Six steps can take institutions beyond merely good.

What makes for a great anti-money laundering compliance program? This is not a pie-in-the-sky idea. As financial institutions strive to keep up with evolving regulations and a growing number of financial crimes each year, “good enough” is quickly becoming insufficient.

Financial Institutions and COVID-19: The New Normal

Changes to the global economy brought on by the pandemic have caused many companies around the globe—including financial institutions—to alter the ways they work as well as the way they interface with customers and others. Further complicating these changes for financial institutions is their regulatory compliance burden, which has not changed. Financial compliance departments are thus facing a multitude of new challenges:

Shifts in customer behaviors and emerging COVID-19-related threats are triggering a high volume of false-positive transaction-monitoring alerts based on rules meant to identify deviations from expected behavior that may be suspicious. This further strains already stretched compliance teams and amplifies challenges related to the lack of complete and reliable data needed to fully understand expected customer behaviors and risk factors. As a result, pressure continues to build on the compliance controls in place to mitigate risk as traditional, static, rules-based transaction-monitoring systems are unable to adapt to the dynamic risk environment. It is very easy for financial institutions to go into crisis management mode as they attempt to triage the increasing risks and alerts. However, even during a crisis like the current pandemic, it’s important not lose sight of how vital it is to take a holistic approach to enterprise-wide risk management to achieve a sustainable and efficient compliance program in the long term.

Perpetrators of illicit financing are not giving up or going away. According to the Financial Crimes Enforcement Network (FinCEN), the number of suspicious activity reports (SARs) related to money laundering has risen steadily in each of the past five years. In 2019, the number of SARs that depository institutions, money services businesses, casinos and other entities filed was 38% higher than in 2015.

Regulators are holding institutions to evolving higher standards. Sanctions, for example, are an area where requirements frequently change. State, federal and international financial services regulators have high expectations for customer due diligence (CDD) and anti-money laundering/countering the financing of terrorism (AML/CFT) programs. For resource-constrained organizations, staying up to date and meeting these requirements can seem like an impossibly high bar to clear. Fortunately, institutions can enlist expert help to enhance their compliance and take their AML programs from good to great.

The following steps characterize top-performing AML compliance programs:

Strong tone at the top. A culture of compliance in any organization cannot be achieved solely by corporate policies or edicts. Boards and senior management must direct and nurture a compliance culture. Leadership must demonstrate a commitment to compliance infrastructure and an environment where employees are encouraged to raise issues and ask questions. Research has shown that ethical dilemmas lead to noncompliance in situations involving isolated decision-making or in groups with a singular mindset. The best AML compliance programs are found in organizations that have a strong tone at the top, clear understanding of regulatory issues, and a willingness to seek advice from compliance professionals.

Alignment of resources and risks. This is a cornerstone of the standard risk-based approach to AML/CFT efforts worldwide. A good AML compliance program is based on a risk-based approach; a great one directs its compliance investments exactly where they are needed. At the individual institution level, a starting point for determining the risks is a thorough assessment of its business, its compliance infrastructure, and where it might lack controls. Just as an oceangoing ship must prioritize fixing a hull leak, for example, financial institutions must align their resources to where they are most urgently needed. Proper alignment of risks and resources—skills, staff, time and capital—is the foundation that enables an institution to build a great compliance program.

Completeness and consistency in transaction monitoring. An effective CDD program will capture complete data, and increasingly that means including information on beneficial ownership. Institutions can miss suspicious activities, illicit transactions and do business with specially designated nationals if they are missing data they otherwise should capture and monitor. Notably, differences in transaction monitoring systems and practices can occur within the same institution’s branches and departments, and therefore internal consistency is particularly important. Incomplete or partial data leaves open the door to financial crime and regulatory noncompliance. A good compliance program can keep the opening small; a great one keeps the door closed.

Equally important is consistency in investigation and reporting. Having complete data is one thing. What institutions do with that information is another matter entirely. Data flow in a transaction monitoring system and how it triggers further investigation therefore is vital. The ability to effectively monitor transactions, investigate anomalies and consistently file SARs, currency transaction reports (CTRs) and other reports is critical for AML compliance. A good compliance program can do this a majority of the time; a great one can nearly all of the time.

Awareness of related regulatory developments. An emerging area of regulation that makes institutions’ compliance more challenging is data privacy laws. The General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA), for example, impose strict requirements on organizations that handle personal information, with substantial fines for violations. Know-your-customer (KYC) and CDD programs must therefore be aware of such emerging rules and understand how they may impact their AML/CFT compliance efforts.

Continuous training. In a growing and dynamic business such as financial services, one-and-done is not a hallmark of strong compliance programs. “Set it and forget it” is an approach that is doomed to fail—likely sooner rather than later. Institutions must be able to keep their people up to date with changing regulations and trends in financial crimes. Unlike the Financial Action Task Force’s recommendations for combating money laundering, financing terrorism and the proliferation of weapons of mass destruction, no international standards exist for AML/CFT training. As a result, institutions should seek expert guidance on effective training. A combination of on-demand resources and structured learning programs, tailored to an organization’s unique culture, is a valuable way to make certain that all employees are on the same page in ensuring compliance. The best AML compliance programs utilize continuous, consistent training to ensure success.

Testing and validation. Institutions with great AML compliance programs invest in testing and validation to make sure their programs and systems work. Continuing investment is needed as institutions adopt new tools and upgrade technologies. In addition to the benefits of ongoing training with experts in the field of AML/CFT, testing of existing systems delivers peace of mind and can ensure that an institution’s people, processes and technologies are functioning together in an optimal way.

Financial institutions of all sizes can benefit from working with an expert partner to help them improve their compliance and risk management. K2 Intelligence and the Financial Integrity Network (FIN) offer strategic and technical advisory, risk assessment and financial integrity training, technology and other services. To learn more, please contact us.