00 Compliance Institute Sample Examination Papers and Model Answers October 2009 Regulatory Risk Management Anti-Money Laundering and Financial Crime Please note that the following sample question papers and model answers are not published for use as study materials. They are intended to illustrate the nature of each examination and to indicate the level of achievement involved. Every effort has been made to ensure that the model answers are correct. They are based on regulation at the time they were written and should not therefore be relied upon as a comprehensive statement of current regulatory standards and practice. Sample questions and model answers for other Institute examination papers are not available for 2009. Examination Paper REGULATORY APPROACH TO RISK MANAGEMENT October 2009 Time allowed: 3 hours INSTRUCTIONS TO CANDIDATES 1. This paper is divided into two sections. Questions in Section A are worth 5 marks each (maximum 20), and questions in Section B are worth 40 marks per Case Study (maximum 80). The total of marks available on the paper is 100. 2. You are required to answer FOUR questions from Section A, and TWO of the Case Studies in Section B. 3. Do NOT open this question paper until you are instructed to do so. 4. Carefully read the instructions on the cover of the answer book. SECTION A Answer FOUR questions from this section . 1. The Financial Services Authority‟s annual Financial Risk Outlook and Business Plan collectively set out identified risks to the Authority‟s Statutory Objectives, together with the work the Authority will undertake to manage those risks. Outline five steps that senior management of financial services firms can take to use the information in these reports for the benefit of their business. (5 marks) 2. The Financial Services Authority regularly and routinely uses formal letters to Chief Executives of financial institutions to communicate matters of regulatory concern. In the context of risk based regulation: (a) Give three examples of what the Financial Services Authority is seeking to accomplish through the use of “Dear Chief Executive” letters. (3 marks) (b) Briefly outline two ways in which a firm might react to matters set out in a “Dear Chief Executive” letter. (2 marks) 3. List, with a brief explanation for each, five examples of how the Financial Services Authority‟s Arrow programme supports the supervision of regulated firms. (5 marks) 4. The Markets in Financial Instruments Directive and its implementing measures set out the regulations relating to Material Outsourcing Arrangements. (a) Briefly define what is meant by a “Material Outsourcing Arrangement” (1 mark) (b) List four steps that firms should take when first establishing a Material Outsourcing Arrangement. (4 marks) 5. The Financial Services Authority‟s rules at BIPRU require investment firms to carry out an Internal Capital Adequacy Assessment Programme (ICAAP) as well as to maintain the capital requirement identified in individual assessments. (a) Identify three ways that the Authority‟s work with an authorised firm‟s ICAAP will help support its regulatory risk management of that firm, (3 marks) (b) Identify two features of an ICAAP that allow firms to manage the risks to their own individual businesses. (2 marks) [Maximum for Section A: 20 marks] SECTION B Answer the questions arising from TWO of the Case Studies in this section Case Study 1. You work for an investment firm that has a wealth management subsidiary called Investment Plus Ltd. That subsidiary conducts advisory and discretionary investment business for high-net worth individuals in the United Kingdom. Investment Plus has recently had a systems and controls audit, which identified concerns about its surveillance systems for its client advisory and discretionary management activities. In particular the audit report highlighted that trade surveillance at Investment Plus had the following deficiencies: It was conducted in an unstructured manner, without any prior thought to the types of trading to be reviewed or to the standards of advisory or discretionary activity that were to be checked. It was not focused in the right way, in that it appeared no consideration was given to the pre-classification of trading activities that might allow for a risk-based approach to trading surveillance. It contained insufficient reporting arrangements. The results of Investment Plus‟ trading surveillance were collated once each month and presented as a general written report to Investment Plus‟ senior management. Moreover, the auditors considered that the length of the monthly report made it difficult for senior management to identify any emerging trends or issues and did not allow for senior management to make a distinction between important issues and those that were merely considered as routine. It contained insufficient escalation arrangements. In the period under review, 100 advisory trades had been reviewed, of which ten were classified as containing advisory activities that might have led to some client detriment. It appeared, however, that no immediate actions were taken to deal with the identified trading concerns before the monthly senior management report was presented, and even then it was left to senior management to determine what remedial steps, if any, to take. You have been seconded as a special adviser to the Investment Plus‟ compliance department and have been asked to develop trading surveillance processes and protocols that will both overcome the concerns highlighted in the external audit report and allow Investment Plus‟ compliance function to best apply its limited resource to monitor the quality of the firm‟s advisory and discretionary management activities. Questions (a) Prepare a short briefing paper outlining the arrangements you would put in place to operate a risk-based trade surveillance system together with the key risk measures that could be established to support such an approach. (10 marks) (b) Provide an explanation of your suggested arrangements and measures together with their overall significance. (10 marks) (c) Explain to the firm‟s governing function the steps that would have to be taken when your identified key risk measures alerted you to a failure by the firm‟s client desk in meeting “Know Your Customer” information requirements. (20 marks) [Total for Case Study 1: 40 marks] Case Study 2. You work for an Insurance Intermediary business (ABC Insurance) that has been acquired by a venture capital company with a view to preparing it for public sale in two years‟ time. The venture capital company is concerned that ABC Insurance‟s management has always been too centred on its two shareholding directors. The company‟s board comprises only the two shareholding directors and there is no independent non-executive director representation. As a result of this structure, the current directors‟ decision making often goes unchallenged. Moreover, the board meets once per month and deals with all company matters but usually concentrates on those items that have a sales focus. In the past there has been limited board attention to risk-management, audit or