Saturday, December 17, 2011

Uncover Hawaladars Hidden in Your Wires.

I want to introduce a new, or at least unusual wire transfer surveillance concept that can lead to some interesting cases.

The heart of the technique is looking for individuals that have a higher than average number of unique counterparties. I wish I could take credit for this concept, but I can't. Dr. Michael Recce introduced the concept one day over lunch. (OK, I admit it, we're nerds. We'd spent the morning talking about automated monitoring of trade finance, and for a change of pace we shifted back to regular AML surveillance concepts.)

At this point you're wondering why the number of counterparties would mean anything. Let me ask you this; how many wire transfers have you received in your personal account this month? This year? Ever?

For purposes of this post, I've applied the concept strictly to wire transfers.

The basic drill is as follows;
  1. Using, rules, filters, or queries, identify account holders with a higher than average number of unique counterparties. Alternatively, you could 'band' the number, or use specific number ranges. (for example; how many accounts have between 30 and 50 unique wire counterparties?)
  2. Review the wires; wire instructions, OBI info, detailed counterparty information. Confirm that your account holder in fact has a bunch of unique counterparties, and become familiar with the details of the transactions.
  3. Ask “Do the transactions make sense for the account holder?” For example, the account holder is running a business out of their personal account (you'll have to chat with them about that anyway), the invoice numbers and descriptions are all consistent with each other.
  4. Ask the account holder to explain the business nature or the underlying reasons for the transactions.

Variations on the drill might look at
  1. counterparty country. Are the countries as diverse as the counterparties? What portion of the counterparty countries are high risk countries in your institution's risk assessment?
  2. Looking at wire roles separately; number of unique originators where the account-holder is the beneficiary is one slice, and number of unique beneficiaries where the account-holder is the originators is another slice. Same kind of wire profiling applies in both cases.
  3. Forget about counterparties entirely and just look at number of counterparty countries

Here's an example ripped from the headlines, as they say.

I've liberally borrowed from the details of an Iranian sanctions case involving Dr. Mahmoud Banki, who recently won, at least in part, an appeal of his conviction for having run an unlicensed money remitter and violating Iranian sanctions in the process.

Dr. Banki (he has a doctorate in chemical engineering, and worked as a management consultant.) was the beneficiary of 56 wire transfers from 44 unique entities. Here's a quick profile of the wires:

  • 56 wire transfers in amounts between $2600 and $199971, total value $3,400,000.
  • 9 wires for $10,000 or less
  • 41 wires between $10,000 and $100,000
  • 6 wires for more than $100,000
  • Majority of originators were individuals
  • Some originators were business entities, including
  • Hillmarcs Construction Corp. (Philippines),
  • United Gulf Exchange Company (Kuwait),
  • Torgovy Dom Atlanta (Russia),
  • Trenton Group, LLC (Latvia).
  • Unusual wire instructions
  • “contract for pistachios”
  • “tomato paste and transportation”


  1. Identifying a customer with an unusual number of unique counterparties. Of course, in this instance, the case focuses on Dr. Banki for us. In your own institution, you would have to develop a query or filter that captures a beneficiary customer with multiple distinct originating parties. If you don't create a 'party' profile in your wire data respository, go for the simple substitute: profile on unique originating party account numbers.
  2. Reviewing the wires to understand the transactions. Again, done for us in the court case. In your own institution, it's business as usual for any investigator or analyst that has worked on wires in the past.
  3. Do the wires make sense on their face, for this customer? On their face, no, these don't make a lot of sense. Certainly, the OBI information about pistachios and tomato paste raise an eyebrow. United Gulf Exchange and Torgovy Dom Atlanta are basic trading/exchange houses, and Trenton Group's name certainly does clarify their business. Keeping in mind that Dr. Banki is an individual, the account is a personal account, and he's a chemical engineer, there's little that's plausible in the wire set. (How many wires have you personally received this year?)
  4. Ask the customer to explain the underlying business nature or reason for the transactions. As it turns out, of course, Dr. Banki had no direct business relationship with any of the originators, and was not the ultimate beneficiary of the wire transfers. His role was as an intermediary party between the originator, an Iranian hawaladar, and the ultimate beneficiaries.

