Why Anti-Money Laundering Programs Fail

Why are AML programs failing and where are the vulnerabilities?  Based on our experience with dozens of financial institutions there are 4 primary reasons:

1. The Regulators’ Treatment of the Financial Services Industry as part of the Problem and their Lack of Guidance

The government’s approach to working with financial institutions regarding AML issues is misguided, treating them as part of the problem rather than part of the solution.  Whereas regulators must ensure that functional AML programs exist within the context of the laws, their focus has been to sanction institutions that fail to comply, even in cases where an institution fails to file one Suspicious Activity Report (SAR) in a timely manner.  Moreover, the examination process also results in inconsistent application of the AML requirements not only among different regulatory agencies but in a regulator’s treatment of different institutions within the same industry.  Simultaneously, there is very little and even contradictory guidance to the financial services industry as to the structure of AML program components and providing information as to what aspects of programs work versus those that don’t. 

2. A Lack of Understanding and Awareness in the Financial Services Industry

Many managers continue to have the misconception that they have no AML risk if their institution or department does not take cash deposits.  This is a classic failure to distinguish the placement method of money laundering from other more intricate and complicated methods such as layering or integration, which often do not rely on cash transactions and constitute the greatest monetary value of annual money laundering activity.  Managers also typically believe that if their institution had a problem before, something would have been done about it then.  This belief, however, fails to consider the sophistication of the criminals as well as the fact that the size of the money laundering industry is estimated at $1 trillion to $1.6 trillion annually using already existing accounts.  Business unit leaders need to be educated as to the means and methods of money laundering and terrorist financing with emphasis placed upon the activities that criminals could use to inculcate themselves within their own subsidiaries, divisions, and departments.        

Financial institutions also often resort to the minimum requirements in meeting compliance obligations.  Employees in various departments do not bring together their expertise of product areas, customer relationship development and transaction processing with the goal of developing a holistic and coordinated AML solution tailored to inherent AML risks.  It also erodes the efficiency of other internal control processes (e.g. new account opening and transaction processing) that affects the commitment of business units toward fulfilling compliance obligations.

3. The Application of Inadequate AML Risk-Based Methodologies

AML risk-based methodologies are often not built around specific risks and vulnerabilities.  This affects the ability to spot unusual or suspicious customers or activities that warrant an internal investigation and potentially a report filing (i.e. SAR) to government authorities (i.e. FinCEN, the Financial Crimes Enforcement Network).  If the due diligence risk assessment methodology or the monitoring program is flawed, too superficial, or not appropriately linked together, then the potential to facilitate criminal activity increases.  Those institutions who utilize automated monitoring software, for example, will suffer if an inadequate transaction methodology is developed and then programmed into the system.  Institutions will also suffer if staff does not understand the system, if they are unable to craft customized exception reports, and if they are unable to identify suspicious activity from the reports.  Unfortunately, however, many employees even in compliance departments are not properly trained to identify suspicious activity, nor are compliance officers properly trained to conduct internal investigations, regardless if automated software solutions exist.  All employees should be trained to the specific suspicious red flags that affect the products, services and customer profiles of their areas of business, and should know how to escalate such matters for prompt resolution.        

4. The Fractionalization of AML Programs within Financial Institutions

Another significant issue is the fragmentation of numerous AML programs within a financial institution’s divisions and various business locations.  The “silo” organizational structures of an institution create a patchwork of separate AML programs that are tied to specific industry requirements, for example, securities rules, banking regulations and state insurance requirements.  Moreover, the many international locations where an institution may conduct business results in different AML programs designed according to local laws.  Consequently, financial institutions do not develop “seamless” programs that assess risks according to business activities that cross divisions or geographical boundaries.  This disjointedness results in costly inefficient and ineffective programs.  By focusing on the inherent AML risks across jurisdictions and business entities, IMAG is working with management to develop more robust AML compliance programs at a fraction of their previous costs that seamlessly transcend the financial institution’s multi-faceted business environment.  A critical aspect of these engagements involves customized training of personnel in all pertinent departments as to the various risks they will have to consider in order to empower them to conduct good business within a risk-controlled environment.    

Solutions

To remedy many of these problems, IMAG recommends the following first steps:

1.                  Assemble a team of managers from a variety of business units to review the current AML programs within a financial institution and across its divisions and jurisdictions.  An important sub-committee of this group should constitute the various AML compliance officers.

2.                  Identify the specific AML risks within each division, department and jurisdiction.  In conjunction, itemize the industry and/or country specific AML program requirements. 

3.                  Analyze the current processes utilized as part of the AML Programs.  Identify weaknesses in the control points and cost inefficiencies. 

4.                  Integrate the AML programs into a seamless internal control and process structure.  Take advantage of the variety of existing data repositories and management information reports that may also be used to identify instances of unusual or suspicious activities.

5.                  Identify personnel who will require additional training.  Develop training program modules that specifically target the inherent AML risks within a particular group or department.