Skip to main content
Tag

AML

Feb 01
Love0

A New Dawn for AML Compliance + 7 Questions You Should be Asking

By Blog, Featured

To those in the anti-money laundering practice, Nina Simone’s memorable singing that it’s a “new dawn” and “a new day” may be best suited to the recently-passed Anti-Money Laundering Act (AMLA) of 2020. Passed as part of a broader National Defense Authorization Act (NDAA), the AMLA is likely the most sweeping financial crime-related law update in the U.S. since the USA PATRIOT Act almost two decades ago.

There are, of course, some appropriately-hyped provisions within the AMLA, as well as a few that are related to it, that bear a little bit more attention from compliance practitioners. 

WATCH: [Compliance Over Coffee] Preparing for the Next Wave of U.S. Regulatory Changes 

There’s Risk, then there’s Risk

The AMLA is clearly written, with no in-between-the-lines review needed. As a result, the Secretary of the Treasury will review components of current BSA/AML requirements to see where “adjustments” are necessary. From there, a report that will effectively de-prioritize what the AMLA calls “noncomplex” reporting will be issued, perhaps such as Suspicious Activity Reports (SARs) that deal with run-of-the-mill structuring. 

SARs as a Strategic Priority

The big shift with the AMLA is that there will be yet another report on “strategic priorities,” meaning that SAR reporting is going back to its roots as an information gathering tool for law enforcement and intelligence agencies. Still, what the AMLA hasn’t clarified is whether financial institutions will be able to forgo the “simple” SARs to focus on the more “valuable” SARs, or whether banks will be on double duty to report both. Risk assessments will be put in the same boat as SARs; having to review for those strategic priorities while still looking for the risks unique to their bank’s profile.  

READ MORE: How Bad is PPP Fraud in Financial Services?

 

Anonymously Speaking

Maybe the most lauded of the AMLA’s provisions is the Corporate Transparency Act (CTA), which doesn’t criminalize or ban shell companies as a structure, but requires that most incorporated entities fall in line with beneficial ownership requirements. The biggest change is that the CTA requires FIs to collect historical information that was exempt from the 2018 regulation’s requirements. FinCEN will then create a registry, with certain exceptions, and will allow FIs to scrub KYC data for their due diligence processes against that list. The mechanics of the list, collection, and verification process aren’t known, meaning that FIs will have to continue to take a risk-based approach to business types. 

READ MORE: SEC Priorities and a Changing of the Guard in 2021

 

Corruption in Politics and Art

What should get special attention, tying into the NDAA, is the emphasis on the risk related to corrupt political leaders (see the “Kleptocracy Asset Recovery Reward Act”) as well as arts and antiquities dealers. The NDAA goes further here by expanding the foreign bank account records held by a U.S. affiliate, such as KYC information, making those records fair game for subpoena.  

READ MORE: What Recent OCC Enforcements Signal for Firms

 

7 Questions You Should be Asking

While we wait for the underlying regulations from the AMLA, a few lingering questions remain. First of all, where the AMLA references the intention to streamline and automate, will firms be held accountable if they don’t find ways to do so? Not very likely.  

However, as FIs are required to automate more processes and reporting, will there be a risk of over-automation while regulators challenge the insufficiency of a BSA/AML compliance program’s human touch?  

There is still time before the one-year window for the Treasury to issue supporting regulations kicks in. In the meantime, here are a few questions that FIs should be asking:

1. Are we asking enough questions? Or, minimally, are we asking the right questions for LLP/LLC-type customers? Are we prepared to retroactively work towards data collection beyond the 2018 Customer Due Diligence (CDD) rule’s requirements?

2. What are we doing in terms of Politically Exposed Persons screening? Are we looking for stolen government funds? 

3. How will we risk-rate art/antiquity dealers going forward?

4. What’s the status and strength of our risk assessment process? Have we kicked the tires on the methodology recently? Will we be ready when new priorities emerge? Or will we be behind and at risk of missing critical requirements ?

5. Are our SARs “highly” useful to law enforcement? Or do we need to reinvent our processes with a closer eye on crime and intelligence?

6. If we are going to revamp our SAR processes, what are the best ways to make sure that second-line testing and audit are on board?

