OSHA 30-Hour Construction (OSHA 30)

Correct: Financial crime standards, including those from FATF, require financial institutions to identify and take reasonable measures to verify the identity of the beneficial owners. A beneficial owner must be a natural person who ultimately owns or controls the customer. Nominee directors are not beneficial owners. If a natural person cannot be identified or if there is suspicion regarding the provided information, the institution must apply a risk-based approach, which includes declining the business relationship and considering a suspicious activity report (SAR).

Incorrect: Accepting a legal opinion or nominee directors as beneficial owners fails to meet the requirement of identifying the actual natural persons in control. Relying solely on registries in secrecy jurisdictions is insufficient because those registries often do not capture ultimate beneficial ownership. Identifying a senior managing official is only a last resort when all other means of identifying a natural person owner have been exhausted and no suspicion exists; in this scenario, the client’s refusal to disclose owners is a red flag that necessitates enhanced due diligence or rejection rather than defaulting to the senior official.

Takeaway: Beneficial ownership verification must always penetrate legal layers to identify the natural persons who exercise ultimate effective control over an entity.

Correct: Layering is the second stage of the money laundering cycle and involves moving funds through a series of complex financial transactions to distance the illicit proceeds from their source and obscure the audit trail. In this scenario, the cross-border swaps and transfers between multiple entities are classic indicators of layering, as they serve to create complexity and hide the origin of the funds.

Incorrect: Placement refers to the initial entry of illicit funds into the financial system, such as the initial deposit of the $450,000. Integration is the final stage where the ‘cleaned’ money is reintroduced into the economy to appear legitimate, such as the final acquisition of the commercial property. Structuring is a specific technique used to avoid reporting thresholds by breaking large cash deposits into smaller amounts, which does not match the complex movement of funds described.

Takeaway: Layering focuses on creating complexity and distance between the source of funds and their eventual use through a series of intricate transactions.

Correct: In the context of terrorist financing, the focus often shifts from the source of funds (which may be legitimate, such as charitable donations) to the destination and end-use of those funds. When informal value transfer systems like hawala are used, there is a high risk of diversion. Therefore, the most appropriate approach is to verify the NPO’s internal controls over field disbursements and ensure that the funds actually reach the intended beneficiaries rather than being intercepted by terrorist organizations.

Incorrect: Focusing primarily on the source of donations is insufficient because terrorist financing frequently involves ‘clean’ money from legitimate donors. Requiring SWIFT messages for IVTS transactions is technically impossible, as these systems operate outside the formal banking infrastructure and do not generate such records. Relying on high-value transaction thresholds is often ineffective for detecting terrorist financing, which frequently utilizes small, low-value transfers (micro-funding) to avoid detection by standard AML monitoring systems.

Takeaway: Effective terrorist financing prevention requires a shift in focus from the legitimacy of the source of funds to the transparency and verification of the end-use and ultimate beneficiaries, especially when using informal transfer systems or charities in high-risk areas.

Correct: Hawala and other IVTS operate on a trust-based system where value is transferred without the physical movement of money between the originator’s and the beneficiary’s locations. Because settlements between brokers (haqualdars) are often netted out or settled through trade-based money laundering or other informal means, there is no traditional bank-to-bank audit trail for specific individual transfers. This lack of transparency makes it extremely difficult for financial institutions to verify the ultimate source or destination of funds, which is a primary vulnerability exploited in terrorist financing.

Incorrect: The suggestion that high transaction fees are a characteristic is incorrect, as IVTS are generally preferred because they are more cost-effective than traditional banks. The idea that brokers use standardized electronic ledgers is inaccurate; most IVTS records are informal, coded, or non-standardized, making them difficult to interpret rather than being ‘encrypted’ in a modern IT sense. Finally, while some jurisdictions attempt to register brokers, they are not registered with the FATF itself (which is a policy-making body, not a registry), and many operate entirely outside of any formal regulatory framework.

Takeaway: The primary risk of informal value transfer systems in terrorist financing is the absence of a transparent, centralized audit trail due to the trust-based, non-physical nature of the value transfer.

Correct: A risk-based approach is the fundamental principle of effective due diligence. It requires the organization to allocate more resources to higher-risk relationships, such as those involving government procurement in high-corruption jurisdictions. Identifying ultimate beneficial owners (UBOs) is critical to prevent shell companies from being used for bribery or money laundering, while adverse media screenings and ongoing monitoring ensure that new risks are identified throughout the lifecycle of the relationship.

Incorrect: Applying a standardized questionnaire to all partners fails to account for the specific risks associated with high-risk jurisdictions or industries, potentially leaving the firm exposed to undetected threats. Relying solely on self-certifications or representations is insufficient because it lacks independent verification, which is a key requirement of regulatory bodies like FATF. Focusing primarily on financial stability and credit history addresses operational risk but ignores the legal and reputational risks associated with financial crimes such as corruption and money laundering.

Takeaway: Effective third-party due diligence must be risk-based, focusing on beneficial ownership and continuous oversight rather than static, one-size-fits-all administrative checks.

Correct: Under OFAC and UN Security Council frameworks, financial institutions are required to block (or freeze) property and interests in property of designated individuals or entities as soon as they are placed on the sanctions list. In the context of a securities trade, if a party is designated before settlement, the firm must not complete the transfer of value to the sanctioned person. Instead, the firm must block the assets and the funds, effectively stopping the transaction in its tracks, and report the blocking to the relevant authority (such as OFAC in the United States).

Incorrect: Completing the settlement would constitute a prohibited provision of financial services and a dealing in the property of a sanctioned person. Returning the funds to the client’s bank account is also prohibited, as it involves transferring value to a sanctioned party rather than freezing it. Waiting for a specific seizure order is incorrect because sanctions lists are generally self-executing; the publication of the name on the list creates an immediate legal obligation for the institution to freeze the assets without further specific instruction from the government.

Takeaway: Sanctions compliance mandates the immediate freezing of assets and blocking of transactions involving designated parties, overriding standard contractual settlement obligations.

Correct: The first strategy is the correct approach because effective sanctions compliance requires a risk-based methodology that goes beyond exact name matches. Sanctions lists often contain aliases, and bad actors frequently use slight variations in spelling to bypass automated filters; fuzzy matching is designed to catch these variations. Furthermore, regulatory frameworks like OFAC’s 50 Percent Rule dictate that entities owned by sanctioned individuals are also considered sanctioned, making the identification and screening of ultimate beneficial owners (UBOs) and all parties in the payment chain essential for mitigating legal and reputational risk.

Incorrect: The second strategy is incorrect because exact matching is easily circumvented and fails to address the risk of sanctioned entities operating through subsidiaries or using aliases. While straight-through processing is an operational goal, it cannot supersede the regulatory requirement to block prohibited transactions. Relying solely on the originating bank’s screening is a violation of the independent obligation each institution has to ensure it does not facilitate transactions for sanctioned parties. Finally, while avoiding litigation from innocent parties is important, the regulatory penalties for a sanctions breach are generally far more severe than the risks associated with temporary delays for manual review.

Takeaway: Comprehensive sanctions screening must utilize fuzzy matching and include beneficial owners and intermediaries to prevent evasion through name variations or complex ownership structures.

Correct: The principle of dual criminality is a cornerstone of international cooperation, requiring that the activity being investigated is a crime in both the requesting and requested jurisdictions. Furthermore, for evidence to be admissible in court, the request must be executed according to the legal standards and procedural requirements of the requested state. Failure to meet these criteria often leads to the denial of Mutual Legal Assistance (MLA) requests or the subsequent exclusion of evidence during trial.

Incorrect: While informal FIU channels are excellent for intelligence gathering and ‘leads,’ they generally cannot be used to produce evidence for a criminal trial or to execute formal coercive measures like asset freezing without a subsequent formal MLA request. Prioritizing tax reciprocity over the specific legal requirements of the money laundering predicate offense ignores the fundamental legal hurdles of MLA. Including a list of all suspected participants is a tactical choice but does not take precedence over the legal validity and procedural compliance of the request itself.

Takeaway: Effective mutual legal assistance depends on satisfying the dual criminality requirement and meticulously following the requested jurisdiction’s procedural laws to ensure evidence admissibility.

Correct: When a financial institution modifies its sanctions screening parameters, such as fuzzy matching thresholds, it must perform a formal validation and impact analysis. This ensures that the change does not inadvertently filter out true matches (false negatives). Conducting a retrospective look-back on the alerts that would have been generated under the old threshold allows the bank to demonstrate that no actual sanctioned parties were missed, thereby satisfying regulatory expectations for a risk-based approach and sound model governance.

Incorrect: Reverting the threshold to 80% without analysis is a reactive measure that does not address the underlying failure in the bank’s change management and validation processes. Requiring the Chief Compliance Officer to review every single alert is operationally inefficient and contradicts the principles of a risk-based approach, which suggests focusing senior resources on high-risk cases. Replacing the entire software system is a disproportionate response that fails to address the immediate compliance gap regarding the current system’s configuration and documentation.

Takeaway: Any adjustment to sanctions screening parameters must be supported by a formal risk assessment and technical validation to ensure the bank remains within its risk appetite and regulatory requirements.

Correct: Under most international AML standards and CFCS principles, while a financial institution may rely on a third party to perform some elements of CDD, the ultimate responsibility for ensuring the customer is properly vetted remains with the institution that has the relationship. For high-risk customers, such as those from jurisdictions under increased monitoring, Enhanced Due Diligence (EDD) is required. This specifically includes independent verification of the Source of Wealth (SoW) and Source of Funds (SoF) to ensure they are not derived from illicit activities, as a summary or attestation from a third party is insufficient for high-risk profiles.

Incorrect: Accepting a third-party KYC file without further verification is a common failure in high-risk scenarios where EDD is mandated. Simplified due diligence is never appropriate for customers from jurisdictions with strategic AML deficiencies or those flagged as high-risk. Legal liability for compliance cannot be transferred to a third party through an indemnity letter; the primary institution remains regulatory accountable for its own AML program and customer base.

Takeaway: Financial institutions retain ultimate responsibility for EDD and must independently verify high-risk factors like source of wealth, regardless of third-party introductions.