Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
The Federal Reserve Board and the New York Department of Banking have adopted a strict-review standard in their evaluation of the effectiveness of the Anti-Money Laundering (AML) compliance programs of financial institutions. Recent enforcement actions demonstrate that regulators pay particular attention to the effectiveness of Suspicious Activity Reporting (SAR) and Currency Transaction Reporting (CTR) as key components. In addition, an effective audit program must focus on the other essentials: Know Your Customer (KYC), Training, and Testing. How can you be sure that the institution you advise is prepared for a money laundering audit?
While the specifics on how best to accomplish this will depend on the customer base of and products sold by the institution, several constants apply to most retail operations. (Institutional customers present their own challenges and are not specifically addressed in this article.)
To understand the mindset of a bank regulator approaching an AML retail-bank audit, let's take a step back before moving into the specifics.
The Patriot Act Communications System (PACS)
The PACS system is an automated CTR/SAR Filing System used by the Financial Crimes Enforcement Network of the Treasury Department (FinCEN). It allows any institution to file CTRs and SARs electronically. FinCEN expects all institutions to migrate to this system promptly, for two reasons. First, the government, using sophisticated data mining tools, will be better able to analyze trends across a broad spectrum of financial information. Second, institutions fully geared up to avail themselves of PACS will have an in-house electronic database enabling them to spot trends and flag risky transactions in connection with their CTR/SAR filings. Smarter data from financial institutions makes the government smarter as well.
The compliance department should perform an in-house analysis of this kind with help from the IT department, and Audit should test its effectiveness.
FinCEN Studies the CTR Exemption System
FinCEN recently published a report pursuant to ' 326 of the Patriot Act on the CTR exemption process. The report reflects FinCEN's growing frustration with the overwhelming numbers of CTRs that are of little law enforcement value. From the perspective of the regulators, if financial institutions are not actively engaged in the process of examining their Phase II exemption practices to insure that all entities that can properly be exempted from the CTR filing requirements have been weaned out of the system, they are failing to meet their responsibilities under the Bank Secrecy Act. The less non-probative information the government receives from financial institutions, the smarter it can be in tracking money laundering and terrorist financing. Audit has a key role to play in insuring that the CTR filing system is not just junk in/junk out. With this background, we can now address the key components of an audit program.
Follow the Money
The key to auditing the effectiveness of an AML compliance program is to “follow the money” throughout the financial institution. That is, all entry and exit points into and out of the financial institution must be identified and examined so that internal controls can be established. Likewise, following the money allows audit to ascertain whether the AML procedures are being followed in accordance with AML policy directives. For example, with respect to currency transactions, questions that must be answered include:
Know Your Customer (KYC)
Knowing one's customer is the key to having a successful AML compliance program. The Achilles' heel of any KYC program is the adequacy of the KYC data that must be uploaded into the transaction monitoring system. If the data is not clean, it cannot easily be queried, and its analytic value is reduced. Data of reduced analytic value means the institution is less “smart” both internally and as it interfaces with the government.
Effective transaction monitoring requires a comparison of the KYC data against the customer's transactions to determine whether they make business sense. This “sensibleness” analysis is the heart of an effective SAR reporting system. The compliance officer must be able to answer the key question: Does this transaction make sense in light of what we know about the customer? If it doesn't, what additional information must be obtained? Who has primary responsibility for acquiring the missing information? What amount of time will be allowed to acquire the information? What are the institution's policies relating to closing accounts for insufficient KYC information? Are there procedures in place to ensure that any decisions made with respect to the account are adequately documented?
Audit must make sure that compliance procedures are in place to answer these questions. Otherwise, the AML program cannot be audited meaningfully.
Training
The regulatory requirement of having an AML training program is clear, and Audit must measure whether the training program is robust. Is the training appropriate to the level of employee being trained? Is it occurring often enough to ensure that, despite staff changes, employees remain current in their understanding of money laundering and terrorist financing risk? Are new employees trained promptly, or even a precondition of employment? Audit must ascertain whether branch personnel are thinking about what they are doing and why, not just checking boxes on forms. Audit must document that all personnel, from top to bottom, are trained adequately for their assigned node in the network of AML compliance. Periodic testing is essential.
The World Around You
Compliance officers must understand the world in which they live and do business. AML compliance cannot be performed in a vacuum. Here is a simple test for compliance officers:
If you cannot answer questions like these, regulators may wonder whether you part of the solution or the problem.
The Federal Reserve Board and the
While the specifics on how best to accomplish this will depend on the customer base of and products sold by the institution, several constants apply to most retail operations. (Institutional customers present their own challenges and are not specifically addressed in this article.)