7. What should we automate? Where can we innovate? What processes are the most vulnerable to regulatory gaps?

Automate Regulatory Knowledge for AML Compliance

When it comes to identifying your requirements and obligations for AMLA and other regulations, automation can be especially helpful. 

The process of collecting regulatory updates across multiple sources is time-consuming—and it’s only step one of a multi-step process. The next step of determining which updates will actually impact your firm is even more of a challenge.

Ascent is a regulatory knowledge solution, which automatically surfaces the right information and pinpoints your firm’s obligations. Ascent helps compliance teams zero in on the regulation that is relevant to the firm, freeing up time and resources to focus on higher-value activities such as maintaining policies and procedures and executing compliance throughout the firm.

INFOGRAPHIC: Regulatory Knowledge Automation, Explained

Jan 03
Love0

Brexit Impact: A Look at the Next Normal

By Blog

Back in 2016 when the concept of the United Kingdom’s exit from the European Union (“EU”) seemed like a fantastical proposition, the prospect of the referendum’s success let alone its implications seemed like a mystery. The question for financial institutions now becomes how to implement and maintain a newly-domesticated compliance framework in the face of regulatory uncertainty. 

The Story on Domestic Data

The larger focus for financial services will be on sustainability of domestic and international compliance frameworks for areas such as data, sanctions, and overall governance. 

The UK has implemented a host of regulatory expectations in the past few years, from MiFID to the Senior Managers’ Regime. While those regulations will continue, financial services must continue to enmesh international laws with touch and concern to the UK in their programs.

Despite the UK’s exit from the EU, the parameters of the General Data Protection Regulation (“GDPR”) will continue to be enforceable. In fact, GDPR has been a primary area of international enforcement, with two UK-centric breaches in 2020 totaling in USD $56 million in penalties alone. 

CASE STUDY: How a Global Top 50 Bank Pinpointed Its GDPR Obligations Using Ascent

 

Similarly, despite infrequent enforcement actions for sanctions violations from the UK in the past few years (OFSI issued its first ever sanctions penalty in 2020 since its establishment four years prior), the UK Sanctions and Anti-Money Laundering Act of 2018 will continue to pose challenges for UK banks wishing to keep a foot in the international space.

In late December, the Financial Conduct Authority (“FCA”) issued the final Temporary Transitional Power (TTP) directions. Firms should be well-versed in the TTP directions, as they outline which regulations are expected to be maintained throughout the transaction and which have exemptions until the end of the transition period in March 2022. While these provisions apply to existing entities, the FCA was careful to note that the TTP does not apply to new European Economic Area entities seeking to onshore. 

Business as Usual for AML

As part of the EU, the UK would have historically been adhering to the framework of the EU’s Anti-Money Laundering Directives (“AMLD”). This would have been leveraged to set the framework for an anti-money laundering compliance program, from the “pillars” approach derived from the Financial Action Task Force (FATF) standards, to threshold for transaction monitoring. 

From a practitioner’s perspective, the EU AMLD set basic criteria that were then enhanced or supplemented, as needed, at the country level. In the absence of those directives, the UK will now rely entirely on the Proceeds of Crime Act (“POCA”) and its interpretation by regulators to determine firms’ adherence to AML standards. The FCA has not had a particularly robust enforcement year in terms of AML enforcement, with only two notable penalties issued for compliance-related failures. In fact, the absence of such enforcement actions has been cited in the press as a relative laxity by the regulator. 

Perhaps due to Brexit or exacerbated by it, the FCA has not made clear that AML compliance will be a priority over conduct-related enforcement in the coming year. Given the EU’s spate of Baltic-related fines and penalties, the first AML fine of 2021 may in fact be related to the same.  

The Way Forward

There is, as was expected when Brexit was first announced, a bit of trailblazing to be expected in the next few years. The shifting regulatory expectations around conduct over AML and sanctions enforcements is suggestive, but not dispositive. While the FCA has recently provided a rulebook with post-Brexit expectations, unlike their peers in the US, wavers have been embedded with those expectations, some as far out as 2022.  Perhaps drawing from their peers (subsidiaries and affiliates too) in the US, UK-based banks will need to leverage a far more conservative risk-based approach until the updated regulatory expectations become more certain.  

