Iran leads AML index… but…

Basel Institute on Governance, an NGO think tank focused on corruption, published a ranking of countries based on AML risk. Iran, Afghanistan and Tajikistan topped the list. The top ten were all countries with low income and a weak rule of law.

Aside from New Zealand and Chile, the bottom of the list were all European, with Switzerland, the home country, placing near the middle of the 152 jurisdictions ranked. United States scored better, even better than Canada. Transparency International has a corruption map where Canada fairs better than the US. This is interesting to note since TI’s data was included in the BIoG’s sources. Effectively, BIoG AML Index is an aggregate assessment of other research.

This is a troubling way to look at these rankings. All of BIoG’s sources are also aggregated assessment of other research. This is to say, there are multiple layers of laziness going on here. There are a few true research going on where people are put on the ground or required review of laws on the books and effectiveness of enforcement, and then there are a few that are simply taking the conclusions of that research and repackaging it with their own ranking methodology.

Oddly, this is the same kind of trap compliance departments can fall prey to when trying to come up with risk ratings on qualitative jurisdictional attributes using these think tank assessments. What is hidden is that there are some that are getting weighed more heavily than is otherwise apparent. A good analogy would be a patient recovering from surgery who is taking Vicodin and Tylenol, not realizing that Vicodin includes the the active ingredients of Tylenol within it – that’s why Vicodin labels warn people not to take Tylenol or acetaminophen, the active ingredient in Tylenol. The patient is accidentally taking a large dose of Tylenol than intended.

Taking a closer look at weighting of the source assessments, BIoG mentions issues regarding weighting but does not actually describe how the assessments were weighted. This makes it impossible for a compliance officer to undo undesirable aspects of this index.

Missing data section reveals that there was a minimum amount of data that was required to be ranked. This is helpful, but when I downloaded the spreadsheet, I expected the data. Instead what I found was a historical rankings on the BIoG AML Index. This is not helpful, since, a compliance officer is likely going to have to score the AML risk of jurisdictions not in the rankings.

The conclusion is this: BIoG’s AML Index can only be used to make a compliance department look better, but it doesn’t actually help compliance departments to be better because it does not add any value. No compliance officer should being using this index alone or in combination of other sources because this index will distort the actual research done by the other sources. While BIoG’s index is worthless, the index provides one thing of great value: its sources. It has curated a very good list of sources, which an compliance officer can use to educate himself on risks in various jurisdictions.


How does your firm score AML risk?

Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. He is a member of ACAMS and ACFE. 

Take Home Compliance

Whenever possible, Money Compliance has been trying to provide some job posts from LinkedIn in a post called Jobs in Compliance. As the blog transitions over from everyday to twice per week this fall, the Friday edition will be expanded. Jobs in Compliance will be a segment of the Friday post called Take Home Compliance. On Mondays or Tuesdays, there will be a post that will address specific compliance issues. If it hasn’t been clear, the transition of this blog will be from news (like JD Supra and FCPA Blog) and high level advice (like Michael Volkov and Richard Bistrong) to more nitty gritty. The idea is this: readers have multiple sources for news. “Experts” in the field who give advice and have exposure tend to focus on things that really aren’t very specific to compliance. Their advice could be about corporate culture in general. And while corporate culture is the best way to prevent running afoul of the law, there are lots of things that culture just cannot tackle that are really specific to the functions in the compliance department. This blog will try to provide that function specific information and advice. Also mentioned previously will be a greater effort to expand the resources page. Please look out for that in the future.

So, here’s the first entry of Take Home Compliance:

A cryptocurrency mining firm HashingSpace has filed with FinCEN as a MSB. The best known cryptocurrency is BitCoin. Money Service Business is a legal designation for non-bank financial transaction companies, not including credit cards. Western Union is the best known MSB. FinCEN is the abbreviation for Financial Crimes Enforcement Network, the division of the US Treasury that deals with the deterrence, prevention, and investigation of financial crimes outside of the capital markets. This is move to make BitCoin more accepted. BitCoin has taken a dive in the last year. A year ago it was valued above $500 per coin and now it is a little above $225, losing more than 50% of its value. The current problem with BitCoin is that it is being used as an investment rather than a vehicle for transactions. Nikhil Gupta at NewsBTC

DOJ has created a position for compliance counsel. The idea is to differentiate between effective compliance and paper compliance. Compliance with the law on a point by point basis by missing the purpose of the law is paper compliance. Common sense would lead one to believe that those in paper compliance will be prosecuted more harshly than those in effective compliance who may not meet the letter of the law because the whole point of compliance is to deter and prevent incompliance. Alison Tanchyk and Margaret Erin Rodgers at Daily Business Review

CFPB focuses on the little know Reverse Mortgages. A reverse mortgage is a unique type of loan for homeowners age 62 and older. This special type of loan is frequently insured by the Federal Housing Administration and allows homeowners to access the equity in their homes, without making monthly mortgage payments. Borrowers are not required to repay the reverse mortgage loan as long as they live in the home. However, the loan must be repaid when the last surviving borrower dies, moves out, or sells.” – Montoya M. Ho-Sang at Banking Exchange