This type of surveillance is tailor made for identifying parties involved in the placement of funds from a variety of sources into a single account. Whether that's an unlicensed money remitter, a 'consolidator' for funds (whether those funds are from criminal sources, or they are destined for criminals or terrorists), or the professional money launderer.

To make it work effectively in your own shop;
  1. Find a way to identify, profile and work with the number of counterparties for each customer.
  2. Focus on individual (personal) accounts initially.
  3. Start with wire transfers
  4. Start with the originating party as the counterparty.
  5. Establish absolute number bands until you can build a profile distribution.
  6. Test, test, test.
Happy hunting!

Thursday, December 8, 2011

Risk Rating questions for a corporate customer

Collecting CDD/EDD information on corporate customers can help with customer AML risk-rating, if you get to the interesting questions, and apply risk information you already have:

Some sample questions:
  1. Nature of business/industry (implies a listing or set of high-risk business types)
  2. Type of business formation
  3. Jurisdiction of business formation (apply country risk factor)
  4. Business privately held or publicly traded?
    1. If publicly traded are shares on a recognized exchange (implies listing of acceptable exchanges worldwide.)
  5. Identification of beneficial owners:
    1. Document direct owners
    2. Document indirect owners
    3. Calculate actual ownership
    4. Drive to statutory required level (say 10%)
    5. Drive to actual persons as beneficial owners
  6. Identification of board members, senior management, other signatories
  7. Types of products to be used (implies a risk assessment of products, for example)
    1. Lower Risk (savings account, certificates of deposit, basic demand deposit)
    2. Moderate Risk (lending, financing, certain kinds of investment products)
    3. Higher Risk (cash services, wires, ACH, standby letters of credit, etc.)
  8. Listing of expected counter-party countries (from list, and applying country risk factors)
  9. Expected value, volume, variations
  10. Screen of signatories, beneficial owners, board members, senior managers;
    1. Cases (this is a little controversial)
    2. Sanctions
    3. Negative news

For Entertainment Purposes Only: SDN Search

On December 7, 2011, OFAC debuted its own online SDN Search Tool.

Accompanying the tool is a formidable disclaimer (I've taken some liberties):

This SDN Search application (“SDN Search”) is designed to facilitate the navigation of the Specially Designated Nationals and Blocked Persons list (“SDN List”).

SDN Search uses literal character matching logic to identify exact matches between word or character “strings” exactly as entered into SDN Search, and any name or other information exactly as it appears on the SDN list.

SDN Search will not detect misspellings or other incorrectly entered text, and will not return near matches to, or other variations of, the entered text.

SDN Search may suddenly accelerate to dangerous speeds.

Discontinue use of SDN Search if any of the following occurs:
  • itching
  • vertigo
  • dizziness
  • tingling in extremities
  • loss of balance or coordination
  • slurred speech
  • temporary blindness
  • profuse sweating
  • heart palpitations

Do not taunt SDN Search.

Use of this system implies understanding that searches performed by SDN Search are conducted at the user’s own risk, and that the search results provided by SDN Search do not represent an official confirmation by the Office of Foreign Assets Control or the Department of the Treasury of the existence or absence of a match between any information entered by the user and any information contained on the SDN List.

The use of SDN Search does not limit or excuse any liability for any act undertaken as a result of, or in reliance on, such use.

Donning appropriate safety gear; I tested my favorite SDN “Daytona Pools, Inc.” with some variations.

