afiaa framing risks fraud aml overview l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
AFIAA ‘Framing Risks’ Fraud & AML Overview PowerPoint Presentation
Download Presentation
AFIAA ‘Framing Risks’ Fraud & AML Overview

Loading in 2 Seconds...

play fullscreen
1 / 44

AFIAA ‘Framing Risks’ Fraud & AML Overview - PowerPoint PPT Presentation


  • 164 Views
  • Uploaded on

AFIAA ‘Framing Risks’ Fraud & AML Overview. Leanne Vale Senior Manager Financial Crimes Compliance Services 31 May 2007. Introductions & Agenda. Leanne Vale Senior Manager Financial Crimes Abacus Australian Mutuals With CUIA/Abacus 4 years

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'AFIAA ‘Framing Risks’ Fraud & AML Overview' - lapis


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
afiaa framing risks fraud aml overview

AFIAA ‘Framing Risks’ Fraud & AML Overview

Leanne Vale

Senior Manager Financial Crimes

Compliance Services

31 May 2007

introductions agenda
Introductions & Agenda
  • Leanne Vale
  • Senior Manager Financial Crimes
  • Abacus Australian Mutuals
  • With CUIA/Abacus 4 years
  • Formation of Abacus/CUI’s first fraud prevention role now department
  • 18 years experience in senior fraud prevention roles within large banks, building societies and credit unions
  • Former AFP, Dip Fin, CFE, & Masters Business Administration (MBA)
  • Abacus industry representative on ABA Fraud taskforce, B Pay & APCA fraud committees.
  • Formation of Abacus private/policing industry partnership with AHTCC as part of National Response Plan to tackle Cybercrime since 2004
  • Industry fraud voice at table, well respected in government and LEA
afiaa agenda
AFIAA Agenda
  • Fraud& Financial Crimes
  • Abacus fraud services- ‘A United Approach’
  • Fraud landscape overview- Key Fraud Risks
  • Fraud Risk- ensuring a balanced and proactive approach
  • AML/CTF
  • AML/CTF Legislative changes
  • Shaping an AML/CTF Compliance program
  • AML/CTF Abacus ‘Evolve’
fraud entrenched business risk
Fraud –Entrenched business risk
  • Internet payment and victim crime
  • Identity Fraud- including theft and related crime
  • Card Fraud –instances of skimming, counterfeiting and other compromises
  • Cheque Fraud- intercepted mail, material
  • alterations, valueless cheques and theft of banking instrument
  • Lending Fraud- private sale, ID takeover, car, remote identification process, fraudulent invoices & complicit buyer/seller
abacus strategies of scale
Abacus- Strategies of scale
  • Abacus secure Fraud channel is used exclusively by 320 fraud partnership members- Is your organisation a member?
  • Our collective strength enables fraud prevention efforts to be offered across 150 institutions now rather than singular focus
  • Members continue to enjoy demonstrated loss savings obtained through the efforts of Abacus fraud prevention
  • Our interbank and law enforcement relationships are based on strong, active engagement and mutual assistance with fraud such as online crime
  • Abacus fraud training modules are best practice and pragmatic based to enable a level playing field amongst industry members
abacus fraud team saves big 5 7m for members in 2006
Abacus fraud team saves big $5.7M for members in 2006

Abacus Fraud team worked with members in 2006 to save 5.6M

Abacus Fraud handle in excess of 100 Q & A’s and incident management requests per month from members

abacus secure fraud forum protecting members since nov 04
Abacus Secure Fraud Forum…protecting members since Nov 04

Secure Fraud alerts real time 320 users

Av 5500 hits per month

Over 3,500 alerts posted

online fraud risk landscape
Online fraud risk landscape
  • Online fraud is a widespread risk with exposure loss at more than $30M+ annually
  • Credit union losses in the $X00,000’s
  • Spyware & trojans do notneed customer action, rootkits and malware are now key emerging threat
  • Major and regional banks have, or are on the way to, 2 factor or dual authentication regimes
  • Our sector is exposed to erosion of confidence in online banking as others seek to ‘market’ their fraud prevention - eg tokens & SMS
  • Our industry LIMITS DO NOT REFLECT RISK APPETITE!
  • Some CU losses are +50K in one week with some two factor options costing less than 10K
  • Not uncommon for multiple transactions in one day or over time on one member to mean high losses
eft code issues who wears the cost
EFT Code Issues: Who wears the cost?
  • Liability for online ‘losses’
  • Phishing/online scams: institutions wear loss
  • ASIC notes the issue:
types of two factor on offer
Types of “two factor” on offer
  • Mixed deployment choices amongst the small % of credit unions who have invested in two factor:
  • One-time password tokens
  • One-time passwords via SMS
  • Randomly generated images (eg Factor2)
  • Digital certificates
  • Smart cards
  • Biometrics (very limited)
  • Message Authentication Codes
  • To date, no clear industry standard or one stop supplier
may 2007 cua phishing example
May 2007: CUA Phishing Example