compliance. You have been asked to help the company develop a robust structure for its corporate governance. Questions (a) Outline and explain structural and operating arrangements for the company‟s board of directors that you would consider appropriate. (20 marks) (b) Explain the safeguards you would put in place to ensure your governance structure contains an appropriate level of independent challenge. (10marks) (c) Write a short advice to the venture capital company explaining the value of independent non-executive directors and identify in that advice three key criteria that support a non-executive director‟s independence. (10 marks) [Total for Case Study 2: 40 marks] Case Study 3. You work in the compliance department of a retail bank that has outsourced to a call centre operation based in Brazil the processing of its clients‟ current and savings accounts. When talking to the bank‟s clients, staff in the call centre often identify additional client banking needs, such as loans and savings, and a procedure has been established to allow the call centre staff to advise on and sell appropriate banking products to the bank‟s clients. During its recent risk assessment of the bank, the Financial Services Authority identified major concerns with how the bank controls the outsourcing arrangement with the Brazilian call centre, namely: The bank took very limited steps to assess the appropriateness of the call centre prior to its engagement by the bank. The bank has no formal written contract with the call centre. All that is in place is a simple “Heads of Agreement” document setting out financial performance related terms between the bank and the call centre. Although the bank has prescribed the compliance systems and controls that should be in place at the call centre, the bank has not to date carried out any supervision of the call centre‟s sales activities, other than to monitor whether it is meeting the sales targets set out in the Heads of Agreement. The bank‟s board of directors has recently received the Financial Services Authority‟s Risk Mitigation Plan (RMP). The RMP states that, although the bank has overall been assessed by the Authority as a medium impact firm, because of the nature of the arrangement it has with the Brazilian call centre the bank‟s procedures for the oversight of its outsourcing arrangements are allocated a high impact and high probability rating. The Authority has asked that the bank‟s senior management conduct a full review of its outsourcing procedures and report to the Authority on the steps the bank will take to ensure that it operates in compliance with relevant regulatory obligations. Furthermore, because of the nature of the issues identified by the Authority, it has stated that it is minded to refer the matter to its enforcement division for further investigation. Questions You are required to write a short memorandum of advice to the bank‟s board setting out: (a) The controls you would expect to be put in place within the bank to ensure that corrective actions are taken regarding the call centre. (10 marks) (b) The management information you would expect to receive to monitor the success of the bank‟s corrective actions. (10 marks) (c) The steps that the bank might take in the future both to reduce the high probability rating and to improve its relationship with the Financial Services Authority. (20 marks) [Total for Case Study 3: 40 marks] [Maximum for Section B: 80 marks] Regulatory Risk Management - Suggested Answers The following answers have been prepared to illustrate possible approaches to answering the examination paper. They are not intended to be comprehensive, covering every possibility, but they do address the key points. Marks will be available for other points made by candidates provided they are relevant, correct and (where appropriate) justified by reasoned argument. The suggested answers are usually given here in brief note form. However, in the examination, candidates should ensure that their answers contain sufficient detail to satisfy the examiner that the question has been fully understood and addressed. SECTION A Question 1 Apply the reported risks to their own business model. Establish a risk mitigation plan to manage those risks. Re-asses their FSA risk mitigation plan in the context of FSA reported risks. Prepare the business for up and coming FSA thematic work. Advise the business to take targeted action in relation to those risk highlighted by the FSA. Question 2. a) Such method of communication allows the FSA to communicate messages to relevant sectors of the industry. It allows the FSA to highlight, to the targeted sectors, focused actions in relation to specific communicated risks. It allows the FSA to stress the importance of particular actions or concerns at a senior level within the targeted firms. b) Assess the FSA concerns against the risk presented by their own business. Develop a remedial plan in order to respond to the highlighted concerns. Question 3. a) It allows the FSA to assess the risk presented by firms‟ business activities to the achievement of its Statutory Objectives. b) FSA carries out desk based reviews of firms based on intelligence gathered from regulatory returns. c) Medium and High impact firms have a supervisory relationship with the FSA that allows for closer monitoring of the firm‟s activities. d) The FSA carries out thematic supervision of risks that involve several firms or that are across the market. e) For medium and high impact firms, the FSA carries out periodic risk assessment visits to assess the probability and impact of risks presented by the firm‟s business activities. Question 4. a) An arrangement between an authorised firm and a service provider by which the service provider performs on behalf of the firm critical or important operational functions b) i. Firms should assess the ability and capacity of the service provider to perform the outsourced services. ii. Establish appropriate methods of regularly assessing the service provider‟s standard of performance. iii. Manage the risks of the outsourced arrangement. iv. Ensure a contract is in place with the service provider including terms that allow for contract termination. Question 5. a) i. To ensure that firms hold and maintain sufficient financial capital to meet their liabilities. ii. To ensure that firms assess the liabilities presented by the risks relevant to their business. iii. Allow for the FSA to carry out regular supervision of the firm‟s capital position. b) i. Firms can set part of their capital at a level that is appropriate to meet the cost of risks specific to their business. ii. Firms can keep their key risks under review and periodically adjust their capital in the event of a change to those risks. SECTION B Question 1. a) In answering this part of the question candidates would be expected to display an understanding of how a risk based monitoring system can operate and an analysis of how risk measurements can support such a risk-based approach, as well as the importance of appropriate escalation procedures. There is no exact answer with regard to the system that could be put in