Combating money-laundering and terrorism financing: International standards and best practices - I

Money laundering, terrorist financing, and the financing of the proliferation of weapons of mass destruction are serious threats to security and the integrity of the financial system. The FATF Standards have been revised to strengthen global safeguards and further protect the integrity of the financial system by providing governments with stronger tools to take action against financial crimes.
At the same time, these new standards will address new priority areas such as corruption and tax crimes. The revision of the recommendations aims at achieving a balance:
---- On the one hand, the requirements have been specifically strengthened in areas which are higher risk or where implementation could be enhanced. They have been expanded to deal with new threats such as the financing of proliferation of weapons of mass destruction, and to be clearer on transparency and tougher on corruption.
---- On the other, they are also better targeted - there is more flexibility for simplified measures to be applied in low risk areas. This risk-based approach will allow financial institutions and other designated sectors to apply their resources to higher risk areas.
The FATF Recommendations are the basis on which all countries should meet the shared objective of tackling money laundering, terrorist financing and the financing of proliferation. The FATF calls upon all countries to effectively implement these measures in their national systems.
---- Best practices for anti-money laundering (AML)
----- Understanding AML Compliance System Requirements
The first step is to identify the core functionality necessary in an AML compliance system to avoid legal and regulatory issues. An effective AML compliance system must:
---- Satisfy regulatory requirements
---- Span the entire enterprise
---- Detect all suspicious behaviour rapidly
---- Reflect industry best practices
---- Be easy to use and change
---- Provide long-term cost effectiveness
SATISFY REGULATORY REQUIREMENTS Compliance systems need to prevent and detect potential violations. Regulators are spelling out in detail what they expect, providing you with a roadmap to successful compliance practices and a benchmark to measure your compliance capabilities.
In the area of anti-money laundering, regulators have stressed the need for firms to detect patterns of wrongdoing over time. Such patterns should be detectable in one account, households of accounts, and across all customer accounts. Lori Richards, director of the Office of Compliance Investigations and Examinations (OCIE) at the US Securities and Exchange Commission, has cited best practices in this area, praising systems that can find suspicious patterns such as when two seemingly unrelated accounts sharing a common address.
Add to this the growing concerns around fraud and the opportunities for executives to use a single system to address financial crime including AML and fraud across their business.
Financial regulations and guidance increasingly direct companies to assess risks and tailor compliance systems to address the company's own risk analysis. Regulators now expect firms to report violations by themselves, saying they will look far more kindly on self-reported violations than those violations that come to the attention of regulators through tips or examinations. Regulators also expect to see clear audit trails, documenting the origin of suspicious activity, locking down the data, and outlining the steps a company takes to investigate and resolve alerts.
IF YOUR ENTERPRISE IS GLOBAL... It's not just regulators that want to see a unified database for compliance purposes. Top industry compliance officials recognise that getting 50 reports a day from 25 different in-house systems is a losing proposition for preventing and detecting expensive regulatory failures. Wrongdoers don't limit their schemes to one business unit, one account, or a product type.
Overtaxed compliance staff will miss hard-to-detect patterns of wrongdoing in these overgrown - often home-grown - compliance systems. Running multiple applications on a common platform reduces costs, inefficiencies, and risks. It also allows you to see what is going on from a macro or micro level throughout your organisation, analysing if you have a problem business unit, a troubled branch office, or a rogue employee. And if your enterprise is global, you'll need a system that can handle multiple currencies, time zones, and dates.
The importance of deploying enterprise-wide solutions cannot be overstated. They offer the highest assurance of meeting regulatory requirements and detecting potential violations. Robert Iati, research director for TowerGroup, has noted the key role that enterprise-wide solutions play:
---- Implementing compliance systems should no longer take a "do just enough to appease the state's approach. Rather, forward-thinking institutions should seize this opportunity to leave their "fire-drill" tactics in the past, and build holistic systems that gaze across the enterprise to offer protection for not only the immediate regulatory concern but, more importantly, provide a solid foundation for meeting all future compliance needs.
DETECT ALL SUSPICIOUS BEHAVIOUR QUICKLY The system should find all suspicious patterns of wrongdoing. That means a system that looks at every transaction and every account all the time - a system that searches for new patterns of suspicious behaviour every day or in some cases, intraday. Periodic sampling of problems leaves firms, and customers exposed. With sampling one misses violations. If a batch cycle is run every month or a quarter, one delays the discovery of mounting problems.
A system that monitors every day, needs to do so expertly, minimising false positives so that compliance analysts do not become overwhelmed. One wants to zero in on real red flags, not try to separate the real red flags waving in a sea of false ones. Expert algorithms and carefully crafted patterns of suspicious behaviours to run against your data keep false positives at a manageable level.
One hallmark of a tightly designed system is its ability to find meaningful trends and abnormal changes compared with normal account or customer behaviour. For example, if some customers routinely make a large number of trades, the system should be smart enough to send an alert only when those customers increase their trading activity by an amount that exceeds their normal trading levels.
When alerts of suspicious behaviour arrive at the desks of compliance analysts, time and money will be saved if those alerts come with all the data and information that analysts need to start making decisions and recommendations on courses of action. Systems that tell only half the story and force analysts to gather additional data from other systems to begin their work, dramatically increase costs and decrease the quality of compliance systems.
REFLECTING INDUSTRY'S BEST PRACTICES The best compliance systems reflect the wisdom of business and compliance executives across the financial industry on what constitutes suspicious behaviour and the best possible way of detecting potential violations. Compliance systems are enriched by the experience of others.
Building on the experience of others saves money and increases the likelihood that a company's system will work well and reflect the best practices in the industry. To capture and leverage that wisdom, business and compliance executives need to meet regularly with their counterparts, translate that wisdom, and apply it through algorithms and databases.
SYSTEM BE EASY TO USE AND EASY TO CHANGE An AML compliance system needs to be flexible, easy to use, and easy to change. Who could have predicted three years ago the rapid pace of regulatory change we see today? Laws change, regulations change, and wrongdoers change. New products with new risk profiles rapidly enter the market and business culture changes just as fast. Overnight, standard business practices that were once the norm become the subject of investigations and headline-grabbing enforcement actions. In addition, regulators can send letters asking firms to produce ad hoc reports that require extensive and costly database searches on a moment's notice.
Business and compliance executives highly value compliance systems that anticipate this dynamic environment and allow business users and programmers to quickly and inexpensively change what a system can detect while simultaneously keeping a record of all changes as required by the rules. In many cases, executives are analysing the value of systems, based on the number of changes that a business user can easily make to the system without the help of a programmer because bypassing a programmer saves time and costs.
PROVIDE LONG-TERM COST-EFFECTIVENESS AML compliance systems must be cost effective over the long term. If business is successful, the amount of data one is handling will continue to grow, but many a "great" system with great functionality attained that standard for just a snapshot of time and then fell into disrepute as data volumes grew and technological and financial innovations passed it by. Effective systems, including compliance systems, must be easy and affordable to maintain over the years.
(To be continued)