Anti-money-laundering (AML) compliance and the related costs of compliance with applicable regulations are sometimes cited as impediments to doing business. Though compliance may come at a cost, those associated with non-compliance may be greater.
To better understand and manage AML-compliance costs, financial institutions should look to cost drivers such as transaction-monitoring systems, customer due-diligence files, dashboards, etc., and focus on the core fundamentals necessary to create an environment with a robust AML-control structure that will add enterprise value.
Board of directors and culture
Board members and senior management should set the tone for the organization by creating a culture of compliance. Rather than manage short-term financial goals, the focus should be on reducing regulatory and shareholder risk through active involvement in compliance.
The US Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued an advisory on this topic in August 2014. One observation from the FinCEN advisory is that it has become particularly important that senior management and board members at financial institutions of all sizes maintain strong cultures of compliance. The FinCEN advisory pinpoints several deficiencies that were identified in recent BSA (Bank Secrecy Act)/AML-enforcement actions that offer important insights for financial institutions and their management and boards. In particular, the advisory reaffirms the notion that a financial institution can improve its BSA/AML-compliance culture by ensuring the following elements exist:
- Leadership is engaged;
- Compliance is not compromised by revenue interests;
- Information is shared throughout the organization;
- Leadership provides adequate human and technological resources;
- The compliance program is effective and has been tested by an independent and experienced party;
- Both leadership and staff understand how their compliance reports are used.
Financial institutions should pay particular attention to their AML-compliance staff at all levels and carefully manage their human capital. Often financial institutions find themselves in need of remediation work, driven by internally identified shortcomings or regulatory actions, and with a lack of staff to perform the work. While the immediate hiring of armies of people is often perceived as a quick fix at a relatively manageable cost, the true long-term cost of solely adding staff is greater than the immediate impact of payroll costs.
Rather than “throwing bodies” at a particular problem, financial institutions should focus on the root cause of a perceived problem. For example, an institution may need to replace a transaction-monitoring system that has been in place for the past five years in order to manage the changing output of the system. “We had to increase headcount by double-digit percentage points over the past five years to manage the output.” Senior executives and the board of directors should be focused on their current human capital from a perspective of “hire right” rather than, as is often seen, “hire a lot”.
Managing risk intelligently vs indiscriminate de-risking.
Over the past years, financial institutions have moved to a “de-risking” approach in their operations. While de-risking—eliminating or significantly limiting—business lines, products, geographies and/or clients that pose an increased risk to AML-compliance efforts may seem prudent as a short-term fix to compliance problems, it also may pose significant growth challenges for financial institutions.
Financial institutions have sought to and continue to reduce perceived risk by eliminating portfolios, counter-parties or entire lines of business. However, these moves may run counter to their ability to achieve strategic business objectives and may, in fact, hinder their ability to address compliance. These decisions may be overly broad since they may not be focused on those risks that may pose the biggest risks to the bank: high-risk customers, politically exposed persons and regions such as emerging markets.
For example, simply eliminating all correspondent relationships with one particular geographical area might actually increase the AML risk rather than decrease it, since exited customers and business partners may seek out new relationships. This will make it in turn harder to detect and subsequently report potentially suspicious activity.
Given these concerns, financial institutions may wish to consider other alternatives to de-risking to adequately manage perceived or actual AML risk. For example, financial institutions should keep in mind that a risk-based approach to AML compliance can create enterprise value. By adding another perspective that others might perceive as too risky, financial institutions may establish a more robust control environment, which can enable senior management to pursue additional growth opportunities or maintain existing relationships rather than “wholesale” de-risking.
If senior management and the board of directors are not confident in the existing AML-control environment across the organization’s global footprint, it may opt not to pursue an opportunity due to potential regulatory exposure. However, senior management and the board at a financial institution with a robust AML-controls environment may pursue it, while still maintaining overall AML risk at a tolerable level. It may do so by implementing additional controls to counter both perceived and inherent AML risks, enabling it to pursue new relationships that can help it to achieve its growth objectives.
Although the evolving regulatory landscape poses significant challenges to financial institutions, it might also present opportunities for financial institutions that get it right. Having an engaged senior-management team and board of directors and establishing a culture of compliance throughout the organization, a financial institution can position itself to better recognize, identify and avoid potential risk exposure while managing its overall cost of AML compliance more intelligently and creating further enterprise value.