Operational, Tactical and Adaptable – Information Technology (OTA-IT)

“Technology is merely a tool and only as powerful as the user is knowledgeable.”
Subscribe

Faces of Fraud: PODCAST

March 14, 2012 By: Joseph Bognanno Category: Risk Management, anti-fraud

Submit to StumbleUponSave on DeliciousDigg ThisSubmit to redditShare via email

From the 2012 RSA Conference, Joseph Bognanno of Wolters Kluwer Financial Services provides guidance on how to fight fraud. According to Joe, banks are in the fraudsters’  cross-hairs, but there are new solutions to help detect and prevent fraud.

Joseph Bognanno – Anti-Fraud

You may also listen to this complete Podcast and others at www.bankinfoscurity.com.

Member Screening and Risk Scoring PART 2

February 22, 2012 By: Joseph Bognanno Category: Anti-Money Laundering, Compliance, Risk Management

Submit to StumbleUponSave on DeliciousDigg ThisSubmit to redditShare via email

How To Develop A Baseline Risk Analysis

Credit Union Journal  |  Monday, October 3, 2011

By Joseph Bognanno

As was discussed in Part One of this series (”Developing a “risk baseline” through practical analysis”), credit unions should start the development of a baseline risk analysis by considering an institution’s size and member base.

Credit unions with larger numbers of members will have more factors to consider when evaluating the potential risks associated with the base. The geographic location of branches, where members live and do business, whether operations occur in High Intensity Drug Trafficking Areas (HIDTA) or High Intensity Financial Crime Areas (HIFCA), income and educational levels, will vary by institution and are all factors that will provide input to your analysis of risk.

The FFIEC Examination Procedures guidance refers examiners to Appendix I “Risk Assessment Link to the BSA/AML Compliance Program” (See Figure 1) to ensure that a financial institution utilizes an effective risk assessment that will become the foundation for establishing internal controls and the resulting overall Risk-Based BSA Compliance Program.

Figure 1

One you’ve compiled the initial data about your member base, also look at your process for collecting data about members, the sources and reliability of data, including the information provided directly from members, and the completeness of the data. Credit union members often enjoy a more personalized experience with their institution due to a deliberately intended corporate culture policy. Many times this results in reduced information gathering during interactions between a credit union representative and a member, so as not to burden the member with what may seem to be intrusive questions about their financial activities.

While each institution needs to evaluate how it will approach this dilemma, it is often a matter of disclosing the compliance requirements of the institution as well as the effort to improve the security for the members and their finances.

Another Helpful Step

It will also be helpful to geographically orient your member data-develop an understanding of where your members live, work, carry out their financial activity and other geographical areas where they transact business. With this information you’ll not only be able to get a more transparent and complete view of member profiles, but also you’ll increase the likelihood of compliance with OFAC and other sanctions screening regulatory requirements.

In addition, consider the products and services being offered and the options members have for opening accounts. Since money laundering is the process of getting illicitly gained funds into the formal financial system, criminals often spread their “placement” activities among a number of differing products to avoid detection. Some products are easier to abuse than others, particularly when there are options for opening accounts online or over the phone. The opportunity for face-to-face time with a member will always reduce exposure to risk, but will have to be balanced against the multiple ways doing business offered to members.

Therefore, any additional security measures, such as multiple factor identification, that strengthen your ID Verification and Authentication programs, challenge questions and member due diligence questionnaires will help reduce risks posed by virtual “clicks versus bricks” account opening options provided to members.

Profile Groups: Within Context

A baseline risk analysis can be enhanced by looking at shared traits among credit union members in order to develop profile groups. Many technology solutions base their behavioral monitoring logic on the expected and/or historical behavior of account and/or member activity. However, an analysis of your member base will usually show that members have common traits regarding their business activities, profession, income levels, etc. Also, certain attributes of the member base may represent higher risks than others. For example, members whose business activities are largely cash based, involve international transactions and include their own currency services as Money Services Businesses (MSBs) may represent higher financial crime risk exposure. Recognizing the common aspects of credit union members will assist you in defining profile groups.

Monitoring accounts and account holders within profile groups is a more robust means of mitigating risk and identifying unusual behavior, because it adds another layer when developing the business rules that drive the development of suspicious activity alerts. Behavior is thus evaluated not only against expected and historical member behavior, but also against the expected and historical behavior of the profile group and the thresholds that pertain to the group in question. The result is improved anomaly detection, specifically called for in the new FFIEC Guidance on transaction monitoring.

