OFAC Compliance of Sanctioned Individuals

from CiCiBeBeler
Natalia Poklonskaya, Prosecutor General of Crimea

On the surface, sanctions on individuals seem easy. Your bank is given a list, your bank looks through information about clients and stops all business with those who are on the list.

Hahaha, yeah, right. Then there are their related parties, some of whom you need to sanction as well because they can be intermediaries. Others you need to monitor because they are legitimate businesses but the individual has access to making transactions. Oh, and there are subsidiaries and parent companies of the monitored company. And then there are possible new agents for the individual, like an assistant. Then there are all of the accounts that have in some form or another put money into or taken money out of all of the related accounts. And then there are your bank’s vendors and suppliers, who all need to comb through their accounts so that they don’t do transaction through your bank. Correspondent account for foreign banks will also need to clamp down on transactions of suspiciously-related accounts. And then there are new accounts being created by any number of parties who might be providing transaction services for the sanctioned individual. And then there are those accounts that come from jurisdictions that do not enforce sanctions from other jurisdictions, from markets that do not allow reporting on account information, from banks with no physical presence…

You get the idea. The web of research required to identify all of the entities that require a decision on grows rapidly. Imagine doing this for a nation. To make this easier, Thomson Reuters has created a Russian Sanctions Tracking Service. This is supposed to help identify all related parties. Reuters is leveraging its own massage database.

This is good but no compliance department should rely on this. There is no way such information could be updated quickly. Hours, even minutes, matter. In today’s world where an account could be setup remotely online, an account could be created and start making transactions through it, completing all of the necessary transactions for the sanctioned individual before an update of the list is published.

Sanctions programs should have to work closely with the bank’s Fraud Investigation Units and Suspicious Activity Reporting groups to stay on top of the ever changing sanctions environment.

from CiCiBeBeler
Natalia Polanskaya, Prosecutor General of Crimea

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. He is the author of the forthcoming book Money Laundering: How criminals got paid and got away.


BitCoin Enthusiasts Celebrate Regulation

from Bloomberg
Benjamin Lawsky, Superintendent of New York Financial Services

Last month, New York Department of Financial Services announced that it will start regulating digital currencies.

Normally, people groan at the news of more regulation. However, digital currencies are on the fringe and seek legitimization. Being regulated is a clear sign of impact.

BitCoin enthusiasts mostly cheered on the news, even though for many, mainstream regulation and economy is something they oppose.

Wall Street is on the fence about this. The banks are given another product they can trade, but at the cost of possible loss of control in that market. Banks sit as members of the Federal Reserve Banks, making them part of the money supply. Digital currencies are decentralized and if there is a center of power for them, it would be Silicon Valley.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. He is the author of the forthcoming book Money Laundering: How criminals got paid and got away.


$2.3 Billion blocked by OFAC

Office of Foreign Assets Control has been highly effective. It has blocked $2.3 Billion worth of cash and property in the US, much of it Iranian.

credit Ropes & Gray

OFAC published its annual Terrorist Assets Report for 2014 and there are some interesting things in there. For example, it lists the top eight terrorists funds that were blocked. Al-Qaida is at the top. Because this report focuses on sanctions on terrorism and not other types of sanctions, Russia is not at the top.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. He is the author of the forthcoming book History of Money Laundering: How criminals got paid and got away.


Colombian Prostitution And AML

Here’s a difficult area to investigate: money laundering from Colombian prostitution.

Secret Service Prostitution Scandal (from IB Times)

It is difficult for the usual reasons: cash transactions, foreign jurisdiction, lax law enforcement, violent business rings… And then there is the US government. Well, the government agents who are their clients.

That’s right. If you’ve been following the news, various Federal agencies have faced issues with their agents paying for sex while on business trips in Colombia.

Disclosure: I am not against prostitution as an isolated concept. But the reality is that prostitution in most parts of the world primarily takes place because of poor economic conditions and violent human traffickers. Often, prostitution rings are run by the same people who run other illegal/illicit businesses, like drug cartels. So, the reality is that even for who are in favor of legal prostitution, or at least not opposed to it, should be against allowing prostitution to take place.

