LEGAL
Insights & Trends
As anti-money laundering (AML) programs continue to evolve, regulators are paying greater attention to particular aspects of AML compliance, including governance and execution of model risk management programs, calibration of customer due diligence models, management of sanctions risk, expectations for nonbank service providers, and AML program sustainability. The strategies and tactics that banks and other financial institutions employ in these five areas can have a significant impact on the effectiveness of their AML programs.
By addressing these five areas of increased regulatory scrutiny, financial institutions will be in a better position to improve their AML compliance efforts and anticipate regulators’ principal concerns.
Model risk management has become an integral part of AML program management, and examiners are devoting more attention to AML model risk management concepts, often holding nonbank and diversified financial organizations to the same AML model risk management standards that they expect banks to maintain. Moreover, financial regulators outside the U.S. are also increasing their focus on AML model risk management. For example, the European Union’s Fourth Anti-Money Laundering Directive contains a number of core principles about managing and governing systems and models that financial institutions rely on for AML compliance.
Examiners are also focusing on the enhancement and replacement of AML technology. Many IT vendors are upgrading their AML platforms with new technology and functionality to address the specific products and services that their customers manage. These enhancements and replacements don’t come without risk, so examiners are probing the new information systems to see that they align with regulatory expectations and produce accurate results. In particular, examiners are reviewing the following areas:
One of the most important aspects of model risk management is calibration, the process of adjusting the model to produce results that align with an institution’s risk appetite and adequately identify the specific AML risks present at an institution. While in the past many financial institutions have focused on the calibration of transaction monitoring models, effective calibration of customer due diligence (CDD) models is essential to program success.
Several elements contribute to the success and sustainability of CDD calibration efforts. These include:
Successful financial institutions have focused on the following objectives and actions:
Another critical aspect of compliance is managing the sanctions compliance program.
Effective sanctions risk management requires a foundation of accurate data. Many organizations – through regulatory requirement, internal audit requirement, or model risk management programs – have conducted robust data quality assessments and enhancement initiatives to improve the quality of the data used for sanctions screening.
These assessments should include data from financial institutions’ source systems, from the customer on-boarding systems, throughout the integration process, and onto the screening platform. Successful data quality assessments typically involve a cross-functional working group that includes the business lines, corporate AML, IT, and analytics functions.
Other factors to consider in managing sanctions risk include alert-generation threshold settings, governance of the alert-disposition process, and development of empirical support necessary for changes in threshold settings.
Relationships between banks and nonbank financial institutions (NBFIs) – such as money services businesses, payment companies, and card providers – offer opportunities for both parties, and examiners are paying close attention to the AML risks that might arise from their transactions.
Banks should clearly document their risk appetite as it relates to NBFI relationships, define the infrastructure they require to manage the risks associated with those relationships, and decide how they want to be compensated for those efforts. Banks that have been successful in attracting and sustainably managing NBFI customers have defined a prescriptive risk appetite and tolerance statement that details the type of NBFI relationships they are willing to enter and the assumptions their organizations are willing to take on in banking those NBFI relationships. In addition, the banks thoroughly vetted those appetite and tolerance statements with senior management and the board of directors.
In addition, banks should define the transactions and customer-level data they need to receive from their NBFI customers, and in what format, to monitor their relationships effectively. Some of the most successful relationships between banks and NBFIs are built on very open and transparent communication between the AML officers of both parties.
Conversely, there are some tangible steps NBFIs have taken to further satisfy their banks’ due diligence requirements. Many NBFI’s are enhancing AML risk assessment documentation to further support a clear understanding of the AML risks unique to their organizations, as well as the specific controls deployed to mitigate those risks. Similarly, NBFIs often look to align their AML program to some of the heightened standards to which banks have adhered – such as AML model risk management. In addition, NBFIs continue to be proactive in seeking third-party assurance or audit reports to support the effectives of their technology platforms and AML programs.
To maximize their investment in AML programs, financial institution executives are looking to make the programs sustainable by focusing on aspects of strategy, culture, organization, and change management.
Strategy. AML officers need to have a strong understanding of the future and strategic vision of their organizations – including potential mergers and acquisitions, new products and services, business alliances, and targeted customer segments – in order to mobilize their AML program to meet the demands and challenges of the future. AML officers need to understand both short- and long-term strategies so that aspects of their program – such as AML technology, expertise, and staffing levels – are sufficient to mitigate the potential risks.
Culture. A corporate culture that recognizes and rewards employees for performance that supports AML program objectives can help drive sustainability.
Organization. Strong AML talent and leadership are hard to find and can be even harder to retain. Financial institutions need to establish effective succession, continuity, and knowledge-sharing plans to overcome the loss of key employees.
Change management. AML sustainability also requires organizations to be willing to react and adapt to the ever-growing number of changes in the financial services industry. New financial services technologies, the expanding globalization of the payments industry, and the emergence of entirely new currencies are some of the many changes that are affecting how organizations operationalize AML compliance. The continued advancement of the financial services industry will require AML officers to evaluate and challenge the way they collect and analyze data, employ new technology platforms and investigative techniques, and anticipate advances in AML technology and compliance.
To meet regulatory expectations, financial institutions need to build an organizational culture that fosters continuous improvement of AML practices. Individuals, as well as organizations, who launder money continue to evolve and further enhance the strategies and techniques they use to perpetrate their crimes. For that reason alone, many financial institutions need to improve their efforts to adapt their existing AML programs, strategies, and technologies in order to better detect and prevent these activities.
Compliance with AML regulations is important for financial institutions and the criminal justice system in the United States. Crowe Horwath LLP, one of the largest public accounting, consulting, and technology firms in the country, currently works with more than 1,100 financial services organizations and can assist clients in meeting regulatory expectations. Crowe offers a unique depth of knowledge in virtually all aspects of AML programs and can work with financial institutions of any size to help determine an appropriate AML strategy.