The Importance of Data Lineage for AML System

By Vishal Ranjane, Managing Director
Risk and Compliance




Financial organizations have long embraced the advantages that information technology offers, and many are looking forward to larger digitalization initiatives to gain market advantage. Customers appreciate the convenience of digital offerings, while firms enjoy the reduction in operating costs that information technology enables. Of course, in the multifaceted, highly regulated environment in which financial institutions operate, mastering the complexity of this digital future is both rewarding and risky.

In any financial firm’s application landscape, data flows from system to system. In an ideal world, key data gathered at the front end (customer-facing systems) makes it to the back-end systems without hitches. In reality, in the application architecture of almost any financial institution, systems are sometimes imperfectly integrated, often as a result of multiple acquisitions, and data does not always make the journey from system to system without some amount of attrition or change. However, banks and other financial institutions that handle customer data must be able to demonstrate that the information which originates upstream, in customer-facing systems, is the same information found in the bank’s risk and compliance systems downstream. This is where data lineage becomes important.

Data lineage tells the complete story of how data within an organization was produced, consumed, and manipulated by the organization’s applications. It traces the data’s movement through systems.

Once, it was sufficient to demonstrate to regulators that the right policies were in place, that the right procedures were followed, and the right reports were generated and reviewed to protect against threats like fraud and money laundering. Now, financial institutions must be able to demonstrate to regulators that they are using complete and accurate data to monitor for these activities.

Asserting data legitimacy

An organization asserts de facto data legitimacy when it relies on the integrity of its data for key reporting or decision-making activities, such as those involved with risk and compliance solutions. It is imperative that data from upstream systems of record or points of capture arrives in these downstream risk and compliance systems in a manner that does not materially alter or obscure the content received from the system of record or point of capture.

De facto data legitimacy claims is an area of focus for regulatory authorities who require that these claims be documented and proven. The recent Part 504 regulation by the State of New York Department of Financial Services emphasizes the importance of data lineage in an AML context, stating that a covered institution must not only identify all data sources that contain data relevant to its transaction monitoring and watchlist filtering programs, but also must ensure that these programs include the validation of the integrity, accuracy, and quality of the data to ensure that an accurate and complete set of data flows into these programs. In addition, the regulation specifically notes data mapping as a key component of end-to-end pre- and post-implementation testing of transaction monitoring and watchlist filtering programs.

Going back to the firm’s application landscape, upstream data – data entered initially by the customer, for example – may not survive the journey downstream, and facts about the transaction may be lost with each hop from system to system. Can an auditor know if a particular transaction was made with a teller, a wire, or via an ATM, for example? Was a deposit made by check or cash?

Data lineage documentation can be done using a variety of tools ranging from simple to sophisticated. In smaller, less complex systems, simple spreadsheets and diagramming tools may suffice, while large financial institutions may deploy vendor toolsets to automate tedious and error-prone capture and documentation activities.

Data lineage as part of data governance

Establishing the data lineage should, of course, be more than just an exercise in documenting what’s already in place. Performing this level of analysis and uncovering previously unknown silent errors or gaps in the data being used to manage AML risks and generate reports should lead to increased accuracy and confidence in the reports and management information presented to senior management, internal audit and regulators. An additional benefit is getting better insights into customer behavior – a value for any business.

Having a sustainable data lineage initiative is only the start. To be sustainable over the long run, such initiative needs to be part of a larger data governance program that is firm-wide and involves all departments and functions. Data governance efforts are viewed well by regulators, who increasingly put pressure on financial institutions to formally document business processes, data controls, source-to-target mapping, and defend all activities around data management. A Protiviti white paper, “AML and Data Governance: How Well Do You KYD?,” provides more information and may be of relevance to your company.

Benjamin Kelly of Protiviti’s Regulatory Risk and Compliance practice contributed to this content.

Compliance News Roundup: The Clearing House AML Recommendations, CFPB on Alternative Data and More

Protiviti published its March issue of Compliance Insights this week. We sat down with Steven Stachowicz, Managing Director with Protiviti’s Risk and Compliance practice, to discuss some of the highlights. Listen to our podcast below, or click on the “Continue Reading” link to read the interview.


In-Depth Interview, Compliance Insights [transcript] Continue reading

A New and Better AML Regime?

