Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
65 Cards in this Set
- Front
- Back
|
What is asset misappropriation fraud also known as? |
Insider fraud |
|
|
What is asset misappropriation/embezzlement? |
When people who are entrusted to manage assets of an organisation steal from it |
|
|
According to UK fraud reporting centre, asset misappropriation fraud includes what? |
Embezzlement Deception by firms employees False expense claims Payroll fraud Ghost employees Data theft Intellectual property theft |
|
|
What's the difference between embezzlement and stealing? |
Embezzlement is stealing resources you were hired to handle/protect done from inside the firm |
|
|
How may Asset misappropriation harm a business? |
Small/new businesses mainly affected. May have to raise prices on goods and services. May have to lay off staff they can't afford. Reputation also spoiled. |
|
|
Who do you have to report asset misappropriation fraud to in the UK? |
The UK national fraud and cyber crime reporting centre, action fraud. |
|
|
How do Action fraud recommend that organisations take steps to help protect themselves from asset misappropriation fraud? |
Vet staff with CVs and references. Implementing whistleblowing policy. Controlling access to buildings/systems. Restrict/monitor sensitive info. Impose clear segregation of duties. Considering job rotation. Tiered authority & signatory levels. Reconciling bank statements. Auditing processes/procedures. Promote culture of Fraud awareness. Adopt/implement zero tolerance toward employee fraud. Clear response plan in case fraud is discovered. |
|
|
What is customer data? |
Any personal customer information held in any format by the financial institution. |
|
|
Fraudulant activities can cause considerable damage to financial activities. What impact can such activities lead to? |
1. Reduced profits and potential risks to firms financial stability. 2. damaged reputation and fines 3. increased costs from investigations, remedial action and new systems/controls |
|
|
How do criminals target firms to steal data? |
1. placing people as employees 2. theft of computers/files 3. using social engineering to obtain customer info |
|
|
What is the difference between fraund and erro in misstatement of financial circumstances? |
Whether the underlying action that results in the misstatement of the financial statements is intentional or not. |
|
|
What is the PCAOB and who created it? |
The US Public Company Accounting Oversight Board created under SOX. |
|
|
Misstatement of financial circumstances can be accomplished many ways including...? |
1. Manipulating/altering/falsifying accounting records that financial statements are prepared from 2. misrepresentations/omissions from financial statements 3. intentional misapplication of accounting principles- amounts etc |
|
|
What are examples of Corporate Malfeasance? |
It can be unethical to illegal. Can be attempts to defraud investors with false finacial reports or corporate espionage etc. |
|
|
Firms can outsource tasks to third partys but they are still responsible and accountable for all decisions/actions taken. What is the FCA's obligation in line with this? |
Firms must have appropriate oversight and outsourced arrangement and meet their responsibilities to deliver fair outcomes. |
|
|
If a firm appoints a representitive, what must it ensure it complies with? |
The record keeping obligations under MLR 19 2007. |
|
|
The risk assessment process can be divided in to what three distinct sequential phases? |
1. determine the inherent risk 2. assess the internal control environment 3. derive the residual risk |
|
|
What does inherent risk represent? |
The exposure to ML, sanctions, bribery and corruption risk in the absence of any control environment. |
|
|
When a company is non compliant with the legal risks - laws, regulation, guidance etc, regulatory fines and heavy penalties are levied for any regulatory violations along with what? |
Commitments to undertake ongoing actions - ie have a team appointed by regulators for ongoing monitoring. |
|
|
How does the Bank for International Settlements (BIS) define operational risk? |
The risk of loss resulting from inadequate/ failed internal processes, people and systems or from external events. |
|
|
What does Bank for International Settlements - BIS believe crucial elements of an effective operational risk management framework are for banks of all sizes? |
1. Clear risk oversight by the board and senior management. 2. A strong operational risk culture 3. A strong internal control culture including: - Clear lines of responsibility - Segregation of duties - Effective internal reporting - Contingency planning |
|
|
Linking the beneficial ownership in corruption is critical in combating financial crime. Most corrupt money is moving through complex money trails- shell companies/false legal structures. |
The corrupt exploit transnational corporate constructions that are hard to penetrate. most corruption cases rely on corporate vehicles/legal structures to conceal ownership of assets. |
|
|
Studies by FATF, StAR and UNDOC explored the misuse of corporate vehicles for ML/TF. It found that lack of BO info disguises what 3 things? |
1. Identity of known criminals 2. True purpose of account/assets held by a corporate vehicle 3. Source/use of funds by a corporate vehicle |
|
|
The BO of companies is not always easy to extract, especially in waht cases? |
1. Shell companies 2. Complex ownership with many layers 3. Bearer shares 4. Unrestricted use of legal people as dircetors 5. Formal nominee shareholders where the identity of the nomionator is undisclosed. 6. Informal nominee shareholders - family 7. Trusts- separating legal ownership and BO of assets 8. Intermediaries in forming legal persons |
|
|
What are the two definitions by MLR of a PEP by association? |
1. An individual who has joint BO of an entity with a PEP 2. An individual who has sole BO of an entity set up for the benefit of a PEP |
|
|
The Wolfsberg Group developed a four point rating scale for country risk. What other risk factors do some regulators include? |
1. Countries with bank secrecy laws 2. Poor KYC requirements 3. Poor cross border monitoring 4. No LCR reporting requirements 5. No financial record keeping requirements 6. Ease of incorporation, with bearer/nominee shares 7.Poor bank regulatory controls 8.Tax haven banking systems 9. Where charitable organisations are used as avenues for ML/TF 10. Limited narcotics, ML/FC enforcement due to lack of skills 11. Official corruption 12. Significant trade in gold/diamonds/gems 13. Black market economies |
|
|
How do the FATF define a BO? |
Person who ultimately owns/controls a customer/person on whos behalf a transaction is being conducted. |
|
|
Which two FATF recommendations are in relation to beneficial ownership? |
24- legal persons and 25- legal arrangements |
|
|
MLR verifictation requirements for customers and BO's differ how? |
Customer must be verified by documents or data. The firm takes a risk based approach on BO's and adopt adequate measures to ensure it knows who the real BO's are |
|
|
What activities make it easier to conceal underlying beneficiaries? |
1. Customers based in HR jurisdiction or where higher levels of corruption are known 2.Customers in cash businesses or business with high levels of corruption 3. Customers engaged in industries relating to proliferation activities. |
|
|
What are the three main ways of creating opaque corporate structures? |
1, Capital in the form of bearer shares 2. Shell banks 3. Anonymous accounts |
|
|
What are firms restrictions in terms of shell banks according to MLR regulation 16 and FATF 13?
|
Unable to have a relationship with a shell bank or a bank that is known to permit accounts to be used by a shell bank |
|
|
Who can conflicts of interest arrise between? |
1. Institution & client 2. Bank vendor & client 3. 2+ clients |
|
|
What does principle 8 of FCA Principles for Business require firms to do in respect of conflicts of interest? |
Manage them fairly between itself and customers. Board of directors/senior management need frameworks to ID/control/review them. |
|
|
What are the basic key principles in conflict of interest policies? |
1. Definition of conflict of interest 2. Possibilities of future conflicts 3. Criteria of declaring CoI situation 4. Addressing the CoI |
|
|
What is a Chinese Wall? |
A business information barrier to stop CoI |
|
|
How can criminals steal data from financial firms? |
1. Fake emploees downloading data on USB 2. Theft of computers etc 3. Phising scams |
|
|
What is the objective of an audit? |
See if financial position, results of operation, cash flow seem fair |
|
|
What is whistleblowing? |
When an employee reports suspected wrongdoing at work
|
|
|
Who are the prescribed person under the Public Interest Disclosure Act? |
The FCA. PIDA protects employees who whistleblow |
|
|
What are the two specific actions to be taken under the Anti Corruption Plan 2014? |
1. Home Office/ Department for Business Innovation & Skill (BIS) to consider incentives/support for whistleblowers in bribery/corruption 2. BIS evaluate implementation of whistleblowing provisions |
|
|
What are the new key rules on whistleblowing for a firm as set out by FCA and PRA? |
1. Senior manager as whistleblowing (WB) champion 2. Internal WB arrangements 3. Put in writting employees allowed to WB 4. Advise UK staff of FCA & PRA WB services 5. Annual WB report 6. Infrom FCA if lose WB tribunal |
|
|
The FCA 'financial crime a guide for firms' views it as good practice if in a firm: |
-staff in higher risk roles have more thorough vetting -temp staff in HR roles have similar vetting to perm staff -employment agencies used then firm ensures vetting standards ok |
