Central and Eastern Europe 4 Luxembourg United Kingdom6

Jimmy Helm Eric Collard Karen Briggs
Tel: +420 2 22 123 430 Tel: +352 22 5151 7240 Tel: +44 (0) 207 311 3853
Fax: +420 2 22 123 100 Fax: +352 22 5151 328 Fax: +44 (0) 207 311 3710
jhelm@kpmg.cz eric.collard@kpmg.lu karen.briggs@kpmg.co.uk
Denmark Netherlands Mark Daws

Tel: +44 (0) 207 311 5137
Torben Lange Jack de Raad Fax: +44 (0) 207 311 3710
Tel: +45 3818 3184 Tel: +31 20 656 7774 mark.daws@kpmg.co.uk
Fax: +45 7729 3184 Fax: +31 20 656 7790
torbenlange@kpmg.dk deraad.jack@kpmg.nl Jeremy Allan
Tel: +44 (0) 207 694 5209
France 5 Russia Fax: +44 (0) 207 311 3710
Jean Luc Guitera Ian Colebourne jeremy.h.allan@kpmg.co.uk
Tel: +33 1 5568 6962 Tel: +7 495 937 2524
Fax: +33 1 5568 6962 Fax: +7 495 937 4499 Neal Dawson
jguitera@kpmg.com iancolebourne@kpmg.ru Tel: +44 (0) 207 694 5552
Fax: +44 (0) 207 311 3710
Germany neal.dawson@kpmg.co.uk
Spain
Dieter John Lucy Major
Tel: +49 221 2073 1575 Pablo Bernad
Tel: +44 (0) 207 896 4208
Fax: +49 221 2073 6411 Tel: +34 91 456 3400
Fax: +44 (0) 207 311 3710
djohn@kpmg.com Fax: +34 91 555 0132
lucy.major@kpmg.co.uk
pablobernad@kpmg.es
Frank Weller
Tel: +49 221 2073 1576
Fax: +49 1082 1199 11322
fweller@kpmg.com
4 All assignments in the Central Eastern Europe region are undertaken from our accredited Forensic practice in the Czech Republic.
5 KPMG in France also covers French-speaking African countries.
6 United Kingdom also includes offshore financial centres such as Isle of Man, Bermuda, Cayman Islands and Channel Islands.
The information contained herein is of a general nature and is not intended to address the circumstances of any © 2007 KPMG International. KPMG International is
particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no a Swiss cooperative. Member firms of the KPMG
guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the network of independent firms are affiliated with
future. No one should act on such information without appropriate professional advice after a thorough examination KPMG International. KPMG International provides no
of the particular situation. client services. No member firm has any authority to
obligate or bind KPMG International or any other
member firm vis-à-vis third parties, nor does KPMG
The views and opinions are those of the interviewees and survey respondents and do not necessarily represent International have any such authority to obligate or
the views and opinions of KPMG International or KPMG member firms. bind any member firm. All rights reserved. Printed in
the United Kingdom.
KPMG Forensic is a service mark of KPMG International.
KPMG and the KPMG logo are registered trademarks

of KPMG International, a Swiss cooperative.
Forensic advisory and expert witness services may be subject to legal and regulatory restrictions.
Designed and produced by KPMG LLP (UK)’s
Design Services
Publication name: Global Anti-Money Laundering
Survey 2007
Publication number: 307-231
Publication date: July 2007

Anti Money Laundering - Global Survey 2007 - KPMG

Caricato da

Informazioni sul documento

Descrizione originale:

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Anti Money Laundering - Global Survey 2007 - KPMG

Caricato da

Copyright:

Formati disponibili

FORENSIC

Global Anti-Money Laundering

Detailed survey findings 11

- 1. The role of senior management 11

- 2. The costs of AML compliance 14

- 3. AML policies and procedures 19

- 4. Formal testing and monitoring

of AML systems and controls 21

- 5. Risk-based approach to Know Your

- 6. Politically Exposed Persons 29

- 9. Attitudes towards regulation 43

- 10. Sanctions compliance 46

Estimated money laundering flows are reported to be in excess

Brendan Nelson Karen Briggs

KPMG International commissioned RS The survey covered the following topics:

Detailed survey findings

1. The role of senior management

2. The costs of AML compliance

Source: KPMG International, 2007

Total 61% 58% -3%

Europe 63% 58% -5%

North America 66% 71% 5%

ASPAC 36% 37% 1%

C/S America / Caribbean 73% 59% -14%

Russia / CIS 66% 60% -6%

Middle East / Africa 68% 70% 2%

Source: KPMG International, 2004 and 2007

Areas of greatest AML expenditure to existing systems, and the provision

Score out of 5 Source: KPMG International, 2007

Over time, globally active banks may move

3. AML policies and procedures

4. Formal testing and monitoring

Source: KPMG International, 2007

One of the key challenges is finding

5. Risk-based approach to Know Your Customer activity

Source: KPMG International, 2007

Source: KPMG International, 2007

(Options are not mutually exclusive) Source: KPMG International, 2007

6. Politically Exposed Persons

Source: KPMG International, 2007

Source: KPMG International, 2007

(Options are not mutually exclusive)

“People who design Figure 18

“I would like to have

“We need more Figure 19

“We should focus

Mean score out of 5:

Score out of 5 Source: KPMG International, 2007

Joined-up monitoring evidence that the larger banks in our

(Percentages may not add up to 100% due to rounding)

Source: KPMG International, 2004 and 2007

“We need to use more Figure 24

“We need more face-

(Options for training delivered are not mutually exclusive)

Source: KPMG International, 2007

“We need to identify Figure 25

the institutions where

people to know how

(Options are not mutually exclusive) Source: KPMG International, 2007

9. Attitudes towards regulation

Figure 26 Figure 27 % of respondents

United Arab Emirates 83%

Source: KPMG International, 2007