Carol Beaumier

By Carol Beaumier, Executive Vice President and Managing Director
Regulatory Compliance Practice




On February 16, 2017, The Clearing House (a banking association and payments company that is owned by twenty-five of the largest commercial banks) released a report entitled A New Paradigm: Redesigning the U.S. AML/CFT Framework to Protect National Security and Aid Law Enforcement. The report analyzes the current effectiveness of the U.S. anti-money laundering/counter-terrorism financing (AML/CFT) regime, identifies fundamental problems, and proposes a series of reforms to address them. It is the output of two closed-door sessions held in 2016 that were attended by sixty senior former and current officials from law enforcement, national security, bank regulation and domestic policy; leaders of prominent think tanks in the areas of economic policy, development, and national security; consultants and lawyers practicing in the field; fintech CEOs; and the heads of AML/CFT at multiple major financial institutions.

The report concludes, in effect, that the current U.S. AML/CFT Framework is based on an amalgam of sometimes-conflicting requirements and focuses more on process than outcomes, and that combatting money laundering and terrorist financing continues to be hindered by communication barriers between law enforcement and the financial services industry, and among financial institutions themselves.

What the report advocates in two sets of recommendations – those for immediate implementation and those for further study – is a complete overhaul of the existing regulatory and supervisory regime. Specifically, the report identifies seven reforms for immediate action:

  1. AML/CFT supervision should be rationalized by having the Financial Crimes Enforcement Network (FinCEN) reclaim sole supervisory responsibility for large, multinational financial institutions and by requiring the Department of Treasury, through its Office of Terrorism and Financial Intelligence (TFI), and FinCEN to establish a robust and inclusive annual process to establish AML/CFT priorities. The perceived benefits of these actions would be (a) greater focus on outcomes and the development of useful information to law enforcement, as opposed to the process-based approach taken by prudential supervisors, and (b) better alignment between law enforcement objectives and financial institutions’ AML/CFT programs.
  2. Congress should enact legislation, already pending in various forms, that prevents the establishment of anonymous companies and requires the reporting of beneficial owner information at the time of incorporation. Not to be confused with the FinCEN Customer Due Diligence (CDD) requirements that will obligate financial institutions, by May 2018, to collect beneficial ownership on legal entities, this recommendation is intended to require the collection of beneficial ownership at the time of company incorporation and whenever such information changes, and to make this information routinely available to FinCEN, law enforcement and financial institutions. This would shift the burden of gathering beneficial ownership information from the financial services industry to governmental bodies that incorporate these entities and, thus, free up financial services resources and allow them to spend more time on the detection of illicit activity.
  3. The Treasury TFI Office should strongly encourage innovation, and FinCEN should propose a safe harbor rule allowing financial institutions to innovate in a financial intelligence unit (FIU) “sandbox” without fear of examiner sanction. This would apply not only to large, multinational financial institutions that, through their direct collaboration with FinCEN, would presumably be leaders in innovation, but also to other financial institutions, which may have been reluctant to innovate for fear of their prudential regulators not being willing to accept new and different approaches.
  4. Policymakers should de-prioritize the investigation and reporting of activity of limited law enforcement or national security interest. This could be accomplished by raising the SAR reporting thresholds; eliminating SAR filings for insider abuse; and reviewing all existing SAR reporting guidance for relevancy (e.g., why should large financial institutions need to file SARs on cyberattacks when they typically engage in real-time communications with law enforcement when such attacks occur?). As with other recommendations, the impetus here is to free up resources to focus on what is really important.
  5. Policymakers should further facilitate the flow of raw data from financial institutions to law enforcement to assist with the modernization of the current AML/CFT technological paradigm. This would allow FinCEN to use big data analytics to identify illicit activity that cannot be detected by an individual financial institution.
  6. Regulatory or statutory changes should be made to the safe harbor provision in the USA PATRIOT Act (Section 314(b)) to further encourage information sharing among financial institutions, including the potential use of shared utilities to allow for more robust analysis of data. These changes should: (a) make it clear that information sharing extends to financial institutions’ attempts to identify suspicious activity and is not limited to sharing information about potential suspicious activity – e.g., information sharing might apply during the onboarding process when a financial institution may have questions about or find gaps in information provided by a prospective client; (b) broaden the safe harbor to other types of illicit activity beyond money laundering and terrorist financing; and (c) extend the safe harbor to technology companies and other nonfinancial services companies to allow for greater freedom to develop information-sharing platforms.
  7. Policymakers should enhance the legal certainty regarding the use and disclosure of SARs. The perceived benefits of allowing broader sharing of SAR information within a financial institution, including cross-border sharing, would be better transaction monitoring and higher quality SARs that provide more useful information for law enforcement.

