Amsterdam Business School
MSc Accountancy & Control, specialization Accountancy
Faculty of Economics and Business, University of Amsterdam
Master Thesis:
The auditor in the front line of
combatting money laundering and the
financing of terrorism
Name: Angelique Esclodina Student number: 10467823 1st Supervisor: Mr. Ron van Loon
2
Statement of Originality
This document is written by student Angelique Esclodina who declares to take full responsibility for the contents of this document.
I declare that the text and the work presented in this document is original and that no sources other than those mentioned in the text and its references have been used in creating it.
The Faculty of Economics and Business is responsible solely for the supervision of completion of the work, not for the contents.
3
Content
Introduction ... 6
Chapter 2: Literature review ... 10
2.1 Describing the Financing of terrorism ... 10
2.1.2 Financial Sources of financing terrorism ... 12
2.2.1 The indirect effects of terrorism ... 15
2.3 Definition and characteristics of Money Laundering ... 16
2.4 The link between the auditor and illicit activities ... 17
2.5 Rise in illicit activities, increase of risks ... 18
2.5.1 Risk Management Model ... 19
2.6 The audit function responsibility ... 21
Internal Auditor ... 21
External Auditor ... 22
2.6.1 The auditor as a moderator ... 23
2.6.2 Limitations for the audit function ... 24
2.6.3 Dutch guidelines on Money Laundering and Financing of Terrorism ... 25
2.7 Sub Conclusions ... 27
3. Methodology ... 29
3.1 Research Method ... 29
3.2 Data Collection ... 29
3.2.1 Interviewee Selection ... 30
4. Analysis and Findings ... 32
4.1 Introduction ... 32
4.2 Money Laundering and Financing of Terrorism in practice ... 33
4.3 The impact of Regulations ... 34
4.3.1 Applying regulations ... 35
4.3.2 More regulations or not ... 37
4.4 Risk assessment ... 39
4.4.1 Risk assessment models in practice ... 39
4.5 The effectiveness of a good audit ... 45
4.5.1 Recommendations auditors performance ... 51
4
5.1 Conclusion ... 54
References List ... 57
Appendix 1 Abbreviations/Acronyms... 61
Appendix 2 List of tables and figures ... 61
5
Abstract
Through the years financing of terrorism has increased and has become more popular. The raising of funds by transferring money from one country to another in different ways through illicit activities has brought more risk for business organizations. It raises the question of how these terrorist organizations raise their funds. What threats does the financing of terrorism bring for a legitimate organization? Can the adding of more regulations and audit controls help to reduce the financing of terrorism? It is impressive how funds are transferred
legitimately and illegitimately. The “hawala system”, charities donations, state sponsorships, popular support, theft, drugs and donations from wealthy individuals are among some of the most popular methods for this funding. The exact amount of money collected is unknown but there is an estimate that it amounts to billions every year. Prevention of activities for
financing terrorism, which can have a large impact on the community and is a threat for legitimate business organizations, must be made a high priority. This research investigates the role auditors can play by helping reduce and preventing illicit activities by executing better controls and by understanding these organizations’ perspectives and goals.
Purpose: The purpose of this study is to make auditors aware of the threats that are growing during the years regarding controls on money laundering and financing of terrorism.
Design/methodology/approach: The methodology used in this thesis is a qualitative research. For the purpose of this thesis interviews were conducted with eight auditors from different audit firms. The auditors education vary from partners to assistant auditors and are from the Netherlands and Curaçao.
Findings: The actual role of the auditors are limited in illicit activities, although auditors asserted to have to be better educated on the field of money laundering and financing of terrorism.
6
Introduction
Terrorism has become a topic of concern over the last few years. Nowadays, terrorist attacks occur very frequently, sowing panic among the population; the Islamic State (IS), Al-Qaida, who carried out the attack on the Twin towers in New York and Boko Haram with the capture of 200 women students are among the most popular terrorist movements. Although efforts have been made after 9/11 to reduce and control the financing of terrorism, the funds continue to reach their destination. Financing terrorism requires a lot of money and therefore businesses organizations have become vulnerable targets.Money is the engine that drives acts of terrorism, and it is not surprising that the financing of terrorism has become a matter of serious concern for those responsible for tracing, intercepting and, if possible, preventing acts of terrorism (Raphaeli, 2003).
My motivation for this study is that I think auditors can play an essential role in helping to reduce money laundering and the financing of terrorism. The purpose of this study is to analyze the link between white-collar crime and the audit function so that more directed work can be performed to reduce the financing of these types of activities and enhance control. There has been little research on the impact of, for example, the financing of terrorism through auditing while there are big anxieties about this topic. Becker & Murphy (2001) have argued that terrorism should not have a big effect on economic activity, because it only destroys a small portion of the stock capital. In contrast, empirical estimates of the consequences of terrorism typically suggest large effects on economic outcomes (Abadie & Gardeazabal, 2003). Harvey (1993) found that fewer than 50% of multinational firms surveyed had formal programs to deal with terrorist attacks. According to him, 75% of attacks for raising funds are against businesses all around the world and this figure is rising. Different types of white-collar crimes are affecting business organizations and from the activities which have taken place in the past, it is clear that this number is growing.
There is a substantial variation in how illicit groups gather their funds and then invest these funds for terrorism. It is a combination of legitimate business, culture, religion and criminal activities which makes it difficult to control where these funds come from. Over the past few years there has been a considerable participation of Islamic investors. ‘Islamic terrorism’ has developed a core business in moving money through charities and money service businesses like Western Union and MoneyGram and informal value transfers
7
sometimes termed ‘hawala banking’ (Passas, 2003): money flows easily from one country to another. Technology, too, makes it easier for funds to be transferred immediately from one financial institution to another, all around the world. According to Levy (2010) it is an extremely ambitious task to cut off the financial lifeblood of terrorism. On the other hand, others argue that governments can control the distributed effects of terrorism by auditing industrial networks, in order to reveal and protect critical hubs, and by promoting flexibility in production and distribution of goods and services, to improve resilience in the economy (Steen, Liesch, Knight & Czinkota , 2006).
