The US Office of the Comptroller of the Currency (OCC) has indicated that it will be focusing on the effectiveness of anti-money laundering (AML) systems and controls after including the topic on its list of FY 2019 annual priorities. For OCC-regulated banks, this means exams will concentrate on how up-to-date AML and Bank Secrecy Act (BSA) programs are with evolving threats and new rules.
Reputational Risk On The Rise
Although the current US presidential administration continues to signal that regulatory relief is on the horizon, AML enforcement in the US continues to escalate. A flurry of new cases have hit the headlines since the beginning of the year, and the US remains the jurisdiction that levies the most AML fines globally. Recent enforcement trends include:
- Severe civil monetary penalties now reaching mid-size and small financial institutions
- Jurisdictions imposing mandatory certification programs for compliance personnel
- Compliance violations resulting in civil prosecution and debarment for compliance executives
These trends, combined with the new OCC AML/BSA priority, mean the likelihood that a firm – as well as individual compliance executives – could experience financial and reputational damage as a result of AML program failures has never been higher.
Getting AML/BSA Compliance Right
Specifically, the focus of the new OCC priority on the ongoing identification of risks, as well as the timely and correct implementation of regulatory change, means many AML/BSA teams could need to raise their game. Compliance teams should consider taking the following steps to ensure OCC AML exams result in a clean bill of health for their program:
- Elevate AML information – The board and senior management must be part of the AML program’s oversight. They should regularly receive information on regulatory examination findings, matters requiring attention (MRAs), new regulatory guidance and changes in regulatory requirements. These stakeholders should also receive reports on the AML team’s operational metrics, including key issues such as the adequacy of human resources and technology in the face of new risks and regulatory change. These steps can help to ensure AML programs receive the right level of institutional oversight, support, and funding to keep pace with evolving risks and regulatory developments.
- Undertake independent testing of the AML/BSA program – Testing should be completed by a team of subject matter experts who know all of the regulatory requirements – including any recent or pending changes. The team should also be aware of current guidance/best practices and understand regulator expectations. If an annual AML/BSA audit is conducted internally, the firm should engage an outside organization with subject matter expertise to deliver training to the audit team on new risk and regulatory developments. Failure to stay up-to-date or to make appropriate improvements may subject the organization to both compliance and reputational risk.
- Ensure model validation is robust – Managing models and validating them can require specialized expertise – firms should engage with such expertise externally if it is not present within the AML team. US regulators also expect firms to use technology to support their AML programs. They have started to reprimand banks that don’t use technology appropriately.
- Review human resourcing levels – Regulatory examiners today review the firm’s human resources approach within its AML program. Not only do they look to see if headcount is commensurate with the size and complexity of the firm, but they are also digging deeper to see if the team has the right experience, training, and is being compensated in line with AML discipline averages. Regulators are letting firms know if they do not meet expectations. Unfortunately, there is also an inadequate supply of qualified AML compliance professionals in the market place. Firms who have identified competency gaps should consider filling them through additional training, hiring, or outsourcing.
- Assess technology systems – Monitoring systems and OFAC/sanctions interdiction software must be kept up-to-date and independently validated. Failure to do so will lead to an increased risk of not detecting potentially suspicious activity, as well as conducting business with parties who appear on global sanction lists. Technology systems should be regularly reviewed and benchmarked against the firm’s compliance and business needs.
- Ensure compliance with Customer Due Diligence (CDD) – The CDD Rule, also known as ultimate beneficial ownership, continues to be a challenge. Compliance is a significant undertaking in most jurisdictions as information is not broadly available. Banks that are concerned about their compliance with these relatively new requirements should speak to someone with knowledge of their jurisdictional requirements.
In short, rising compliance and reputational risks mean AML/BSA teams need to be more proactive when it comes to understanding their firm’s overall risk environment and managing regulatory change.
How ACA Can Help
ACA Telavance provides a range of AML and financial crime services that are unique among our peers. As part of ACA Compliance Group, we are positioned to provide extensive advisory and technology solutions to assist financial institutions in addressing their regulatory concerns. Our services include:
- AML compliance program reviews and assessments
- AML risk assessments and mitigation
- Model risk management and validation
- New York DFS Part 504 readiness assessments/gap analysis
- Internal audit and controls assessments
- AML and global sanctions technology implementation and optimization
For More Information
If you are interested in learning more about how ACA helps clients meet their AML and BSA requirements, please contact Aaron Kahler, CAMS, CFE or your ACA Consultant.
About the Author
Aaron Kahler has more than 15 years of experience in financial services. He is an AML regulatory compliance subject matter expert who also specializes in fraud management, fraud investigation/business intelligence, due diligence, and compliance with Office of Foreign Assets Control (OFAC) requirements, the Foreign Account Tax Compliance Act (FATCA), and the Foreign Corrupt Practices Act (FCPA). A Certified Anti-Money Laundering Specialist and Certified Fraud Examiner, Aaron is also a compliance adviser for Hoard Incorporated, an advisory council member for the Association of Certified Fraud Examiners (ACFE), an advisory board member for the International Association of Asset Recovery, a representative expert for the Eurasian Group on Combating Money Laundering and Terrorist Financing (EAG), and a financial fraud columnist for Examiner.com.