Areas identified for additional study include:

  • Exploring the broader use of AML/CFT utilities to promote information sharing, and address barriers that hamper their use
  • Affording greater protection from discovery of SAR supporting materials
  • Balancing and clarifying the responsibilities of the public and private sectors for preventing financial crime
  • Establishing a procedure for “no action” letters whereby financial institutions could query FinCEN to determine how it would react to certain facts and circumstances
  • Providing the financial services industry with clearer standards of what constitutes an effective AML/CFT program
  • Improving coordination among the governmental players with a stake in combating money laundering and terrorist financing, and
  • Modernizing the SAR reporting regime to provide additional guidance on when to file or not file a SAR.

While there are pros and cons to be debated on many of the recommendations, the report, in summary, reveals the long-standing frustration of both the financial services industry and law enforcement with the current regime’s ineffectiveness. Financial institutions, with limited direction from the government, invest huge sums of money and dedicate large teams of people to “find the needle in the haystack” only to find their compliance efforts are often criticized by their regulators, even in the absence of actual wrongdoing. Law enforcement, for its part, tries to manage large volumes of information presented to it in the form of required reports from the financial services industry, much of which not very useful in identifying the real criminals and risks. The solution seems simple: communication and coordination. Effecting that solution will likely prove difficult, especially in the short term with a new administration that has already staked out an aggressive regulatory reform agenda. But, that doesn’t mean it’s not worth trying.

Anticipating the Fifth EU AML Directive: What Financial Institutions Need to Know

matt-taylorBy Matt Taylor, Managing Director
Regulatory Compliance Practice




Money laundering regulations are proving to be as complicated as the shadowy financial transactions they are trying to prevent. A case in point: The Fourth European Union Anti-Money Laundering Directive (4AMLD), approved in 2015 and scheduled to go into effect June 26, 2017, has already been supplanted by 5AMLD — amended text addressing threats that have emerged in the period between the adoption and implementation of 4AMLD.

As it stands, the agreed 4AMLD text and effective date will remain, but financial institutions should anticipate additional regulatory changes from 5AMLD shortly thereafter. We issued a flash report last week, which outlines the proposed changes in 5AMLD and provides recommendations on how financial institutions can prepare for them.

There are five main requirements proposed by the 5AMLD that affect financial institutions:

  1. Virtual currencies. The 5th AMLD adds virtual currencies, anonymous prepaid cards and other digital currencies, such as bitcoin exchanges and wallet services, to the list of activities carrying the risk of terror financing. The 5AMLD better defines “virtual currencies” under EU law, and includes the requirement to adopt this legal definition in AML legislation across all member states. Under the proposed amendment, providers engaged in exchange services between virtual and hard currencies and custodian wallet providers will be required to apply customer due diligence (CDD), similar to what is already required for hard currency transactions.
  1. Identifying prepaid card owners. EU member states will be required to identify the customer in the case of remote payment transactions where the amount paid exceeds EUR50. After 36 months from the date 5AMLD enters into force (a date still to be determined), identification requirements will apply to all remote payment transactions. Certain exemptions may apply for “low-risk” customers where defined risk-mitigating factors are met.
  1. Beneficial ownership registers. Member states must comply with register requirements within 18 months of the 5AMLD implementation date. Registers must be interconnected to the European Central Platform within 18 months of implementation in accordance with the technical specifications and procedures set out in Article 4C of Directive 2009/101/EC. Technical requirements, including access controls and operational challenges, should also be considered and tested in preparation for compliance with 5AMLD requirements.
  1. Enhanced information sharing. 5AMLD requires member states to establish automated data clearinghouses at the national level to aggregate individual account ownership across multiple institutions. Data must be searchable by account holder, beneficial owner, IBAN number, and open and close dates, as applicable. Powers of EU Financial Intelligence Units (FIUs) will be enhanced through 5AMLD, as they will be permitted to request information from any obliged entity and would no longer be limited to identification of a predicate offense or suspicious activity report prior to an information request. The proposed amendments make information more easily accessible and align with international best practices.
  1. High-risk third countries. Member states will be required to apply specific enhanced due diligence (EDD) measures for transactions involving entities on a list of “high-risk third countries” defined by the European Commission. This is intended to reduce regulatory differences between member states, where some EU countries offer less-stringent controls in exchange for higher fees, allowing terrorists to exploit the weaknesses in these measures.