Note Phishy URL in Italy

issuing visa fraud trend 03 07
Issuing Visa Fraud trend 03-07

Source: VISA TC40 reports

card fraud risk strategic overview
Card Fraud Risk Strategic Overview
  • Counterfeit is contained, however, PIN’s under attack
  • Increasing levels of CNP (Card Not Present) fraud Fraud in Asia Pacific
  • New threats continue to emerge with new technology
  • Strong (EMV) authentication strategy vital
  • Customer Education vital especially for o’seas ATM users to ‘provide cover’
  • Eyes on the ball with card detection software
  • Ensure time spent on analysis rather than smile and dial
developing an enterprise wide fraud risk profile
Developing an enterprise wide fraud risk profile
  • Strongly consider business case for two factor authentication as strategic option for online fraud prevention
  • Integrate fraud risk assessment into strategic development (product and process design) - ensure forecasted losses are measured against revenue line
  • Ensure Insurance coverage reflects risk acceptance levels – events are treated as singular and not aggregated first claim basis
  • Consider leveraging natural synergies of resource allocation between AML and Fraud
establishing an aml ctf program

Establishing an AML/CTF Program

Support tools from Abacus

AML Evolve team supporting members

aml ctf commencement
AML/CTF – Commencement
  • Implementation timetable:
    • @ Dec 2006: Record retention, EFT information
    • @ December 2007: Compliance reporting (from June)
    • @ December 2007: AML Program developed and in place- Parts A & B
    • @ Dec 2007: Identification (Customer ID)
    • @ Dec 2008: Monitoring and suspicious matters (reporting)
when must this all happen transition milestones
When must this all happen – transition milestones
  • December 2008
  • Transaction Monitoring program
  • Reporting obligations suspicious matter reporting
  • June 2007
  • Correspondent banking requirements
  • Records about AML/CTF programs

Dec 06 June 07 Dec 07 Dec 08

2

4

1

3

  • Immediate
  • AML/CTF Bill received Royal Assent on 12/12/06
  • Electronic Funds Transfer Instructions
  • Register of providers of designated remittance services countermeasures
  • Records of Electronic Funds Transfer Instructions
  • Records of Electronic Transactions
  • December 2007
  • Customer Identification processes- Know Your Customer
  • First AML/CTF compliance Report 13 December 2007
  • AML/CTF Programs to be implemented
  • Record keeping requirements
snapshot of the new regime 1
Snapshot of the new regime (1)
  • Your CU/BS is a Reporting Entity under the new law
  • Your CU/BS provides Designated Services under the new law
  • Your CU/BS must understand the particular ML/TF risks your business faces
  • Your CU/BS must put in place appropriate responses to those risks
snapshot of the new regime 2
Snapshot of the new regime (2)
  • Your CU/BS must identify and verify customers in accordance with the legislation
  • Your CU/BS mustundertake ongoing customer due diligence – which can mean more identification and verification of the customer
  • Your CU/BS must monitor customer transactions
  • Your CU/BS must report certain transactions and suspicious matters
  • The CU/BS Board mustensure all of this happens
planning through transition remember abacus is walking through these milestones with you

Establish

AML Program

Management

Templates; Plans; Status tracking; Change; Governance; Issuesescalation

Program

Management

Risk assess

KYC Design

Procedures

Capabilities

KYC Mapping

Develop Policies & Procedures

Update Policies & Procedures

Monitoring sys. Design

Test

Implement

Build

Systems

KYC sys. Design

Build

Test

Impl’t

AML Manual

Update

Update

Regulatory

Regulatory Advice

Assess Impacts

Change

Management

Engage staff

Training design & delivery

Training updates

Planning through transition- remember Abacus is walking through these milestones with you

