Asian Banker Research
Identifying Anti-Money Laundering
Issues in Chinese Banks
1
Table of Contents
Introduction 3
Development of the AML regulatory regime in China 4
Development of AML capabilities in Chinese banks 8
Large value and suspicious transactions
IT solutions and operational structure
Know Your Customer and Customer Due Diligence
The cost of AML and Reputation
Current organisational approaches to AML management 12
Siloed approach
Integrated approach
What banks do to overcome pain points 14
Large value and suspicious transactions
IT solutions
Know Your Customer and Customer Due Diligence
Company culture
Critical elements of a robust AML programme and best practice 17
Future regulatory developments 18
2
Introduction
Anti-Money Laundering (AML) has grown to signifi- implementation of fi rst generation IT, processes and
cant importance for financial institutions around the training. So far, only few Chinese banks have moved
globe. Non-compliance with government regula- beyond this point.
tions can cause significant reputational damage and
penalties. As large-volume transactions are common In particular, the reporting and analysis of suspicious
in the wealth management business, regulators keep transactions is still a largely ineffective process. Al-
a close eye on the premium banking segment of fi- though the formal banking sector made progress in
nancial institutions. It is crucial for banks to develop tracking financial transactions connected with mon-
solid AML and Counter Terrorist Financing (CTF) ca- ey laundering or terrorist financing, the sheer size of
pabilities to manage these risks. The director of retail the informal financial services industry and the large
banking in a Chinese big four bank told us in an in- numbers of underground banks make effective AML/
terview that international cooperation combined CTF a difficult endeavour in China.
with the rendering of perfect internal guidelines, the
installation of modern technologies and a strength- Adequate internal control mechanisms and admin-
ening of human resource training programmes will istrative rules, beyond regulatory requirements, have
be the key for Chinese banks to counter international not been established in most Chinese commercial
financial crime. banks. Structural changes inside the banks, such as
in company culture, comprehensive training and an
AML was introduced in China as a result of regula- understanding of the importance of AML practices
tory change, and Chinese banks were pressured remains largely absent in many banks and in periph-
into action. This resulted in hasty and ineffectual eral branches.
3
Development of the AML regulatory regime in China
China has made considerable regulatory progress PBOC. It controls the AML mechanisms in banks,
in developing its AML and CTF regime in the last five and conducts on-premise controls and various
years. This includes legislative reform, the strength- trainings for them. Secondly, the PBOC runs the Chi-
ening of enforcement mechanisms, and imple- nese Anti-Money Laundering Monitoring Analysis
menting international cooperation initiatives. These Centre (CAMLMAC), which is the fi nancial informa-
days, Chinese authorities keep a closer eye on cor- tion unit (FIU) in China. The CAMLMAC is responsible
ruption and bribery, which remain the majority of for collecting, analysing and reporting large-value
AML-related investigations. and suspicious transactions.
Money laundering however continues to be a serious The PBOC shares some responsibilities with other
concern as it involves funds from narcotics traffick- regulatory bodies such as the China Banking Regula-
ing, smuggling, trafficking of persons, counterfeiting tory Commission (CBRC), China Insurance Regulatory
of trade goods, fraud, tax evasion, corruption, and Commission (CIRC), and China Securities Regulatory
other financial crimes. Proceeds of tax evasion are Commission (CSRC). The Ministry of Public Security
recycled through offshore companies and return to (MPS) has both an AML Division and an Anti-Terrorism
China disguised as foreign investment and thus re- Bureau, which lead AML and CTF-related law en-
ceive tax benefits. Particularly challenging for com- forcement efforts.
bating AML is the unenforceability of the unofficial
banking system as well as the cash-based economy. The institutionalisation of the AML regime in 2007
marks a major milestone in China. The AML Law re-
AML controls in China are fragmented and often quires financial institutions to report large and suspi-
overlapping, making effective combating difficult. cious transactions. It also includes hitherto-unregulat-
The main controlling body against money launder- ed sectors like securities and insurances into the AML
ing in China is the People’s Bank of China (PBOC) regime. In line with this, the People’s Bank of China
and in particular, the Anti-Money Laundering Bu- revised its AML/CFT regulatory framework by launch-
reau, which is the field investigative body of the ing the Rules for AML by Financial Institutions and the
4
Figure 1.1
Development of AML regulatory regime in China
Phase 3 since 2007
Phase 2 since 2006 Internationalisation
and refinement
Criminalisation of money
laundering on an all-crime
basis, customer due diligence
and comprehensive reporting
Phase 1 since 1997
Chinese authorities
formulate first basic AML
regulations, which remain
largely insufficient • 2007: Membership in FATF
• 2008: PBC Notice on Strengthening the Anti-money Laundering
Work in the International Remittance Agency Business
• 2008: AML Working guidelines for futures and securities associations
• 2009: Expansion of AML regulation to non financial institutions, like
legal industry, real estate sector, payment providers (in progress)
• 2009: Institutional money laundering will be included in elements of crime
• Stricter regulation for import and export of money
• 2006: Amendment of Penal Code to criminalise ML
• 1997: Criminal Law first beyond drug-related crimes to fraud, organized crime,
regulates the crime of Money terrorism, embezzlement and bribery, financial fraud, etc
Laundering in China • 2007: Administrative Rules for Financial Institutions on
• 2003: Administrative Customer Identification and Record Keeping of Customer
rules for the reporting Identity and Transaction Information
of large-value transactions • 2007: Anti Money Laundering Law extends AML/CTF
and suspicious activity reports obligations to the securities and insurance sectors,
• 2003: Anti money Laundering requires financial institutions to maintain thorough
Bureau in PBC is established account and transaction records and transaction
• 2004: Chinese Anti-Money reporting, and explicitly prohibits anonymous accounts or
Laundering Monitoring accounts with fictitious names
Analysis Centre (CAMLMAC)
is established
Source: Asian Banker Research
Administrative Rules for Reporting of Large-Value and cated to the FIU either electronically within five days
Suspicious Transactions by Financial Institutions, which or in writing within 10 days. Furthermore banks have
marks a milestone as these rules require financial in- to deliver monthly reports describing suspicious ac-
stitutions to file suspicious transactions reports related tivities and retain transaction records for five years.
