By: Jodie Ruby, Director of Marketing
At the ABA Money Laundering Enforcement Conference this week in Washington, D.C., I attended a session entitled “The Next Generation of AML Risk Assessment”, where presenters Erin McAvoy, Principal, Financial Services, Ernst & Young LLP and Pete Richards, Senior Vice President, FIU Analytics Director, Santander Bank N.A., explained that a yearly risk assessment is just not adequate in today’s regulatory environment. According to Ms. McAvoy, “Regulators are now expecting a much more proactive approach for risk assessments.”
Here are some best practices that were shared to support regulator expectations:
Build a strong foundation for AML compliance: Your risk assessment should be the foundation of your AML compliance program. Your policies, procedures and internal controls should all tie back to the risk assessment. Mr. Richards suggests establishing core pillars to create a framework that can be reviewed over time to determine the program’s effectiveness.
Example pillars include:
- Program oversight
- Transaction monitoring
- Sanctions screening
Data is critical: According to the presenters, it’s no longer enough to have a strong risk assessment methodology in place to support your AML program and to demonstrate that you are following it. Regulators now want to know what data you are using to support your risk assessment methodology. They want assurances that the data it is accurate, and they are expecting a greater number of data sources to support the program.
Additional best practices discussed were:
- Involve Lines of Business, Operations and IT to determine the type of data needed to support the
- Ensure data is defined consistently across the organization. For example, different groups could define “customers” in completely different ways, which could impact the success of your program.
- Identify data sources and systems already in use by the bank. Determine what’s working and what isn’t, then decide what data sources and tools are needed to bolster your program.
- Pull data into a central repository. There will be some upfront costs to this, but it will pay dividends in terms of transparency and reporting capabilities.
- Use data visualization tools with scoring functionality and the ability to drill down to the underlying data. These tools allow for faster decision making and trend analysis, as well as access to the data points that are used to create the score.
Establish regular interaction with the BoD: Strong engagement with the board of directors is also a key success factor. Mr. Richards explained that his team updates the board once a month on the status of the program pillars, using a two page summary document that highlights strengths and weaknesses in the program. This process ensures that the board has the appropriate visibility throughout the year and that they can make more proactive decisions if needed to align the program to the bank’s risk profile.
Take a risk-based approach: A strong AML program should be configured based on the level of business customer risk the bank has decided to take on. The risk assessment should not be homogeneous, but rather should be configured based on the risk level of each segment of business customers. Regulators want to see that periodic monitoring of business customers is in place, and that higher risk customers are being monitored more frequently. They also want to see that an alert system is in place for any changes in the portfolio that could impact the bank from an AML perspective, and that the appropriate actions are being taken based on those alerts.
Adjust staffing to improve your program: Mr. Richards explained that a Money Laundering Prevention Officer position was created as a bridge between the Compliance team and the lines of business within the bank. With AML expertise in the line of business functions and a link back to the Compliance function, Line of Business Managers have a dedicated resource who can assess the impact of a particular decision on the
From this session it was clear that access to data and the right tools are keys to a successful risk assessment and AML program. G2’s Solutions for Commercial Banks provide onboarding and ongoing monitoring tools that combine proprietary data from over 11 years of monitoring businesses for fraud, illegal content, changes in business history and more, as well as external data sources such as sanctions lists and reputation databases, to provide deeper visibility into the risk profile of your business customers. With quick and easy-to-interpret risk scoring at onboarding, to ongoing alerts through persistent monitoring and the ability to customize your monitoring frequency, you can take a risk-based approach that aligns to your financial institution’s risk appetite.