Agenda
Day 1 - Financial Crime: a risk management approach
Participants will examine the legal and regulatory framework in which they operate and how accountability, correct supervision and management, taking into consideration legal, reputational and other risks, mitigates exposure to the risks posed by criminal and divisive elements. Participants will receive intensive training on how to execute, observe and identify problems. Specifically, the session will highlight the internal threat posed by staff and and ‘planted’ employees. Such individuals are best placed to take advantage of any complacency or lax controls and recent figures reveal that they account for nearly eight out of ten cases of fraud. Organisations must recognise the warning signs and the factors that drive and motivate internal financial crime. Participants will learn due diligence in all areas of employee recruitment and monitoring.
Financial Crime: a risk management approach
- Inspections
- Investigations
- Prosecutions
- Freezing and seizing criminally derived assets
Typologies of Money Laundering & Terrorist Financing
- Defining ‘money laundering’
- Whitening tools
- Real Estate
- Tax and Duties fraud
- Trade based money laundering
- Alternate remittance systems (Hawala, Hundi, etc.)
- Misuse of non profit organisations
Legal Measures and Cooperation
- FATF/IAIS/OECD/UN/IMF/World Bank
- US and EU initiatives
- Private initiatives
- Impact of sanctions
- Financial Intelligence Units
- National & International Cooperation, Intelligence Sharing
Regulatory Risk Management Framework
- Basic components
- Risk analysis
Day 2 - The ELECTRONIC THREAT
This intensive one-day seminar examines computer related threats in the business environment and the technical and procedural methods to investigate computer misuse. Participants will discover how best to respond to a suspected fraud or computer crime in the workplace and the many legal pitfalls that can entrap the unwary when gathering evidence. The actions taken by those initially at the scene of computer misuse largely determine the success or failure of the ensuing investigation. This reinforces the necessity to train “first responders” in the immediate steps that must be taken to preserve evidence and ensure its admissibility. The programme emphasises proven and practical solutions to a variety of technical emergencies and demonstrates current “best practice” for computer crime incident response. Emphasis is placed on interactive, realistic training where attendees, working in teams, are required to investigate a number of cases that are based on real incident
COMPUTER THREATS
An overview of the risks and the mechanics of:
- Computer fraud
- System sabotage, extortion, e-crime and misuse including case studies
Incident Response Methodology:
- Chain of command and coordination
- Operational security
- Audit and Test
- Liaising with external agencies
- The computer forensic response team
- Secure exit procedures when employees are suspended or dismissed
Investigation Methodology
An overview of the Process and Procedure:
- The Initial Circumstances
- Investigation Process
- The Successful Investigation
- Covert Investigations
Computer Evidence
Controlling the electronic crime scene:
- How to handle, collate, store and present admissible computer evidence
- Presenting technical evidence in a courtroom, inquiry or at a tribunal
An overview of Tools and Techniques:
- Forensic Data Recovery
- Data Investigation Methods
- Electronic Evidence Presentation
Prevention & Detection
ISO 27001 - International Standards of Information Security Management
- The Latest Techniques
- Computer Crime Trends
Live Demonstration
“You are the Internal Audit Offi cer and a financial manager has just handed you a USB thumb drive that was confi scated from an employee on dismissal for IPT and Fraud. The manager believesthat the thumb drive may contain intellectual property and financial records. However, having no incident response methodology you previewthe thumb drive and nothing is visible and the drive appears to be empty?”...This demonstration will show the process of forensic data acquisition and preview the initial process of recovery of evidence...
Q&A 16:30
General Q & A Session on the topics covered during the day
Day 3 - The Internal Threat
The insider remains the greatest danger to any organisation, and the threat is increasing. Participants will learn the tricks and techniques used by organised crime gangs to infi ltrate fi nancial institutions and government departments including tax authorities, and the ways
in which government employees are turned into agents of organised crime gangs and, even, individual taxpayers. We examine how systems and controls within the organization can reduce the risk of recruiting problem personnel and how to identify those who are at risk of being recruited by organised criminals or opportunistic individuals - and how to identify those who have, or may have, already been recruited by criminals. Participants will learn how to apply a carrot and stick approach to compelling the disclosure of information relating to fi nancial crime and about the protection of whistleblowers and other informants and witnesses. Participants will learn techniques to reduce the risk of fraud, corruption and other fi nancial crime within the organisation. In discussion groups, participants will examine case studies of fi nancial crime and suggest ideas in which the organisations concerned may have better protected themselves.
Identifying the Risk and Control Areas
- Personal integrity, e.g. confl icts of interests, corruption, abusive information, abuse
of position, insider trading
- Organisational integrity, e.g. Fraud, failing procedures, failing third party interests,
legal risks, reputational risks
- Case study - “Too big to fail” (TBTF Bank)
Personal Integrity
- Trustworthiness Test, including debating exercise
- Recruitment & Human Resources
- Integrity sensitive positions and screening
Organisational Integrity
- Good Governance
- Institutional culture, tone at the top, exemplary behaviour, employee appraisal systems
- Aspects of management and organisation, including incident management, asset tracing
and recovery, policies and procedures
Case Study
DAY 4 - Money Laundering, Terrorist Financing & Compliance
New and emerging legislation and international regulations require the utmost vigilance and supervision. Participants will take a more detailed look at compliance systems in fi nancial institutions and consider how those systems, or something similar, may be applied
in commercial organisations outside the fi nancial sector and within government departments. Participants will learn the basic principles of money laundering through case studies wth specific attention paid to international and parallel banking mechanisms, and the use of a wide range of vehicles. Participants will also learn of impending threats and how to identify the mechanisms that are likely to be vehicles for financial crime including money laundering and terrorist financing.
Supervisory Approach to AML & CFT
- Identifing risks ensuing from banking and insurance activities
- Risk themes from a supervisory perspective: money transactions, real estate investments
- Compliance, including MLRO function
Customer Due Diligence
- FATF
- Basel CDD
- AML & CFT Risk indicators in banks nd insurance companies
Case Studies
- Money Laundering
- Transfer Pricing
- Operation of offshore companies and Trusts
- Market abuse and Stock Exchange manipulations
- Secrecy Laws and client confi dentiality
DAY 5 - Intelligence, Identification & Powers of Authority
(recent & proposed legislation) / Notification
Frauds inevitably happen and damage will be suffered. As part of an effective fi nancial crime prevention programme, it is essential to have a strategy in place to limit that damage. Key areas including obtaining effective intelligence; the identifi cation of the fraudster; and compliance by both the victim organisation with its reporting obligations and its officers with their legal duties to safeguard its assets. The recovery of assets requires specialists to deliver a strategy that is capable of being enforced on an international basis whilst consideration needs also to be given as to how the powers of the criminal authorities can best be used.
Intelligence and Identificaction
- Data matching
- Data sharing
- Disclosure
- ID Cards
- False ID documents and misuse
- Penalties for misuse
- Impersonation of the deceased
Notification
- Directors
- Regulators
- Shareholders
- Insurers
- Police
Asset Recovery
- Instructing lawyers
- Litigation options
- International co-operation
- Separate organisation and employee
Internal and external communication
Case Studies / Working Groups