Controls used by banks to prevent and detect money laundering have received a lot of attention from regulators worldwide in 2013.
A report released this year by the UK Financial Conduct Authority found that policies, procedures and controls to combat money laundering were generally weak at 17 banks it studied.
Fitch Ratings warned in April that a number of highly visible enforcement actions of anti-money-laundering (AML) laws by US regulators pointed to growing costs of compliance and increased risks of significant fines.
In February, the European Commission proposed strengthening the EU’s rules to combat money laundering. And Brazil, China and other nations also have stepped up their efforts against money laundering, according to news reports.
“This is a very global issue,” said Vikas Agarwal, a PwC managing director within the advanced risk and compliance analytics practice.
Banks whose anti-money-laundering controls fail are vulnerable to significant fines from regulators that have been known to exceed $1 billion, according to a newly released PwC white paper on optimising and maintaining AML surveillance programmes.
Financial institutions have struggled for a variety of reasons to maintain the stronger AML controls they put into place following the 2001 terrorist attacks on the World Trade Center and the Pentagon, Agarwal said. Factors that have caused a “drift” away from strong controls for financial institutions, according to the PwC report and Agarwal, include:
- New processes (such as online and mobile banking) have changed the way banking is done, and controls have not always kept up with the new platforms.
- Core banking systems are constantly in a state of flux.
- Criminal and terrorist networks have become more sophisticated in their attempts to foil AML controls.
Nonetheless, financial institutions do have the ability to strengthen their controls, according to the report. The PwC report recommends four basic strategies for strong AML deterrence:
1. Know your customer. Collecting information about customers’ identity, citizenship, occupation, source of funds, volume and type of activity, and countries where they do business can help banks learn what kind of risk the customers pose, the report said.
“People are using a lot of techniques to do that, including using social media, using outlets that let them look at negative news, and just things that allow them to look at transactions and be able to see if the transactions match the business they say they are conducting,” Agarwal said.
2. Keep surveillance processes up to date. Banks can look for customers who move money in and out of the bank very quickly; customers who often deposit amounts just below the reporting threshold; single beneficiaries receiving money from many originators; customers depositing large sums to be sent to high-risk countries by wire transfer; and other red flags, the report said.
Scanning also can be done to compare names of customers to those of known terrorists or high-risk persons. And data analytics software is allowing more frequent monitoring.
“As you get more sophisticated in looking at your data, you’re able to profile and segment your customers,” Agarwal said. “You’re able to separate normal versus abnormal behaviour, and really using cutting-edge techniques and visualisation tools can help you do that.”
3. Investigate and report. A system for following up on red flags and reporting to authorities is needed, the report said. Investigators must be properly trained, and data must be brought together from different parts of the firm and analysed.
4. Update policies. The foundation for AML deterrence is policies that demand appropriate risk assessment, training mechanisms, and audits of controls across the enterprise, the report said.
“It’s the organisation creating a culture by which it’s not just the compliance department that is [fighting] money laundering, but the entire organisation,” Agarwal said.
Implementing these controls can be difficult. A shortage in talented individuals who are trained to work with this type of compliance can be a problem for organisations. But the level of scrutiny by regulators demands attention to this issue, he said.
“Given the seriousness of the matter, it’s almost a zero-tolerance policy right now,” Agarwal said. “And that’s why it’s so important that banks get it right, because there is a very small margin for error.”
—Ken Tysiac (firstname.lastname@example.org) is a CGMA Magazine senior editor.