Thresholds: Correct Calibration

Thresholds are really just pre-determined values (based on risk analysis results) that can be plugged into your business rules defining when to generate an alert or review. Account or account holder activity is monitored for behavior that is outside what is expected for a member or account. Extending this logic to include monitoring of behavior in reference to the member’s profile group, adds greater dimension and insight to whether the financial activity is appropriate.

Setting thresholds appropriately is important and will vary based on institution, business activity and member base. Low thresholds may yield too many “hits” and a high number of false positives. Thresholds that are too high can lead to a low number of hits and thus allow potentially problematic activities to go undetected.

Robust Risk Identification

When risk management is viewed across the entire life cycle of a member relationship, it becomes ever more important to improve an institution’s ability to accurately estimate the risk associated with members and their financial activities. The greatest opportunity to gather the necessary information about members comes in those infrequent face-to-face encounters, and the most opportune moments are usually at account opening and onboarding.

Effectively evaluating risk though member screening and risk scoring through a process of assessing the baseline risk factors and developing robust profile groups to facilitate opportunities for high-risk monitoring will ensure a more comprehensive Customer Identification Program and Enhanced Due Diligence (EDD) which will go a long way toward mitigating financial crime risk and ensuring smoother regulatory exams.

Joseph Bognanno is a Financial Crimes Strategist with Wolters Kluwer Financial Services, and previously held positions with the Treasury Dept., IMF and other institutions.

Member Screening and Risk Scoring PART 1

January 19, 2012 By: Joseph Bognanno Category: Anti-Money Laundering, Compliance, Risk Management

Submit to StumbleUponSave on DeliciousDigg ThisSubmit to redditShare via email

How To Develop And Improve Your Risk-Assessment Techniques

Credit Union Journal  |  Monday, September 26, 2011

By Joseph Bognanno

Although financial institutions have been developing and implementing Anti-Money Laundering (AML) programs for at least a decade, many still seek to develop more effective practices for identifying and minimizing risk.

The banking sector’s groundbreaking efforts to implement controls and compliance in response to laws and regulations such as the Bank Secrecy Act (BSA) and Patriot Act over the last several years has been a great asset to credit unions and to the National Credit Union Administration (NCUA) for responding to financial crime threats.

However, following the recent financial crisis, credit unions and the NCUA must also increase their efforts to develop customer identification programs (CIP) and, as stated by the Bank Secrecy Act (BSA), employ a “risk-based assessment of customer risk.” This is not only due to increased regulatory scrutiny, but also to a realization that credit unions have unique characteristics and members, thus requiring strategies specific to their business sector.

In response to this scrutiny, CUs’ BSA/AML compliance and identity-theft prevention programs, member screening and risk scoring can help them guard against operational and compliance risks, protect them from fines associated with noncompliance, and avoid financial and reputational losses tied to financial crime.

In fact, FFIEC examination procedures regarding financial institutions enterprise-wide BSA/AML compliance program are specific in evaluating how well financial institutions assess their own risk. The stated objective in the FFIEC guidance is to: “Assess the BSA/AML risk profile of the bank and evaluate the adequacy of the bank’s BSA/AML risk-assessment process.” Therefore it is imperative that credit unions develop and improve their assessment techniques.

Carrying out risk analysis will involve the identification of areas that are most vulnerable in an organization, the products that are more likely to be used for carrying out illicit activity and the member segments that require heightened scrutiny.

Gravity’s Pull

A common strategy for assigning resources and focusing efforts on potential threats is to evaluate the gravity of events that may occur and to respond with an appropriate amount of effort to resolve the event or mitigate the severity of the event’s outcome (see chart above).

Potential events or threats can be assigned characteristics. The first being the severity of the occurrence, and the second being the likelihood. Rating events on a scale-or merely assigning levels of low, medium and high-helps to identify the gravest events that, if they were to occur, would represent the greatest impact to an organization. This prioritization will facilitate the decision process around assigning work and formulating more efficient operational activities to quickly disposition these events and take appropriate and rapid action.

This exercise is also a key function for the development of rules-based monitoring of financial activity, high-risk members and accounts, as well as minimizing the time spent addressing any false positive hits. While false positives may be minimized, they are practically unavoidable, because the perpetrators of illicit activity do their best to mimic normal and legitimate financial activity.