place. However, candidates‟ answers should at least address the items below or variations on the theme of the following matters: Firms could establish an electronic or IT based trading surveillance system that would select trades within agreed and pre-determined parameters and report such trades to a compliance officer for review. The key risk measures might include: Trading as a percentage of clients‟ net-worth. Trade classification against clients‟ attitude to risk. Traders‟ sales volumes against targets. Customer complaints. Client trading discretion limits against trades taking place. Frequency at which clients‟ trades take place to indicate for potential churning. Size of individual trades. b) Here, candidates would be expected to explain the significance of each of the measures they identify. The explanation should articulate how each measure would operate. Assuming that candidates identify each of the measures shown in a) above, the following would be considered as appropriate explanations of the significance of such measures. i An electronic trade surveillance (ETS) system allows for the reduction of human error ii An ETS system allows for efficient selection of trades from a large volume of data. iii An ETS system provides an audit trail of those trades selected. iv Selecting by reference to clients‟ net worth allows for the review of trades that have a risk of not being suitable, given the customer‟s financial circumstances. v Selecting by reference to clients attitude to risk allows for the review of trading that might not match the customers recorded attitude to risk. vi It allows the firm to monitor trading outside of traders scope of authority. vii It allows the firm to manage the risk of trades on the basis of unsuitable advice where sales might be made to meet sales targets. viii It allows for increased scrutiny of traders with higher level of customer complaints which could indicate the threat of unsuitable advice ix Large individual trade sizes can indicate a threat to customers ability to afford a transaction x Can be an indicator of risk to customer‟s investment because of over- concentration. c) Do not jump to conclusions before assessing the information that has been reported. Assess whether individual case failures have given rise to any individual customer detriment. In the event of individual customer loss, compensate those customers. Do not wait until the end of a wider review to compensate initially identified customer losses. Identify whether any trends can be established, and focus a wider review towards identified trends. Agree the scope for enquiry with a senior manager. In the event of trends, review the know-your-customer procedures and policies. Interview key desk staff and establish differences between written procedures and those in practice. Identify the cause of a break down in procedures. Respond to actualities of identified trends. Contact potentially affected customers and assess their circumstances. Identify any general customer loss and compensate. Correct procedural failings. Ensure findings are reported to the desk head and senior management. Retrain staff on procedural or policy changes. Institute disciplinary proceedings against any staff intentionally breaching company standards. Assess whether the matter needs reporting to the FSA, and report if necessary. Identify whether your case selection parameters need to be adjusted following your investigation. Assess whether there is a risk of further breaches and factor this into the company‟s approach to risk management. Question 2. a) In answering this part of the question, candidates would be expected to display an understanding of corporate governance, typical board structures that meet the Combined Code on corporate governance, and the role of the independent non- executive director. There is no exact answer with regard to the governance arrangements that could be put in place. However, candidates‟ answers should at least address the items below or variations on the theme of the following matters: Establish a governing board with a balance between executive directors and independent non-executive directors. Establish an independent non-executive director recruitment process. Appoint a non–executive director chairman. Independent non-executive directors should chair a series of board committees. The board should meet at regular intervals (ideally monthly). The board should receive departmental reports. Such reports should include “Treating Customers Fairly” measures. At least one person on the board should have responsibility for compliance matters. Establish an audit committee. The audit committee should oversee the work of the internal audit function and the outcome of the work of the firm‟s external auditors. Establish a risk committee. The risk committee should have responsibility for overseeing risk management within firm. A programme of risk mitigation. The compliance function. Regular monitoring of risk measures. Establish a remuneration committee. The remuneration committee should have responsibility for setting the firm‟s remuneration policy and should also agree remuneration and bonus payments. b) Ensure that there is an equal balance of independent non-executive and executive directors. Formalise the board structure and board committees. Establish an objective non executive appointment process, thus ensuring that executive directors do not appoint friends. Ensure each director has clear responsibilities. Ensure each board meeting has a clear agenda. This must cover all matters relevant to the running of the business. Ensure that agreed board minutes are kept. Do not permit non-executive directors to own shares in the company, or to have any other financial interest in the company. Ensure non executive directors have sufficient gravitas to challenge the executives. c) They contribute to oversight of the business and can provide third party advice. They are not involved in an executive capacity and so they provide a challenge to the executive directors‟ decision making and are free to ask difficult and unpopular questions. They should chair all committees that provide oversight of the Company‟s operations. Through their oversight they ensure that board meetings do not operate as shareholders‟ meetings. They help manage conflict that might exist between difficult business decisions and directors‟ personal reward. Their independence helps protects the company‟s duties to its shareholders. Their personal decision making is not motivated by their interests in the company. Question 3. a) In answering this part of the question candidates should address control mechanisms rather than discrete corrective actions. A detailed understanding of Banking Regulation is not required and thus marks will not be given for answers that are aimed at illustrating a thorough knowledge of those rules. Candidates, will, however, need to appreciate the fundamental regulatory requirement to control and supervise outsourced arrangements. There is no exact answer with regard to the measures that could be put in place. However, candidates‟ answers should at least address the