AML Compliance in Challenging Times
February 16, 2009
Today, many compliance officers charged with safe-guarding their financial institutions against money laundering and terrorist financing report in private meetings and at industry conferences that they are facing severe budget and headcount challenges. They worry that it may undermine their effectiveness. Stretching scarce compliance dollars and achieving more with fewer resources is an enormous challenge.
On Dec. 2, in an open letter to the CEOs of firms registered with the Securities and Exchange Commission, Lori Richards, director of the agency's office of compliance, inspections and examinations, noted that the "compliance function is critical to assure that your operations comply with the law and rules for industry participation and to ensure that the interests of your customers, clients and shareholders are protected. ... Providing adequate resources to compliance programs and functions and ensuring that CCOs and compliance personnel are integrated into the activities of the firm are essential to that process."
While that is not easily accomplished in the current environment, there are several practices that can be undertaken to enhance a firm's compliance effectiveness, regardless of size, customer base, products and geography.
1. Scenario enhancements. The transaction monitoring systems used by financial institutions to detect potentially suspicious activities rely upon scenarios that look for patterns of behavior inconsistent with expected customer profiles. Unless well designed, these scenarios can produce more false positives than alerts for truly suspicious conduct. Investigating and disposing of the false alerts takes time and resources. By applying advanced, econometric-styled analysis to the existing scenario set, our experience has shown that the population of false positives can be reduced. That allows for fewer cases that need to be investigated manually and creates a possible opportunity for staff consolidation and/or redeployment.
2. Financial intelligence units. Private-sector financial intelligence units (FIUs), when fully operational, serve as information nerve centers into which alerts for potentially suspicious behavior can be collated, prioritized, analyzed and disposed of centrally and consistently. These FIUs can be a critical component of a robust compliance program, especially for global financial institutions. Most FIUs, however, remain siloed in the anti-money-laundering (AML) unit, operating in a limited sphere of compliance. This need not be the case. FIUs can be expanded to encompass fraud detection, trade-finance compliance, privacy protections, and monitoring of economic and trade sanctions (ETS). Through expansion of the mandate of the FIU, financial institutions can gain a more holistic view of the risks they face while at the same time creating opportunities for budget and staffing efficiencies.
3. Risk assessments. The effectiveness of a compliance program often rests on the accuracy of its risk assessment. Compliance can more effectively allocate its finite technological and human resources once the risks in the customer base are identified and prioritized. Regulatory guidance, law enforcement advisories, the company's own historical events and the insight of business-line personnel can all drive the identification of the risks. Unless this is done comprehensively, correctly and updated on an ongoing basis--especially if there has been a merger or acquisition-the compliance function can be a house cards. Thereafter, the enhancement of training, management of information systems reporting, testing and enhanced due-diligence procedures designed to identify and manage high-risk situations can be refined to allow a firm to recognize better where to place its resources so they can be more effective.