Considering the technology developments on the world market, it requires confidence for participants to deal on the markets. If there is a fault in operations or something goes wrong on the markets due to criminal elements, it will affect the trust of participants and the world welfare. The consequences for those involved in these activities are that they use funds to invest in legitimate organizations. This is not enough for the criminals: they also use these funds to corrupt legitimate organizations, which brings with it dangers for these organizations. A point of concern is that whether the money which flows is legitimate or not, both use the same financial channels. This is why it is more difficult to detect once it enters the financial sector. In order to detect these activities, it is essential to know the points of enter and exit. Due to the fact that economics takes place on an international floor, it is more difficult to detect when these funds enter and when they exit the organizations. Furthermore, occurrences such as the 9/11 attacks has made it a major concern for senior executives. According to a PricewaterhouseCoopers survey of global CEOs (2004), 36% of respondents mentioned terrorism as one of the biggest threats facing them. Another research compiled by Rand Europe and Janusian Security Risk Management (2004) shows that two-thirds of respondents consider terrorism as a significant threat to their business operations. Beside this, numerous studies were conducted related to terrorism and business operations. For example, Abadie & Gardeazabal (2005) examined the impact of terrorism on foreign direct investment flows; Gori (2004) examined the impact of terrorism on banking and financial services firms; Chopra & Sodhi, (2004); Tang, (2005); Sheffi, (2005), have made suggestions for gaining attacks. This implies that terrorism is not only a political concern but is also of concern for the competitive advantage through mitigating risks and enhancing resilience, despite terrorist economy. It is driven by money generated by the economy of terror. It is estimated to be worth $1.5 trillion per year, and growing (Napoleoni, 2003). This huge amount of money is generated by three different sources: international transactions, criminal activities and terror organizations. The terror organizations also include legal businesses.
8
Money laundering and terrorism has become a global business where people rely on the wages which these activities generate through terrorist attacks or acts. Besides the feeling of uncertainty which arises with terrorism, it also reduces the expected returns on investment. Chen & Siems (2004) concluded that terrorism has a negative impact on the capital market and that policymakers and regulators must share information proactively and in a timely manner in order to improve global communication and cooperation.
After 9/11,concern for terrorism increased and numerous studies have been conducted on the relationship between terrorism and international business dealings. As financial controls on terrorism became a high priority policy issue, it became clear that a wide range of formal and informal fundraising and transfer channels can be used; yet some of them are still neglected and unappreciated (Passas, 2003). Terrorism has become a concern for organizations, it also increases risks in doing business. Such risks affects the operations of multinational enterprises or their value chain partners directly or indirectly, leading to the loss of revenues or business opportunities (Wernick, 2006). The U.S. Department of State (2003) argues that businesses should be more concerned about terror-related risks, since 62% of terrorist attacks between 1999 and 2003 were targeted risks. However, few businesses concern themselves with reducing their risks of terrorist attacks or fraudulent activities. This includes sharing information with policymakers and regulators.
The Money laundering Regulations (1993); also (Bosworth-Davies & Saltmarsh, 1994; Bingham, 1992) require accountants and auditors and other financial advisers to play a central role in the detection and reporting of fraud and money laundering. This legislation expects accountants and auditors to override their commercial concerns and report suspicious transactions and schemes to regulators. In 1993, Britain’s major criminal law enforcement agency, the Serious Fraud Office (SFO), was investigating 57 cases of fraud which alone amounted to some £6 billion (SF0 1994, p. 8). According to McBarnet (1991), it is accountants, among others, who are knowledgeable of the world’s financial systems. It is accountants who are able to create and manipulate the complex transactions which make it difficult to identify and trace the origins and the ultimate destiny of these illicit funds. It is also accountants who, when acting as auditors, are charged with the responsibility of detecting and reporting such activity, but seemingly have difficulty in discharging this obligation (McBarnet, 1991). However, comparatively little research has addressed the antisocial and predatory acts of accountancy firms, their partners and advisers (Tinker & Okcabol, 1991). This shows how important the function of the auditor is in an organization;
9
not only to control - it goes far beyond only controlling - but also to help detect and protect organizations from different risks.
From the evidence mentioned above, the following research question is derived:
How can the audit function help to prevent money laundering and the financing of terrorism in organizations?
To answer my research question some sub-questions will also be answered:
1. What is the actual role of auditors in white-collar crime and how can auditors be of significant help in these activities?
2. To what extend are regulations effectively helping to reduce money laundering and other criminal activities?
3. How far can the auditor help protect legitimate business to be less vulnerable for money laundering and the financing of terrorism?
From the aspects mentioned above there are enough reasons for taking this topic as one of urgency. This paper will investigate the relationship between the audit function and the detecting and preventing of money laundering and the financing of terrorism. This thesis is structured as follows: Chapter 2 will cover the background and the theory about money laundering and financing of terrorism. What the main sources of financing of terrorism are, what are the problems arising for a business organization from this activities and what is expected from the auditor. Chapter 3 will describe the methodology used for the field research. In chapter 4 the findings of the interviews will be presented. Finally, chapter 5 will give the conclusions of the research findings.
10
Chapter 2: Literature review
This chapter will describe in more detail the theory behind money laundering. How financing of terrorism takes place and how these problems are affecting business organizations and what the role of the audit function is. First, the important definitions are described and the financing of terrorism. Then in paragraph 2.2, attention will be paid to the resources of financing of terrorism. Paragraph 2.3 describe the characteristics of Money Laundering. Then paragraph 2.4 gives the link between the auditor and illicit activities. Paragraph 2.5 the risks arising from Money Laundering and Financing of terrorism are mentioned and how controls are executed to control these risks and finally the responsibility and limitation of the auditor. Finally in paragraph 2.7 the sub conclusions are mentioned.
2.1 Describing the Financing of terrorism
Terrorism has existed throughout history (Hoffman, 2006). Since the 1980s, terrorism has become increasingly complex and lethal (Enders & Sandler, 2006). The facts that are making the combating of terrorism so complex are the globalization of e-commerce, religion and the increase in dangerous weapons of mass destruction. Terrorism produces new impediments to cross-national trade and investment, such as national and international governments imposing anti-terrorism policies, regulations, and procedures (Czinkota, Knight, & Liesch, 2004). From early in the 1990’s efforts have been made to combat the financing of terrorism. Particularly by the Financial Aid Task Force (FATF), the Council of Europe, Caribbean FATF and Asia Pacific Group. Despite all the efforts of implementing more regulations and development of anti-money regulations, it seems that results are low ( Winer & Roule, 2002).