items below or variations on the theme of the following matters: i) Senior management should create a clear responsibility within the firm for overseeing outsourced relationships, possibly by giving to one or more senior managers overall responsibility for outsourcing. ii) The firm should ensure that it has in place clear written and compliant outsourcing supplier appointment procedures together with supporting policies. iii) The firm‟s senior management should receive regular periodical reporting of key service providers‟ operational compliance performance measures. iv) There should be prescribed standards against which service providers must operate services on behalf of the bank. v) The firm should have in place, and operate, escalation triggers or red flags allowing senior management to know when the need arises to act upon any issues highlighted by the performance measures. vi) Ensure that any compliance breaches identified by the escalation triggers are promptly acted upon by senior management vii) That a programme of competence assessment is carried out for all existing and future new staff that are integral to the operation of the firm‟s outsourcing procedures, viii) That senior management put in place and operate a programme of routine oversight of the firm‟s outsourced service providers. ix) That all the firm‟s outsourced service providers receive training on the responsibilities they have as a supplier. x) That senior management engender a culture of compliant behaviour. (The candidate might deal here with the cultural aspects in a number or ways. What is important is that there is a recognition that a firm‟s culture can play a significant role in embedding regulatory risk management), b) In answering this part of the question, candidates should be able to apply to the issues raised in the question a series of processes and measures that can be put in place to help the firm to firmly establish compliance with the FSA rule on outsourcing. Once again there is no exact answer with regard to the processes that could be put in place. However, candidates‟ answers should at least address the items below or variations on the theme of the following matters: i. A measurement confirming that supplier contracts are in place for service providers. ii. A measure confirming that all service providers continue to meet the Bank‟s appointment conditions. iii. Regular reporting of the quality of sales made or products sold by outsourced suppliers iv. A measurement of the results of the quality of routine on-site compliance reviews at outsourced suppliers. v. Complaints data from clients sold to by outsourced service providers. vi. A measurement of the timeliness of compliance reviews at outsourced suppliers. vii. Measurement to show results of staff training on outsourcing obligations. viii. Measurement to show the results of service provider staff training. ix. A measure confirming that all procedures or policy changes at service providers, identified as a result of the bank‟s oversight, have been effected. x. A root cause analysis showing the reasons why any service suppliers‟ contracts are terminated. c) The answer to this part of the question will rely on the creativity of the candidate in applying regulatory risk management knowledge to the question. There is not a definite right answer to the approach that might be taken by the firm, although key messages regarding sound and reasoned management, aimed directly at mitigating the issues faced, should come across in the candidate‟s answer. The candidate should also be able to identify the additional relationship dynamic that arises once a firm is referred to enforcement. Candidates would be expected to address the following items or variations on the theme illustrated by the model answers: i) That the bank should ensure that it meets the requirements of the FSA‟s Risk Mitigation Plan, including reporting progress promptly to the FSA. ii) Present to the FSA a thorough overview of the Bank‟s new outsourcing procedures and policies and control measures. iii) That it might be appropriate to offer alternative or additional methods of mitigating the FSA‟s identified risks than those methods specified by the FSA. iv) The Bank should seek to identify the root cause of its outsourcing breaches. v) That senior management would put in place a programme to eliminate the identified root causes and report these to the FSA. vi) Senior management should improve its systems and controls with a view to preventing a repeat of the breaches. vii) The Firm might establish a programme of Key Risk Measures to assist it in monitoring for breaches of outsourcing rules. viii) As part of its systems and controls development the Bank might engage an external adviser to independently review and comment on its new systems and controls. ix) It could identify what it could achieve from the development of its relationship with the FSA and embark upon a programme of relationship development with its FSA relationship manager. x) It should acknowledge the importance of the Bank‟s senior management being heavily involved in the FSA relationship development, and It should identify which of its senior management could contribute to the development of its FSA relationship. xi) The relationship development programme should be aimed at creating confidence in the Bank‟s ability to manage its own risk mitigation, and the appropriateness of its own rules breach remediation. Examination Paper ANTI-MONEY LAUNDERING AND FINANCIAL CRIME October 2009 Time allowed: 3 hours INSTRUCTIONS TO CANDIDATES 1. This paper is divided into two sections. Questions in Section A are worth 5 marks each (maximum 20), and questions in Section B are worth 40 marks per Case Study (maximum 80). The total of marks available on the paper is 100. 2. You are required to answer FOUR questions from Section A, and all the questions from TWO of the Case Studies in Section B. 3. Do NOT open this question paper until you are instructed to do so. 4. Carefully read the instructions on the cover of the answer book. SECTION A Answer FOUR questions from this section 1. The Financial Services Authority (FSA) requires senior management of a firm to take reasonable care to establish and maintain effective systems and controls to combat financial crime. (a) The FSA‟s rules for Senior Management Arrangements, Systems and Controls (SYSC) provide three attributes that such controls must have. What are these three attributes? (3 marks) (b) Under SYSC, senior management are required to ensure that there are individuals allocated to at least two defined roles with regard to combating financial crime. Please list the two roles. (2 marks) 2. Outline the elements that constitute the offence of “Tipping Off” and list any defences which can be raised to the offence. (5 marks) 3. List five different types of Market Abuse. (5 marks) 4. List five areas of its business and management a Common Platform firm might take into account when identifying its money laundering risk for the purpose of establishing appropriate systems and controls under SYSC. (5 marks) 5. Define and differentiate between the terms “money laundering” and “financial crime”. (5 marks) [Maximum for Section A: 20 marks] SECTION B Answer the questions arising from TWO of the Case Studies in this section Case Study 1. You are the Money Laundering Reporting Officer of Abbots Broking Limited (Abbots), a UK based stockbroker. The firm provides advisory, discretionary and execution only services to a wide range of individuals and companies in relation to UK and overseas securities. Abbots holds client monies at several different UK banks and generally holds clients‟ securities in a nominee name with a UK custodian or, if foreign securities, with its sub-custodian. Abbots also allows certain of its clients to trade on margin. Abbots employs 40 brokers, each of whom has at least one assistant to carry out administrative functions, including booking of some trades and moving funds between a client‟s portfolios and sub-accounts to ensure funds are available for the day‟s trading and to meet any margin calls. One of the brokers, Paul Madop, looks after two corporate clients which were introduced through a personal friend of his, Jim Dunn, who is the Chief Executive of Silk Investments LLC and has already opened a personal advisory dealing account with Abbots so that he may receive advice with regard to investing in AIM listed stocks. One of the corporate clients is Silk Investments LLC, a hedge fund adviser based in New York. Silk Investments LLC is an SEC regulated firm in the United States. It maintains an execution only account with Abbots. The other corporate client looked after by Paul Madop is the Theta Fund, a focused long/short equity fund, registered in the Cayman Islands. For UK purposes, the Theta Fund is therefore an unregulated collective investment scheme. Silk Investments LLC has been appointed investment adviser to the Theta Fund. The Theta Fund has opened an account on an execution only basis. Silk Investments LLC has full power of attorney over the assets held by the Theta Fund on its Abbots account. The Theta Fund trades very actively and has many investors from across the globe. Following an internal tip off, your investigation of the Theta Fund accounts indicates that: o The Theta Fund has established a line of credit and is trading on margin in USD – EUR FX options. o Recent instructions to trade have been given at the UK market opening by telephone. Most of these calls were taken by Paul Madop. As required under internal rules, Paul has made a note of the calls; the notes indicate that Paul received a number of these orders on his mobile telephone line which is not recorded. The reason is that New York opens for business in the afternoon and continues until approximately 11.00pm. The calls taken on Paul‟s mobile were all taken after UK office hours. o A few calls withdrawing funds were made on a recorded line to Paul Madop‟s assistant who has not met any of the client‟s representatives. There is no password or other security information required and instructions are not required to be confirmed in writing from or to the client. o Over the last few days the account has been losing money, margin calls have been issued through Paul Madop and these margin calls have been settled from an account – the “internal errors account” - at Abbots. o The internal errors account now shows a zero balance, but further checking indicates that funds to settle margin calls have also been paid in from Jim Dunn‟s personal account. o Monies have also been paid from the Theta Fund account at Abbots to other offshore companies. The payment process allows monies to be remitted to other accounts and institutions on the signature of the broker only. o No monitoring of the Theta account was carried out because Silk Investments LLC is an SEC registered company. o You also note that various cupboards and printers containing confidential information are left unsecured after Paul Madop and his assistant have left for the evening. On looking at the policy arrangements and training records, you note that there is a draft clear desk policy, but no training has been carried out on it yet. Questions (a) Analyse the different risk characteristics of each of the following, and describe what customer due diligence documentation and information you would expect to find on file for: (i) Jim Dunn; (3 marks) (ii) The Theta Fund; (7 marks) (iii) Silk Investments LLC? (3 marks) (b) Analyse the situation at Abbots with respect to the methods of accepting orders, the trading process and post facto monitoring, looking in particular at: (i) the potential internal risks (11 marks) (ii) the potential risks from external fraud (8 marks) In each case, your answer should include any obvious control weaknesses and how you would mitigate them. (c) Identify the external reports that may be required in relation to the above situation and state the legislation or regulations under which such reports would be required. (4 marks) (d) Outline the matters you need to consider in deciding whether there is an obligation to make any reports. (4 marks) [Total for Case Study 1: 40 marks] Case Study 2. You are a compliance consultant. You have been retained by the Rightway Group (Rightway), a firm of Independent Financial Advisers (IFAs). The results of your fieldwork are as follows: Rightway employs a number of IFAs across the UK. It has one office in Birmingham and 75% of its IFAs are home based, visiting the office only occasionally. Rightway was founded 10 years ago by a group of 10 IFAs who left larger firms. Each of the 10 founders, who are still with Rightway, now has at least 20 years‟ experience. As a result of an expansion drive some three years ago, 40 of the IFAs at Rightway have been employed by the firm for less than 2 years. 30 of this group of 40 are experienced IFAs who brought existing clients with them. 10 of the 40 have not previously worked as IFAs but have either worked in the industry, or in a related industry, before. Rightway advises on the full range of investments, including pensions and pensions transfers. Some of the IFAs are also qualified accountants and tax advisors, and the firm derives some fee income from tax advice. Most clients have been introduced by other professionals. In the past, many of the introductions have been from estate agents, property lawyers, property development companies and surveyors. As a result, there is a large number of clients for whom Rightway has arranged either a residential or buy to let mortgage. Some of these then go on to receive advice on investments. Some IFAs advise clients on the whole of their investment portfolios. As a result of the current economic situation, the volume of business from mortgages and referrals from estate agents, property lawyers and surveyors has declined significantly. Rightway has, over the last 3 months, hired an additional 10 IFAs all of whom have been FSA approved. The reason for appointing this group of 10 new hires, whose areas of expertise are in areas other than mortgages, is to assist with the diversification of the Rightway‟s income base. The internal control process for new recruits is: o CVs are collected and most recruits are