AML: Have We Forgotten What We’re Trying To Achieve?

Around $2 trillion or 2-5% of global GDP is laundered annually, according to UNODC estimates in a 2017 study. At the same time, only around 1% of criminal proceeds are confiscated in Europe each year.

Financial institutions are in the line of sight for both money launderers and regulators. But are their AML efforts too literal, too narrow and too patchy? Or are firms just overwhelmed by the amount of regulation and competing demands on their time to be truly AML-effective? The panel moderators of RiskConnect Virtual 2020 – Kevin Smith and Bill Trueman from Riskskill take a back-to-basics look at fighting financial crime and remind us what we are trying to achieve with AML.

This article is part of the RiskConnect 2020 Magazine.

Implementing AML controls frequently comes up against the Goldilocks problem. What is not too much or too little, but just the right amount?

To some extent, the financial services industry has gone too far in implementing AML controls. It places huge onus on repeating on-boarding checks, particularly around re-identifying customers, for example. But at the same time, it does not go far enough with ongoing monitoring and management of existing customer relationships.‍

“People understand that you need to do customer due diligence on new customers. But as the relationship develops, you should always be monitoring, looking for fraud and suspicious activity. It’s part of a broader understanding of the business and people, not just a one-off activity,” says Kevin Smith.

Conducting know-your-customer and know-your-business (KYC/KYB) checks and verifying data on potential customers is critical — as well as being a legal requirement. But if an organisation does not really understand the purpose and intended nature of a customer relationship, they may not have a full picture of the risk associated with that customer. Or have a meaningful basis for deciding what is normal in the context of their business, so unusual or out-of-pattern behaviour stands out more clearly.‍

This is all part of a risk-based approach. Instead of taking a blunt-instrument or one-size-fits-all approach to identifying suspicious transactions or behaviour, if you know what genuine customer behaviour looks like, anomalous behaviour will stand out more clearly. There is little to be gained, and much to be lost, by inconveniencing genuine customers, blocking or declining particular transactions and creating more false positives. With a risk-based approach, only higher-risk transactions are pulled out for extra scrutiny. The overwhelming majority of business can proceed without this as it is not high risk.‍

Building Capacity

We must focus on not just doing AML for AML’s sake, says Kevin. Part of this is a capacity issue. Risk management and compliance staff, but also their colleagues in business development and account management roles, need to be sufficiently empowered to ask difficult questions. They need to look in detail at customer relationships and, of course, know what they are looking for.‍

“During client engagements, it often becomes quite apparent that underwriting and compliance teams don’t know the questions they should be asking potential and existing customers. There is always a drive to get clients on-boarded, and people can often forget the mechanics of why it was important to understand the true merchant business and to be cognizant of a concerns in the data presented and noteworthy changes,” says Smith.

Continue reading at original source

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s