In recent years, regulators have dramatically stepped up enforcement of anti-money laundering (AML) laws and regulations. Today, it is not uncommon to see the Justice Department and regulators announce multi-million dollar criminal or civil fines as settlements for AML violations. Sometimes compliance related fines exceed many hundreds of millions of dollars. In fact, different regulatory agencies across state, federal and international lines are increasing cooperation to investigate multi-national companies. As the frequency and magnitude of criminal penalties and fines increase, organizations must manage AML and other regulatory compliance risks, and when confronted with an investigation, consider creating sufficient reserves for any fines levied by law enforcement or regulators. In addition, organizations should ensure remediation of controls against AML and other compliance related deficiencies. In addition, some countries’ laws permit regulators to limit a company’s mergers and acquisitions or joint venture activities until the company is in compliance with AML laws. Thus, effectively managing AML compliance risks can be vital to enabling a company’s growth strategy through mergers and acquisitions. This article considers how organizations can address an environment of increased AML vigilance and law enforcement.
Anti-Money Laundering: Key Considerations
In an organization, CFOs have typically been involved with financial risk management focusing on the accounting and record keeping of income, expenses and liabilities. However, compliance and legal risk management is an increasingly important consideration in the emerging regulatory environment. To mitigate the risk and manage a potential AML issue, CFOs should consider the extent of AML compliance activities in the company and potential responses if an AML issue should arise. They should also consider evaluating the existing context of AML capabilities and practices, establish preventative measures, and be ready to frame responses to issues should they arise.
Evaluating the Context: To mitigate the risk of non-compliance, it is important for CFOs to begin understanding and assessing the likely risk of AML violations in their company. A prelude to a formal risk assessment would consider the following questions:
1. Is there a culture of compliance with visible accountability for non-compliance? Clear and consistent enforcement of rules illustrates commitment in the company to building a culture of compliance and can reduce the risk of non-compliance
2. Are the board and senior management involved in the oversight and management of compliance risks? Does the board consider and receive reports on money laundering risks and mitigation approaches? Active and visible consideration of money laundering risks at the board and senior management levels is likely to encourage programs and processes to mitigate risks
3. Do employees receive regular and timely communications and training on AML and financial crime issues? Targeted and role-based compliance training can help ensure that employees are clearly aware of money laundering risks and appropriate actions to take to mitigate those risks.
4. Are there periodic monitoring programs in place to ensure that the organization’s compliance goals and objectives are achieved? Are policies and procedures in place across the organization to detect and deter unusual activity such as money laundering?
5. Is there a well-functioning whistleblower program? Are there clear escalation processes in place across the organization when weaknesses or unusual transactions are identified?
6. Is there compliance planning and monitoring? Does the organization have the right staff and skills for monitoring? Has a gap analysis been independently performed so that the management and the board can target resources and tools to ensure compliance?
7. What is the degree of technology automation to monitor transactions and to evaluate customers at the onset of a relationship that may be high risk for money laundering? Are systems integrated across geography or is information fragmented and inaccessible across silos?
8. Does the AML compliance team overall have the requisite subject matter expertise and have sufficient resources been devoted to compliance.
9. Addressing these questions can help frame an AML compliance risk profile and can identify areas in which risk management can be improved.
Improving Compliance Capabilities: Based on their preliminary risk evaluations, CFOs can choose to undertake a number of steps to improve compliance capabilities. Some of the illustrative steps below can be especially salient if the company is subject to an investigation. Generally, when there are many existing weaknesses to compliance, the CFO will have to catalyze a governance framework for compliance. This framework will clarify expectations and allocate key risk management responsibilities to peer executives and the board. Where a culture of compliance is lacking, CEO, board and executive level sponsorship will be vital to setting the tone at the top and driving positive cultural change. While culture change can take time, the CFO can also undertake tangible steps to reduce risks.
First, a more formal assessment can be undertaken to identify the areas where their company is more vulnerable for financial crimes. For instance, what product categories, geographic locations, and customer segments are most prone to money laundering issues? This assessment can be used to target remedial resources.
Second, a CFO can ensure the implementation of robust policies, procedures and controls, training, testing, monitoring, and escalation processes to address potential money laundering risks. In this context, some specific areas for consideration include:
1. Ensuring employees are properly trained to identify and report regulatory violations or regulatory risks. Training should focus on both AML regulatory requirements and the financial institution’s own internal policies and procedures
2. Ensuring that departments with key compliance responsibilities are properly funded, adequately staffed and have adequate tools and systems to identify and deter financial crimes
3. Ensuring adequacy of AML audit coverage. Regulators have criticized companies both in private and public about the lack of coverage. Because of the frequency, speed, and volume of financial transactions, regulators recommend quarterly reviews of compliance. The areas covered in these reviews vary across companies but may include such areas as testing of transactions for suspicious activities
4. Ensuring qualified and sufficient numbers of staff for AML audit and monitoring compliance teams. CFOs should collaborate with Human Resources and the Compliance team to find the right staffing levels and mix of competencies internally or externally to implement a strong compliance program
5. Ensure adequate scope of AML monitoring by both automated and manual systems, to include suspicious activity ranging across deposits, withdrawals, funds transfers, automated clearing house transactions, electronic funds transactions, ATM transactions, and other financial activity
There are many ways a typical company can improve compliance risk mitigation. The above are some common areas for consideration we see across companies
Responding To Money Laundering Issues
In recent years, regulators have pursued AML investigations more aggressively. This can make multi-nationals more vulnerable to a coordinated investigation across countries. If investigated, CFOs will have to consider:
1. Establishing reserves to pay for any ensuing fines
2. Remedying compliance lapses and mitigating future risks to reassure regulators
AML fines have gone up considerably in recent years. Today these fines can create other downside risks such as constraining growth or liquidity risks. In an environment where credit access is still difficult for smaller companies, it can be difficult to even pay the fi ne. Thus, CFOs should stay abreast of AML developments, particularly investigations, and if necessary consider creating adequate reserves for regulatory fines. In addition to, or as a substitute for fines, regulators can take supervisory actions to reduce future compliance risk. Regulators can establish private agreements through board memorandums by which the board and management agree to undertake certain remedial activities to ensure future compliance. Many of the typical areas for improvement have been outlined above, and CFOs will need to be involved in order to ensure proper funding and staffing, whether internal or external, in order to meet regulatory requirements and expectations. Although new compliance imperatives may be considered expensive to execute, the cost pales in comparison to the costs of dealing with a regulatory or government investigation or government fines and sanctions. Accordingly, CFO’s should give due consideration to how AML and broader compliance risks are identified, monitored and managed before a crisis emerges.
[The article has been written by Sourabh Sahu. He is an MBA from IIM Indore and intends to become an entrepreneur]