AML Compliance Checklist: Tools and Processes for Success
Republished: November 26, 2018, updated to reflect the latest industry news, trends and insights.
How do you measure success in regards to AML (Anti-Money Laundering) compliance? The obvious answer is that you don’t get fined for non-compliance and manage to prevent laundered money from entering into your financial system.
But is it enough to simply meet the minimum requirements? Don’t you want more from your compliance program and implement systems that are resilient, efficient and cost-effective? The good news is that there’s a new era of capabilities that can evolve your current AML compliance processes without creating inter-departmental wars or breaking the bank (pardon the pun).
Before digging deep into specific steps you can take to improve your AML operations, let’s consider the big picture. The reason for AML laws in the first place is to make it harder for criminals to get away with ill-gotten gains. Since most crimes have a financial incentive at their core, hindering proceeds is a powerful method to dampen corruption, tax evasion, theft, fraud and numerous other crimes. That is money that should be spent on more productive things, improving society and individual lives.
That core tenet —AML is a critical component of a fair and functioning society— is at the center of an effective program. AML compliance is not a nice to have, or a necessary evil, it’s a fundamental requirement. Ensure that any decision maker who has impact on your budgets or operations understands and respects the true value of compliance.
As each jurisdiction has specific requirements, this post won’t include prescriptive rules for each jurisdiction; rather, let’s examine best practices that will serve you well, no matter what country you’re doing business in.
Don’t try to wing it. AML compliance is not something you want to improvise. Think policies through carefully, state them clearly and have it written out for all (executives, staff, and regulators) to see. What are your identification policies? What reports are you creating? What is your record retention policy? What regulations are you complying with and how? What are your communications procedures?
Who is the person responsible for the program? Designate one individual to “own” the system and ensure that processes are followed and updated, reports are filed, training is correct and that the system is running smoothly. Consider a senior-level individual who has the power to influence the company on these matters; after all, there’s a lot riding on the success of the program both from a reputational and financial point of view.
Every employee who deals with customers or transactions in any way needs to understand your company’s policies and procedures. They need to understand the legal requirements, techniques used by money launderers, checks they should make, and how to report suspicious activities.
Training isn’t a one-time thing. Look at refresher programs to keep staff vigilant and informed to ensure the program is up-to-date.
It’s easy to become complacent; if everything is running smooth, why change? Unfortunately, by the time you notice a problem it might be too late. Have an independent expert, such as a third-party, or at least someone not associated with the day-to-day compliance operations, review your program on a periodic basis.
What are some activities or situations to watch for? Remember, money laundering is about trying to legitimize illegal funds, so there are patterns that indicate that money might not come from legal means. You are looking for unusual activities, such as:
- Large cash transactions
- Large amount of transactions, which could indicate layering of transactions (splitting up of deposits to fall below reporting thresholds)
- Spikes in activity or amounts
- Transactions connected with cash-heavy businesses, such as gambling
- Transactions connected with jurisdictions that have a history of money laundering
- Transactions connected with individuals or businesses that are potential money launderers
These activities are noticeable in the initial due diligence process or through ongoing monitoring procedures. During onboarding, a baseline for normal activities should become apparent. Whether it’s classifying by account type, source of funds, expected transactions or some other criteria, set up a process to determine when something needs looking at, and how. Whether it’s an internal examination, or an external report to regulators, it’s not enough to note a red flag.
For example, just filing a report to file a report, is not really solving the problem. As compliance lawyer Michael Volkov states, “The government has been complaining that financial institutions are now submitting too many SARs (Suspicious Activity Reports), and that the SARs often fail to contain adequate information to warrant the filing of the notice.” Clear processes to handle events are crucial to successful AML compliance.
The best way to mitigate risk is to detect and manage problematic accounts before they become a risk. Performing a comprehensive identity verification check reduces risk from fraud, risk of breaking compliance rules, and risk from dealing with dirty money. Once a bad customer passes the initial checks, they are past the gate and can start testing your fraud prevention systems.
Fraudsters are becoming more and more sophisticated. Money launderers and terrorists are identifying weak links in your AML/KYC (Anti-Money Laundering/Know Your Customer) processes to help them hide the true source of funds, and their connection to it. By blocking access to those that want to bypass your safeguards in the first place, your prevention systems will be more robust and secure.
This includes an exhaustive AML screening program needs to gather data from diverse government sources, international regulators and law enforcement agencies. These watchlist checks scan for known or suspected entities and individuals who are associated with money laundering, terrorism, financial fraud, arms proliferation, drug trafficking or PEPs (Politically Exposed Persons).
After the initial onboarding process, compliance is not complete. There’s a necessity for monitoring on an ongoing basis. Monitoring refers to the analysis of continual, ongoing activities to ensure activities remain in compliance.
There are various activities to keep track of, such as exceeding thresholds, suspicious activities, change of status, recording of communications, surveillance of employees, watchlists, market trends, new regulations, trade data and various other market and transaction monitoring needs.
For financial institutions (FIs), even after AML/KYC regulations are met when signing up new customers, continued monitoring is critical long after initial sign up. FIs must monitor activity to ensure fraud is not committed, or that money laundering or terrorist financing funds enter their system.
With the rate of technological and regulatory change, determining modern-day risk assessments are not an exact science. Rather, it’s about creating policies and procedures that are dynamic, defendable and adaptable. According to an EY report, AML model risk management and validation “With the vast amounts of information available to decision makers, “gut feel” business decisions are not sufficient to satisfy internal auditors, or examiners. Decisions must be supported with well-documented rationale and evidence, and tracked to evaluate whether assumptions hold true initially and over time.”
