More than 1,400 banking professionals representing 400 financial institutions and corporations from over 42 countries from around the world met in Miami for the 2017 Florida International Bankers Association (FIBA) Anti Money Laundering (AML) Compliance Conference. Each year the conference includes the ever popular “Ask the U.S. Regulators and Policy Makers” panel, where representatives from each regulatory body discuss the status of the AML compliance environment.
Last year was a banner year for AML compliance in terms of news and policy making for financial institutions. The Financial Crimes Enforcement Network (FinCEN) issued the long-awaited final rule on customer due diligence requirements for financial institutions as well as an advisory on cyber-events and cyber-enabled crime security; the Financial Action Task Force (FATF) issued the mutual evaluation of the United States report; and the Mossack Fonseca Papers, just to name a few.
With this backdrop, here are four top takeaways from this year’s regulators panel, which included representatives from FinCEN, FINRA, OFAC, the Federal Reserve, the OCC and the FDIC:
- Culture of compliance
After years of promoting the importance of the culture of compliance, regulators noted an uptick in the top-down culture of compliance at financial institutions, citing improved AML training for boards of directors. The decrease in civil money penalties, enforcement actions and violations from repeated issues, as well as the high rate of banks BSA/AML compliance programs assigned satisfactory ratings in reports of examination (ROE) provides further evidence that bank leaders have recognized the importance of compliance.
Furthermore, BSA/AML departments should not be a silo within the organization, the regulators said. BSA/AML professionals need a seat at the table in management-level discussions because safety and soundness covers all areas of the financial institution. Information sharing across an organization enhances the bank’s ability to identify, understand and address risks in a dynamic business environment.
- Gaps in automated suspicious activity monitoring and OFAC interdiction systems
Financial institutions rely on sophisticated automated systems to identify and report suspicious activity as well as to prevent transactions from being processed to/from sanctioned jurisdictions and parties. These systems should be calibrated and validated on an ongoing basis to confirm that:
- Appropriate data input feeds are properly and timely captured
- Typologies and settings are customized and calibrated commensurate with the financial institution’s risk exposure and appetite
- Documentation is available to support alert types, parameters, and respective thresholds utilized as well as documentation to substantiate changes to alerts and settings
- Changes that could affect the financial institution’s risk profile have been accounted for, including products, services and customer base
- Appropriate scope and timeliness of independent testing of the monitoring and interdiction systems.
- Risk assessments
Risk assessments are the cornerstone of a strong compliance program. Understanding the inherent and residual risks that the bank’s customers, products, services and geographies represent is fundamental and enables AML professionals to build programs that effectively mitigate their risk exposure. One area that regulators would like to see enhanced is a deeper dive into financial institutions’ affiliates.
- Looking ahead
Be prepared for potential updates to Federal Financial Institutions Examination Council (FFIEC) Bank Secrecy Act/Anti-Money Laundering Examination Manual in the coming year. Regulators discussed general areas: 1) money laundering and terrorist financing red flags; 2) examinations for “small” financial institutions; and 3) customer due diligence (CDD) requirements for identifying and verifying beneficial ownership of legal entity customers.
Also be on the lookout for Know Your Customer’s Customer (KYCC) guidance. Currently, AML workgroups, including FATF and the Basel Committee on Banking Supervision AML/CFT Expert Group (AMLEG), are working on recommendations for creating a framework and processes for information sharing; the goal is to enhance transparency and facilitate the due diligence process for banks in foreign correspondent relationships to address interjurisdictional privacy issues. Although not currently required by law, financial institutions still need to understand the risk profiles and business models of their customers, the regulators said.
Banking professionals should stay informed about the how these emerging trends might affect their institutions in the months to come. If you have questions about AML compliance or other banking-related regulatory issues, please contact me or another member of our risk advisory services team.
Oscar Enriquez, CAMS, CPAML, MBA, is a risk advisory services supervisor in Kaufman Rossin’s Miami office. Kaufman Rossin is one of the top 100 CPA and advisory firms in the U.S. and offers risk advisory services for banks and other financial institutions, including anti-money laundering compliance, FINRA compliance, IT security consulting and regulatory compliance. Oscar can be reached at firstname.lastname@example.org.