to terrorist financing. Cash transactions however, such as cash transfers
and cash exchanges are not included in the money
In August 2007, China adopted the Administrative laundering schemes and therefore also bear poten-
Rules for Financial Institutions on Customer Identifica- tial opportunities for money launderers.
tion and Record Keeping of Customer Identity and
Transaction Information, requiring all financial institu- The regulations of the PBOC identify 23 standards
tions to identify and verify their customers, including for suspicious activities that have to be reported
the beneficial owner. The new rules oblige banks to both to the CAMLMAC and also to local law en-
report any cash deposit or withdrawal of over RMB forcement authorities.
200,000 ($27,000) or foreign-currency withdrawals of
over $10,000 in one business day to the PBOC’s finan- There are several standards, which tend to launch a
cial intelligence unit (FIU), the CAMLMAC. Money higher amount of alerts and thus are more difficult
transfers exceeding RMB 2 million ($274,000) between to deal with. These are transactions, which are just
companies in one day or between an individual and below the threshold levels, which do not match the
a company greater than RMB 500,000 ($69,000) are customer profile or whose source is suspicious or not
also to be reported. The reports must be communi- verifiable. Above that, renewed account activity of
5
a dormant account or early repayment of loans also
triggers various alerts.
“Most financial institutions
China also enhanced the criminalisation of money have to focus on real-time
laundering in its penal code by including money from
other offences such as narcotics trafficking, smug- detection, rather than post
gling, organized crime, terrorism, embezzlement and
bribery, financial fraud and disrupting the financial
management order as part of the scope of what
supervision, which results
transacted funds are considered as money launder-
ing. This criminalises money laundering on the basis of in the fact that detection is
an all-crimes approach and complicity in concealing
the proceeds of criminal activity. mostly limited to deposit and
However, there are several aspects where Chinese
regulation does not meet international standards yet.
withdrawals over the counter”
China has increased its efforts to counter terrorists. The
government now has the authority to identify, freeze, AML Bureau in People’s Bank of China
and seize terrorist financial assets. But the laws con-
cerning terrorist financing are not yet consistent with
international standards, according to a report by the terrorist financing confiscation and seizure regime,
Financial Action Task Force (FATF) in 2007/2008. which lacks the full implementation of United Na-
tions Security Council Resolution (UNSCR) 1267 and
Hitherto, Chinese law has not criminalised the activity UNSCR 1373. China’s last FATF evaluation states that
of collecting funds for terrorists or terrorist organiza- China’s seizure regime does not sufficiently and ad-
tions for the purpose of committing a terrorist act or equately respond to the freezing designations set out
any other purpose. Another key weakness is China’s in the relevant United Nations resolutions. China has
Figure 1.2
Assessment of China’s regulatory AML regime
Customer Due Diligence
Disclosure protection
safe heavens
Sanctioning of
non-compliance
Criminalisation of
terrorist funding
Criminalisation of
self-laundering
Terrorist financing
confiscation & seizure
Quality of FIU
Foreign PEP
Correspondent banking
relationship with shell banks
United Kingdom Australia China
International Standard Reasonable Weak Nascent
Source: Asian Banker Research
6
Figure 1.3 For an institution to be found non-compliant, it is
Increased investigative efforts by the PBOC, not even necessary to be involved in money laun-
despite a falling number of suspicious dering. If the institution does not, in the regulators
transactions in general, also lead to higher view, have effective systems and controls to pro-
activity by law enforcement agencies vide reasonable assurance that the institutions
5,000
can avoid aiding or abetting money launder-
Number of transactions
4,500 ers, the regulator can take action. It can impose
4,000 fines between US$30,000 and US$ 70,000, on the
3,500
institution for misconduct. Directors, senior man-
3,000
2,500 agers and other persons directly responsible for
2,000 the misconduct can also receive a fine between
1,500
US$1500 and US$ 7300. If non-compliance leads
1,000
500 to actual money laundering, the fines are about
0 ten times higher.