Chuck Rosenberg has been named to replace retiring head of the Drug Enforcement Agency Michelle Leonhart. Leonhart’s career is prematurely ending because of the Colombian Prostitution Scandal.

Scandal aside, this means that DEA agents were funding the very drug cartels they’ve been fighting. We should look at the opportunity this brings, however. The downside has already been done and, let’s hope, it doesn’t happen again, although we all know that it will happen again, if not at the DEA then at some other place. The opportunity is that we have a chance to follow the money our own has contributed to the cartels. And I really hope we are doing this. This is really the only benefit we get out of this.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. He is the author of the forthcoming book History of Money Laundering: How criminals got paid and got away.


Many Banks Cut Clients Over Money Laundering Fears

(credit: Robert Kaplinsky)

Many banks have cut clients over money laundering fears. With fewer clients, low interest rates and low volatility, there are less ways for financial institutions with multiple lines of businesses can earn money. Bank of America, Citigroup and JPMorgan Chase combined cut 50,000 jobs in 2014. Industry wide, some have reported 80,000 cuts. Profits are up at banks because of the job cuts, not because of improving economy.

One area that hasn’t seen a decline in headcount is Compliance. All compliance-related areas of the bank (Compliance, Legal, Risk, Controls, Audit) have all seen headcount increases. For many of the areas, skills from other areas of the bank is quite transferable. Knowledge as well.

But knowledge of AML is particularly lax. And, sadly, many of the top decision makers are not versed enough in AML issues to figure out a way to restructure the organization to keep clients. So, the only thing they can do is to cut clients.

While this might be good for the domestic banking industry, on the long run, this will be bad when these firms are trying to compete with their large Chinese competitors. The five largest Chinese banks have an edge on AML programs, should they choose to implement it: government support.

Because Chinese banks are essentially government owned, AML programs in these institutions can implement government level standards even with bank secrecy laws. This integrated approach is at the risk of bank secrecy laws, but it also means that even without knowledge of AML, top decision makers can decide to keep all clients and adjust AML programs as the government sees fit.

This issue has been playing out the last few years because the US has been seeking ways to punish Chinese bank clients through their correspondent accounts for revenue from counterfeit products they sell. The measure should really be tied to counterfeit products that are made, not those that are sold, but that’s especially difficult since the US government has no jurisdiction in production abroad. But US laws allow extra-jurisdictional reach on banking when correspondent bank accounts are in the US. But, of course, Chinese banks are against this. So is the Chinese government. On the other hand, the Chinese government doesn’t want their economy to be so heavily depended on counterfeit products. So, the conundrum is for the Chinese government. The US is enforcing the type of laws they would like to implement, but the punishment will be doled out in the US. If the Chinese government also pursues this, the punishment will be on both sides. And the Chinese government also has to look out for the short term economy, which is heavily depended on counterfeits.

So, at least US and European banks can breath one sigh a relief: the clients they are dropping must find banks within the western government jurisdictions because shifting the economics of counterfeit financing and transactions would provide more leverage to implement more stringent AML programs on the institutions that currently do not have such programs.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.


Legal High Jinx With Compliance

Roll Call is reporting that the US Congress should review the “common bond” standard for Credit Union status. This comes on the heel of the National Football Association, the sports league, that has been operating under a tax-exempt status for trade and professional associations.

NFL (credit Regie’s Take)

The NFL was considering itself an association of professional football players and that the league managers were hired by the professionals to manage the league. Well, this is really rather far from the truth. The league is run by people who mostly represent the team owners, who are not the professionals. In order for the league to truly meet the standard, the team owners would also have to be hired by the players to manage them. What astonishes me is that Congress is not pursuing back-taxes from the NFL. I hope the IRS does. The US government could be looking at getting back close to $200 Million from back taxes over the past three or four decades. (I don’t know when the league organized as a professional association, so I don’t know if I can take this claim back to its origins.)

That was an aside to the main issue. CU’s were designed to be tax-exempt so that banking services can be provided to low- and moderate-income households while reducing risk by requiring a “common bond.” The common bonds used to be applied rather strictly. CU members had to be all employees of a sponsoring employer or all members of the same trade association. But the common bond definition has expanded. Expanded by how much? Well, New York City has one for anyone living within the city boundaries. That’s more than 8 Million people who qualify. The largest CU’s are much larger than community banks.

