JUST HOW MUCH OF AN AML PROGRAM 
DO YOU REALLY NEED?

By Michael Riess--Transcript of a talk to IPMI Metro Chapter, 2004  

In this talk, I’ll first describe the regulatory backdrop to the anti-money laundering (AML) regulations.  Then I’ll get into specific programs that your company may—or may not—need. 

I.                   Regulatory Setting

The Treasury Department had a single underlying philosophy when it formulated the AML regulations for precious metals and stones.  The provisional regulations of the USA PATRIOT Act say:

The general nature of the requirement reflects Congress' intent that each financial institution have the flexibility to tailor its program to fit its business, taking into account factors such as size, location, activities, and risks or vulnerabilities to money laundering.

That is, one size does not fit all.  On the surface, this seems like a sensible approach because companies in our industry vary tremendously.  The act lets you decide how comprehensive a program you need to detect and prevent money laundering.  You have to make those decisions based on the money-laundering and terrorist finance threats you think you face.

But there’s a major problem here:  if you find yourself unwittingly involved in a money-laundering scheme or if the law enforcement bodies determine you have not taken the compliance steps you should, you will be at a severe disadvantage.  Because the Government has the benefit of hindsight and years of practical investigative experience—and you don’t.  And if your program underestimated your money-laundering risks, you could be seen as operating irresponsibly, or worse, as being willfully blind.  The penalties for willful blindness are the same as if you were complicit:  as much as $1 million and 20 years per count, along with forfeiture of assets.  Even if you have no money-laundering problem, you could be subject to civil penalties for administrative non-compliance. You have the flexibility as to your program; the agencies have the options on how the regulations are enforced. 

And enforcement is likely to be rigorous.  Bill Reid of the Department of Homeland Security, made the point loud and clear at the National Conference:   Our job is to catch criminals and bring them to trial. He repeated it half a dozen times in case any of us missed the point. 

Why a comprehensive program?
So, it’s important to establish AML programs that lean toward being more comprehensive rather than less.  The reasons are:

  1. Severe consequences for missteps
  2. Government policy and practice.
  3. Industry record
  4. Risk profile of our companies.

Consequences of involvement.  The main risk for most of us is to be caught up in a scheme as an unwitting participant.  That is, because you inadvertently happen to do business with a launderer:

bulletYour bank accounts could be subpoenaed, frozen, seized or forfeited.
bulletYour metal could be confiscated
bulletYou might have to open your books or submit records as part of an investigation
bulletYour premises could be searched
bulletYou and your staff might be interviewed by a Federal enforcement officers, or
bulletYou might be asked to continue your involvement to help gather evidence.
bulletAnd you might see a picture of yourself in your local paper and a really awkward feature article about your company.

Forfeiture law can be extremely difficult.  The law provides that all assets belonging to a money launderer and acquired during a reasonable timeframe can be considered the product of laundering and subject to seizure and forfeiture.  So if you bought from a launderer, even innocently, you were buying goods acquired illegally and therefore subject to forfeiture.  It’s like buying stolen goods.  And in an industry such as ours, where leverage is so important, losing liquidity while you scramble to prove your innocence can be harsh.

 If an enforcement agency seizes your assets as proceeds of illicit activity, the agency will receive some or all of the proceeds.  This is a strong incentive for aggressive enforcement.

 The quality of your AML program will play a determining role as to whether you retrieve confiscated goods and how much you get back.  You’ll need to show that you followed the law, you implemented a sound AML program, you adhered to it conscientiously—and despite all that you became an innocent victim.

 The Government.  To make your career in anti-money laundering, the name of the game is banks, brokerage firms, insurance companies and exchange houses and that’s where the focus is.  Riggs bank has given agents exposure and made careers; nobody except us knows about Jamie Ross.

 When Government enforcement agents accustomed to dealing in financial services are assigned to investigate precious metals problems, they bring their financial services experience and standards with them.  With a few exceptions, agents I have spoken with assume that the same rigorous requirements that apply to the financial services industry also apply to us.  The field agents have tremendous power and discretion, so fair or not, we are likely to be measured by the same yardstick as the financial services companies.

 The industry.  Given our size, why didn’t we slide under the Government’s radar?   The reason is that enough companies have been really bad actors, to the point that talented federal agents and prosecutors have been re-directed from traditional financial service companies to our tiny pond. 

 A surprising number of us have had difficult encounters with anti-money laundering enforcement authorities.   The first big enforcement operation after money laundering became illegal in 1986 was Polar Cap.  The Polar Cap cases involved jewelers, precious metals refiners, traders and bankers.  You probably knew some—Richard Ferris, Steven Saccocia, the Andonians, Raoul Vivas, Aharon Sharir, Joseph Mollicone.  They were among 40 people convicted. 