The listing:
“DAYTONA POOLS, INC., 225 Syracuse Place, Richardson, TX 75081
[LIBERIA]”
Target Text
Hit?
Daytona Pools
Yes
Daytona Pools Incorporated
No
Daytonapools
No
Daytona*Pools
No
Dayt0na Pools
No
Daytona Poo1s
No
Daytona Pool
Yes
Dayton A Pools
Yes
Daytona Polos
No
Daytona Poods
No
Dayton A Polos
No

In addition to misspellings, near matches or mistakes in data entry warned about in the disclaimer, SDN Search does not recognize “glued names” (Daytonapools) or fully elaborated names (Daytona Pools, Incorporated.) These 2 variations have been featured in recent OCC tests of OFAC screening tools.

With all of the limitations of the SDN Search tool (both in search mechanics, and 'fitness for decision-making') it's hard to imagine an operational, 'prime-time' use for this tool.


Thursday, December 1, 2011

Risk Rating the Vatican!

A 'Quick and Dirty' Approach to assessing an AML/CTF risk weight for the Vatican.

I was inspired by Stephan Schmitz's post on the Vatican and FATF to demonstrate a 'quick and dirty' AML/CTF risk rating for the Vatican. Even though the Vatican is ignored in most open source assessments, it is possible to use those methodologies to develop and document a usable AML/CTF risk factor.

You won't make a lot of friends this way, but here's one way to describe the Vatican;
a theocratic monarchy, where women are denied citizenship, and where there is 1 soldier for every 5 residents.

For purposes of this post; there are two components to the risk factor; a set of core AML/CTF infrastructure questions, and the Transparency International Corruption Perception Index.

Core Questions

For the 'quick and dirty' approach, I used the same questions employed by the US Department of State to assess the money laundering risk of various countries. Their results are published annually as part of their International Narcotic Control Strategy Report.

To answer the core questions, I used the Vatican's “LEGGE CONCERNENTE LA PREVENZIONE ED IL CONTRASTO DEL RICICLAGGIO DEI PROVENTI DI ATTIVITÀ CRIMINOSE E DEL FINANZIAMENTO DEL TERRORISMO”, which was put into effect in December 2010. My facility with Italian is not great, so any assessment errors are my own.