2005 2006 2007 2008
In 2008 the PBOC checked 5,504 fi nancial institutions
Most suspicious transactions, which were reported to law
enforcement authorities (headquarters and branches) on-site, of which 304
Number of investigations by law enforcement agencies were fi ned for non-compliance. The fi nes amounted
Total amount of most suspicious transactions reported or to US$1.3 million, leaving banks with an average fi ne
discovered by PBOC
of about US$ 4,000. This indicates the PBOC’s light
Number of investigations based on analysis of suspivious
transactions by PBOC handed stance on the enforcement of AML viola-
Source: Asian Banker Research tions. Additionally, 60 managerial individuals were
held directly accountable for misconducts and
were fi ned.
“no clear determination of the scope of the freezing
obligations in respect to what assets need to be tar- However in order to create a genuine incentive for
geted and their link with the terrorist individuals and banks to reduce money laundering, the regulator
entities”, according to the FATF report. must be willing to legislate and execute serious
punishment to improve credibility. Otherwise banks
Another issue which has not been properly addressed, will not make the effort to sustainably reduce mon-
as it has not yet been criminalised, is self laundering, ey laundering.
where an offender simply acts to launder the pro-
ceeds of his own offending. China furthermore lacks
explicit requirements in its AML law for financial insti-
tutions to have an adequate audit function to test Figure 1.4
compliance with internal AML/CFT controls. The AML Despite more stringent regulatory controls,
Law does not require financial institutions to provide Chinese banks incurred lesser convictions
relevant employees with CFT training.
and fines
6,000 9
Units
Millions
Public reporting and transparency are another major 8
5,000
deficiency of the Chinese authorities. Publicly avail- 7
able information is mostly antiquated and not easy to 4,000 6
5
retrieve. English versions of authorities’ websites con- 3,000
4
tain even more limited information compared to the
2,000 3
already insufficient Chinese sites. 2
1,000
1
It would seem that China has a sufficiently com- 0 0
prehensive AML regulatory regime in place. So 2005 2006 2007 2008
the problem is not the absence of regulation, but
Number of controlled financial instituions (headqarters and branches)
rather the enforcement of law. Chinese authorities checked onsite
and banks, like in many other countries in Asia, fol- Number of financial institutions fined for non-compliance
low AML regulation rather by form and not by spirit.
Non-compliance with customer due diligence Value of fines for sanctioned FIs
(CDD) requirements is widespread. Source: Asian Banker Research
7
Development of AML capabilities in Chinese banks
With the new regulations, banks sought rapid com- customer ID verifi cation system, framework pro-
pliance which did not necessarily result in efficient cesses in place, and risk management processes
capabilities to fight money laundering. The regula- in place.”
tor’s push for AML was the main driver for the imple-
mentation of AML operations, but a deeper under-
standing for the necessity of AML and CTF could Large value and suspicious transactions
neither be conveyed to the fi nancial institutions in
China nor to their employees. Several commercial banks stated that most AML
jobs are guided by regulations and administra-
Almost all Chinese banks have more or less success- tive rules issued by the Chinese government and
fully implemented Phase 1, but achieving Phase 2 is PBOC. No internal rules and guidelines have
challenging and often not a major priority. For this been put in place. This impedes the quality of
reason only a few more sophisticated banks made AML efforts, as banks usually do not supervise
it to Phase 2 so far. Several foreign banks can be and robustly audit the successful implementa-
placed in Phase 3, as they utilise the IT and process- tion of AML.
es of their international groups, whereas a few best
practice banks, such as DBS, entered Phase 4 on a The Chinese regulator obliges banks to report large
global level. value and suspicious transactions to the Anti-money
Laundering Monitor and Analysis Centre of China
According to a foreign bank, the main focus of (CAMLMAC). Large value transactions are gener-
AML implementation in China is twofold: “The ally stored centrally in the branch back-office on a
fi rst is customer identifi cation when customers city or above level. Large value reports can be au-
open an account. The second is when customers tomatically extracted directly from the data centre
transactions are classifi ed as suspicious. We have and transmitted to the CAMLMAC.
Figure 2.1
Maturity development of AML in banks
Phase 4
Centralised management of
Phase 3 operational risk
Integrated AML
capability
Phase 2
Understanding the
necessity of AML
Phase 1
Regulatory pressure • Manage all aspects of operational
risk in a banking group across all
• Breaking-down
countries with a single IT system
• Banks accept AML as of siloes
and operational risk department
an operational and • Information sharing
reputational risk and between various
manage it accordingly departments and
• Development internal different kinds of
AML guidelines and operational risk
company culture • Integration and
• Development of centralisation of
• Basic implementation of first various AML systems
generation IT advanced IT system,
deployment of dynamic into a common system
• Siloed approach towards AML in
triggers and improve-
each business line.
ment monitoring
• AML is only implemented to avoid beyond regulatory
regulatory pressure requirement
• Rule based transaction monitoring • KYC is also upgraded
according to regulatory requirements into a risk-based
• Rudimentary training and approach and becomes
restructuring of existing HR to a necessity rather than
satisfy regulatory requirements an inconvenience
Source: Asian Banker Research
8
IT solutions and operational structure
“We have our own
A number of Chinese banks are currently taking the
bankwide risk management threshold to Phase 2 and target centralised AML in-
frastructures. However data quality and core bank-
ing integration issues remain a challenge.
