US government agencies, including FiNCEN, issued combined guidance on the 22nd of July 2019 on how they supervise and examine the compliance of financial institutions (FIs) to anti-money laundering (AML) regulations, including the US Bank Secrecy Act (BSA). Whilst this is US-centric guidance, it is pertinent for FIs outside of the US to consider when contemplating the effectiveness of a financial crime governance framework and associated controls.
The guidance focuses heavily on the need for a “risk-focused” approach to be instilled across all elements of an effective AML framework. Having a clear understanding of the FIs risks is critical for the development of an effective risk assessment and sound risk management controls – this approach will also enable regulators to supervise the FI in an effective and subjective manner, noting that different FIs have different risk profiles.
In the guidance, FIs are encouraged to manage risk associated to customers by implementing controls which can be effectively monitored and contain the risk of a specific relationship, rather than refusing to provide to services to high risk customers. This approach will enable firms to meet their legal and regulatory objectives, as well as effectively managing the customer relationship. The guidance notes that federal agencies will be able to evaluate the adequacy of a specific firm’s compliance programme relative the risk of its business if this approach is maintained.
A transparent risk-focused approach and profile will allow regulators to scope and plan an initial review of an FIs AML compliance programme more effectively, resulting in a greater understanding of the adequacy of the firm’s compliance programme. This will result in a less intrusive and more targeted review for the FIs AML controls which will be welcomed by the firm.
A targeted review of an AML programme should allow the examiner to allocate more resource on higher-risk areas and fewer resources to lower risk areas. A risk-focused review of the FIs AML programme should be considered in line with the unique risk profile of the firm. This will allow the extent of the review to be assessed in line with the quality of the risk management processes in order to identify, measure, monitor, and controls risks. Which in turn will allow an accurate assessment on the potential of the firm being used for money laundering, terrorist financing and other illicit activity.