 Sharir introduced the Russian mob onto 47th Street , in what became the Cocaine Triangle, and we’ve had a series of problems ever since.  Jamie Ross is the most recent.  He is one of twenty-three were convicted in a recent crack-down.  Twenty-four were indicted, but  Eduard Nektalov was shot in May near 47th Street before he could testify.  

The companies.  For companies that fall under the regs but have zero money-laundering or terrorist finance exposure, the enemy is sometimes seen not as the criminals but the Government, which is forcing compliance with regulations that divert management and add to overhead to prevent a non-existent threat.  But there are very few situations so straightforward and risk free in our industry.  Let me show you what I mean with an example:

 This is how the owner of a dental alloy manufacturer described his company to me.  It’s simple.  The company sells precious-metals alloys containing well over 50% precious metals, and its sales are far in excess of $50,000 a year.  True.  But most of our sales are to small dental labs, with only a handful of sales a month over $10,000.”  It looked like a candidate for a program with little or no money-laundering risk.

 But the precious metals industry is entrepreneurial and finds creative enhancements and incremental businesses to add to the bottom line.  So things are seldom what they seem.  For instance, our dental alloy manufacturer:

bulletHas a melt/assay operation for scrap.
bulletSends the refining lots to a non-U.S. refiner—that is, one that has no AML program.
bulletBuys fine metal and hedges some of its outturn with U.S. and non-U.S. dealers.
bulletOperates pool accounts.
bulletHas heavy sales staff turnover.
bulletHas a foreign subsidiary.
bulletAccepts cash payments and sometimes pays cash for fine metal.
bulletExchanges gold coins and medallions for scrap.
bulletMakes third-party money transfers.

 There’s nothing necessarily wrong about any of this.  But it changes the company’s risk profile from a simple no-risk scenario to one in which there is quite a lot going on in money-laundering exposure.  It underscores the importance of analyzing money-laundering risk correctly because all your AML programs depend on it.

 

II.                 AML Requirements and programs. 

Some programs, you have to have by law.  Others are desirable because they could help you detect and prevent money laundering.  And there are others that you’ll find just don’t fit your company.

  1. AML Compliance Officer:  On this you have no choice.  The law requires you appoint a senior manager to the position.
  2. ACAMS Certification:  Every decent-sized financial service company I know has an AML Compliance Officer that has passed the Association of Certified Anti-Money laundering Specialist (ACAMS) exam and become certified.  For those of us that advise others, it should be the minimum standard.  For those of you that are interested in acting as external auditors, it’s a must, not only to establish your credentials but to limit liability.  For companies that deal routinely with enforcement officers, it’s a good way to show serious commitment in dealing with money-laundering problems. 

    Do you need it?  For larger companies with several divisions, certification is probably a good idea.  For companies with a single plant or office, I’d say the benefit doesn’t justify the time and expense.
  3. Risk Assessment Program:  To design and build an AML program, you need to analyze your risk to money laundering.  You should update that analysis regularly to set benchmarks as your company changes.  Risk  profile can change for many reasons:
    1. Your procedures improve
    2. You take on a major new customer
    3. You move.
    4. You make an acquisition.

Ideally, a risk assessment program should be in the form of software for easy comparison.  It should have a built in scoring system.  Systematic scoring is absolutely essential for an objective, unbiased consistent picture, especially in programs that are meant to be used repeatedly. 

Who can benefit most from a program like this?  Companies that are growing or changing and need a barometer to signal a shift in their money-laundering exposure.  It’s a necessary marker for management status reports.  At the same time, it should give senior management a straightforward way to keep tabs on the AML Compliance Officer. 

  1. AML Written Plan:   The law requires all of us to have written AML plans laying out the standards to which we intend to adhere and the procedures we intend to follow. 

    In our industry, no two refiners, no two manufacturers, no two fabricators, no two traders are alike.  And as to the difference between refiners and, say, fabricators—forget about it.  There are templates you can download, for instance for securities broker-dealers.  If you followed them, you’d be committing to too much—which is expensive.   Those designed for small manufacturers or retailers would have you doing too little—which is dangerous.  So, unless you know the law, the regulations, the industry and how your company fits, basing your program on a one-size-fits-all solution is risky.

    What we do is:
    1. Spend time reviewing and analyzing your company.
    2. Write a draft for discussion.
    3. Prepare a final written version.
    4. Afterwards, we adapt the plan to changes in your company.
    5. And we send you updates as laws, regulations, court decisions and interpretations change.
  2. Customer ID Program:  The law requires that you know the identity of your customer.  That can be complicated because, again, one size doesn’t fit all.   Financial service companies have to comply with certain know-your-customer (Section 326) standards; for us, it depends on our exposure to money laundering. 