In the meantime, new technology such as regulatory knowledge automation can help financial firms keep tabs on enforcements, updates, and rule changes as they are issued. Today, many firms continue to try to manage and synthesize this influx of information in the same ways that it always has — by increasing personnel to do the work manually. 

INFOGRAPHIC: Regulatory Knowledge Automation, Explained

 

But missing even the finest detail within a body of regulation or rule amendment can be disastrous for a firm. Like the proverbial needle in the haystack, any obligation missed among the thousands of lines of regulatory information could have severe consequences come audit time. 

Regulatory knowledge automation uses machine learning (ML) and natural language processing (NLP) to complete this work in mere minutes, at a fraction of the cost, and with greater accuracy than manual efforts.

READ MORE: How to set a foundation for your regulatory compliance framework

 

For more information about RegTech, regulatory knowledge automation, and articles like these,  subscribe to our monthly Cliff Notes newsletter.

 

Subscribe


Dec 14
Love0

The Most Telling Guidance of 2020: Corporate Compliance Programs, AML & More

By Blog

There has been no shortage of media chatter in the very unusual 2020 calendar year.  For those concerned with organizational compliance, the release and re-release of regulatory guidance and legislation — particularly around BSA/AML and corporate compliance programs — has been nearly unparalleled.  As we will show, these developments have significant implications, if not direct calls to action, for banks.   

The BSA/AML Manual Hits Hard

At the risk of hyperbole, the Federal Financial Institutions Examination Council’s (“FFIEC”) Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) Examination Manual (the “Manual”) is perhaps the most sacrosanct of all regulatory frameworks. Intended to serve as a field guide for examiners, instead its outlines and parameters are utilized by banks’ BSA/AML compliance departments as the foundation for their compliance programs and by auditors as a basis for testing protocols. Updated in April, the Manual was not radically updated but the updates that were made were significant.  First and foremost, the Manual makes reference to “other illicit activity” as a nod to the nebulous nexuses between crimes like healthcare fraud, corruption, and money laundering.  The Manual further updates provisions in regards to risk assessments (while not flat out requiring them) and board-level oversight, broadly, requiring that banks ensure that their compliance programs are tailored to their unique risk profiles.  

Perhaps the most significant updates include expansions to the expectations around training.  Where only a paragraph existed previously, the updated Manual expands its expectations to have role-based technical and subject-matter training, along with much more precise guidance on the expectations for board of directors training.

READ MORE: Regulatory mapping is key to compliance. Are you doing it effectively?

 

A Major Emphasis on Corporate Compliance Programs

As many compliance practitioners were settling into remote working, the U.S. Department of Justice (USDOJ) re-issued its Evaluation of Corporate Compliance Programs (the “Guidance”).  In examining whether to consider and the depth of criminal penalties, prosecutors too (harkening back to the Manual) should look at whether the organization at issue maintains and leverages a risk assessment to inform decisions about compliance and mitigate the risk of misconduct.  The Guidance goes on to note that perhaps one of the most important factors is, based on the risk assessment, how were allocations for staffing, technology, and resources such as training allocated.  Were cost centers given hiring priority over compliance staff?  Is the annual compliance training program a leaflet?  Are the sales staff on top-of-the-line computers while the compliance and audit teams are using ineffective tech? 

All seem like fair questions. 

The Guidance directly states that compliance should be built into the compensation scheme, and that it should be a considerable factor in the allocation of (or withholding of) bonuses.  Lastly, the Guidance reiterates the need for ongoing monitoring, testing, and escalation of the state of misconduct-related controls and their investigations.  

READ MORE: How an Integrated Risk Management (IRM) approach can transform your organization

 

On the AML Horizon

There are two fairly significant developments  pending approval, and we cannot emphasize “pending” enough – a shell company transparency provision and the Anti-Money Laundering Act of 2020.  They are both embedded within a defense spending bill that the White House has threatened to veto for unrelated reasons. The shell company provision would mandate the registration of beneficial owners with the Treasury department, effectively ending anonymous shell company use within the U.S.  