Referring back to the FFIEC examination procedures, credit unions can take some pointers from the FFIEC guidance to examiners and use that information to ensure the risk assessment is complete. In reference to “Risk Assessment Link to the BSA/AML Compliance Program,” examiners are directed to “…determine whether the bank has adequately identified the risk within its banking operations (products, services, customers, entities, and geographic locations) and incorporated the risk into the BSA/AML compliance program.”

The risk analysis should take into account factors such as: as the institution’s size and business volume; member profiles; products and business lines; the process of “onboarding” members; and even geographic aspects of member base and business activity.

Also, understanding an examiner’s “hot buttons” is an important theme that should run parallel to developing the appropriate controls and procedures based on your risk analysis. The Corporate Examiners Guide (CEG) published by the NCUA will also provide some insights to ensure that your institution is prepared to respond effectively and appropriately during an examination.

Where To Begin

So where should this analysis begin? Let’s look at establishing a baseline of areas to be assessed as part of your analysis, then build upon that with some practices to make the resulting risk mitigation and response strategies more robust.

• Perform Risk Analysis: look at a number of aspects that will provide source data and information about your institution, member base, etc., and generate a resulting baseline risk assessment

• Review Results: understand the nature and risk associated with the member base, operational procedures, lines of business, means of interacting with members and, of course, where your institution is most vulnerable and why.

Set Thresholds Based on Results

Keep in mind that:

• Different organizations will have different results.

• Different departments of business lines within an organization may have different results and levels of risk.

• Setting appropriate thresholds allows accounts, transactions, and members to be flagged as high risk for monitoring.

• Understanding where higher risks exist allows for adjusting software tools and processes for greater sensitivity and efficiency (lower ratio of false positives).

Finally, keep in mind that many of the same strategies and efforts to detect unusual financial activity apply to both potential money laundering as well as fraud; and that money laundering often involves compromised individuals who might otherwise not be involved in criminal activity. The Association of Certified Fraud Examiners (ACFE) suggests “there are three elements that enable someone to commit fraud: the motive that drives a person to want to commit the fraud, the opportunity that enables him to commit the fraud and the ability to rationalize the fraudulent behavior.”

Where You’re Vulnerable

The vulnerability that an organization has to those capable of overcoming all three elements of the fraud triangle is FRAUD RISK. Therefore it is evermore clear why an effective risk analysis, considering multiple factors that are often unique to credit unions versus other financial institutions, is so important.

In next week’s installment, we’ll discuss leveraging the baseline risk analysis to develop robust risk identification and threat mitigation, while ensuring compliance preparedness as credit unions join their banking brethren on the forefront of financial crime control.

Joseph Bognanno is a financial crimes strategist for Wolters Kluwer Financial Services. He has held positions with the U.S. Treasury, the IMF and other national institutions

###

U.S. Latin American Private Sector Dialog

March 09, 2011 By: Joseph Bognanno Category: Anti-Money Laundering, Compliance, Cumplimiento, Lavado de dinero, Risk Management

Submit to StumbleUponSave on DeliciousDigg ThisSubmit to redditShare via email

The U.S.-Latin American Private Sector Dialogue – or US-LA PSD – originated in June 2006 as a roundtable discussion among senior U.S. and Latin American banking and financial regulatory officials.

Since its inception, the purpose of the PSD initiative has been to open and encourage direct dialogue between the financial sectors in the U.S. and Latin America in order to:
(i) raise awareness of terrorist financing and money laundering risks;
(ii) facilitate a better understanding of effective practices and programs to combat such risks, and
(iii) strengthen implementation of effective AML/CFT controls.

The US-LA PSD Group is a unique collaborative venue on LinkedIn, for professionals in the US and Latin American the private sectors to talk about its perspectives on risk, and the efficacy of different mitigation efforts.

Please join if you are interested in collaborative and mutually beneficial discussions on regional AML/CFT and Fraud Prevention priorities, on achieving harmonization between the benefits and the burdens of risk mitigation, and on balancing the effective use of risk mitigation resources with practical considerations for financial institutions.

FATF Mutual Evaluation Reports (MER)

August 26, 2010 By: Joseph Bognanno Category: Anti-Money Laundering, Lavado de dinero

Submit to StumbleUponSave on DeliciousDigg ThisSubmit to redditShare via email

Members of the FATF and of FATF-style regional bodies (FSRBs) are strongly committed to the discipline of multilateral peer review. The mutual evaluation program is the primary instrument by which the FATF and FSRBs monitor progress made by member governments in implementing the FATF Recommendations.