interviewed by one member of staff o The last employer is contacted to check the employment dates. Where the recruit has been self employed, a personal reference is sought o Contracts refer to remuneration and basic employment law matters only. No statement about previous activities is sought. You do some testing of the client base of a sample of the IFAs and find the following: IFA Years’ Revenue Total Experience (Per Number of Clients Number of Comment annum Current Introduced Introducing £’000s) Clients by other Firms Firms Randell 10 60 100 45 25 Wide spread of investment and residential mortgage business. Clients evenly distributed across East Anglia. Singh 20 80 120 60 20 Wide spread of mortgage and insurance business, mainly based around East Midlands. Taylor 3 50 10 10 1 Main revenue from buy to let mortgages. Client base/ properties in 2 developments in SE London. Usman 20 54 93 46 8 Pensions specialist and tax adviser, clients nationwide. Voce 5 52 15 14 1 Mortgage specialist. Clients mainly from Manchester – all buy to let from 3 developments. Williams 30 85 150 75 15 General insurance, investments and re-mortgages. Clients mainly in Yorkshire. Xenia 15 40 200 180 20 General insurance products and some funds business. Clients mainly in Bristol and surrounding areas. Questions You have been asked by Rightway‟s board of directors to provide the following: (a) An assessment with reasons, of the risks from financial crime in Rightway‟s business, concentrating in particular on the mortgage and general insurance products offered by Rightway. (14 marks) (b) An analysis of any weaknesses in the recruitment control structure at Rightway that might increase the risk from financial crime by its IFAs and how you would address them. (7 marks) (c) Indicators of risk that you would use to assess the risk of financial crime that each IFA‟s business presents. (5 marks) (d) An assessment for each of the seven IFA s you have looked at as to whether, on a comparative basis, you regard each IFA‟s business as presenting either a higher risk or lower risk of financial crime. (14 marks) [Total for Case Study 2: 40 marks] Case Study 3. (Please answer both parts of this question). Part 1 You are the MLRO of a boutique bank. The bank offers corporate finance and wealth management services to entrepreneurs across the globe. The client base is attracted by the discretion and confidentiality offered by the bank. Your bank‟s corporate finance department is advising Winloz, an AIM listed internet gaming company, with regard to its offer to purchase the entire shareholding of Lozelodz, another AIM listed internet gaming company. You receive a copy of a suspicious transaction report made by a relationship manager at the wealth management arm of your bank with regard to the following matters, none of which is legally privileged: o The subjects of the report are Subco (a subsidiary of Winloz), the Chief Executive of Lozelodz and its Chief Financial Officer, all of whom hold accounts at the bank. o Subco has paid an amount of £10m to Alpha Investments Limited, a British Virgin Island investment company. o The Chief Executive and Chief Financial Officer of Lozelodz have received £2m and £1m respectively, from Alpha Investments Limited. The payments to the Chief Executive and Chief Financial Officer of Lozelodz from Alpha Investments Limited may be the redemption of investments made by them. On the other hand, these could be payments to them by Winloz for their support in recommending the takeover of the company to investors and for selling their shares. If so, this could also be a fraud on the other shareholders of Lozelodz. You are in a quandary. There could be a perfectly acceptable reason for the payments by Alpha Investments Limited or you could be looking at a fraud being perpetrated on the shareholders in Lozelodz. If senior executives are involved in a fraud then what you need to do is clear. If, however, there is a perfectly innocent explanation as to the payments made to the Chief Executive and Chief Financial Officer of Lozelodz such as the redemption of an investment and you report the transaction, it is likely that the clients concerned will be none too happy, and the information will soon spread that you made a suspicious transaction report which was unwarranted. Senior management at your bank are concerned with any legal liability the bank may incur and with the reputational risk if you make a defensive suspicious transaction report on a transaction that turns out to be perfectly innocent. Questions (a) With reference to the facts in the case study above, analyse the law on the requirement to make a suspicious transaction report, making reference to any precedent cases that assist in interpreting the law. (11 marks) (b) If you decide to delay the completion of the transaction (i.e. the Winloz offer for Lozelodz), which results in your client suffering considerable damages, analyse the protection offered to the bank by the cases of Squirrell v National Westminster Bank  EWHC 664 (Ch), K v National Westminster Bank  EWCA Civ 1039 and Shah v HSBC Private Bank (UK) Limited. (8 marks) (c) State to which of the following liabilities you and the bank might be exposed if you fail to report the suspicion and, instead, proceed with the transaction at hand: Criminal Liability Civil Liability Regulatory Liability In each case give your reasons. (9 marks) Part 2 You have reported the matter to SOCA. Six days have passed since you made the report to SOCA. The Chief Executive and Chief Financial Officer of Lozlodz have drawn cheques on their accounts which have been “Referred to Drawer”. They are unable to meet their normal living expenses due to the bank‟s failure to honour their cheques. They, individually, are shortly to see one of the bank‟s directors about the failure to make payments from their accounts. Several of the cheques are of low value and the director thinks that the bank should honour these as the amounts are so small and the potential hardship so great. Question (d) Provide guidelines to the director setting out what he may and may not mention to the clients at the meeting. Include the guiding principles for his conduct and any relevant criminal laws and penalties he may be exposed to if he either honours the cheques, or tells the clients why he cannot honour the cheques. (12 marks) [Total for Case Study 3: 40 marks] [Maximum for Section B: 80 marks] Anti-Money Laundering and Financial Crime – Suggested Answers The following answers have been prepared to illustrate possible approaches to answering the examination paper. They are not intended to be comprehensive, covering every possibility, but they do address the key points. Marks will be available for other points made by candidates provided they are relevant, correct and (where appropriate) justified by reasoned argument. The suggested answers are usually given here in brief note form. However, in the examination, candidates should ensure that their answers contain sufficient detail to satisfy the examiner that the question has been fully understood and addressed. SECTION A Question 1 (a) Senior management