SlideShare una empresa de Scribd logo

New York - Virtual Currencies Compliance Conference

Juan Llanos
Juan Llanos

I present my point of view on how to approach the inevitability of regulation, and how to build a risk and compliance program the smart way. Part 1 deals with the main risk areas facing non-bank financial institutions and how to identify the risks, and why focusing on the spirit of the law is important. Part 2 is about designing a program the smart way, i.e., with an engineering mindset. Part 3 is an introduction to suspicious activity detection via transaction monitoring and data analysis, leveraging the blockchain, Part 4 includes a few words of unsolicited advice (contrarian, of course) that I've followed myself to build several companies, obtain and maintain hundreds of bank accounts and pass dozens of examinations in multiple countries.

TecnologíaNoticias y política
1 de 39
Designing a Compliance Program for Virtual Currencies Virtual Currencies Compliance Conference New York, August 14 , 2013 by Juan Llanos, CAMS
Agenda 1. Risk identification Risk areas  Focus on AML 2. Risk mitigation a) Program design tips b) Overview of corporate and product safeguards c) Customer identification and authentication (de-anonymization) 3. SA Detection via Monitoring and Analysis Leveraging the blockchain 4. Unsolicited (contrarian) advice © 2013 JuanLlanos
Agenda 1. Risk identification Risk areas  Focus on AML 2. Risk mitigation a) Program design tips b) Overview of corporate and product safeguards c) Customer identification and authentication (de-anonymization) 3. SA Detection via Monitoring and Analysis Leveraging the blockchain 4. Unsolicited (contrarian) advice © 2013 JuanLlanos
Risk Areas • operational • credit • money laundering • terrorist financing • information loss • liquidity • fraud • Identity Theft Stakeholders • federal agencies • state agencies • investors • consumers • employees • society Goals • safety • soundness • security • privacy • crime prevention • health • integrity Regulation  Inevitable, yet valid Risks & Stakeholders © 2013 JuanLlanos Compliance  Onerous, yet valuable
Money transmitters and their agents are perceived as HIGH RISK of • ABUSE TO CONSUMER • MONEY LAUNDERING • TERRORIST FINANCING Money transmission = highly regulated industry © 2013 JuanLlanos
How Can We Abuse Consumers? • Loss of funds • Wrong product/service • Failed transactions • Overpricing • Divulging/losing private data • Claims ignored © 2013 JuanLlanos
How Can Money be Laundered Through Us? • Identity theft & impersonation •Structuring •Fraudulent acts •Lax controls FRONT OFFICE BACK OFFICE © 2013 JuanLlanos General risks (all FIs)  fake IDs, negligence, incompetence & wrongdoing
Main Risk Areas Anti-Money Laundering Anti-Terrorism Financing (CFT) Privacy and Information Security Safety and soundness Consumer protection Main Statutes and Regs BSA, USA PATRIOT Act, Money Laundering Acts USA PATRIOT Act, OFAC Gramm-Leach-Bliley State (via licensing) State (via licensing) + Dodd-Frank / Regulation E (CFPB) Money Transmitter Regulation © 2013 JuanLlanos Focus  AML/BSA + State Compliance
Operational Customer    (Sender & Recipient) Foreign  Counterparty Agent           (B&M, online) MT Risks Money Transmitter Risk Fronts © 2013 JuanLlanos
© 2013 JuanLlanos
RISKS MITIGATORS  Commingling/diversion of funds  Poor cash management, accounting and settlement  Poor document management, reporting and record-keeping  Inadequate policies and procedures  Poor controls  Systems breakdowns  Employee acceptance, monitoring and termination protocols  Employee training and education  Professional financial, operational and compliance management  Dual controls and segregation of duties  Business continuity and disaster recovery planning  Independent auditing and testing  State-of-the-art technology Operational Risks and Mitigators © 2013 JuanLlanos
RISKS MITIGATORS  Complicity with agent or foreign counterparty  Complicity with recipient (or sender)  ‘Drip-irrigation’ transfer of illicit funds (O2M recipients, M2O recipient, M2M recipients)  Intra-company structuring  Inter-company structuring (‘smurfing’)  Terrorist financing  Customer acceptance, monitoring and termination protocols  Transaction & behavior monitoring  Lower identity verification thresholds at origin and destination  For cards, maximum loadable amounts, expiration date, and limited number of recipients.  Redundant identity verification procedures at destination  POS training  OFAC screening  Eventually, intercompany transaction monitoring by highly-professional and secure clearing house. This is the only possible antidote against ‘smurfing’. Customer Risks and Mitigators © 2013 JuanLlanos
Foreign Counterparty Risks and Mitigators RISKS MITIGATORS  Complicity with sender or agent  Poor cash sourcing, management, accounting and settlement  Poor documentation and record- keeping  Lax policies, procedures and controls  Poor regulatory regime  Credit risk  Systems breakdowns  Foreign counterparty acceptance, monitoring and termination protocols  Selecting reputable partners with proven track record and effective systems and controls  Transaction monitoring  Independent auditing and testing  OFAC screening © 2013 JuanLlanos
RISKS MITIGATORS  Assistance in structuring  Complicity with sender or beneficiary  Commingling of funds  Credit risk  Identity theft  Non-compliance with Section 352 of PATRIOT Act  Agent acceptance, monitoring and termination protocols  Transaction monitoring  POS training  Zero tolerance policy  Secret shopping and stress testing  OFAC screening Agent Risks and Mitigators © 2013 JuanLlanos
Agenda 1. Risk identification Risk areas  Focus on AML 2. Risk mitigation a) Program design tips b) Overview of corporate and product safeguards c) Customer identification and authentication (de-anonymization) 3. SA Detection via Monitoring and Analysis Leveraging the blockchain 4. Unsolicited (contrarian) advice © 2013 JuanLlanos
1. Always understand the flow of DATA and the flow of MONEY. 2. Life-cycle management and the right mix of detective and deterrent techniques, including effective training, are key. 3. Document or perish Program Design Tips © 2013 JuanLlanos
1. Map Flows,  and Processes 2. Identify  Risks 3. Design  Controls 4. Write PPCs 5. Execute and Measure 6. Enhance  and Improve Bottom-Up Program Design Spirit of law + Engineering Mindset © 2013 JuanLlanos
Life-Cycle Management © 2013 JuanLlanos
* AML Program Elements (Section 352 of the USA PATRIOT Act) 1. A designated compliance officer + professional team  2. Written policies and procedures + operational controls: • Licensing, renewal and reporting procedures (S) • Registration, record‐keeping and report‐filing procedures (F) • KY (Know Your…) Subprograms: Acceptance, monitoring, correction and  termination • KY…Customer • KY…Agent • KY…Foreign Counterparty • KY…Employee • KY…Vendor • Monitoring, analysis and investigating procedures • OFAC compliance program • Response to official information requests • Privacy and information security protection protocols 3. An on‐going training program  • Risk & Compliance Committee 4. An independent compliance auditing function CORPORATE Safeguards* © 2013 JuanLlanos