Jan 07

Jan 08

Jan 09

Jul 07

role of senior management
Role of Senior Management
  • Responsible for implementation of AML/CTF program and AML/CTF policy
  • Responsible for reporting to the Board on the management of the organisations ML/TF risk
management issues 1
Management issues (1)
  • How do we plan to implement an AML/CTF program in our organisation?
    • will need to demonstrate compliance with AML/CTF by implementing both Parts A & B of compliance program
    • All implementation must be within the milestone key compliance dates
management issues 2
Management issues (2)
  • How will our organisation view and treat internal breaches of the AML/CTF legislation
  • How will our implementation plan will be measured for monitoring and evaluate performance?
    • Consider KPIs for this purpose will need to be developed and track performance
  • What are the operational business implications of the AML program (customer relationships, third party relationships, staff due diligence)
management issues 3
Management issues (3)
  • Scoping indicative cost for program to implement and deliverables including leveraging support available from Abacus
  • Allocating who will be responsible for implementation, evaluation and monitoring
  • Part A means policy changes have to be made & decisions made on which ones
  • Considering Training- what type of training is needed across the organisation?
management issues 4
Management issues (4)
  • What will be the expected risk profile of customers we deal with and how will we do so?
    • eg. if they are HIGH risk – such as monitoring EDD (Enhanced Due Diligence)
  • What methods and measures could we use for monitoring and evaluating compliance with the AML/CTF program?
  • What possible system changes could be made using existing infrastructure
what is an aml ctf program
What is an AML/CTF Program ?
  • Divided into 2 components - “Part A” and “Part B”
  • Part A
    • Covers how you will identify, mitigate and manage ML/TF risk
    • Is the governance, policy and risk assessment part of the program
  • Part B
    • Covers how you set applicable customer identification procedures
    • Details acceptance of identification for low, med & high risk customers (KYC) – Know Your Customer plus when extra validation is triggered
key dates aml ctf program
Key Dates : AML/CTF Program
  • Must adopt and comply with AML/CTF Program by 12 December 2007
  • 15 month non-enforcement period to March 2009 if you take reasonable steps to comply
part a how can you identify risk
Part A – How Can You Identify Risk ?
  • Need to be able to make an assessment and rating of :
    • Customer type
    • Product type
    • Channel type
    • Geographic elements
    • Must be flexible to accommodate changes in designated services
part b collecting customer identification
Part B- Collecting Customer Identification
  • Need to have procedures to cover all types of identification presented ie: photographic, non-photographic & reliable/independent
  • Abacus Program Development Guide Part B will step you through recommended procedures for each type of identification
  • Abacus Draft Program Guide will deliver template policies for adoption
schematic aml ctf program

AML Risk

Identification

Assessment across

your business

KYC

Across

All

Business

Lines

HIGH

MED

LOW

EXISTING LEGISLATION

On Board

CHANNELS

DE, ATM, Online

Face to face

Banking Transactions

CUSTOMER

RISK

PRODUCT

RISK

0+

Risk scoring assessment tool

Customer

Risk Attributes

Product

Risk Attributes

Access channel

Risk attributes

Geographic

Risk attributes

ONGOING MONITORING = Adjustment + flexibility

Schematic : AML/CTF Program
scoreline risk scoring model from abacus
ScoreLine :Risk Scoring Model from Abacus
  • At the click of a button you can :
  • assess (score) risk
  • produce charts
  • generate reports
  • (extract from ScoreLine)
scoreline shows what is driving customer risk
ScoreLine shows what is driving customer risk

Reporting of text and graphical information

(extract from ScoreLine)

scoreline does risk scoring and rating across customer channel product
ScoreLine does risk scoring and rating across Customer, Channel & Product

Drill down to individuals or form an overall picture of risk

(extract from ScoreLine)

use scoreline to show your risk profile
Use ScoreLine to show your risk profile

Low Risk

Med Risk

High Risk

Actual Risk Profile of CUBS sector based on industry risk assessment work by Deloitte in 2006

risk profile is fundamental to the aml ctf program austrac s needs

Risk profile is fundamental to the AML/CTF Program (& AUSTRAC’s needs)

AML

Program

A Mutual Ltd

AML/CTF

Risk

Profile

Reporting

Training

KYC

Monitoring

Employee

DD

key issue aml and systems
Key Issue … AML and systems
  • Don’t put the cart before the horse
  • Risk assessment and triggers will drive monitoring and system needs, not the reverse
  • First need is to understand, scope and adopt AML Program including policies including transactional limits (risk mitigants) before monitoring triggers will be known (Part A)
  • Next will need to adopt a preferred ID method in the AML/CTF Program before monitoring will be known (Part B)
  • Monitoring not obligatory until Dec 2008
  • Abacus is working to ensure an aggregated approach is taken with vendors on monitoring solutions
aml evolve implementation support
AML Evolve : implementation support

Systems &

Monitoring

Solutions

Risk Scoring

Model

AML

Evolve

AML/CTF

Support

Package

AML/CTF

Reference

Manual

Program

Development

Guide

Training

Online

Discussion

Forum

AML Evolve has been developed in house by Abacus in conjunction with Deloitte especially to meet the needs of the mutual ADI sector. Other consultants promoting their own services by claiming linkages to Abacus AML Evolve do so without having had any discussions with Abacus and have no authority from Abacus to make such claims.

stay tuned
Stay tuned …
  • AML Update – Watch and share with board, managers and project staff monthly
  • Abacus mainstream work is continuing behind the scenes
  • Consultation and feedback through groups and online forum paramount
need more information
Need more information ?
  • Abacus Compliance Services
    • (02) 8299 9227
    • complianceinfo@abacus.org.au
    • amlevolve@abacus.org.au
    • Interact.cu.net.au
  • AUSTRAC – www.austrac.gov.au
slide44
THANKYOU!
  • Leanne Vale
  • Senior Manager Financial Crimes
  • Compliance Services
  • Abacus Australian Mutuals
  • 02 8299 9054
  • lvale@abacus.org.au