Banks need to follow Know Your Employees norms for robust internal AML control systems
If banking organisations do not follow know your employee practice, it is inevitable that they will be more prone to violations and resultant reputational risk like money laundering
Recently, an employee admitted in San Diego federal court that he caused Citibank to fail to report suspicious transactions and to maintain an effective anti-money laundering (AML) compliance programme. In his plea agreement, the employee admitted that he used his position as well as his finance knowledge to aid his clients in avoiding detection by Citibank’s AML compliance programme. He clandestinely managed not to report Citibank customers he knew were engaged in various suspicious and high risk activities. He undermined the bank’s obligations in exchange for cash and in kind compensation. He also counselled customers on the specifics of bank’s AML parameters by providing the customers with internal-use–only AML Guidelines.
He also devised schemes whereby shell bank accounts in non-threatening business sectors would be established and maintained by his clients for the purpose of engaging in large volumes of cash transactions, without triggering bank’s AML reporting obligations This highlights that an insider can pose the same money laundering threat as a customer does.
The Rs6,000 crore transfer transactions in Bank of Baroda (BOB) seem to have a very striking resemblance to the case quoted above so far as its modalities are concerned. The funds were transferred in illegal and irregular manner in violation of established banking norms under the guise of payments towards suspected non-existent imports. The suspicious transactions were routed to Hong Kong allegedly between 1 August 2014 and 12 August 2015. It is alleged that there were 8,667 forex transactions from the Ashok Vihar branch of BOB, prompting a probe. Certain bank officials and private persons have been charged under the stringent sections of the Prevention of Money Laundering Act (PMLA).
Sources indicate that the money was being transferred through 59 accounts at the bank's Ashok Vihar branch to companies in Hong Kong and Dubai. The money was disguised as payments for imports. A search revealed that addresses given by at least 50 companies for bank records were fake. It also transpired that some of the employees acted as middle-men for these companies. There seems to be a conspiratorial understanding among employees and the prospective customers and middle men to engage in these fraudulent transactions where goods for imports and exports were non-existent. The Bank’s executive director told NDTV that BOB itself had detected the irregularities and alerted the Enforcement Directorate (ED). It, therefore suggests that the misdemeanour of bank employees, and not the systemic lapses or failures were the drivers for this fraudulent act. It speaks volumes about the vulnerability of financial institutions to the depredations that their own employees can cause.
Traditionally, banks have concentrated on identifying their customers. Know your customer (KYC), doubtless, is an essential precaution, but it is not sufficient. It must be coupled with know your employees (KYE). There have been instances in India that highlight involvement of employees in fraudulent transactions – in most cases in league with customers, as is evidenced by the recent BOB case. Many earlier investigative reports have also exposed bank employees across the country all too eager to help customers do deals in violation of AML guidelines. Many employees were captured, in a sting operation
, advising customers how they could convert their black money and route it into the system by opening multiple accounts, using other customers’ accounts, engaging mules, posing as farmers and using shell companies to account for overseas travel and other expenses. This, therefore, brings into sharp focus, the need for thorough checks on employees’ credentials and proper screening of candidates to prevent the hiring of undesirables. Mostly greed is the driving force that leads people to flout all rules of morality and ethical values governing business operations. This will remain so unless a compliance culture is created and it is made a part of an organization’s DNA. This requires a firm commitment from the management of an organization. Prevention is the only solution. An organisation implementing and maintaining a robust internal control system and with a moral and ethical value system would, in most cases, prevent any perversion of rules and regulations. If banking organisations do not go down that road, it is inevitable that they will be more prone to violations and resultant reputational risk.
A good internal control system with a strong and robust ethical culture will minimise any damage. But even with the soundest internal checks and control system in place, subversion will take place because of staff collusion and abuse by a person with authority overriding the control management. Where weak KYE and internal control measures abound, corporate losses due to employee theft and embezzlements increase. Top of Form
Organisations should try to develop a culture with an ethical and spiritual tone that echoes constantly. The more it is developed, less will be the incidence of fraud and violations.
A know your employee or KYE program means that the organisation has a system in place that allows it to understand an employee’s background, conflicts of interest and susceptibility to money laundering complicity.
Policies, procedures, internal controls, job descriptions, code of conduct or ethics, levels of authority, compliance with personnel laws and regulations, accountability, dual control, and other deterrents should be firmly in place. Background screening of prospective and current employees, especially for criminal history, is essential to keeping out unwanted employees and identifying those to be removed.
In an effort to identify and anticipate trouble before it costs time, money and reputational damage, organisations must develop programs to look closely at the people inside their own organisations. Background screening can be an effective risk-management tool.
Just as management verifies the identity of customers, it should verify the identity of job applicants. Once the person is hired, an ongoing approach to screening should be considered for specific positions, as circumstances change, or for a comprehensive review of departmental staff over a period of time.
Employee surveillance is one of the most sensitive— and yet, rapidly evolving—areas of compliance for financial services firms today. Initially, a response to regulatory pressure, surveillance obligations are now becoming an integral part of a robust internal control system. That does not mean those obligations are easy to fulfil. Monitoring employee activities to detect and prevent illegal conduct—fraudulent trading, benchmark rate manipulation, or any other offense—is not a new concept per se, especially for large financial institutions. Regulatory Authorities, have long required banks to monitor their employees’ personal trades.
Solid KYE (Know your Employee) policies and procedures should form part of a sound compliance program, on the anti-money laundering, ethics, and fraud fronts. All relationships between an organisation's clients, employees, and third party service providers carry a level of risk; however the risks posed by employees may ultimately be the greatest risk an organisation faces. This is because employees have internal access and provide access to external sources. It is often said that an organisation’s greatest asset is its human capital; and the highest returns carry the greatest risk. However this may not hold true within the context of KYE, given that well known, as well as well-trained employees have been found to be involved in fraudulent activities damaging the reputation of the organisation. Where weak KYE and internal control measures abound, corporate losses due to employee theft and embezzlements increase.
For banks and other types of financial institutions, KYE is now as important as the frequently quoted buzzword: Know Your Customer, or what is known in the industry as KYC.
An organisation trusts its employees because it has checked their credentials when it hired them, and it reviews them regularly, at least once a year for a pay raise or a promotion. But have the employees maintained the same personality, ethics and integrity they had when it hired them a year two or three years ago? Employees and their circumstances change because of social, economic, political affiliation and other personal reasons. Changes in character, circumstances, or personality can lead to the possibility that one or more of its staff becomes an indirect participant in money laundering and/or terrorism financing by helping an accomplice complete his or her banking transactions without reporting such a transaction to senior management as a “suspicious transaction” for it to pass it on to the Financial Intelligence Unit. This undermines the integrity of the institutions’ anti-money laundering compliance programme and increases their risks. So organisations must have a solid and unwavering KYE programme capable of uncovering past criminal misdeeds and unethical performance or conduct. New hires must be subjected to detailed background checks, beyond that of educational credentials and work experiences.
is a retired banker and consultant for training and development. He is also author of Anti Money Laundering /Anti-Terrorism Financing & Know Your Customer)