The mutual evaluation and assessment processes are fundamental to the work of the FATF and all other anti-money laundering and combating the financing of terrorism (AML/CFT) assessment bodies.  The FATF has developed a set of Key Principles for Mutual Evaluations and Assessments, working in collaboration with the FSRBs, the IMF and World Bank. These Key Principles set out the fundamental objectives, principles and essential underpinnings for the assessment processes, and their observance enhances the quality and consistency of the mutual evaluation and detailed assessment reports and of the applicable procedures.

The Key Principles are:[1]

1. The FATF is the international standard setter for anti money laundering and combating the financing of terrorism through the FATF 40 + 9 Recommendations (the FATF Standards) and works towards the full and effective implementation of those Standards. In that capacity the FATF safeguards the general integrity, and the quality and consistency, of the evaluation and assessment processes (including through follow-up processes) as well as ensures the correct interpretation of the FATF Standards. The FATF works with other assessment bodies to ensure that the mutual evaluation and detailed assessment reports (MER/DAR) and follow up reports are objective reflections of the situation in a jurisdiction under assessment.
2. Each assessment body finalises its own evaluations and assessments and follow-up processes.
3. MER/DAR are independent, objective, accurate and of a high quality, and are prepared and finalised in a timely way.
4. There is a level playing field, with MER/DAR (in particular the findings and ratings) being consistent with the FATF Standards and Methodology, with respect to other reports, and among assessment bodies.
5. The evaluation procedures are documented, fair, streamlined and efficient: they make effective use of limited resources, provide for equal treatment of assessed jurisdictions, create clear and agreed processes in cases of joint evaluations, include a quality review mechanism, and avoid unnecessary delays or duplication. Procedures for Plenary discussions allow adequate time for a full and proper discussion of the MER, with a process that allows the assessment team, the assessed jurisdiction, and members and observers an opportunity to participate fully.
6. There is a high level of clarity and transparency regarding the progress that jurisdictions are making to enhance their compliance with the FATF Standards. All MER are published, and with respect to the IMF and World Bank assessments of jurisdictions that are not members of the FATF or FSRBs, the IMF and World Bank strongly encourage the publication of the DAR.
7. Assessment bodies have effective and transparent follow-up processes that result in jurisdictions achieving satisfactory compliance with the FATF Standards in a timely fashion. Such processes are complemented, as appropriate, by other mechanisms that encourage and facilitate compliance, including through the prioritisation of remedial action.

Methodology

In carrying out a Mutual Evaluation, FSRB member countries usually work from an agreed upon Mutual Evaluation schedule and apply a specific Methodology that will be used during evaluations. How often a given country is reviewed depends on many factors, including the number of member countries within the FSRB, previously conducted reviews and their findings, and the availability of resources and evaluators, among other things.

The Methodology is a key tool to assist assessors when they are preparing AML/CFT detailed assessment reports (DAR) and Mutual Evaluation Report (MER). It assists them in identifying the systems and mechanisms developed by countries with diverse legal, regulatory and financial frameworks, in order to implement robust AML/CFT systems. The Methodology is also useful for countries that are reviewing their own systems, including in relation to technical assistance projects.

The Methodology is designed to guide the assessment of a country’s compliance with the international AML/CFT standards as contained in the FATF 40 + 9 Recommendations.

Compliance Ratings

The Methodology follows the structure of the FATF Recommendations.

For each Recommendation there are four possible levels of compliance: compliant, largely compliant, partially compliant, and non-compliant. In exceptional circumstances a Recommendation may also be rated as not applicable. These ratings are based only on the essential criteria, and defined as follows:

Compliant The Recommendation is fully observed with respect to all essential criteria.
Largely compliant There are only minor shortcomings, with a large majority of the essential criteria being fully met.
Partially compliant The country has taken some substantive action and complies with some of the essential criteria.
Non-compliant There are major shortcomings, with a large majority of the essential criteria not being met.
Not applicable A requirement or part of a requirement does not apply, due to the structural, legal or institutional features of a country e.g. a particular type of financial institution does not exist in that country.

The assessment of the adequacy of a country’s AML/CFT framework is not an exact process, and the vulnerabilities and risks that each country has in relation to money laundering (ML) and the financing of terrorism (FT) will be different depending on domestic and international circumstances. ML and FT techniques evolve over time, and therefore AML/CFT policies and practices will also need to develop and adapt to counter the new threats.