Key Elements of a BSA/AML Program • State Compliance: Licensing, renewal and reporting  procedures // Consumer protection disclosures, etc. • Federal Compliance: Registration, record‐keeping and  report‐filing procedures (F) • KY (Know Your…) Subprograms: Acceptance, monitoring,  correction and termination (Life‐Cycle Management) • KY…Customer • KY…Agent • KY…Foreign Correspondent or Counterparty • KY…Employee • KY…Vendor • SA Detection: Monitoring, analysis and investigating  procedures • Information Sharing: Response to information requests • OFAC Compliance Program • Privacy and information security protection protocols (GLBA) © 2013 JuanLlanos
PRODUCT Safeguards • Anonymous identification • No value limits • Anonymous funding • No transaction records • Wide geographical use • No usage limits Cash features Anything we do to counter these will mitigate the risk of our product! © 2013 JuanLlanos
CUSTOMER Identification © 2013 JuanLlanos Non‐Face to Face  Card not present standards Non-documentary  contacting a customer; independently verifying the customer’s identity through the comparison of information provided by the customer with information obtained from a consumer reporting agency, public database, or other source; checking references with other financial institutions; and obtaining a financial statement. Documentary  Review an unexpired government-issued form of identification from most customers. This identification must provide evidence of a customer’s nationality or residence and bear a photograph or similar safeguard; examples include a driver’s license or passport. However, other forms of identification may be used if they enable the bank to form a reasonable belief that it knows the true identity of the customer.
Authentication Strength Multifactor authentication: • Something the user knows (e.g., password, PIN) • Something the user has (e.g., ATM card, smart card) • Something the user is (e.g., biometric feature) Authentication methods: • Shared secrets • Tokens (smart card, one-time password generating device) • Biometrics (fingerprint, face, voice, keystroke recognition) • Out-of-band authentication • Internet protocol address (IPA) location and geo-location • Mutual identification Source: FFIEC © 2013 JuanLlanos
Agenda 1. Risk identification Risk areas  Focus on AML 2. Risk mitigation a) Overview of corporate and product safeguards b) Customer identification and authentication (de-anonymization) 3. SA Detection via Monitoring and Analysis Leveraging the blockchain 4. Unsolicited (contrarian) advice © 2013 JuanLlanos
“What customers do speaks so loudly that I cannot hear what they’re saying.” (Paraphrasing Ralph Waldo Emerson) Customer identification vs. customer knowledge BEHAVIORAL ANALYTICS © 2013 JuanLlanos
© 2013 Juan Llanos Machine Learning (AI) Methods SUPERVISED LEARNING: relies on two labeled classes (good vs. bad) Goal  Detect known suspicious patterns 1. Training set: a. Select dataset with clean and dirty cases. b. Classification algorithm to discriminate between the two  classes (finds the rules or conditions) c. Probabilities of class 1 and class 2 assignment 2. Run discrimination method on all future purchases.  UNSUPERVISED LEARNING: no class labels Goal  Detect anomalies 1. Takes recent purchase history and summarize in descriptive  statistics. 2. Measure whether selected variables exceed a certain threshold.  (deviations from the norm) 3. Sounds alarm and records a high score. © 2013 JuanLlanos
• High amounts  • High frequency • Use of multiple locations  • Use of multiple identities • Use of untrusted device • Values just below threshold • Immediate withdrawals Examples of Known Behaviors © 2013 JuanLlanos
Sample Entity Pair  Concentration  Analysis © 2013 JuanLlanos
Sample  Geographical  Concentration  (“heat”) Map © 2013 JuanLlanos
• The entire history of Bitcoin transactions is publicly available. • “Using an appropriate network representation, it is possible to associate many public- keys with each other, and with external identifying information.” • “Large centralized services such as the exchanges and wallet services are capable of identifying and tracking considerable portions of user activity.” An Analysis of Anonymity in the Bitcoin System - Bitcoin is Not Anonymous by Fergal Reid and Martin Harrigan (2011) Link: http://anonymity-in-bitcoin.blogspot.com/2011/07/bitcoin-is-not-anonymous.html
The victim woke up on the morning of 13/06/2011 to find a large portion of his Bitcoins sent to1KPTdMb6p7H3YCwsyFqrEmKGmsHqe1Q3jg. The alleged theft occurred on 13/06/2011 at 16:52:23 UTC shortly after somebody broke into the victim's Slush pool account and changed the payout address to 15iUDqk6nLmav3B1xUHPQivDpfMruVsu9f. The Bitcoins rightfully belong to1J18yk7D353z3gRVcdbS7PV5Q8h5w6oWWG.
Bitcoin Anonymous Untraceable “Invisible to law enforcement and the taxman” © 2013 JuanLlanos Myths?
Agenda 1. Risk identification Risk areas  Focus on AML 2. Risk mitigation a) Overview of corporate and product safeguards b) Customer identification and authentication (de-anonymization) 3. SA Detection via Monitoring and Analysis Leveraging the blockchain 4. Unsolicited (contrarian) advice
• Get real  WANT vs. MUST vs. CAN • Prevention trumps damage control • Risk MGT  Both reducing downside and increasing upside • Simplicity and common sense • Train for behavior change, not theoretical knowledge • Form-substance continuum  substance • Letter-spirit continuum  focus on spirit (underlying purpose and values) facilitates • Operational synergies (leveraging tech) • Compliance without compromising performance • Flexibility and sustainability © 2013 JuanLlanos
SUBSTANCE (be) Handbooks, written policies, talk (lawyers, public relations) Operationalization, quality, walk (compliance officers, engineers, leaders) FORM (seem) © 2013 JuanLlanos
“Prosecutors are looking for substantive AML programs (not just paper ones) in determining whether you’re a victim or a suspect.” Former federal prosecutor “A well-written AML program will not by itself be sufficient. It’s the everyday operation, the execution and delivery, that matters.” Wells Fargo MSB Risk Manager © 2013 JuanLlanos
Evolution of Regulatory Relations VALUES AND CULTURE REGULATORY RELATIONSHIP Minimum Standards As little as can get away with Unthinking, mechanical Compliance Culture By the book Bureaucratic Beyond Compliance Risk focused, self-policing Ethical business Values-based Spirit, not just letter Focus on prevention Strong learning Policing Enforcement lesson Basic training Supervising / Educating Look for early warnings Themed, focused visits Educating / Consulting Culture development Lighter touch Mature relationship Reinforce best practice Benchmark Reallocate resources to problem firms Source: Financial Services Authority, UK © 2013 JuanLlanos
© 2013 Juan Llanos Juan Llanos EVP & Compliance Officer Unidos Financial Services, Inc. 275 Seventh Ave. ‐ 20th Floor New York, NY 10001 Direct: (646) 485‐2264 Mobile: (646) 201‐6217 jllanos@unidosfinancial.com LinkedIn: www.linkedin.com/in/juanllanos Twitter: @JuanLlanos Blog: contrariancompliance.com Thank you!

