What is AML compliance?
Effective Anti-Money Laundering (AML) programs help ensure illegal funds don’t enter the legitimate financial system. AML compliance is a fundamental requirement for regulated entities, such as banks, financial and money service businesses. Using effective AML policies and procedures, training and technologies helps the organization meet compliance requirements and instills confidence in its operations.
How do you measure success regarding AML compliance? The obvious answer is that you don’t get fined for non-compliance and manage to prevent laundered money from entering into your financial system.
But is it enough to meet the minimum requirements? Don’t you want more from your compliance program and implement resilient, efficient and cost-effective systems? The good news is that there’s a new era of capabilities that can evolve your current AML compliance processes without creating inter-departmental wars or breaking the bank (pardon the pun).
Why is AML compliance important?
Before digging deep into specific steps you can take to improve your AML operations, let’s consider the big picture. The reason for AML regulations in the first place is to make it harder for criminals to get away with ill-gotten gains. Since most crimes have a financial incentive at their core, hindering proceeds is a powerful method to dampen corruption, tax evasion, theft, fraud and numerous other crimes. That is money that should be spent on more productive things, improving society and individual lives.
That core tenet — AML is a critical component of a fair and functioning society — is at the center of an effective program. AML compliance is not a nice to have or a necessary evil; it’s a fundamental requirement. Ensure that any decision-maker who has an impact on your budgets or operations understands and respects the true value of compliance.
As each jurisdiction has specific AML requirements, this post won’t include prescriptive rules for each jurisdiction; rather, let’s examine best practices that will serve you well, no matter what country you’re doing business in.
Don’t try to wing it. AML compliance is not something you want to improvise. Think policies through carefully, state them clearly and have it written out for all (executives, staff and regulators) to see.
- What are your identification policies?
- What reports are you creating?
- What is your record retention policy?
- What regulations are you complying with and how?
- What are your communications procedures?
Who is the person responsible for the program? Designate one individual to “own” the system and ensure that processes are followed and updated, reports are filed, training is correct and that the system is running smoothly. Consider a senior-level individual who has the power to influence the company on these matters; after all, there’s a lot riding on the success of the program both from a reputational and financial point of view.
Every employee who deals with customers or transactions in any way needs to understand your company’s policies and procedures. They need to understand the legal requirements, techniques used by money launderers, checks they should make and how to report suspicious activities.
Training isn’t a one-time thing. Look at refresher programs to keep staff vigilant and informed to ensure the program is up-to-date.
It’s easy to become complacent; if everything is running smooth, why change? Unfortunately, by the time you notice a problem it might be too late. Have an independent expert, such as a third-party, or at least someone not associated with the day-to-day compliance operations, review your program on a periodic basis.
What are some activities or situations to watch for? Remember, money laundering is about trying to legitimize illegal funds, so there are patterns that indicate that money might not come from legal means. You are looking for unusual activities, such as:
- Large cash transactions
- Large amount of transactions, which could indicate layering of transactions (splitting up of deposits to fall below reporting thresholds)
- Spikes in activity or amounts
- Transactions connected with cash-heavy businesses, such as gambling
- Transactions connected with jurisdictions that have a history of money laundering
- Transactions connected with individuals or businesses that are potential money launderers
These activities are noticeable in the initial due diligence process or through ongoing monitoring procedures. During onboarding, a baseline for normal activities should become apparent. Whether it’s classifying by account type, source of funds, expected transactions or some other criteria, set up a process to determine when something needs looking at and how. Whether it’s an internal examination, or an external report to regulators, it’s not enough to note a red flag.
For example, just filing a report to file a report, is not really solving the problem. As compliance lawyer Michael Volkov states, “The government has been complaining that financial institutions are now submitting too many SARs (Suspicious Activity Reports), and that the SARs often fail to contain adequate information to warrant the filing of the notice.” Clear processes to handle events are crucial to successful AML compliance.
The best way to mitigate risk is to detect and manage problematic accounts before they become a risk. Performing a comprehensive identity verification check reduces risk from fraud, risk of breaking compliance rules, and risk from dealing with dirty money. Once a bad customer passes the initial checks, they are past the gate and can start testing your fraud prevention systems.
Fraudsters are becoming more and more sophisticated. Money launderers and terrorists are identifying weak links in your AML/KYC (Anti-Money Laundering/Know Your Customer) processes to help them hide the true source of funds and their connection to it. By blocking access to those who want to bypass your safeguards in the first place, your prevention systems will be more robust and secure.
