When it comes to AML initiatives, companies are displaying a worrying disregard for the perils of this criminal threat, despite recognising it as such. By Ellen Davis
Is complacency about anti-money laundering initiatives setting in at financial services firms globally? The results of the latest OpRisk & Compliance Intelligence survey, conducted with risk management and compliance consulting firm Protiviti, show that this may be the case. According to the results of the survey, 80% of respondents expect regulatory scrutiny of AML compliance to either slightly or dramatically decrease over the next 12 months.
"I can't imagine anyone in the US saying that," says Carol Beaumier, a managing director at Protiviti in New York. Other jurisdictions "may be overly optimistic" as well, she adds. "We have so many new regulations around the globe."
Beaumier may have a point. In the US, January saw an enforcement action for anti-money laundering violations against Sumitomo Mitsui Bank for gaps in its compliance and risk management controls around correspondent banking and US dollar funds transfer clearing operations. This came after a raft of enforcement actions in late December from the Federal Reserve on AML, including one against the Bank of Tokyo-Mitsubishi UFJ for deficiencies in the same areas. Another AML-focused enforcement action was taken out against Pakistan-headquartered Habib Bank for its US operations.
And in the US, it wasn't just the Federal Reserve handing out the enforcement actions. The Financial Crimes Enforcement Network, Federal Deposit Insurance Corporation, and Florida Office of Financial Regulation assessed a civil money penalty of $800,000 against Florida-based Beach Bank in December for an inadequate AML programme.
As a result of the US actions against Sumitomo and Bank of Tokyo-Mitsubishi, Japan's Financial Services Agency announced in late January that it would be tightening up its anti-money laundering rules. Also in Asia, Australia, after passing new AML rules, is stepping up its enforcement activity. In the UK, a new team to fight financial crime was launched in January, new AML legislation was introduced, and other initiatives are under way for 2007. And in the rest of Europe, the third Money Laundering Directive is being implemented over the course of 2007.
Judging from all this activity, it seems there will be more regulatory pressure on money laundering compliance, not less. But the survey results seem to point to relative underinvestment in the anti-money laundering area.
Some 31% of respondents said their AML compliance departments had stayed the same size over the past three years – contrary to an industry trend of substantial growth in AML teams. And 46% of respondents said their firms do not use an automated system for monitoring unusual or suspicious activity. Instead, they rely on manual checking. Also, 19% of respondents said the cost of their AML compliance programme had stayed the same over the past three years, while 18% said it had increased less than 10%.
Questions on AML training also showed a lack of commitment among many of the respondents. Some 50% of employees in high-risk positions receive training only annually, and some 22% of contract or temporary workers never receive AML training at firms. Only 73% of respondents said new employees received AML training at hiring.
Even more disturbingly, some 18% of respondents said they had not assessed the key AML risks in their firms for customers, and 16% hadn't performed an AML risk analysis for business lines. "How can you build an AML programme if you haven't identified the risks?" asks Beaumier.
The reason behind the lack of enthusiasm for AML compliance may be a certain cynicism that has developed among financial institutions globally about the value of the suspicious activity reports and other data that they provide to law enforcement agencies. When asked if they believe that the value of the information provided to regulators and law enforcement agencies by financial services companies justifies the cost of AML compliance, some 37% said "no". Another 48% of respondents said they didn't believe that financial services companies could effectively detect terrorist financing.
But Beaumier says firms should really consider investing more in their AML compliance programmes, and bring them up to the standard regulators are asking for at a minimum. She sites the case of one large financial services firm that had to spend more than $50 million to fix its anti-money laundering programme after it was hit with an enforcement action.
She says firms tend to add on people to help bolster their AML programmes, and these people are being used to manually do tasks that technology products could perform more inexpensively and with greater accuracy. This includes chores such as comparing client names against various government lists, and performing client account remediation. The market for trained experts to perform many of these tasks is relatively tight, so she said she is aware of many firms that are doing all of their AML monitoring without technology, and with relatively untrained staff.
Indeed, monitoring and investigating ranked as the top challenge for firms responding to the survey. The constantly changing regulatory requirements and expectations took second place – hardly a surprise, given the flow of new rules that have emerged in January alone. Use of technology ranked third in the list of challenges, with the cost of compliance taking fourth place. The ability to recruit and retain trained people came in as the fifth challenge, while communication with law enforcement and regulatory bodies ranked sixth. Home-host issues took the bottom of the challenges ranking – this differs from other areas of regulatory activity such as Basel II and the Markets in Financial Instruments Directive, where home-host is one of the top concerns of financial services firms. This may be because there is a relatively high level of co-operation among national bodies in the fight against money laundering through such organisations as the Financial Action Task Force.
In fact, some 66% of respondents said their primary regulator is consistent in the way it enforces AML compliance. Only 18% said their regulator wasn't consistent – again this differs from other regulatory initiatives, such as Basel II, where regulatory consistency has proved to be a major sticking point in such areas as model validation and the 'use test'.
However, despite the amount of regulatory activity focused on AML, the survey showed that many AML departments are still focused on the more passive aspects of compliance with government regulations. While 90% of respondents said their departments were responsible for the development of AML policies and procedures, only 75% said they were responsible for monitoring for unusual or suspicious activity. Just 63% said they oversaw compliance with government sanctions programmes.
Certainly, firms instinctively recognise the magnitude of the compliance challenge within the anti-money laundering area. While 30% said it constituted an "average" compliance challenge for their firm, some 55% rated it above average. And of those who said their firm didn't use technology to monitor unusual or suspicious activity, some 68% indicated that they were planning on making an investment in technology over the next two years.
Beaumier feels that the AML space will simply continue to grow and develop over the next two or three years as firms are forced to get more serious as a result of regulatory activities. While banks grumble about "regulation through enforcement actions", it seems clear that it is often the prospect of the threat of enforcement actions that motivate firms to invest in resources and technology in this area. OR&C
More on Regulation
Directional portfolios and limited diversification will hamper recovery process
SSM chair also wants to end rule opt-outs that make banks "look stronger than they really are"
Sponsored feature: Clearstream
Dodd-Frank and Mifid II won't stop market disorder but will penalise hedgers
Sign up for Risk.net email alerts
Oxford professor David Vines argues that the carrot is as important as the stick
Sponsored webinar: IBM
Watch highlights of this year's London conference
Operational risk and the challenges of defining and dealing with conduct risk
There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.