Recomendados

FACTA Red Flag Ruling - Frost Report
FACTA Red Flag Ruling - Frost ReportFACTA Red Flag Ruling - Frost Report
FACTA Red Flag Ruling - Frost Report
Robert Hutt
 
2014 07-09 Juan Llanos Presentation
2014 07-09 Juan Llanos Presentation2014 07-09 Juan Llanos Presentation
2014 07-09 Juan Llanos Presentation
Mediabistro
 
Fraud risk management and compliance
Fraud risk management and complianceFraud risk management and compliance
Fraud risk management and compliance
Yves LaMarre
 
AML Penalties Closed Beta 7 June 2021
AML Penalties Closed Beta 7 June 2021AML Penalties Closed Beta 7 June 2021
AML Penalties Closed Beta 7 June 2021
ZIGRAM
 
Red Storm Rising
Red Storm RisingRed Storm Rising
Red Storm Rising
John Bonora
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler Seminar
Don Grauel
 
Identity Trust Framework Survey
Identity Trust Framework SurveyIdentity Trust Framework Survey
Identity Trust Framework Survey
adremllc
 
Fraud Monitoring Solution
Fraud Monitoring SolutionFraud Monitoring Solution
Fraud Monitoring Solution
Ben Omoakin Oguntala, developingafrica(dot)net
 

Recomendados

FACTA Red Flag Ruling - Frost Report
FACTA Red Flag Ruling - Frost ReportFACTA Red Flag Ruling - Frost Report
FACTA Red Flag Ruling - Frost Report
Robert Hutt
 
2014 07-09 Juan Llanos Presentation
2014 07-09 Juan Llanos Presentation2014 07-09 Juan Llanos Presentation
2014 07-09 Juan Llanos Presentation
Mediabistro
 
Fraud risk management and compliance
Fraud risk management and complianceFraud risk management and compliance
Fraud risk management and compliance
Yves LaMarre
 
AML Penalties Closed Beta 7 June 2021
AML Penalties Closed Beta 7 June 2021AML Penalties Closed Beta 7 June 2021
AML Penalties Closed Beta 7 June 2021
ZIGRAM
 
Red Storm Rising
Red Storm RisingRed Storm Rising
Red Storm Rising
John Bonora
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler Seminar
Don Grauel
 
Identity Trust Framework Survey
Identity Trust Framework SurveyIdentity Trust Framework Survey
Identity Trust Framework Survey
adremllc
 
Fraud Monitoring Solution
Fraud Monitoring SolutionFraud Monitoring Solution
Fraud Monitoring Solution
Ben Omoakin Oguntala, developingafrica(dot)net
 
How To: Prevent Loan Application Fraud
How To: Prevent Loan Application FraudHow To: Prevent Loan Application Fraud
How To: Prevent Loan Application Fraud
Geo Coelho
 
MIG White Papers
MIG White PapersMIG White Papers
MIG White Papers
dmadamczyk
 
Fraud Management Solutions
Fraud Management SolutionsFraud Management Solutions
Fraud Management Solutions
SAS Institute India Pvt. Ltd
 
Our way of fighting fraud
Our way of fighting fraudOur way of fighting fraud
Our way of fighting fraud
Mercury Processing Services International
 
Security Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. FrameworkSecurity Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. Framework
Divya Kothari
 
Balancing Security and Customer Experience
Balancing Security and Customer ExperienceBalancing Security and Customer Experience
Balancing Security and Customer Experience
TransUnion
 
Using Data Analytics to Conduct a Forensic Audit
Using Data Analytics to Conduct a Forensic AuditUsing Data Analytics to Conduct a Forensic Audit
Using Data Analytics to Conduct a Forensic Audit
FraudBusters
 
Doubling Down Winning over your VIP Customers Webinar with iovation
Doubling Down Winning over your VIP Customers Webinar with iovation Doubling Down Winning over your VIP Customers Webinar with iovation
Doubling Down Winning over your VIP Customers Webinar with iovation
TransUnion
 
Naccu Card Fraud And Identity Theft
Naccu Card Fraud And Identity TheftNaccu Card Fraud And Identity Theft
Naccu Card Fraud And Identity Theft
mherr_riskconsult
 
Ibm financial crime management solution 3
Ibm financial crime management solution 3Ibm financial crime management solution 3
Ibm financial crime management solution 3
Sunny Fei
 
Enterprise Fraud Management
Enterprise Fraud ManagementEnterprise Fraud Management
Enterprise Fraud Management
Manish Desai
 
Sheila updated Resume with Discover and BOA5
Sheila updated Resume with Discover and BOA5Sheila updated Resume with Discover and BOA5
Sheila updated Resume with Discover and BOA5
Sheila Jones
 
IDSHield Services and Features
IDSHield Services and FeaturesIDSHield Services and Features
IDSHield Services and Features
Antonio Muniz Olan
 
Detecting and Auditing for Fraud in Financial Statements Using Data Analysis
Detecting and Auditing for Fraud in Financial Statements Using Data AnalysisDetecting and Auditing for Fraud in Financial Statements Using Data Analysis
Detecting and Auditing for Fraud in Financial Statements Using Data Analysis
FraudBusters
 
Half the Picture
Half the PictureHalf the Picture
Half the Picture
Thomas Lee
 
Fair and Accurate Credit Transactions Act of 2003
Fair and Accurate Credit Transactions Act of 2003Fair and Accurate Credit Transactions Act of 2003
Fair and Accurate Credit Transactions Act of 2003
Credit Management Association
 
ThreatMetrix for 3d-secure
ThreatMetrix for 3d-secureThreatMetrix for 3d-secure
ThreatMetrix for 3d-secure
Ken Lam
 
Las Vegas - InsideBitcoins 2014-10-05
Las Vegas - InsideBitcoins 2014-10-05Las Vegas - InsideBitcoins 2014-10-05
Las Vegas - InsideBitcoins 2014-10-05
Juan Llanos
 
Payments Fraud Prevention: Legit Strategies For CFOs By CXO 2.0 Conference Ex...
Payments Fraud Prevention: Legit Strategies For CFOs By CXO 2.0 Conference Ex...Payments Fraud Prevention: Legit Strategies For CFOs By CXO 2.0 Conference Ex...
Payments Fraud Prevention: Legit Strategies For CFOs By CXO 2.0 Conference Ex...
CXO 2.0 Conference
 
Credit Card Fraud PPT - Reena Prajapati.pptx
Credit Card Fraud PPT - Reena Prajapati.pptxCredit Card Fraud PPT - Reena Prajapati.pptx
Credit Card Fraud PPT - Reena Prajapati.pptx
Boston Institute of Analytics
 
Run your clients' aml profile
Run your clients' aml profileRun your clients' aml profile
Run your clients' aml profile
CDDS
 
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx
darrengracia
 

Más contenido relacionado

La actualidad más candente

How To: Prevent Loan Application Fraud
How To: Prevent Loan Application FraudHow To: Prevent Loan Application Fraud
How To: Prevent Loan Application Fraud
Geo Coelho
 
Security Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. FrameworkSecurity Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. Framework
Divya Kothari
 
Using Data Analytics to Conduct a Forensic Audit
Using Data Analytics to Conduct a Forensic AuditUsing Data Analytics to Conduct a Forensic Audit
Using Data Analytics to Conduct a Forensic Audit
FraudBusters
 
Doubling Down Winning over your VIP Customers Webinar with iovation
Doubling Down Winning over your VIP Customers Webinar with iovation Doubling Down Winning over your VIP Customers Webinar with iovation
Doubling Down Winning over your VIP Customers Webinar with iovation
TransUnion
 
Naccu Card Fraud And Identity Theft
Naccu Card Fraud And Identity TheftNaccu Card Fraud And Identity Theft
Naccu Card Fraud And Identity Theft
mherr_riskconsult
 
Sheila updated Resume with Discover and BOA5
Sheila updated Resume with Discover and BOA5Sheila updated Resume with Discover and BOA5
Sheila updated Resume with Discover and BOA5
Sheila Jones
 
Detecting and Auditing for Fraud in Financial Statements Using Data Analysis
Detecting and Auditing for Fraud in Financial Statements Using Data AnalysisDetecting and Auditing for Fraud in Financial Statements Using Data Analysis
Detecting and Auditing for Fraud in Financial Statements Using Data Analysis
FraudBusters
 

La actualidad más candente (17)

How To: Prevent Loan Application Fraud
How To: Prevent Loan Application FraudHow To: Prevent Loan Application Fraud
How To: Prevent Loan Application Fraud
 
MIG White Papers
MIG White PapersMIG White Papers
MIG White Papers
 
Fraud Management Solutions
Fraud Management SolutionsFraud Management Solutions
Fraud Management Solutions
 
Our way of fighting fraud
Our way of fighting fraudOur way of fighting fraud
Our way of fighting fraud
 
Security Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. FrameworkSecurity Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. Framework
 
Balancing Security and Customer Experience
Balancing Security and Customer ExperienceBalancing Security and Customer Experience
Balancing Security and Customer Experience
 
Using Data Analytics to Conduct a Forensic Audit
Using Data Analytics to Conduct a Forensic AuditUsing Data Analytics to Conduct a Forensic Audit
Using Data Analytics to Conduct a Forensic Audit
 
Doubling Down Winning over your VIP Customers Webinar with iovation
Doubling Down Winning over your VIP Customers Webinar with iovation Doubling Down Winning over your VIP Customers Webinar with iovation
Doubling Down Winning over your VIP Customers Webinar with iovation
 
Naccu Card Fraud And Identity Theft
Naccu Card Fraud And Identity TheftNaccu Card Fraud And Identity Theft
Naccu Card Fraud And Identity Theft
 
Ibm financial crime management solution 3
Ibm financial crime management solution 3Ibm financial crime management solution 3
Ibm financial crime management solution 3
 
Enterprise Fraud Management
Enterprise Fraud ManagementEnterprise Fraud Management
Enterprise Fraud Management
 
Sheila updated Resume with Discover and BOA5
Sheila updated Resume with Discover and BOA5Sheila updated Resume with Discover and BOA5
Sheila updated Resume with Discover and BOA5
 