In order to function, a terrorist organization needs money: money is the engine behind every terrorist organization. The International Convention for the Suppression of the Financing of Terrorism defines funds for terrorism as meaning: “assets of every kind, whether
tangible or intangible, movable or immovable, however acquired, and legal documents or instruments in any form, including electronic or digital, evidencing title to, or interest in, such
11
assets, including, but not limited to, bank credits, travelers checks, money orders, shares, securities, bonds, drafts, letters of credit” para. 1.
Terrorist attacks can be inexpensive but the organizations need a lot of money for their budgets. If there is no money, these organizations cannot exist. So the question arises: where do they get their funds from? Freeman (2011) assumes that the costs of individual terrorist operations can be relatively low, even for “strategic” level attacks. However, the cost of specific operations may be relatively inexpensive and even more so for low level attacks, but terrorist organizations require much larger budgets to function. The money is needed to train members in their camps, to acquire new members and supply them with food and other resources when they retire. Beside this, the organization has costs to acquire guns, make bombs and other facilities for their attacks. All these expenses require a lot of funds which can add up to millions per year. For example: Al Qaeda’s annual budget was estimated to be $30 million (Freeman 2011).
Terrorist groups have different ways to acquire their funds but each of these methods has its advantages and disadvantages, so there is no perfect way for a terrorist organization to acquire money. According to Freeman (2011) there are six criteria for the financing of terrorism:
1st The quantity of money. For a terrorist organization the more money the source provides in a simple way, the better.
2nd Legitimacy: in order to sustain themselves, terrorist organizations need legitimate sources.
3rd Security: terrorist groups train and recruit members in secure places where they can hide from state security.
4th Reliability: terrorist groups want sources that are predictable and consistent.
5th Control: An important characteristic of money is influence and power. By using different sources of funds, this can influence the control of the terrorist organization in a good or bad way.
6th Simplicity: terrorist organizations want to acquire money in the most simple way without using specialized skills, and with the least effort possible.
These criteria are prioritize by every terrorist organization depending on their needs so they do not lose control on acquiring of funds.
12
2.1.2 Financial Sources of financing terrorism
The sources of funding terrorism are very broad because terrorist organizations would choose to avoid funds through bank channels to avoid attention of the authorities. Sources of financing of terrorism can be divided into a few main categories.
The first category is state sponsorship. There was a lot of state sponsorship of terrorism during the final decade of the Cold War with groups such as the Abu Nidal Organization serving as a terrorist group for hire (Hoffman, 2006). This type of financing has decrease significantly over the last few years (Passas, 2003). One of the most active state sponsorship today is Iran, providing Hezbollah with an estimated $100 million per year and Syria which provides weapons, safe havens, and financial support to Hezbollah (Freeman 2011). For a terrorist group, state sponsorship is an adequate way to get their funds because of the quantity of money they obtain and the simplicity in getting their funds. One disadvantage of state sponsorship for the terrorist organization is that it can be unreliable and the state can use this method to control the terrorist organization. Another disadvantage is that the state can change of member and this can cause the state to decide to stop financing the terrorist organization.
The second category of financing terrorism is through illegal activities. State sponsorship is considered to be unreliable for some groups, so they choose to raise funds through illegal activities. Under illegal activities can be considered kidnapping, smuggling, petty crime and pirating. Also contraband like smuggled alcohol, fuel, and tobacco. Other sources are wholly illicit ‘market offences e.g. drugs and property crimes which have losers like fraud, robbery, and theft (Levy, 2010). The kidnapping of powerful officials or wealthy businessmen and holding them for ransom not only provides publicity for terrorist organizations, but it is also one of their most profitable sources of financing ( Picarelli & Shelley, 2007). Other times terrorist groups just steal cash and valuables to obtain money. Illegal activities have their advantages for a terrorist group: they provide a reliable source of income. According to Picarelli & Shelley (2007) crime provides cash on a rapid and repeatable basis. It can also enhance the legitimacy of the terrorist group. In other words, it puts pressure on the state legitimacy. Beside these advantages, illegal activities can be easily executed and the terrorist group can have more control because it is independent of the state.
13
One disadvantage is that illegal activities are risky. The terrorist group runs the risk of being captured by authorities leading them to lose control over the organization.
The third category for classifying the funds is legal activities. Another option for terrorist groups is that they operate through legal business organization for profit. The advantage the terrorist group gains from this is their security because they are operating totally legally but there are also some disadvantages. Operating legal means that they can draw the attention of authorities because they have to be audited and can be suspicious. Another disadvantage is that for operating legally they must acquire highly skilled members if they want to make profit, and making profit is an important target for a terrorist organization. A disadvantage of legal activities is that it provides lower profits due to the competition they have to compete with this is why it will acquire lower profit than the other methods and are not preferred.
Popular support is the fourth category described in this research of the financing of terrorism. A common method of raising funds is through charities. Islamic groups in particular gives donations which make up a large amount of revenue. Much of the money collected comes from Saudi Arabia and other Gulf states, where there are many wealthy donors sympathetic to these causes. Iraqi insurgents also received some funds from wealthy donors from the Gulf region; some Iraqi insurgent leaders had arrangements with the imams in the mosques where the money is collected (Temple, 2005). Other donations come directly from wealthy members. Popular support, as other types of financing of terrorism, has its advantages. First, it is an easy way to obtain money in a legitimate way and can benefit the organization legitimacy. Second, it is a reliable source that can be used all around the world. The disadvantages are that charities leads to the loss of control. Also the economy plays an important role because if the economy of the country is not good, supporters do not have enough money to support themselves so they cannot donate to charities.
The fifth category in this research is the Hawala system. The Hawala system is one of the most famous channels to transfer money. Hawala also known as the invisible financing of terrorism is one of several Informal Funds Transfer Systems or IFTS sometimes called Alternative Remittance Systems or Informal Value Transfer Systems (Wilson, 2002). This method of transferring money is very old and is faster and reliable. In Afghanistan or Somalia, for instance, “hawala” is the best functioning ‘institution’ which has been used even
14
by aid organizations active there (Passas, 2003). Most of the time it is the transferring of value instead of money to avoid transactions. The advantages of the “hawala” system is that it can reach more destinations and is cheaper than licensed financial institutions.
2.2 Fighting financing of terrorism
Raphaeli (2003) has described why it is difficult to trace financial transactions by terrorist groups despite the efforts made by authorities:
Transactions made by terrorist groups are made through third parties’ numbered accounts, offshore accounts, charitable organizations and disguised fronts.