This includes an exhaustive AML screening program needs to gather data from diverse government sources, international regulators and law enforcement agencies. These watchlist checks scan for known or suspected entities and individuals who are associated with money laundering, terrorism, financial fraud, arms proliferation, drug trafficking or PEPs (Politically Exposed Persons).
After the initial onboarding process, compliance is not complete. There’s a necessity for monitoring on an ongoing basis. Monitoring refers to the analysis of continual, ongoing activities to ensure activities remain in compliance.
There are various activities to keep track of, such as exceeding thresholds, suspicious activities, change of status, recording of communications, surveillance of employees, watchlists, market trends, new regulations, trade data and various other market and transaction monitoring needs.
For financial institutions (FIs), even after AML/KYC regulations are met when signing up new customers, continued monitoring is critical long after initial sign up. FIs must monitor activity to ensure fraud is not committed, or that money laundering or terrorist financing funds enter their system.
Determining modern-day risk assessments is not an exact science. Instead, it’s about creating dynamic, defendable and adaptable policies and procedures.
Regulators themselves are trending toward a more risk-based approach. This approach is about thinking systematically about your business, customers, partners, regulators, and the security and risk environment. It’s the critical systematic thinking and what regulators are looking for, not an occasional lapse or oversight. A solid compliance program is characterized by actively considering the possibilities and taking preventive actions.
Adapting your Customer Due Diligence measures based on the customer’s profile and their risk helps ensure that compliance is robust while not burdening good customers. Initial checks or specific activities might indicate the need for Enhanced Due Diligence or other ongoing due diligence measures is necessary. With flexible approaches and solutions, your compliance efforts can protect the organization and be relatively quick and seamless.
The requirements for AML continue to become stricter. Disclosures such as the Panama, Paradise and Pandora Papers drive awareness of the pervasiveness of money laundering and lawmakers are closing loopholes and demanding higher standards.
For example, under the EU’s 6th Anti-Money Laundering Directive (6AMLD), employees and officials of organizations — and entities working on behalf of those organizations — can now be held criminally liable. And they aren’t stopping there, with a plan to create a Pan-EU AML agency that will strengthen requirements, close loopholes, and create better coordination and communication between various regulatory agencies.
In the U.S., regulations have evolved significantly from the original Bank Secrecy Act to the latest Corporate Transparency Act. One focus is on uncovering beneficial ownership, as complex layers of global shell companies and other legal structures make it difficult to determine who really owns a business.
Besides jurisdictional requirements, there are industry-specific considerations. Often, one law will have multiple regulators, with each regulator determining compliance requirements for its reporting company sector. Some sectors requiring AML compliance include:
Dedicating staff to performing costly, manual compliance processes isn’t the best use of resources. Allocating 90% of an employee’s time on data collection, entry and organization — when it’s better to use automation — is inefficient and negatively impacts the bottom line.
Technologies that add to or improve existing processes are gaining the most traction:
- Look for proven technologies; having potential is not enough
- What is the utility? What pain point does the solution solve and how quickly will it bring results?
- How easy is it? While compliance technology does involve complex ideas and technology, good solutions are adaptable and can integrate quickly into existing workflows. Changing processes is prone to resistance from staff, customers and regulators.
Automation won’t eliminate the need for human evaluation and judgment, especially in investigations. Still, by assigning the data and rule processing to computers, automation streamlines the process, reduces regulatory risk and avoids unnecessary charges for people handling repetitive tasks that computers do better.
However, as Rob Hartley, the VP of Product at Trulioo, states:
AML/KYC requirements are continually growing the demands on compliance. AML automation ensures that compliance can perform its due diligence, fraud prevention measures remain strong, and, at the same time, increase capacity, productivity and operational efficiencies.
Open APIs are another technology already having a substantial impact on AML and KYC compliance. In general, APIs offer a quicker, easier and less costly path to deliver new services that meet consumer demands and expectations of today and tomorrow. The ability to quickly integrate new services offers the opportunity to add in innovative AML tools and other regtech solutions.
Creating a compelling and robust anti-money laundering program requires:
- Devising an effective strategy
- Empowering compliance teams
- Using powerful AML automation technologies
- Keeping on top of regulatory requirements
- Performing continual reviews and audits
Controlling AML compliance costs and risks is possible by using documented policies and intelligent operations for risk assessment and mitigation strategies.
Originally published December 14, 2017, updated to reflect the latest industry news, trends and insights.