[1] Source: FATF “Key Principles for Mutual Evaluations and Assessments”, July 1, 2010

Fantastic New VTS

April 08, 2010 By: Joseph Bognanno Category: Anti-Money Laundering, Business Growth, Compliance, Lavado de dinero, Risk Management, technology

Submit to StumbleUponSave on DeliciousDigg ThisSubmit to redditShare via email

“PayPal iPhone app downloaded one million times in three weeks”!!! (see article here)

I love technology and I’m convinced that over time new Value Transfer Systems will become more and more common. I can’t wait to take advantage of them and also watch our economies and companies benefit from the liquidity and growth due to the ease of use and efficiency of these tools.

Regarless of their benefits, using cell phones, laptops, FOB devices, magnetic cards, or even cards you recharge to later waive in front of the toll collector module on the bus or in the subway, creates opportunity for abuse and misuse when they are not properly monitored and audited.

img_remittanceSome people will see the risk and say, we have to regulate this, while others (like myself) see an opportunity. PayPal is a non-bank financial institution (NBFI) but it employs many of the compliance practices required to ensure that risks from financial crimes are minimized. The combination of its services with the iPod format is a really exciting solution that empowers new technologies and facilitates commerce, while minimizing risk. The iPhone solution is the technology facilitator, while PayPal represents the commerce solution, made less risky by its safeguards already in place for carrying out financial transactions.

So do the risks still exist and where might we find new opportunities, like iPhone and PayPal did?

First we need to understand what the risks might be, so let’s take a quick look at what an IVTS is.

An informal value transfer system (IVTS) refers to any system, mechanism, or network of people that receives money for the purpose of making the funds or an equivalent value payable to a third party in another geographic location, whether or not in the same form.

Informal value transfers generally take place outside of the conventional banking system through non-bank financial institutions (NBFIs) or other business entities whose primary business activity may not be the transmission of money. The IVTS transactions occasionally interconnect with formal banking systems, for example, through the use of bank accounts held by the IVTS operator. (Let’s come back to this point in a minute…)

IVTS are utilized by a variety of individuals, businesses, and even governments to remit funds domestically and abroad. Expatriates and immigrants often use IVTS to send money back to their families and friends in their home countries. IVTS operations are also used by legitimate companies, traders, and government agencies needing to conduct business in countries with no or inadequate formal financial systems.

Because IVTS provides security, anonymity, and versatility to the user, the systems can be also be used for supplying resources for doing illegal activities.

Following the September 11, 2001 attacks on the United States, IVTS have come under increased scrutiny and regulation in many countries as a result of pressure from the United States.

So let me go back to the point about IVTS operators accounts and the potential for anonymity with funds flowing through the IVTS accounts. In the financial sector, efforts have been made to enhance “know your customer” practices for a number of years.  Thus, a bank or other financial institution, with sufficient KYC practices can more readily detect risky customers or unusual transactions that may be related to financial crimes such as money laundering, fraud or financing of terrorism. Informal systems with occasional or intermittent contact with formal banking systems can thus present risks because of the lack of information about who might be moving money through the system.

Perhaps now you are thinking, “oh come on, aren’t you stretching a bit here? How much money can you launder or use to finance terrorism using cell phones or stored value cards like my pre-paid phone card, anyway?”

The answer is, a lot of money can flow through these systems. If there wasn’t a need or opportunity, the products wouldn’t be offered. So new technologies can be a powerful tool for good guys like us who want to easily pay for goods or make a donation, and can also be a very useful tool for those who want to move money easily for more dubious reasons while avoiding detection.

But instead of getting off on a tangent and presenting examples, let me get back on point. The barriers such as country borders no longer exist in a technological world. Money moves more freely and that’s a good thing, but there is a risk presented by companies that are now moving money around, through their own accounts on behalf of others. This presents a risk that others sooner or later exploit, while our government attempts to regulate. These are both negative implications for the company that is trying to move it’s service offering forward, unless they already have the safeguards in place like PayPal does.

The opportunities lie in many areas. Two of which I want to point out here.

First, opportunities exist in assisting companies to address these risks proactively so that they do know who is using their services, where the money is flowing, can minimize their own risk to fraud and abuse, and finally, enhance their reputation capital versus putting it at risk.