Transactions made are cash transactions that cannot be supervised by a central bank authority.
Some transactions are made through Islamic banks to avoid inspection.
Some countries invoke banking secrecy, thus illegal activities cannot, or are difficult to, be controlled.
Organizations related with funds for terrorism use multiple alliances.
Having different ways to raise funds makes terrorist groups vulnerable. If terrorists groups want to acquire money in large quantities, legitimately, securely, reliably, simply, and in a way that they can control, then states must reduce the quantity of funds and make their acquisition illegitimate, dangerous, unreliable, distracting, and complicated (Freeman, 2011). Perhaps the most significant reason for the difficulty to control the flow of money from charity to terrorism is the lack of enforcement (Raphaeli, 2003). Several dozen nations have seized terrorist assets, together comprising more than $115 million, according to the US Treasury Department of Treasure. Many more countries, including a number in the Middle East, have declared that despite diligent search, there have been no terrorist funds found (Winer & Roule 2002). International organizations want the state especially from the United States, to come with more regulations and measurements to better control the funds designated for terrorist finance, for example, by including the FAFT, the G-8, UN Security Council Resolution and the European Union. Nations must take more action to inhibit the passage of terrorist finances through domestic financial institutions (Winer & Roule, 2002).
15
2.2.1 The indirect effects of terrorism
Terrorism has direct effects which are the loss of life and destruction of materials like buildings and other materials. These direct effects does not have a big impact on business. However, the indirect effects of terrorism have a huge impact on organizations. According to Barth McCarthy, Phumiwasana, & Yago (2006) the indirect effects are declines in buyer demand, increased International Business transaction costs, interruptions in international supply chains and declines in foreign direct investment (FDI). New government regulations and procedures were developed with the intention to stop emergent threats. Uncertainties have arisen in business organizations due to the indirect effects of terrorism and these uncertainties have brought new uncertainty with it. The consequence of these uncertainties is that it makes even the best securities vulnerable.
Most attacks are directed at civilians, businesses, and business related infrastructure (National Counterterrorism Center [NCC], 2009; US Department of State, 2002). The groups that plan and perform terrorist activities receive financial support from around the world. This financial support makes terrorism a trend. For example, Al-Qaeda's activities are supported by non-governmental Muslim organizations world-wide, making it a truly global network (Cronin, 2003; Witschel, 2004). The US government lists hundreds of organizations worldwide that provide financing and other support for Islamic terrorism (US Department of Treasury, 2009). Doing business internationally has also opened the door for more risks to business organization. Evidence from circumstances, practitioner, and government sources indicates that terrorism is among the top concerns of Multinationals and national governments (Anon, 2008; Berrong, 2009; PricewaterhouseCoopers 2008). Meaning that it has a big impact on the organizations and is a concern for CEOs, managers and other stakeholders. According to Wernick (2006) there have been a lot of surveys done and from these surveys it is obvious that firms have increased security budgets to defend against possible terrorism-related threats. These facts are some of the concerns from business organizations and beside this there appear to be numerous organizations that include terrorism in decision making about choosing international markets, as well as locating and managing foreign operations
The problem of financing terrorism produces new threats on the markets which organizations have to deal with. The cost of doing business is increasing. The stock, bond and commodity markets are a new target and managers have concerns about it. After the terrorist
16
attack of 9/11, countries were forced to create a new era for oversight on the funding of terrorism. In particular the US has respond to this by incorporating particular bodies in this sector, such as the Financial Aid Task Force (FATF).
2.3 Definition and characteristics of Money Laundering
Money laundering and financing of terrorism are closely related. ‘‘The rationale is in both cases the same like other criminals, terrorists cannot operate without financial resources (Gardner, 2007). There is no specific definition for money laundering because every state defines it in their own situation but, it can be use in an legitimate or illegitimate situation. According to Chaikin (1991) legitimate purpose would be to conceal funds from the public, competitors, social, religious, or other institutions, and so on, for such reasons as maintaining confidentiality or privacy, preserving a reputation or competitive advantage, or discouraging charitable solicitations, where no criminal conduct is involved.
Money laundering related to illegitimate purposes includes activities as, drug trafficking, terrorism and white collar crime. The use of internet banking have risen and mostly everything is operated through internet banking. According to Bingham (1992) those terrorist organizations are knowledgeable enough or aided by experts are to transmit “illicit funds through the banking system in such a way as to disguise the origin or ownership of the funds and thus clean or launder the sums involved. This is how the term of money laundering has enter in the financial system. The impact of money laundering is so huge that it can destabilize the world economy, social order, banking and financial markets (Financial Times, 28 February 1997, p. 6).
In 1989 the G-7 has created the Financial Action Task Force (FATF) to implement anti laundering policies. The FATF has described money laundering as a three-stage process: 1. The placement of funds into the financial system;
2. The layering of funds to disguise their origin, perhaps by passing through several offshore and/or onshore jurisdictions.
3. The integration of the funds into the legitimate economy (Levy, 2002).
Chaikin (1991) has describe some of the techniques used for money laundering. The first technique is: Refining. Refining is a process of converting small properties of bill in large
17
properties of bills. The second method is operating a bank account under a false name. Especially banks with low controls can become victims of this technique. Another technique commonly used is casino. In casino’s it is easy for money launders to roulade the money. Anti-Money laundering law describe three main issues why this problem is important to tackle. First, it increase crime by using networks of self-finance and grow. Second, it can have a huge impact on financial institutions. Third, money laundering can legitimate capitals that are illegitimate.
2.4 The link between the auditor and illicit activities
The auditing profession has been changing through the years. Now the focus is more on giving more attestation services beside giving an opinion on the financial statement. This brings a new era of audit which is named the ethics audit. This include more focus on risks arising from unethical behavior in an organization and reporting on management performance. The new era also expect that the auditor gives privacy audits and security assurances on data. Nevertheless on the horizon are audits relating to controls governing anti money laundering policies and anti-terrorism policies generally (Cunningham 2004).