Financial Regulator Compliance has become a boon for the people who might be working against the economy? That’s the perspective that is pushed in a Bloomberg article about JPMorgan has hired 8,000 people in compliance and controls. Supposedly even non-financial firms are hiring compliance officers to develop ethical policies to entice Millennials to join them. Even headhunters are focusing on compliance, some ditching other types of recruitment altogether. Anthony Effinger at BloombergBusiness

“Neither banks nor regulators emphasize regulatory excellence the way that they should.” That’s “why banks have trouble getting compliance right.” Kathryn L. Farrell at American Banker

From The Blog

Two compliance lessons from the Ashley Madison scandal: HERE and HERE.

Jobs in Compliance

What particular compliance requirement is making your life difficult these days?

Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. He is a member of ACAMS and ACFE. 

ComplyTech: GoldTier

GoldTier is a client onboarding system and compliance solution. It is now Thomson Reuters Client On-Boarding, a product within Risk Management Solutions.

GoldTier is a leading provider to financial firms of software for onboarding new clients in compliance with KYC regulatory requirements. Having reliable and up-to-date due diligence on potential clients is necessary to comply with KYC and similar regulatory requirements. The incorporation of Avox data into GoldTier’s onboarding system will provide financial institutions with streamlined access to constantly updated, quality data throughout the client management lifecycle. – Reuters


About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.


ComplyTech: Metavante/FIS Global

Metavante is a risk and compliance solution from FIS (Fidelity National Information Services), a major Financial Service Technology company. It focuses on regulatory information and reporting. MoneyCompliance has focuses quite a bit on tools for fraud and anti-money laundering, but this is different from those tools. This is very much a monitoring tools. The software solution used to be called Prime Compliance Suite. Because FIS focuses on payment technology, the compliance solution has taken a back seat. However, companies using FIS products are likely to see quite a lot of what used to be the Compliance Solutions integrated into the products by way of Fraud Management, ID Verification and ID Authentication.


About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.

ComplyTech: Accuity Compliance Solutions

Accuity is a technology company focused on the financial services industry. MoneyCompliance reviewed the database search product it developed for American Bankers Association early this year. (Not so great when it launched.) The company has a solution for compliance needs. No information could be gathered about what institutions are using the product.

A review of its offers seems to be along two lines: provides a centralized source of public data and integration into its other products. Accuity is clearly focused on providing more to its existing clients with its Compliance Solutions. Technology-wise, it is also much simpler to provide additional solutions to self-developed products.

This really means that the additional tools, when standing alone, compete with much bigger rivals like Thomson Reuters and Factset. Plus, one of its products seems to be powered by LexisNexis, so, it is merely an integration of another vendor’s product into its own product.

Not that there is no value in these solutions, but there isn’t a great amount of value unless Accuity is a primary vendor for your compliance department. That goes back to our first claim, which is that we do not know of any financial institution that uses Accuity.

However, there is great potential of Accuity. It is a subsidiary of Reed, a business information company. Should they really decide to invest in competing in this space, financial institutions will have more options. The question for Accuity is whether it has missed to boat on becoming the primary source of information for the compliance officer.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.


Account opening costs increases by $6.82

Last week ended with Merrill Lynch being probed for not detecting money laundering facilitated by its financial advisors. This is in addition to the FA being investigated by FINRA and, likely, will have licenses revoked or fined heavily. What caught my attention in a sentence in the a roundup paragraph in a Reuters article regarding this issue.

In December 2014, FINRA ordered two brokerage units of Wells Fargo & Co (WFC.N) to pay a joint $1.5 million fine for failing to verify 220,000 new accounts during a nine-year period.

This comes out to a fine of $6.82 per account not verified. This is less than minimum wage. Considering this fine covers a period of nine years, this is a relatively cheap. Many of those accounts might not even be open anymore, so, that would also mean Wells Fargo not having to go through the proper verification process for all of the 220,000.

Is your firm’s account verification process inadequate and willing to pay $6.82 nine years from now to fix it?

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.

The Ashley Madison Lesson – Part 2

People are, of course, focusing on the sensational aspect of the Ashley Madison data breach. But since this has really captured the attention of so many people, I should like to point out something about the data that was stolen and shared with the public (so far).

There are, of course, information about the members, their profiles, their login information, their credit card transactions, etc. But it also includes loan agreements, compensation records, corporate bank account information and corporate strategy plans, including domains registrations. Even if this was an isolated incident that had already been contained, the whole business is not at risk.

This data breach now may have breached the Chinese wall. Chinese wall is an information wall that protects firms by blocking employees from being able to access information about a client when their interests present a conflict. All the work that was done to create that wall now must be examined because the wall is still there but this breach has served the information on a silver plate, no effort needed by the employee. This isn’t to say that employees are trying to breach the Chinese wall, but they may do so inadvertently.