5AMLD has proved to be more controversial than 4AMLD, particularly with prepaid cards and virtual currencies being more tightly regulated and uncertainty regarding the implementation of centralized registers. Nevertheless, there is an ambitious timeframe for its adoption. With 4AMLD expected to become effective June 26, 2017 it is reasonable to assume that 5AMLD will become effective shortly thereafter, if not concurrently, and obliged entities should be ready to implement the proposed 5AMLD requirements.

Download the flash report for additional details and recommendations.

Doubling Down on AML: Higher Stakes for Casino Compliance

steve-wangBy Steve Wang, Managing Director
Internal Audit and Financial Advisory




Despite recent improvements in the gaming industry’s efforts to combat money laundering, enforcement actions by U.S. and foreign regulators have put casino operators on notice that their anti-money laundering (AML) programs and related internal controls are being subjected to greater scrutiny.

Consequences have escalated, and compliance officers face personal liability for AML violations on their watch, as a result of a court ruling that the Bank Secrecy Act (BSA) allows owners, officers, directors and employees to be held accountable, along with the organization.

Pillars of an Effective AML Program

Pillars of an Effective AML Program

Over the past two years, the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) has levied seven fines, for a total of $110 million — more than double the volume, and almost ten times the dollar value, of all AML fines against casinos in the previous 11 years. Future penalties may also be on the rise. The Federal Civil Penalties Inflation Adjustment Improvements Act, effective last August, requires agencies, including FinCEN, to make “catch-up” adjustments to the fines, as well as annual inflation adjustments. Many civil penalties haven’t been adjusted in decades, which means that penalties could rise substantially. And FinCEN isn’t the only federal agency levying fines. The U.S. Treasury and the Department of Justice have also fined casinos.

Casinos have long been the focus of government scrutiny because of the large amounts of cash they handle, which make them particularly vulnerable to money laundering and terrorist financing risks. But not all news is bad. A research report from the American Gaming Association suggests that the gaming industry has taken significant steps to comply with AML and counter-terrorism financing (CTF) requirements. In its December 2016 Mutual Evaluation Report, the international Financial Action Task Force (FATF) commented favorably on the increased number of quality SAR filings by casinos — 50,941 in 2015, versus 21,308 in 2012.

Nevertheless, the increased emphasis on disclosure runs counter to an established industry practice of protecting the privacy of high rollers, and so casino operators and their compliance staff may feel uncertain about the best way to reconcile their disclosure obligations with business objectives.

Protiviti recommends that casino compliance officers take actions to mitigate the compliance risk, such as:

  • Share risk assessments with the proper stakeholders – Effective AML programs should take a risk-based approach, which starts with conducting a risk assessment at the property level. Assessments should be reported to executive leadership, and used to customize compliance programs with a particular focus on customer due diligence (CDD) and transaction monitoring.
  • Develop and share CDD standards with employees – CDD programs must evolve and take a risk-based approach to gaining a better understanding of patron relationships and identifying those that may pose a threat. Additional security should be assigned to those higher-risk customers to verify sources of wealth, known associates, game play, and screening against government sanctions lists. Enhanced due diligence policies should be in writing and align with heightened regulatory expectations and industry best practices.
  • Request additional resources – Higher stakes and expanding regulatory requirements mean more people, dollars and systems will have to be dedicated to AML compliance. It is essential that compliance officers request sufficient funding support from executive leadership. Given the recent focus on individual liability, it’s in their best interests.
  • Share information with other casinos – Threat information can be exchanged legally under the safe harbor provision of the U.S. PATRIOT Act, Section 314(b); however, casinos were generally not aware that they are covered under the provision. Casinos are also allowed to share SARs with other casinos under the same parent company located in the U.S. Both of these rules make compliance easier, and casinos should update their sharing policies and procedures to reflect that.
  • Stay current in AML training – Management should revisit AML training modules for different job roles, both for casino operators and compliance personnel. Operators should be taught to recognize red flags, such as large transactions with minimal gaming activity and cash transactions that appear to be structured to stay under the $10,000 federal transaction reporting standards.