Why is the auditor one of the organs who can help in controlling illicit funds? The auditor is the one who are responsible for testing the controls and to evaluate the systems integrity which at his time via attestation can encourage more effective controls and risk programs. Hansen (2009) argues that accounting and computer forensics are currently the investigators best tools in investigation and detection and is implemented in most white collar investigations the last years. In 1986 the Money Laundering Control Act were implemented. The Act is divided in two section. One of thes sections proposed that all monetary transaction above $10.000 has to be revised. Chaikin (1991) suggested in the results of his research that reporting requirements for cash and suspicious transactions, ex-change control regimes are important tools to combat what is essentially an international problem. The problem of white collar crime is that there isn’t a clear evidence when it happens. Therefor Information systems plays a vital role in enabling such inter-organizational networks and facilitating the multi-disciplinary collaboration that is essential to joint working when fighting financial crime (Wastell, Kawalek, Langmead-Jones & Ormerod, 2004). Ilter (2009) provides four sequential steps to determine the fraud:
18
a. Analyze the data available
b. Developing a fraud hypothesis by analyzing the data obtained c. Revising if it is necessary
d. Confirming it by using empirical evidence.
2.5 Rise in illicit activities, increase of risks
Terrorist acts increase risks in many aspects. Gordon Woo, from Risk Management Solution (2004) has quoted: “Risk assessment models are important policy tools in the war
on terror, because they provide an understanding of, for example, “how terrorists select targets” as well as “the chances...of disrupting a terrorist network”. Passas (2004a)
concludes in his report to the Dutch Ministry of Justice that informal value transfer systems “do not represent a money laundering or crime threat in ways different from conventional banking or other legitimate institutions”. Due to the global financial system and the diverse techniques used for money laundering and funding of terrorism, it has been more difficult to tackle this problem. Advanced communications technologies and the liberalization of trade, investment and finance have increased the spaces in which illicit activity can flourish beyond government control (Akbar, 2004). To take action against these criminal activities, the origin has to be known because once it is in the circuit of the financial system, it becomes very difficult to detect. Therefore, measurement of these flows are important. The question arises how can these flows be controlled?
The globalization of markets has coincided with the globalization of risk (Bouchet, 2004). Firms incur additional billions annually to manage terrorism-induced risk, and to comply with government regulations and procedures intended to stop terrorism (Barnes & Oloruntoba, 2005). However, it has become more and more difficult to control. In some areas of financial services there is a vulnerability for money laundering, for example offshore and trust services. The high increase of globalization, transferring money abroad and internet opens a new risk dimension, more opportunities for fraud, money laundering and financing of terrorism. That is the reason why additional controls must be implemented or regulations are needed, to detect and protect companies against higher risk activities.
Newly developing technologies come with more threats for money laundering and require special attention for these threats. In particular, financial institutions should have policies and
19
procedures in place to address any specific risks associated with non-face-to-face business relationships or transactions. It is difficult and sometimes problematic for some firms to estimate the risk of illegal funds. Given the mysterious organic nature of new terrorist groups, it is very difficult, if not impossible, for international firms to predict targets and estimate risk (Marion & Uhl-Bien, 2003; Wernick & Kundu, 2008). It is even more difficult to estimate the probability of an attack on one or more parts of the organization and its network. For firms that conduct business in countries or regions where attacks are frequent, a risk assessment for conducting different forms of operations is mandatory. Some risks arising from the threats of terrorism are: financial risk, operational risk, business volume risks.
Illicit activities open the gate for direct and also indirect risks. Indirect risks make the business environment vulnerable and as a consequence, more uncertainties arise in the organization. According to Wernick (2006) security is what directly or indirectly affects the operations of the organization and leads to a loss of revenues or business opportunities. For that reason, organizations should be concerned about terror-related risk. The targeting of financial activities or funds is inaccurate, such collateral damage is unnecessary, costly and counter-productive (Passas, 2003).
2.5.1 Risk Management Model
Developments in the business world has risen the focus of auditing on risk management to better handle with complexities arising in a business organization. The concept of “risk” was not new for auditors as evidence of existence of the audit risk models formally developed in the 1970’s (IACPA, 1983). It requires from the management to implement better internal controls to reduce risks arising from different corrupt activities. The Foreign Corrupt Act of 1977 requires that there must be an effective system of internal control to reduce the chance that the financial statement can be misstated. The ACT also requires a severe control over the financial reporting.
Risks are an important part of a business policy. When conducting operations, numerous types of risks exist. The auditor should make risk assessments so that the organization environment is appropriately understood. In the Statements on Auditing Standard 54 [SAS] it requires that within the internal control of the auditor, the following risks assessment procedures are included:
20
a. Inquiries of management and others within the entity b. Analytical procedures
c. Observation and inspection
SAS 54 suggests that the auditor should obtain an understanding of the entity's objectives and strategies, and the related business risks that may result in material misstatement of the financial statements. A crucial step in assessing risk is to assess these risks, by identifying them so that they can be controlled accordingly. According to Lemon, Tatum & Turley (2000) auditors tended to focus their attention on risks that financial reporting were materially misstated rather than on a broader view of risk of the organization. In 1992 was the release of the Internal Control and the Integrated Framework by the Committee of Sponsoring Organization (COSO). The framework requires from auditors to not only focus on accounting errors but to be more sceptic and have a broader view on risks and internal control. The audit profession expects an auditor to use his or her professional skepticism (SAS 54). Professional skepticism is an attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence. An example is the Business risk. Business risk in particular may arise from change or complexity, although a failure to recognize the need for change may also give rise to risk. For example risks in the areas of percentage of completion, pricing, costing, design, and performance control. Effective risk assessment depends on understanding the risks of the entity. In short, understanding the business risks gives more probability to detect errors or fraud.
Internal control is a process effected by those charged with governance, management, and other personnel, designed to provide reasonable assurance about the achievement of the entity's objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations (COSO, 2002). The auditor should obtain an understanding of the five components of internal control sufficient to assess the risk of material misstatement of the financial statements, whether due to error or fraud, and to design the nature, timing, and extent of further audit procedures (COSO, 2002). The COSO framework has 5 elements which are interrelated with internal control. These elements are Control environment, Entity's risk assessment, Information and communication systems, Control activities andMonitoring which are the basic operations for an organization.
21
Figure 1: The COSO internal control. Source: Internal Control Integrated Framework, Committee of Sponsoring Organizations of the Treadway Commission 1992.
The PCAOB (2004) emphasis on evaluating and reporting on the quality of internal control over financial reporting forces both management and auditor to make an in-depth-analysis of what is going on in processes where critical transaction streams reside.