department and it
Chinese banks have been investing in IT soft-
is in charge of the ware and process modification when urged by
regulators. Generally most banks opt for cheap
whole bank’s risk and basic off-the-shelf systems which only satisfy
regulatory requirements and put the regulator
at ease. We have observed that most IT systems
control issues.” have been implemented in a hurry and without
much interest in quality or sustainability. First gen-
Senior Executive of a Joint-Stock eration low-tech rule-based monitoring tools,
Commercial Bank which focus on detecting and flagging but not
on alert accuracy, do not assure comprehen-
sive suspicious transactions reporting. These rules
For an effective combating of money laundering, are often stiff and based on regulator demands,
banks need to take AML away from the frontline. and are thus inflexible and not suitable for a fast
Suspicious transactions are still mainly identifi ed paced AML environment. Changes in extracting
by frontline staff in local branches who perform rules would even require a re-coding of the de-
AML on top of their regular tasks. In most Chinese tection systems. It is difficult to scale up these first
banks, the identifi cation standards are not quanti- generation IT systems to keep up with the rapidly
tative and depend on a combination of system fi l- changing requirements.
tration, staff’s logical reasoning and sensitive rec-
ognition. Since information from suspicious trans- Another major roadblock comes from rules-based
actions needs to be condensed, fi ltered, comple- systems triggering too many false positives, over-
mented, categorised and reported throughout a whelming compliance staff. Rules-based systems
comprehensive hierarchy from the operational drive volume and not quality. The increased volume
level via branch back-offi ces on higher levels to of work items may diminish the credibility and en-
headquarters and fi nally the regulator, the iden- ergy of AML monitoring staff, distracting them from
tifi cation and response can take weeks. “Most their primary responsibilities and preventing the de-
fi nancial institutions have to focus on real-time partment from meeting AML obligations.
detection, rather than post-supervision, which re-
sults in the fact that detection is mostly limited to Manual documentation is adding to the woes for
deposits and withdrawals over the counter”, says cash transactions. AML systems are connected to
the AML Bureau. retail debt systems, personal credit systems, and
credit card systems. While this allows the tracking of
In the case of a suspicious transaction, banks often all electronic transactions, cash transactions, which
cannot determine the reason for the transaction, make up for 65% of Chinese banks total transac-
whether it is money laundering, fraud or sanctions. tions, cannot be monitored automatically. Employ-
The bank only knows that there has been an unusual ees have to add the relevant data manually, which
transaction and fi les a suspicious transaction report. not only increases employees’ work but also cannot
As doubtful transactions happen frequently, banks guarantee data quality.
with low analytical capabilities tend to ignore AML
rules altogether. With the spread of e-banking, the frontline-based
suspicious transaction monitoring system becomes
The people factor is aggravated by the high attri- even more insufficient, as bank staff has less face-to-
tion rate of counter staff, quitting the bank or be- face contact with customers. Criminals increasingly
ing transferred internally. Senior AML experts are use the internet to participate in money laundering
usually rare, and not all staff assigned to AML duties activities which adds another layer of difficulty for
receives proper training. banks to identify them.
9
There are also some Asia-specific concerns, which gional high attention profi les and increasing vigi-
make automation in Asian countries more difficult. lance to particular practices and target groups. As
A particular problem for China is the romanisation China is a large and heterogeneous country, AML
of Chinese characters for payment transactions, requirements vary from bank to bank, and from re-
such as SWIFT. There are too many possibilities of gion to region.
translating a Chinese character into Latin charac-
ters. Moreover, the software has to struggle with the A major challenge in China, as stated by a foreign
different order of fi rst and last names, and English bank, is the verification of IDs, because there are so
pseudonyms for Chinese names as well as random many people in China with the same name. More-
English given names. over, there are a lot of people in bigger cities who
use counterfeit ID documents.
Other cultures have different name conventions.
For example in countries with a Muslim population Banks also mention customers who refuse to offer
names are written differently from country to coun- necessary information. Financial institutions are
try, and a popular name like “Mohammed” can be obliged to collect sensitive information such as cus-
written in more than 50 different ways. In Malaysia tomer income and expenses. When asked these
and Indonesia, people often do not use surnames, questions, customers sometimes refuse to give an-
which are usually simply the father’s given name, swers or just offer wrong information. A variety of
and would mainly use their own given names alone banks have expressed problems in collecting cor-
for identification instead. rect and effective data.
Many Asian countries have problems with the limit- The use of PEP profi les remains moderate in China,
ed space in payment transaction forms, which leads whereas in other countries in Asia the potential risk
to truncated names. These hinder name-matching from those persons is incorporated in their risk pro-
capabilities with international black lists, politically fi les. The reason for this is incomplete information
exposed persons (PEP) profi les, terrorists, etc. from Public Security Bureau, the PBOC or the social
security department, and a lack of independent
International banks usually do not deploy China- sources of information in China. Several commercial
specific systems, but work closely with the regulator banks also stated the problem that public agencies
to meet these requirements. Usually they make use such as the Industrial and Commercial Bureau do
of the systems they already have in place in their not or cannot share information freely.
home market.
Fragmentary reporting to CAMLMAC based on
Other stumbling blocks are organisational deficits. poor legacy customer records in the banks and un-
Some banks do not operate a specialised AML de-
partment, and in some cases there is not even a su-
pervisory body in the bank, resulting in loose AML Figure 2.2
organisation structures, unclear responsibilities, and Challenges banks currently face in running
limited information sharing and cooperation be- AML programmes*
tween departments and inefficient AML patterns.
90%
% respondents*
This negatively affects timely technical support and 80%
creates an inability to re-allocate manpower to ur- 70%
gent priorities, the moment such re-allocations are 60%
called for. Large-scale money laundering involving 50%
several departments are much harder to detect. 40%
30%
20%
10%
Know Your Customer and Customer Due Diligence
0%
s
l u um en
at ard ity
ns
nd
The KYC process is a continuous one which con-
ne ns giv
er
rm c nt
et ,
sa er
s, s
fu
c
nc
fo ID ide
ge
an co s
of
co
ch ng ern
stantly requires banks to update and refi ne informa-
m i n c er
ce
ry
na es tom
gi nc
ur
to
e l
an co
tion and standards. In China, regions differ largely
So
la
su s
is Cu
ch ity
gu
r
Re
cu
in the known money laundering practices. Part of
Se
the due diligence process consists in defi ning re- Source: Asian Banker Research * please select up to three options
10
available mandatory information also affect the ef- says the risk executive of a large Chinese commer-
ficiency of transaction monitoring and analysis. De- cial bank.
spite checks by The PBOC, the willingness of banks
to deliver useful information seems to be limited. Re- Reputational damage and fi nes are still not seen
ports often contain wrong information and data re- as a serious concern by most Chinese banks. But
dundancy, as some commercial banks do not pay things are slowly changing, and reputational risk is
much attention to AML procedures. gaining in importance. “Failure to report suspicious
transactions will enhance our compliance risk, will
sometimes infl uence our reputation and will eventu-
The cost of AML and Reputation ally create a commercial risk”, said a manager from
a Chinese commercial bank.
The predominant feedback of commercial banks
in China was that they regard AML mainly either For internationally active Chinese banks, the risks
as a means of risk management, as a waste of from AML and CTF non-compliance are more im-
time and resources, or as a major cost driver. Some mediate. Not only are the fi nes higher, as seen in US
even perceive it as negatively affecting profits sanction violations over the last years. Some major
as it scares away customers due to more compli- banking groups, such as ANZ, UBS, Lloyds TSB and
cated and comprehensive KYC procedures, and ABN AMRO had to learn about the painful conse-
because clients are afraid of a softening of bank quences the hard way, as they have all been fi ned
secrecy. Moreover, rigid AML specifi cations have by US authorities with the highest fi ne of $ 350 mil-
the potential to limit business opportunities. Thus lion. But Asian banks have also been targeted by
AML remains a non-issue for most Chinese banks, US enforcement authorities for trading with undesir-
unless they go international. able partners: Banco Delta Asia from Macau has
been censured for trading with North Korea, and
Only a few Chinese banks take AML and the regu- Malaysian First East Export Bank has been specifi -
lator very seriously, in particularly those who oper- cally identified as a subsidiary of Iranian Bank Mellat
ate internationally. “The largest challenge is the by the US Department of Treasury. The reputational
confl ict of interest between the bank and the reg- damage from such negative publicity in the media
ulator. For example, often when you believe that and the association with organised crime, corrup-
a person is involved in money laundering activities tion, terrorist fi nancing and sanctioned regimes also
and you refuse to provide services to him, you lose threatens to tarnish brand perception. One interna-
some business such as profits from transaction set- tional Chinese bank mentioned it is eager to comply
tlement, commission, etc. But, frankly speaking, our with AML regulation in an effort to avoid negative
attitude is to always view compliance as the high- publicity and to avoid causing foreign regulators to
est mission in life. We are very determined here.” take a closer look at the bank’s business abroad.
11
Current organisational approaches to AML management
We distinguish between two general approaches to which is located in another department (like corporate
manage AML in financial institutions. On the one hand, security, audit or in operational risk) will solely deal with
banks organise the compliance in silos with more or fraud. There will be another system checking sanctions
less coordination from a central compliance/opera- in transaction banking, operated by the operations
tional risk department. On the other hand, we see a department. These structures are replicated across the
development towards the integration of risk manage- business lines, such as retail, cards, corporate, as well
ment into the existing IT and process architecture with as across various countries. Usually, information is not
a trend towards centralisation of risk management to shared between the various departments, or at least
a specific department, assuring the compliance and not done so in a timely matter. As result of the silo struc-
risk management of the whole bank. ture, the information stays in the silo and even if the
name occurs in several touchpoints within the organi-
sation, the banks are not able to react efficiently.