Not only is there an issue of tax revenue, but compliance issues. CU’s do not have to meet many of the banking compliance standards and rules. This is so because, supposedly, they are like community banks, small, local and limited in products and services. Some of this is true. CU’s take deposits and have loan products like credit cards, home and auto loans and student loans. But many have insurance and retirement plans. They are just one step away from providing brokerage services. Some provide near-brokerage service by providing financial advisors. Plus, less than a third of CU customers meet the definition of low- and moderate-income earners.

I don’t have a solution for any of this. I certainly have my opinions. But economically, this is a much more complex issue than the way it has been laid out by all sides. From a compliance perspective, I am generally of the opinion that standards should really be set by activity, not by size of an institution. But politics often makes it difficult to apply rules in this clear cut manner and often set arbitrary standards, like size of institutions.

KYD Mean Know Your Data

Data Migration from Data Migration Resources

Knowing your data is very important and I find that many bankers think they know data. I’m not exactly sure what they are envisioning, but if they are envisioning pivot tables and vlookups, then they know about as much as a freshman MIS student after week of classes. (MIS means management information systems.) All systems can be configured to generate data.

This subject is just too big to even do an overview, which would take a semester worth of  classroom work. The best thing for any organization is to make sure to hire a team of technical experts in both computer sciences and statistics to manage and analyze data to get a good understanding about what the data is saying. For now, I will just briefly mention the two sides of KYD – data management and data analysis. Knowing one does not make one remotely close to knowing the other.

Data Management is the work of software and hardware professionals who keep data like inventory. They are often under-appreciated. For the data layman, data management looks like a bunch of overpaid people who move around bits of information from one server to the next. Data Analysts, however, know how crucial these people are. In order to do data analysis, understanding of all of the issues to maintain data analyzable is incredible difficult, especially as the organization gets larger. Size of data sets present technical problems that most people do not encounter, but data analysts do. Software often cannot handle computing data set size beyond a certain point. Data managers are the people who solve these issues, making it technically possible for data analysts to do their work. Also, data managers can keep data safe from corruption or breaches in security or controls.

Data analysts have received lots of attention over the past decade. Almost all consuming facing internet now is feeding data centers so that analysis about potential customers can be mined. But newspaper reporters are often poor interpreters of data. So, reading their work might lead one to have false sense of confidence about this topic. The only place I can think of right now that a data layman can go for news and data analysis is Nate Silver‘s Five Thirty Eight, the blog that first used to do data analysis of baseball stats and then turned to using the same type of analysis to predict presidential campaign results for every county in the United States. In 2012, he correctly predicted the presidential election results for each state and 31 of the 33 senate elections as well. This type of work cannot be done through mere argument. One cannot convince someone else of the correctness of a prediction. One must simply wait for the results. And then one must analyze whether the predictions were correct due to luck or predicted causes.


In order for banks to be able to better protect their businesses from cybercrime and enhance business opportunities, they will need to hire data managers and data scientists in every area of the bank. Currently, most of these people are in operations. But this simply isn’t going to be enough. A large portion of the world, even a large portion of Americans, are not in the traditional banking system and now they are being provided options without having to join the banking system. This is good for an economy up to a certain point. And then it will hinder economic growth. Why? Because banking is the industry that finds excess money and invest into areas of the economy that needs money. Providing transaction services might facilitate transactions that could not be done before but as long as those funds never enter the banking system, governments will be required to borrow more money to fund their private sector growth, rather than private sector figuring it out for itself.

Compliance Is Like A Hospital

Managing a department like Compliance is tricky. I’m not saying anything new, I hope. If it is news to you, then you have some catching up to do. With all of the various functions and subject matter experts, managing the department might benefit from a similarly complex organization that has been managing itself or more than a century longer than Compliance: Hospitals.

Say what you will about the broken healthcare system of the US, it still saves lives and keeps non-compliance to a minimum. How does this happen? Part of it is culture. Many receive the call to the profession because they want to do good in the world. And then there is a respect for people’s expertise. The human body is so complicated, no one person can know enough about a single area to save every life. For that matter, there is a competition to solve the most difficult problems that hinder or kill lives. Lastly, there are serious consequences to the professional who is found to be misbehaving.