To understand the mindset of a bank regulator approaching an AML retail-bank audit, let's take a step back before moving into the specifics.
The Patriot Act Communications System (PACS)
The PACS system is an automated CTR/SAR Filing System used by the Financial Crimes Enforcement Network of the Treasury Department (FinCEN). It allows any institution to file CTRs and SARs electronically. FinCEN expects all institutions to migrate to this system promptly, for two reasons. First, the government, using sophisticated data mining tools, will be better able to analyze trends across a broad spectrum of financial information. Second, institutions fully geared up to avail themselves of PACS will have an in-house electronic database enabling them to spot trends and flag risky transactions in connection with their CTR/SAR filings. Smarter data from financial institutions makes the government smarter as well.
The compliance department should perform an in-house analysis of this kind with help from the IT department, and Audit should test its effectiveness.
FinCEN Studies the CTR Exemption System
FinCEN recently published a report pursuant to ' 326 of the Patriot Act on the CTR exemption process. The report reflects FinCEN's growing frustration with the overwhelming numbers of CTRs that are of little law enforcement value. From the perspective of the regulators, if financial institutions are not actively engaged in the process of examining their Phase II exemption practices to insure that all entities that can properly be exempted from the CTR filing requirements have been weaned out of the system, they are failing to meet their responsibilities under the Bank Secrecy Act. The less non-probative information the government receives from financial institutions, the smarter it can be in tracking money laundering and terrorist financing. Audit has a key role to play in insuring that the CTR filing system is not just junk in/junk out. With this background, we can now address the key components of an audit program.
Follow the Money
The key to auditing the effectiveness of an AML compliance program is to “follow the money” throughout the financial institution. That is, all entry and exit points into and out of the financial institution must be identified and examined so that internal controls can be established. Likewise, following the money allows audit to ascertain whether the AML procedures are being followed in accordance with AML policy directives. For example, with respect to currency transactions, questions that must be answered include:
Know Your Customer (KYC)
Knowing one's customer is the key to having a successful AML compliance program. The Achilles' heel of any KYC program is the adequacy of the KYC data that must be uploaded into the transaction monitoring system. If the data is not clean, it cannot easily be queried, and its analytic value is reduced. Data of reduced analytic value means the institution is less “smart” both internally and as it interfaces with the government.
Effective transaction monitoring requires a comparison of the KYC data against the customer's transactions to determine whether they make business sense. This “sensibleness” analysis is the heart of an effective SAR reporting system. The compliance officer must be able to answer the key question: Does this transaction make sense in light of what we know about the customer? If it doesn't, what additional information must be obtained? Who has primary responsibility for acquiring the missing information? What amount of time will be allowed to acquire the information? What are the institution's policies relating to closing accounts for insufficient KYC information? Are there procedures in place to ensure that any decisions made with respect to the account are adequately documented?
Audit must make sure that compliance procedures are in place to answer these questions. Otherwise, the AML program cannot be audited meaningfully.
Training
The regulatory requirement of having an AML training program is clear, and Audit must measure whether the training program is robust. Is the training appropriate to the level of employee being trained? Is it occurring often enough to ensure that, despite staff changes, employees remain current in their understanding of money laundering and terrorist financing risk? Are new employees trained promptly, or even a precondition of employment? Audit must ascertain whether branch personnel are thinking about what they are doing and why, not just checking boxes on forms. Audit must document that all personnel, from top to bottom, are trained adequately for their assigned node in the network of AML compliance. Periodic testing is essential.
The World Around You
Compliance officers must understand the world in which they live and do business. AML compliance cannot be performed in a vacuum. Here is a simple test for compliance officers:
If you cannot answer questions like these, regulators may wonder whether you part of the solution or the problem.
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
In a profession where confidentiality is paramount, failing to address AI security concerns could have disastrous consequences. It is vital that law firms and those in related industries ask the right questions about AI security to protect their clients and their reputation.
During the COVID-19 pandemic, some tenants were able to negotiate termination agreements with their landlords. But even though a landlord may agree to terminate a lease to regain control of a defaulting tenant's space without costly and lengthy litigation, typically a defaulting tenant that otherwise has no contractual right to terminate its lease will be in a much weaker bargaining position with respect to the conditions for termination.
Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.
The International Trade Commission is empowered to block the importation into the United States of products that infringe U.S. intellectual property rights, In the past, the ITC generally instituted investigations without questioning the importation allegations in the complaint, however in several recent cases, the ITC declined to institute an investigation as to certain proposed respondents due to inadequate pleading of importation.
As the relationship between in-house and outside counsel continues to evolve, lawyers must continue to foster a client-first mindset, offer business-focused solutions, and embrace technology that helps deliver work faster and more efficiently.