Checklist vs. Methodology: Leveraging the Tenets of EDD in AML Investigations

Driven by calls from regulators and the need to find more cost effective ways to comply with regulatory reporting requirements, financial institutions are adopting a risk-based approach to anti-money laundering (AML) and terrorist financing (TF) investigations.

A risk-based approach requires a change in mindset and methodology. Less emphasis is placed on traditional transaction monitoring and 'rules' and more emphasis on the use of insight and analytics (I&A) to identify incidents for further investigation. Applied properly, incidents are more likely to result in reports to regulators and result in less false positives.

To be effective, it is argued that the adoption of a risk-based approach also requires changing the way in which investigations are conducted—(from a checklist to a methodology).

A risk-based approach requires a change in mindset and methodology

Traditionally, investigations are often little more than analysts completing a checklist of red flags or indicators, ( i.e., doing what they are told within often rigid parameters) as opposed to (thinking what to do, being empowered and trained to do so and making a decision, e.g., to file a SAR or STR).

The end-to-end process from the generation of the incident to filing a SAR/STR is often siloed. Using a risk-based approach, a single investigator owns the process and the level of effort and breadth, depth and scope of the investigation is proportionate to the perceived risk.

In 2006 ACAMS published an article suggesting a definition for enhanced due diligence (EDD). This definition forms the basis for EDD at the Royal Bank of Canada and has been adopted in whole or in part by many practitioners globally.

Using the definition as a foundation, best practices have evolved particularly in the area of private banking and wealth management. In December 2010 Kroll published The Good The Bad and The Ugly by John Price, quoting the definition and providing a useful risk matrix.

The original definition is shown below with the component parts highlighted. These tenets form a suggested AML 'Thinking Map' (see below) for use by investigators using a risk-based approach.

"A rigorous and robust process of investigation over and above (KYC) procedures, that seeks with reasonable assurance to verify and validate the customer's identity; understand and test the customer's profile, business and account activity; identify relevant adverse information and risk assess the potential for money laundering and/or terrorist financing to support actionable decisions to mitigate against financial, regulatory and reputational risk and ensure regulatory compliance"(ACAMS Today July/August, 2006).

A 'Thinking Map' is simply a series of prompts investigators are trained to consider, in all cases when conducting investigations.

  • Client Identity and Verification
  • Client Occupation or Business Activity
  • Source of Funds
  • Destination of Funds
  • Product and Transaction Type
    (Types of Funds)

Utilizing a 'Thinking Map' provides consistency and robustness to investigations; ensuring that salient points are covered and allows investigators latitude to explore other areas relevant to the matter under investigation.

'Thinking Maps' are not used in isolation, but are combined with other techniques to provide a methodology for how investigations are conducted; put simply:

  • Understand the client (including identifying relevant and/or adverse information) and identify the norm;
  • Understand the activity in the context of the client and eliminate the norm;
  • Investigate and understand what remains (the unusual or suspicious).
  • Decide, document and either close or report.

Using this methodology investigations of a client's accounts are always conducted in a 360-degree fashion. For example, in all cases all accounts are reviewed for the relevant period but only in the depth commensurate with the perceived risk.

If the client is flagged for unusual activity on their USD account and most transactions occur in this account, it may be necessary to identify every wire, every check and explore every transaction. For the other accounts, with low volumes/low value and understandable activity, a high level review of debits/credits and a small (and documented) sampling of transactions may suffice.

In Conclusion

Key to the success of the methodology shown is having the right people, with the right skill sets that are properly trained. In my experience not every analyst under the traditional model has the skill sets, (including critical thinking skills) to be an investigator.

The 2006 EDD article also called for standardized training, particularly for Internet research. Similar training is also required to develop critical thinking skills. Such training is available but few institutions appear to invest in it.

AML Thinking Map

Client Identity and Verification

  • Do we know who the client is, as opposed to who they purport to be?
  • How long has the client relationship been established?
  • How is their individual or corporate identity confirmed?
  • Is their individual or corporate identity supported by authentic and appropriate documentation or other sources?
  • What reliance can be placed on supporting documents or information?
  • Does the information provided by the client correspond with our findings?
  • Is the client included on any sanction lists or negative databases?
  • Is there relevant adverse information?
  • Does it all make sense?

Client Occupation or Business Activity

  • What does the client do - how do they earn their living?
  • What is the nature of risk associated with their declared occupation?
  • Is the occupation or activity legitimate and/or within RBC policy? (i.e., gambling.)
  • How is the client's occupation verified?
  • Is the client's income consistent with their occupation?
  • What evidence exists to support the income?
  • What reliance can be placed on this evidence - how can it be tested and confirmed?
  • Does the information provided by the client correspond with our findings?
  • Does it all make sense?

Source of Funds

  • What is the source of funds under review? Do we know?
  • What is the source of funds used to open the account?
  • What evidence exists to support these sources
    of funds?
  • How much reliance can be placed on this evidence, how can it be further confirmed?
  • Is the source legitimate and consistent with the client profile? (Consider evidence of predicate offenses).
  • Is the source in itself high risk i.e., by industry or country? (Are their associated sanction risks? i.e., PEPS/diamonds from Liberia etc.)
  • Is the source within bank policy?
  • Is the client entitled to these funds?
  • Does it all make sense?

Destination of Funds

  • What is the destination of funds transacted? Do we know?
  • Who is the beneficiary?
  • Who is the ultimate beneficiary? Do we know?
  • What evidence exists to support the above?
  • How much reliance can be placed on this evidence, how
    can it be further confirmed?
  • Is the destination in itself high risk i.e. by industry or country?
    (Are their associated sanction risks? i.e.,
    PEPS/diamonds from Liberia, etc.)
  • Is the destination within bank policy?
  • Is the beneficiary entitled to these funds?
  • Does it all make sense?

Product and Transaction Type (Types of Funds)

  • Is the type of product consistent with the client's profile?
  • Why is the client using this product? (i.e., drafts and not
    wires, etc.)
  • What is the risk associated with the product?
  • Transactions: Nature of the transactions - volume,
    amounts, locations, use of other financial mediums, etc.
  • Are the transactions consistent with the client profile
    and declared activity?
  • Does it all make sense?

Peter Warrack, Head of Investigations, RBC AML FIU, Toronto, Canada, peter.warrack@rbc.com

The views expressed here are the author's and not those of the Royal Bank of Canada.

Leave a Reply