Second, the fact that country boarders are non-existent or more easily crossed in a cyber-world, is considered by many to be a problem that is difficult to deal with. Particularly because different countries enforce different levels of control on their financial systems. Banks in the US and Europe frequently close correspondent accounts of financial institutions in countries deemed to be insufficient in their efforts to regulate and prevent against financial crime risk.

Solutions like the PayPal iPhone app, allows for international transactions, while leveraging technology and extending the compliance and “KYC” practices required by US and European regulatory authorities, into foreign environments.

These kinds of solutions not only represent opportunities to us as individuals and companies selling products and services, they also represent an opportunity to shrink informal economies (”cash on the street” outside formal systems) and drive huge amounts of capital into national and global markets.

That’s something we can all use right about now.

AML Software Growth

March 22, 2010 By: Joseph Bognanno Category: Anti-Money Laundering, Lavado de dinero, technology

Submit to StumbleUponSave on DeliciousDigg ThisSubmit to redditShare via email

Recently I read an article about Barclays’ selection of Temenos AML technology.  (See Finextra News)

“Who’s heard of Temenos?” I thought. “Does anyone realize or have any idea how big the AML market niche is?”

You’ve probably heard about the latest Google product or Apple device coming on the market. But even if you work in the financial sector – even if you are a compliance officer – I’d be willing to bet you’d have a hard time naming the latest software products on the AML market.

Banking software has been around forever of course, so perhaps you might not find the topic as “sexy” as an iBook, but you may want to take another look at this industry that grows and changes as fast as any market sector out there.

I got my start in Financial Services Software while I was working at JPMorgan Chase in the early nineties. I started working with a company that later hired me away as a consultant. Hogan Systems was an IBM seed company and was later sold and sold again, and now is part of Computer Sciences Corporation.

In a world of big banks and big corporations providing them with the tools to manage customer accounts and relationships, you might think the market is a tough one to break into. You would me mistaken. Take for example this latest article about Temenos Group AG. The first thing that you may want to make note of is their founding date; 1993, and then note that they have over 1,200 employees and customers in 120 countries. If that isn’t enough to show you that newcomers to the market can generate big business, consider the company that they just aquired, Viveo Group (out of France). This company is a core banking software company that, although it has been around for a few more years, was procured for around $81 million to strengthen their Anti-Money Laundering (AML) software offering (and certainly eliminate competition). The truth is there are a slew of other companies out there, developing software for AML and a number of other banking and financial transaction related needs.

So what is driving these opportunities for new emerging service and software providers?

In my view there are three factors, one of which is the most overlooked. These are:

1) David and Goliath effect: The small company’s ability to remain agile and flexible and quickly meeting the needs that take larger corporations more time to meet through adapting organizational and technology infrastructures.

2) Darwin effect: Technology’s constant re-invention or mutation and ability to compete with other “species” of technologies for dominance.

3) Sensitivity effect: In a Stimulus-Response Model, this is the organism’s ability to respond to external stimuli. And it is the external pressures that have, in my opinion, been the biggest force behind this sector’s growth.

The external factors that have pushed, and continue to push, growth and create opportunities in the financial services sector, is perhaps the most overlooked factor by most organizations trying to compete in this sector. It’s not just about providing better services to generate more business. In fact, there are several companies out there that are doing very well and who’s success rides on the back of inferior products. So it must be more than just offering the best product, promising the most new business, or highest ROI.

Take the current stimuli of the world financial crisis, increased threat of terrorism, preponderance of Ponzi schemes, etc. etc. and the response by regulators and stock holders, who now demand even greater controls and monitoring of customer and corporate activities.

None of the three factors I’ve mentioned are new, and they are all pretty much common sense, but it is important to have all three in mind when you begin to analyse where the opportunities lie for software and service providers operating in the financial sector (or any other sector for that matter).

The growth of AML software, which is kind of obscure for the “average Joe” or the average compliance officer, is an indication that even niche opportunities exist and can be exploited for creating new business offerings that can obviously generate 10 fold returns for visionaries and investors.

Is “banking software” sounding a little more sexy now?

Forensic Information Technology (Part 1)

February 23, 2010 By: Joseph Bognanno Category: Business Growth, Compliance, Computer Forensics, Cumplimiento, Forensic Audit, Risk Management, technology

Submit to StumbleUponSave on DeliciousDigg ThisSubmit to redditShare via email
Analyzing data for information

Analyzing data for information

Technology advancements and the constantly changing regulatory environment are prompting leading organizations to accelerate the implementation of systems to compliment and support their operational efforts to improve risk controls, cost management, regulatory compliance and enhance cost effectiveness.