Compliance, as a profession needs to do all of these things, but there are things a manager can do right now. Since issues of mindset does not require industry-wide scale of economy to work, a manager should:

  1. discuss the goals of compliance on a regular basis to instill a sense of moral calling,
  2. show respect to employees who know a product, function, business, subject matter better than you,
  3. give freedom to employees to work while holding them accountable for their decisions and actions.

Professionalizing the department this way will make a big difference in finding and keeping the right talent.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. He is the author of the forthcoming book History of Money Laundering: How criminals got paid and got away.

Sex, Gambling and… Ice Cream?

credit Got Defense Attorney
credit Got Defense Attorney

People working for Department of Defense, both employees and contractors, have been found to be issuing Department issued credit cards to pay for gambling and “adult entertainment.” The Department spokesperson was quick to point out that that doesn’t mean the Department paid for the activity. The way things work there is that the cards are not directly billed to the Department, instead to the individual and then the individual fills out a form requesting a reimbursement from the Department. This could mean that the employees wanted to hide the activities from their spouses. (From UPI and Politico.)

If that wasn’t salacious enough for your… hahaha… excuse me, I couldn’t help myself. Benjamin Netanyahu, the Israeli Prime Minister was audited by his nation’s Comptroller and found lavish spending. Among the usual types of lavish spending was $2,500 a month on ice cream. That’s right. Ice cream. People have already begun to make fun of this in ways that are hilarious, even if you don’t understand Hebrew.

credit Calcalist
credit Calcalist
credit Israelly Cool
credit Israelly Cool
credit International Business Times
credit International Business Times

CVaR Mean Conditional Value At Risk

CVaR is a variant of VaR,  Variance at Risk.


VaR was developed by JPMorgan risk group in the early 1990s. Most of that risk group left to start a consultancy to sell the risk management calculation to other banks. It was originally developed because the executives at JPMorgan wants a simple way to wrap up all of the risk into a single number. VaR is the amount in dollars that the institution is expected to lose before trading begins the following day, and therefore required to borrow overnight. The calculation was inserted into a report called the 4:15 Report, which was a report that came up at, you guessed it, 4:15 PM, or fifteen minutes after each trading day. The tool became very effective and useful, so much so that Basel II Accord incorporated it.

CVaR is nothing more than taking the various risk variables and then weighting them for what a risk manager believes is a more accurate view of the market risk. Obviously this has some subjectivity to it. The idea is that VaR doesn’t weigh risks from, say, lending equities differently from trading on the bank’s books.


There has been a long running controversy over VaR, and therefore CVaR. VaR is a probability calculation and therefore it doesn’t tell its reader how much the firm could lose. It tells the reader how much the firm will likely lose. The qualitative difference between the statements is the former is a definitive number while the latter is a forecast. The former is accurate and the latter is prediction, which is inherently inaccurate. The quantitative difference is $0 and infinity. Since VaR is used to either insure against losses through borrowing or hedging, it is merely spreading the risk of loss and therefore, making the whole capital markets system bear the risk of a firm. The benefit is that because it is probability-based, it is very good when the markets are normal. VaR opponents says there is no such thing as normal.


Both sides are right. VaR is an effective tool to manage risks that stem from business-as-usual. But management rely heavily on it, and the system gradually build up risks for firms and eventually implodes. And it is a poor way to forecast extraordinary large risks, also known as tail risk. As a matter of fact, it is specifically designed to truncate the tail risk so that it can arrive at a dollar figure. One way to think about how this cannot work in all situations is to think about shorting a stock. If you buy a share of XYZ for $10, the most you can lose is $10 because the value of the shares cannot go below $0 and shareholders are not liable for debts beyond the the value of equity and assets. But if you short XYZ, it means you lose money every time XYZ’s price goes up. Well, there is no upper limit to how high the stock price can go. This is the reason why, as long as a bank holds shorts of any sort, it can lose infinite amount of money. Not likely, but possibly.

So, while both sides are right, only the side in favor is wrong. Easy to say, but hard to swallow if you are managing a bank and you need some way to reduce market risk for your bank. VaR is a very useful tool.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. He is the author of the forthcoming book History of Money Laundering: How criminals got paid and got away.