IDSHield Services and Features
IDSHield Services and FeaturesIDSHield Services and Features
IDSHield Services and Features
 
Detecting and Auditing for Fraud in Financial Statements Using Data Analysis
Detecting and Auditing for Fraud in Financial Statements Using Data AnalysisDetecting and Auditing for Fraud in Financial Statements Using Data Analysis
Detecting and Auditing for Fraud in Financial Statements Using Data Analysis
 
Half the Picture
Half the PictureHalf the Picture
Half the Picture
 
Fair and Accurate Credit Transactions Act of 2003
Fair and Accurate Credit Transactions Act of 2003Fair and Accurate Credit Transactions Act of 2003
Fair and Accurate Credit Transactions Act of 2003
 
ThreatMetrix for 3d-secure
ThreatMetrix for 3d-secureThreatMetrix for 3d-secure
ThreatMetrix for 3d-secure
 

Similar a New York - Virtual Currencies Compliance Conference

Las Vegas - InsideBitcoins 2014-10-05
Las Vegas - InsideBitcoins 2014-10-05Las Vegas - InsideBitcoins 2014-10-05
Las Vegas - InsideBitcoins 2014-10-05
Juan Llanos
 
Run your clients' aml profile
Run your clients' aml profileRun your clients' aml profile
Run your clients' aml profile
CDDS
 
Please find and upload an article on ONE of the following topics and.pdf
Please find and upload an article on ONE of the following topics and.pdfPlease find and upload an article on ONE of the following topics and.pdf
Please find and upload an article on ONE of the following topics and.pdf
JUSTSTYLISH3B2MOHALI
 
KYC - How long can you go?
KYC - How long can you go?KYC - How long can you go?
KYC - How long can you go?
Camilo Tellez
 

Similar a New York - Virtual Currencies Compliance Conference (20)

Las Vegas - InsideBitcoins 2014-10-05
Las Vegas - InsideBitcoins 2014-10-05Las Vegas - InsideBitcoins 2014-10-05
Las Vegas - InsideBitcoins 2014-10-05
 
Payments Fraud Prevention: Legit Strategies For CFOs By CXO 2.0 Conference Ex...
Payments Fraud Prevention: Legit Strategies For CFOs By CXO 2.0 Conference Ex...Payments Fraud Prevention: Legit Strategies For CFOs By CXO 2.0 Conference Ex...
Payments Fraud Prevention: Legit Strategies For CFOs By CXO 2.0 Conference Ex...
 
Credit Card Fraud PPT - Reena Prajapati.pptx
Credit Card Fraud PPT - Reena Prajapati.pptxCredit Card Fraud PPT - Reena Prajapati.pptx
Credit Card Fraud PPT - Reena Prajapati.pptx
 
Run your clients' aml profile
Run your clients' aml profileRun your clients' aml profile
Run your clients' aml profile
 
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx
 
Risk based approach
Risk based approachRisk based approach
Risk based approach
 
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdf
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdf10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdf
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdf
 
May newsletter 2017
May newsletter 2017May newsletter 2017
May newsletter 2017
 
CAMS (Certified Anti-money Laundering Specialist)
CAMS (Certified Anti-money Laundering Specialist)CAMS (Certified Anti-money Laundering Specialist)
CAMS (Certified Anti-money Laundering Specialist)
 
Fraud Risk Assessment: An Expert’s Blueprint
Fraud Risk Assessment: An Expert’s BlueprintFraud Risk Assessment: An Expert’s Blueprint
Fraud Risk Assessment: An Expert’s Blueprint
 
Doculabs 2014 risk and compliance practice introduction finance
Doculabs 2014 risk and compliance practice introduction financeDoculabs 2014 risk and compliance practice introduction finance
Doculabs 2014 risk and compliance practice introduction finance
 
FACTA Red Flags 2010
FACTA Red Flags 2010FACTA Red Flags 2010
FACTA Red Flags 2010
 
Please find and upload an article on ONE of the following topics and.pdf
Please find and upload an article on ONE of the following topics and.pdfPlease find and upload an article on ONE of the following topics and.pdf
Please find and upload an article on ONE of the following topics and.pdf
 
The Significance of Background Verification Software in the Banking Industry....
The Significance of Background Verification Software in the Banking Industry....The Significance of Background Verification Software in the Banking Industry....
The Significance of Background Verification Software in the Banking Industry....
 
Financial crimes compliance Brochure - BMR Advisors
Financial crimes compliance Brochure - BMR AdvisorsFinancial crimes compliance Brochure - BMR Advisors
Financial crimes compliance Brochure - BMR Advisors
 
D&B onboard.pdf
D&B onboard.pdfD&B onboard.pdf
D&B onboard.pdf
 
Enterprise Fraud Prevention & Scam Detection Tips By CXO 2.0 Conference Experts
Enterprise Fraud Prevention & Scam Detection Tips By CXO 2.0 Conference ExpertsEnterprise Fraud Prevention & Scam Detection Tips By CXO 2.0 Conference Experts
Enterprise Fraud Prevention & Scam Detection Tips By CXO 2.0 Conference Experts
 
E-book: How to manage Anti-Money Laundering and Counter Financing of Terroris...
E-book: How to manage Anti-Money Laundering and Counter Financing of Terroris...E-book: How to manage Anti-Money Laundering and Counter Financing of Terroris...
E-book: How to manage Anti-Money Laundering and Counter Financing of Terroris...
 
KYC - How long can you go?
KYC - How long can you go?KYC - How long can you go?
KYC - How long can you go?
 
Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863Insight2014 mitigate risk_fraud_6863
Insight2014 mitigate risk_fraud_6863
 

Más de Juan Llanos

Singapore - November 2017
Singapore - November 2017Singapore - November 2017
Singapore - November 2017
Juan Llanos
 
São Paulo - Regulatory Roundtable
São Paulo - Regulatory RoundtableSão Paulo - Regulatory Roundtable
São Paulo - Regulatory Roundtable
Juan Llanos
 
New York - Digital Currencies, Remittances & Financial Inclusion - MFCNY even...
New York - Digital Currencies, Remittances & Financial Inclusion - MFCNY even...New York - Digital Currencies, Remittances & Financial Inclusion - MFCNY even...
New York - Digital Currencies, Remittances & Financial Inclusion - MFCNY even...
Juan Llanos
 
Abu Dhabi - 5th Annual Financial Crimes Conference
Abu Dhabi - 5th Annual Financial Crimes ConferenceAbu Dhabi - 5th Annual Financial Crimes Conference
Abu Dhabi - 5th Annual Financial Crimes Conference
Juan Llanos
 

Más de Juan Llanos (20)

ETHDenver2022 - Regulating DeFi for Mass Adoption
ETHDenver2022 - Regulating DeFi for Mass AdoptionETHDenver2022 - Regulating DeFi for Mass Adoption
ETHDenver2022 - Regulating DeFi for Mass Adoption
 
The Great Compliance Wall: How to Overcome the Number One Obstacle to Crypto ...
The Great Compliance Wall: How to Overcome the Number One Obstacle to Crypto ...The Great Compliance Wall: How to Overcome the Number One Obstacle to Crypto ...
The Great Compliance Wall: How to Overcome the Number One Obstacle to Crypto ...
 
Buenos Aires - CEMLA/G20 FinTech Experts
Buenos Aires - CEMLA/G20 FinTech ExpertsBuenos Aires - CEMLA/G20 FinTech Experts
Buenos Aires - CEMLA/G20 FinTech Experts
 
Singapore - November 2017
Singapore - November 2017Singapore - November 2017
Singapore - November 2017
 
Dubai - GITEX Conference 2017
Dubai - GITEX Conference 2017 Dubai - GITEX Conference 2017
Dubai - GITEX Conference 2017
 
Johannesburg - South Africa Financial Blockchain Consortium - August 2017
Johannesburg - South Africa Financial Blockchain Consortium - August 2017Johannesburg - South Africa Financial Blockchain Consortium - August 2017
Johannesburg - South Africa Financial Blockchain Consortium - August 2017
 
Santiago - Congreso América Digital
Santiago - Congreso América DigitalSantiago - Congreso América Digital
Santiago - Congreso América Digital
 
United Nations Headquarters - February 2017
United Nations Headquarters - February 2017United Nations Headquarters - February 2017
United Nations Headquarters - February 2017
 
Buenos Aires - LaBitConf 2016
Buenos Aires - LaBitConf 2016Buenos Aires - LaBitConf 2016
Buenos Aires - LaBitConf 2016
 
United States - TX, CA, CT & IL Verafin FRAMLxpo
United States - TX, CA, CT & IL Verafin FRAMLxpoUnited States - TX, CA, CT & IL Verafin FRAMLxpo
United States - TX, CA, CT & IL Verafin FRAMLxpo
 
Mexico - LaBitConf 2015
Mexico - LaBitConf 2015Mexico - LaBitConf 2015
Mexico - LaBitConf 2015
 
São Paulo - Regulatory Roundtable
São Paulo - Regulatory RoundtableSão Paulo - Regulatory Roundtable
São Paulo - Regulatory Roundtable
 
Madrid - Digital Currency Summit 2015-04-23
Madrid - Digital Currency Summit 2015-04-23Madrid - Digital Currency Summit 2015-04-23
Madrid - Digital Currency Summit 2015-04-23
 
Rio de Janeiro - LaBitConf 2014
Rio de Janeiro - LaBitConf 2014Rio de Janeiro - LaBitConf 2014
Rio de Janeiro - LaBitConf 2014
 
Quito - Congreso CIRPLA 2014
Quito - Congreso CIRPLA 2014Quito - Congreso CIRPLA 2014
Quito - Congreso CIRPLA 2014
 
Dubai - The Capital Club in Dubai (Cointalks)
Dubai - The Capital Club in Dubai (Cointalks)Dubai - The Capital Club in Dubai (Cointalks)
Dubai - The Capital Club in Dubai (Cointalks)
 
New York - Digital Currencies, Remittances & Financial Inclusion - MFCNY even...
New York - Digital Currencies, Remittances & Financial Inclusion - MFCNY even...New York - Digital Currencies, Remittances & Financial Inclusion - MFCNY even...
New York - Digital Currencies, Remittances & Financial Inclusion - MFCNY even...
 
Buenos Aies - LaBitConf 2013
Buenos Aies - LaBitConf 2013Buenos Aies - LaBitConf 2013
Buenos Aies - LaBitConf 2013
 
Abu Dhabi - 5th Annual Financial Crimes Conference
Abu Dhabi - 5th Annual Financial Crimes ConferenceAbu Dhabi - 5th Annual Financial Crimes Conference
Abu Dhabi - 5th Annual Financial Crimes Conference
 
Washington - TEDxMidAtlantic 2013
Washington - TEDxMidAtlantic 2013Washington - TEDxMidAtlantic 2013
Washington - TEDxMidAtlantic 2013
 

