First Post in a Two-Part Series
How do financial institutions get in trouble with their regulators? Recent AML enforcement actions suggest that the following two failures are at the heart of most of these actions: (1) inadequately identifying, monitoring and/or reporting suspicious activity; and (2) failing to implement adequate internal controls. And these same issues crop up year after year.
In this post, we’ll discuss these failures and their root causes and provide practical tips for ensuring that your AML program will withstand the scrutiny of regulators. In our next post, we will discuss how these practical tips apply in a specific AML enforcement action: the recent consent order between the New York Department of Financial Services and Mashreqbank. Further, we look forward to discussing all of these issues in an upcoming podcast in Ballard Spahr’s Consumer Financial Monitor Podcast series. So please stay tuned.
The U.S. financial institutions that recently found themselves in the government’s crosshairs allegedly engaged in the following behavior:
- Failing to investigate alerts on high-risk accounts where those accounts had been investigated previously, even when the new suspicious activity to which the bank had been alerted differed from the activity that it previously had investigated.
- Having a policy of not investigating or filing SARs on cash withdrawals from branches near the Mexican border if the customer said they were withdrawing cash in the U.S., rather than carrying cash into the U.S. from Mexico, in order to avoid having to file a Report of International Transportation of Currency or Monetary Instruments (CMIR).
- Capping the number of alerts from its transaction monitoring systems based on the number of staff available to review the alerts rather than on the risks posed by the transactions (and lying to regulators about it).
- Failing to report the suspicious activities of a longtime customer despite having been warned that the customer was laundering the proceeds of an illegal and fraudulent scheme through accounts at the bank.
- Failing to conduct necessary due diligence on foreign correspondent accounts.
- A brokerage company failing to file SARs on transactions that showed signs of market manipulation.
- A MSB’s failing to implement proper controls and discipline crooked agents because those agents were so profitable for the MSB, thereby enabling illegal schemes such as money laundering.
Although the behavior of these financial institutions may differ, the root causes of their failures do not. They include the following:
- An inadequate, ineffective or non-existent risk assessment.
- Elevating the business line over the compliance function.
- Offering products or using new technologies without adequate controls in place.
- Compliance programs that are not commensurate with the risks, often due to under investment in AML technology or other resources and/or lack of awareness of AML risks or controls.
- Corporate silos, both human and technological, that prevent or hinder information sharing.
- Insufficient screening of parties and relationships and lack of effective processes and controls around EDD.
So how can you ensure that your AML program is adequate? Here are some practical tips.