Banks' anti-money laundering programs could be risks in themselves, according to a report by Ernst & Young. Steve Beattie, coauthor of the report and a principal with E&Y's business risk services practice, says there is a lack of consistency when it comes to the ways banks implement their AML plans. "Implementing a consistent AML program across the enterprise is a challenging endeavor," he explains.
According to Beattie, regulators' main issues with AML plans tend to be very fundamental in nature -- training, customer identification programs, design, execution, Office of Foreign Asset Control (OFAC) (OFAC) checks and not using enabling technology enough. Financial institutions are aware of what needs to be done, he adds, but the trick is making sure consistent policies are implemented across the entire organization.
"You may have a nicely articulated program on paper, but how do you know it's being consistently applied globally across the enterprise? Money launderers always look for the weak point in the chain," Beattie says. "That's why you need consistency of policies across the organization." Not properly doing so can lead to regulatory risk, reputational risk and a significant amount of spend, he contends.
At the most basic level, according to Beattie, banks must meet the four pillars of AML regulations: a designated AML compliance officer; a system of internal policies, procedures and controls; an ongoing employee training program; and independent testing of the program. Ideally, an AML program starts with the right tone at the top, he adds, and takes into account the perspectives of the appropriate risk professionals.
"If a program is built in a vacuum, it may lack in areas," Beattie says. "So it's necessary to bring in areas -- compliance, internal audit, technology executives, risk managers and business managers. And it must be endorsed by executive management. This brings accountability." Banks also need to properly measure the ongoing effectiveness of their AML programs, Beattie continues.
The final component of an effective AML program, adds Beattie, is the technology. "Large organizations cannot accomplish all of the requirements for monitoring transactions and managing case loads without the use of technology," he says. "Technology is about more than efficiency -- it may in fact identify more potential issues requiring investigation."
While technology can assist a bank's AML efforts substantially, "There's no one-size-fits-all solution," Beattie notes. "They range from transaction monitoring solutions to pattern recognition and rules-based technology, even to artificial intelligence." The challenge, he adds, is integrating data silos. "Having this distributed information may hinder the ability of banks to aggregate their risk monitoring," Beattie says.
And things will only become more complicated as banks expand into new markets, Beattie points out. "It is necessary to ensure solutions are able to operate under different regulatory regimes," he says. To help alleviate this added rigor, future AML strategies will need to look at creating more-integrated solutions and enhanced aggregation of compliance activities, Beattie suggests.
"We're going to continue to see technology moving toward multidimensional risk indicators rather than looking at information within silos," Beattie says. "Open architectures will help banks react more quickly when adjusting profiles and staying a step ahead of money launderers."