Adopting a Holistic Approach to AML
In order to enhance the efficiency and effectiveness of Anti-money laundering programs, the FinCEN (Financial Crimes Enforcement Network) made an announcement in the month of September that it was seeking remarks or comments related to potential changes to the Bank Secrecy Act. This announcement is being considered by many as an ideal opportunity for improving the AML compliance and to combat financial crimes.
Currently, AML programs at institutional level are based on five pillars: effective internal controls, designation of an AML compliance officer; staff training; independent program testing; and customer due diligence (CDD). The aforementioned pillars seem pretty detailed and comprehensive but the problem is that these are heavily focused on AML management and not so focused on the actual risks related to AML within an entity. Even the pillars that come most close towards addressing AML risks —internal policies and CDD—fail to completely cover all the problems and threats related with money laundering that different entities are facing.
As per United Nations, it is estimated that 99 per cent of illegal funds avoid detection. This means that many entities need to assume there is a significant amount of illegal funds that are already within their organizations. Irrespective of how diligent and effective an entity’s efforts with regards to customer onboarding may be, there will always be some existing customers that are engaged in various financial crimes. Therefore, continuous analysis and monitoring of transactions and customers are an important part of an AML program and automating AML compliance is key to ensure your organization is in compliance with the AML regulations. A client considered as low risk customer 3 years ago may have had undergone changes which could elevate its risk profile. However, there is nothing that indicates all the aforementioned pillars reinforces the idea that due diligence of a client needs to be carried out on a regular basis across the lifecycle of a customer.
Therefore, the program or system that emerges as a result of the potential changes must be focused as well as centered around the lifecycle of a client entity; AML planning and management would follow from that. An example of the approach focused on a customer’s lifecycle can be found within the Cybersecurity Framework developed by the National Institute of Standards and Technology (NIST).
A point came where it felt like that almost everyone having online access was a victim of cybercrime, personnel responsible for cybersecurity across the world had to accept the fact that online breaches were not a matter of “if,” but “when.” This shift was the driving force behind the evolution of the best practices related to cybersecurity as enclosed in the five core functions of NIST’s framework:
The aforementioned functions are then divided into two subcomponents to allow for more technical and detailed analysis that is supported by extensive guidelines, standards and best practices.
The NIST’s framework provides cybersecurity leaders with a structure which they can use in benchmarking of variables like system performance, system vulnerability and resource allocation so that decision-makers can see, for example, if they are overpowering one element at the expense of the other ones. This benefit of the NIST’s framework makes it the perfect example in connection to the objectives of the FinCEN’s initiative, which is to provide financial institutions with more flexibility with reference to the resource allocation and the greater alignment of priorities across government and industry.
It may seem a bit odd to look at a cybersecurity framework for guidance considering that financial crime existed as a challenge for organizations for considerably longer when compared with cybercrime. However, cybersecurity may have an upper hand when it comes to developing response to a crime: Having started as a technical problem, it was addressed by professionals who approached it with a systematic-based approach. If you look at the other side of the fulcrum, financial crime is viewed by many as a regulatory issue that can be addressed using a compliance-based approach (which is reflected in the existing five pillars).
A compliance-based approach has two major issues. The first one is that it is more inclined towards fighting the last battle: Compliance of regulations results in the prevention of specific incidents from reoccurring. While a systems-based approach does the same but it also uses creative thinking as well as take guidance from past events to identify issues before they happen so that they could be prevented. The second point is that, a compliance-based approach emphasizes compliance at the risk of undermining true knowledge of the matter in question.
Advances in machine learning technologies and artificial intelligence, such as robotic process automation, have all the potential to enhance AML efforts by increasing accuracy and bandwidth by highlighting areas for closer inspection. Automation significantly helps in controlling financial crimes in all the stages of money laundering. However technology cannot provide a system-based perspective; it needs to come from the decision-makers or the process through which they make decisions regarding money laundering.
The re-examination of AML regulations by FinCEN provides all those that are involved with a new start not only with regards to requirements but also with regards to the perspective built by those requirements. While, the new changes will not resolve every issue which the AML is facing currently but will help the institutions in maintaining essential holistic perspective that is necessary to improve the efficiency and effectiveness of AML programs—and that is very easy to lose when emphasis is on compliance and not on system.