Siloed approach
Further regulatory requirements, rapid change of
The first approach is a logical first step for banks, which money laundering techniques and the bank’s inabil-
are forced to quickly adapt to new regulations, with- ity to manage those risks efficiently makes further in-
out a deeper awareness of the seriousness of the mat- vestments into processes and IT necessary. Because
ter. Siloed approaches are more easily achievable, as of existing legacy systems, banks continue to add
the general structure already exists and the bank only on to their current IT architectures and try to adjust
adds some people, processes and IT. This is common in processes, which usually results in the creation of a
emerging markets like China, where the banks started central department to at least coordinate the fight
AML from the stand under external pressure by regula- against operational risks. Due to the lack of integra-
tors, with rather fuzzy standards and definitions. tion, information sharing remains difficult and com-
plex. The KYC or Customer Identification Program
In the beginning, the cost factor also comes into play (CIP) system is usually not integrated with a transac-
as local basic IT is cheaply available and existing em- tion monitoring system, so high-risk entities might not
ployees are only rudimentarily trained to take over new receive adequate scrutiny. Sparse information about
responsibilities. Within the silos, each risk is dealt with a potentially suspicious event or party can lead to
individually. There will be an AML surveillance system, longer and more error-prone investigations. Alert no-
which reports to the compliance or legal department tifications often have to be distributed manually and
and controls the channels. The fraud department, might be overlooked and misrouted.
Figure 3.1
Financial Crime Risk - Siloed Approach
Divisions with Top
AML obligations Management
Retail Corporate
Operational Operational
Risk Compliance Risk Compliance
Fraud Sanctions AML / CTF Fraud Sanctions AML / CTF
AML Monitoring
Origination Monitoring on branch level or country headquarter level
Type of AML Transaction KYC Due Transaction KYC Due Diligence Transaction KYC Due
Activities Monitoring Fraud Diligence Fraud Monitoring Fraud AML/CTF Monitoring Sanctions Diligence Sanctions
Source of
Transactions Customer Information
Information
Source: Asian Banker Research
12
Figure 3.2
Financial Crime Risk – Integrated Approach
Divisions with Top
AML obligations Management
Compliance & Security Group Legal
Fraud AML / CTF Sanctions Physical assets Misselling Loan sharking ...
Type of AML
Activities Transaction Monitoring KYC Due Diligence Sanctions
Source of
Information
Customer Transactions Customer Information
Source: Asian Banker Research
A Chinese commercial bank describes its organisation- As all operational risk are managed by the same de-
al structure as follows: “We have our own bank-wide partment, this allows comprehensive assessment and
risk management department and it is in charge of the understanding of suspicious transactions and rapid
whole bank’s risk control issues including AML. We, as a reaction according to its risk level.
business department, will need to coordinate with them
from time to time, in order to discover any abnormal Despite high implementation costs, integrated sys-
situation and irregular cash flows in the accounts. For tems achieve cost efficiencies in operation, as staff-
retail banking specifically, we are detecting the irregu- ing can be reduced. For example, a leading South-
larity of cash flows in our customers’ accounts on an east Asian commercial bank stated it reduced op-
individual basis. If we find anything unusual, we need to erational risk staff since the implementation of its AML
inform the operation department which will pass to and architecture by almost 20%, despite an increase in
solve the problem together with the risk department.“ assets and market presence across Asia.
The difficulty in integrating AML technology with all
Integrated approach other source systems derives from the various formats
and rules used in these systems. Data has to be stan-
The integrated solution is mainly found in advanced dardised from the source systems. It helps to develop
banks, such as a few local banks in China, and inter- a pipe, so the rules engine can use data.
national banks like Standard Chartered. As these sys-
tems usually work bank-wide, these banks also take
the know-how to their subsidiaries across Asia includ- “One of the greatest risks is to
ing China. All operational risks are managed by one
department throughout the whole bank across all
countries. This department can leverage fully on com-
manage operational risk in silos.
prehensive data from the various financial crime risks,
as well as KYC and general customer information from Most banks in the world still
the CRM system. With the integration into the core
banking system, automatic blocks on positive iden- monitor operational risk without
tification of blacklisted persons are possible and limit
delays and human mistakes. This also allows top-down
messaging on the basis of the operating system, so
cooperation and information
that messages cannot be ignored or overlooked.
sharing across departments.”
Advanced analytical and monitoring software helps
to achieve greater efficiency with lower manpower. Risk executive of a Singaporean bank
13
What banks do to overcome pain points
Large value and suspicious transactions The same bank double-checks the information of
1,500,000 customers with the online system from the
In order to strengthen monitoring capabilities, Chi- PBOC. For companies, profi les and information on
nese banks should expand the scope of transac- the legal representatives will be checked. Therefore
tions they are monitoring and defi ne clear criteria the bank developed a system internally to report
on what is a suspicious transaction. Banks have to important suspicious activities.
go beyond regulatory requirements and implement
internal guidelines and standards. If customers change their trading categories, the
bank is able to track this change with another ad-
As a local best practice example, one Chinese bank ditional system.
said it deploys a system that monitors the transac-
tions of customers and correspondent parties. Sus-
picious transactions are analysed and if they can- IT solutions
not be validated, a customer manager will try to
fi nd out the purpose of the transaction. If this does Improved IT solutions bear high potential in AML
not work either, the transaction will be transferred capabilities. Employees can be relieved from com-
to the compliance department to investigate the plicated fi ltering, identification and reporting pro-
customer. In this case, account information of the cesses, which will greatly improve work efficiency
last six months will be checked together with public and quality.