The recent Protiviti flash report, Higher Stakes for Casino AML Compliance, offers a wealth of additional information on the topic. You can download it here.

‘Tis the Season to Get Serious About Part 504

Carol Beaumier

By Carol Beaumier, Executive Vice-President and Managing Director
Regulatory Compliance Practice



There is nothing unusual with a U.S. bank regulator issuing a consent order (CO) to a foreign banking organization for deficiencies in the organization’s anti-money laundering (AML) compliance program. However, a December 2016 New York Department of Financial Services (DFS) consent order with an European bank and its New York Branch warrants a second look.

The financial institution in question is, according to the DFS, a repeat offender that has been subject to various AML-related enforcement actions since 2007, and, as a result, the CO was accompanied by a fine of $235 million. Cited deficiencies include:

  • Deficient transaction monitoring that failed, among other things, to consider shell company activity
  • Alert clearing practices that deviated from written policies and procedures
  • Undetected logic flaws/gaps in the transaction monitoring system
  • Non-transparent payment processing in which key details were omitted from payment instructions
  • Breakdowns in audit and management oversight

It’s not the serious deficiencies that make this CO unusual, though. What is noteworthy is that the CO provides a platform for the DFS to justify and reinforce its commitment to its newly enacted Part 504, Transaction Monitoring and Filtering Program Requirements and Certifications. In the Introduction to the CO, the DFS focuses on The Culture of Compliance in the Age of Risk and Transaction Monitoring – An Essential Compliance Tool – basic tenets of Part 504 – and, in fact, closes out the Introduction with language reminiscent of its introduction of Part 504:

“In both past investigations and routine examinations, the Department has identified significant shortcoming in transaction monitoring and filtering programs of a number of major financial institutions. The Department found that such deficiencies generally were attributable to a lack of robust governance, oversight, and accountability at senior levels. These findings have resulted in a number of enforcement actions, and have led the Department to issue a new regulation (effective January 1, 2017) governing transaction monitoring and filtering systems. Among other things, the regulation creates an obligation for a covered institution’s chief compliance officer (or functional equivalent) to certify compliance with this regulation, thereby encouraging institutions to proactively ensure compliance with existing federal and state anti-money laundering and sanctions requirements. The Department views effective transaction monitoring systems as an essential tool in the battle against illicit transactions and terrorist financing in this age of risk.”

New York-regulated financial institutions that haven’t developed and launched their Part 504 compliance initiatives should enjoy the holidays. Next year may be a very busy year.

For additional information on Part 504, see the Protiviti flash report, New York Department of Financial Services’ Final Transaction Monitoring and Filtering Program Regulation.

The Intersection of Bribery, Kleptocracy and Money Laundering

International Anti-Corruption Day is this Friday, December 9.


scott-moritzBy Scott Moritz, Managing Director
Protiviti Forensic




At last week’s ACI FCPA Conference, Paul Abbate, Assistant Director in charge of the FBI’s Washington, DC field office, delivered a keynote address describing the mission of the FBI’s International Corruption Squads. Their mission includes the investigation of international corruption in violation of the Foreign Corrupt Practices Act (FCPA); acts of kleptocracy, in which heads of state steal large sums of money from their country; and money laundering, in which financial transactions are undertaken either in the furtherance of criminal activity – such as the payment of bribes – or to conceal the true origins of money obtained illegally. There is an elegance to the FBI’s international corruption squads’ mission, in that corruption, kleptocracy and money laundering intersect frequently, and the tracing of illicit money will often be the key to proving bribery and kleptocracy cases.

Before we get into how bribery, corruption and money laundering are interrelated, it helps to clarify what each of those terms means.

  • Bribery is the offering or giving of something of value in order to induce the recipient to abuse his or her position in some way for the benefit of the bribe payer or the person or entity on whose behalf the bribe is being offered or paid.
  • Corruption is the abuse of one’s official position for personal gain. Most often, corruption is the act of receiving a bribe.
  • Kleptocracy is corruption on the grandest scale possible. It is when a head of state or someone acting on that person’s behalf steals large sums of money from their country’s treasury for their own personal gain.
  • Money laundering is undertaking financial transactions with either the proceeds of unlawful activity or in an effort to conceal the origins of ill-gotten money. There are three stages of money laundering: placement, layering and integration. Placement is the introduction of money earned through criminal activity into the financial system. Layering, typically, is a series of transactions undertaken solely for the purpose of obscuring the origins of the illicit money. Integration is the point at which the layering has had the effect of making the illicit money seem as if it was obtained through legitimate means.

