Everybody's Been Burned*
But the three "prongs" of AML can all work together
- Written by John Byrne
- Comments: DISQUS_COMMENTS
In 1967, the Byrds were not contemplating the three parts of the AML community (law enforcement, regulators, and the financial sector) when David Crosby opined that we all have had obstacles and have all been burned at some point. As many readers prepare for the ABA/ABA Money Laundering Enforcement Conference (which I am proud to have created) and our own 11th Annual ACAMS AML and Financial Crime Conference, which starts September 30, I wanted to briefly report on a forum we held this week in New York City.
PowerPoint was strictly forbidden and dialogue among the panelists and the audience was strongly encouraged. To paraphrase comedian Robin Williams (yes, I am as old as my references!), "dialogue, what a concept!"
Our attempt that day was simple--with the publicity on dramatic penalties, some potentially tarnished reputations, and the overwhelming nature of competing compliance priorities, what can we all do?
The panels started the conversations around three themes:
- • The status of terrorist financing (or "threat finance," as some refer to it) in 2012.
- • The "three lines of defense" in a financial institution and tips on improvement.
- • The way forward--or balancing effective reporting v. compliance obligations and expectations.
Status report: The "business" of terrorism
On where we stand today, it remains clear that terrorists have dropped their phony morality and embraced traditional criminal activities to acquire funds to commit their cowardly acts.
It is also a continuing challenge for financial institutions to identify terrorist financing on SARs and other government reports because of the lack of typologies and relevant trend data from government partners. All acknowledged that the effort and desire was there to provide such information but (my words) overly legalistic restrictions on information sharing have prevented financial institutions from achieving their goal of effective reporting.
It should be noted that those with the expertise to know have recognized government "internal" information sharing progress over the past 11 years since the tragedies of 9/11 and the silos and turf battles, while not completely eliminated, have subsided and there is hope for future improvement.
Lines of defense: Big-time enforcement underscores compliance
During the discussion on the lines of defense, it was clear that public enforcement actions have forced a review of policies and procedures with many (if not all) financial institutions.
The audience was not reticent to indicate that their risk assessments should be updated more frequently, that AML was only a part of the overall risk of an institution, and that regulators wanted to see the methodology that supports the risk rankings.
Other issues noted were the need to train auditors on AML-related requirements, but to not assume that basic questions from an auditor are an indication of lack of knowledge-it could be a test of your knowledge.
Finally, this discussion looked at the ongoing challenge of resources and no one in the room felt that theirs was adequate to respond to regulatory expectations.
7 categories of risk to watch
We ended the day with a robust conversation on the ongoing challenge with all three parts of AML. Some cautioned against pitting two of the three against one another. Others stressed the obvious--ongoing communication and documentation of your positions.
Others encapsulated the overall risks in 2012 into seven distinct categories:
- • Correspondent banking
- • Banking non-banks
- • Cash and cash-equivalent products
- • Shell companies
- • Sanctions
- • Private banking or wealth management
- • Politically exposed persons
• To be sure, there are more. These include electronic banking products, lack of determining beneficial ownership, and tax avoidance schemes.
The regulatory relationship, for good or otherwise
The audience was also very concerned about second-guessing from the regulators, the challenge of balancing compliance obligations against getting valuable information to law enforcement.
While regulators in the room made clear their view that you simply had to prove your system or program works, many felt that regulator judgment always trumps documentation.
One of the most vibrant discussions centered on whether the risk-based approach, favored by FATF and many governments, had been irreparably eroded.
One example may tell the tale--a major financial institution with the traditional three levels of risk; high, medium and low, had been told that there is no such thing as low risk--that it can only be "standard."
I am still convinced that we can still get all three parts of the AML community together before we get burned again--but it won't be easy.
* The Byrds "Younger Than Yesterday," Columbia Records 1967
Disclaimer: John Byrne's views do not necessarily reflect those of the American Bankers Association.
Tagged under Compliance, Blogs, AML & Fraud, BSA/AML,