By: Jodie Ruby, Director of Marketing
At last month’s American Banker’s Association Money Laundering Enforcement Conference in Washington, DC, I attended a session where a representative from the OCC discussed the most common gaps in financial institutions’ BSA/AML programs that led to violations from audits conducted this year. Here is a recap of these gaps and how they should be addressed:
- Weak internal controls: Internal controls should be designed to help financial institutions comply with regulations, and should be enforced by the Board of Directors and the management team. These controls should also evolve over time to respond to changes in the regulatory environment, industry practices and legislation. Controls should use multiple data sources with verified outputs to ensure accuracy.
- Inadequate risk assessments: Financial institutions need to evaluate risk level of the markets and types of customers they serve and ensure that they have the right tools and controls in place to manage them. Banks also need to support their risk assessments with meaningful, high quality data that can be demonstrated to regulators. Risk assessments should combine the risks from the product, business, customer and geographic perspectives to create an aligned and informative final product.
- Insufficient customer risk rating processes: The presenter emphasized the need for clearly documented procedures for customer risk rating, including triggers that explain when customers will be re-examined to ensure that their risk rating is appropriately reflected in the financial institution’s system. This is particularly important when dealing with high-risk business customers so that there is visibility across the financial institution, and drives the level of ongoing monitoring that these customers are subject to.
- Lack of staff to manage alerts: Some of the financial institutions that have come under scrutiny have not had the appropriate number of personnel, or personnel with the right skills to manage alerts in the appropriate manner. Implementing the right systems can help to alleviate the burden on organizations with fewer resources.
- Inadequate business customer monitoring: Business customers should not just be checked once a year to see if there have been changes to their risk profile. The OCC recommends continuous business customer monitoring to more adequately detect changes that could negatively impact the financial institution and lead to regulatory fines.
As financial institutions seek to effectively manage their risk to avoid BSA/AML regulatory scrutiny, implementing the right tools for business customer due diligence and ongoing monitoring can greatly help to address some of the gaps mentioned above. With G2’s Solutions for Commercial Banks, financial institutions can leverage G2’s proprietary fraud and compliance database with more than 11 years of business customer history to bolster their risk assessments and customer risk ratings, and can use G2’s ongoing monitoring solutions to ensure appropriate business customer monitoring based on the risk level of their customers.
For more information, click here.