has a responsibility to ensure that the firm‟s control processes and procedures are: Appropriately designed. Implemented. Effective. (b) [Requirement can be found in SYSC 3.1.1R, 3.2.6R and 3.2.6A] They must ensure that certain appointments are made: i. Money Laundering Reporting Officer. ii. A senior person with responsibility for ensuring that controls are implemented. Question 2. Proceeds of Crime Act 2002 / Terrorism Act 2000 You know that a suspicious transaction report (authorised disclosure) has been made or that an investigation under POCA or TA is contemplated or underway, and you make a disclosure that is likely to prejudice any such investigation. Defences: Disclosure made within a group of companies; Disclosure made to a professional legal adviser; Disclosure made between certain regulated institutions for the purposes of preventing an offence. Question 3 Five from the following seven: Insider dealing. Improper disclosure of inside information. Misuse of information. Manipulating transactions. Manipulating devices. Disseminating information likely to give a false or misleading impression. Market distortion. Question 4 its customer, product and activity profiles; its distribution channels; the complexity and volume of its transactions; its processes and systems; its operating environment. Question 5 “Money laundering” is a crime that involves the acquisition, use, possession, transferring or making arrangements in respect of criminal property [as outlined in the UK in the Proceeds of Crime Act 2002]. According to the FSA SYSC provisions, “financial crime” includes: Fraud Market abuse Money Laundering / Terrorist financing Money laundering is only one crime amongst them. SECTION B Question 1 (a) (i) Individual from a standard risk country: Personal identity information: Name, date of birth, permanent address. Passport / other photographic ID and source of wealth information. (ii) Unregulated collective investment scheme: Offshore unregulated collective scheme is a higher risk. Therefore, it is appropriate to look behind it in more detail. Therefore, client due diligence documentation should include at least: Fund prospectus/offering document and copies of material contracts listed in the prospectus/offering document Certificate of incorporation / extract from commercial register / proof of registration of the fund Individual identification and verification of fund officers Individual Identification and verification of the fund manager, directors of the promoter and fund manager, and shareholders in the fund where shareholding is over 25% (i.e. UBO) Identity of scheme functionaries/counterparties (iii) Regulated investment firm in equivalent jurisdiction: Simplified due diligence to include name and business address of the company To include checking on the SEC website that they are registered (b) (i) The major potential risks from internal fraud are centred around the amount of unsupervised client access the relationship manager, Madop, has with the clients. In particular : Madop appears to be able to take instructions on his mobile Madop and his team appear to be able to move monies between the internal errors account and the client account Madop is the conduit for client communication on margin calls There appears to be no application of the “4 eyes” principle There is no monitoring that might detect the unusual trading patterns as this appears to be driven by Silk, the advisor being regulated, rather than looking at the client or the activity on the account. To mitigate the risks, the following should be required: - all instructions are taken on a taped line; - the internal error account is subject to proper process / oversight including independent authority for its usage; - an independent check is made on the client instructions for moving money out of the account. This could be on all transfers or just those that do not go to a client nominated default account. (There could be a limit on all money transfers to that account – Abbots is not a bank); - Margin calls etc to be sent by a separate unit. (ii) With regard to external fraud, the major risk appears to be: - the lack of controls on accepting instructions which could leave the firm open to fraudsters / imposters giving instructions. - exacerbated by the fact that the assistant has not met the client. Mitigation of this threat would be to: -properly identify the person giving instructions by e.g.: -password or other arrangements e.g. call back -written confirmation to the client of an agreed fax number or similar for all instructions; -assistants or other employees should meet the clients. There also appear to be some information security problems which might lead to either internal or external fraud. This could mean that confidential information could be removed by internal persons or contractors e.g. cleaners. A clear desk policy, to include securing physical information, should be issued and training provided. (c) Relevant legislation for money laundering is the Proceeds of Crime Act 2002 for a report to SOCA about suspicions of money laundering. Also possibly a crime (under Fraud Act) that it might be appropriate to report via the standard criminal complaints process. Finally consider whether a report to FSA might be appropriate (either market abuse or a serious control failure / compliance breach) under SYSC. (d) The key consideration for POCA 2002 is whether there is enough information to date to indicate that something is wrong such that we are suspicious that the account may contain the proceeds of crime. This is arguable either way, but you could report defensively or gather more information. The key for a complaint to the police is whether we believe a crime has been committed. Question 2 (a) Mortgages General Note the difference between the residential and buy to let – i.e. it is easier to set up frauds etc on somewhere that the mortgagee does not live in Residential Mortgages o Fraud – Overvalued properties / fraud on the lender o Money Laundering – Popular target for criminals due to the volume and ubiquity of the product o Terrorist financing – Lower risk, but may happen in concert with a fraud. Buy-to-let mortgages o Fraud – Increased risk over residential mortgages as has been seen of late. Problems with dishonest surveyors etc and overvaluation of properties. o Money Laundering – Possibly, as turnover in this sector is more common than in residential markets. Also, illegitimate cash can be disguised as “rent”. o Terrorist financing – Possibly, but as part of the above. General Insurance o Fraud – in the sales process low risk, but obviously for the insurance company there is a risk of false claims. o Money Laundering – Low risk o Terrorist Financing – Low risk Risks to all of the above. Also the possibility of IFAs being in concert with external parties to get mortgages or other products with view to using those for criminal ends. This is because of the role of IFAs as financial gatekeepers. Internal fraud Possibility of misleading client into giving powers to the IFA. Also the possibility of data theft from the client, or other abuse of position of trust with