To successfully conduct AML procedures and prevent money laundering, organizations need an effective AML compliance program. This isn’t easy to achieve and requires planning and execution from the risk and compliance team.
Now that we’ve covered how to build the best possible team as your program's foundation, this section will explore the steps required to implement a robust AML compliance program, including:
Let’s start by explaining what an AML compliance program is, why we need it, and what we need to do to create a successful AML program.
An Anti-Money Laundering (AML) compliance program is a set of policies and procedures establishing the infrastructure for an organization's compliance operations. These programs set up guidelines for risk and compliance teams and outline how financial institutions (FIs) will identify and combat money laundering.
Due to constantly changing rules and regulations, maintaining an AML compliance program is a continuous challenge. The compliance program must be tailored to the institution’s business needs and the nature of the service, product, and clientele. It cannot be one-size-fits-all.
An AML compliance program is an important aspect of an organization’s compliance framework. It is imperative to understand anti-money laundering policies, procedures, and regulations to be able to create a robust AML compliance program within the business.
Because a compliance program establishes the procedures and guidelines that an organization should follow concerning anti-money laundering policies, it’s essential to ensure organizations adhere to AML requirements. It provides necessary guidance on how risk and compliance professionals should perform their duties to mitigate risk and ensure the FI stays compliant with any regulations.
Failure to meet AML compliance requirements can lead to significant fines and penalties for the organization. Having a comprehensive policy that team members can easily refer to helps organizations avoid liability for failing to meet AML compliance standards. These fines and penalties can be substantial.
For example, Capital One was fined $390 million for both willful and neglectful violations of the BSA, failing to report $16 billion worth of transactions despite several warnings from regulators.
Every AML program should have a compliance officer, resources dedicated to compliance, AML compliance policies, key controls and procedures, effective tools, and a strong compliance framework within an organization.
An AML program should cater to the requirements and risks of an organization. As different organizations and their operations may pose different risks, it’s imperative that the program is tailored to the needs of the organization. While AML requirement standards need to be met, there is no one-size-fits-all approach to creating a compliance program.
Several regulators all over the world have set standards for this. In the United States, the main legislation followed is the Bank Secrecy Act (BSA), which establishes pillars for building a program that is widely accepted as best practice.
5 Pillars of a Successful AML Program
The Bank Secrecy Act is a U.S. legislation focused on the detection and prevention of money laundering within the financial industry. The law prescribes a set of regulations that require institutions to record cash transactions and report any that exceed a certain threshold or are suspicious in nature. In accordance with the BSA, U.S. financial institutions are required to enforce an AML compliance program within their organization, which should consist of 5 pillars.
The 5 pillars of AML compliance are:
1. Designation of a Compliance Officer
The first step is to designate a BSA compliance officer to manage AML operations. Due to the sensitive nature of AML operations, it’s important to invest in a well-qualified and experienced officer to manage a company’s AML program and operations.
This individual will act as a focal point for all money laundering and financial crime-related activities within an institution and shall act as an intermediary between the compliance department and the senior management team. They are a core element in protecting the organization from compliance failings, breaches, and other fines or penalties.
In certain jurisdictions, they are often called a Money Laundering Reporting Officer (MLRO). A compliance officer, regardless of what they are called and the jurisdiction has significant responsibilities, which include the following:
- Receiving and evaluating suspicious transaction/activity reports (STR/SAR)
- Taking necessary decisions regarding STRs/SARs
- Leading the AML/CFT compliance function
- Overseeing risk management strategies
- Reporting matters to senior management and regulatory authorities
- Serving as the main point of contact between the firm and regulators
- Ensuring there is a culture of compliance within the organization
- Having adequate regulatory knowledge and staying updated with relevant changes
- Carrying out all responsibilities in an unbiased manner with ethics and integrity
- Communicating effectively with both the compliance department and senior management
A compliance or money laundering officer (BSA officer or MLRO) should be a valued team member whose inputs are considered by the senior management and employees. A compliance officer should focus on keeping the organization safe from illicit activities such as financial crime, and combat threats by creating procedures to detect and prevent money laundering. Past cases involving compliance failings have enumerated how pivotal this role is.
2. Development of Internal Controls
It is vital to ensure that internal controls and procedures are set up in a way that helps detect any suspicious activities by monitoring and combating them. It is critical to establish a strong KYC framework during client onboarding to understand the customer, the nature of their business, assets, and clientele.
Ongoing monitoring is another important part of a successful AML compliance program, ensuring customers and their activities are monitored throughout the customer lifecycle (and not just during onboarding).
Key controls, such as corporate governance, risk assessment, senior management responsibility, training, internal and external communication, audits, PEP/sanctions screening, escalation procedures, and mitigation of risk, are some crucial elements of an efficient compliance system. All these components should be included in a compliance policy. Case studies show that a lack of these controls often results in breaches and non-compliance.
Failure to implement adequate policies and controls can result in hefty fines and loss of reputation, as we see in the case of Sunrise Brokers LLP. The company was fined over £600,000 for failing to have adequate AML compliance systems and controls. There was a lack of implementation of controls such as screening processes, senior management engagement, independent assurance, and escalation procedures concerning the management of violations.
3. Establishing a BSA Training Program
One of the most essential steps toward implementing a successful AML compliance program is establishing proper training and development. To do this, there needs to be clear documentation regarding policies and procedures that need to be followed, as well as adequate training for team members to perform their duties with competence.
There are no exceptions for failing to meet compliance standards, and organizations can still be held accountable for negligence or incompetence. It’s essential that risk and compliance professionals receive adequate training, and that they have access to supporting documentation to guide their work. It’s vital that organizations establish a training program for compliance, and that this training is implemented for all team members.
One of the key challenges facing many compliance professionals is spreading awareness and trying to make members of other teams or departments, across all levels, understand why the organization needs compliance programs in place.
Educating other team members on why compliance is essential, the consequences of non-compliance, and what is expected of them with real-world scenarios and examples is imperative. It ensures they prioritize compliance, report any suspicious activity, and follow a code of conduct.
4. Independent Audits and Reviews
An independent audit helps a company evaluate how effective its compliance program is. It should be conducted by someone who is not affiliated with the organization or involved in the development process of the compliance plan. It is a great way to monitor the organization’s current situation, detecting inconsistencies and the effectiveness of the current policies and procedures.
This also evaluates how employees and senior management adjust to the policies and procedures. It enforces a culture of compliance, which is an integral part of an organization’s strong compliance system.
5. Perform Customer Due Diligence
This pillar focuses on investigating the person behind an account to estimate their risk levels and collect relevant information about them. Customer due diligence is a crucial part of AML compliance plans and must be implemented based on risk profiles after considering factors such as the nature of the business relationship, the industry, jurisdiction, source of funds, and more. This also involves updating customer information periodically after the onboarding process is successful.
Again, the penalties for failing to meet KYC procedures cannot be understated. In 2019, Westpac was fined $1.3 billion, the largest fine any Australian bank had received at the time. Ultimately, the bank was fined for failing to report 23 million violations of money laundering regulations, including failing to keep records of fund transfers, monitoring risks associated with this activity, and inadequate KYC processes for transactions related to child exploitation.
A common link in AML failures stems back to the lack of implementing proper risk management policies, specifically with regard to customer due diligence and case management filing. Many of these issues would be avoidable with clear guidelines around customer due diligence procedures and an available channel for escalating suspicious activity.
Conducting and maintaining an effective AML compliance program is challenging, considering many factors. To ensure organizations have an adequate policy in place, we outline the following steps for creating and managing an AML compliance program below:
Step 1. Set the Tone at the Top
Every successful AML compliance program starts at the top. The organization must promote cooperation and engagement with the risk and compliance team from early in the development process. This collaborative risk culture is imperative for ensuring risk and compliance efforts are valued, but also saves valuable time and effort on compliance operations across the organization.
Senior team members and leaders must prioritize compliance, and encourage communication and cooperation to set a good organizational tone.
Step 2. Appoint a Compliance Officer
Every compliance program needs a clear leader, responsible for guiding the team, resolving issues that arise, and ensuring the compliance program is properly enforced across the organization. They will work closely with different departments, advocating for AML compliance requirements along the way, and ensuring product development teams consider AML guidelines throughout their own process.
They’ll be a key point of contact for the entire risk and compliance team, and will be responsible for guiding the team toward successful implementation and management of the AML policy.
Step 3. Establish and Share a Written Compliance Policy
A clear, well-written compliance policy and procedure establishes and enforces a plan that needs to be adhered to. Drafting a policy provides the organization with a governance structure where clear roles and responsibilities are established, builds a channel of communication between departments, and maps out how the resources will play their part in maintaining compliance.
Not only should the compliance policy be clearly laid out in a written document, it needs to be accessible to the entire organization so that all members understand their roles and obligations.