Último

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 

Último (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

New York - Virtual Currencies Compliance Conference

  • 1. Designing a Compliance Program for Virtual Currencies Virtual Currencies Compliance Conference New York, August 14 , 2013 by Juan Llanos, CAMS
  • 2. Agenda 1. Risk identification Risk areas  Focus on AML 2. Risk mitigation a) Program design tips b) Overview of corporate and product safeguards c) Customer identification and authentication (de-anonymization) 3. SA Detection via Monitoring and Analysis Leveraging the blockchain 4. Unsolicited (contrarian) advice © 2013 JuanLlanos
  • 3. Agenda 1. Risk identification Risk areas  Focus on AML 2. Risk mitigation a) Program design tips b) Overview of corporate and product safeguards c) Customer identification and authentication (de-anonymization) 3. SA Detection via Monitoring and Analysis Leveraging the blockchain 4. Unsolicited (contrarian) advice © 2013 JuanLlanos
  • 4. Risk Areas • operational • credit • money laundering • terrorist financing • information loss • liquidity • fraud • Identity Theft Stakeholders • federal agencies • state agencies • investors • consumers • employees • society Goals • safety • soundness • security • privacy • crime prevention • health • integrity Regulation  Inevitable, yet valid Risks & Stakeholders © 2013 JuanLlanos Compliance  Onerous, yet valuable
  • 5. Money transmitters and their agents are perceived as HIGH RISK of • ABUSE TO CONSUMER • MONEY LAUNDERING • TERRORIST FINANCING Money transmission = highly regulated industry © 2013 JuanLlanos
  • 6. How Can We Abuse Consumers? • Loss of funds • Wrong product/service • Failed transactions • Overpricing • Divulging/losing private data • Claims ignored © 2013 JuanLlanos
  • 7. How Can Money be Laundered Through Us? • Identity theft & impersonation •Structuring •Fraudulent acts •Lax controls FRONT OFFICE BACK OFFICE © 2013 JuanLlanos General risks (all FIs)  fake IDs, negligence, incompetence & wrongdoing
  • 8. Main Risk Areas Anti-Money Laundering Anti-Terrorism Financing (CFT) Privacy and Information Security Safety and soundness Consumer protection Main Statutes and Regs BSA, USA PATRIOT Act, Money Laundering Acts USA PATRIOT Act, OFAC Gramm-Leach-Bliley State (via licensing) State (via licensing) + Dodd-Frank / Regulation E (CFPB) Money Transmitter Regulation © 2013 JuanLlanos Focus  AML/BSA + State Compliance
  • 11. RISKS MITIGATORS  Commingling/diversion of funds  Poor cash management, accounting and settlement  Poor document management, reporting and record-keeping  Inadequate policies and procedures  Poor controls  Systems breakdowns  Employee acceptance, monitoring and termination protocols  Employee training and education  Professional financial, operational and compliance management  Dual controls and segregation of duties  Business continuity and disaster recovery planning  Independent auditing and testing  State-of-the-art technology Operational Risks and Mitigators © 2013 JuanLlanos
  • 12. RISKS MITIGATORS  Complicity with agent or foreign counterparty  Complicity with recipient (or sender)  ‘Drip-irrigation’ transfer of illicit funds (O2M recipients, M2O recipient, M2M recipients)  Intra-company structuring  Inter-company structuring (‘smurfing’)  Terrorist financing  Customer acceptance, monitoring and termination protocols  Transaction & behavior monitoring  Lower identity verification thresholds at origin and destination  For cards, maximum loadable amounts, expiration date, and limited number of recipients.  Redundant identity verification procedures at destination  POS training  OFAC screening  Eventually, intercompany transaction monitoring by highly-professional and secure clearing house. This is the only possible antidote against ‘smurfing’. Customer Risks and Mitigators © 2013 JuanLlanos
  • 13. Foreign Counterparty Risks and Mitigators RISKS MITIGATORS  Complicity with sender or agent  Poor cash sourcing, management, accounting and settlement  Poor documentation and record- keeping  Lax policies, procedures and controls  Poor regulatory regime  Credit risk  Systems breakdowns  Foreign counterparty acceptance, monitoring and termination protocols  Selecting reputable partners with proven track record and effective systems and controls  Transaction monitoring  Independent auditing and testing  OFAC screening © 2013 JuanLlanos
  • 14. RISKS MITIGATORS  Assistance in structuring  Complicity with sender or beneficiary  Commingling of funds  Credit risk  Identity theft  Non-compliance with Section 352 of PATRIOT Act  Agent acceptance, monitoring and termination protocols  Transaction monitoring  POS training  Zero tolerance policy  Secret shopping and stress testing  OFAC screening Agent Risks and Mitigators © 2013 JuanLlanos
  • 15. Agenda 1. Risk identification Risk areas  Focus on AML 2. Risk mitigation a) Program design tips b) Overview of corporate and product safeguards c) Customer identification and authentication (de-anonymization) 3. SA Detection via Monitoring and Analysis Leveraging the blockchain 4. Unsolicited (contrarian) advice © 2013 JuanLlanos
  • 16. 1. Always understand the flow of DATA and the flow of MONEY. 2. Life-cycle management and the right mix of detective and deterrent techniques, including effective training, are key. 3. Document or perish Program Design Tips © 2013 JuanLlanos
  • 17. 1. Map Flows,  and Processes 2. Identify  Risks 3. Design  Controls 4. Write PPCs 5. Execute and Measure 6. Enhance  and Improve Bottom-Up Program Design Spirit of law + Engineering Mindset © 2013 JuanLlanos
  • 19. * AML Program Elements (Section 352 of the USA PATRIOT Act) 1. A designated compliance officer + professional team  2. Written policies and procedures + operational controls: • Licensing, renewal and reporting procedures (S) • Registration, record‐keeping and report‐filing procedures (F) • KY (Know Your…) Subprograms: Acceptance, monitoring, correction and  termination • KY…Customer • KY…Agent • KY…Foreign Counterparty • KY…Employee • KY…Vendor • Monitoring, analysis and investigating procedures • OFAC compliance program • Response to official information requests • Privacy and information security protection protocols 3. An on‐going training program  • Risk & Compliance Committee 4. An independent compliance auditing function CORPORATE Safeguards* © 2013 JuanLlanos
  • 20. Key Elements of a BSA/AML Program • State Compliance: Licensing, renewal and reporting  procedures // Consumer protection disclosures, etc. • Federal Compliance: Registration, record‐keeping and  report‐filing procedures (F) • KY (Know Your…) Subprograms: Acceptance, monitoring,  correction and termination (Life‐Cycle Management) • KY…Customer • KY…Agent • KY…Foreign Correspondent or Counterparty • KY…Employee • KY…Vendor • SA Detection: Monitoring, analysis and investigating  procedures • Information Sharing: Response to information requests • OFAC Compliance Program • Privacy and information security protection protocols (GLBA) © 2013 JuanLlanos
