Read our response to FinCEN’s review of the Bank Secrecy Act (BSA) Regulations and Guidelines here.
In February, a Swiss court announced charges against Credit Suisse that alleged the bank failed to report transactions by criminal networks involved with human, drugs and arms trafficking, whom Swiss authorities say laundered money through the bank. Sometimes with suitcases full of euro notes.
Some of the alleged laundering took place more than 14 years ago.
Which shows the stakes for anti-money laundering (AML) compliance programs today. An insufficient internal control today (e.g., transaction monitoring) could mean a court case and massive fines years from now.
That’s a major problem for banks and other financial institutions. Annegret Funke, Head of Financial Crime at Featurespace, tells PYMNTS.com that many European banks are still investing too little in their anti-money laundering capabilities. All the while, criminal organizations are finding new digital ways to wash their illicit funds, whether through crypto exchanges, gift card platforms or online art markets.
Annegret says banks should take a holistic, collaborative approach to stopping money laundering and illicit transactions. Not coincidentally, this is how financial institutions can build AML programs that are compliant with evolving regulations.
Banks, credit unions and any financial institutions are required by law to implement their own anti-money laundering compliance programs. Below, Annegret outlines what it means for an anti-money laundering program to actually be compliant with global regulations.
What is an AML compliance program?
An anti-money laundering (AML) compliance program encompasses all of the processes and tools that financial institutions use to protect themselves against money laundering or suspicious financial activity, and to report to the authorities in a timely manner.
The goal of any such program is to illuminate a trail of potentially illicit activity, such as laundering ill-gotten funds back into the legitimate economy or obscuring a trail of transactions used to fund terrorism. Law enforcement officials can use this information to investigate financial crimes such as bribery, fraud or tax evasion — activities that often precede the laundering of money.
Different jurisdictions have their own rules for compliance. The EU has its set of rules, Colombia has its set of rules, the US has its own set, and so on. As such, AML compliance programs must be built with country- and region-specific regulations in mind.
What do you need to do to be AML compliant?
The details of AML compliance differ from jurisdiction to jurisdiction, but in general compliance requires that an organization:
- Implement a system for monitoring and reporting on transactions.
- Perform due diligence to assess the potential risk of each customer.
- Ensure a person or a team in the organization takes on the responsibility of understanding and educating other team members on what it means to be compliant.
Building an AML compliance program & policy
Any AML compliance program must perform certain key activities, and it is up to the organization’s senior management to ensure all aspects of that program are put in place. The four pillars of this program include:
- A process for assessing the risk of each and every customer.
- Internal controls for monitoring, detecting and reporting potential instances of financial crime.
- Ongoing AML training for all employees. Depending on the person’s role, that training could be more thorough.
- Regular, independent audits by third parties to assess the implementation and ongoing function of the three points above.
Anti-money laundering (AML) program and project requirements
An AML compliance program consists of:
- The policies and procedures that facilitate the detection and the reporting of suspicious transactions.
- A designated AML compliance officer.
- Ongoing AML training for employees.
- Independent assessments of the organization’s AML program.
- A method for conducting due diligence on customers to assess their risk and to monitor their transactions.
Again, the details vary a little from jurisdiction to jurisdiction, but the AML program requirements above are universal.
AML controls inside your business
AML controls will depend somewhat on the business, its customers’ risk profiles and any other risks the organization might be exposed to.
That said, certain AML controls are nearly universal for financial institutions wherever they are. Those controls include:
- Risk assessment processes that reveal any customers, services, business partners or even business locations that are especially vulnerable to money laundering.
- Risk-based customer due diligence to flag any vulnerable accounts.
- Requirements, processes and practices for flagging and reporting suspicious transactions.
Having a robust AML KYC program
A Know-Your-Customer (KYC) process is a necessary part of an AML program. It falls under the systems and procedures of due diligence that financial institutions must conduct on customers to evaluate whether an account presents an elevated risk for money laundering.
An AML KYC program typically involves:
- Collecting customer identification information.
- Verifying the sources of those customers’ funds.
- Monitoring customer transactions.
What do anti-money laundering regulations focus on?
Anti-money laundering regulations focus on ensuring that financial institutions’ internal controls, customer risk assessments, and employee training are in place to discourage and prevent money laundering or other financial crimes. This helps ensure criminals cannot conceal the source of funds in any transaction.
At the moment, the industry is seeing a shift in regulators’ focus, which complicates compliance.
In the United States, for example, the AML Act of 2020 put new onus on financial institutions to prevent money laundering and the financing of terrorism. As a result, researchers from Deloitte write, this shifts “the primary focus for AML programs from maintaining technical compliance to a more risk-based, innovative and outcomes-oriented approach to help combat financial crime and safeguard national security.”
This mirrors what Annegret told PYMNTS. The only way to align an AML program with an outcomes-oriented approach is to integrate systems, facilitate cooperation across departments and leverage innovative technologies to stay a step ahead of financial criminals.
Who regulates your AML program?
An AML program is regulated by the organization that has authority over such matters wherever you do business. In the US, for example, that’s the Financial Crimes Enforcement Network (FinCEN).
What are financial institutions required to do?
All financial institutions are required to:
- Perform due diligence on customers to assess whether an account is vulnerable.
- Implement internal controls for monitoring and reporting transactions.
- Task someone with ultimate responsibility for AML compliance and employee education.
- Conduct regular audits of their AML compliance programs.
A comprehensive AML program isn’t optional
A comprehensive AML program keeps your business compliant with regulators, and it puts your organization in a better position to navigate the evolving regulatory environment surrounding money laundering and terrorism financing.
As the Credit Suisse case demonstrates, and the numerous other recent cases, there is no room for slack in AML. Each component of an anti-money laundering program must align with both the spirit and the letter of the law. The penalties for non-compliance are too steep.
Learn more about AML solutions
Financial institutions face a couple of challenges with anti-money laundering compliance today. First is the simple matter of compliance, which a robust AML solution can help with.
The second challenge is more nebulous. As the regulatory environment evolves and regulators’ priorities shift toward outcome-based AML processes, financial institutions must take action now to stay ahead of that curve. This means making strategic decisions about how you monitor transactions or how your fraud and AML teams collaborate.
To learn more about how your business can ensure compliance while remaining a step ahead of financial criminals, contact us today.