No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

The Keys to Effective AML Program Oversight

by Carol Beaumier
January 27, 2015
in Compliance
The Keys to Effective AML Program Oversight

There was a time when having an effective anti-money laundering (AML) compliance program meant little more than filing Currency Transaction Reports and the occasional Criminal Referral Form, the predecessor to a Suspicious Activity Report (SAR), if you happened to identify unusual transactions.  Few current AML practitioners likely remember those days.

Maintaining an effective AML compliance program today requires so much more: robust engagement with and by senior management and the Board of Directors; multi-disciplined compliance personnel; proactive identification of the risks posed by customers, products/services and geographies; dynamic risk mitigation strategies; the use and upkeep of increasingly sophisticated technologies; and ongoing credible challenge from the second and third lines of defense to ensure that the compliance program aligns with industry practice and regulatory expectations and that the risks assumed are within established risk tolerances. Incorporating all of these considerations and more into the design and maintenance of an effective AML compliance program can be a daunting task and generally raises many questions about what’s really expected of organizations and how they should carry out their responsibilities.1 The following explores three of these questions, with a particular focus on the roles of the Board of Directors and senior management.

 How Does Governance Affect the Success of the Program?

It goes without saying that “tone at the top” is critical to the success of any compliance effort, but only if the words of the Board of Directors and senior management are supported by their actions. Unless the organization is convinced of the commitment of the Board and senior management, there is the risk that the  “tone at the middle,” which really drives day-to-day activities, will send a conflicting message about the importance of compliance and undermine – intentionally or inadvertently – the compliance effort.

Among the most impactful actions the Board and senior management can take to promote an effective AML compliance program are:

  • Defining the organization’s AML risk appetite so that it is clear throughout the organization how much AML risk is acceptable.
  • Monitoring changes in the organization’s risk profile performance against stated tolerances.
  • Ensuring that the AML Compliance Officer is positioned in the organization in a way that supports the importance of the role. This means establishing an appropriate reporting line and appropriate title.  An AML Compliance Officer with an institutional title several levels below the Chief Compliance Officer may send the message that AML compliance is not as important as other types of compliance.
  • Providing adequate resources – human and technological – to the AML compliance effort. More about this in the following section.
  • Ensuring that the roles and responsibilities of all three lines of defense are clearly delineated.
  • Requiring that performance evaluations and compensation decisions reinforce the message that the business, not AML compliance, owns the risk and is responsible for managing it.

In short, as with any other risk management discipline, the Board of Directors and senior management need to set the strategy, ensure there are adequate resources, clear authorities to execute the strategy and monitor its execution.

How Do You Know You Have the Right People – and Enough of Them?

It is not unusual for a CEO, CRO or even a Board member to say “We always seem to be adding people to our AML compliance team. How will we know we have the right number?”  Responding to that question requires answering several other questions, such as:

  • Has the organization been adding staff to meet business as usual (BAU) needs or to address an enforcement action or other special project needs?
  • Are data or systems challenges impeding the ability of staff to carry out their responsibilities?
  • Do existing personnel have the skill sets and experience necessary to execute their responsibilities?

In the current environment, many financial institutions are dealing with enforcement actions or, at a minimum, examination criticisms that require them to upgrade their AML compliance programs. These remediation efforts create pressure on the AML compliance organization, often requiring so much attention and time that BAU activities may suffer as a result. Some institutions opt to bring in senior-level personnel with compliance or risk management experience from another part of the organization to manage remediation efforts, because these individuals can take a fresh, objective view of what needs to be done and because this approach allows the existing AML compliance team to focus on BAU. Regardless of the approach taken, directors and senior management of institutions facing large-scale remediation efforts should question how both the remediation effort and BAU activities are being managed.

Next to people, the largest costs associated with an AML compliance program relate to technology.  Notwithstanding how much the industry has invested, and continues to invest, in enabling technology, it is not unusual for compliance personnel to spend inordinate amounts of time trying to retrieve and aggregate data from disparate systems, ensuring that existing systems are capturing all the appropriate data and devising manual workarounds because the technology currently in use is not robust enough for the products and services or customer-types served by the organization. Directors and senior management should understand how the AML compliance organization evaluates the adequacy of data and technology and should look for independent assessments from internal or external model validation resources or other such experts on the effectiveness and efficiency of the technology in use.

An effective AML compliance organization must be staffed with individuals with experience and knowledge of the legal and regulatory requirements; operations, including how the products and services offered by the organization can be used for money-laundering and terrorist financing; fraud and forensic techniques; and technology and data analytics. They – and especially the AML Compliance Officer – must also be able to engage effectively, stand their ground with the business and interact cooperatively with other constituents, such as legal and internal audit. Gaps in any of these skill areas are likely to impede the effectiveness of the compliance function.

