Nowhere to hide dirty money as Big Brother steps up bank surveillance

**Customers queue at Post Bank's headquaters on September 16, 2016. [Wilberforce Okwiri, Standard]**

The government’s spying juggernaut has stretched its tentacles deep into the financial sector and is now pushing commercial banks to actively snoop on accounts of millions of Kenyans.

A document seen by the Sunday Standard gives a glimpse into just how deep the operation has gone, in what has seen commercial banks set up huge departments to cope with the increasing demands.

It shows how banks are required to classify and report on suspicious activities and should do so without attracting a whiff of attention from the account holders.

In the push to deal with financial crimes, financial institutions are required to populate a special list of people coded as Politically Exposed Persons (PEPs) as well as their relatives and close business associates and must report to the intelligence machinery any changes in the patterns of their transactions.

In a click of the button, it is easy to know the public official whose wealth and transactions linked to them is disproportionate to their sources of income.

This perhaps now explains why many politicians with unexplained wealth are opting to keep millions of shillings in foreign currencies, with the US dollar being the most preferred. Others now just stash the cash in briefcases to keep off this scrutiny.

The PEP list includes state officials among them judges, chairmen of parastatals, and all elected leaders from ward representatives all the way up to governors as well as some individuals who trade with government and in the private sector.

Review sources of information

The document is corroborated by responses given by five commercial banks to the Central Bank of Kenya (CBK), after they were fined for not updating their customers on the lists after being appointed into government office.

Commercial banks go a step further to review public sources of information including the internet and company registries.

Every bank then is required to maintain an updated local PEP database which is initially created from public sources such as the Parliamentary Service Commission (PSC) database, Independent Electoral and Boundaries Commission (IEBC), State House briefs, major news publications among others.

This is further enhanced through regular updates following review and consultations with branches to validate the list and identify family members and close associates. This list is updated periodically after elections.

Some commercial banks have gone further to purchase commercial databases that lists international and local politically exposed persons such as the Dow Jones Watch list, which is used to screen customers to facilitate enhanced due diligence.

The Central Bank of Kenya (CBK) is in charge of enforcing compliance and wants banks to ensure they subject all PEPs to three measures.

Banks must take adequate measures to establish the source of wealth and source of funds, get information on immediate family members or close associates of anyone who has authority over accounts opened by the politically exposed persons.

They are also required to continuously monitor these accounts and churn out intelligence briefs to trigger investigations.

Their discreet reports are filed to the Financial Reporting Centre, which is the nerve centre of monitoring financial crimes in the country, or any other transaction that does not seem to add up. They should however never make their customers aware that they are snooping on them.

And it is not just public servants.

From the day you walk into a banking hall and open an account, banks now screen you against a list of politically exposed persons to determine the amount of spying information to hand over to State agencies. Opening bank accounts now require one to submit their Personal Identification Number, which has made the connections much easier.

The push to have mobile money also looped into the spying system to complete the circle is still on despite resistance by mobile companies. The main consumers of this information are the Banking Fraud Unit that is under the Directorate of Criminal Investigations (DCI), who feed on this intelligence as soon as it is reported.

The irony is that despite these mountains of intelligence accessible to government agencies, the responsible officials either fail to act in time or are willing participants watching from the sidelines as taxpayers are swindled as was witnessed in the NYS scandal.

To classify one as a politically exposed person, banks conduct a continuous Know Your Customer (KYC) exercise on each customer.

As soon as one is established to be a PEP either during the bank account-opening stage or after being appointed, they are added on the PEP list. New accounts are screened against this list.

“During account opening and on an ongoing basis, all customers are screened against the full PEP list. All potential customer’s noted as PEPs/High risk must receive senior management approval before the account is opened, or undergo remediation if already opened,” a document by KCB documenting how it deals with it PEPs shows.

On the account-opening form, the customer is required to identify the source of income or nature of employment. The volume of expected cash flow through the account are also obtained and recorded on the account opening form.

“This information is obtained during the interview process at on-boarding.”

Going forward, the politically exposed persons must provide all the documentation to support large payments. If they fail, commercial banks are required to immediately file a Suspicious Activity Report (SAR), which is the first report that triggers further investigation.

All accounts belonging to politically exposed persons are marked as high risk and monitored under the ‘High Risk Entity scenario’ in the anti-money laundering system. This is done through physical monitoring at their branch level.

Filed the suspicious report

“All PEPs identified are rated as high risk customers and a PEP flag is marked on the banks core banking system,” the KCB report adds.

The snooping goes all the way to the MCAs. For instance, a Mandera-based MCA, who is currently being investigated, opened an account in one of the commercial banks in the area in 2016.

At the time, he was not an MCA so he was not classified as a PEP by his bank. But as soon as he was elected an MCA in Mandera County in 2017, his status in the system was immediately upgraded to a PEP and monitoring of his account started. At the branch level, the bank says it interviews customers whenever it suspects out of normal profile of customers transactions and request for supporting documentation.

If it is not satisfied, the branch files an internal suspicious activity report (SAR). The branches are required to ensure they do not raise any suspicion or tip off their customers that they have filed the suspicious report on them.

“Customers transacting more than USD 10,000 or the equivalent in Kenya shillings are always required to fill in the large cash declaration forms,” the bank says. The manager, service quality and compliance at each branch reviews large debit and credit reports for unusual large transaction or frequent activities on a daily basis.

The suspicious reports are received at the head office in Nairobi by central compliance officers who review each report to validate the suspicion and guard against malicious reporting.

Where the suspicion is sustained, the Money Laundering Reporting Officer (MLRO) files the report to the FRC.

When it comes to physical monitoring of accounts, branches and other operating units require that transactions are well supported by the Know Your Customer (KYC) principle, and necessary documentation.

The bank says over the counter transactions above Sh500,000 are referred to a second level authority for review and approval before such transactions are completed.

“On a daily basis, branches receive large transactions reports which the managers service quality and compliance review for any large and unusual transactions,” the bank says.

KCB says it feels these controls are adequate to reduce money laundering risk and that its reports should have prompted investigations at the time it flagged the transactions and reported to the CBK instead of being penalised.

“The banks AML framework and the dedicated and thorough work of its branch and AML staff provided the FRC with a detailed report that should have prompted investigations then,” the report says. “The bank and the said team should be lauded not penalized for doing what the AML framework is supposed to do.”

The lender says the rules governing the Real Time Gross Settlement (RTGS) provides that the RTGS transfers are final and irrevocable.

It says its hands were tied since once the remitter bank is debited and the receiver bank credited, the remitter cannot reverse the transaction. The creditor is also required to credit the customer within two hours of receipt of funds.