Leading businesses have come to realize that the risks and expense that result from money laundering, fraud and other crimes directly undermine their best efforts to grow, compete and be increase profitability.  For example, an average of 10% of revenues, are lost annually, due to fraud alone.

Applying Forensic Information Technology (computer forensics) solutions is a big part of responding to these threats. But what is computer forensics?

Computer forensics is the discipline of analyzing all types of electronic and computer devices (and data sources) in order to obtain information contained in them to compare and analyze information, including that which might have been removed or hidden, so to serve as legal evidence.

In a typical analysis, company decision makers have to evaluate a number of factors. Considering the potential impacts of implementing or not, systems that will prevent or detect illicit activities within their finances and/or operations. They must ponder the cost of being proactive versus reactive. They ask themselves what the cost will ultimately be if we forego the expense now, and accept the impact if an event ever happens. In other words, “Does a dollar spent now save three in the future, or will it just be a draw on scarce operating capital that could be better put to use in some other area of the company, that has a more predictable return on investment?”

There are ever greater numbers of Forensic Information Technology solutions and other systems, designed to detect irregular internal activity, as well as those used in combination with systems that provide regulatory compliance reporting. But is it correct to think of systems as merely an expense or an insurance policy, rather than an investment that will have a positive ROI? To answer this, we need to look more closely at what Forensic Information Technology is, and what it offers.

Information Systems form part and parcel of every business organization. In today’s increasingly competitive markets, technology represents the means for being more efficient, thus lowering costs, and an opportunity to enhance awareness of customer needs and trends in order to increase and identify new income streams.

In the next post (Part 2) we’ll look at the application of computer forensics and how it can mitigate risk, prevent financial crime, facilitate regulatory compliance, with the additional benefit of generating new clients and sources of revenue.

“Una UIF kirchnerista”

January 14, 2010 By: Joseph Bognanno Category: Anti-Money Laundering, Lavado de dinero, News

Submit to StumbleUponSave on DeliciousDigg ThisSubmit to redditShare via email

Descabezaron la unidad antilavado

Ir a la nota

El economista José Sbattella quedaría al frente

Hugo Alconada Mon
LA NACION

José Sbattella

José Sbattella

Urgido por revelaciones periodísticas de irregularidades y escándalos internos, falta de resultados concretos y la inminencia de la aparición de un informe internacional que se prevé que será muy crítico, el Gobierno descabezó ayer la Unidad de Información Financiera (UIF), el órgano que debe investigar posibles operaciones de lavado de dinero.

La Casa Rosada, que analizaba remover a la presidenta de la UIF, Rosa Falduto, y al vicepresidente, Alberto Rabinstein, desde hacía semanas, aceleró su decisión tras la publicación, a fines de diciembre, de una investigación de LA NACION sobre la situación del organismo, según confirmaron ayer tres fuentes oficiales y dos integrantes de la UIF.

Reemplazaría a Falduto un economista de marcado perfil político, José Sbattella, muy cercano al matrimonio presidencial.

LA NACION había revelado la existencia de una supuesta “mesa paralela” dentro de la UIF para canalizar los reportes “sensibles” al poder y la recepción de una presunta orden de avanzar contra el Grupo Clarín con una denuncia, así como el reemplazo de decenas de técnicos por personal menos calificado, y la tortuosa relación que distanció a Falduto y Rabinstein.

El nuevo responsable de la UIF, Sbattella, es un economista ligado a los Kirchner desde 2001, pero sin antecedentes ni experiencia en la lucha antilavado, lo que podría conllevar impugnaciones desde el sector privado a su candidatura. En los próximos días se abrirá un proceso obligatorio de consultas a la sociedad civil, previo a la designación oficial. Según dijo Sbatella a LA NACION, recibió la orden política de “jerarquizar” el organismo (ver aparte), aunque sus críticos temen que politice aún más un órgano con acceso a información muy sensible.

Para facilitar el arribo de Sbattella y su equipo -como vice iría su colaborador, Gabriel Cuomo-, Falduto debió presentar su renuncia bajo presión del jefe de Gabinete, Aníbal Fernández, y del ministro de Justicia, Julio Alak. Continuará en su cargo “hasta la asunción de su reemplazante”, según el decreto que se publicó ayer en el Boletín Oficial.

