Introduction
Anti-Money Laundering (AML) compliance is a critical aspect of the banking industry, aimed at preventing financial crimes and maintaining the integrity of the financial system. However, banks often face significant challenges in maintaining robust AML programs, which can expose legal, regulatory, operational, financial, and reputational risks. This whitepaper explores the essential elements of an effective AML program and the issues and potential liabilities banks may face when they fall short due to AML deficiencies, the lack of proper oversight and monitoring, and conflicts that arise when servicing high risk/ high revenue generating clients.
Effective AML Programs
Bank Secrecy laws, rules, and regulations have been around for decades. The expectations are somewhat simple on their own merits. We saw significant global enhancements to these requirements in 2018, emphasizing identifying beneficial owners and conducting ongoing customer due diligence. In the years following this change, institutions faced with these revised compliance requirements deflected responsibility by pointing out that various aspects of the rules were “new” or had been recently heightened. Six years out, the time for leaning on these excuses for our compliance shortcomings has passed. The essential elements* of an effective program include:
Conducting due diligence when onboarding customers to determine their legitimacy and understand their expected transactions and activity occurring through the bank. This includes establishing a customer risk profile.
Monitoring customer accounts and activity to ensure the customer’s actual activity reconciles to reasonable business purposes and compliments their risk profile (e.g., bicycle stores should look and act like bicycle stores; they should not conduct activities that would be abnormal for their industry, size, and complexity).
Ongoing due diligence by updating a customer’s risk profile through renewed due diligence when their profile changes (e.g., the bicycle store doesn’t seem to be selling bicycles anymore or conducting business that does not have a reasonable business purpose).
Comply with regulatory reporting requirements such as currency transaction reports, 314 information sharing, and filing suspicious activity reports.
Mitigate risks posed by illicit actors to protect the financial system, the bank, its customers, and others. This may result in restricting specific account uses, heightened monitoring of customer activities, increased reporting of suspicious activity, and, when appropriate, exiting relationships.
*While these measures should be allocated based on risk, they are still required for an effective AML Program.
AML Deficiencies and Potential Liabilities
AML deficiencies can arise from various shortcomings in a bank's AML framework, including:
Deficient Governance: Failure to establish effective governance models may lead to a lack of accountability and poor management oversight.
Compromised Policies and Ineffective Procedures: Policies and procedures that are not well understood by employees may result in non-compliance and gaps in effective monitoring of higher-risk activities.
Risk-Based Approach: Banks may fail to adopt a risk-based approach, leading to insufficient scrutiny of higher-risk clients, accounts, and transactions.
Incomplete or Inaccurate Customer Information: Lack of complete and transparent information on customers, entities, beneficial ownership, interrelated customers, and other transactions may hinder effective monitoring.
Inadequate Transaction Monitoring: Transaction monitoring systems are a cornerstone of an effective AML Program. The lack of effective monitoring processes (including alerts, investigations, and cases) may allow illicit activities to go undetected.
Lack of Training: Insufficient training for employees in effective AML controls and purpose-driven investigations is a leading cause for illicit activities to become pervasive.
Quality Assurance and Control: The absence of vigorous quality assurance and control processes, including tiered escalation of cases, may result in continual compliance issues.
These deficiencies expose banks to significant liabilities, including financial losses, hefty fines, legal penalties, and reputational damage. Prominent banks have paid penalties for violating AML compliance requirements to the tune of billions of dollars. Others face litigation for their potential failure to protect the financial system, the bank, its customers, and others from criminal activity.
Lack of Proper Oversight and Monitoring
Proper oversight and monitoring are essential for ensuring compliance with AML regulations. Banks must implement comprehensive risk management frameworks and conduct regular 1st, 2nd, and 3rd line of defense reviews/audits to identify and mitigate risks. However, some banks struggle with:
Increasing Supervisory Expectations: Banks face the challenge of ensuring compliance efforts are commensurate with ever-evolving regulatory requirements.
Third-Party Risk Management: Mismanagement of third-party relationships can lead to compliance failures and regulatory fines.
Ongoing Due Diligence and Risk Monitoring: Enhanced Due Diligence and Ongoing Due Diligence are crucial to mitigating risk. Some financial institutions fail to right-size monitoring regimes and formulate new paths to successful monitoring as risk attributes become more significant.
Failure to Prioritize the Integrity of the US Financial System: Financial institutions may overlook one primary principle of banking, which is to protect the US financial system from money launderers, fraudsters, and other illicit actors. Banks are expected to adhere to their governance model down to this most important control: stopping illicit activity and exiting relationships. It is easy for management to conduct investigations and file SARs. These actions do not affect revenue generation. Institutions even tout how they assist law enforcement by keeping accounts open when requested by enforcement agencies. Management also sees this as an appropriate action on the bank’s behalf. However, decisions to close revenue-producing relationships, even when the risk of money laundering, damage to reputation, and financial losses are possible, often cross the line between an acceptable and unacceptable response. Management feels compelled to exit relationships only after criminals are arrested or losses are sustained. Financial institutions placed under supervisory orders and subjected to severe civil money penalties and fines often serve as key examples of possible repercussions stemming from the failure to exit relationships when appropriate.
Conflicts Between High-Revenue Clients and High-Risk Clients
Financial institutions are quick to exit relationships when a customer poses potential money laundering risk and carries smaller balances or generates little revenue for the bank. The story changes when the customer brings larger deposits and higher revenue generation for the bank. Management is much slower to act and resistant to recognize money laundering red flags. This is also true when the customer carries some reputational legitimacy (e.g., a customer in the accounting or legal profession).
While high-revenue clients often represent a lower risk, banks face a difficult choice when high-revenue clients are also high-risk for money laundering, fraud, or some other higher-risk typology. No one wants to throw profits out of the proverbial window.
Banks often struggle between choosing to:
protect the bank, its customers, and the US financial system by either not opening accounts with money laundering red flags or exiting relationships posing higher money laundering/fraud risk;
servicing high revenue generating clients despite higher money laundering/fraud risks.
While these high-revenue clients generate significant income for the bank and bring other high-revenue clients to the bank, they can also introduce money laundering and fraud risk when they engage in potentially illicit activity. When higher revenue-generating relationships are also high-risk, they pose an exponentially higher risk to the financial system due to their complex financial transactions, high net worth, assumed legitimacy, and international operations.
Banks are left to balance the need to attract and retain high revenue generating clients while managing the risks associated with these clients when they have high-risk factors, which can be challenging.
AML and other anti-money laundering expectations have been integral to the financial sector for too long for institutions to claim negligence in oversight. Supervisory actions, including increased civil money penalties, consent orders, and MOUs demonstrate that institutions are being held accountable for inferior AML programs and their decisions (or lack of decision to exit relationships).
Conclusion
Financial institutions must remember that “Friends of a feather fly together.” Failing to utilize their most powerful control by exiting relationships that are tied to potential money laundering, fraud, and other illicit activity often increases money laundering risk—granting deference to one potential money launderer or fraudster signals to others that the bank accepts the risk associated with servicing these higher-risk customers and can lead to more high-risk relationships.
Banks must address AML deficiencies, enhance oversight and monitoring, and manage conflicts when servicing high risk / high revenue clients to mitigate potential risks. By implementing robust AML frameworks, conducting regular audits, and maintaining effective risk management practices, banks can better protect themselves from legal, financial, operational, and reputational risks.
EXPERT INVOLVED
Kenneth Simmons, with over 30 years of industry experience as Executive Vice President at leading financial institutions, and at regulatory agency such as OCC and FDIC, is a top expert in regulatory compliance, anti-money laundering, bank secrecy act, and financial crimes risk management.
Learn more about SEDA at sedaexperts.com
Contact Us
+1 646-626-4555