|
|
How is a penetration test defined? |
Process of systematically testing a network in a FI to determine weaknesses |
|
|
What does a penetration test do? |
Stimulates actions of an external/internal cyber attacker, breaching information security of the organisation |
|
|
What is a vulnerability assessment? |
Process of identifying and quantifying security vulnerabilities. Includes mapping of the network. This forms first part of penetration test. |
|
|
Penetration testing v vulnerability assessment |
Vulnerability is not so intrusive, doesn't require the same technical capabilities |
|
|
What does the FCA require that all regulated firms and some unregulated firms should produce what in relation to handbooks? |
Appropriate documentation of risk management policies and risk profiles in relation to ML including documentation of that firms application to these policies. |
|
|
What are regulations also referred to? |
Delegated legislation or secondary legislation made by a minister, public body or by a parliamentary law. Can be called orders rules regulations schemes or codes |
|
|
What is a code of conduct? |
A set of rules that outline rules and responsibilities. Set benchmark for behaviour. You can have voluntary and mandatory codes |
|
|
Voluntary codes encourage organisations to operate in a manner beneficial to the organisation and community. All codes have what commonalities? |
1. Non legislative mandated commitments 2. One or more indiciduals/organisations subscribe 3. Designed to influence, shape, control behaviour 4. Applied in a consistent manner 5. Try to reach a consistent outcome |
|
|
Mandatory code |
Prescribed and drive their validity from legislation, regulation or rule. UK corporate governance code sets standards of good practice re board leadership and effectiveness , accountability. |
|
|
JMLSG is made up of the leading UK trade associations. It's aims to promote good practices in countering money laundering and give a practical assistance in interpreting the UK mlr's. How's this achieved? |
Through the publication of industry guidance for the financial sector with JML SG has been producing since 1990. |
|
|
What does POCA require a court to do in terms of legal status |
Take account of industry guidance when considering if a person has committed the offence of failing to report |
|
|
What three data types can be collected by the Enterprise |
1. traditional Enterprise data from customer information systems including online transactions and financial data 2. machine or sensor generated data including web blogs, smart metres, sensors 3. social data from customer feedback streams, blogging and social media |
|
|
Effective DD techniques (EDD) |
Background checks, screenings DD of new employees. Background checks on employees must be repeated periodically. |
|
|
Risk management definitions |
Risk is the relationship between the likelihood that some threat will Harm an information asset and the impact or effect that the incident could potentially have |
|
|
What two important factors must be considered when considering risk management |
Asset value and vulnerabilities |
|
|
The most vulnerable point in most information systems ïs humans. What do the ISO/IEC recommend is examined in a risk assessment? |
Security policy Organisation of info security Asset management HR security Physical/environmental security Communication/operations management Access control Systems development Info security incident management Regulatory compliance |
|
|
What does the IAM Identity and Access Management system provide? |
Framework to facilitate the management of electronic identities. |
|
|
What role do industry groups and guidance bodies play in facilitating practical solutions for business? |
1. Discussion groups on issues and practices. 2. Set common ethical and technical standards providing practical solutions for businesses 3. Admission to membership of profession 4. Training to those who wish to join the industry 5. Paying/encouraging research in to new techniques |
|
|
What is SWIFT? |
Society for worldwide interbank financial telecommunications. Member owned cooperative , industry driven initiative |
|
|
What are the functions of an audit committee? |
1. Monitor the integrity off the company's financial statements 2.monitor internal controls/effectiveness of internal audit 3. Recommend external auditors 4. Monitor extramarital auditor independence |
|
|
PLCs are obliged to have what in terms of audit committees? |
At least three independent non executive director |
|
|
Internal audit should have clear responsibilities and reporting lines to an audit committee/senior manager. Be adequately resourced and independent |
External audit should be independent by qualified accountant on the annual accounts to report to shareholders. They can give advice on potential areas of business risk. |