information to see whether there is suspicious AML
activity. If the suspicion is substantiated, the custom- One Chinese commercial bank established an
er risk will be adjusted. electronic system, which on an ongoing basis con-
14
trols all persons, fi rms and organizations mentioned common. The actual idea behind the model is
on any list of known fraudsters, terrorists or money basic, but the implementation is tricky, as the risk
launderers. The system also monitors and reports profile has to be strict. Capable mechanisms and
large cash and suspicious transactions. people building these mechanisms are inevitable
for success. Risk profiles are based on a variety
Leading-edge surveillance systems have useful of indicators, which for individuals usually include
tools, such as real-time watchlist fi ltering capability place of residence, country of origin, citizenship,
with fuzzy logic. This helps name matching, as a va- source of wealth, occupation, and countries to
riety of names can be checked. When a payment and from which transactions are to be made. For
instruction goes through a payment gateway, the legal persons they should contain the location of
system checks every single word in the instruction business, country in which the business is incor-
with a sanction list. porated, nature of business, beneficial owners
of the business, directors, countries from which
Some banks have already started centralising AML- transactions are made and entities with which
related tasks and data and builds data models that the transactions are affected. These indicators
include a broad range of product types, channels, derive a blended score. The better integrated
entities and non-monetary events. Optimally, the such risk models are in the monitoring and deci-
alert-generation process should monitor multiple sion making process, the more effective the risk
risk factors with a single pass through the data – management. Automated data updating and
even for very large databases. recalculation or risk scores keeps the profiles ac-
curate and up-to-date.
Know Your Customer and Customer Due Diligence Some helpful indices for country risk are the OECD
non-cooperating tax havens list, FATF non-cooper-
In China, regions differ largely in the known money ating countries, Corruption Perception Index, etc.
laundering practices and therefore require a re- Such indices are comprehensively researched and
fi nement of regional high attention profi les, an in- do not have a high risk of being politically motivat-
creased vigilance to particular practices and tar- ed, unlike country black lists.
get groups as part of due diligence.
Desk research on cooperate background and in-
Information sharing among banks, regulators and dividuals, news releases and PEP profi les from in-
other official data sources like credit data, but also formation sources such as Factiva, combined with
foreign PEP profi les, has to be improved; data quality internal intelligence systems, internal rating, nega-
and communication channels have to be cleaned tive lists and law enforcement reports, deliver indi-
and streamlined. vidual information. Internal databases have to be
constantly updated and checked.
With a risk-based approach to AML, banks can
optimise their efforts by watching high risk cus- A Singaporean bank collected business intelligence
tomers closely and can spend less time and ef- and indexed the data in a central intelligence plat-
fort on low risk customers. A variety of factors form, which is linked to the transaction surveillance
have to be taken into account, such as the type system and core banking platform. This allows the
of customer or business, product and expected bank to react quickly if a customer is identified posi-
account activity. Risk-based customer accep- tively on a black list. In this case, the desired action
tance procedures need to be consistent across can either be blocked or associated with a higher
all branches. They require banks to ask a set of risk profi le and closely monitored.
questions and include rudimentary database
research to determine the risk level of customer.
Taking the risk of higher levels should be decided Company culture
by higher ranks or even a committee, involving
the senior executives. In order to drive compliance, a fi nancial institution
requires substantial understanding and support
Risk profiling can help to cope with KYC risk. The from top management. Investments into the imple-
three tier risk model – classifying customer pro- mentation of IT processes and employee attitude
files with high, medium and low risk – is the most require explicit and unequivocal support from the
15
senior management. An interviewee who has been a system that leaves no space for hesitation and
in charge of AML in several banks described the re- disorientation. A single drop-in centre for all issues
silience of a variety of banks to engage a serious involving operational risk and an information shar-
new corporate policy towards AML. The reasons ing system, which makes sure that all the people in-
for this are the enormous cost and restructuring volved in dealing with AML get the information they
requirements needed to achieve full AML capabil- need, is necessary.
ity in a major bank, and the complex problems in
dealing with legacy systems, internal restructuring, In emerging markets like China, we realised that
insuffi cient understanding of needs and benefits. In for a majority of banks branches are still the main
a best practice example, the whole hierarchy of location for combating money laundering. These
a bank from the CEO and chairman downwards banks believe that branch employees are in a bet-
conveys the message and importance of AML to ter position to detect money laundering, as they
all employees. understand operations and customers better.
On the other hand, there is a growing number of
After creating a culture of a highly involved se- banks in China who perform centralised monitor-
nior management, the development of a code of ing in the headquarters. In any way, comprehen-
conduct for all employees of the bank is the next sive and continuous training is a necessity for the
step. Only a few banks publish such codes public- success of AML.
ly, stating key obligations for staff and conveying
the importance of the matter. This allows custom- An enterprise risk approach helps to manage risk
ers to access the material and detect and report more effi ciently and also to bring down AML-re-
non-compliance. lated cost. Among the basic steps to achieve an
enterprise-wide integration is the consolidation of
This also involves solid escalation mechanisms, AML into one compliance department and the
which require the full understanding of employees, integration of all systems on one technology plat-
defi nite rules and escalation channels, a system to form. Furthermore, it is benefi cial to combine AML
distribute messages and warnings, but also needs and anti-fraud efforts. Finally, a central case man-
to deal with the issue of whistle-blowing while build- agement system brings together the output from
ing incentives for escalation. It is vital to develop disparate systems.
