- President, Clement Advisory Group - AML Services
- Officer-in-Charge, Proceeds of Crime, Royal Canadian Mounted Police
- Managing Director, IPSA International, Toronto
- Operations Officer, Executive Diplomatic Protection, assigned to Canadian President Chretien
- Foreign Service Liason Officer, Hong Kong
- Garry’s 1996 undercover operation into tobacco smuggling from the US into Canada which resulted in the highest civil penalty against the cigarette companies in Canadian History
- All 7 Best Practices
- Pre-Call Discovery Process
- One-on-One Call with Expert
- Session Summary Report
- Post-Session Engagement
Anti-Money Laundering - Banks - Canada
- Financial institutions misunderstand how criminals launder money and take advantage of financial sector organizations.
Organized crime and criminality rely on expertise much like a legitimate investor. Large criminal organizations are aided by what we refer to as gatekeepers: accountants, lawyers, investment advisers, realtors and others who are either witting or unwitting participants.
Cases have shown that organized crime is very successful in co-opting individuals at all levels of financial, legal, governmental and regulatory organizations. A "capo," or captain, from a New York crime family told me directly that without cooperating insiders, money laundering would be very difficult.
- Senior management and boards of financial institutions are not adequately briefed on their role and responsibilities in preventing money laundering.
As a result, boards of advisers or boards of directors fail to fully understand the regulatory requirements around money laundering, terrorist financing, foreign corrupt practices and internal investigative matters that can have a big impact on the organization.
Far too often, when briefings do occur, it is left to a chief compliance officer who may not have direct experience with money laundering prevention. An outside expert with that experience can provide concrete examples based on real life. Lacking that, the compliance briefing may fail to state the realities the organization could be facing.
- Organizations misappropriate internal resources or lack expertise to effectively and objectively deal with money-laundering issues.
It is essential that organizations recognize that the threat of the "enemy within" is as real as that of criminals attempting to use their services from the outside. Experience has shown me that given the right circumstances, anyone is capable of being co-opted. Drug and gambling addictions are far too common, and organized criminals can capitalize on these human weaknesses.
The financial sector survives on commissions and bonuses and, therefore, success equates to the profitability of the individual employee's client portfolios. This can lead to greed usurping ethics. Annual security briefings for employees are essential to ensuring a healthy organization.
- Organizations lack understanding related to developing a robust risk assessment.
A risk assessment must includes products, services, delivery channels, geography (locally, nationally, and internationally) and client differentiation. Every organization has its own niche and therefore no two organization's risks are the same.
In developing a viable risk assessment, organizations should utilize subject matter experts from each service area, and also an outside subject matter expert as a moderator, to develop an effective risk profile that is objective and can be defended. Each organization's risk assessment should be reviewed annually.
- Organizations fail to recognize the impact of poor or improper computer security.
Many corporations are fully reliant on in-house IT departments. Unfortunately, many of these departments are understaffed and the personnel spend the majority of time assisting employees with basic computer issues.
The threat of cybercrime and cyber-attacks dictate that managing security is a 24/7 responsibility. Personnel need to be able to maintain a level of expertise that for most organizations is not cost-effective. Therefore, organizations need to have an outside evaluation to assess their ability to withstand a cyberattack.
Recent cases have shown that a loss of client data can subject the organization to reputational damage and large civil actions.
- Internal IT departments fail to focus on macro issues that may result in vulnerability to cyberattack.
Internal IT departments deal primarily with micro issues such as dealing with employee operations problems. Executives find cumbersome security measures a nuisance and thus many do not have appropriate levels of security.
Cybercrime has evolved and will continue to. Many organizations are ill-prepared and fail to take action until they are compromised. It is essential to focus time and energy on the macro issues.
- Organizations lack awareness of to how to deal with potentially volatile situations.
For example, disgruntled employees or employee collusion with organized crime. Organizations need to accept that they continually face the risk of being compromised and implement measures to ensure that employees prone to nefarious activities are identified and weeded out quickly.