Secondarily, if passed, the Anti-Money Laundering Act of 2020 would mandate that the Secretary of the Treasury take steps to “streamline” BSA/AML compliance requirements.  In its September Advance Notice of Proposed Rulemaking (“ANPRM”), FinCEN sought input from the banking community on how to make more “effective” use of BSA/AML systems and processed, skewing more in favor of law enforcement’s needs than compliance.  The proposed AML Act seems to end-run the feedback solicited by the ANPRM, and place the obligation with the Treasury to ease, reduce, or otherwise better facilitate the production and utilization of BSA/AML-related information.  

While the approval of the AML Act and its governing bill are in a tentative state, the ongoing developments in this space speak to big changes for the BSA/AML compliance space going forward.  

Keeping Pace with Change: A Tech-Based Approach

While these regulatory developments are broad reaching, their impact is different at each financial institution. This leaves Compliance teams with the tall order of reading through and analyzing the regulatory text to determine which parts of the Manual or the Guidance applies to their organizations — which can be like looking for a needle in a haystack.

According to an Ascent internal analysis, 65 percent of the regulatory text (the haystack) is made up of definitions and clarifications. The remaining 35 percent, which actually consists of obligations, is what compliance teams need to be reviewing in order to determine what regulatory requirements and obligations specifically apply to their firm (the needle).

READ MORE: Regulatory Change Management: A Tech-Based Approach

Ascent can help banks and other financial firms stay above the rising tide of regulatory change. Read this article to learn how our RegTech platform can help your firm quickly produce “granular obligations” and keep them current as new regulatory developments arise.

If you’d like to contact a team member directly, you can do so here

To stay up on the latest in regulatory technology and other news, subscribe to our monthly Cliff Notes newsletter below.

Subscribe


Apr 08
Love1

5 Quick Ways to Beef Up Your AML Program

By Blog

For compliance executives, steering clear of inadvertent involvement in money laundering should be a top priority. The challenge, of course, is that money laundering typically happens in the financial shadows and is, by design, difficult to spot.

The Challenge of Truly Knowing Your Customer

The Bank Secrecy Act, USA Patriot Act, and their associated regulations impose a heavy burden on U.S. financial institutions to combat money laundering. Similar obligations saddle firms in other jurisdictions. So-called “Know Your Customer” (KYC) obligations form the centerpiece of the laws’ anti-money laundering (AML) provisions affecting the financial sector.

KYC programs typically comprise two related, but separate, efforts: Customer Identification Programs (CIP) and Customer Due Diligence (CDD) initiatives.

Each requires firms to gather, verify, and monitor information on their “customers” (a term that encompasses a variety of counterparties) in order to flag suspicious profiles, behaviors, and transactions that may raise the red flag of money laundering.  

Straightforward in concept, the devil for these duties is in the details. Most firms meet their obligations through a combination of low-tech, customer-side information gathering followed by efforts to verify and monitor that information through third-party databases.

Those efforts can be effective as a first pass, but compliance officers often feel understandable angst about whether they’re enough. After all, no one wants a FinCEN enforcement action or, worse, a subpoena from prosecutors in the Southern District of New York, to serve as a test of the effectiveness of their firm’s KYC program.

A common question posed by compliance teams: Is there more we can do?

The answer is yes, there is, and it’s not as expensive or time-consuming as you might think. Here are a few of the options for boosting your AML due diligence efforts:

1) Building on Existing KYC & Due Diligence Programs by Having Third-Party Investigators on Standby

As we said at the outset, one of the biggest challenges of detecting money laundering is that money launderers are sophisticated about not getting caught.

And, while it may be a defense that a client or customer was too good at money laundering for you to sniff it out, it’s far better to be the firm that earns kudos and credibility by spotting an illegal practice that others missed.

When something smells a little fishy to a compliance officer, asking experienced investigative due diligence firms to look closer can make for a smart insurance policy.

One way of doing this is to have a third-party investigation firm, such as our partner Prescient, on call to take a deeper dive into a customer’s business and its associated dealings. For instance, compliance officers tending to customer due diligence efforts sometimes find it particularly difficult to get to the bottom of identifying the beneficial owner of a company.

This can relate to both a direct customer account, or a 3rd party in which the customer conducts business.