  • 21. PRODUCT Safeguards • Anonymous identification • No value limits • Anonymous funding • No transaction records • Wide geographical use • No usage limits Cash features Anything we do to counter these will mitigate the risk of our product! © 2013 JuanLlanos
  • 22. CUSTOMER Identification © 2013 JuanLlanos Non‐Face to Face  Card not present standards Non-documentary  contacting a customer; independently verifying the customer’s identity through the comparison of information provided by the customer with information obtained from a consumer reporting agency, public database, or other source; checking references with other financial institutions; and obtaining a financial statement. Documentary  Review an unexpired government-issued form of identification from most customers. This identification must provide evidence of a customer’s nationality or residence and bear a photograph or similar safeguard; examples include a driver’s license or passport. However, other forms of identification may be used if they enable the bank to form a reasonable belief that it knows the true identity of the customer.
  • 23. Authentication Strength Multifactor authentication: • Something the user knows (e.g., password, PIN) • Something the user has (e.g., ATM card, smart card) • Something the user is (e.g., biometric feature) Authentication methods: • Shared secrets • Tokens (smart card, one-time password generating device) • Biometrics (fingerprint, face, voice, keystroke recognition) • Out-of-band authentication • Internet protocol address (IPA) location and geo-location • Mutual identification Source: FFIEC © 2013 JuanLlanos
  • 24. Agenda 1. Risk identification Risk areas  Focus on AML 2. Risk mitigation a) Overview of corporate and product safeguards b) Customer identification and authentication (de-anonymization) 3. SA Detection via Monitoring and Analysis Leveraging the blockchain 4. Unsolicited (contrarian) advice © 2013 JuanLlanos
  • 25. “What customers do speaks so loudly that I cannot hear what they’re saying.” (Paraphrasing Ralph Waldo Emerson) Customer identification vs. customer knowledge BEHAVIORAL ANALYTICS © 2013 JuanLlanos
  • 26. © 2013 Juan Llanos Machine Learning (AI) Methods SUPERVISED LEARNING: relies on two labeled classes (good vs. bad) Goal  Detect known suspicious patterns 1. Training set: a. Select dataset with clean and dirty cases. b. Classification algorithm to discriminate between the two  classes (finds the rules or conditions) c. Probabilities of class 1 and class 2 assignment 2. Run discrimination method on all future purchases.  UNSUPERVISED LEARNING: no class labels Goal  Detect anomalies 1. Takes recent purchase history and summarize in descriptive  statistics. 2. Measure whether selected variables exceed a certain threshold.  (deviations from the norm) 3. Sounds alarm and records a high score. © 2013 JuanLlanos
  • 27. • High amounts  • High frequency • Use of multiple locations  • Use of multiple identities • Use of untrusted device • Values just below threshold • Immediate withdrawals Examples of Known Behaviors © 2013 JuanLlanos
  • 30. • The entire history of Bitcoin transactions is publicly available. • “Using an appropriate network representation, it is possible to associate many public- keys with each other, and with external identifying information.” • “Large centralized services such as the exchanges and wallet services are capable of identifying and tracking considerable portions of user activity.” An Analysis of Anonymity in the Bitcoin System - Bitcoin is Not Anonymous by Fergal Reid and Martin Harrigan (2011) Link: http://anonymity-in-bitcoin.blogspot.com/2011/07/bitcoin-is-not-anonymous.html
  • 31. The victim woke up on the morning of 13/06/2011 to find a large portion of his Bitcoins sent to1KPTdMb6p7H3YCwsyFqrEmKGmsHqe1Q3jg. The alleged theft occurred on 13/06/2011 at 16:52:23 UTC shortly after somebody broke into the victim's Slush pool account and changed the payout address to 15iUDqk6nLmav3B1xUHPQivDpfMruVsu9f. The Bitcoins rightfully belong to1J18yk7D353z3gRVcdbS7PV5Q8h5w6oWWG.
  • 32.
  • 33. Bitcoin Anonymous Untraceable “Invisible to law enforcement and the taxman” © 2013 JuanLlanos Myths?
  • 34. Agenda 1. Risk identification Risk areas  Focus on AML 2. Risk mitigation a) Overview of corporate and product safeguards b) Customer identification and authentication (de-anonymization) 3. SA Detection via Monitoring and Analysis Leveraging the blockchain 4. Unsolicited (contrarian) advice
  • 35. • Get real  WANT vs. MUST vs. CAN • Prevention trumps damage control • Risk MGT  Both reducing downside and increasing upside • Simplicity and common sense • Train for behavior change, not theoretical knowledge • Form-substance continuum  substance • Letter-spirit continuum  focus on spirit (underlying purpose and values) facilitates • Operational synergies (leveraging tech) • Compliance without compromising performance • Flexibility and sustainability © 2013 JuanLlanos
  • 36. SUBSTANCE (be) Handbooks, written policies, talk (lawyers, public relations) Operationalization, quality, walk (compliance officers, engineers, leaders) FORM (seem) © 2013 JuanLlanos
  • 37. “Prosecutors are looking for substantive AML programs (not just paper ones) in determining whether you’re a victim or a suspect.” Former federal prosecutor “A well-written AML program will not by itself be sufficient. It’s the everyday operation, the execution and delivery, that matters.” Wells Fargo MSB Risk Manager © 2013 JuanLlanos
  • 38. Evolution of Regulatory Relations VALUES AND CULTURE REGULATORY RELATIONSHIP Minimum Standards As little as can get away with Unthinking, mechanical Compliance Culture By the book Bureaucratic Beyond Compliance Risk focused, self-policing Ethical business Values-based Spirit, not just letter Focus on prevention Strong learning Policing Enforcement lesson Basic training Supervising / Educating Look for early warnings Themed, focused visits Educating / Consulting Culture development Lighter touch Mature relationship Reinforce best practice Benchmark Reallocate resources to problem firms Source: Financial Services Authority, UK © 2013 JuanLlanos
  • 39. © 2013 Juan Llanos Juan Llanos EVP & Compliance Officer Unidos Financial Services, Inc. 275 Seventh Ave. ‐ 20th Floor New York, NY 10001 Direct: (646) 485‐2264 Mobile: (646) 201‐6217 jllanos@unidosfinancial.com LinkedIn: www.linkedin.com/in/juanllanos Twitter: @JuanLlanos Blog: contrariancompliance.com Thank you!