Mitigate & Manage Risks of Money Laundering
In its guidance to regulated businesses on anti-money laundering (AML) regulation, the Joint Money Services Laundering Group (JMSLG) states: “Firms are required to establish and maintain policies, controls and procedures to mitigate and manage effectively the risks of money laundering and terrorist financing identified in its risk assessment.
Every financial services business has to define, implement and manage its approach to AML. Firms need to be able to detect and then report money laundering or suspicious activity as and when it arises. This duty starts when onboarding new customers, but it doesn’t end there. The responsibility to prevent financial crime is there for the duration of a customer’s lifecycle.
In 2019, circa. 2.8million suspicious activity reports (SARs) were filed by more than 12,000 firms to the US Financial Crimes Enforcement Network (FinCEN). There is a vast response to money laundering activity each year; however, criminals continue to move billions of dollars of funds from their network to the mainstream economy. This is despite the efforts of financial services companies to carry out due diligence on customers to monitor risk and to control financial crime.
So, what does constitute a solid basis for anti-money laundering policies and procedures? What can financial institutions put in place to mitigate and manage risk? And how can firms do this throughout each customer’s lifecycle?
Here are four suggestions to tick off your AML checklist.
1. AML policies
AML policies should be defined in accordance with a firm’s risk assessment, which identifies where and how criminals could exploit its products, and what would be done to remediate this. The policy can then establish how the firm plans to control, mitigate and manage the risk of money laundering and terrorist financing posed by clients. This spans from initial due diligence to onboarding and continues throughout the duration of the relationship.
The AML policy should also be specific to the jurisdiction the firm operates in and the laws it needs to abide by. For example, AML regulations will be different between the UK and US and the US and China, so an AML policy would be appropriate to its jurisdiction.
These AML policies then influence the series of Know Your Customer (KYC) checks firms go on to implement in order to ensure potential criminals aren’t onboarded and that suspicious/criminal activity related to customers that have previously been onboarded can be uncovered.
2. Employee training
A significant factor in AML risk mitigation and management boils down to what experts often refer to as “the sniff test”. This is when a seasoned compliance professional can just tell that there is something suspicious about an account or a client.
Compliance analysts have valuable experience that can be used to identify risk and raise flags. While digital transformation of AML and other compliance policies can be great at creating efficiency – allowing compliance teams to focus on high-risk/high-value activity – there is no substitute for the human eye doing the final or thorough check on new and existing accounts.
Experience comes with time and mentoring. Training employees on company policy and changing AML regulations is therefore important – for the novice and knowledgeable alike. There are many specialist agencies and consultancies ready to support with this training, especially during a time when teams are working remotely and may not be able to validate “gut instinct” with colleagues.
3. Digital KYC checks
A workflow of automated Know Your Customer (KYC) or Know Your Business (KYB) checks is a powerful way to control and manage risks around money laundering. These compliance checks can be tailored to meet a firm’s defined AML policy.
Digital checks can be conducted swiftly and seamlessly on each and every customer or business applying for a financial product. The checks can also be layered into an onboarding process to mitigate risk (i.e. run as many checks as necessary along an onboarding path). The flexibility of digital workflows allows low-risk profiles to continue their onboarding journeys unimpeded; medium- or high-risk profiles to be flagged for enhanced due diligence; and clear threats to be off-boarded without delay.
With digital KYC/KYB procedures, firms are essentially able to turn AML policies into a workflow of checks. Here’s an example of what those might include:
+ Device risk check
Understand if the phone or computer used to make an application has been identified as being involved in fraudulent or suspicious activity before. If the flag is raised, choose whether to off-board the applicant or carry out enhanced due diligence. This check is instant and the applicant is unaware, allowing genuine clients to move forward without a hitch.
+ Electronic identity verification
Validating an individual’s identity or the identity of beneficial owners is obviously a crucial step in the KYC/AML process. Name, address, date of birth, national ID number, etc. are all the basics for building trust in an applicant. The check(s) are performed by searching an individual’s details in the sources supplied by expert data providers with suitable coverage in appropriate jurisdictions.
+ PEPs, sanctions and adverse media screening
Firms can run checks to learn whether an individual or company has any matches for:
· Sanctioned persons/companies
· Politically Exposed Persons (PEPs)
· Instances of adverse media
Being able to identify matches means firms can make a risk-based decision about onboarding, in line with their AML policy.
4. Risk refresh
As previously mentioned, AML compliance doesn't begin and end with the customer onboarding process. KYC activity should run throughout a customer’s lifecycle. Financial services organisations need a way to perform ongoing risk monitoring as a means to: prove AML controls are adequate; flag suspicious activity; and off-board bad actors.
Monitoring tools allow firms to continue KYC and AML due diligence after onboarding has happened. With the right risk refresh solution, changes in a profile’s status can be flagged to compliance teams, and this can be automated through integrations with data providers to set rescreening periods from once a day to once a year, depending on the appetite for risk.
Get in touch
These are some suggestions for managing and mitigating risk around money laundering. If you would like to discuss your approach to KYC and AML or if you are considering digital transformation of your AML policies, please get in touch - we would love to hear from you.