16
Critical elements of a robust AML programme
and best practice
When asked what makes a critical AML regime,
interviewees noted that technology still plays a
“In my opinion, the most
major role for banks. But there is a rising under-
standing that it takes more than a good IT infra- important criterion gauging
structure to effectively combat money launder-
ing. Only a few banks in China have fully em-
braced this fact.
the robustness of an AML
A senior executive of a commercial bank says,
programme is the filtering
“AML should be conducted on a daily basis, not
just for several days. The system can identify some rate. I am not saying a too
suspicious transactions every day, and automati-
cally downloads transaction data. So I believe
that real-time monitoring and complete records
high or low rate is good, but
of client’s transaction data are the most impor-
tant elements.”
the accuracy of the filtering/
The vice president of a big four bank believes that screening rate is important.”
Chinese banks need to have in-depth communica-
tion and conversation with peers in other countries Senior Executive of a Joint-Stock
to prevent fi nancial crimes. He emphasises the need
of Chinese banks to better cooperate and share in-
Commercial Bank
formation with international organizations to learn
more about the situation in China.
records, as well as providing continuous training
According to another Chinese megabank, a ro- programs for employees and strengthening inde-
bust AML programme is based on four factors. The pendent auditing. The last is coordinating with in-
fi rst is building a customer information database ternational AML organisations.
system to keep records of customers’ identity. The
second is building a more robust large-amount As a best practice example in the region, we regard
and suspicious transactions reporting system that DBS’ fight against money laundering. Starting with
can be used by banks and non-bank institutions. the objective of managing all kinds of operational
The third is strengthening the internal monitoring risk with one system in one department, the bank
system and establishing a mechanism to evaluate built a groundbreaking AML infrastructure across all
staff’s integration, work experience, and fi nancial channels, products and countries.
Figure 4.1
Critical elements representative of a robust AML programme*
70%
% respondents*
60%
50%
40%
30%
20%
10%
0%
Real-time Capture and International Enterprise wide Leveraging best Well defined
monitoring monitor client cooperation risk management practice AML AML regulatory
information and culture technology guideline
transactions
Source: Asian Banker Research * please select up to three options
17
Future regulatory developments
Most banks expect from the regulator a further A big four bank expects a perfecting of regulatory guide-
strengthening of regulation and also stricter enforce- lines in the near future. This includes the establishment of
ment of the existing regulation. a policy that makes the reporting of suspicious transac-
tions mandatory. It is also expected that banks will have
“Without a doubt regulations will be much stricter to pay closer attention to capital from countries, where
than before, especially under current market con- AML regulations are not enforced or are incomplete.
ditions. And even when the crisis passes its worst,
I don’t project there will be a sudden ease in the However some banks still hope that they will some-
regulators’ attitude. It’s a good time for them to re- how manage to avoid major changes in their behav-
build the discipline of the market”, says a Chinese iour and that the regulator might exempt financial in-
commercial banker. stitutions from responsibilities, when their behaviour is
based on bona fide and report suspicious transitions
to authorities.
Figure 5.1
For the moment, transaction monitoring in China fo-
Expectations of future developments in
cuses mainly on large transactions. Having achieved
AML regulatory regime*
basic AML capabilities, the regulator might urge
80% banks to take further steps to improve reporting
% respondents*
standards, customer due diligence, monitoring and
70%
analytical capabilities. KYC requirements might be
60% expanded to involve third parties in transactions and
customer’s source of funds.
50%
40% Banking secrecy will also be debated and might re-
30% sult in changes in offshore banking models.
20%
In order to raise the awareness and deterrence ef-
10% fect of non-compliance, the Chinese government will
have to raise and strictly enforce fines and penalties.
0%
Bankers will be Sophistication of Ongoing This may even include prison sentences for individuals
responsible for internal AML management refinement for serious violations. Personal liabilities of senior bank-
KYC regulations to satisfy of AML
international partners regulations ers are also considered in Hong Kong and it is to be
Source: Asian Banker Research * please select all those that apply expected that other Asian countries will follow.
18
19
For further information, please contact:
Temenos Singapore The Asian Banker
61 Robinson Road 10 Hoe Chiang Road
#20-01 Robinson Centre #14-06 Keppel Tower
Singapore 068893 Singapore 089315
Reid Warren Chris Kapfer, Associate Director, Research
Tel: (65) 6536 6722 / (65) 6232 3216 Tel: (65) 6236 6520
Fax: (65) 6538 0818 Fax: (65) 6236 6530
Email: rwarren@temenos.com Email: ckapfer@theasianbanker.com
Thomas Zink, Research Analyst
www.temenos.com www.theasianbanker.com
20