Regulators themselves are trending toward a more risk-based approach. As ACAMS points out, “institutions and organizations will be required to become more risk focused in the way they manage their CDD programs. That applies not only to the question as to whether simplified or Enhanced Due Diligence (EDD) should apply, but also to which methods, sources and monitoring approaches are appropriate.”
AML Compliance Technology
Dedicating staff to perform costly, manual compliance process isn’t the best use of resources. Allocating 90 percent of an employee’s time on data collection, entry and organization — when it’s better to use automation — is inefficient and negatively impacts the bottom line.
Technologies that add to, or improve existing processes are gaining the most traction:
- Look for proven technologies; just having potential is not enough (we’re looking at you, Blockchain).
- What is the utility? What pain-point does the solution solve and how quickly will it bring results?
- How easy is it? While compliance technology does involve complex ideas and technology, good solutions are adaptable and can integrate quickly into existing workflows. Having to fundamentally change processes is prone to resistance from staff, customers and regulators.
Automation won’t eliminate the need for human evaluation and judgment, especially in investigations, but by assigning the data and rule processing to computers, automation streamlines the process, reduces regulatory risk and avoids unnecessary charges for people handling repetitive tasks that computers do better.
However, as Trulioo’s VP of Product, Rob Hartley, states:
AML/KYC requirements are continually growing the demands on compliance. AML automation ensures that compliance can perform its due diligence, fraud prevention measures remain strong, and, at the same time, increase capacity, productivity and operational efficiencies.Click to tweet
AML Compliance Updates
Compliance failures can be costly — $13.4 billion in 2014 according to Booz Allen Hamilton. In its report on automation in anti-money laundering (AML) investigations, the consultancy notes that financial firms have been hiring rapidly, some increasing head count in their AML operations by 500 percent over a few years. Clearly AML is ripe for automation — to reduce costs and to develop, retain and disperse consistent information to internal users and regulators.
New York-regulated financial institutions are starting to re-evaluate their approach to anti-money laundering (AML) compliance to meet the new rule adopted by The New York Department of Financial Services (NYDFS), which will require transaction monitoring and filtering. While NYDFS rules apply specifically to New York State, many compliance programs operate at the enterprise level, thus requiring those financial institutions to make changes.
The need for effective AML procedures to limit corruption, terrorist funding and other illegal activities goes without questioning. However, the cost of compliance, both in terms of resources and time, creates a substantial burden on financial industries. Adding electronic ID in the 4.1 AML Directive acknowledges digital identity techniques can be done in a manner that is just as secure as any paper-based technique – a major step forward in AML compliance.
Is your financial institution (FI) set when it comes to operating a successful AML watchlist? Is your watchlist screening efficient, comprehensive, cost-effective and reliable? According to the Financial Crime Survey 2016 done by Operational Risk magazine and BAE systems there is an “increasing development and focus of sanctions regimes introduced by governments around the world to target organized crime and stem the funding of terrorism.”
Existing procedures are not cutting it. Manual processes are time intensive, expensive and prone to errors. To help grow their role and create effective change, compliance needs to embrace the process and tools of change, innovation and technology.
Beneficial ownership laws now extend to all business relationships. Learn how companies can protect themselves with an effective AML (anti-money laundering) and KYC (know your customer) compliance program.
How can a regulated startup manage AML (Anti-Money Laundering), KYC (Know Your Customer), and KYB (Know Your Business) compliance without breaking the bank – or the team?
To help provide clarity, the Financial Conduct Authority in the UK (FCA) published a report New Technologies and Anti-Money Laundering Compliance. The research offers insight about various emerging AML technologies, implementation by regulated firms, and the role of the FCA.
All over the world, anti-money laundering (AML) compliance regimes are undergoing sweeping changes. Currently, in the U.S., AML regimes are experiencing a radical transformation as a result of shifting economic sanctions, new Ultimate Beneficial Owner (UBO) data-reporting demands, and cybercrime.
AML Compliance News
- AML programs continue to vex banks in cost, complexity
- Global AML Regulator Amends Its International Standards for Virtual Assets
- September Regulatory Report: U.S. Interagency Guidance Update
- Canada’s AML overhaul seeks to revamp financial intelligence flows
- New AML/CTF rules for money lenders in Hong Kong
- Recent AML U.S. enforcements complicate personal liability calculus for compliance staff
- Strengthening Your AML Compliance Program
- Navigating the AML Compliance Minefield
- Money Laundering Compliance and Investigations Across EMEA
- Stung by Compliance Costs, Asia Banks urge Watchdogs to Approve more Fintech
- New Frontiers in KYC & AML Compliance Domains for Fintech
- Canada Seeks to Widen AML Compliance Net
- AML Compliance Lessons Learned from US Bancorp and Rabobank Enforcement Actions
- Strengthening Your AML Compliance Program
- EU pushes ‘AML compliance without borders’
- SEC Targets AML as Exam Priority
- AML BSA compliance : Revised CDD rule
- 6 Trends In AML Compliance
- Increasingly, hunting money-launderers is automated
- EU Financial Services Providers face Anti-Money Laundering Compliance costs of $83.5 billion a year
- Expanded Beneficial Ownership Reporting and AML Duties Under the Corporate Transparency Act
- KYC: Maximising the potential of RegTech in meeting your Anti-Money Laundering obligations
- Anti-money laundering – four big factors that contribute to compliance failure
- Artificial intelligence could be the future of banking
- Record-Setting Prosecutions in the Money Transmitting Business: Ways to Avoid Compliance Violations
- Finding the balance between data protection and AML requirements
- Trends in Anti Money Laundering Enforcement and Compliance
- Regtech could save banks £2.7bn on AML compliance
- Compliance execs to raise RegTech spending as geopolitic risks heighten
- Embrace RegTech innovation to transform investor compliance into a competitive advantage