2.6 The audit function responsibility
Internal Auditor
In the paragraphs above, the types of financing of terrorism have been explained and also how these organizations can manage the risks by terror related risks. This paragraph will go in depth into which role the auditor can have in detecting illicit activities.
It has long been suggested that auditing plays a role in reducing the likelihood that fraud occurs in the first place (Mautz & Sharaf 1961). The IIA (2005) encompass that corporate governance have four cornerstone; The external auditor, the audit committee, management, and the internal audit function. Effective internal control over financial reporting provides reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes (Public Company Accounting Oversight Board, 2007). Accounting is the collection, classification and summarization of numbers, to communicated to third parties regarding the financial statement (Wells, 1993). Can the auditor, then, effect controls that can detect or prevent money laundering and funding of terrorism?
22
Accounting decisions include uncertainties and risk. Two important organs in an organization are the executive management and the internal audit function. These two make up the cornerstone of corporate governance which ensures an effective internal control and reliable financial reports (Institute of Internal Auditors [IIA] 2005). (SAS 54) concludes that illegal activities have a direct and material effect on the financial statement of the organization. According to Neebes, Whittington & Ray (1991), the auditor has the same responsibility for detecting illegal activities as to detecting errors and irregularities. That means that the auditor must give a reasonable level of assurance that the financial statement is free from material misstatement resulting from these illegal acts.
External Auditor
Auditors, then, are often the final arbiters of proper accounting policies, which are adopted by the profession in order to improve the fair presentation of assets and earnings and to reduce the incidence of false and misleading financial information (Wells, 1993). The role of the auditor by auditing is to obtain and evaluate through a systematic process of objectively evidence regarding assertions, and communicate the results to interested parties (American Institute of Certified Public Accountants, 1993). In other words, the accountant is there to give a reasonable level of assurance to the financial statement. Effective audits are claimed to enhance not only the detection of fraud but also the deterrence of fraud (e.g., Kranacher 2006; Wells 2004). (SAS 54) describes the auditor’s responsibility in detecting illegal activities. In the context of SAS (54) the term illegal acts is considered to be the violations of laws or governmental regulations. What is the auditors responsibility regarding illegal activities? The SAS (54) states that some illegal activities can have a direct effect on the financial statement others can have an indirect effect. The auditor must be aware that illegal activities can occur, thus to have a questioning mind.
The audit function is divided into three important aspects. First, fair representation, independence and ethical conduct. The auditor can make mistakes by controlling and there is still room for material errors to occur. To prevent and detect internal control irregularities, internal auditors must have a thorough understanding of company operations, processes, and procedures, and they must be able to design and implement tests to determine whether
23
processes and procedures are working as intended (Clark, Gibbs & Schroeder, 1980). Also, the auditor's primary consideration is whether, and how, a specific control prevents, or detects and corrects, material misstatements in relevant assertions related to classes of transactions, account balances, or disclosures, rather than its classification into any particular component (SAS no 109).
This means that transactions of huge amounts are being made. Secondly, there is a substantial amount of transactions taking place which is difficult to control. It is not possible for the auditor to control every transaction and this increases the probability that the auditor overview a deviation. Third, the accountant has a lot of other duties to perform and to control, which makes it ineffective to take too much time controlling all transactions. Coordination should improve an external auditor’s assessment of the risk of misstatements, thus facilitating appropriate allocation of audit resources to evaluation and testing of relevant controls (Hogan & Wilkins 2008; Public Company Accounting Oversight Board [PCAOB], (2007). The value that the internal–external auditor adds by using coordination will enhance the effectiveness and leads to greater detection of material weaknesses and more disclosures.
2.6.1 The auditor as a moderator
In the process of preventing money laundering and financing of terrorism, there are three lines of defense (Bank for international Settlements [BIS], 2014). The first line of defense consists of policies and procedures. These policies must be communicated to personnel and specified so that they are clearly understood. The second line of defense includes the chief officer and human resources/technology. The task in the second line of defense is to monitor irregularities and deviations from the norm(s). The third line of defense includes the internal audit function. The internal audit function is important for a good corporate governance. The duty in this line of defense is to evaluate independently the risks and executed controls of management. The external auditor is seen as the supervisor. The auditor should know (all) policies and procedures so they can be executed effectively. Standards require internal auditors to be independent and objective in performing their works (IIA 2005).
Besides being a monitor, ethics are very important in the profession of the auditor. It is not only important for the auditor but also for the management of the organization. Ethical
24
leadership is defined as the type of actions an executive takes to encourage or discourage an ethical work environment (Brown, Trevino & Harrison 2005). According to Brown et al. (2005), ethical leadership is manipulated in terms of integrity and ethical standards (i.e., high vs. low), treatment of employees (i.e., fair vs. not fair), and holding employees accountable for their ethical conduct e.g. held accountable vs. not held accountable. Furthermore, ethics are relevant for a corporate organization.
2.6.2 Limitations for the audit function
A specific definition for internal control is difficult because internal controls encompass different aspects. According to Cunningham (2004), internal controls are all the processes or mechanisms an organization uses to promote the achievement and reporting of its objectives. Another formal definition of control conform the Generally Accepted Accounting Principles (GAAP) is a: mechanism intended to safeguard assets and assure that transactions are properly authorized and reported to enable preparing fairly represented financial statements. This is the general term and is a basis for accomplishing the questions that are raised in this research. Organizations use internal controls as a mechanism for corporate network. This means that the external activities and internal activities are connected.
Since the 1970s, controls have exploded in numerous directions to include protocols and systems intended to prevent bribery, protect consumers and workers from harm, preserve environmental resources, and combat terrorism (Cunningham, 2004). Accordingly, the auditor cannot give a total level of assurance but a reasonable level of assurance. Attestations provide a reasonable level of assurance. This means that risks cannot be totally eliminated, but the level of risk can be held relatively low. Auditors divide risk into a certain category; the inherent risk, audit or attestation risk, control risk and detection risk. So by controlling money laundering and financing of terrorism there is always a chance that auditors oversee some threats, described as the control risk. Control risk is the likelihood that error could occur and not be prevented or detected by internal controls.
25
Both internal and external auditing standards encourage auditors to coordinate efforts related to an integrated audit (Public Company Accounting Oversight Board, 2007). Methods of coordination include conducting joint risk or planning sessions, performing audits of specific processes or locations, and loaning IAF staff to the external auditor top-down and risk-based approach are recommended (Public Company Accounting Oversight Board, 2007).
In summary there is a lack of modern internal control. Risks cannot be totally eliminated. And according to Cunningham (2004) audits are not only imperfect in detecting all errors or misstatements, they are also not invariably capable of distinguishing between errors and deception. Internal controls are limiting because internal controls are processes and not events (AICPA).
2.6.3 Dutch guidelines on Money Laundering and
Financing of Terrorism
To enhance the audit work quality the Sarbanes-Oxley Act (SOX) was introduced in 2002. SOX has implemented rules which classify each internal control over the financial reporting in categories. According to Cunningham (2004), it defines these as mechanisms intended to safeguard assets and assure that transactions are properly authorized, recorded and reported to enable the preparing of fairly-presented financial statements. The SOX requirements gives an additional contribution by helping financial controls to prevent fraud. SOX requires several separate tests to be conducted into the financial statement, to improve financial controls. Instead of the SOX requirements, there were still some leaks in anti-money laundering efforts, thus the PATRIOT is used to support the fight against money laundering and financing of terrorism. The PATRIOT enforced that financial institution has to share more information from organizations and individuals that are suspicious about contributing in money laundering and the financing of terrorism.
In Europe the first European Money Laundering Directives were implemented in 1991. The purpose of this Act is that financial institutions has the obligation to identify clients and to report unusual transactions. The second European guidelines (2001/97/EG) are more aimed at auditors, lawyers, tax consultants and public accountants. As of 1 January 2013
26
a number of amendments were enforced to the Act on the Prevention of Money Laundering and Financing of Terrorism (WWFT). The WWFT expect that the audit institution do a customer search to prevent money laundering and terrorist financing. With client research are meant:
identification of the client and the verification of Service Identity
obtaining risk-based insight into the ownership and control structure in case of a legal person.
identification and risk-based authentication of the ultimate beneficial owner
determination of purpose and intended nature of the business relationship
authorization of the natural person representing the client
verify the actions of the clients risk-based on behalf of himself or a third party
continuous monitoring of the business relationship and transactions
In 2010 the WWFT were evaluated by the FATF and some amendments were made. Since 1 January 2013 there are specific definitions for clients acting as trustee. The WWFT requires the institution to judge the client on the probability of risk sensitivity for Money Laundering and Financing of Terrorism based on the following criteria:
a. type of customer
b. the type of business relationship, product or transaction c. the country of origin and the social environment of the client.
It is the responsibility of the institution to translate the information required into practice and the commitment of the risks. It is important that the institution can identify the type of clients or transactions that are potential vulnerable for risk of money laundering or financing of terrorism. Accountants will be able to base the risk in the legislation that applies to them regarding the acceptance and continuance of clients and assignments (WWFT, 2013).
When do the institution have to perform a more intense research on the client?
The FATF propose that if and as there is an increased risk of money laundering or terrorist financing due to the nature of the business relationship or transaction or in connection with the State in which client is resident or domiciled or has its seat.
to identify individuals without physical presence.
in providing services to politically exposed persons (PEP’s) 107 or clients with a beneficial owner that is a PEP (WWFT, 2013).
27
If there is an increased risk of money laundering and financing of terrorism, there is an additional client research needed (WWFT, lid 1). The auditor has to investigate on unusual transactions.
In accordance with the recommendations of the FATF in combating terrorism and in anticipation of the fourth European Money Laundering Directive, the financing of terrorism is punishable. Assessing whether if the accounting has to disclose this is a continuing process, it depends on the amount of unusual transactions. It is important to have a constant monitoring on the transaction of the entity and the business relationship.
2.7 Sub Conclusions
This chapter discuss the theory behind money laundering and financing of terrorism. There exist many forms to raise funds for the financing of terrorism; state sponsorship, legal activities, illegal activities, popular support and the ‘’hawala’’ system are amongst the most popular methods. This types of financing of terrorism has the potential to makes legitimate organizations to become illegitimate. (Bosworth-Davies et. al. 1994; Bingham, 1992) requires accountants and auditors and other financial advisers to play a central role in the detection and reporting of fraud and money laundering. (Kranacher 2006; Wells 2004) posited that effective audits are claimed to enhance not only the detection of fraud but also the deterrence of fraud. The rise in more Money laundering and Financing of terrorism leads to an increase in business risks and it leads to more complexities in organizations. Therefore, the management of risk in the organization becomes crucial. To asses risk on an effective way the COSO framework is used. The COSO framework allows that auditors to focus on more than only accounting errors but to be more sceptic.
Although all these preventions there is still an expectation gap between the duties of the auditor and what the community expect from the auditors. Monroe & Woodliff (1993) defined the audit expectation gap as the difference in beliefs between auditors and the public about the duties and responsibilities assumed by auditors and the messages conveyed by audit reports. Auditors cannot guarantee that the controls they test are in fact effective, though they can offer some assurance about that. More importantly, as audit proliferates is a way to test control effectiveness, pressure builds to create controls that can be audited (Cunningham 2004).
28
The focus when applying audit risk to a financial audit is that there exists a probability that an auditor might fail to detect or modify an opinion which is materially misstated. This means that controls are designed in such a way that the auditor can control it the best. Most people enforced the controls of auditors and expect high results. When there is too much expectation of the auditors, an expectation gap arises. This expectation gap is that third parties expect that the auditors to avoid undesirable activities such as fraud, money laundering and illegal activities. The chance that these activities occur in spite of the preventions is that controls are weak. According to Cunningham (2004) one reason for this expansion of the expectations gap is that controls have been transformed from bearing a traditional positive function of meeting corporate objectives in administrative controls toward a more negative function of preventing unwanted social effects in policy/compliance controls. These gaps forced the auditor to have them audited, which in its turn can become ineffective controls. Audits controls can be imperfect with the consequence that errors are not detected or misstatements are overseen. Furthermore, the auditor can fail to distinguish errors and deception. The expectation of the auditor is that he or she may use its skepticism. Meaning that the auditor has to change its behavior and be more critical to evidence.
Many corporations run the possibilities to be exposed at risks due to managers who have incentives to commit fraud or cheat. Inside an organization it is the responsibility of the top to design internal controls so they cannot be overridden, taking into consideration that there are implications for errors which can be made in audits or the auditor could fail to detect some irregularities.
