Anti-money laundering compliance is a very difficult task. The number of risks is exponential. AML compliance officers have an innovative and rich history of compliance techniques and strategies.
In the end, AML compliance depends on: accurate and comprehensive risk assessments; pre-screening of customers through appropriate KYC programs; and audit and monitoring of transaction and customer activity.
Despite the commitment and dedication of AML compliance professionals, financial institutions continue to suffer from enforcement actions, compliance failures and weak internal controls.
In my view, AML programs do not get sufficient support and exposure from top-level management. A compliance failure usually can be traced back to the lack of tone and commitment to ethics. This basic deficiency results in blatant, systemic problems that plague AML programs: poor or outdated technology; weak controls that can be overridden by business needs; and commitment to revenue at all costs.
AML compliance programs consist of multiple elements, any one of which is critical to the overall effectiveness of the program. Five of the most common AML program deficiencies are:
AML compliance officer and lack of resources: In many financial institutions, AML chief compliance officers suffer from lack of stature and resources. AML compliance officers often have to string together resource requests, tie them to specific new business opportunities and argue for elevated authority and independence in the organization. All too often, AML officers are a background voice in a business operation, usually relegated to a lower level of importance and sometimes even ignored.
Business ownership of compliance function: AML compliance depends on business employees exercising responsibility for compliance functions. A compliance program, in the end, is only as good as marketing and client/account representatives are made aware of their compliance obligations.
AML compliance officers often urge business employees to assist and exercise caution when dealing with high-risk account holders and transactions. Against this influence, a financial institution without any culture of compliance will readily ignore these risks in favor of more business from high-risk candidates.
Risk Sensitivity and Documentation: Financial institutions do not allocate enough resources, time and technology to support adequate risk management. Financial institutions have become adept in the last ten to fifteen years in papering AML compliance programs, risk assessments, and KYC due diligence. Unfortunately, financial institutions need to dedicate much greater effort to measurement and management of risks, starting with an enterprise risk assessment, a real system for customer risk assessments, and an OFAC/sanctions risk assessment.
Even assuming such risk assessment mechanisms are put in place and followed, this information has to be incorporated into transaction monitoring standards, customer acceptance rules and guidelines and monitoring/audit programs.
Poor SAR procedures and standards: Financial institutions are often proud of their SAR procedures and filing protocols. The government regulators do not share such a positive view. In fact, the government has been complaining that financial institutions are now submitting too many SARS, and that the SARs often fail to contain adequate information to warrant the filing of the notice.
Financial institutions need to ensure that the board and senior management are apprised of SARs filings, reviewing, monitoring and oversight of the program. A top-to-bottom oversight program for the SARs program is a required practice to ensure effective operation of the SARs program.
Over-reliance on software technology: AML compliance cannot be reduced to mechanization. Technology and software programs are essential to identify potential suspicious transactions in the haystack of transactions. But there are more important elements to an effective AML compliance program than just using technology to spit out potentially suspicious transactions. A software program is one of many tools, along with auditing and monitoring programs that can be used to supplement day-to-day software screening of transactions.