Distinto es el caso de Rabinstein, a quien Falduto aisló dentro de la UIF e ignoró durante los últimos años, con lo que eliminó su papel local e internacional. Su renuncia se aceptó de inmediato, mientras el Gobierno define el futuro de los siete integrantes del “Consejo de Asesores” de la Unidad.

La labor de Falduto sobrellevó duras críticas desde el inicio mismo de su gestión, en enero de 2007, por su estilo de gestión y los escasos resultados, más allá de las estadísticas. Durante los últimos meses, dos informes detallaron esos problemas. El primero, del Centro de Investigación y Prevención de la Criminalidad Económica (Cipce); el segundo, de una comisión que funciona bajo la órbita del Ministerio de Justicia y que coordinó la fiscal Mónica Cuñarro, que responde a Aníbal Fernández.

El reporte del Cipce determinó que la UIF sólo resolvió el 20% de las denuncias que recibió entre 2003 y 2008, aunque el porcentaje se divide entre los que se enviaron a la Justicia (13%) y al archivo (7% restante).

Tres semanas después trascendió el segundo reporte, mientras visitaba el país una misión del Grupo de Acción Financiera Internacional (GAFI). La comisión coordinada por Cuñarro reveló demoras en la UIF y concluyó que necesitaba una “urgente reformulación”; descalificó las denuncias que elevaba a la Justicia como “simple información burocrática”.

El golpe decisivo, sin embargo, ocurrió a fines de diciembre, según coincidieron cinco fuentes oficiales consultadas ayer. Fue cuando LA NACION reveló la supuesta utilización política de sus registros, las luchas intestinas de poder y la salida de decenas de funcionarios y empleados.

“Una UIF kirchnerista”

De todos modos, Falduto y sus defensores -entre ellos, la ex ministra de Salud Graciela Ocaña-, sospechan que su caída respondió a un intento de Aníbal Fernández por sustituir “una UIF técnica por una UIF kirchnerista”. Descontaban a Cuñarro como la reemplazante, lo que al final no se concretó.

Otros expertos, reclaman que la futura UIF cumpla con el marco legal, sin aditamentos políticos. “La designación de las nuevas autoridades debe ajustarse al mecanismo de la ley sobre lavado, que es complejo, y que exige condiciones especiales”, destacó el ex delegado argentino ante el GAFI, Juan Félix Marteau. Luego vendría, añadió, la segunda etapa: “Existe gran expectativa en el sistema financiero local y a nivel global con que la UIF investigue los casos importantes de lavado y no se dedique a reportes insignificantes”.

La falta de resultados concretos para mostrar a la comunidad internacional también aceleró la caída de Falduto. Casi 10 años después de aprobarse la ley contra el lavado, no se registran condenas. Una realidad potenciada por los incumplimientos sobre los que el GAFI se centrará con especial dureza, indicaron tres fuentes oficiales en el informe que entregará el mes próximo.

Antecedentes

El ex presidente del Grupo de Acción Financiera Internacional Gustavo Rodríguez manifestó en el 2008 su preocupación por el hecho de que en Argentina no hay aún un solo condenado por lavado de dinero pese a que la ley fue sancionada en el 2000.

El titular de la Unidad Fiscal Antilavado Raúl Plee propuso modificar la ley contra el lavado y definir a este como un autodelito.

La DEA se ha quejado por la falta de coordinación entre organismos argentinos para luchar contra el lavado de narcodólares.

What is money laundering?

December 14, 2009 By: Joseph Bognanno Category: Lavado de dinero

Submit to StumbleUponSave on DeliciousDigg ThisSubmit to redditShare via email

Money
What is money laundering?

Illegal activities such as drug trafficking, trade in weapons and white collar crimes can generate large sums of money. Money laundering refers to the act of making these gains legitimate by disguising the source of money, changing its form or moving it to a location where not many questions are asked.

The usual way is to put the money into the financial system by breaking it down into small deposits. The funds are then moved to different accounts with multiple banks. In the third stage, the money is used to acquire real assets, which then create legitimate gains. The estimates of money laundered range from 2-5 per cent of the national income.

What are the implications?

Unchecked money laundering makes monetary management difficult as there is no fix on the money supply. A country that is soft on illegal money risks losing foreign investments and can also attract unsocial elements. Such elements may gradually use their money power to acquire influence and undermine the system. Laundered money could also be used to finance terror.