These types of firms are experts in using open-source investigative tactics to peel away layers of (sometimes intentionally) complex corporate ownership structures with numerous shell entities buried deep in corporate filings to uncover the ultimate beneficiaries of the company.

There is an up-front expense, but when something smells a little fishy to a compliance officer, asking experienced investigative due diligence firms to look closer can make for a smart insurance policy without having to turn away business done in good-faith.

2) Achieve Regulatory Clarity

Small and mid-size financial firms often blanche at the prospect of deciphering, much less complying with, the AML regulations across the numerous regulatory bodies and legal statutes that apply to them.

Many small and mid-size firms choose to avoid the regulatory headache and associated risk of taking on [certain] customers, effectively leaving unnecessary money on the table.

This is particularly true of firms doing domestic business who are worried that taking on a new customer with, for example, a foreign address or business ties, may subject them a host of obligations for which they’re not prepared.

Unfortunately, many small and mid-size firms choose to avoid the regulatory headache and associated risk of taking on these types of customer, so they choose to not onboard the customer; effectively leaving unnecessary money on the table.  

Enter RegTech to the rescue. With modern advances, RegTech can help solve the conundrum of unfamiliar and shifting regulatory obligations. At Ascent, we are putting our AI-driven solutions to work in parsing and analyzing millions of lines of raw regulatory text.

READ MORE: What are ‘granular’ regulatory obligations and how do they reduce your risk?

Our goal is to give firms tools to evaluate quickly and accurately not just whether they are subject to specific regulations, but if so, what steps the specific regulations require them to take.

By automating the process of regulatory development and change management, we aim to alleviate the pain felt by firms who are (rightfully) daunted by the prospect of learning how to comply with new and unusual AML compliance obligations.

READ MORE: How to identify and map your AML obligations in Ascent

3) Automate Compliance Tasks

Once a firm knows what and how regulations apply, there are also solutions on the market that can help automate the process of AML compliance.

These products run the gamut from facilitating the process of client-side information gathering, screening and monitoring customer information against international watch lists, examining and flagging suspicious transaction activity, and reporting flagged activity to regulators.

These solutions offer the promise of making compliance more efficient, cost-effective, and accurate.

4) Know Your Jurisdictions

The more jurisdictions where a firm’s customers operate, the more challenging any AML compliance efforts can become.

Firms can leverage the knowledge and experience of their peers regarding foreign jurisdictions and even specific customers – a potentially significant boost.

Any firm with international business should ensure its AML compliance officer has a working knowledge of the regulatory and business landscape in that jurisdiction.

That may seem like a tall order for many firms, which is why in addition to hiring the right staff, it is also important to take advantage of information-sharing and learning opportunities.

One way to gain critical knowledge about foreign (and domestic) customers and the environments in which they operate is for a firm to opt-in to information sharing under section 314(b) of the USA Patriot Act.

As FinCEN explains, opting-in allows participating financial institutions to “share information with each other regarding individuals, entities, organizations, and countries for purposes of identifying, and, where appropriate, reporting activities that may involve possible terrorist activity or money laundering.”

In short, firms can leverage the knowledge and experience of their peers regarding foreign jurisdictions and even specific customers – a potentially significant boost.

5) Take Advantage of Learning Opportunities

Another way compliance officers can grow their knowledge-base is to attend AML conferences, such as ACAMS-sponsored events, where they can share insight and techniques with their peers in the AML world.  

These types of conferences can keep compliance officers abreast of the latest techniques, products and industry happenings, as to always stay on the cutting edge of the industry, so they can get in front of any malicious activities as much as possible.  

Check out our Ultimate List of Compliance Conferences and Events.

 

Wrapping Up

In sum, these are just a few of the many quick, easy and cost-effective ways to enhance your program.

Money laundering is not a static crime, as criminals and non-do-gooders are getting smarter and are incorporating more advanced techniques by the day; therefore your AML program shouldn’t be static either.  

As a best practice, it is highly recommended that financial services firms should stay on top of the latest industry trends and updates, and if you consider at least some of these options, you are well on your way to doing your part to not only stay compliant with laws, rules and regulations, but to also make the world a safer place.  

 

Enjoy this article? Subscribe to receive helpful content designed to help you win at compliance.

Subscribe