Red Flags: Do you know what you’re looking for?
9 May 2017
A timely collaboration
The recent announcement that MAS and the Commercial Affairs Department (CAD) of the Singapore Police Force have teamed up to deliver a government-industry partnership, to strengthen Singapore’s capabilities on the anti-money laundering and counter terrorist financing front, shows real intent to combat financial crime and the exploitation of the Singaporean market.
The partnership brings together selected industry participants, regulators, law enforcement agencies and other government entities to collaboratively identify, assess and mitigate the key money laundering and terrorist financing risks facing Singapore. With the regulator and law enforcement gearing up to ‘better detect, deter and defend Singapore against financial crimes’, it seems timely for the industry to consider how they can contribute as well.
To that end, timely reporting of transactions or business behaviour suspected to be, or known to be, illegitimate, is the cornerstone of the relationship between the regulator, law enforcement and the financial services industry. In considering how the industry can contribute to the initiative, it seems appropriate to take a brief look at suspicious activity red flags that firms need to be looking out for and what they need to do once they detect these.
Assessing your red flags
While analysis of red flags is not a regulatory requirement per se, it is a logical necessity in order to monitor financial activity, train relevant staff, build monitoring systems and design the underlying monitoring rules which will then help you to meet your regulatory requirements. For without understanding and defining these red flags you’re unlikely to know what you’re looking for.
There is no definitive list of red flags. These will depend upon your specific circumstances but an effective list will usually be long, wide ranging and tailored to your specific needs. Therefore, instead of drawing up a generic list of red flags, we believe that firms should be considering these within structured categories of risk factors, allowing them to assess a red flag in context. Of course, there are many ways in which you can break down and categorise these red flags; one commonly used approach is to divide them up into three broad categories of customer, transaction and jurisdiction in the following way:
- Customer: In looking at red flags from a customer relationship perspective, you should consider some of the activity and behavioural patterns demonstrated by your customer that might suggest that something is not quite right.
- Transaction: When looking at red flags from a transactional perspective, consider the structure, method, amount, frequency and parties involved in the transactions to detect activity that might be unusual.
- Jurisdiction: Finally, there may be cross jurisdictional concerns about a particular type of activity that requires further investigation such as payment origin/destination.
This way you can consider a red flag through different prisms and review it in context of the particular business relationship. So for example, the fact that a customer receives large deposits may not be a red flag if you only look at the transactions in isolation. However, if you review the transactions against the backdrop of the customer relationship, you may note that it is unusual for your customer to be receiving such large deposits given their declared source of income, or if you review the same transactions against the backdrop of jurisdictional risks, you may note that the large deposits are coming in from a high risk jurisdiction with no declared links between the customer and the jurisdiction. An example of such a break down can be seen in the table below.
A few of the common red flags for money laundering and terrorist financing seen in the banking sector, under each heading, can be seen in this table:
|Occupation is not commensurate with the nature of activity||Structured deposits intended to avoid reporting||Relocation to high risk jurisdiction, followed by periods of dormancy|
|Use of false or unusual identification documentation||Multiple cash deposits and immediate withdrawals, with no clear business purpose||Frequent charitable activity/donation in areas of conflict|
|Associated with sanctioned individual/entity||Use of multiple personal and business accounts without any distinction||Internet banking login from high risk or sanctioned jurisdictions|
|Adverse media exposure and refusal by client to explain it||Transactions performed by unrelated 3rd parties on customer account||Customer receives frequent deposits from high risk jurisdictions|
|Refusal to identify beneficial owner of the account||Large deposits with undisclosed source of wealth and funds||Third party in different risk jurisdiction settling client debt|
|Use of non-profit organisation for personal or commercial purposes||Small amounts in, one large transfer out||Unexplained high frequency international transfers|
What to do when you’ve detected a red flag
When a red flag is initially detected at a firm, it is important to internally escalate that to the appropriate compliance professionals. The importance of clear operational procedures for employees to escalate matters of concern cannot be underestimated. Equally, firms must train staff members not only in how to identify red flags, but also how to address these concerns at the right organisational level, so that an escalation is appropriate, and not unduly burdensome on the compliance team.
Once a red flag has been identified or escalated indicating suspicious activity, a thorough investigation should be conducted that is not limited to the current transaction or scenario only. You should take a holistic view of the customer relationship, as well as engaging in further monitoring of the account before a final decision is made.
Once you have all the information at hand you can make an evaluation of what the transaction represents. If you do come to the conclusion that it is suspicious and potentially represents money laundering or terrorist financing, then make sure to swiftly report it to the relevant authorities. It is also worth considering whether the right course of action to take should be to exit the customer’s account or even seek a freezing injunction allowing you to freeze any assets or the customer account.
These investigations often highlight gaps in client information and knowledge about a customer, thus shedding light into control gaps as well. Gaps may be addressed on a client by client basis, or may indicate more systemic deficiencies which need to be tackled.
Get in touch
We regularly help firms identify and embed customer, transaction and jurisdictional red flags that are relevant to their business and customers. If you want to know more about building an effective suspicious activity monitoring and reporting framework, do get in touch. We’d love to hear from you!