When faced with a request for more resources or when trying to assess the adequacy of the existing staff, the CEO, CRO or Board member should first ask the AML Compliance Officer to provide a “staffing needs” assessment. This assessment, which should be periodically refreshed by the AML Compliance Officer and is increasingly being requested by regulators, should document the skill sets of the existing staff and where they spend their time, differentiating between BAU and remediation and special projects. Using measures that are both quantitative (e.g., empirically-derived information on how long it takes someone to review an alert or adjudicate a sanctions “hit”) and qualitative (e.g., intuitive judgment on where people would be expected to spend the most time), the “staffing needs” assessment should provide the support for the number of staff needed and why.

If additional staff are needed because of remediation efforts, consider seconding people from elsewhere in the organization or using temporary help, rather than hiring more full-time people who may not be required once the issues have been addressed. If additional staff are needed because of data and/or technology challenges, consider whether a plan is needed to improve technology and access to data in order to improve the efficiency of the compliance organization. If no one on the team has a solid understanding of technology or data analytics, consider upgrading the staff. Informed decisions will serve the organization far better in the long term than the oft-tempting desire to just add more resources.

How Do You Know When Things Aren’t Working?

Too often, Boards of Directors and senior management are surprised to learn from a regulator that their AML compliance program is deficient. Some argue that this happens because regulatory expectations keep changing, and there may be merit to that argument; however, often there are already telltale signs of cracks in the compliance program that would have been apparent if management reporting had included robust key performance indicators and key risk indicators. These would have revealed information such as the following:

  • A number of aged, unfilled positions in the AML compliance department
  • Increased turnover in the AML compliance department
  • An increasing number of high-risk customers being on-boarded
  • A growing number of existing customers with multiple SAR filings
  • A backlog of alerts
  • Aged examination or audit exceptions

Assuming the availability of data, a competent AML Compliance Officer should be expected to develop and maintain comprehensive Board and management reporting. If that is not happening, the Board and senior management should be asking why not.

Oversight by the Board of Directors and senior management is a vital component of a strong AML compliance program. There are many more questions to address, but knowing the answers to the three outlined above will go a long way to ensuring compliance success.

1 For comprehensive coverage of the wide range of AML and sanctions-related questions facing financial institutions and other businesses, see Protiviti’s U.S. Guide to Anti-Money Laundering: Frequently Asked Questions, Sixth Edition, available at http://www.protiviti.com/AML.


Previous Post

Wage War on Change Fatigue in the New Year

Next Post

Thomson Reuters Survey Reveals Conduct Risk Regulatory Focus Expected to Increase Along with Personal Liability Concerns for Senior Managers

Carol Beaumier

Carol Beaumier

Carol Beaumier headshot 1-27-15Carol M. Beaumier is Protiviti’s executive vice president, global strategic planning. She oversees and coordinates the efforts of Protiviti’s strategic planning initiatives to continuously improve how Protiviti serves clients, develops world-class consultants and achieves operational excellence.  She also oversees the Global Financial Services industry practice.  Beaumier previously served as executive vice president, global industry programs and leader of Protiviti’s Regulatory Risk Consulting practice. An experienced consultant and former bank regulator, Beaumier has extensive experience in a wide range of financial industry and regulatory issues. Beaumier has more than 30 years of experience as a financial services industry consultant. Before joining Protiviti, she was a partner in Arthur Andersen’s Regulatory Risk Services practice and a managing director and founding partner of The Secura Group, where she headed the Risk Management practice. Before consulting, Beaumier spent 11 years with the Office of the Comptroller of the Currency (OCC), where she was an examiner with a particular focus on multinational and international banks. She also served as executive assistant to the Comptroller, as a member of the OCC’s senior management team, and as liaison for the Comptroller both inside and outside of the agency. Beaumier holds bachelor’s and master’s (Hon) degrees from Colby College and is a Trustee Emeriti of the College.

Related Posts

PW FCPA Enforcement and Anticorruption 2022 Review_f

FCPA Enforcement & Anti-Corruption Developments

by Corporate Compliance Insights
March 30, 2023

The year that was in FCPA & anti-corruption efforts 2022: A Year in Review FCPA Enforcement & Anti-Corruption Developments What’s...

JTC ESG and Impact Investing_f

The Evolution of ESG & Impact Investing: Are You Ready?

by Corporate Compliance Insights
March 30, 2023

Making money *and* doing the right thing Survey Report The Evolution of ESG & Impact Investing: Are You Ready? What’s...

Regology 2023 State of Regulatory Compliance_f

2023 State of Regulatory Compliance

by Corporate Compliance Insights
March 30, 2023

Understanding the impact of regulatory challenges Survey Report 2023 State of Regulatory Compliance What’s in this report from Regology:As the...

product update riskoptics

Reciprocity Rebrands to RiskOptics, Updates ROAR Platform

by Corporate Compliance Insights
March 30, 2023

Reciprocity, an information security risk and compliance provider, is now RiskOptics, after the company formally announced a rebranding initiative and...

Next Post
Thomson Reuters Survey Reveals Conduct Risk Regulatory Focus Expected to Increase Along with Personal Liability Concerns for Senior Managers

Thomson Reuters Survey Reveals Conduct Risk Regulatory Focus Expected to Increase Along with Personal Liability Concerns for Senior Managers

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT