Anti-Money Laundering compliance programs fail. They fail at the world’s largest institutions as well as at mid-size and small institutions. AML programs have failed every year since 2001 when the USA PATRIOT Act passed and they will fail this year and every year hereafter.
Why do AML programs fail? The simple answer would be because the AML officer did not do his or her job.
But what is it exactly these AML officers and the institutions they work for do not do? What are the specific reasons AML compliance programs fail?
What goes wrong?
Why does it go wrong?
How does it go wrong?
Who is responsible for it going wrong?
Where do the failures take place?
The financial services industry has entered its second decade of trying to comply with requirements born out of the 9/11 terror attacks. Yet there is little information readily available that explains the specific reasons behind AML compliance program failures, and based on these specific reasons, what AML officers, senior management, and boards of directors must do to avoid repeating the mistakes made by other institutions.
This lack of actionable information hampers efforts to improve AML compliance. If the financial services industry does not fully understand why past AML compliance problems arose, it impedes the ability to solve similar problems when they inevitably arise again.
Over the past ten years we at The Dominion Advisory Group have helped dozens of large and mid-size financial institutions from all over the country respond to AML regulatory actions and Department of Justice investigations. We see institutions struggle to design and implement programs and hire the people needed to comply with increasing AML regulatory requirements.
THE KEY QUESTION
As we have worked with these different institutions we see the same issues again and again. On many days we say 2013 looks a lot like 2003. This led us to ask:
“Are there specific and identifiable elements of an AML program whose weaknesses, if uncorrected, are certain to lead to compliance failure?”
To answer this question we researched every significant AML enforcement action, Department of Justice Deferred Prosecution Agreement, and Congressional report and hearing on the topic of money laundering; we spoke to regulators, law enforcement officials, AML officers, attorneys in the field of AML compliance, and we considered our substantial first hand experience working with institutions responding to regulatory orders and DOJ investigations.
- The research found that it is possible to pinpoint the specific issues that occurred in each AML program failure.
- These issues can be identified before the weaknesses become severe, but it is rare they are.
- There are seven recurring issues that lead to AML compliance program failures.
- These seven issues go unnoticed by AML management, internal audit and the regulators for several exams cycles, but when they are discovered the weaknesses are so severe that regulators act quickly and dramatically.
- Compliance management, senior executives and boards of directors do not understand these issues, their impact on operations and reputation or the expense to correct them.
- The seven issues found in each significant AML program failure are:
1. Transaction monitoring systems produce too many low value alerts
2. Not enough analyst and investigator (FIU) staff to handle workload
3. The FIU staff and management are not properly trained
4. Suspicious activity goes undetected
5. An absence of meaningful management information reports
6. Inability to identify and manage high-risk customers
7. Lack of precision in project planning and budgeting, and thus commitments made to regulators are not reliable and further harm regulator’s perception of management
This edition of Insights & Action is the first in a series of articles. Subsequent articles will address each of the seven reasons AML compliance programs fail. Our purpose is to provide our readers with a clear understanding of what it is specifically that leads to AML failures and more importantly, what are steps all those in the AML field, including AML officers, bank executives, regulators and boards of directors can take to ensure the same seven mistakes are not repeated.