Creating a first line of defense against AML

Thomson Reuters

In simple terms, any risk assessment around money laundering can be boiled down to three crucial questions: Is a person who they say they are? Can you do business with them? Should you do business with them?

The first two questions are heavily influenced by specific data elements related to sanctions and other criminal lists. The first line of defense against money laundering is to properly analyze and incorporate criminal data from the wide variety of lists available today into a company’s AML process. These range from a sanction list to domestic and local politically exposed persons (PEP) lists. The accuracy and completeness of these lists is critical to ensuring that a company has all of the publicly available data it needs to make informed decisions about flagged individuals.

These lists can, and should, serve as a company’s first way to spot fraudsters. It is, however, often difficult to combine the knowledge from all of these various lists into one comprehensive monitoring system. Technology that can analyze, aggregate, and send alerts on this data will help reduce the time compliance specialists need to spend combing through various lists to find truly relevant data.

The media is another powerful tool that can be leveraged to ensure proper real-time tracking of the names and identities of global criminals. This includes not just traditional TV, online, and print media, but also social media platforms such as Twitter® and Instagram®. These social media sources can help an organization create more timely alerts and risk triggers around adverse news.

If a certain case requires enhanced due diligence, retrieving a comprehensive public record is critical. These public records should not just include the individual’s information and previous felony or misdemeanor convictions, but also people connections, professional networks, and business ownership data.

As different financial institutions have varying risk-tolerance levels, it is important that each company sets thresholds that best fit their business and customer profiles; there is no one-size-fits-all approach. Organizations should carefully review their risk thresholds and alerting processes on a regular basis to ensure that their monitoring evolves as their business and client list evolves. It is critical to ensure that thresholds are not only regularly updated, but also tested, enforced, and memorialized in a way that allows new employees, as well as regulators, to easily view the steps taken to update these processes.