Of the four crimes above, the one that is discussed and enforced most often, through FCPA action, is bribery. We have discussed it here, here, and here. However, the FCPA only criminalizes the supply side of bribery, i.e., when companies offer or pay bribes to foreign officials in exchange for an unfair business advantage. What’s interesting is that in recent months the FBI has begun to give voice to the less-understood “demand” side of bribery – corruption and kleptocracy – an aspect that has traditionally been left to the home countries from where corrupt officials operate.

Specifically, the FBI and the Department of Justice’s (DOJ) Asset Forfeiture and Money Laundering Section have been focusing on kleptocracy through the Kleptocracy Asset Recovery Initiative. Most notably, in July of this year (2016), the DOJ initiated the largest ever kleptocracy-related asset forfeiture action, in which allegations of the looting of billions of dollars from Malaysia’s sovereign wealth fund led to the seizing of $1 billion of assets in the U.S., the UK and Switzerland. The seized assets included luxury hotels in New York City and Beverly Hills, penthouse apartments, a private jet, and an ownership interest in the production company that produced the movie “The Wolf of Wall Street.”

The 1MDB kleptocracy civil asset forfeiture action was brought under the civil money-laundering statute in that the assets were involved in or represented the proceeds of money misappropriated from Malaysia’s sovereign wealth fund. While this is the largest civil forfeiture action to date brought under the Kleptocracy Asset Recovery Initiative, the nexus between corruption, kleptocracy and money laundering is nothing new. In fact, the whole concept of “politically exposed persons,” or PEPs, and their designation as high-risk banking customers, came about as a result of multiple scandals in which heads of state looted their government treasuries and then laundered the money through the traditional banking system. Ferdinand Marcos, Baby Doc Duvalier, Raul Salinas, Suharto, Manuel Noriega, Saddam Hussein – the list seems endless. These corrupt leaders, who famously looted the treasuries of their countries, also set the tone for corruption across their governments. In many instances, their corruption doesn’t just set the tone, but is sanctioned by them, and the bulk of the proceeds of the corrupt payments received benefit the corrupt presidents and their families.

Perhaps no case better illustrates the government’s rationale behind combining its FCPA investigative efforts with the DOJ’s ongoing anti-kleptocracy initiative than the VimpelCom case. In February this year, Dutch telecom company VimpelCom settled a DOJ and SEC investigation by agreeing to pay a combined $795 million to U.S. and Dutch authorities in connection with $114 million in bribes paid to a relative of an Uzbek government official in order for the company to enter and remain in the Uzbek telecommunications market. While the government official in this case is unnamed, the money is traced to Uzbek president Islam Karimov’s eldest daughter, Gulnara Karimova. Karimova, who at the time held control over the country’s telecom assets and the issuance of mobile phone system operating licenses, has been under house arrest for the past two years in connection with corruption allegations that she pocketed more than a $1 billion in bribe payments, including shares in the telecom companies she licensed. In addition to securing the guilty plea and deferred prosecution agreement with VimpelCom and its Uzbek subsidiary, the DOJ has filed civil actions against multiple offshore bank accounts that are alleged to belong to the unnamed Uzbek official and hold a total of $850 million. This was the largest civil forfeiture action in the history of the DOJ’s kleptocracy initiative before the 1MDB suit was filed in July.

The recent integrated approach by the FBI to FCPA, kleptocracy and money-laundering enforcement should be viewed as more than a source of shocking stories about fabulous riches obtained by power-hungry autocratic rulers in far-away countries. It should serve as an important reminder to compliance professionals and corporate executives that greed is a byproduct of human nature, enabled by the right conditions of opportunity, lack of ethics and lack of oversight. Compliance, therefore, should be more than a list of “must do” checkboxes – it should be about the moral obligation of the organization, and each individual within it, to operate ethically and to consider any unethical action holistically, from all sides and all possible consequences, in order to prevent, deter and set a tone against corruption and not contribute to the human suffering that corruption and kleptocracy cause.