The World of AML Risk

Risk assessment is an integrative aspect of AML and a first step toward financial institution safety and protection

Global money laundering transactions account for roughly $1 trillion to $2 trillion annually, or some
2 percent to 5 percent of global GDP, according to a 2018 survey from PwC. With eye-popping numbers like that, combined with today’s highly scrupulous regulatory landscape, financial institutions (FIs) need scalable, agile and automated Anti-Money Laundering (AML) compliance programs that can react to new threats quickly and cost-effectively.

In fact, many requirements mandated by FI regulators contain provisions requiring enhancements to risk management programs for AML and sanctions compliance. However, before establishing a strong risk management program, FI’s must first conduct an accurate and comprehensive AML and sanctions risk assessment.

In short, risk assessment is an integral aspect of AML, representing the first step toward safety and protection of the financial system. To be successful, FIs should regularly assess the AML risks across their entire enterprise, including those risks inherent to their specific business units.  In fact, in many jurisdictions, AML programs are being required to adopt a risk-based approach to ensure that controls will be proportional to the risk. In addition, risk assessment should be conducted when triggered by a noteworthy event.

Risk assessments begin with developing an FI risk profile, including analyzing the efficacy of current controls for risk mitigation, and identifying areas susceptible to money laundering, along with any gaps and limitations. Risk assessments are not “one-size-fits-all.” Instead, they need to put a spotlight on specific factors and categories unique to the FI’s products, services, customers, entities and geographic locations.

FIs should use a sustainable, effective and cost-efficient AML risk assessment process, one that integrates a data-driven approach to risk scoring. Such a process should also progress with the organization, increasing in sophistication as its business and customers evolve.

Effective AML risk assessment approaches should include the following four key components:

1. AML Vision and Strategy Development:

This includes gathering the FI’s existing documentation and understanding its existing AML regulatory coverage and risk management strategy. It is key to define the FI’s expectations and objectives of engaging in a risk assessment, and determining its global risk appetite and tolerance. The process includes:

• Discussing short-term and long-term goals of AML transformation
• Understanding the change roadmap related to the financial crime operating model
• Prioritizing areas for assessment and determining weightings for risk factors
• Risk mapping across the entire enterprise and agreeing which risk factors to assess

2. Regulatory Obligations Analysis:

This involves reviewing, understanding and evaluating existing and future regulatory framework specific to the country(ies) where the FI is doing business. There are several key areas that must be explored, including:

• The FI’s existing commitments to the regulator and any identified risks
• Identifying any existing practices that might breach existing AML regulations
• Ascertaining current and future regulatory change projects, prioritization, and requirements
• Identifying any upcoming regulatory or audit inspections and findings from the inspections
• Understanding the FI’s financial crime regulatory coverage and risk management strategy

3. Financial Crime Policies and Procedures Assessment:

FIs must evaluate policies and procedures and understand its financial crime governance, policy systems and controls. This is a comprehensive effort that includes several key activities, including:

• Reviewing global policies and procedures, both practical and formal
• Evaluating risk coverage assessment and controls documentation and whether existing controls are adequate to address inherent risk
• Reviewing both internal and external audit scope and recommendations
• Identifying backlog of policies and procedures to be implemented

4. Financial Crime Operations Review:

This involves determining and evaluating the current financial crime operational framework, which includes a number of key operational and technical imperatives, among them:

• Understanding the current operational procedures and processes, including transaction and customer monitoring
• Reviewing existing alert management and investigation processes
• Reviewing specific FI products, services, service levels, customers, business units and geographic locations
• Understanding existing and required financial crime management information
• Reviewing current operating model and identifying risk factors and taking steps to mitigate risks by communicating and reporting findings on identified issues
• Assessing training requirements across operations and technology

Bottom line, a structured, disciplined process can help FIs assess their AML risks and current effectiveness to mitigate such risks. For all components outlined above, any gaps must be identified and, most importantly, action plans developed to address these gaps and high-risk areas with the goal of implementing controls needed to lessen the FI’s inherent risks.

At NICE Actimize, we can guide you along the “risk assessment journey.” We’ve made substantial investments in automatization technology to provide FIs with a streamlined and dynamic Know Your Customer (KYC) onboarding process that provides real-time risk assessments of new customers as data is collected. We employ AI to deliver a risk prediction score for each monitored entity, packaged with alerting capabilities for customers that may require further investigation.

Financial organizations can apply innovative technology, such as robotic process automation, machine learning, and advanced analytics, to their AML compliance programs to help realize necessary efficiency and productivity gains and effectively reduce the cost of compliance. Our machine learning solutions lower the cost of compliance by automating repetitive elements, reducing false positives by up to 30 percent, and in the process, increasing productivity and reducing human error.

Today’s regulatory landscape continues to pressure financial institutions to do even more as their product offerings, where they do business, and their corresponding business processes become more complicated.

As a result, FIs must continually seek to understand regulator expectations, promote a culture of compliance, stop and prevent financial crimes in their system, have consistent controls and proactive risk management and mitigation to avoid fines, prosecution, loss of license, and reputational damage.  This starts with a rigorous risk assessment process.