clients‟ assets. (b) Weaknesses in recruitment control structure Given the risk of hiring someone who will either defraud the client or the firm, there is a need to ensure that they are fit and proper. Rightway‟s business involves a lot of unsupervised activity (home based advisers are the majority). Currently only the last employer is checked. The firm should consider the following checks: Full reference check back for 5 years (and reasons for leaving employer) Credit check / Credit Court Judgements Criminal Records Recruits to be interviewed by more than one person, and should at least be required to positively state – no convictions etc (c) Major indicators of risk are: o Product specialisation in higher risk products. o Geographical concentration of clients in particular higher risk products. o Referrals from a small number of firms for higher risk products. o Experience of IFA: generally higher risk the less experienced, although this is not conclusive. o IFAs who are outliers in either gross or average revenue. (d) Assessment of the IFAs listed: Randell - Experienced. Wide spread of clients; average income for the number of clients. Wide spread of products. Large number of introducing firms. Even distribution of clients – probably fairly low risk. Singh – Experienced. Average fee income. Large number of clients. Large number of introductions but from large number of firms – Lower risk. Taylor – Low number of clients, high revenue from low number of referral sources. Higher risk products. Low experience – Higher risk. Usman - Experienced. Average fee income. Large number of clients. Large number of introductions but from large number of firms – Lower risk. Voce - Low number of clients, high revenue from low number of referral sources. Higher risk products. Low experience – Higher risk. Williams - Experienced. Average fee income. Large number of clients. Large number of introductions but from large number of firms – Lower risk. Xenia - Experienced. Low fee income. Large number of clients. Large number of introductions but from large number of firms. Specialises in lower risk products – Lower risk. BUT is an “outlier”, so may deserve a further look. Question 3 (a) Legal analysis of criminal offence: statutory vs case law. Relevant statutory provisions: In the regulated sector, failure to report money laundering is an offence under Section 330/1 of Proceeds of Crime Act 2002. It is an offence not to report where a person knows or suspects or has reasonable grounds for knowing or suspecting that another person was engaging in money laundering. Section 330 applies to any person in the sector; Section 331 applies to the MLRO receiving a suspicious activity report. Money laundering is defined as acts in relation to criminal property. In this case the question turns on whether we know, suspect or have reasonable grounds to know or suspect. Reference to case law to assist: Leading case: • R v Da Silva  EWCA Crim 1654 (a money laundering case): „the essential element in the word “suspect” … is … that there is a possibility, which is more than fanciful, that the relevant facts exist‟. • „A vague feeling of unease would not suffice‟ • „But the statute does not require the suspicion to be “clear” or “firmly grounded and targeted on specific facts”, or based upon “reasonable grounds”‟ The interpretation of “suspicion” is one in that is more than merely fanciful; it is more than a feeling of unease – therefore the concern falls within the legal definition of suspicion, and so a report should be made.. (b) Leading cases Squirrell v National Westminster Bank  • It was also obliged not to carry out any transaction in relation to that account. • „.. the course adopted by Natwest was unimpeachable. It did precisely what the legislation intended it to do. In the circumstances there can be no question of me ordering it to operate the account in accordance with Squirrell‟s instructions. To do so would be to require it to commit a criminal offence.‟ • K v National Westminster Bank : „The truth is that Parliament has struck a precise and workable balance of conflicting interests .... . a limited interference is to be tolerated in preference to allowing the undoubted evil of money-laundering to run rife in the commercial community‟ Shah v HSBC Private Bank Suspicion under POCA was a purely subjective matter. It did not matter whether or not there were reasonable grounds for that suspicion provided that it was genuinely held. A bank has no civil liability as a result of damages flowing from the reporting of a suspicious transaction because of the conflict between duties under conflicting criminal and civil law where the bank complying with criminal law should be protected. The bank was also not in breach of any duty to disclose information to the claimants. To have done so would have put the bank at risk of committing a „tipping off‟ offence under POCA 2002. (c) Criminal Law Failure to Report as s331 above is subject to a fine or imprisonment of 5 years. Officers at the bank carrying out an act in breach of POCA S328 – making arrangements in relation to property which they know or suspect assists a laundering offence. This is a principal money laundering offence – 14 years, a fine or both. Civil recovery of any profits made. Regulatory Liability Individual‟s breach of FSA principles – if malice / dishonesty found, Any officer holding Significant Influence Function might be fined or barred. Institutional breach of FSA principles – the Bank may have breached systems and controls principles and Could be sanctioned – a range of enforcement options from private letter to public fine / authorisation removed. Civil Liability Possibility of civil liability to the victims of a fraud if it is known or suspected that what the client is doing is illegal. So-called constructive trustee. (d) Guidelines Two key principles are at work: i) Do not Tip Off; ii) All transactions are covered regardless of value. In meeting with the clients, you must not make a statement to them that would prejudice an investigation: Proceeds of Crime Act 2002 / Terrorism Act 2000. Therefore, we cannot currently honour the client‟s cheques. You may not give a reason for this, nor give any indication that a report has been made or that an investigation might be underway by the authorities. The relevant law is POCA Section 333 as amended – Tipping Off. The potential offence is committed if a person knows that a suspicious transaction report (authorised disclosure has been made) or that an investigation under POCA or TA is contemplated or underway; and then he makes a disclosure that is likely to prejudice any such investigation. The defences available do not seem to apply in this case. The penalty for committing the offence of Tipping Off is a fine or up to 5 years in prison. The specific money laundering offences set out in POCA do not have a minimum amount attributable to them. Therefore we cannot honour any of the cheques at present, regardless of value. To honour the cheques without consent would be to risk committing a principal offence which is liable to an unlimited fine, 14 years imprisonment or both.