29
3. Methodology
This chapter presents the methodology used to collect data for this research. The purpose of the research is to select auditors from different audit firms and to obtain their subjective and objective information. One of the objectives of the interviews is to get information how the auditors dealt actually with Money Laundering and Financing of Terrorism. The other objective is to see in how far changes can be implemented for better controls on these activities and what are the concerns of auditors.
3.1 Research Method
Research can be quantitate or qualitative. For this research the research strategy “qualitative method” is preferred. For this research interviews has been chosen to acquire more in depth information. Interviews are made to obtain information from other person story. The purpose of this interviews is to obtain more knowledge and overview of what auditors think and what their perceptions are regarding the combating money laundering and the financing of terrorism. For the research question ” How can the audit function help
prevent money laundering and financing of terrorism in organizations” can be answered.
In this specific case, this research will explain the experience of auditors and look at how their experiences can contribute to enhancing better controls on illicit activities.
3.2 Data Collection
The first part of the interview will focus on more general information. The second part of the interview is to concentrate on concrete details of the interviewee’s experiences relating to control efforts done on illicit activities and deviations which could be suspicious in an organization. In the third part, the opinion of the interviewee reflections on the meaning of their experience. The part of opinion is to obtain information for the future and to clarify experiences.
The interviews will be conducted with auditors from different levels of accounting firms. This will range from senior auditors to directors and in the sample there are auditors from Dutch accounting firms and also from Curaçao. The reason why international auditors are also chosen is to see the difference in how far a difference in concern in different countries
30
exist. The interviews will be done in English and Dutch and the questions are derived from the theory studied for this research.
3.2.1 Interviewee Selection
Table 1. List of Interviewee Interviewee Interviewee
Education
Years of audit experience
Organization Duration Country
1. Register
Accountant/ NIVRA
27 years Finance Director at Astellas Pharma
77 minutes Netherlands
2. Register
Accountant/ NIVRA
27 years Controller at VMCA 67 minutes Netherlands
3. Managing
Director/ University of Groningen
28 years Director of Quality AAA Accountants kantoor
45 minutes Curaçao
4. Register
Accountant/ NBA
28 years Owner of Assist Register Accountants 33 minutes Netherlands 5. Partner at KPMG/ Register Account VU
16 years KPMG 45 minutes Netherlands
6. Assistant
accountant/ Master University of Amsterdam
10 months PricewaterhouseCoopers 40 minutes Curaçao
7. Senior
Assistant/ University of the Netherlands Antilles
5 years PricewaterhouseCoopers 45 minutes Curaçao
8. Senior Audit
Manager/Post graduate in EDP/IT auditing
20 years ABN AMRO
Netherlands/ Internal Audit Department
31
The interviews were conducted with auditors of different organizations with a broad experience in the audit field and with assistant auditors. This selection has been made to create a better understanding by comparing the views of auditors with a broad experience and more years of experience with auditors with less years of experience. In total five were selected in the Netherlands and three in the Caribbean. Three of the interviewees are women and the other five are men. From the eight interviews, seven were conducted in Dutch and one in Papiamento (Caribbean language). Six of the interviews were recorded and later transcript. The other two interviews were via Facetime. The interview questions (see Appendix 3) had been send at least three to two days in advance for the interviewees so the interviewee could think about the questions. Almost all participants were able to participate with only one cancellation from one participant. The interviews were taken in approximately four weeks.
Before the interviews were held the interviewee’s list was different but, during the interviews some interviewee’s were so enthusiastic that they referred to other potential candidates that were very relevant for the topic to obtain the information needed.
The expectation was that the interviews should take about 45 minutes, however some of the interviews took much longer. The shortest interview was 33 minutes. The interviewee’s were very fluent and extensive in their answers. The interviews contribute to obtain the opinion of auditors and concerns of the auditors on the field of the auditors performance.
After recording the interviews, they were transcript one day later and analyzed manually. The participants had also handed in their answer written which made the process of reducing bias information more easy.
32
4. Analysis and Findings
This chapter is organized as follows; paragraph 4.1 gives a summary of the interviewees background and study. Then paragraph 4.2 outlines the experience of the auditors in relation with Money Laundering and Financing of terrorism on their work. Paragraph 4.3 gives the analysis on the area of regulations, which is based on SOX and the Dutch Regulations. Then paragraph 4.4 gives the results of risks and the application of the COSO framework. Paragraph 4.5 address the audit function and its relationship with illicit activities and the experiences of the interviewees. Finally 4.6 gives the recommendations that the interviewees has given regarding this topic.
4.1 Introduction
The interviews begins with the collection of the general information of the participants. Their background study, their function in the actual company and their relevant years of experience were asked. Six of the participants have more than 16 years of auditing experience in an audit firm. The other two participants are relative young in the audit function but their opinion on this topic serve to see the differences in generation. During the years several changes has occurred in the audit area, for example more regulations were implemented and the audit function has been changing. Auditors gives more services beside controlling the Financial statement.
Holding these interviews there was an obvious difference in the auditors of the Netherlands and interviewees from Dutch Caribbean. The interviewees in the Netherlands have to face more risks cases and suspicious situations of fraud than the auditors of the Dutch Caribbean.
33
4.2 Money Laundering and Financing of Terrorism in
practice
To start the interaction of information for this research, the interviewee’s were asked if they had a personal experience with illicit activities. Seven of the eight interviewee’s did not have a personal experience with Money Laundering or the financing of Terrorism in their work, but they have experienced situations that were suspicious and came across some cases of fraud. One of the interviewee’s had experience with Money Laundering and Financing of Terrorism in his work. Subsequently they were asked which organizations they think are the most vulnerable, to have a better overview which organizations are at risk to be victims of Money Laundering and Financing of Terrorism. The respondents agree that although seven of them had no experience with Money Laundering during their work, the following organizations are more than averagely vulnerable for these activities.
Table 2. Organizations that are vulnerable for illicit activities 1 Multinationals with a high density of a global and cross border
transactions 2 Banks
3 Trust Companies 4 Private Companies 5 Investment Companies
6 Audit Firm which audit financial institutions 7 Entities with a lot of cash
8 Coffee shops and bars 9 Restaurants
10 Casino’s
11 Companies of Construction and development
12 Small and medium sized non-profit organizations