Some refresher notices and training should developed to remind people about conflicts of interest issues, including changes in policies and procedures being made to adapt to the post-AshMad world. There isn’t much more that can be done on the compliance front because the rest is a technology issue. Some new testing of controls might also be required, now that there was a leak.

Do you have an account on Ashley Madison?
Shhh… I won’t tell…

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and other clients manage investigations and regulatory responses.


The Ashley Madison Lesson – Part 1

Ashley Madison Home Page Background

The Ashley Madison data breach scandal is exploding because of the nature of the business, but technologically it is no different than any other breach scandal: some hackers found a way into a system, stole data, and then released it to the public. Okay, so that last part doesn’t always happen. In the case of most credit card data breaches, the information is auctioned off in the Dark Web.

For compliance officers, there’s an additional issue: insider information. It is unfortunate to find out that one of your traders’ Ashley Madison account has initiated divorce proceedings. Even worse, that trader may have used insider information to brag about his role in an important market movement. Or maybe your trader created one of those fake accounts and has been targeting traders at other banks to milk them for information. Essentially, any place where there could be interaction between people is a information security risk. And sites where people must keep mum are places where legitimacy must be won in ways other than outright bragging. This is the kind of situation that could easily lead to slip ups.

If your trader, or anyone else at your institution, has been found to be using Ashley Madison, now that their identity is assuredly exposed along with information they might have shared on their profiles or in messages, an investigation must be performed to make certain that nothing else has been leaked.


Do you have an account on Ashley Madison?
Shhh… I won’t tell…

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and other clients manage investigations and regulatory responses.


Cantwell-King-McCain-Warren to re-up Glass-Steagall

Sens. Elizabeth Warren (D-Mass.), John McCain (R-Ariz.), Maria Cantwell (D-Wash.) and Angus King (I-Maine) proposed a 21st Century Glass-Steagall, which would separate commercial banking with investment banking. Sen. Warren has published a fact sheet, which we publish here in its entirety.


Fact Sheet

The original Glass-Steagall, the Banking Act of 1933, was introduced in reponse to the financial crash of 1929. Starting in the 1980s, regulators at the Federal Reserve and the Office of the Comptroller of the Currency reinterpreted longstanding legal terms in ways that slowly broke down the core function of the bill – a wall between investment and depository banking to curb risk. In 1999, after 12 attempts at repeal, Congress passed the Gramm-Leach-Bliley Act to repeal the core provisions of Glass-Stegall.

The 21st Century Glass-Steagall Act would reduce risk in the financial system and dial back the likelihood of future financial crises.

  • Returning basic banking to the basics. The 21st Century Glass-Steagall Act separates traditional banks that offer savings and checking accounts and are insured by the Federal Deposit Insurance Corporation from riskier financial services, such as investment banking, insurance, swaps dealing, and hedge fund and private equity activities. The bill also separates depository institutions from products that did not exist when Glass-Steagall was originally passed, such as structured and synthetic financial products including complex derivatives and swaps.
  • Countering regulatory loopholes for risky activities. The 21st Century Glass-Steagall Act specifies what activities are considered the “business of banking” to prevent national banks from engaging in risky activities, and bars non-banking activities from being treated as “closely related” to banking. Over time, the Office of the Comptroller of the Currency and the Federal Reserve used these terms to allow traditional banks and bank holding companies to engage in a wider and wider range of high-risk activities. This bill would end those practices.
  • Taking on “Too Big to Fail.” The 21st Century Glass-Steagall Act cannot end “Too Big to Fail”on its own, but it moves the financial institutions in the right direction by making them smaller and safer. By separating depository institutions from riskier activities, large financial institutions will shrink in size and will not be able to relly on federal depository insurance as a safety net for their high-risk activities. Although some financial institutions might be large, they would no longer be intertwined with traditional depository banks, reducing the implicit government guarantee of a bailout.
  • Enforcing Glass-Stegall. The 21st Century Glass-Steagall Act institutes a five-year transition period and penalties for violating the law.

Does this proposal to separate commercial banking and investment banking forget that it was repealed because foreign banks were eating into the global financial services market share?
With China having half of the largest global banks, will this separation effectively bar the US from becoming the greatest financial center?
Is giving up much of this market a risk we are willing to take?

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.

Meta: What the audience is interested in

Sometimes, this blog will be meta about itself. This is one of those times.

MCB World

Here’s a map of the visitors of this blog. More red the country, more visitors from that country. It isn’t surprising that US is the overwhelming leader. What might be of surprise is that the EU is not second. Neither is the UK nor Hong Kong. I suppose Australia could be a contender, but it isn’t. Japan would be considering its importance to the global financial markets but because of its language, it was never going to be a contender.

India brings in the second most visitors. Rightfully so since India has agreed to implement FATCA, the US tax law. Indian financial services firms are especially eager to glean any sort of compliance knowledge. Sadly, tax law is not an area this blog covers, nor is it an area this blog specializes in.

The fact that other countries I mentioned come just after India is not surprising since financial services play a outsized role in those markets.