Core Questions
Qualitative Answer
Numeric Score
1. “Criminalized Drug Money Laundering”:Has the Vatican enacted laws criminalizing the offense of money laundering related to the drug trade?
Yes
0
2. “Criminalized Beyond Drugs”: Has the Vatican enacted laws criminalizing the offense of money laundering related to crimes other than the drug trade.
Yes
0
3.“Know Your Customer Provisions”: By law or regulation, does the Vatican requires banks and/or other covered entities to adopt and implement Know Your Customer/Customer Due Diligence programs for their customers or clientele?
Yes
0
4. “Report Large Transactions”: By law or regulation, are banks and/or other covered entities required to report large transactions in currency or other monetary instruments to designated authorities?
No
1
5. “Report Suspicious Transactions”: By law or regulation, are banks and/or other covered entities required to report suspicious or unusual transactions to designated authorities?
Yes
0
6. “Maintain Records over Time”: By law or regulation, are banks and/or other covered entities required to keep records, especially of large or unusual transactions, for a specified period of time, e.g., five years?
Yes
0
7. “Disclosure Protection - ‘Safe Harbor”: By law, does the Vatican provides a “safe harbor” defense to banks and/or other covered entities and their employees who provide otherwise confidential banking data to authorities in pursuit of authorized investigations?
No(?)
1
8. “Criminalize “Tipping Off”: Under Vatican law, is disclosure of the reporting of suspicious or unusual activity to an individual who is the subject of such a report, or to a third party, a criminal offense?
Yes
0
9. “Financial Intelligence Unit”: Has the Vatican has established an operative central, national agency responsible for receiving (and, as permitted, requesting), analyzing, and disseminating to the competent authorities disclosures of financial information in order to counter money laundering?
Yes
0
10. “Cross-Border Transportation of Currency”: By law or regulation, has the Vatican established a declaration or disclosure system for persons transiting the jurisdiction’s borders, either inbound or outbound, and carrying currency or monetary instruments above a specified threshold?
Yes
0
11. “International Law Enforcement Cooperation”: Does the Vatican cooperate with authorized investigations involving or initiated by third party jurisdictions, including sharing of records or other financial data, upon request? (Based on past experience. Their new law promises a better level of cooperation.)
No
1
12. “Mutual Legal Assistance”: By law or through treaty, has the Vatican agreed to provide and receive mutual legal assistance, including the sharing of records and data?
Yes
0
13. “System for Identifying and Forfeiting Assets”: Has the Vatican established a legally authorized system for the tracing, freezing, seizure, and forfeiture of assets identified as relating to or generated by money laundering activities?
Yes
0
14. “Arrangements for Asset Sharing”: By law, regulation or bilateral agreement, does the Vatican permit sharing of seized assets with third party jurisdictions that assisted in the conduct of the underlying investigation?
No
1
15. “Criminalized the Financing of Terrorism”: Has the Vatican criminalized the provision of material support to terrorists, terrorist activities, and/or terrorist organizations as required by the UN International Convention for the Suppression of the Financing of Terrorism and UN Security Council Resolution 1373?
Yes
0
16. “Report Suspected Terrorist Financing”: Are banks and/or other covered entities required to record and report transactions suspected to relate to the financing of terrorists, terrorist groups or terrorist activities to designated authorities?
Yes
0
17. “States Party to 1988 UN Drug Convention”: Is the Vatican party to the 1988 United Nations Convention against Illicit Traffic in Narcotic Drugs and Psychotropic Substances, or a territorial entity to which the application of the Convention has been extended by a party to the Convention?
Yes
0
18. “States Party to the UN International Convention for the Suppression of the Financing of Terrorism”: Is the Vatican party to the International Convention for the Suppression of the Financing of Terrorism, or a territorial entity to which the application of the Convention has been extended by a party to the Convention?
No
1
19. “States Party to the UN Convention against Transnational Organized Crime”: Is the Vatican party to the United Nations Convention against Transnational Organized Crime (UNTOC), or a territorial entity to which the application of the Convention has been extended by a party to the Convention?
No
1
20. “States Party to the UN Convention against Corruption”: Is the Vatican party to the United Nations Convention against Corruption (UNCAC), or a territorial entity to which the application of the Convention has been extended by a party to the Convention?
No
1
21. “US or International Sanctions/Penalties”: Has the US, another jurisdiction and/or an international organization, e.g., the UN or FATF, has imposed sanctions or penalties against the Vatican?
No
0
Total Quantitative Score


7

So, who else scores a “7” on these questions?
  • Angola
  • Central African Republic
  • Comoros
  • Nauru
  • Solomon Islands
  • Suriname
  • Tajikistan

That's some risk neighborhood!

Transparency International Corruption Perception Index

The CPI scores run in the opposite direction from the risk weighting factor we built with the Core Questions; 'clean' jurisdictions have higher scores than 'dirty' ones. To fix that, we simply take the 10's complement of the CPI scores; in other words, subtract the country's CPI score from 10 to find its risk increment.

The second difficulty to overcome is that there is no CPI assessment for the Vatican. Well, using “0” as a risk increment is certainly possible, but it might be misleading. Standard practice in statistics accounts for missing measurements by supplying an average value. (It's certainly what my bridge club does when a pair has not played a hand.) And statistics being what it is, you have a rich variety of 'averages' from which to chose. Here are some approaches to consider; see if they match your approach to risk assessment.

  1. Simple median score, in this case “5”.
  2. The average for the country's nearest geographic neighbors; in this case Italy, France and Switzerland, giving an average risk increment of “3.4”
  3. The average for countries sharing the same set of attributes; in this case, countries with the same scoring on the core questions, giving a risk increment of “7.5”

AML/CTF Score for the Vatican

Using the core questions, and the median CPI score, we get an AML/CTF risk score for the Vatican of 12. To put that in context; here's where it sits between the lowest rated and highest rated countries using this method:
Denmark
0.6
Vatican
12.0
Somalia
29.0