Step 4. Implement a Training Program for Staff
Providing access to the compliance program isn’t enough. All team members must understand their roles and responsibilities in relation to AML operations. This means training risk and compliance professionals and the entire staff. Each team member should know how they are impacted by the AML program, their responsibilities, and how to perform their jobs in a manner consistent with the AML policy.
Build out a training program that onboards new staff, as well as retrains and refreshes staff throughout their time with your organization. This program needs to be updated regularly to stay relevant and fresh, ensuring all team members are aware of their roles and responsibilities.
Step 5. Perform Ongoing Monitoring
Transaction and behavior monitoring is an essential element of a successful AML policy. It helps compliance teams identify red flags, inconsistencies, or potential problems that may arise. This includes reviewing policies and ensuring employees are trained to understand compliance, analyze risk indicators, monitor transactions of all kinds, and stay on top of any regulatory updates or changes.
Step 6. Run Internal Audits to Review Performance
It is crucial to conduct compliance audits from time to time and review and update them according to the company’s current situation, risks, and regulatory requirements. Fraud teams should regularly audit their AML compliance program, identifying areas for improvement.
The fact is, just as money laundering efforts are constantly changing, so should your detection and prevention methods. Consistently review the program for weaknesses, and make updates that improve your ability to mitigate fraud. It’s a good practice to perform not only internal audits but also have external auditors review your compliance policy.
Step 7. Set Up Strategies for Incident Management
It’s much easier to address problems if you’re prepared ahead of time. As part of your compliance program, it’s important to outline specific guidelines and procedures for handling the variety of incidents that may arise.
Clear guidelines for security breaches, different types of suspicious activity, and internal misconduct allow you to react quickly and agilely. This helps risk and compliance teams easily navigate issues, speeding up operations and ensuring all regulations are followed.
One of the key components of a successful AML program in a company is developing and implementing an effective policy, establishing a strong foundation on which an organization’s risk and compliance efforts can be governed and managed. It should be customized as per the industry and company’s requirements.
These are the top tips for developing a great AML policy.
1. Keep It Simple
A sound policy must be written clearly and kept simple. It should be comprehensible and understood by employees of all levels within a company. Using concise language and being crystal clear regarding the policy’s objectives is vital. A minimalist format and periodic reviews are essential.
2. Explain the ‘Why’
It could be difficult for certain departments to understand why a company needs an AML compliance policy, especially if they are driven and motivated by different KPIs, like the number of sales pitches they conduct. It’s essential to explain to them why not every customer qualifies to be safely onboarded or why they should not contact clients from risky jurisdictions or sanctioned entities.
3. Give Examples
Including several real-life scenarios and examples is a great way to ensure your policy is understood. This gives insight into how paramount compliance is to the organization and the consequences of failing to follow the policy.
4. Use a Positive Tone
Using a positive and encouraging tone can result in employees being more open to the idea of embracing the objective of the policies within the organization and helping sustain a culture of compliance. This helps uphold the ethical values of an organization.
5. Roles and Responsibilities
Explain the need and purpose behind each person’s role and responsibility. Contextualize the importance of each role for maintaining compliance and effectively protecting against money laundering. This keeps all team members on the same page and ensures that the organization works collectively towards the same goals.
Not just senior management, but employees of every department should understand whom to go to in case of any compliance issues, queries, or suspicions that may arise. It also provides a sense of accountability across the organization.
Ultimately, a company's AML compliance program sets the tone—and establishes guidelines—for how compliance operations should be conducted. It’s essential to have a clear, understandable, and accessible AML compliance program that your organization can follow. This will instill a strong risk and compliance management culture, ensuring regulations are met.
Unit21 offers a complete AML compliance infrastructure that is ideal for implementing and overseeing a successful AML program. Automate regulatory reporting, streamline case management and SAR filing, and drastically improve customer onboarding and KYC procedures.
Alert scoring empowers teams to easily prioritize and manage cases through their workflow, assigning them to the best individual to conduct the review. With all these features (and more) in a unified dashboard, risk and compliance teams can optimize investigations and improve AML compliance operations, protecting the organization—and customers—from money laundering threats.
More than 150 Fintech and crypto platforms (like Chime, Intuit, and Crypto.com) rely on Unit21 for a high-performance risk and compliance infrastructure that allows them to shorten case times, stay up-to-date on compliance regulations, and reduce false positives.
You finally made it to the end of this guide! If you haven’t read through each chapter of our comprehensive guide to AML compliance yet, jump back here to the start to see all the topics we cover. And if you loved this resource, share it with your colleagues!