     The Government tracks identity by name, address, citizenship or residency, date of birth or formation and social security or tax ID number.  It’s reasonable that the Government will expect you to have that information. 

    If you feel you have a good grasp on a business’ ID with just that information, and depending on the number of your customers, you don’t have to look beyond the corporation.  Naturally, you need to have a contact person and you have to know the authorized parties.  

But remember, if you have a problem and if the Government, with benefit of hindsight, determines your customer information was inadequate, you will be vulnerable.  If your customers are large or in suspect locations, or present other special risks, you’ll have to do more. 

You’ll need to know the beneficial owner, and you might have to collect information about officers, directors and even some shareholders.  You’ll have to verify the information, and you’ll also have to check for missing or expired documents and maintain the account files.  The extent of information you collect to know your customer is up to you. 

At that point, you’ll need a customer ID program with data base and a search engine to manage the information.

Another more clear-cut threshold is pool accounts.  Treasury regards pool accounts as quasi-banking operations.  So in the next round of regulations, if you offer pool account services, you will have to have a formal customer ID program.

If you plan to acquire a company or be acquired, the customers will all be considered new.  If they haven’t been documented and verified, they’ll probably have to be.  And they will certainly have to be documented if you are selling or buying a customer list.

Treasury can require you to produce records and documents to check your due diligence.  Unlike financial services companies, if you run across what might be suspicious activity, you do not have to report it, but you are encouraged to do so.  If you don’t report, you should certainly document the incident as part of your customer identification program to avoid allegations of willful blindness after the fact.   

  1. Accounting/Metal Control System:  I’m not about to suggest that you change your accounting and control systems to accommodate an AML program.  But if you plan to install a new control system, you can build AML features into it with very efficient results. 

New integrated systems can be customized to establish security procedures and prevent people from bypassing them.   They are a big step to stopping criminals from taking advantage of the accounting system. 

  1. Government Lists—of money-launderers and terrorist financiers:  You’re supposed to check new customers against various bad guy lists to make sure you aren’t dealing with a known launderer or terrorist.   

    The lists, especially the Office of Foreign Asset Control (OFAC) list, can be voluminous, with pages of AKA’s and aliases.  The only effective way to review them is by search engine that consolidates the different lists of individuals and countries.

    If there is a match between a list and your customer, it’s important to know which list.  If your customer is on the OFAC list, you must stop doing business with that person or company, block and escrow the funds, and notify law enforcement.  That’s because the Federal Government has sanctioned those entities. 

    Other lists don’t require that you stop but do require that, if you find a match, you treat listed companies as red flags.  Another consideration is that the OFAC list covers only non-U.S. companies and individuals.  Other lists include U.S. entities
  2. Training:  Launderers depend heavily on employee collusion, so training is your first line of defense.  It’s the best way to prevent casual involvement.  And the law requires everyone to have a training program.
     
    Training courses for sales persons and staff dealing with customers should detail what money laundering is; the USA PATRIOT Act’s scope and regulations; consequences of violation; red flags; filing suspicious activity reports and cash transaction reports; responding to Government enforcement agencies and other basic subjects.
     
    The AML Compliance Officer and responsible senior executives and Board members need more detailed training and should an advanced course. 

    The Act also has a continuing education requirement. 

    It’s important to document your staff’s training, so courses should include confirmation that the course was completed.  Courses can be face to face or completed interactively on line.
  1. Audit:  The law requires you to test your AML systems.  The auditor has to be independent—either an external auditor or someone inside the company not involved in the day-to-day administration of your AML program.

    Systems testing confirms that you are implementing the commitments you made in your AML Written Plan (Item 3).  That’s why it is vital that your plan does not commit to more than you can do—or less than you should.  

    The audit program should be specialized in precious metals, because financial services companies have quite different requirements.  It should an efficient roadmap for auditors, detailing topics to cover and questions to ask.   The program should take the auditor through the testing process, providing guidelines and prompts for work papers, comments, extended analysis and conclusions. The program should include a management letter.  And, of course, a scoring system to evaluate the company’s AML systems and management’s response to the auditor’s suggestions.  Ideally, it should be in electronic form, with drop-down menu’s and ample textboxes for descriptions and analyses.

Materials Management Co.’s Patriot Group Task Force is the only company that offers a full line of comprehensive programs and services to the precious metals and jewelry industry.  You can learn more about these programs on our website at, www.materialsmanagement.net.  The web site also features a comprehensive glossary of AML terms and acronyms, a copy of the provisional USA PATRIOT Act regulations, and of articles on the subject.  Or call me, Mike Riess, at (203) 661-6715.